From 5ea77a75dd2d2158401331879f3c8f47940a732c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 18:35:32 +0200
Subject: Adding upstream version 2.5.13+dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 tests/scripts/test065-proxyauthz | 255 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 255 insertions(+)
 create mode 100755 tests/scripts/test065-proxyauthz

(limited to 'tests/scripts/test065-proxyauthz')

diff --git a/tests/scripts/test065-proxyauthz b/tests/scripts/test065-proxyauthz
new file mode 100755
index 0000000..e96c877
--- /dev/null
+++ b/tests/scripts/test065-proxyauthz
@@ -0,0 +1,255 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+PCACHETTL=${PCACHETTL-"1m"}
+PCACHENTTL=${PCACHENTTL-"1m"}
+PCACHESTTL=${PCACHESTTL-"1m"}
+PCACHE_ENTRY_LIMIT=${PCACHE_ENTRY_LIMIT-"6"}
+PCACHE_CCPERIOD=${PCACHE_CCPERIOD-"2"}
+PCACHETTR=${PCACHETTR-"2"}
+PCACHEBTTR=${PCACHEBTTR-"5"}
+
+. $SRCDIR/scripts/defines.sh
+
+LVL=0x100
+
+if test $PROXYCACHE = pcacheno; then 
+	echo "Proxy cache overlay not available, test skipped"
+	exit 0
+fi 
+
+if test $BACKLDAP = "ldapno" ; then 
+	echo "LDAP backend not available, test skipped"
+	exit 0
+fi 
+
+if test $BACKEND = ldif ; then
+	# The (mail=example.com*) queries hit a sizelimit, so which
+	# entry is returned depends on the ordering in the backend.
+	echo "Test does not support $BACKEND backend, test skipped"
+	exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1 $DBDIR2
+
+# Test proxy caching:
+# - start provider
+# - start proxy cache
+# - populate provider 
+# - perform a first search
+# - verify cacheability
+# - perform a second search with the same filter and same user 
+# - verify answerability and cacheability of the bind
+# - perform a third search with the same user but a different filter
+# - verify cacheability of the bind and the non-answerability of the result 
+
+echo "Starting provider slapd on TCP/IP port $PORT1..."
+. $CONFFILTER < $PROXYAUTHZPROVIDERCONF > $CONF1
+$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep 1
+
+echo "Using ldapsearch to check that provider slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		-D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Using ldapadd to populate the provider directory..."
+$LDAPADD -x -D "$MANAGERDN" -H $URI1 -w $PASSWD < \
+	$LDIFORDERED > /dev/null 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapadd failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting proxy cache on TCP/IP port $PORT2..."
+. $CONFFILTER < $PROXYAUTHZCONF | sed \
+	-e "s/@TTL@/${PCACHETTL}/"			\
+	-e "s/@NTTL@/${PCACHENTTL}/"		\
+	-e "s/@STTL@/${PCACHENTTL}/"		\
+	-e "s/@TTR@/${PCACHETTR}/"			\
+	-e "s/@ENTRY_LIMIT@/${PCACHE_ENTRY_LIMIT}/"	\
+	-e "s/@CCPERIOD@/${PCACHE_CCPERIOD}/"			\
+	-e "s/@BTTR@/${PCACHEBTTR}/"			\
+	> $CONF2
+
+$SLAPD -f $CONF2 -h $URI2 -d $LVL -d pcache > $LOG2 2>&1 &
+CACHEPID=$!
+if test $WAIT != 0 ; then
+	echo CACHEPID $CACHEPID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $CACHEPID"
+
+sleep 1
+
+echo "Using ldapsearch to check that proxy slapd is running..."
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+		-D "cn=Manager,dc=example,dc=com" -w secret 'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting 5 seconds for slapd to start..."
+	sleep 5
+done
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+cat /dev/null > $SEARCHOUT
+
+echo "Making queries on the proxy cache..." 
+CNT=0
+
+
+CNT=`expr $CNT + 1`
+USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+UPASSWD="jaj"
+echo "Query $CNT: $USERDN"
+echo "# Query $CNT: $USERDN" >> $SEARCHOUT
+
+$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
+	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
+RC=$?
+
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# Check that the bind is cached
+grep "CACHING BIND for $USERDN" $LOG2 > /dev/null
+
+RC=$?
+if test $RC != 0 ; then
+	echo "Refresh failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+CNT=`expr $CNT + 1`
+USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+UPASSWD="jaj"
+echo "Query $CNT: (Bind should be cached)"
+echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
+
+$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
+	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+grep "CACHED BIND for $USERDN" $LOG2 > /dev/null
+RC=$?
+if test $RC != 0 ; then
+	echo "Refresh failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+CNT=`expr $CNT + 1`
+USERDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
+
+echo "Query $CNT: (Bind should be cached)"
+echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
+	-D "$USERDN" -w "$UPASSWD" "(sn=je*)" sn >> $SEARCHOUT 2>> $TESTOUT
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
+if test $RC != 2 ; then
+	echo "Bind wasn't answered from cache"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+echo "=== New search on (sn=jo*)"
+cat /dev/null > $SEARCHOUT
+echo "# Query $CNT: (Bind should be cached)" >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "dc=example,dc=com" -s SUB -H $URI2 \
+	-D "$USERDN" -w "$UPASSWD" "(sn=jo*)" sn >> $SEARCHOUT 2>> $TESTOUT
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+RC=`grep "CACHED BIND for $USERDN" $LOG2 | wc -l`
+if test $RC != 3 ; then
+	echo "Bind wasn't answered from cache"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+RC=`grep "QUERY NOT ANSWERABLE" $LOG2 | wc -l`
+if test $RC != 3 ; then
+	echo "Search wasn't searched on remote peer"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+RC=`grep "dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" $SEARCHOUT | wc -l`
+if test $RC != 1 ; then
+	echo "Search wasn't retrieved on remote peer"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS && wait
+	exit 1
+fi
+
+echo "Test succeeded"
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+test $KILLSERVERS != no && wait
+
+exit 0
-- 
cgit v1.2.3