cyrus-sasl/tests/sanity-ldapdb-plugin/runtest.sh

250 lines
7.0 KiB
Bash
Raw Permalink Normal View History

#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/cyrus-sasl/Sanity/sanity-ldapdb-plugin
# Description: The ldapdb auxprop plugin provides access to credentials stored in an LDAP server.
# Author: David Spurek <dspurek@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2012 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="cyrus-sasl"
PACKAGES=( "cyrus-sasl" \
"cyrus-sasl-devel" \
"cyrus-sasl-ldap" \
"cyrus-sasl-plain" \
"expect" \
"pam" \
"openldap" \
"openldap-clients" \
"openldap-servers" \
"cyrus-sasl-md5" )
# else branch is also relevant for Fedora
if rlIsRHEL '<6'; then
SERVICE_LDAP=ldap
else
SERVICE_LDAP=slapd
fi
ldapdb_id="sasluser"
ldapdb_pw="x"
SASL_PASSWORD="x"
SASL_USER="test"
if [ "`uname -i`" = "i386" ]; then
LIBDIR=/usr/lib
else
LIBDIR=/usr/lib64
fi
rlIsRHEL 5 && [ "`uname -i`" = "ia64" ] && LIBDIR=/usr/lib
function slapd_conf {
cat >/etc/openldap/slapd.conf<<'EOF'
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
database mdb
suffix "dc=my-domain,dc=com"
rootdn "uid=admin,dc=my-domain,dc=com"
rootpw x
directory /var/lib/ldap
password-hash {CLEARTEXT}
authz-policy to
authz-regexp
uid=(.*),cn=.*,cn=auth
"ldap:///dc=my-domain,dc=com??sub?(uid=$1)"
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
access to * by * write
access to * by * read
access to * by * auth
EOF
return $?
}
function data_ldif {
cat >data.ldif<<EOF
dn: dc=my-domain,dc=com
objectclass: top
objectclass: domain
dc: my-domain
dn: ou=Admins,dc=my-domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Admins
dn: uid=$ldapdb_id,ou=People,dc=my-domain,dc=com
objectClass: person
objectClass: inetOrgPerson
userPassword: $ldapdb_pw
uid: $ldapdb_id
cn: $ldapdb_id
sn: $ldapdb_id
authzTo: ldap:///ou=People,dc=my-domain,dc=com??sub?(&(objectclass=inetOrgPerson)(uid=*))
dn: ou=People,dc=my-domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=$SASL_USER,ou=People,dc=my-domain,dc=com
objectClass: person
objectClass: inetOrgPerson
userPassword: x
uid: $SASL_USER
cn: $SASL_USER
sn: $SASL_USER
EOF
return $?
}
function sasl_client {
expect <<EOF
set timeout 30
spawn sasl2-sample-client -p 8000 -s rcmd -m PLAIN localhost
expect {
timeout {exit 1}
eof {exit 2}
-nocase "please enter an authentication id:" { puts $1 ; send "$1\r"}
}
expect {
timeout {exit 3}
eof {exit 4}
-nocase "please enter an authorization id:" { puts $1 ; send "$1\r"}
}
expect {
timeout {exit 5}
eof {exit 6}
-nocase "Password:" { puts $2 ; send "$2\r"}
}
expect {
timeout {exit 8}
-nocase "successful authentication" { expect eof ; exit 0}
-nocase "authentication failed" {exit 9}
}
expect eof
exit 0
EOF
}
# ldapdb configuration for services, in this test for sasl2-sample-server
# configuration may be for smtpd.conf,imapd.conf instead of sample.conf
function smtpd_ldapdb {
cat >$LIBDIR/sasl2/sample.conf<<EOF
pwcheck_method: auxprop
auxprop_plugin: ldapdb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
ldapdb_uri: ldap://localhost
ldapdb_id: $ldapdb_id
ldapdb_pw: $ldapdb_pw
ldapdb_mech: DIGEST-MD5
EOF
return $?
}
rlJournalStart
rlPhaseStartSetup
for P in ${PACKAGES[@]}; do rlCheckRpm $P || rlDie "Package $P is missing"; done
rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlFileBackup --clean "$LIBDIR/sasl2/sample.conf"
rlFileBackup --clean "/etc/sasldb2"
rlRun "smtpd_ldapdb" 0
rlServiceStop $SERVICE_LDAP
# Back-up.
rlFileBackup --clean /var/run/openldap
rlFileBackup --clean /var/lib/ldap && rm -rf /var/lib/ldap/*
rlFileBackup --clean /etc/openldap/
rlRun "slapd_conf" 0
rlRun "cat /etc/openldap/slapd.conf" 0
if rlIsRHEL '>=6' || rlIsFedora '>=14'; then
rm -rf /etc/openldap/slapd.d/*
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
fi
rlRun "data_ldif" 0
rlRun "slapadd -l data.ldif" 0
chown -R ldap:ldap /var/lib/ldap/* && chmod -R a+rx /etc/openldap/
rlRun "restorecon -vvRF /etc/openldap/"
rlRun "service $SERVICE_LDAP start && sleep 10" 0
rlPhaseEnd
rlPhaseStartTest
rlRun "ldapsearch -LLL -H ldap://localhost -s base -b '' -x supportedSASLMechanisms" 0
rlRun "ldapsearch -H ldap://localhost -x -b 'dc=my-domain,dc=com' '(objectclass=*)'" 0 "Check ldap entries without SASL"
# this two ldapwhoami commands may be used for testing purposes
# rlRun "ldapwhoami -U $ldapdb_id -Y digest-md5" 0
# rlRun "ldapwhoami -U $ldapdb_id -X u:test@localhost -Y digest-md5" 0
# sasl sample server uses ldap sasluser as sasl bind id
# then try search user passed to sample client in ldap database
rlRun "sasl2-sample-server -p 8000 -s rcmd -m PLAIN &>sample_server.log &" 0
SASL_PID=`pgrep -f "sasl2-sample-server -p 8000 -s rcmd -m PLAIN"`
rlRun "sasl_client $SASL_USER ${SASL_PASSWORD}" 0
rlRun "sasl_client baduser ${SASL_PASSWORD}" 9
rlRun "kill $SASL_PID" 0 ; sleep 5
rlRun "cat sample_server.log" 0
rlPhaseEnd
rlPhaseStartCleanup
rlRun "service $SERVICE_LDAP stop && sleep 10" 0
rlFileRestore
rlServiceRestore $SERVICE_LDAP
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd