#! /bin/sh # $OpenLDAP: pkg/ldap/tests/scripts/test014-whoami,v 1.17.2.7 2007/01/02 21:44:13 kurt Exp $ ## This work is part of OpenLDAP Software . ## ## Copyright 1998-2007 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## . echo "running defines.sh" . $SRCDIR/scripts/defines.sh mkdir -p $TESTDIR $DBDIR1 echo "Running slapadd to build slapd database..." . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $ADDCONF $SLAPADD -f $ADDCONF -l $LDIFWHOAMI RC=$? if test $RC != 0 ; then echo "slapadd failed ($RC)!" exit $RC fi echo "Starting slapd on TCP/IP port $PORT..." . $CONFFILTER $BACKEND $MONITORDB < $WHOAMICONF > $CONF1 $SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID read foo fi KILLPIDS="$PID" sleep 1 echo "Using ldapsearch to check that slapd is running..." for i in 0 1 2 3 4 5; do $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 'objectclass=*' > /dev/null 2>&1 RC=$? if test $RC = 0 ; then break fi echo "Waiting 5 seconds for slapd to start..." sleep 5 done echo "Testing ldapwhoami as anonymous..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing ldapwhoami as ${MANAGERDN}..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ -e \!authzid="" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ -e \!authzid="dn:$BABSDN" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$MANAGERDN" -w $PASSWD \ -e \!authzid="u:uham" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi # authzFrom: someone else => bjorn echo "Testing authzFrom..." BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjensen AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com" BINDPW=melliot AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com" BINDPW=jen AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=jjones AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=noone AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com" BINDPW=dots AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" BINDPW=jaj AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com" BINDPW=ITD AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Should Fail,dc=example,dc=com" BINDPW=fail AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? case $RC in 1) ;; 0) echo "ldapwhoami should have failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac BINDDN="cn=Must Fail,dc=example,dc=com" BINDPW=fail AUTHZID="u:bjorn" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? case $RC in 1) ;; 0) echo "ldapwhoami should have failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac # authzTo: bjorn => someone else echo "Testing authzTo..." BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:bjensen" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:melliot" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:jdoe" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:jjones" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:noone" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:dots" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:jaj" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:group/itd staff" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="u:fail" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? case $RC in 1) ;; 0) echo "ldapwhoami should have failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="dn:cn=Should Fail,dc=example,dc=com" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? case $RC in 1) ;; 0) echo "ldapwhoami should have failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit -1 ;; *) echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC ;; esac BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" BINDPW=bjorn AUTHZID="dn:" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 1 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi BINDDN="dc=example,dc=com" BINDPW=example AUTHZID="dn:" echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..." $LDAPWHOAMI -h $LOCALHOST -p $PORT1 -D "$BINDDN" -w $BINDPW \ -e \!authzid="$AUTHZID" RC=$? if test $RC != 0 ; then echo "ldapwhoami failed ($RC)!" test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded" exit 0 ## Note to developers: when SLAPD_DEBUG=-1 the command ## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log ## must return the sequence 1 2 3 4 5 6 7 8 9 9 1 2 3 4 5 6 7 8 9 9 9 1 ## to indicate that the authzFrom and authzTo rules applied in the right order.