diff options
Diffstat (limited to 'debian/tests')
| -rwxr-xr-x | debian/tests/check_upgradepath | 173 | ||||
| -rw-r--r-- | debian/tests/control | 15 | ||||
| -rwxr-xr-x | debian/tests/create_account | 24 | ||||
| -rwxr-xr-x | debian/tests/find_unused_functions | 30 | ||||
| -rwxr-xr-x | debian/tests/hammer_slapd | 98 | ||||
| -rwxr-xr-x | debian/tests/sha2-contrib | 16 | ||||
| -rwxr-xr-x | debian/tests/slapd | 15 | ||||
| -rwxr-xr-x | debian/tests/slapd-tls | 32 | ||||
| -rwxr-xr-x | debian/tests/smbk5pwd | 26 |
9 files changed, 429 insertions, 0 deletions
diff --git a/debian/tests/check_upgradepath b/debian/tests/check_upgradepath new file mode 100755 index 0000000..d1f2578 --- /dev/null +++ b/debian/tests/check_upgradepath @@ -0,0 +1,173 @@ +#! /bin/sh + +set -e + +# WARNING: This script is obsolete and will require a fair bit of work to get +# working again. It assumes woody, uses debconf questions that don't exist +# any more, and probably doesn't check everything that you would want to +# check. Preserved just because I haven't done the work to see if puiparts +# can now do the same thing in a cleaner way. + +# Setup +: ${chroot_dir:=../chroot} +: ${debmirror:=http://ftp.de.debian.org/debian} +: ${proxy:=http://proxy.galaxy:3128/} +unset LC_ALL +unset LC_CTYPE +unset LC_MESSAGES +# XXX: comment out when testing new versions. Needed so libc6 does not +# ask for restarting services. +export DEBIAN_FRONTEND=noninteractive + +woodytar=$chroot_dir/woody_base.tar.gz + +# List our packages +list_packages() { + local p ver + ver=`dpkg-parsechangelog|sed -ne 's/^Version: //p'` + for p in `dh_listpackages`; do + (cd .. && echo ${p}_$ver*deb) + done +} + +# Run a command inside the chroot + +in_target() { + chroot $chroot_dir/woody "$@" +} + +# Set a debconf variable inside the chroot + +debconf_set() { + local name=$1 + shift + cat >>$chroot_dir/woody/var/cache/debconf/config.dat <<EOF +Name: $name +Template: $name +Flags: seen +Value: $@ + +EOF +} + +# Setup a woody chroot + +setup_chroot() { + # Kill an existing chroot + rm -Rf $chroot_dir/woody + + # If there is a tar archive with a base system we use it + if [ -e $woodytar ]; then + mkdir $chroot_dir/woody + echo -n "Unpacking system from $woodytar" + tar -C $chroot_dir/woody -xzf $woodytar + echo "done." + # Otherwise we need to create a new base system and save it + # to a tar for the next time + else + debootstrap woody $chroot_dir/woody $debmirror | \ + shtool prop -p "Creating base system from $debmirror" + tar -C $chroot_dir/woody -czvf $woodytar . | \ + shtool prop -p "Saving system to $woodytar" + fi + + # Install a suitable apt configuration + echo "deb $debmirror woody main" \ + > $chroot_dir/woody/etc/apt/sources.list + echo "Acquire::HTTP::Proxy \"$proxy\";" \ + > $chroot_dir/woody/etc/apt/apt.conf + in_target apt-get update + in_target mount -t proc none /proc + + # We don't want any debconf interaction + #debconf_set debconf/frontend Noninteractive +} + +# These are our example configurations for testing the upgrade + +conf_domain_or_host() { + debconf_set slapd/fill_method auto + debconf_set slapd/suffix_type "domain or host" + debconf_set slapd/domain "some.example.net" + debconf_set slapd/replicate false + debconf_set shared/organization Some Organization +} + + +check_domain_or_host() { + sleep 2 # wait for slapd to startup + in_target ldapsearch -h localhost -b dc=some,dc=example,dc=net -x \ + objectclass=\* +} + +conf_location() { + debconf_set slapd/fill_method auto + debconf_set slapd/suffix_type "location" + debconf_set shared/locale/countrycode de + debconf_set shared/organization "Sample Organization" + debconf_set slapd/replicate false + debconf_set shared/organization Some Organization +} + +check_location() { + sleep 2 # wait for slapd to startup + in_target ldapsearch -h localhost -b "o=Some Organization, c=de" \ + -x objectclass=\* +} +# Install slapd inside the chroot + +install_slapd() { + in_target apt-get -y install slapd ldap-utils +} + +# Do an upgrade of our packages inside the chroot + +upgrade() { + # Link our packages into the chroot + for p in `list_packages`; do + ln ../$p $chroot_dir/woody/root/ + done + + # Create a packages file + (cd $chroot_dir/woody/root && dpkg-scanpackages . /dev/null >Packages) + + # Switch to unstable + echo "deb $debmirror unstable main" \ + > $chroot_dir/woody/etc/apt/sources.list + echo "deb file:/root ./" >> $chroot_dir/woody/etc/apt/sources.list + + # Update package lists + in_target apt-get update + + # Tell our scripts to fix the config + debconf_set slapd/fix_directory true + debconf_set slapd/password1 foobar + debconf_set slapd/allow_ldap_v2 + + # Do an upgrade of our packages + in_target apt-get install -y `dh_listpackages` +} + +# Checks if upgrading a woody system with slapd configured with the +# command given works. + +check_upgrade() { + setup_chroot + conf_$1 + debconf_set slapd/password1 foobar + debconf_set slapd/password2 foobar + install_slapd + check_$1 + upgrade + check_$1 + in_target /etc/init.d/slapd stop + in_target umount /proc +} + +# Try upgrading our example setups + +for i in location domain_or_host; do + check_upgrade $i +done + +echo "SUCCESS testing upgrading from woody" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..5359d16 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,15 @@ +Tests: slapd +Depends: ldap-utils +Restrictions: allow-stderr, isolation-container, needs-root, superficial + +Tests: slapd-tls +Depends: ldap-utils, ssl-cert +Restrictions: allow-stderr, isolation-container, needs-root, superficial + +Tests: smbk5pwd +Depends: ldap-utils, slapd, slapd-contrib, heimdal-kdc, samba, schema2ldif +Restrictions: allow-stderr, isolation-container, needs-root, superficial + +Tests: sha2-contrib +Depends: slapd, openssl +Restrictions: superficial diff --git a/debian/tests/create_account b/debian/tests/create_account new file mode 100755 index 0000000..a5051af --- /dev/null +++ b/debian/tests/create_account @@ -0,0 +1,24 @@ +#! /usr/bin/perl -w + +# Shows how to create an entry on the LDAP server + +$host = "localhost"; # LDAP server +$basedn = "dc=galaxy"; # Base DN +$admindn = "cn=admin, $basedn"; # Admin entry +$adminpass = "foo"; # Password + +use Net::LDAP; + +$ldap = Net::LDAP->new("$host", onerror => "die"); +$ldap->bind($admindn, password => $adminpass); + +# Create "ou=People" entry if not there + +$results = $ldap->search(base => "$basedn", + filter => "ou=People", scope => "one"); +unless ($results->count > 0) { + $ldap->add("ou=People, $basedn", attr => [ + ou => "People", + objectClass => [ "top", "organizationalUnit" ] + ]); +} diff --git a/debian/tests/find_unused_functions b/debian/tests/find_unused_functions new file mode 100755 index 0000000..bd31d45 --- /dev/null +++ b/debian/tests/find_unused_functions @@ -0,0 +1,30 @@ +#! /usr/bin/perl -w + +use autouse Data::Dumper, qw{Dumper}; + +# Script to find the unused shell functions in slapd.scripts-common + +our @code; + +# Get all shell code from maintainer scripts + +foreach my $file ((<slapd.*rm>, <slapd.*inst>, <slapd.config>, + <slapd.scripts-common>)) { + open SCRIPT, "<$file" or + die "Can't open $file: $!"; + push @code, <SCRIPT>; + close SCRIPT; +} + +# Find all function declarations + +our @functions = map { /^(\w+)\s*\(\).*$/; } @code; + +# Find unused functions + +foreach $function (@functions) { + @occurences = grep /$function/, @code; + @invocations = grep { !/^$function\s*\(\)/ and !/#.*$function/ } + @occurences; + print "$function\n" if @invocations == 0; +} diff --git a/debian/tests/hammer_slapd b/debian/tests/hammer_slapd new file mode 100755 index 0000000..9ad7f99 --- /dev/null +++ b/debian/tests/hammer_slapd @@ -0,0 +1,98 @@ +#! /usr/bin/perl -w + +use Net::LDAP; +use Data::Dumper; + +$host = "localhost"; # LDAP server +$basedn = "dc=galaxy"; # Base DN +$admindn = "cn=admin, $basedn"; # Admin entry +$adminpass = "foo"; # Password +$group = $ARGV[0] || "People"; + +$ldap = Net::LDAP->new("$host", onerror => "die"); +$ldap->bind($admindn, password => $adminpass); + +sub create_group { + $results = $ldap->search(base => "$basedn", + filter => "ou=$group", scope => "one"); + unless ($results->count > 0) { + $ldap->add("ou=$group, $basedn", attr => [ + ou => "$group", + objectClass => [ "top", "organizationalUnit" ] + ]); + } +} + +sub invent_name { + our @words; + unless (@words) { + open WORDS, "/usr/share/dict/british-english-large"; + @words = grep /^[A-Z]\w{0,11}$/, <WORDS>; + map { chomp } @words; + close WORDS; + } + + my $index = int(rand(@words)); + $index = int(rand(@words)) while not defined $words[$index]; + my $word = $words[$index]; + delete $words[$index]; + return $word; +} + +sub invent_names { + our @names; + + foreach (1..1000) { + push @names, { cn => invent_name, sn => invent_name }; + } +} + +sub create_entries { + foreach my $name (@names) { + create_account(%$name); + } +} + +sub create_account { + our $uid; + $uid = 1000 if not defined $uid; + + my %id = @_; + my $login = $id{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->add("uid=$login, ou=$group, $basedn", attr => [ + %id, + objectClass => [ "top", "person", "posixAccount" ], + uid => $login, + uidNumber => $uid++, + gidNumber => 1000, + homeDirectory => "/home/$login" ]); +} + +sub delete_entries { + foreach my $name (@names) { + delete_account(%$name); + } +} + +sub delete_account { + my %id = @_; + my $login = $id{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->delete("uid=$login, ou=$group, $basedn"); +} + +sub search_entries { + foreach (1..10000) { + my $num = int(rand(@names)); + $login = $names[$num]->{cn}; + $login =~ tr/A-Z/a-z/; + $ldap->search(base => "$basedn", filter => "uid=$login"); + } +} + +create_group; +invent_names; +create_entries; +search_entries; +delete_entries; diff --git a/debian/tests/sha2-contrib b/debian/tests/sha2-contrib new file mode 100755 index 0000000..32f7637 --- /dev/null +++ b/debian/tests/sha2-contrib @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)" +test_hash=$(/usr/sbin/slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2) + +echo "Reference hash of \"secret\" (openssl): ${reference_hash}" +echo "slapd's pw-sha2 hash: ${test_hash}" + +if [ "${reference_hash}" != "${test_hash}" ]; then + echo "ERROR: hashes differ" + exit 1 +else + echo "PASS: hashes are identical" +fi diff --git a/debian/tests/slapd b/debian/tests/slapd new file mode 100755 index 0000000..d79e225 --- /dev/null +++ b/debian/tests/slapd @@ -0,0 +1,15 @@ +#!/bin/sh +set -eux + +export DEBIAN_FRONTEND=noninteractive + +debconf-set-selections << eof +slapd slapd/password1 password secret +slapd slapd/password2 password secret +slapd slapd/domain string example.com +slapd slapd/organization string example.com +eof + +apt-get -y install slapd + +test "$(ldapwhoami -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com' diff --git a/debian/tests/slapd-tls b/debian/tests/slapd-tls new file mode 100755 index 0000000..a5e387e --- /dev/null +++ b/debian/tests/slapd-tls @@ -0,0 +1,32 @@ +#!/bin/sh +set -eux + +SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem +SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key +SSL_PRIVATE_DIR=/etc/ssl/private + +export DEBIAN_FRONTEND=noninteractive + +debconf-set-selections << eof +slapd slapd/password1 password secret +slapd slapd/password2 password secret +slapd slapd/domain string example.com +slapd slapd/organization string example.com +eof + +apt-get -y install slapd + +chgrp openldap "$SSL_PRIVATE_DIR" "$SSL_KEY" +chmod g+r "$SSL_KEY" + +ldapmodify -H ldapi:// -Y EXTERNAL << EOF +dn: cn=config +add: olcTLSCertificateFile +olcTLSCertificateFile: $SSL_CERT +- +add: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: $SSL_KEY + +EOF + +test "$(ldapwhoami -ZZ -o tls_cacert="$SSL_CERT" -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com' diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd new file mode 100755 index 0000000..aeb5f81 --- /dev/null +++ b/debian/tests/smbk5pwd @@ -0,0 +1,26 @@ +#!/bin/sh +set -e + +# Import the Samba and Heimdal schemas +ldapadd -H ldapi:// -Y EXTERNAL -f /usr/share/doc/samba/examples/LDAP/samba.ldif +schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL + +# Grant slapd access to the Heimdal master key +chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key +chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key + +# Instantiate the smbk5pwd overlay +ldapmodify -H ldapi:// -Y EXTERNAL << eof +dn: cn=module{0},cn=config +changetype: modify +add: olcModuleLoad +olcModuleLoad: smbk5pwd + +dn: olcOverlay=smbk5pwd,olcDatabase={1}mdb,cn=config +changetype: add +objectClass: olcSmbK5PwdConfig +olcSmbK5PwdEnable: krb5 +olcSmbK5PwdEnable: samba +olcSmbK5PwdEnable: shadow + +eof |