From 4bd0b59fb6b99f8c8cbab618e59a233225f8d12e Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Fri, 14 May 2004 15:11:58 +0000 Subject: [PATCH] check for empty DN in proxyAuthz control --- tests/data/test-whoami.ldif | 3 +++ tests/scripts/test014-whoami | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/tests/data/test-whoami.ldif b/tests/data/test-whoami.ldif index a5db51ed11..38d8dc06fe 100644 --- a/tests/data/test-whoami.ldif +++ b/tests/data/test-whoami.ldif @@ -5,6 +5,7 @@ objectclass: top objectclass: organization objectclass: domainRelatedObject objectclass: dcobject +objectClass: simpleSecurityObject dc: example l: Anytown, Michigan st: Michigan @@ -15,6 +16,8 @@ description: The Example, Inc. at Anytown postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US telephonenumber: +1 313 764-1817 associateddomain: example.com +userpassword:: ZXhhbXBsZQ== +authzTo: dn: dn: ou=People,dc=example,dc=com objectclass: organizationalUnit diff --git a/tests/scripts/test014-whoami b/tests/scripts/test014-whoami index ae9fd28191..fec4bf9ae4 100755 --- a/tests/scripts/test014-whoami +++ b/tests/scripts/test014-whoami @@ -102,7 +102,7 @@ if test $RC != 0 ; then exit $RC fi -# authzFrom: someone else => njorn +# authzFrom: someone else => bjorn echo "Testing authzFrom..." BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" @@ -388,12 +388,40 @@ if test $RC != 1 ; then exit $RC fi +BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" +BINDPW=bjorn +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 1 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +BINDDN="dc=example,dc=com" +BINDPW=example +AUTHZID="dn:" +echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact; should succeed)..." +$LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ + -e \!authzid="$AUTHZID" + +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" exit 0 -## Note to developers: the command +## Note to developers: when SLAPD_DEBUG=-1 the command ## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' testrun/slapd.1.log -## must return consecutive numbers from 1 to 9 twice to indicate -## that the authzFrom and authzTo rules applied in the right order. +## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1 +## to indicate that the authzFrom and authzTo rules applied in the right order. -- 2.39.5