#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software .
##
## Copyright 1998-2022 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## .
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
mkdir -p $TESTDIR $DBDIR1
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND < $WHOAMICONF > $ADDCONF
$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Starting slapd on TCP/IP port $PORT..."
. $CONFFILTER $BACKEND < $WHOAMICONF > $CONF1
$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
sleep 1
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
echo "Testing ldapwhoami as anonymous..."
$LDAPWHOAMI -H $URI1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Testing ldapwhoami as ${MANAGERDN}..."
$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
-e \!authzid=""
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
-e \!authzid="dn:$BABSDN"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
-e \!authzid="u:uham"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
# authzFrom: someone else => bjorn
echo "Testing authzFrom..."
BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjensen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=melliot
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jen
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=jjones
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=noone
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=dots
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
BINDPW=jaj
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
BINDPW=ITD
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Should Fail,dc=example,dc=com"
BINDPW=fail
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
case $RC in
1)
;;
0)
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
;;
*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
BINDDN="cn=Must Fail,dc=example,dc=com"
BINDPW=fail
AUTHZID="u:bjorn"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
case $RC in
1)
;;
0)
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
;;
*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
# authzTo: bjorn => someone else
echo "Testing authzTo..."
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:bjensen"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:melliot"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jdoe"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jjones"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:noone"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:dots"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:jaj"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:group/itd staff"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="u:fail"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
case $RC in
1)
;;
0)
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
;;
*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
case $RC in
1)
;;
0)
echo "ldapwhoami should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
;;
*)
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
BINDPW=bjorn
AUTHZID="dn:cn=don't!"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 1 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit 1
fi
BINDDN="dc=example,dc=com"
BINDPW=example
AUTHZID="dn:"
echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
-e \!authzid="$AUTHZID"
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
test $KILLSERVERS != no && wait
exit 0
## Note to developers: when SLAPD_DEBUG=-1 the command
## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
## to indicate that the authzFrom and authzTo rules applied in the right order.