From bc9a92866a7b89f60c5792767868896c507ec5e7 Mon Sep 17 00:00:00 2001 From: Quanah Gibson-Mount Date: Fri, 17 Apr 2020 15:00:28 +0000 Subject: [PATCH] ITS#6740 - Always enable rewrite --- configure.in | 16 -- servers/slapd/back-meta/back-meta.h | 13 - servers/slapd/back-meta/config.c | 3 - servers/slapd/back-meta/map.c | 4 - servers/slapd/back-meta/search.c | 5 - servers/slapd/back-meta/suffixmassage.c | 83 ------ servers/slapd/bconfig.c | 10 - servers/slapd/overlays/rwm.h | 4 - servers/slapd/proto-slap.h | 2 - servers/slapd/sasl.c | 7 - servers/slapd/saslauthz.c | 159 ---------- servers/slapd/slap.h | 4 - servers/slapd/syncrepl.c | 29 -- tests/run.in | 3 +- tests/scripts/defines.sh | 1 - tests/scripts/test076-authid-rewrite | 367 ++++++++++++------------ 16 files changed, 182 insertions(+), 528 deletions(-) diff --git a/configure.in b/configure.in index b85f972b77..92eed6ee36 100644 --- a/configure.in +++ b/configure.in @@ -268,7 +268,6 @@ OL_ARG_ENABLE(cleartext,[ --enable-cleartext enable cleartext passwords], y OL_ARG_ENABLE(crypt,[ --enable-crypt enable crypt(3) passwords], no)dnl OL_ARG_ENABLE(spasswd,[ --enable-spasswd enable (Cyrus) SASL password verification], no)dnl OL_ARG_ENABLE(modules,[ --enable-modules enable dynamic module support], no)dnl -OL_ARG_ENABLE(rewrite,[ --enable-rewrite enable DN rewriting in back-ldap and rwm overlay], auto)dnl OL_ARG_ENABLE(rlookups,[ --enable-rlookups enable reverse lookups of client hostnames], no)dnl OL_ARG_ENABLE(slapi,[ --enable-slapi enable SLAPI support (experimental)], no)dnl OL_ARG_ENABLE(slp,[ --enable-slp enable SLPv2 support], no)dnl @@ -439,9 +438,6 @@ if test $ol_enable_slapd = no ; then if test $ol_enable_aci != no ; then AC_MSG_WARN([slapd disabled, ignoring --enable-aci argument]) fi - if test $ol_enable_rewrite = yes ; then - AC_MSG_WARN([slapd disabled, ignoring --enable-rewrite argument]) - fi dnl overlays case "$ol_enable_overlays" in yes | mod) AC_MSG_WARN([slapd disabled, ignoring --enable-overlays argument]) @@ -465,8 +461,6 @@ if test $ol_enable_slapd = no ; then ol_enable_aci=no ol_enable_wrappers=no - ol_enable_rewrite=no - elif test $ol_enable_modules != yes && test $ol_enable_dnssrv = no && test $ol_enable_ldap = no && @@ -524,7 +518,6 @@ SLAPD_LIBS= BUILD_SLAPD=no -BUILD_REWRITE=no BUILD_THREAD=no BUILD_SLAPI=no @@ -2571,7 +2564,6 @@ fi if test "$ol_enable_meta" != no ; then BUILD_SLAPD=yes BUILD_META=$ol_enable_meta - BUILD_REWRITE=yes if test "$ol_enable_meta" = mod ; then SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-meta" MFLAG=SLAPD_MOD_DYNAMIC @@ -2585,7 +2577,6 @@ fi if test "$ol_enable_asyncmeta" != no ; then BUILD_SLAPD=yes BUILD_ASYNCMETA=$ol_enable_asyncmeta - BUILD_REWRITE=yes if test "$ol_enable_asyncmeta" = mod ; then SLAPD_DYNAMIC_BACKENDS="$SLAPD_DYNAMIC_BACKENDS back-asyncmeta" MFLAG=SLAPD_MOD_DYNAMIC @@ -2889,7 +2880,6 @@ if test "$ol_enable_retcode" != no ; then fi if test "$ol_enable_rwm" != no ; then - BUILD_REWRITE=yes BUILD_RWM=$ol_enable_rwm if test "$ol_enable_rwm" = mod ; then MFLAG=SLAPD_MOD_DYNAMIC @@ -2973,11 +2963,6 @@ if test "$ol_enable_valsort" != no ; then AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay]) fi -if test "$ol_enable_rewrite" != no ; then - AC_DEFINE(ENABLE_REWRITE,1,[define to enable rewriting in back-ldap and back-meta]) - BUILD_REWRITE=yes -fi - if test "$ol_enable_slapi" != no ; then AC_DEFINE(ENABLE_SLAPI,1,[define to enable slapi library]) BUILD_SLAPI=yes @@ -3004,7 +2989,6 @@ AC_SUBST(WITH_SASL) AC_SUBST(WITH_TLS) AC_SUBST(WITH_MODULES_ENABLED) AC_SUBST(WITH_ACI_ENABLED) -AC_SUBST(BUILD_REWRITE) AC_SUBST(BUILD_THREAD) AC_SUBST(BUILD_LIBS_DYNAMIC) diff --git a/servers/slapd/back-meta/back-meta.h b/servers/slapd/back-meta/back-meta.h index 7792c0d9be..bec59bbd1c 100644 --- a/servers/slapd/back-meta/back-meta.h +++ b/servers/slapd/back-meta/back-meta.h @@ -60,13 +60,7 @@ struct ldaprwmap { /* * DN rewriting */ -#ifdef ENABLE_REWRITE struct rewrite_info *rwm_rw; -#else /* !ENABLE_REWRITE */ - /* some time the suffix massaging without librewrite - * will be disabled */ - BerVarray rwm_suffix_massage; -#endif /* !ENABLE_REWRITE */ BerVarray rwm_bva_rewrite; /* @@ -81,14 +75,9 @@ struct ldaprwmap { typedef struct dncookie { struct metatarget_t *target; -#ifdef ENABLE_REWRITE Connection *conn; char *ctx; SlapReply *rs; -#else - int normalized; - int tofrom; -#endif } dncookie; int ldap_back_dn_massage(dncookie *dc, struct berval *dn, @@ -133,14 +122,12 @@ ldap_back_filter_map_rewrite( void *memctx ); /* suffix massaging by means of librewrite */ -#ifdef ENABLE_REWRITE extern int suffix_massage_config( struct rewrite_info *info, struct berval *pvnc, struct berval *nvnc, struct berval *prnc, struct berval *nrnc ); -#endif /* ENABLE_REWRITE */ extern int ldap_back_referral_result_rewrite( dncookie *dc, diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index 67b815c5e4..32970c68ef 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -3200,7 +3200,6 @@ error_return:; } -#ifdef ENABLE_REWRITE static char * suffix_massage_regexize( const char *s ) { @@ -3368,5 +3367,3 @@ suffix_massage_config( return 0; } -#endif /* ENABLE_REWRITE */ - diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c index ee7aa2f086..f657ee742d 100644 --- a/servers/slapd/back-meta/map.c +++ b/servers/slapd/back-meta/map.c @@ -280,9 +280,7 @@ map_attr_value( { dncookie fdc = *dc; -#ifdef ENABLE_REWRITE fdc.ctx = "searchFilterAttrDN"; -#endif switch ( ldap_back_dn_massage( &fdc, value, &vtmp ) ) { case LDAP_SUCCESS: @@ -684,7 +682,6 @@ ldap_back_filter_map_rewrite( rc = ldap_back_int_filter_map_rewrite( dc, f, fstr, remap, memctx ); -#ifdef ENABLE_REWRITE if ( rc != LDAP_SUCCESS ) { return rc; } @@ -741,7 +738,6 @@ ldap_back_filter_map_rewrite( ch_free( fstr->bv_val ); *fstr = ftmp; } -#endif /* ENABLE_REWRITE */ return rc; } diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index af4ae14397..15626a1ed5 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -1289,12 +1289,7 @@ really_bad:; continue; } -#ifdef ENABLE_REWRITE dc.ctx = "referralDN"; -#else /* ! ENABLE_REWRITE */ - dc.tofrom = 0; - dc.normalized = 0; -#endif /* ! ENABLE_REWRITE */ /* FIXME: merge all and return at the end */ diff --git a/servers/slapd/back-meta/suffixmassage.c b/servers/slapd/back-meta/suffixmassage.c index bb55453636..55fbd5db31 100644 --- a/servers/slapd/back-meta/suffixmassage.c +++ b/servers/slapd/back-meta/suffixmassage.c @@ -58,7 +58,6 @@ #include "../back-ldap/back-ldap.h" #include "back-meta.h" -#ifdef ENABLE_REWRITE int ldap_back_dn_massage( dncookie *dc, @@ -109,85 +108,3 @@ ldap_back_dn_massage( return rc; } - -#else -/* - * ldap_back_dn_massage - * - * Aliases the suffix; based on suffix_alias (servers/slapd/suffixalias.c). - */ -int -ldap_back_dn_massage( - dncookie *dc, - struct berval *odn, - struct berval *res -) -{ - int i, src, dst; - struct berval pretty = {0,NULL}, *dn = odn; - - assert( res != NULL ); - - if ( dn == NULL ) { - res->bv_val = NULL; - res->bv_len = 0; - return 0; - } - if ( dc->target->mt_rwmap.rwm_suffix_massage == NULL ) { - *res = *dn; - return 0; - } - - if ( dc->tofrom ) { - src = 0 + dc->normalized; - dst = 2 + dc->normalized; - } else { - src = 2 + dc->normalized; - dst = 0 + dc->normalized; - /* DN from remote server may be in arbitrary form. - * Pretty it so we can parse reliably. - */ - dnPretty( NULL, dn, &pretty, NULL ); - if (pretty.bv_val) dn = &pretty; - } - - for ( i = 0; - dc->target->mt_rwmap.rwm_suffix_massage[i].bv_val != NULL; - i += 4 ) { - int aliasLength = dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_len; - int diff = dn->bv_len - aliasLength; - - if ( diff < 0 ) { - /* alias is longer than dn */ - continue; - } else if ( diff > 0 && ( !DN_SEPARATOR(dn->bv_val[diff-1]))) { - /* boundary is not at a DN separator */ - continue; - /* At a DN Separator */ - } - - if ( !strcmp( dc->target->mt_rwmap.rwm_suffix_massage[i+src].bv_val, &dn->bv_val[diff] ) ) { - res->bv_len = diff + dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_len; - res->bv_val = ch_malloc( res->bv_len + 1 ); - strncpy( res->bv_val, dn->bv_val, diff ); - strcpy( &res->bv_val[diff], dc->target->mt_rwmap.rwm_suffix_massage[i+dst].bv_val ); - Debug( LDAP_DEBUG_ARGS, - "ldap_back_dn_massage:" - " converted \"%s\" to \"%s\"\n", - BER_BVISNULL( dn ) ? "" : dn->bv_val, - BER_BVISNULL( res ) ? "" : res->bv_val ); - break; - } - } - if (pretty.bv_val) { - ch_free(pretty.bv_val); - dn = odn; - } - /* Nothing matched, just return the original DN */ - if (res->bv_val == NULL) { - *res = *dn; - } - - return 0; -} -#endif /* !ENABLE_REWRITE */ diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index a6953089ea..6069ee2034 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -331,11 +331,7 @@ static ConfigTable config_back_cf_table[] = { "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL }, { "authid-rewrite", "rewrite", 2, 0, STRLENOF( "authid-rewrite" ), -#ifdef SLAP_AUTH_REWRITE ARG_MAGIC|CFG_REWRITE, &config_generic, -#else - ARG_IGNORED, NULL, -#endif "( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' " "EQUALITY caseIgnoreMatch " "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL }, @@ -1396,11 +1392,9 @@ config_generic(ConfigArgs *c) { if ( !c->rvalue_vals ) rc = 1; break; #endif -#ifdef SLAP_AUTH_REWRITE case CFG_REWRITE: rc = slap_sasl_rewrite_unparse( &c->rvalue_vals ); break; -#endif default: rc = 1; } @@ -1473,11 +1467,9 @@ config_generic(ConfigArgs *c) { rc = slap_sasl_regexp_delete( c->valx ); break; -#ifdef SLAP_AUTH_REWRITE case CFG_REWRITE: rc = slap_sasl_rewrite_delete( c->valx ); break; -#endif /* SLAP_AUTH_REWRITE */ case CFG_SALT: ch_free( passwd_salt ); @@ -2426,7 +2418,6 @@ sortval_reject: break; #endif -#ifdef SLAP_AUTH_REWRITE case CFG_REWRITE: { int rc; @@ -2441,7 +2432,6 @@ sortval_reject: } return rc; } -#endif default: diff --git a/servers/slapd/overlays/rwm.h b/servers/slapd/overlays/rwm.h index 5e620ff42d..97cc2cbf3c 100644 --- a/servers/slapd/overlays/rwm.h +++ b/servers/slapd/overlays/rwm.h @@ -24,10 +24,6 @@ #ifndef RWM_H #define RWM_H -#ifndef ENABLE_REWRITE -#error "librewrite must be enabled!" -#endif /* ENABLE_REWRITE */ - /* String rewrite library */ #include "rewrite.h" diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 2d68e857e2..b89fa836a1 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1719,7 +1719,6 @@ LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P(( LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva )); LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * )); LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void )); -#ifdef SLAP_AUTH_REWRITE LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P(( const char *fname, int lineno, @@ -1728,7 +1727,6 @@ LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P(( int valx )); LDAP_SLAPD_F (int) slap_sasl_rewrite_delete LDAP_P(( int valx )); LDAP_SLAPD_F (int) slap_sasl_rewrite_unparse LDAP_P(( BerVarray *bva )); -#endif /* SLAP_AUTH_REWRITE */ LDAP_SLAPD_F (void) slap_sasl_regexp_destroy LDAP_P(( void )); LDAP_SLAPD_F (int) slap_sasl_regexp_delete LDAP_P(( int valx )); LDAP_SLAPD_F (int) authzValidate LDAP_P(( diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 99ce0d3afb..fc023904a0 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -28,9 +28,7 @@ #include "slap.h" -#ifdef ENABLE_REWRITE #include -#endif #ifdef HAVE_CYRUS_SASL # ifdef HAVE_SASL_SASL_H @@ -1012,8 +1010,6 @@ static int chk_sasl( #endif /* HAVE_CYRUS_SASL */ -#ifdef ENABLE_REWRITE - typedef struct slapd_map_data { struct berval base; struct berval filter; @@ -1234,7 +1230,6 @@ static const rewrite_mapper slapd_mapper = { slapd_rw_apply, slapd_rw_destroy }; -#endif int slap_sasl_init( void ) { @@ -1247,9 +1242,7 @@ int slap_sasl_init( void ) }; #endif -#ifdef ENABLE_REWRITE rewrite_mapper_register( &slapd_mapper ); -#endif #ifdef HAVE_CYRUS_SASL #ifdef HAVE_SASL_VERSION diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c index 38ce43ae2a..0c9e3c794b 100644 --- a/servers/slapd/saslauthz.c +++ b/servers/slapd/saslauthz.c @@ -70,21 +70,15 @@ typedef struct sasl_regexp { char *sr_match; /* regexp match pattern */ char *sr_replace; /* regexp replace pattern */ -#ifndef SLAP_AUTH_REWRITE - regex_t sr_workspace; /* workspace for regexp engine */ - int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */ -#endif } SaslRegexp_t; static int nSaslRegexp = 0; static SaslRegexp_t *SaslRegexp = NULL; -#ifdef SLAP_AUTH_REWRITE #include "rewrite.h" struct rewrite_info *sasl_rwinfo = NULL; #define AUTHID_CONTEXT "authid" static BerVarray authz_rewrites = NULL; -#endif /* SLAP_AUTH_REWRITE */ /* What SASL proxy authorization policies are allowed? */ #define SASL_AUTHZ_NONE 0x00 @@ -1246,43 +1240,6 @@ done: return( rc ); } -#ifndef SLAP_AUTH_REWRITE -static int slap_sasl_rx_off(char *rep, int *off) -{ - const char *c; - int n; - - /* Precompile replace pattern. Find the $ placeholders */ - off[0] = -2; - n = 1; - for ( c = rep; *c; c++ ) { - if ( *c == '\\' && c[1] ) { - c++; - continue; - } - if ( *c == '$' ) { - if ( n == SASLREGEX_REPLACE ) { - Debug( LDAP_DEBUG_ANY, - "SASL replace pattern %s has too many $n " - "placeholders (max %d)\n", - rep, SASLREGEX_REPLACE ); - - return( LDAP_OTHER ); - } - off[n] = c - rep; - n++; - } - } - - /* Final placeholder, after the last $n */ - off[n] = c - rep; - n++; - off[n] = -1; - return( LDAP_SUCCESS ); -} -#endif /* ! SLAP_AUTH_REWRITE */ - -#ifdef SLAP_AUTH_REWRITE static int slap_sasl_rewrite_config_argv( const char *fname, int lineno, @@ -1530,7 +1487,6 @@ out: return rc; } -#endif /* SLAP_AUTH_REWRITE */ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) { @@ -1541,7 +1497,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) if ( valx < 0 || valx > nSaslRegexp ) valx = nSaslRegexp; -#ifdef SLAP_AUTH_REWRITE for ( i = 0; i < valx; i++) { rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0, SaslRegexp[i].sr_match, @@ -1552,18 +1507,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0, match, replace, AUTHID_CONTEXT ); -#else /* ! SLAP_AUTH_REWRITE */ - /* Precompile matching pattern */ - rc = regcomp( &sr.sr_workspace, match, REG_EXTENDED|REG_ICASE ); - if ( rc ) { - Debug( LDAP_DEBUG_ANY, - "SASL match pattern %s could not be compiled by regexp engine\n", - match ); - return( LDAP_OTHER ); - } - - rc = slap_sasl_rx_off( replace, sr.sr_offset ); -#endif /* ! SLAP_AUTH_REWRITE */ if ( rc == LDAP_SUCCESS ) { SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp, @@ -1579,7 +1522,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) nSaslRegexp++; -#ifdef SLAP_AUTH_REWRITE for ( i = valx + 1; i < nSaslRegexp; i++ ) { rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0, SaslRegexp[i].sr_match, @@ -1592,7 +1534,6 @@ int slap_sasl_regexp_config( const char *match, const char *replace, int valx ) sasl_rwinfo = rw; } else { rewrite_info_delete( &rw ); -#endif } return rc; @@ -1603,9 +1544,6 @@ slap_sasl_regexp_destroy_one( int n ) { ch_free( SaslRegexp[ n ].sr_match ); ch_free( SaslRegexp[ n ].sr_replace ); -#ifndef SLAP_AUTH_REWRITE - regfree( &SaslRegexp[ n ].sr_workspace ); -#endif /* ! SLAP_AUTH_REWRITE */ } void @@ -1623,9 +1561,7 @@ slap_sasl_regexp_destroy( void ) nSaslRegexp = 0; } -#ifdef SLAP_AUTH_REWRITE slap_sasl_rewrite_destroy(); -#endif /* SLAP_AUTH_REWRITE */ } int slap_sasl_regexp_delete( int valx ) @@ -1646,7 +1582,6 @@ int slap_sasl_regexp_delete( int valx ) SaslRegexp[ i ] = SaslRegexp[ i + 1 ]; } -#ifdef SLAP_AUTH_REWRITE slap_sasl_rewrite_destroy(); for ( i = 0; i < nSaslRegexp; i++ ) { rc = slap_sasl_regexp_rewrite_config( &sasl_rwinfo, "sasl-regexp", 0, @@ -1655,7 +1590,6 @@ int slap_sasl_regexp_delete( int valx ) AUTHID_CONTEXT ); assert( rc == 0 ); } -#endif /* SLAP_AUTH_REWRITE */ } return rc; @@ -1689,60 +1623,6 @@ void slap_sasl_regexp_unparse( BerVarray *out ) *out = bva; } -#ifndef SLAP_AUTH_REWRITE -/* Perform replacement on regexp matches */ -static void slap_sasl_rx_exp( - const char *rep, - const int *off, - regmatch_t *str, - const char *saslname, - struct berval *out, - void *ctx ) -{ - int i, n, len, insert; - - /* Get the total length of the final URI */ - - n=1; - len = 0; - while( off[n] >= 0 ) { - /* Len of next section from replacement string (x,y,z above) */ - len += off[n] - off[n-1] - 2; - if( off[n+1] < 0) - break; - - /* Len of string from saslname that matched next $i (b,d above) */ - i = rep[ off[n] + 1 ] - '0'; - len += str[i].rm_eo - str[i].rm_so; - n++; - } - out->bv_val = slap_sl_malloc( len + 1, ctx ); - out->bv_len = len; - - /* Fill in URI with replace string, replacing $i as we go */ - n=1; - insert = 0; - while( off[n] >= 0) { - /* Paste in next section from replacement string (x,y,z above) */ - len = off[n] - off[n-1] - 2; - strncpy( out->bv_val+insert, rep + off[n-1] + 2, len); - insert += len; - if( off[n+1] < 0) - break; - - /* Paste in string from saslname that matched next $i (b,d above) */ - i = rep[ off[n] + 1 ] - '0'; - len = str[i].rm_eo - str[i].rm_so; - strncpy( out->bv_val+insert, saslname + str[i].rm_so, len ); - insert += len; - - n++; - } - - out->bv_val[insert] = '\0'; -} -#endif /* ! SLAP_AUTH_REWRITE */ - /* Take the passed in SASL name and attempt to convert it into an LDAP URI to find the matching LDAP entry, using the pattern matching strings given in the saslregexp config file directive(s) */ @@ -1750,7 +1630,6 @@ static void slap_sasl_rx_exp( static int slap_authz_regexp( struct berval *in, struct berval *out, int flags, void *ctx ) { -#ifdef SLAP_AUTH_REWRITE const char *context = AUTHID_CONTEXT; if ( sasl_rwinfo == NULL || BER_BVISNULL( in ) ) { @@ -1783,44 +1662,6 @@ static int slap_authz_regexp( struct berval *in, struct berval *out, return 0; } -#else /* ! SLAP_AUTH_REWRITE */ - char *saslname = in->bv_val; - SaslRegexp_t *reg; - regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */ - int i; - - memset( out, 0, sizeof( *out ) ); - - Debug( LDAP_DEBUG_TRACE, "slap_authz_regexp: converting SASL name %s\n", - saslname ); - - if (( saslname == NULL ) || ( nSaslRegexp == 0 )) { - return( 0 ); - } - - /* Match the normalized SASL name to the saslregexp patterns */ - for( reg = SaslRegexp,i=0; isr_workspace, saslname, SASLREGEX_REPLACE, - sr_strings, 0) == 0 ) - break; - } - - if( i >= nSaslRegexp ) return( 0 ); - - /* - * The match pattern may have been of the form "a(b.*)c(d.*)e" and the - * replace pattern of the form "x$1y$2z". The returned string needs - * to replace the $1,$2 with the strings that matched (b.*) and (d.*) - */ - slap_sasl_rx_exp( reg->sr_replace, reg->sr_offset, - sr_strings, saslname, out, ctx ); - - Debug( LDAP_DEBUG_TRACE, - "slap_authz_regexp: converted SASL name to %s\n", - BER_BVISEMPTY( out ) ? "" : out->bv_val ); - - return( 1 ); -#endif /* ! SLAP_AUTH_REWRITE */ } /* This callback actually does some work...*/ diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index cb07ddce1c..38c6bf1c48 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -80,10 +80,6 @@ LDAP_BEGIN_DECL #define SLAP_STATS_ETIME 1 /* microsecond op timing */ #endif -#ifdef ENABLE_REWRITE -#define SLAP_AUTH_REWRITE 1 /* use librewrite for sasl-regexp */ -#endif - /* * SLAPD Memory allocation macros * diff --git a/servers/slapd/syncrepl.c b/servers/slapd/syncrepl.c index 02c361a699..1d32e4a2f4 100644 --- a/servers/slapd/syncrepl.c +++ b/servers/slapd/syncrepl.c @@ -31,10 +31,8 @@ #include "ldap_rq.h" -#ifdef ENABLE_REWRITE #include "rewrite.h" #define SUFFIXM_CTX "" -#endif #ifdef LDAP_CONTROL_X_DIRSYNC #define MSAD_DIRSYNC 0x04 @@ -143,10 +141,8 @@ typedef struct syncinfo_s { LDAP *si_ld; Connection *si_conn; LDAP_LIST_HEAD(np, nonpresent_entry) si_nonpresentlist; -#ifdef ENABLE_REWRITE struct rewrite_info *si_rewrite; struct berval si_suffixm; -#endif #ifdef LDAP_CONTROL_X_DIRSYNC struct berval si_dirSyncCookie; #endif @@ -1980,7 +1976,6 @@ deleted: return NULL; } -#ifdef ENABLE_REWRITE static int syncrepl_rewrite_dn( syncinfo_t *si, @@ -2013,12 +2008,6 @@ syncrepl_rewrite_dn( syncrepl_rewrite_dn(si, &bv, &bv2); \ rc = dnPrettyNormal( NULL, bv2.bv_val ? &bv2 : &bv, &dn, &ndn, op->o_tmpmemctx ); \ ch_free(bv2.bv_val) -#else -#define REWRITE_VAL(si, ad, bv, bv2) ber_dupbv(&bv2, &bv) -#define REWRITE_DN(si, bv, bv2, dn, ndn) \ - rc = dnPrettyNormal( NULL, &bv, &dn, &ndn, op->o_tmpmemctx ) -#endif - static slap_verbmasks modops[] = { { BER_BVC("add"), LDAP_REQ_ADD }, @@ -3092,7 +3081,6 @@ syncrepl_message_to_entry( mod->sml_nvalues = NULL; mod->sml_numvals = 0; /* slap_mods_check will set this */ -#ifdef ENABLE_REWRITE if (si->si_rewrite) { AttributeDescription *ad = NULL; slap_bv2ad( &tmp.sml_type, &ad, &text ); @@ -3111,7 +3099,6 @@ syncrepl_message_to_entry( } } } -#endif *modtail = mod; modtail = &mod->sml_next; } @@ -3260,7 +3247,6 @@ syncrepl_dirsync_message( mod->sml_type = ad->ad_cname; if (( ad->ad_flags & SLAP_DESC_TAG_RANGE ) && rangeMod == NULL) rangeMod = mod; -#ifdef ENABLE_REWRITE if (si->si_rewrite) { if ( ad->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) { int i; @@ -3273,7 +3259,6 @@ syncrepl_dirsync_message( } } } -#endif if ( mod->sml_desc == sy_ad_objectGUID ) { ber_dupbv_x( &syncUUID[0], &tmp.sml_values[0], op->o_tmpmemctx ); /* syncUUID[0] is normalized UUID received over the wire @@ -3761,12 +3746,10 @@ syncrepl_entry( op->ors_deref = LDAP_DEREF_NEVER; /* get the entry for this UUID */ -#ifdef ENABLE_REWRITE if ( si->si_rewrite ) { op->o_req_dn = si->si_suffixm; op->o_req_ndn = si->si_suffixm; } else -#endif { op->o_req_dn = si->si_base; op->o_req_ndn = si->si_base; @@ -4283,12 +4266,10 @@ syncrepl_del_nonpresent( struct berval pdn = BER_BVNULL; struct berval csn; -#ifdef ENABLE_REWRITE if ( si->si_rewrite ) { op->o_req_dn = si->si_suffixm; op->o_req_ndn = si->si_suffixm; } else -#endif { op->o_req_dn = si->si_base; op->o_req_ndn = si->si_base; @@ -5601,18 +5582,15 @@ syncinfo_free( syncinfo_t *sie, int free_all ) ch_free( sie->si_cookieState ); } } -#ifdef ENABLE_REWRITE if ( sie->si_rewrite ) rewrite_info_delete( &sie->si_rewrite ); if ( sie->si_suffixm.bv_val ) ch_free( sie->si_suffixm.bv_val ); -#endif ch_free( sie ); sie = si_next; } while ( free_all && si_next ); } -#ifdef ENABLE_REWRITE static int config_suffixm( ConfigArgs *c, syncinfo_t *si ) { @@ -5649,7 +5627,6 @@ config_suffixm( ConfigArgs *c, syncinfo_t *si ) ch_free( rnc ); return rc; } -#endif /* NOTE: used & documented in slapd.conf(5) */ #define IDSTR "rid" @@ -5896,7 +5873,6 @@ parse_syncrepl_line( return -1; } si->si_got |= GOT_SEARCHBASE; -#ifdef ENABLE_REWRITE } else if ( !strncasecmp( c->argv[ i ], SUFFIXMSTR "=", STRLENOF( SUFFIXMSTR "=" ) ) ) { @@ -5926,7 +5902,6 @@ parse_syncrepl_line( return -1; } si->si_got |= GOT_SUFFIXM; -#endif } else if ( !strncasecmp( c->argv[ i ], LOGBASESTR "=", STRLENOF( LOGBASESTR "=" ) ) ) { @@ -6231,7 +6206,6 @@ parse_syncrepl_line( return -1; } -#ifdef ENABLE_REWRITE if ( si->si_got & GOT_SUFFIXM ) { if (config_suffixm( c, si )) { ch_free( si->si_suffixm.bv_val ); @@ -6242,7 +6216,6 @@ parse_syncrepl_line( return -1; } } -#endif if ( !( si->si_got & GOT_RETRY ) ) { Debug( LDAP_DEBUG_ANY, "syncrepl %s " SEARCHBASESTR "=\"%s\": no retry defined, using default\n", @@ -6480,14 +6453,12 @@ syncrepl_unparse( syncinfo_t *si, struct berval *bv ) ptr = lutil_strcopy( ptr, si->si_base.bv_val ); *ptr++ = '"'; } -#ifdef ENABLE_REWRITE if ( !BER_BVISNULL( &si->si_suffixm ) ) { if ( WHATSLEFT <= STRLENOF( " " SUFFIXMSTR "=\"" "\"" ) + si->si_suffixm.bv_len ) return; ptr = lutil_strcopy( ptr, " " SUFFIXMSTR "=\"" ); ptr = lutil_strcopy( ptr, si->si_suffixm.bv_val ); *ptr++ = '"'; } -#endif if ( !BER_BVISEMPTY( &si->si_logfilterstr ) ) { if ( WHATSLEFT <= STRLENOF( " " LOGFILTERSTR "=\"" "\"" ) + si->si_logfilterstr.bv_len ) return; ptr = lutil_strcopy( ptr, " " LOGFILTERSTR "=\"" ); diff --git a/tests/run.in b/tests/run.in index e59bdc2736..4458e8e04d 100644 --- a/tests/run.in +++ b/tests/run.in @@ -59,7 +59,6 @@ AC_WITH_TLS=@WITH_TLS@ AC_TLS_TYPE=@WITH_TLS_TYPE@ AC_WITH_MODULES_ENABLED=@WITH_MODULES_ENABLED@ AC_ACI_ENABLED=aci@WITH_ACI_ENABLED@ -AC_REWRITE=@BUILD_REWRITE@ AC_THREADS=threads@BUILD_THREAD@ AC_LIBS_DYNAMIC=lib@BUILD_LIBS_DYNAMIC@ @@ -78,7 +77,7 @@ export AC_ldap AC_mdb AC_meta AC_asyncmeta AC_monitor AC_null AC_relay AC_sql \ AC_refint AC_retcode AC_rwm AC_unique AC_syncprov AC_translucent \ AC_valsort \ AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED AC_ACI_ENABLED \ - AC_REWRITE AC_THREADS AC_LIBS_DYNAMIC AC_WITH_TLS AC_TLS_TYPE + AC_THREADS AC_LIBS_DYNAMIC AC_WITH_TLS AC_TLS_TYPE if test ! -x ../servers/slapd/slapd ; then echo "Could not locate slapd(8)" diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh index ccb2e5b412..08ca80267b 100755 --- a/tests/scripts/defines.sh +++ b/tests/scripts/defines.sh @@ -51,7 +51,6 @@ WITH_TLS=${AC_WITH_TLS-no} WITH_TLS_TYPE=${AC_TLS_TYPE-no} ACI=${AC_ACI_ENABLED-acino} -REWRITE=${AC_REWRITE-no} THREADS=${AC_THREADS-threadsno} SLEEP0=${SLEEP0-1} SLEEP1=${SLEEP1-7} diff --git a/tests/scripts/test076-authid-rewrite b/tests/scripts/test076-authid-rewrite index 0adba75385..427f99db88 100755 --- a/tests/scripts/test076-authid-rewrite +++ b/tests/scripts/test076-authid-rewrite @@ -368,180 +368,179 @@ fi echo -if test $REWRITE = yes; then - echo "Initializing olcAuthIDRewrite engine..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Initializing olcAuthIDRewrite engine..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteEngine ON olcAuthIDRewrite: rewriteContext authid EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Adding olcAuthIDRewrite rule for static mapping..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Adding olcAuthIDRewrite rule for static mapping..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteRule uid=manager,cn=[^,]+,cn=auth $MANAGERDN : EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=Manager - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=Manager +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Adding olcAuthIDRewrite rule to search by uid..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Adding olcAuthIDRewrite rule to search by uid..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: rewriteRule uid=([^,]+),cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=\$1) : EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=Manager - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=Manager +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=bjensen - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=bjensen +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Inserting olcAuthIDRewrite rule before the last..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Inserting olcAuthIDRewrite rule before the last..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify add: olcAuthIDRewrite olcAuthIDRewrite: {3}rewriteRule uid=babs,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjensen) : EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=Manager - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=Manager +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=babs - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=babs +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=bjensen - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=bjensen +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Deleting the first olcAuthIDRewrite rule..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Deleting the first olcAuthIDRewrite rule..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite olcAuthIDRewrite: {2} EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=Manager - echo "Testing ldapwhoami as $ID (should fail)..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD - RC=$? - if test $RC != 49; then - echo "ldapwhoami unexpected result ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=Manager +echo "Testing ldapwhoami as $ID (should fail)..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $PASSWD +RC=$? +if test $RC != 49; then + echo "ldapwhoami unexpected result ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=babs - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=babs +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=bjensen - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=bjensen +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Updating an olcAuthIDRewrite rule in place..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Updating an olcAuthIDRewrite rule in place..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite @@ -550,74 +549,70 @@ olcAuthIDRewrite: {2} add: olcAuthIDRewrite olcAuthIDRewrite: {2}rewriteRule uid=biff,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjorn) : EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=babs - echo "Testing ldapwhoami as $ID (should fail)..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen - RC=$? - if test $RC != 49; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=babs +echo "Testing ldapwhoami as $ID (should fail)..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjensen +RC=$? +if test $RC != 49; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=biff - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjorn - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=biff +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w bjorn +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - ID=bjensen - echo "Testing ldapwhoami as $ID..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID - RC=$? - if test $RC != 0; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi +ID=bjensen +echo "Testing ldapwhoami as $ID..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID +RC=$? +if test $RC != 0; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi - echo +echo - echo "Deleting all olcAuthIDRewrite rules..." - $LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 +echo "Deleting all olcAuthIDRewrite rules..." +$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <>$TESTOUT 2>&1 dn: cn=config changetype: modify delete: olcAuthIDRewrite EOF - RC=$? - if test $RC != 0; then - echo "ldapmodify failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi - - ID=bjensen - echo "Testing ldapwhoami as $ID (should fail)..." - $LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID - RC=$? - if test $RC != 49; then - echo "ldapwhoami failed ($RC)!" - test $KILLSERVERS != no && kill -HUP $KILLPIDS - exit $RC - fi - - echo - -else - echo "librewrite not enabled, skipping olcAuthIDRewrite tests" +RC=$? +if test $RC != 0; then + echo "ldapmodify failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC fi +ID=bjensen +echo "Testing ldapwhoami as $ID (should fail)..." +$LDAPSASLWHOAMI -H $URI1 -Y $MECH -U $ID -w $ID +RC=$? +if test $RC != 49; then + echo "ldapwhoami failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +echo + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo ">>>>> Test succeeded"