mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-20 22:59:34 -05:00
ITS#8798 Add SASL support to slapd-* tester tools
This commit is contained in:
Ondřej Kuzník
parent
1e8ab5de66
commit
28871cb07f
3 changed files with 161 additions and 8 deletions
|
|
@ -34,6 +34,7 @@
|
|||
|
||||
#include "ldap.h"
|
||||
#include "lutil.h"
|
||||
#include "lutil_ldap.h"
|
||||
#include "lber_pvt.h"
|
||||
#include "ldap_pvt.h"
|
||||
|
||||
|
|
@ -201,6 +202,7 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
|
|||
int force, int noinit, LDAP **ldp, int action_type, void *action )
|
||||
{
|
||||
LDAP *ld = ldp ? *ldp : NULL;
|
||||
char *bindfunc = "ldap_sasl_bind_s";
|
||||
int i, rc = -1;
|
||||
|
||||
/* for internal search */
|
||||
|
|
@ -257,9 +259,41 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
|
|||
for ( i = 0; i < maxloop; i++ ) {
|
||||
if ( !noinit || ld == NULL ) {
|
||||
tester_init_ld( &ld, config, TESTER_INIT_ONLY );
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
if ( config->secprops != NULL ) {
|
||||
rc = ldap_set_option( ld,
|
||||
LDAP_OPT_X_SASL_SECPROPS, config->secprops );
|
||||
|
||||
if( rc != LDAP_OPT_SUCCESS ) {
|
||||
tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if ( config->authmethod == LDAP_AUTH_SASL ) {
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
bindfunc = "ldap_sasl_interactive_bind_s";
|
||||
rc = ldap_sasl_interactive_bind_s( ld,
|
||||
config->binddn,
|
||||
config->mech,
|
||||
NULL, NULL,
|
||||
LDAP_SASL_QUIET,
|
||||
lutil_sasl_interact,
|
||||
config->defaults );
|
||||
#else /* HAVE_CYRUS_SASL */
|
||||
/* caller shouldn't have allowed this */
|
||||
assert(0);
|
||||
#endif
|
||||
} else if ( config->authmethod == LDAP_AUTH_SIMPLE ) {
|
||||
bindfunc = "ldap_sasl_bind_s";
|
||||
rc = ldap_sasl_bind_s( ld,
|
||||
config->binddn, LDAP_SASL_SIMPLE,
|
||||
&config->pass, NULL, NULL, NULL );
|
||||
}
|
||||
|
||||
rc = ldap_sasl_bind_s( ld, dn, LDAP_SASL_SIMPLE, &config->pass, NULL, NULL, NULL );
|
||||
if ( rc ) {
|
||||
int first = tester_ignore_err( rc );
|
||||
|
||||
|
|
@ -267,12 +301,12 @@ do_bind( struct tester_conn_args *config, char *dn, int maxloop,
|
|||
if ( first ) {
|
||||
/* only log if first occurrence */
|
||||
if ( ( force < 2 && first > 0 ) || abs(first) == 1 ) {
|
||||
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
|
||||
tester_ldap_error( ld, bindfunc, NULL );
|
||||
}
|
||||
rc = LDAP_SUCCESS;
|
||||
|
||||
} else {
|
||||
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
|
||||
tester_ldap_error( ld, bindfunc, NULL );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@
|
|||
#include "ldap.h"
|
||||
|
||||
#include "lutil.h"
|
||||
#include "lutil_ldap.h"
|
||||
#include "ldap_pvt.h"
|
||||
#include "slapd-common.h"
|
||||
|
||||
|
|
@ -355,6 +356,63 @@ tester_config_opt( struct tester_conn_args *config, char opt, char *optarg )
|
|||
}
|
||||
break;
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
case 'O':
|
||||
if ( config->secprops != NULL ) {
|
||||
return -1;
|
||||
}
|
||||
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
|
||||
return -1;
|
||||
}
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
config->secprops = ber_strdup( optarg );
|
||||
break;
|
||||
|
||||
case 'R':
|
||||
if ( config->realm != NULL ) {
|
||||
return -1;
|
||||
}
|
||||
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
|
||||
return -1;
|
||||
}
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
config->realm = ber_strdup( optarg );
|
||||
break;
|
||||
|
||||
case 'U':
|
||||
if ( config->authc_id != NULL ) {
|
||||
return -1;
|
||||
}
|
||||
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
|
||||
return -1;
|
||||
}
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
config->authc_id = ber_strdup( optarg );
|
||||
break;
|
||||
|
||||
case 'X':
|
||||
if ( config->authz_id != NULL ) {
|
||||
return -1;
|
||||
}
|
||||
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
|
||||
return -1;
|
||||
}
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
config->authz_id = ber_strdup( optarg );
|
||||
break;
|
||||
|
||||
case 'Y':
|
||||
if ( config->mech != NULL ) {
|
||||
return -1;
|
||||
}
|
||||
if ( config->authmethod != -1 && config->authmethod != LDAP_AUTH_SASL ) {
|
||||
return -1;
|
||||
}
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
config->mech = ber_strdup( optarg );
|
||||
break;
|
||||
#endif
|
||||
|
||||
case 'p':
|
||||
if ( lutil_atoi( &config->port, optarg ) != 0 ) {
|
||||
return -1;
|
||||
|
|
@ -405,8 +463,32 @@ tester_config_finish( struct tester_conn_args *config )
|
|||
}
|
||||
|
||||
if ( config->authmethod == -1 ) {
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
if ( config->binddn != NULL ) {
|
||||
config->authmethod = LDAP_AUTH_SIMPLE;
|
||||
} else {
|
||||
config->authmethod = LDAP_AUTH_SASL;
|
||||
}
|
||||
#else
|
||||
config->authmethod = LDAP_AUTH_SIMPLE;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
if ( config->authmethod == LDAP_AUTH_SASL ) {
|
||||
config->defaults = lutil_sasl_defaults( NULL,
|
||||
config->mech,
|
||||
config->realm,
|
||||
config->authc_id,
|
||||
config->pass.bv_val,
|
||||
config->authz_id );
|
||||
|
||||
if ( config->defaults == NULL ) {
|
||||
tester_error( "unable to prepare SASL defaults" );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
void
|
||||
|
|
@ -428,9 +510,34 @@ retry:;
|
|||
config->chaserefs ? LDAP_OPT_ON: LDAP_OPT_OFF );
|
||||
|
||||
if ( !( flags & TESTER_INIT_ONLY ) ) {
|
||||
rc = ldap_sasl_bind_s( ld,
|
||||
config->binddn, LDAP_SASL_SIMPLE,
|
||||
&config->pass, NULL, NULL, NULL );
|
||||
if ( config->authmethod == LDAP_AUTH_SASL ) {
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
if ( config->secprops != NULL ) {
|
||||
rc = ldap_set_option( ld,
|
||||
LDAP_OPT_X_SASL_SECPROPS, config->secprops );
|
||||
|
||||
if ( rc != LDAP_OPT_SUCCESS ) {
|
||||
tester_ldap_error( ld, "ldap_set_option(SECPROPS)", NULL );
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
}
|
||||
|
||||
rc = ldap_sasl_interactive_bind_s( ld,
|
||||
config->binddn,
|
||||
config->mech,
|
||||
NULL, NULL,
|
||||
LDAP_SASL_QUIET,
|
||||
lutil_sasl_interact,
|
||||
config->defaults );
|
||||
#else /* HAVE_CYRUS_SASL */
|
||||
/* caller shouldn't have allowed this */
|
||||
assert(0);
|
||||
#endif
|
||||
} else if ( config->authmethod == LDAP_AUTH_SIMPLE ) {
|
||||
rc = ldap_sasl_bind_s( ld,
|
||||
config->binddn, LDAP_SASL_SIMPLE,
|
||||
&config->pass, NULL, NULL, NULL );
|
||||
}
|
||||
|
||||
if ( rc != LDAP_SUCCESS ) {
|
||||
tester_ldap_error( ld, "ldap_sasl_bind_s", NULL );
|
||||
|
|
|
|||
|
|
@ -54,10 +54,19 @@ struct tester_conn_args {
|
|||
|
||||
char *binddn;
|
||||
struct berval pass;
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
char *mech;
|
||||
char *realm;
|
||||
char *authz_id;
|
||||
char *authc_id;
|
||||
char *secprops;
|
||||
void *defaults;
|
||||
#endif
|
||||
};
|
||||
|
||||
#define TESTER_INIT_ONLY (1 << 0)
|
||||
#define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:p:r:t:w:x"
|
||||
#define TESTER_COMMON_OPTS "CD:d:H:h:L:l:i:O:p:R:U:X:Y:r:t:w:x"
|
||||
#define TESTER_COMMON_HELP \
|
||||
"[-C] " \
|
||||
"[-D <dn> [-w <passwd>]] " \
|
||||
|
|
@ -68,7 +77,10 @@ struct tester_conn_args {
|
|||
"[-L <outerloops>] " \
|
||||
"[-r <maxretries>] " \
|
||||
"[-t <delay>] " \
|
||||
"[-x] "
|
||||
"[-O <SASL secprops>] " \
|
||||
"[-R <SASL realm>] " \
|
||||
"[-U <SASL authcid> [-X <SASL authzid>]] " \
|
||||
"[-x | -Y <SASL mech>] "
|
||||
|
||||
extern int tester_config_opt( struct tester_conn_args *config, char opt, char *optarg );
|
||||
extern void tester_config_finish( struct tester_conn_args *config );
|
||||
|
|
|
|||
Loading…
Reference in a new issue