1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19mkdir -p $TESTDIR $DBDIR1
20
21echo "Running slapadd to build slapd database..."
22. $CONFFILTER $BACKEND < $WHOAMICONF > $ADDCONF
23$SLAPADD -f $ADDCONF -l $LDIFWHOAMI
24RC=$?
25if test $RC != 0 ; then
26          echo "slapadd failed ($RC)!"
27          exit $RC
28fi
29
30echo "Starting slapd on TCP/IP port $PORT..."
31. $CONFFILTER $BACKEND < $WHOAMICONF > $CONF1
32$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
33PID=$!
34if test $WAIT != 0 ; then
35    echo PID $PID
36    read foo
37fi
38KILLPIDS="$PID"
39
40sleep 1
41
42echo "Using ldapsearch to check that slapd is running..."
43for i in 0 1 2 3 4 5; do
44          $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
45                    'objectclass=*' > /dev/null 2>&1
46          RC=$?
47          if test $RC = 0 ; then
48                    break
49          fi
50          echo "Waiting 5 seconds for slapd to start..."
51          sleep 5
52done
53
54echo "Testing ldapwhoami as anonymous..."
55$LDAPWHOAMI -H $URI1
56
57RC=$?
58if test $RC != 0 ; then
59          echo "ldapwhoami failed ($RC)!"
60          test $KILLSERVERS != no && kill -HUP $KILLPIDS
61          exit $RC
62fi
63
64echo "Testing ldapwhoami as ${MANAGERDN}..."
65$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD
66
67RC=$?
68if test $RC != 0 ; then
69          echo "ldapwhoami failed ($RC)!"
70          test $KILLSERVERS != no && kill -HUP $KILLPIDS
71          exit $RC
72fi
73
74echo "Testing ldapwhoami as ${MANAGERDN} for anonymous..."
75$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
76          -e \!authzid=""
77
78RC=$?
79if test $RC != 0 ; then
80          echo "ldapwhoami failed ($RC)!"
81          test $KILLSERVERS != no && kill -HUP $KILLPIDS
82          exit $RC
83fi
84
85echo "Testing ldapwhoami as ${MANAGERDN} for dn:$BABSDN..."
86$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
87          -e \!authzid="dn:$BABSDN"
88
89RC=$?
90if test $RC != 0 ; then
91          echo "ldapwhoami failed ($RC)!"
92          test $KILLSERVERS != no && kill -HUP $KILLPIDS
93          exit $RC
94fi
95
96echo "Testing ldapwhoami as ${MANAGERDN} for u:uham..."
97$LDAPWHOAMI -H $URI1 -D "$MANAGERDN" -w $PASSWD \
98          -e \!authzid="u:uham"
99
100RC=$?
101if test $RC != 0 ; then
102          echo "ldapwhoami failed ($RC)!"
103          test $KILLSERVERS != no && kill -HUP $KILLPIDS
104          exit $RC
105fi
106
107# authzFrom: someone else => bjorn
108echo "Testing authzFrom..."
109
110BINDDN="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
111BINDPW=bjensen
112AUTHZID="u:bjorn"
113echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
114$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
115          -e \!authzid="$AUTHZID"
116
117RC=$?
118if test $RC != 0 ; then
119          echo "ldapwhoami failed ($RC)!"
120          test $KILLSERVERS != no && kill -HUP $KILLPIDS
121          exit $RC
122fi
123
124BINDDN="cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com"
125BINDPW=melliot
126AUTHZID="u:bjorn"
127echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
128$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
129          -e \!authzid="$AUTHZID"
130
131RC=$?
132if test $RC != 0 ; then
133          echo "ldapwhoami failed ($RC)!"
134          test $KILLSERVERS != no && kill -HUP $KILLPIDS
135          exit $RC
136fi
137
138BINDDN="cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com"
139BINDPW=jen
140AUTHZID="u:bjorn"
141echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
142$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
143          -e \!authzid="$AUTHZID"
144
145RC=$?
146if test $RC != 0 ; then
147          echo "ldapwhoami failed ($RC)!"
148          test $KILLSERVERS != no && kill -HUP $KILLPIDS
149          exit $RC
150fi
151
152BINDDN="cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example,dc=com"
153BINDPW=jjones
154AUTHZID="u:bjorn"
155echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
156$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
157          -e \!authzid="$AUTHZID"
158
159RC=$?
160if test $RC != 0 ; then
161          echo "ldapwhoami failed ($RC)!"
162          test $KILLSERVERS != no && kill -HUP $KILLPIDS
163          exit $RC
164fi
165
166BINDDN="cn=No One,ou=Information Technology Division,ou=People,dc=example,dc=com"
167BINDPW=noone
168AUTHZID="u:bjorn"
169echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
170$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
171          -e \!authzid="$AUTHZID"
172
173RC=$?
174if test $RC != 0 ; then
175          echo "ldapwhoami failed ($RC)!"
176          test $KILLSERVERS != no && kill -HUP $KILLPIDS
177          exit $RC
178fi
179
180BINDDN="cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com"
181BINDPW=dots
182AUTHZID="u:bjorn"
183echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
184$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
185          -e \!authzid="$AUTHZID"
186
187RC=$?
188if test $RC != 0 ; then
189          echo "ldapwhoami failed ($RC)!"
190          test $KILLSERVERS != no && kill -HUP $KILLPIDS
191          exit $RC
192fi
193
194BINDDN="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com"
195BINDPW=jaj
196AUTHZID="u:bjorn"
197echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
198$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
199          -e \!authzid="$AUTHZID"
200
201RC=$?
202if test $RC != 0 ; then
203          echo "ldapwhoami failed ($RC)!"
204          test $KILLSERVERS != no && kill -HUP $KILLPIDS
205          exit $RC
206fi
207
208BINDDN="cn=ITD Staff,ou=Groups,dc=example,dc=com"
209BINDPW=ITD
210AUTHZID="u:bjorn"
211echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
212$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
213          -e \!authzid="$AUTHZID"
214
215RC=$?
216if test $RC != 0 ; then
217          echo "ldapwhoami failed ($RC)!"
218          test $KILLSERVERS != no && kill -HUP $KILLPIDS
219          exit $RC
220fi
221
222BINDDN="cn=Should Fail,dc=example,dc=com"
223BINDPW=fail
224AUTHZID="u:bjorn"
225echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
226$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
227          -e \!authzid="$AUTHZID"
228
229RC=$?
230case $RC in
2311)
232          ;;
2330)
234          echo "ldapwhoami should have failed ($RC)!"
235          test $KILLSERVERS != no && kill -HUP $KILLPIDS
236          exit -1
237          ;;
238*)
239          echo "ldapwhoami failed ($RC)!"
240          test $KILLSERVERS != no && kill -HUP $KILLPIDS
241          exit $RC
242          ;;
243esac
244
245BINDDN="cn=Must Fail,dc=example,dc=com"
246BINDPW=fail
247AUTHZID="u:bjorn"
248echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
249$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
250          -e \!authzid="$AUTHZID"
251
252RC=$?
253case $RC in
2541)
255          ;;
2560)
257          echo "ldapwhoami should have failed ($RC)!"
258          test $KILLSERVERS != no && kill -HUP $KILLPIDS
259          exit -1
260          ;;
261*)
262          echo "ldapwhoami failed ($RC)!"
263          test $KILLSERVERS != no && kill -HUP $KILLPIDS
264          exit $RC
265          ;;
266esac
267
268# authzTo: bjorn => someone else
269echo "Testing authzTo..."
270
271BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
272BINDPW=bjorn
273AUTHZID="u:bjensen"
274echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.exact)..."
275$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
276          -e \!authzid="$AUTHZID"
277
278RC=$?
279if test $RC != 0 ; then
280          echo "ldapwhoami failed ($RC)!"
281          test $KILLSERVERS != no && kill -HUP $KILLPIDS
282          exit $RC
283fi
284
285BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
286BINDPW=bjorn
287AUTHZID="u:melliot"
288echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (u)..."
289$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
290          -e \!authzid="$AUTHZID"
291
292RC=$?
293if test $RC != 0 ; then
294          echo "ldapwhoami failed ($RC)!"
295          test $KILLSERVERS != no && kill -HUP $KILLPIDS
296          exit $RC
297fi
298
299BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
300BINDPW=bjorn
301AUTHZID="u:jdoe"
302echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI)..."
303$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
304          -e \!authzid="$AUTHZID"
305
306RC=$?
307if test $RC != 0 ; then
308          echo "ldapwhoami failed ($RC)!"
309          test $KILLSERVERS != no && kill -HUP $KILLPIDS
310          exit $RC
311fi
312
313BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
314BINDPW=bjorn
315AUTHZID="u:jjones"
316echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (group)..."
317$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
318          -e \!authzid="$AUTHZID"
319
320RC=$?
321if test $RC != 0 ; then
322          echo "ldapwhoami failed ($RC)!"
323          test $KILLSERVERS != no && kill -HUP $KILLPIDS
324          exit $RC
325fi
326
327BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
328BINDPW=bjorn
329AUTHZID="u:noone"
330echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.onelevel)..."
331$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
332          -e \!authzid="$AUTHZID"
333
334RC=$?
335if test $RC != 0 ; then
336          echo "ldapwhoami failed ($RC)!"
337          test $KILLSERVERS != no && kill -HUP $KILLPIDS
338          exit $RC
339fi
340
341BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
342BINDPW=bjorn
343AUTHZID="u:dots"
344echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.regex)..."
345$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
346          -e \!authzid="$AUTHZID"
347
348RC=$?
349if test $RC != 0 ; then
350          echo "ldapwhoami failed ($RC)!"
351          test $KILLSERVERS != no && kill -HUP $KILLPIDS
352          exit $RC
353fi
354
355BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
356BINDPW=bjorn
357AUTHZID="u:jaj"
358echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.children)..."
359$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
360          -e \!authzid="$AUTHZID"
361
362RC=$?
363if test $RC != 0 ; then
364          echo "ldapwhoami failed ($RC)!"
365          test $KILLSERVERS != no && kill -HUP $KILLPIDS
366          exit $RC
367fi
368
369BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
370BINDPW=bjorn
371AUTHZID="u:group/itd staff"
372echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (dn.subtree)..."
373$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
374          -e \!authzid="$AUTHZID"
375
376RC=$?
377if test $RC != 0 ; then
378          echo "ldapwhoami failed ($RC)!"
379          test $KILLSERVERS != no && kill -HUP $KILLPIDS
380          exit $RC
381fi
382
383BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
384BINDPW=bjorn
385AUTHZID="u:fail"
386echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
387$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
388          -e \!authzid="$AUTHZID"
389
390RC=$?
391case $RC in
3921)
393          ;;
3940)
395          echo "ldapwhoami should have failed ($RC)!"
396          test $KILLSERVERS != no && kill -HUP $KILLPIDS
397          exit -1
398          ;;
399*)
400          echo "ldapwhoami failed ($RC)!"
401          test $KILLSERVERS != no && kill -HUP $KILLPIDS
402          exit $RC
403          ;;
404esac
405
406BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
407BINDPW=bjorn
408AUTHZID="dn:cn=Should Fail,dc=example,dc=com"
409echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (URI; should fail)..."
410$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
411          -e \!authzid="$AUTHZID"
412
413RC=$?
414case $RC in
4151)
416          ;;
4170)
418          echo "ldapwhoami should have failed ($RC)!"
419          test $KILLSERVERS != no && kill -HUP $KILLPIDS
420          exit -1
421          ;;
422*)
423          echo "ldapwhoami failed ($RC)!"
424          test $KILLSERVERS != no && kill -HUP $KILLPIDS
425          exit $RC
426          ;;
427esac
428
429BINDDN="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
430BINDPW=bjorn
431AUTHZID="dn:cn=don't!"
432echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID} (no authzTo; should fail)..."
433$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
434          -e \!authzid="$AUTHZID"
435
436RC=$?
437if test $RC != 1 ; then
438          echo "ldapwhoami failed ($RC)!"
439          test $KILLSERVERS != no && kill -HUP $KILLPIDS
440          exit 1
441fi
442
443BINDDN="dc=example,dc=com"
444BINDPW=example
445AUTHZID="dn:"
446echo "Testing ldapwhoami as ${BINDDN} for ${AUTHZID}\"\" (dn.exact; should succeed)..."
447$LDAPWHOAMI -H $URI1 -D "$BINDDN" -w $BINDPW \
448          -e \!authzid="$AUTHZID"
449
450RC=$?
451if test $RC != 0 ; then
452          echo "ldapwhoami failed ($RC)!"
453          test $KILLSERVERS != no && kill -HUP $KILLPIDS
454          exit $RC
455fi
456
457test $KILLSERVERS != no && kill -HUP $KILLPIDS
458
459echo ">>>>> Test succeeded"
460
461test $KILLSERVERS != no && wait
462
463exit 0
464
465## Note to developers: when SLAPD_DEBUG=-1 the command
466## awk '/^do_extended$/ {if (c) {print c} c=0} /<===slap_sasl_match:/ {c++} END {print c}' $TESTDIR/slapd.1.log
467## must return the sequence 1 2 3 4 5 6 7 8 8 8 1 2 3 4 5 6 7 8 8 8 8 1
468## to indicate that the authzFrom and authzTo rules applied in the right order.
469