summaryrefslogtreecommitdiffstats
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests')
-rwxr-xr-xdebian/tests/check_upgradepath173
-rw-r--r--debian/tests/control15
-rwxr-xr-xdebian/tests/create_account24
-rwxr-xr-xdebian/tests/find_unused_functions30
-rwxr-xr-xdebian/tests/hammer_slapd98
-rwxr-xr-xdebian/tests/sha2-contrib16
-rwxr-xr-xdebian/tests/slapd15
-rwxr-xr-xdebian/tests/slapd-tls32
-rwxr-xr-xdebian/tests/smbk5pwd26
9 files changed, 429 insertions, 0 deletions
diff --git a/debian/tests/check_upgradepath b/debian/tests/check_upgradepath
new file mode 100755
index 0000000..d1f2578
--- /dev/null
+++ b/debian/tests/check_upgradepath
@@ -0,0 +1,173 @@
+#! /bin/sh
+
+set -e
+
+# WARNING: This script is obsolete and will require a fair bit of work to get
+# working again. It assumes woody, uses debconf questions that don't exist
+# any more, and probably doesn't check everything that you would want to
+# check. Preserved just because I haven't done the work to see if puiparts
+# can now do the same thing in a cleaner way.
+
+# Setup
+: ${chroot_dir:=../chroot}
+: ${debmirror:=http://ftp.de.debian.org/debian}
+: ${proxy:=http://proxy.galaxy:3128/}
+unset LC_ALL
+unset LC_CTYPE
+unset LC_MESSAGES
+# XXX: comment out when testing new versions. Needed so libc6 does not
+# ask for restarting services.
+export DEBIAN_FRONTEND=noninteractive
+
+woodytar=$chroot_dir/woody_base.tar.gz
+
+# List our packages
+list_packages() {
+ local p ver
+ ver=`dpkg-parsechangelog|sed -ne 's/^Version: //p'`
+ for p in `dh_listpackages`; do
+ (cd .. && echo ${p}_$ver*deb)
+ done
+}
+
+# Run a command inside the chroot
+
+in_target() {
+ chroot $chroot_dir/woody "$@"
+}
+
+# Set a debconf variable inside the chroot
+
+debconf_set() {
+ local name=$1
+ shift
+ cat >>$chroot_dir/woody/var/cache/debconf/config.dat <<EOF
+Name: $name
+Template: $name
+Flags: seen
+Value: $@
+
+EOF
+}
+
+# Setup a woody chroot
+
+setup_chroot() {
+ # Kill an existing chroot
+ rm -Rf $chroot_dir/woody
+
+ # If there is a tar archive with a base system we use it
+ if [ -e $woodytar ]; then
+ mkdir $chroot_dir/woody
+ echo -n "Unpacking system from $woodytar"
+ tar -C $chroot_dir/woody -xzf $woodytar
+ echo "done."
+ # Otherwise we need to create a new base system and save it
+ # to a tar for the next time
+ else
+ debootstrap woody $chroot_dir/woody $debmirror | \
+ shtool prop -p "Creating base system from $debmirror"
+ tar -C $chroot_dir/woody -czvf $woodytar . | \
+ shtool prop -p "Saving system to $woodytar"
+ fi
+
+ # Install a suitable apt configuration
+ echo "deb $debmirror woody main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "Acquire::HTTP::Proxy \"$proxy\";" \
+ > $chroot_dir/woody/etc/apt/apt.conf
+ in_target apt-get update
+ in_target mount -t proc none /proc
+
+ # We don't want any debconf interaction
+ #debconf_set debconf/frontend Noninteractive
+}
+
+# These are our example configurations for testing the upgrade
+
+conf_domain_or_host() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "domain or host"
+ debconf_set slapd/domain "some.example.net"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+
+check_domain_or_host() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b dc=some,dc=example,dc=net -x \
+ objectclass=\*
+}
+
+conf_location() {
+ debconf_set slapd/fill_method auto
+ debconf_set slapd/suffix_type "location"
+ debconf_set shared/locale/countrycode de
+ debconf_set shared/organization "Sample Organization"
+ debconf_set slapd/replicate false
+ debconf_set shared/organization Some Organization
+}
+
+check_location() {
+ sleep 2 # wait for slapd to startup
+ in_target ldapsearch -h localhost -b "o=Some Organization, c=de" \
+ -x objectclass=\*
+}
+# Install slapd inside the chroot
+
+install_slapd() {
+ in_target apt-get -y install slapd ldap-utils
+}
+
+# Do an upgrade of our packages inside the chroot
+
+upgrade() {
+ # Link our packages into the chroot
+ for p in `list_packages`; do
+ ln ../$p $chroot_dir/woody/root/
+ done
+
+ # Create a packages file
+ (cd $chroot_dir/woody/root && dpkg-scanpackages . /dev/null >Packages)
+
+ # Switch to unstable
+ echo "deb $debmirror unstable main" \
+ > $chroot_dir/woody/etc/apt/sources.list
+ echo "deb file:/root ./" >> $chroot_dir/woody/etc/apt/sources.list
+
+ # Update package lists
+ in_target apt-get update
+
+ # Tell our scripts to fix the config
+ debconf_set slapd/fix_directory true
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/allow_ldap_v2
+
+ # Do an upgrade of our packages
+ in_target apt-get install -y `dh_listpackages`
+}
+
+# Checks if upgrading a woody system with slapd configured with the
+# command given works.
+
+check_upgrade() {
+ setup_chroot
+ conf_$1
+ debconf_set slapd/password1 foobar
+ debconf_set slapd/password2 foobar
+ install_slapd
+ check_$1
+ upgrade
+ check_$1
+ in_target /etc/init.d/slapd stop
+ in_target umount /proc
+}
+
+# Try upgrading our example setups
+
+for i in location domain_or_host; do
+ check_upgrade $i
+done
+
+echo "SUCCESS testing upgrading from woody"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..5359d16
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,15 @@
+Tests: slapd
+Depends: ldap-utils
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: slapd-tls
+Depends: ldap-utils, ssl-cert
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: smbk5pwd
+Depends: ldap-utils, slapd, slapd-contrib, heimdal-kdc, samba, schema2ldif
+Restrictions: allow-stderr, isolation-container, needs-root, superficial
+
+Tests: sha2-contrib
+Depends: slapd, openssl
+Restrictions: superficial
diff --git a/debian/tests/create_account b/debian/tests/create_account
new file mode 100755
index 0000000..a5051af
--- /dev/null
+++ b/debian/tests/create_account
@@ -0,0 +1,24 @@
+#! /usr/bin/perl -w
+
+# Shows how to create an entry on the LDAP server
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+
+use Net::LDAP;
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+# Create "ou=People" entry if not there
+
+$results = $ldap->search(base => "$basedn",
+ filter => "ou=People", scope => "one");
+unless ($results->count > 0) {
+ $ldap->add("ou=People, $basedn", attr => [
+ ou => "People",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+}
diff --git a/debian/tests/find_unused_functions b/debian/tests/find_unused_functions
new file mode 100755
index 0000000..bd31d45
--- /dev/null
+++ b/debian/tests/find_unused_functions
@@ -0,0 +1,30 @@
+#! /usr/bin/perl -w
+
+use autouse Data::Dumper, qw{Dumper};
+
+# Script to find the unused shell functions in slapd.scripts-common
+
+our @code;
+
+# Get all shell code from maintainer scripts
+
+foreach my $file ((<slapd.*rm>, <slapd.*inst>, <slapd.config>,
+ <slapd.scripts-common>)) {
+ open SCRIPT, "<$file" or
+ die "Can't open $file: $!";
+ push @code, <SCRIPT>;
+ close SCRIPT;
+}
+
+# Find all function declarations
+
+our @functions = map { /^(\w+)\s*\(\).*$/; } @code;
+
+# Find unused functions
+
+foreach $function (@functions) {
+ @occurences = grep /$function/, @code;
+ @invocations = grep { !/^$function\s*\(\)/ and !/#.*$function/ }
+ @occurences;
+ print "$function\n" if @invocations == 0;
+}
diff --git a/debian/tests/hammer_slapd b/debian/tests/hammer_slapd
new file mode 100755
index 0000000..9ad7f99
--- /dev/null
+++ b/debian/tests/hammer_slapd
@@ -0,0 +1,98 @@
+#! /usr/bin/perl -w
+
+use Net::LDAP;
+use Data::Dumper;
+
+$host = "localhost"; # LDAP server
+$basedn = "dc=galaxy"; # Base DN
+$admindn = "cn=admin, $basedn"; # Admin entry
+$adminpass = "foo"; # Password
+$group = $ARGV[0] || "People";
+
+$ldap = Net::LDAP->new("$host", onerror => "die");
+$ldap->bind($admindn, password => $adminpass);
+
+sub create_group {
+ $results = $ldap->search(base => "$basedn",
+ filter => "ou=$group", scope => "one");
+ unless ($results->count > 0) {
+ $ldap->add("ou=$group, $basedn", attr => [
+ ou => "$group",
+ objectClass => [ "top", "organizationalUnit" ]
+ ]);
+ }
+}
+
+sub invent_name {
+ our @words;
+ unless (@words) {
+ open WORDS, "/usr/share/dict/british-english-large";
+ @words = grep /^[A-Z]\w{0,11}$/, <WORDS>;
+ map { chomp } @words;
+ close WORDS;
+ }
+
+ my $index = int(rand(@words));
+ $index = int(rand(@words)) while not defined $words[$index];
+ my $word = $words[$index];
+ delete $words[$index];
+ return $word;
+}
+
+sub invent_names {
+ our @names;
+
+ foreach (1..1000) {
+ push @names, { cn => invent_name, sn => invent_name };
+ }
+}
+
+sub create_entries {
+ foreach my $name (@names) {
+ create_account(%$name);
+ }
+}
+
+sub create_account {
+ our $uid;
+ $uid = 1000 if not defined $uid;
+
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->add("uid=$login, ou=$group, $basedn", attr => [
+ %id,
+ objectClass => [ "top", "person", "posixAccount" ],
+ uid => $login,
+ uidNumber => $uid++,
+ gidNumber => 1000,
+ homeDirectory => "/home/$login" ]);
+}
+
+sub delete_entries {
+ foreach my $name (@names) {
+ delete_account(%$name);
+ }
+}
+
+sub delete_account {
+ my %id = @_;
+ my $login = $id{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->delete("uid=$login, ou=$group, $basedn");
+}
+
+sub search_entries {
+ foreach (1..10000) {
+ my $num = int(rand(@names));
+ $login = $names[$num]->{cn};
+ $login =~ tr/A-Z/a-z/;
+ $ldap->search(base => "$basedn", filter => "uid=$login");
+ }
+}
+
+create_group;
+invent_names;
+create_entries;
+search_entries;
+delete_entries;
diff --git a/debian/tests/sha2-contrib b/debian/tests/sha2-contrib
new file mode 100755
index 0000000..32f7637
--- /dev/null
+++ b/debian/tests/sha2-contrib
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+reference_hash="{SHA256}$(echo -n secret | openssl dgst -sha256 -binary | openssl enc -base64)"
+test_hash=$(/usr/sbin/slappasswd -s secret -h '{SHA256}' -o module-load=pw-sha2)
+
+echo "Reference hash of \"secret\" (openssl): ${reference_hash}"
+echo "slapd's pw-sha2 hash: ${test_hash}"
+
+if [ "${reference_hash}" != "${test_hash}" ]; then
+ echo "ERROR: hashes differ"
+ exit 1
+else
+ echo "PASS: hashes are identical"
+fi
diff --git a/debian/tests/slapd b/debian/tests/slapd
new file mode 100755
index 0000000..d79e225
--- /dev/null
+++ b/debian/tests/slapd
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -eux
+
+export DEBIAN_FRONTEND=noninteractive
+
+debconf-set-selections << eof
+slapd slapd/password1 password secret
+slapd slapd/password2 password secret
+slapd slapd/domain string example.com
+slapd slapd/organization string example.com
+eof
+
+apt-get -y install slapd
+
+test "$(ldapwhoami -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com'
diff --git a/debian/tests/slapd-tls b/debian/tests/slapd-tls
new file mode 100755
index 0000000..a5e387e
--- /dev/null
+++ b/debian/tests/slapd-tls
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -eux
+
+SSL_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+SSL_KEY=/etc/ssl/private/ssl-cert-snakeoil.key
+SSL_PRIVATE_DIR=/etc/ssl/private
+
+export DEBIAN_FRONTEND=noninteractive
+
+debconf-set-selections << eof
+slapd slapd/password1 password secret
+slapd slapd/password2 password secret
+slapd slapd/domain string example.com
+slapd slapd/organization string example.com
+eof
+
+apt-get -y install slapd
+
+chgrp openldap "$SSL_PRIVATE_DIR" "$SSL_KEY"
+chmod g+r "$SSL_KEY"
+
+ldapmodify -H ldapi:// -Y EXTERNAL << EOF
+dn: cn=config
+add: olcTLSCertificateFile
+olcTLSCertificateFile: $SSL_CERT
+-
+add: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: $SSL_KEY
+
+EOF
+
+test "$(ldapwhoami -ZZ -o tls_cacert="$SSL_CERT" -x -D 'cn=admin,dc=example,dc=com' -w secret)" = 'dn:cn=admin,dc=example,dc=com'
diff --git a/debian/tests/smbk5pwd b/debian/tests/smbk5pwd
new file mode 100755
index 0000000..aeb5f81
--- /dev/null
+++ b/debian/tests/smbk5pwd
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+# Import the Samba and Heimdal schemas
+ldapadd -H ldapi:// -Y EXTERNAL -f /usr/share/doc/samba/examples/LDAP/samba.ldif
+schema2ldif /etc/ldap/schema/hdb.schema | ldapadd -H ldapi:// -Y EXTERNAL
+
+# Grant slapd access to the Heimdal master key
+chgrp openldap /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
+chmod g+rX /var/lib/heimdal-kdc /var/lib/heimdal-kdc/*key
+
+# Instantiate the smbk5pwd overlay
+ldapmodify -H ldapi:// -Y EXTERNAL << eof
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: smbk5pwd
+
+dn: olcOverlay=smbk5pwd,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcSmbK5PwdConfig
+olcSmbK5PwdEnable: krb5
+olcSmbK5PwdEnable: samba
+olcSmbK5PwdEnable: shadow
+
+eof