From e8298cd3a5538625fcb1c1c03a055fc28232c97a Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 14 Jun 2006 18:31:35 +0000 Subject: [PATCH] further checks for ITS#4587 --- tests/data/acl.out.master | 1 + tests/scripts/test006-acls | 91 +++++++++++++++++++++++++++++++++++++- 2 files changed, 91 insertions(+), 1 deletion(-) diff --git a/tests/data/acl.out.master b/tests/data/acl.out.master index 74c7c937c8..8fd99a621f 100644 --- a/tests/data/acl.out.master +++ b/tests/data/acl.out.master @@ -75,6 +75,7 @@ member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl e,dc=com +member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com owner: cn=Manager,dc=example,dc=com cn: All Staff description: Everyone in the sample data diff --git a/tests/scripts/test006-acls b/tests/scripts/test006-acls index 9add9f277e..d47ec02572 100755 --- a/tests/scripts/test006-acls +++ b/tests/scripts/test006-acls @@ -103,9 +103,13 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \ -D "$BJORNSDN" -w bjorn \ -b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1 -# check selfwrite access (ITS#4587). Two attempts are made: +# check selfwrite access (ITS#4587). 6 attempts are made: # 1) delete someone else (should fail) # 2) delete self (should succeed) +# 3) add someone else (should fail) +# 4) add someone else and self (should fail) +# 5) add self and someone else (should fail) +# 6) add self (should succeed) # $LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ $TESTOUT 2>&1 << EOMODS @@ -144,6 +148,91 @@ if test $RC != 0 ; then exit $RC fi +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: cn=Foo,ou=Bar +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: cn=Foo,ou=Bar +member: $JAJDN +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: $JAJDN +member: cn=Foo,ou=Bar +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=All Staff,ou=Groups,dc=example,dc=com +changetype: modify +add: member +member: $JAJDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + # # Check group access. Try to modify Babs' entry. Two attempts: # 1) bound as "James A Jones 1" - should fail -- 2.39.5