diff options
Diffstat (limited to 'contrib/slapd-modules/variant/tests/scripts/test006-acl')
| -rwxr-xr-x | contrib/slapd-modules/variant/tests/scripts/test006-acl | 323 |
1 files changed, 323 insertions, 0 deletions
diff --git a/contrib/slapd-modules/variant/tests/scripts/test006-acl b/contrib/slapd-modules/variant/tests/scripts/test006-acl new file mode 100755 index 0000000..6b34fb8 --- /dev/null +++ b/contrib/slapd-modules/variant/tests/scripts/test006-acl @@ -0,0 +1,323 @@ +#! /bin/sh +## $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 2016-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. +## +## ACKNOWLEDGEMENTS: +## This module was written in 2016 by Ondřej Kuzník for Symas Corp. + +case "$BACKEND" in ldif | null) + echo "$BACKEND backend does not support access controls, test skipped" + exit 0 +esac + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +CONF=$ACLCONF +. ${SCRIPTDIR}/common.sh + +echo "Applying test-specific configuration..." +. $CONFFILTER $BACKEND $MONITORDB < data/test006-config.ldif | \ +$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ + >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: organizationalUnit +ou: Add & Delete + +dn: cn=group,ou=Add & Delete,dc=example,dc=com +changetype: add +objectclass: groupOfNames +member: dc=example,dc=com + +dn: sn=Doe,ou=Add & Delete,dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: John +uid: jd + +dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com +changetype: add +objectclass: OpenLDAPperson +cn: Mark +uid: me +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "Testing search ACL processing..." + +echo "# Try to read an entry inside the Alumni Association container. +# It should give us noSuchObject if we're not bound..." \ +>> $SEARCHOUT +# FIXME: temporarily remove the "No such object" message to make +# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd +$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 "(objectclass=*)" \ + 2>&1 | grep -v "No such object" >> $SEARCHOUT + +echo >>$SEARCHOUT +echo "# ... and should return appropriate attributes if we're bound as anyone +# under Example." \ +>> $SEARCHOUT +$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \ + -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 + +$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \ + -D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1 + +echo >>$SEARCHOUT +echo "# Add & Delete subtree contents as seen by Babs" >> $SEARCHOUT +$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \ + -D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1 + +echo >>$SEARCHOUT +echo "# Add & Delete subtree contents as seen by Bjorn" >> $SEARCHOUT +$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \ + -D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1 + +echo "Testing modifications..." +echo "... ACL on the alternative entry" +$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=group,ou=Add & Delete,dc=example,dc=com +changetype: modify +add: seealso +seealso: $BJORNSDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: description +description: added by bjensen (should fail) +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=group,ou=Add & Delete,dc=example,dc=com +changetype: modify +add: seealso +seealso: $BABSDN +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com +changetype: modify +add: description +description: added by bjorn (removed later) +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Group,ou=Add & Delete,dc=example,dc=com +changetype: modify +delete: description +description: added by bjorn (removed later) +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com +changetype: add +objectClass: inetOrgPerson +sn: Jensen +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Group,ou=Add & Delete,dc=example,dc=com +changetype: modify +add: description +description: another one added by bjorn (should succeed) +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo "... ACL on the variant entry" +$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Group,ou=Add & Delete,dc=example,dc=com +changetype: modify +add: description +description: added by bjensen (should fail) +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \ + $TESTOUT 2>&1 << EOMODS +dn: sn=Doe,ou=Add & Delete,dc=example,dc=com +changetype: modify +add: description +description: added by bjorn (will be removed) +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \ + $TESTOUT 2>&1 << EOMODS +dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com +changetype: modify +replace: description +description: added by bjensen (should fail) +EOMODS +RC=$? +case $RC in +50) + ;; +0) + echo "ldapmodify should have failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit -1 + ;; +*) + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC + ;; +esac + +$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \ + $TESTOUT 2>&1 << EOMODS +dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com +changetype: modify +delete: description +description: added by bjorn (will be removed) +- +add: description +description: added by jaj (should succeed) +EOMODS +RC=$? +if test $RC != 0 ; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +sleep $SLEEP0 + +echo >>$SEARCHOUT +echo "Using ldapsearch to retrieve all the entries..." +echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "ou=Add & Delete,dc=example,dc=com" \ + -D "$MANAGERDN" -H $URI1 -w $PASSWD \ + 'objectClass=*' >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +LDIF=data/test006-out.ldif + +echo "Filtering ldapsearch results..." +$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT +echo "Filtering expected entries..." +$LDIFFILTER -s e < $LDIF > $LDIFFLT +echo "Comparing filter output..." +$CMP $SEARCHFLT $LDIFFLT > $CMPOUT + +if test $? != 0 ; then + echo "comparison failed - operations did not complete correctly" + exit 1 +fi + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 |