blob: f79471ba726da1b91d6a191658ce1f06eecddab5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2022 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $WITH_TLS = no ; then
echo "TLS support not available, test skipped"
exit 0
fi
if test $WITH_SASL = no ; then
echo "SASL support not available, test skipped"
exit 0
fi
mkdir -p $TESTDIR $DBDIR1
cp -r $DATADIR/tls $TESTDIR
cd $TESTWD
echo "Running slapadd to build slapd database..."
. $CONFFILTER $BACKEND < $TLSSASLCONF > $CONF1
$SLAPADD -f $CONF1 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
echo "slapadd failed ($RC)!"
exit $RC
fi
echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT2..."
$SLAPD -f $CONF1 -h "$URI1 $SURI2" -d $LVL > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
sleep 1
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo -n "Using ldapwhoami with SASL/EXTERNAL...."
$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt -o tls_reqcert=hard \
-o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt -o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key -ZZ -Y EXTERNAL -H $URIP1 \
> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami (startTLS) failed ($RC)!"
exit $RC
else
echo "success"
fi
echo -n "Validating mapped SASL ID..."
echo 'dn:cn=barbara jensen,ou=information technology division,ou=people,dc=example,dc=com' > $TESTDIR/dn.out
$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
RC=$?
if test $RC != 0 ; then
echo "Comparison failed"
test $KILLSERVERS != no && kill -HUP $PID
exit $RC
else
echo "success"
fi
# Exercise channel-bindings code in builds without SASL support
for cb in "none" "tls-unique" "tls-endpoint" ; do
echo -n "Using ldapwhoami with SASL/EXTERNAL and SASL_CBINDING (${cb})...."
$LDAPSASLWHOAMI -o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt \
-o tls_cert=$TESTDIR/tls/certs/bjensen@mailgw.example.com.crt \
-o tls_key=$TESTDIR/tls/private/bjensen@mailgw.example.com.key \
-o tls_reqcert=hard -o SASL_CBINDING=$cb -ZZ -Y EXTERNAL -H $URIP1 \
> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $PID
exit $RC
else
echo "success"
fi
done
test $KILLSERVERS != no && kill -HUP $KILLPIDS
if test $RC != 0 ; then
echo ">>>>> Test failed"
else
echo ">>>>> Test succeeded"
RC=0
fi
test $KILLSERVERS != no && wait
exit $RC
|
