From 28871cb07f5ef00fdbe1e7ea5a39a0b348328ed7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Tue, 16 Jan 2018 15:30:01 +0000 Subject: [PATCH] ITS#8798 Add SASL support to slapd-* tester tools --- tests/progs/slapd-bind.c | 40 ++++++++++++- tests/progs/slapd-common.c | 113 ++++++++++++++++++++++++++++++++++++- tests/progs/slapd-common.h | 16 +++++- 3 files changed, 161 insertions(+), 8 deletions(-) diff --git a/tests/progs/slapd-bind.c b/tests/progs/slapd-bind.c index 541a473644..1b94e2fcaf 100644 --- a/tests/progs/slapd-bind.c +++ b/tests/progs/slapd-bind.c @@ -34,6 +34,7 @@ #include "ldap.h" #include "lutil.h" +#include "lutil_ldap.h" #include "lber_pvt.h" #include "ldap_pvt.h" @@ -201,6 +202,7 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop, int force, int noinit, LDAP **ldp, int action_type, void *action ) { LDAP *ld = ldp ? *ldp : NULL; + char *bindfunc = "ldap_sasl_bind_s"; int i, rc = -1; /* for internal search */ @@ -257,9 +259,41 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop, for ( i = 0; i < maxloop; i++ ) { if ( !noinit || ld == NULL ) { tester_init_ld( &ld, config, TESTER_INIT_ONLY ); + +#ifdef HAVE_CYRUS_SASL + if ( config->secprops != NULL ) { + rc = ldap_set_option( ld, + LDAP_OPT_X_SASL_SECPROPS, config->secprops ); + + if( rc != LDAP_OPT_SUCCESS ) { + tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL ); + exit( EXIT_FAILURE ); + } + } +#endif + } + + if ( config->authmethod == LDAP_AUTH_SASL ) { +#ifdef HAVE_CYRUS_SASL + bindfunc = "ldap_sasl_interactive_bind_s"; + rc = ldap_sasl_interactive_bind_s( ld, + config->binddn, + config->mech, + NULL, NULL, + LDAP_SASL_QUIET, + lutil_sasl_interact, + config->defaults ); +#else /* HAVE_CYRUS_SASL */ + /* caller shouldn't have allowed this */ + assert(0); +#endif + } else if ( config->authmethod == LDAP_AUTH_SIMPLE ) { + bindfunc = "ldap_sasl_bind_s"; + rc = ldap_sasl_bind_s( ld, + config->binddn, LDAP_SASL_SIMPLE, + &config->pass, NULL, NULL, NULL ); } - rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &config->pass, NULL, NULL, NULL ); if ( rc ) { int first = tester_ignore_err( rc ); @@ -267,12 +301,12 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop, if ( first ) { /* only log if first occurrence */ if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) { - tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); + tester_ldap_error( ld, bindfunc, NULL ); } rc = LDAP_SUCCESS; } else { - tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); + tester_ldap_error( ld, bindfunc, NULL ); } } diff --git a/tests/progs/slapd-common.c b/tests/progs/slapd-common.c index 81ce7e53c2..bb3eea1c47 100644 --- a/tests/progs/slapd-common.c +++ b/tests/progs/slapd-common.c @@ -29,6 +29,7 @@ #include "ldap.h" #include "lutil.h" +#include "lutil_ldap.h" #include "ldap_pvt.h" #include "slapd-common.h" @@ -355,6 +356,63 @@ tester_config_opt( struct tester_conn_args *config, char opt, char *optarg ) } break; +#ifdef HAVE_CYRUS_SASL + case 'O': + if ( config->secprops != NULL ) { + return -1; + } + if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) { + return -1; + } + config->authmethod = LDAP_AUTH_SASL; + config->secprops = ber_strdup( optarg ); + break; + + case 'R': + if ( config->realm != NULL ) { + return -1; + } + if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) { + return -1; + } + config->authmethod = LDAP_AUTH_SASL; + config->realm = ber_strdup( optarg ); + break; + + case 'U': + if ( config->authc_id != NULL ) { + return -1; + } + if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) { + return -1; + } + config->authmethod = LDAP_AUTH_SASL; + config->authc_id = ber_strdup( optarg ); + break; + + case 'X': + if ( config->authz_id != NULL ) { + return -1; + } + if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) { + return -1; + } + config->authmethod = LDAP_AUTH_SASL; + config->authz_id = ber_strdup( optarg ); + break; + + case 'Y': + if ( config->mech != NULL ) { + return -1; + } + if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) { + return -1; + } + config->authmethod = LDAP_AUTH_SASL; + config->mech = ber_strdup( optarg ); + break; +#endif + case 'p': if ( lutil_atoi( &config->port, optarg ) != 0 ) { return -1; @@ -405,8 +463,32 @@ tester_config_finish( struct tester_conn_args *config ) } if ( config->authmethod == -1 ) { +#ifdef HAVE_CYRUS_SASL + if ( config->binddn != NULL ) { + config->authmethod = LDAP_AUTH_SIMPLE; + } else { + config->authmethod = LDAP_AUTH_SASL; + } +#else config->authmethod = LDAP_AUTH_SIMPLE; +#endif + } + +#ifdef HAVE_CYRUS_SASL + if ( config->authmethod == LDAP_AUTH_SASL ) { + config->defaults = lutil_sasl_defaults( NULL, + config->mech, + config->realm, + config->authc_id, + config->pass.bv_val, + config->authz_id ); + + if ( config->defaults == NULL ) { + tester_error( "unable to prepare SASL defaults" ); + exit( EXIT_FAILURE ); + } } +#endif } void @@ -428,9 +510,34 @@ retry:; config->chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF ); if ( !( flags & TESTER_INIT_ONLY ) ) { - rc = ldap_sasl_bind_s( ld, - config->binddn, LDAP_SASL_SIMPLE, - &config->pass, NULL, NULL, NULL ); + if ( config->authmethod == LDAP_AUTH_SASL ) { +#ifdef HAVE_CYRUS_SASL + if ( config->secprops != NULL ) { + rc = ldap_set_option( ld, + LDAP_OPT_X_SASL_SECPROPS, config->secprops ); + + if ( rc != LDAP_OPT_SUCCESS ) { + tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL ); + exit( EXIT_FAILURE ); + } + } + + rc = ldap_sasl_interactive_bind_s( ld, + config->binddn, + config->mech, + NULL, NULL, + LDAP_SASL_QUIET, + lutil_sasl_interact, + config->defaults ); +#else /* HAVE_CYRUS_SASL */ + /* caller shouldn't have allowed this */ + assert(0); +#endif + } else if ( config->authmethod == LDAP_AUTH_SIMPLE ) { + rc = ldap_sasl_bind_s( ld, + config->binddn, LDAP_SASL_SIMPLE, + &config->pass, NULL, NULL, NULL ); + } if ( rc != LDAP_SUCCESS ) { tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); diff --git a/tests/progs/slapd-common.h b/tests/progs/slapd-common.h index fd440eaa7a..5ffcaa11a9 100644 --- a/tests/progs/slapd-common.h +++ b/tests/progs/slapd-common.h @@ -54,10 +54,19 @@ struct tester_conn_args { char *binddn; struct berval pass; + +#ifdef HAVE_CYRUS_SASL + char *mech; + char *realm; + char *authz_id; + char *authc_id; + char *secprops; + void *defaults; +#endif }; #define TESTER_INIT_ONLY (1 << 0) -#define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:p:r:t:w:x" +#define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:O:p:R:U:X:Y:r:t:w:x" #define TESTER_COMMON_HELP \ "[-C] " \ "[-D [-w ]] " \ @@ -68,7 +77,10 @@ struct tester_conn_args { "[-L ] " \ "[-r ] " \ "[-t ] " \ - "[-x] " + "[-O ] " \ + "[-R ] " \ + "[-U [-X ]] " \ + "[-x | -Y ] " extern int tester_config_opt( struct tester_conn_args *config, char opt, char *optarg ); extern void tester_config_finish( struct tester_conn_args *config ); -- 2.39.5