upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8798 Add SASL support to slapd-* tester tools

Browse source
This commit is contained in:
Ondřej Kuzník 2018-01-16 15:30:01 +00:00
parent 1e8ab5de66
commit 28871cb07f
3 changed files with 161 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
tests/progs/slapd-bind.c
View file

@ -34,6 +34,7 @@
#include "ldap.h" #include "ldap.h"
#include "lutil.h" #include "lutil.h"
#include "lutil_ldap.h"
#include "lber_pvt.h" #include "lber_pvt.h"
#include "ldap_pvt.h" #include "ldap_pvt.h"
@ -201,6 +202,7 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
int force, int noinit, LDAP **ldp, int action_type, void *action ) int force, int noinit, LDAP **ldp, int action_type, void *action )
{ {
LDAP *ld = ldp ? *ldp : NULL; LDAP *ld = ldp ? *ldp : NULL;
char *bindfunc = "ldap_sasl_bind_s";
int i, rc = -1; int i, rc = -1;
/* for internal search */ /* for internal search */
@ -257,9 +259,41 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
for ( i = 0; i < maxloop; i++ ) { for ( i = 0; i < maxloop; i++ ) {
if ( !noinit || ld == NULL ) { if ( !noinit || ld == NULL ) {
tester_init_ld( &ld, config, TESTER_INIT_ONLY ); tester_init_ld( &ld, config, TESTER_INIT_ONLY );
#ifdef HAVE_CYRUS_SASL
if ( config->secprops != NULL ) {
rc = ldap_set_option( ld,
LDAP_OPT_X_SASL_SECPROPS, config->secprops );
if( rc != LDAP_OPT_SUCCESS ) {
tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL );
exit( EXIT_FAILURE );
}
}
#endif
}
if ( config->authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
bindfunc = "ldap_sasl_interactive_bind_s";
rc = ldap_sasl_interactive_bind_s( ld,
config->binddn,
config->mech,
NULL, NULL,
LDAP_SASL_QUIET,
lutil_sasl_interact,
config->defaults );
#else /* HAVE_CYRUS_SASL */
/* caller shouldn't have allowed this */
assert(0);
#endif
} else if ( config->authmethod == LDAP_AUTH_SIMPLE ) {
bindfunc = "ldap_sasl_bind_s";
rc = ldap_sasl_bind_s( ld,
config->binddn, LDAP_SASL_SIMPLE,
&config->pass, NULL, NULL, NULL );
} }
rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &config->pass, NULL, NULL, NULL );
if ( rc ) { if ( rc ) {
int first = tester_ignore_err( rc ); int first = tester_ignore_err( rc );
@ -267,12 +301,12 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
if ( first ) { if ( first ) {
/* only log if first occurrence */ /* only log if first occurrence */
if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) { if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) {
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); tester_ldap_error( ld, bindfunc, NULL );
} }
rc = LDAP_SUCCESS; rc = LDAP_SUCCESS;
} else { } else {
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); tester_ldap_error( ld, bindfunc, NULL );
} }
} }

107
tests/progs/slapd-common.c
View file

@ -29,6 +29,7 @@
#include "ldap.h" #include "ldap.h"
#include "lutil.h" #include "lutil.h"
#include "lutil_ldap.h"
#include "ldap_pvt.h" #include "ldap_pvt.h"
#include "slapd-common.h" #include "slapd-common.h"
@ -355,6 +356,63 @@ tester_config_opt( struct tester_conn_args *config, char opt, char *optarg )
} }
break; break;
#ifdef HAVE_CYRUS_SASL
case 'O':
if ( config->secprops != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->secprops = ber_strdup( optarg );
break;
case 'R':
if ( config->realm != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->realm = ber_strdup( optarg );
break;
case 'U':
if ( config->authc_id != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->authc_id = ber_strdup( optarg );
break;
case 'X':
if ( config->authz_id != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->authz_id = ber_strdup( optarg );
break;
case 'Y':
if ( config->mech != NULL ) {
return -1;
}
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
return -1;
}
config->authmethod = LDAP_AUTH_SASL;
config->mech = ber_strdup( optarg );
break;
#endif
case 'p': case 'p':
if ( lutil_atoi( &config->port, optarg ) != 0 ) { if ( lutil_atoi( &config->port, optarg ) != 0 ) {
return -1; return -1;
@ -405,8 +463,32 @@ tester_config_finish( struct tester_conn_args *config )
} }
if ( config->authmethod == -1 ) { if ( config->authmethod == -1 ) {
#ifdef HAVE_CYRUS_SASL
if ( config->binddn != NULL ) {
config->authmethod = LDAP_AUTH_SIMPLE; config->authmethod = LDAP_AUTH_SIMPLE;
} else {
config->authmethod = LDAP_AUTH_SASL;
} }
#else
config->authmethod = LDAP_AUTH_SIMPLE;
#endif
}
#ifdef HAVE_CYRUS_SASL
if ( config->authmethod == LDAP_AUTH_SASL ) {
config->defaults = lutil_sasl_defaults( NULL,
config->mech,
config->realm,
config->authc_id,
config->pass.bv_val,
config->authz_id );
if ( config->defaults == NULL ) {
tester_error( "unable to prepare SASL defaults" );
exit( EXIT_FAILURE );
}
}
#endif
} }
void void
@ -428,9 +510,34 @@ retry:;
config->chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF ); config->chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF );
if ( !( flags & TESTER_INIT_ONLY ) ) { if ( !( flags & TESTER_INIT_ONLY ) ) {
if ( config->authmethod == LDAP_AUTH_SASL ) {
#ifdef HAVE_CYRUS_SASL
if ( config->secprops != NULL ) {
rc = ldap_set_option( ld,
LDAP_OPT_X_SASL_SECPROPS, config->secprops );
if ( rc != LDAP_OPT_SUCCESS ) {
tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL );
exit( EXIT_FAILURE );
}
}
rc = ldap_sasl_interactive_bind_s( ld,
config->binddn,
config->mech,
NULL, NULL,
LDAP_SASL_QUIET,
lutil_sasl_interact,
config->defaults );
#else /* HAVE_CYRUS_SASL */
/* caller shouldn't have allowed this */
assert(0);
#endif
} else if ( config->authmethod == LDAP_AUTH_SIMPLE ) {
rc = ldap_sasl_bind_s( ld, rc = ldap_sasl_bind_s( ld,
config->binddn, LDAP_SASL_SIMPLE, config->binddn, LDAP_SASL_SIMPLE,
&config->pass, NULL, NULL, NULL ); &config->pass, NULL, NULL, NULL );
}
if ( rc != LDAP_SUCCESS ) { if ( rc != LDAP_SUCCESS ) {
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL ); tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );

16
tests/progs/slapd-common.h
View file

@ -54,10 +54,19 @@ struct tester_conn_args {
char *binddn; char *binddn;
struct berval pass; struct berval pass;
#ifdef HAVE_CYRUS_SASL
char *mech;
char *realm;
char *authz_id;
char *authc_id;
char *secprops;
void *defaults;
#endif
}; };
#define TESTER_INIT_ONLY (1 << 0) #define TESTER_INIT_ONLY (1 << 0)
#define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:p:r:t:w:x" #define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:O:p:R:U:X:Y:r:t:w:x"
#define TESTER_COMMON_HELP \ #define TESTER_COMMON_HELP \
"[-C] " \ "[-C] " \
"[-D <dn> [-w <passwd>]] " \ "[-D <dn> [-w <passwd>]] " \
@ -68,7 +77,10 @@ struct tester_conn_args {
"[-L <outerloops>] " \ "[-L <outerloops>] " \
"[-r <maxretries>] " \ "[-r <maxretries>] " \
"[-t <delay>] " \ "[-t <delay>] " \
"[-x] " "[-O <SASL secprops>] " \
"[-R <SASL realm>] " \
"[-U <SASL authcid> [-X <SASL authzid>]] " \
"[-x | -Y <SASL mech>] "
extern int tester_config_opt( struct tester_conn_args *config, char opt, char *optarg ); extern int tester_config_opt( struct tester_conn_args *config, char opt, char *optarg );
extern void tester_config_finish( struct tester_conn_args *config ); extern void tester_config_finish( struct tester_conn_args *config );