diff options
Diffstat (limited to 'tests/scripts/test079-proxy-timeout')
-rwxr-xr-x | tests/scripts/test079-proxy-timeout | 374 |
1 files changed, 374 insertions, 0 deletions
diff --git a/tests/scripts/test079-proxy-timeout b/tests/scripts/test079-proxy-timeout new file mode 100755 index 0000000..6a8e0c7 --- /dev/null +++ b/tests/scripts/test079-proxy-timeout @@ -0,0 +1,374 @@ +#! /bin/sh +# $OpenLDAP$ +## This work is part of OpenLDAP Software <http://www.openldap.org/>. +## +## Copyright 1998-2022 The OpenLDAP Foundation. +## All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted only as authorized by the OpenLDAP +## Public License. +## +## A copy of this license is available in the file LICENSE in the +## top-level directory of the distribution or, alternatively, at +## <http://www.OpenLDAP.org/license.html>. + +echo "running defines.sh" +. $SRCDIR/scripts/defines.sh + +if test $BACKLDAP = "ldapno" ; then + echo "LDAP backend not available, test skipped" + exit 0 +fi +if test $RWM = "rwmno" ; then + echo "rwm (rewrite/remap) overlay not available, test skipped" + exit 0 +fi + +mkdir -p $TESTDIR $DBDIR1 $DBDIR2 +$SLAPPASSWD -g -n >$CONFIGPWF + +# +# Start slapd that acts as a remote LDAP server that will be proxied +# +echo "Running slapadd to build database for the remote slapd server..." +. $CONFFILTER $BACKEND < $CONF > $CONF1 +$SLAPADD -f $CONF1 -l $LDIFORDERED +RC=$? +if test $RC != 0 ; then + echo "slapadd failed ($RC)!" + exit $RC +fi + +echo "Starting remote slapd server on TCP/IP port $PORT1..." +$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 & +SERVERPID=$! +if test $WAIT != 0 ; then + echo SERVERPID $SERVERPID + read foo +fi + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# +# Start ldapd that will proxy for the remote server +# +# Proxy is configured with two slapd-ldap backends: +# - one with idle timeout set: dc=idle-timeout,$BASED +# - one with connection TTL set: dc=conn-ttl,$BASEDN +# +echo "Starting slapd proxy on TCP/IP port $PORT2..." +. $CONFFILTER $BACKEND < $DATADIR/slapd-proxytimeout.conf > $CONF2 +$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 & +PROXYPID=$! +if test $WAIT != 0 ; then + echo PROXYPID $PROXYPID + read foo +fi + +KILLPIDS="$SERVERPID $PROXYPID" + +echo "Using ldapsearch to check that slapd is running..." +for i in 0 1 2 3 4 5; do + $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \ + 'objectclass=*' > /dev/null 2>&1 + RC=$? + if test $RC = 0 ; then + break + fi + echo "Waiting $SLEEP1 seconds for slapd to start..." + sleep $SLEEP1 +done + +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +############################################################################## +# +# Test 1: Test that shared connections are timed out +# + +CONN_BEGINS=`date +%s` +CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT` +echo "Create shared connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)" + +$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD \ + 'objectclass=*' > $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed for base: dc=conn-ttl,$BASEDN ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Check that connections are established by searching for olmDbConnURI from Monitor + +echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)" + +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# Wait for connections to be closed, either due to +# - idle-timeout and +# - conn-ttl +# sleep 2 second overtime for robustness of the test case +echo "Sleeping until idle-timeout and conn-ttl have passed" +NOW=`date +%s` +sleep `expr $CONN_EXPIRES - $NOW + 2` + +echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)" + +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +############################################################################## +# +# Test 2: Test that private connections are timed out +# + +CONN_BEGINS=`date +%s` +CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT` +echo "Create private connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)" + +# Create fifos that are used to pass searches from the test case to ldapsearch +rm -f $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo +mkfifo $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo + +# Execute ldapsearch on background and have it read searches from the fifo +$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \ + -D "cn=Barbara Jensen,ou=Information Technology Division,dc=idle-timeout,$BASEDN" \ + -H $URI2 \ + -w "bjensen" \ + -f $TESTDIR/ldapsearch1.fifo >> $TESTOUT 2>&1 & +LDAPSEARCHPIDS=$! + +$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \ + -D "cn=Barbara Jensen,ou=Information Technology Division,dc=conn-ttl,$BASEDN" \ + -H $URI2 \ + -w "bjensen" \ + -f $TESTDIR/ldapsearch2.fifo >> $TESTOUT 2>&1 & +LDAPSEARCHPIDS="$LDAPSEARCHPIDS $!" + +# Open fifos as file descriptor +exec 3>$TESTDIR/ldapsearch1.fifo +exec 4>$TESTDIR/ldapsearch2.fifo + +# Trigger LDAP connections towards the proxy by executing a search +echo 'objectclass=*' >&3 +echo 'objectclass=*' >&4 + +# wait for ldapsearches (running as background processes) to execute search operations +sleep 2 + +echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)" + +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS + exit $RC +fi + +$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS + exit $RC +fi + +# Wait for connections to be closed, either due to +# - idle-timeout and +# - conn-ttl +# sleep 2 second overtime for robustness of the test case +echo "Sleeping until idle-timeout and conn-ttl have passed" +NOW=`date +%s` +sleep `expr $CONN_EXPIRES - $NOW + 2` + +echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)" + +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS + exit $RC +fi + +$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS + exit $RC +fi + +# Close the file descriptors associated with the fifos. +# This will trigger EOF to ldapsearch which will cause it to exit. +exec 3>&- +exec 4>&- + + +############################################################################## +# +# Test 3: Check that idle-timeout is reset on activity +# + +echo "Checking that idle-timeout is reset on activity" +CONN_BEGINS=`date +%s` +CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT` +echo "Create cached connection: idle-timeout timeout starts (time_t now=$CONN_BEGINS, original_timeout=$CONN_EXPIRES)" +$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# sleep until 2 seconds before idle-timeout, then extend the timeout by executing another search operation +NOW=`date +%s` +sleep `expr $CONN_EXPIRES - $NOW - 2` + +CONN_BEGINS=`date +%s` +CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT` +echo "Do another search to reset the timeout (time_t now=$CONN_BEGINS, new_timeout=$CONN_EXPIRES)" +$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD \ + 'objectclass=*' >> $TESTOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# sleep until 2 seconds before new extended idle-timeout, check that connection still exist +NOW=`date +%s` +sleep `expr $CONN_EXPIRES - $NOW - 2` +echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)" +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 0 ; then + echo "Error: LDAP connection to remote LDAP server is not found ($RC)" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +# sleep until 2 seconds after timeout, check that connection does not exist +NOW=`date +%s` +sleep `expr $CONN_EXPIRES - $NOW + 2` +echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)" +$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \ + -D "cn=Manager,dc=local,dc=com" \ + -H $URI2 \ + -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null +RC=$? +if test $RC != 1 ; then + echo "Error: LDAP connection to remote LDAP server was not closed" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +test $KILLSERVERS != no && kill -HUP $KILLPIDS + +echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + +exit 0 |