X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fscripts%2Ftest028-idassert;h=716a3442ab4129653f8ce84774766f8d1c858dcd;hb=df20af5c87f8a5294d6e70dd7d984fb8e17ec040;hp=79815d60306e5bcbe23125d50b16986a65505053;hpb=140d1f6e9bac03448971b624b78d05f6f67ad93d;p=openldap

diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
index 79815d6030..716a3442ab 100755
--- a/tests/scripts/test028-idassert
+++ b/tests/scripts/test028-idassert
@@ -2,7 +2,7 @@
 # $OpenLDAP$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -16,17 +16,32 @@
 echo "running defines.sh"
 . $SRCDIR/scripts/defines.sh
 
+echo "### This test requires the ldap backend."
+echo "### If available, and explicitly requested, it can use SASL bind;"
+echo "### note that SASL must be properly set up, and the requested"
+echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
+echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+
 if test $BACKLDAP = "ldapno" ; then 
 	echo "LDAP backend not available, test skipped"
 	exit 0
 fi 
 
+if test $RWM = rwmno ; then 
+	echo "Rewrite/remap overlay not available, test skipped"
+	exit 0
+fi 
+
 if test $WITH_SASL = "yes" ; then
-	if test $USE_SASL = "yes" ; then
-		echo "Using SASL authc/authz..."
+	if test $USE_SASL != "no" ; then
+		if test $USE_SASL = "yes" ; then
+			MECH="DIGEST-MD5"
+		else
+			MECH="$USE_SASL"
+		fi
+		echo "Using SASL authc[/authz] with mech=$MECH; unset SLAPD_USE_SASL to disable"
 	else
-		echo "Using proxyAuthz with simple authc"
-		echo "set SLAPD_USE_SASL=yes to enable SASL authc/authz..."
+		echo "Using proxyAuthz with simple authc..."
 	fi
 else
 	echo "SASL not available; using proxyAuthz with simple authc..."
@@ -59,6 +74,8 @@ if test $WAIT != 0 ; then
 fi
 KILLPIDS="$PID"
 
+sleep 1
+
 echo "Using ldapsearch to check that slapd is running..."
 for i in 0 1 2 3 4 5; do
 	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
@@ -91,7 +108,7 @@ if test $RC != 0 ; then
 fi
 
 AUTHZID="u:bjorn"
-echo "Testing ldapwhoami as proxy US, $AUTHZID..."
+echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
 RC=$?
 if test $RC != 1 ; then
@@ -101,7 +118,7 @@ if test $RC != 1 ; then
 fi
 
 AUTHZID="u:bjensen"
-echo "Testing ldapwhoami as proxy US, $AUTHZID..."
+echo "Testing ldapwhoami as proxy US, $AUTHZID... (should fail)"
 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy US,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
 RC=$?
 if test $RC != 1 ; then
@@ -120,7 +137,7 @@ if test $RC != 0 ; then
 fi
 
 AUTHZID="u:it/jaj"
-echo "Testing ldapwhoami as proxy IT, $AUTHZID..."
+echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
 RC=$?
 if test $RC != 1 ; then
@@ -130,7 +147,7 @@ if test $RC != 1 ; then
 fi
 
 AUTHZID="u:bjorn"
-echo "Testing ldapwhoami as proxy IT, $AUTHZID..."
+echo "Testing ldapwhoami as proxy IT, $AUTHZID... (should fail)"
 $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "cn=proxy IT,ou=Admin,dc=example,dc=com" -w proxy -e\!"authzid=$AUTHZID"
 RC=$?
 if test $RC != 1 ; then
@@ -169,6 +186,60 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
+ID="uid=jaj,ou=People,dc=example,dc=it"
+BASE="o=Example,c=US"
+echo "Testing ldapsearch as $ID for \"$BASE\"..."
+$LDAPSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+	-D "$ID" -w jaj > $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Filtering ldapsearch results..."
+. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering original ldif used to create database..."
+. $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+	
+if test $? != 0 ; then
+	echo "comparison failed - search with identity assertion didn't succeed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+if test $USE_SASL != "no" ; then
+	ID="it/jaj"
+	BASE="o=Example,c=US"
+	echo "Testing ldapsearch as $ID for \"$BASE\" with SASL bind and identity assertion..."
+	$LDAPSASLSEARCH -h $LOCALHOST -p $PORT1 -b "$BASE" \
+		-Q -U "$ID" -w jaj -Y $MECH > $SEARCHOUT 2>&1
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapsearch failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+
+	echo "Filtering ldapsearch results..."
+	. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+	echo "Filtering original ldif used to create database..."
+	. $LDIFFILTER < $IDASSERTOUT > $LDIFFLT
+	echo "Comparing filter output..."
+	$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+	
+	if test $? != 0 ; then
+		echo "comparison failed - search with SASL bind and identity assertion didn't succeed"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+	fi
+fi
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo ">>>>> Test succeeded"