summaryrefslogtreecommitdiffstats
path: root/tests/scripts/test079-proxy-timeout
diff options
context:
space:
mode:
Diffstat (limited to 'tests/scripts/test079-proxy-timeout')
-rwxr-xr-xtests/scripts/test079-proxy-timeout374
1 files changed, 374 insertions, 0 deletions
diff --git a/tests/scripts/test079-proxy-timeout b/tests/scripts/test079-proxy-timeout
new file mode 100755
index 0000000..6a8e0c7
--- /dev/null
+++ b/tests/scripts/test079-proxy-timeout
@@ -0,0 +1,374 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test $BACKLDAP = "ldapno" ; then
+ echo "LDAP backend not available, test skipped"
+ exit 0
+fi
+if test $RWM = "rwmno" ; then
+ echo "rwm (rewrite/remap) overlay not available, test skipped"
+ exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+$SLAPPASSWD -g -n >$CONFIGPWF
+
+#
+# Start slapd that acts as a remote LDAP server that will be proxied
+#
+echo "Running slapadd to build database for the remote slapd server..."
+. $CONFFILTER $BACKEND < $CONF > $CONF1
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+ echo "slapadd failed ($RC)!"
+ exit $RC
+fi
+
+echo "Starting remote slapd server on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
+SERVERPID=$!
+if test $WAIT != 0 ; then
+ echo SERVERPID $SERVERPID
+ read foo
+fi
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+#
+# Start ldapd that will proxy for the remote server
+#
+# Proxy is configured with two slapd-ldap backends:
+# - one with idle timeout set: dc=idle-timeout,$BASED
+# - one with connection TTL set: dc=conn-ttl,$BASEDN
+#
+echo "Starting slapd proxy on TCP/IP port $PORT2..."
+. $CONFFILTER $BACKEND < $DATADIR/slapd-proxytimeout.conf > $CONF2
+$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
+PROXYPID=$!
+if test $WAIT != 0 ; then
+ echo PROXYPID $PROXYPID
+ read foo
+fi
+
+KILLPIDS="$SERVERPID $PROXYPID"
+
+echo "Using ldapsearch to check that slapd is running..."
+for i in 0 1 2 3 4 5; do
+ $LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+ 'objectclass=*' > /dev/null 2>&1
+ RC=$?
+ if test $RC = 0 ; then
+ break
+ fi
+ echo "Waiting $SLEEP1 seconds for slapd to start..."
+ sleep $SLEEP1
+done
+
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+##############################################################################
+#
+# Test 1: Test that shared connections are timed out
+#
+
+CONN_BEGINS=`date +%s`
+CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
+echo "Create shared connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"
+
+$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD \
+ 'objectclass=*' > $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD \
+ 'objectclass=*' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed for base: dc=conn-ttl,$BASEDN ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Check that connections are established by searching for olmDbConnURI from Monitor
+
+echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
+
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# Wait for connections to be closed, either due to
+# - idle-timeout and
+# - conn-ttl
+# sleep 2 second overtime for robustness of the test case
+echo "Sleeping until idle-timeout and conn-ttl have passed"
+NOW=`date +%s`
+sleep `expr $CONN_EXPIRES - $NOW + 2`
+
+echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
+
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+##############################################################################
+#
+# Test 2: Test that private connections are timed out
+#
+
+CONN_BEGINS=`date +%s`
+CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
+echo "Create private connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"
+
+# Create fifos that are used to pass searches from the test case to ldapsearch
+rm -f $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo
+mkfifo $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo
+
+# Execute ldapsearch on background and have it read searches from the fifo
+$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
+ -D "cn=Barbara Jensen,ou=Information Technology Division,dc=idle-timeout,$BASEDN" \
+ -H $URI2 \
+ -w "bjensen" \
+ -f $TESTDIR/ldapsearch1.fifo >> $TESTOUT 2>&1 &
+LDAPSEARCHPIDS=$!
+
+$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
+ -D "cn=Barbara Jensen,ou=Information Technology Division,dc=conn-ttl,$BASEDN" \
+ -H $URI2 \
+ -w "bjensen" \
+ -f $TESTDIR/ldapsearch2.fifo >> $TESTOUT 2>&1 &
+LDAPSEARCHPIDS="$LDAPSEARCHPIDS $!"
+
+# Open fifos as file descriptor
+exec 3>$TESTDIR/ldapsearch1.fifo
+exec 4>$TESTDIR/ldapsearch2.fifo
+
+# Trigger LDAP connections towards the proxy by executing a search
+echo 'objectclass=*' >&3
+echo 'objectclass=*' >&4
+
+# wait for ldapsearches (running as background processes) to execute search operations
+sleep 2
+
+echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
+
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
+ exit $RC
+fi
+
+# Wait for connections to be closed, either due to
+# - idle-timeout and
+# - conn-ttl
+# sleep 2 second overtime for robustness of the test case
+echo "Sleeping until idle-timeout and conn-ttl have passed"
+NOW=`date +%s`
+sleep `expr $CONN_EXPIRES - $NOW + 2`
+
+echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
+
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
+ exit $RC
+fi
+
+$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
+ exit $RC
+fi
+
+# Close the file descriptors associated with the fifos.
+# This will trigger EOF to ldapsearch which will cause it to exit.
+exec 3>&-
+exec 4>&-
+
+
+##############################################################################
+#
+# Test 3: Check that idle-timeout is reset on activity
+#
+
+echo "Checking that idle-timeout is reset on activity"
+CONN_BEGINS=`date +%s`
+CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
+echo "Create cached connection: idle-timeout timeout starts (time_t now=$CONN_BEGINS, original_timeout=$CONN_EXPIRES)"
+$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD \
+ 'objectclass=*' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# sleep until 2 seconds before idle-timeout, then extend the timeout by executing another search operation
+NOW=`date +%s`
+sleep `expr $CONN_EXPIRES - $NOW - 2`
+
+CONN_BEGINS=`date +%s`
+CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
+echo "Do another search to reset the timeout (time_t now=$CONN_BEGINS, new_timeout=$CONN_EXPIRES)"
+$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD \
+ 'objectclass=*' >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# sleep until 2 seconds before new extended idle-timeout, check that connection still exist
+NOW=`date +%s`
+sleep `expr $CONN_EXPIRES - $NOW - 2`
+echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)"
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 0 ; then
+ echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+# sleep until 2 seconds after timeout, check that connection does not exist
+NOW=`date +%s`
+sleep `expr $CONN_EXPIRES - $NOW + 2`
+echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)"
+$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
+ -D "cn=Manager,dc=local,dc=com" \
+ -H $URI2 \
+ -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
+RC=$?
+if test $RC != 1 ; then
+ echo "Error: LDAP connection to remote LDAP server was not closed"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0