From b527294153be3b79563c82c66102adc0004736c0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 19:54:12 +0200 Subject: Adding upstream version 2.6.7+dfsg. Signed-off-by: Daniel Baumann --- tests/scripts/test068-sasl-tls-external | 129 ++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100755 tests/scripts/test068-sasl-tls-external (limited to 'tests/scripts/test068-sasl-tls-external') diff --git a/tests/scripts/test068-sasl-tls-external b/tests/scripts/test068-sasl-tls-external new file mode 100755 index 0000000..f79471b --- /dev/null +++ b/tests/scripts/test068-sasl-tls-external @@ -0,0 +1,129 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software . +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## . + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $WITH_TLS = no ; then + echo "TLS support not available, test skipped" + exit 0 +fi + +if test $WITH_SASL = no ; then + echo "SASL support not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 +cp -r $DATADIR/tls $TESTDIR + +cd $TESTWD + +echo "Running slapadd to build slapd database..." +. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT2..." +$SLAPD -f $CONF1 -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 & +PID=$! +if test $WAIT != 0 ; then + echo PID $PID + read foo +fi +KILLPIDS="$PID" + +sleep 1 + +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting 5 seconds for slapd to start..." + sleep 5 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo -n "Using ldapwhoami with SASL/EXTERNAL...." +$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqcert=hard \ + -o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key -ZZ -Y EXTERNAL -H $URIP1 \ + > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapwhoami (startTLS) failed ($RC)!" + exit $RC +else + echo "success" +fi + +echo -n "Validating mapped SASL ID..." +echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out +$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT + +RC=$? +if test $RC != 0 ; then + echo "Comparison failed" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC +else + echo "success" +fi + +# Exercise channel-bindings code in builds without SASL support +for cb in "none" "tls-unique" "tls-endpoint" ; do + + echo -n "Using ldapwhoami with SASL/EXTERNAL and SASL_CBINDING (${cb})...." + + $LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \ + -o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \ + -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \ + -o tls_reqcert=hard -o SASL_CBINDING=$cb -ZZ -Y EXTERNAL -H $URIP1 \ + > $TESTOUT 2>&1 + + RC=$? + if test $RC != 0 ; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $PID + exit $RC + else + echo "success" + fi +done + + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +if test $RC != 0 ; then + echo ">>>>> Test failed" +else + echo ">>>>> Test succeeded" + RC=0 +fi + +test $KILLSERVERS != no && wait + +exit $RC -- cgit v1.2.3