summaryrefslogtreecommitdiffstats
path: root/lib/ldaputil/utest/auth.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ldaputil/utest/auth.cpp')
-rw-r--r--lib/ldaputil/utest/auth.cpp574
1 files changed, 574 insertions, 0 deletions
diff --git a/lib/ldaputil/utest/auth.cpp b/lib/ldaputil/utest/auth.cpp
new file mode 100644
index 00000000..e952f742
--- /dev/null
+++ b/lib/ldaputil/utest/auth.cpp
@@ -0,0 +1,574 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+
+#include <prinit.h> // for PR_Init
+#include <prpriv.h> // for PR_Exit
+#include <ldaputil/certmap.h>
+#include <ldaputil/init.h>
+#include <ldaputil/ldapdb.h>
+#include <ldaputil/ldapauth.h>
+#include <ldaputil/dbconf.h>
+#include <ldaputil/ldaputil.h>
+#include <ldap.h>
+
+static const char* dllname = "plugin.so";
+
+char *global_issuer_dn = "o=Netscape Communications, c=US";
+
+#define NSPR_INIT(Program) (PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 8))
+
+static int ldapu_certinfo_save_test (const char *fname, const char *old_fname)
+{
+ int rv;
+
+ /* Read the original certmap config file first */
+ rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_save_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp");
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_save_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ }
+
+ return rv;
+}
+
+static int ldapu_certinfo_delete_test (const char *fname, const char *old_fname)
+{
+ int rv;
+
+ /* Read the original certmap config file first */
+ rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_delete_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ /* rv = ldapu_certinfo_delete("o=Ace Industry, c=US"); */
+ rv = ldapu_certinfo_delete("o=Netscape Communications, c=US");
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_delete failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp");
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_delete_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ }
+
+ return rv;
+}
+
+static int ldapu_certinfo_new_test (const char *fname, const char *old_fname)
+{
+ int rv;
+ LDAPUPropValList_t *propval_list;
+ LDAPUPropVal_t *propval;
+
+ /* Read the original certmap config file first */
+ rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_new_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ /* Setup propval_list */
+ rv = ldapu_list_alloc(&propval_list);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_propval_alloc("prop1", "val1", &propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_list_add_info(propval_list, propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_propval_alloc("prop2", "val2", &propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_list_add_info(propval_list, propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_propval_alloc("prop3", 0, &propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_list_add_info(propval_list, propval);
+ if (rv != LDAPU_SUCCESS) return rv;
+
+ rv = ldapu_certinfo_modify("newmap", "o=Mcom Communications, c=US",
+ propval_list);
+
+ ldapu_propval_list_free(propval_list);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_delete failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp");
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "ldapu_certinfo_new_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ }
+
+ return rv;
+}
+
+static int get_dbnames_test (const char *mapfile)
+{
+ char **names;
+ int cnt;
+ int rv;
+ int i;
+
+ rv = dbconf_get_dbnames(mapfile, &names, &cnt);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "get_dbnames_test failed. Reason: %s\n",
+ ldapu_err2string(rv));
+ }
+ else {
+ for(i = 0; i < cnt; i++) {
+ fprintf(stderr, "\tdbname[%d] = \"%s\"\n",
+ i, names[i]);
+ }
+ }
+
+ dbconf_free_dbnames(names);
+
+ return rv;
+}
+
+static int case_ignore_strcmp (const char *s1, const char *s2)
+{
+ int ls1, ls2; /* tolower values of chars in s1 & s2 resp. */
+
+ if (!s1) return !s2 ? 0 : 0-tolower(*s2);
+ else if (!s2) return tolower(*s1);
+
+ while(*s1 && *s2 && (ls1 = tolower(*s1)) == (ls2 = tolower(*s2))) { s1++; s2++; }
+
+ if (!*s1)
+ return *s2 ? 0-tolower(*s2) : 0;
+ else if (!*s2)
+ return tolower(*s1);
+ else
+ return ls1 - ls2;
+}
+
+#define STRCASECMP3(s1, s2, rv) \
+{ \
+ int i = case_ignore_strcmp(s1, s2); \
+ fprintf(stderr, "strcasecmp(\"%s\", \"%s\")\t=\t%d\t%s\tExpected: %d\n", \
+ s1 ? s1 : "<NULL>", s2 ? s2 : "<NULL>", \
+ i, i == rv ? "SUCCESS" : "FAILED", rv); \
+}
+
+#ifndef XP_WIN32
+#define STRCASECMP(s1, s2) STRCASECMP3(s1, s2, strcasecmp(s1, s2))
+#else
+#define STRCASECMP(s1, s2) STRCASECMP3(s1, s2, case_ignore_strcmp(s1, s2))
+#endif
+
+static void strcasecmp_test ()
+{
+ STRCASECMP3(0, "aBcD", 0-tolower('a'));
+ STRCASECMP3(0, 0, 0);
+ STRCASECMP3("aBcD", 0, tolower('a'));
+
+ STRCASECMP("AbCd", "aBcD");
+ STRCASECMP("AbCd", "abcd");
+ STRCASECMP("ABCD", "ABCD");
+ STRCASECMP("abcd", "abcd");
+
+ STRCASECMP("AbCd", "aBcD3");
+ STRCASECMP("AbCd", "abcd3");
+ STRCASECMP("ABCD", "ABCD3");
+ STRCASECMP("abcd", "abcd3");
+
+ STRCASECMP("AbCd1", "aBcD");
+ STRCASECMP("AbCd2", "abcd");
+ STRCASECMP("ABCDX", "ABCD");
+ STRCASECMP("abcdY", "abcd");
+
+ STRCASECMP("AbCd5", "aBcD1");
+ STRCASECMP("AbCd5", "abcd1");
+ STRCASECMP("ABCD5", "ABCD1");
+ STRCASECMP("abcd5", "abcd1");
+
+ STRCASECMP("AbCd2", "aBcDp");
+ STRCASECMP("AbCd2", "abcdQ");
+ STRCASECMP("ABCD2", "ABCDr");
+ STRCASECMP("abcd2", "abcdS");
+}
+
+static int certmap_tests (const char *config_file) { return 0; }
+
+static int read_config_test (const char *config_file, const char *dbname,
+ const char *url,
+ const char *binddn, const char *bindpw)
+{
+ int rv;
+ DBConfDBInfo_t *db_info;
+ char *dn;
+ char *pw;
+
+ rv = dbconf_read_default_dbinfo(config_file, &db_info);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "config_test failed: %s\n",
+ ldapu_err2string(rv));
+ return LDAPU_FAILED;
+ }
+
+ if (strcmp(db_info->dbname, dbname) ||
+ strcmp(db_info->url, url)) {
+ fprintf(stderr, "config_test failed: %s\n",
+ "first line in config file is wrong");
+ return LDAPU_FAILED;
+ }
+
+ if ((ldapu_dbinfo_attrval(db_info, "binddn", &dn) != LDAPU_SUCCESS) ||
+ (ldapu_dbinfo_attrval(db_info, "bindpw", &pw) != LDAPU_SUCCESS))
+ {
+ fprintf(stderr, "config_test failed: %s\n",
+ "properties are missing");
+ return LDAPU_FAILED;
+ }
+
+ if (strcmp(dn, binddn) ||
+ strcmp(pw, bindpw)) {
+ fprintf(stderr, "config_test failed: %s\n",
+ "property values are wrong");
+ return LDAPU_FAILED;
+ }
+
+ fprintf(stderr, "binddn from config file: \"%s\"\n", dn);
+ fprintf(stderr, "bindpw from config file: \"%s\"\n", pw);
+
+ /* cleanup */
+ dbconf_free_dbinfo(db_info);
+ free(dn);
+ free(pw);
+
+ return LDAPU_SUCCESS;
+}
+
+static int config_test (const char *binddn, const char *bindpw)
+{
+ char *config_file = "config_out.conf";
+ FILE *fp = fopen(config_file, "w");
+ const char *dbname = "default";
+ const char *url = "file:/foobar/path";
+ int rv;
+
+ if (!fp) return LDAPU_FAILED;
+
+ dbconf_output_db_directive(fp, dbname, url);
+ dbconf_output_propval(fp, dbname, "binddn", binddn, 0);
+ dbconf_output_propval(fp, dbname, "bindpw", bindpw, 1);
+
+ fclose(fp);
+
+ fprintf(stderr, "Config file written: %s\n", config_file);
+
+ rv = read_config_test(config_file, dbname, url, binddn, bindpw);
+
+ return rv;
+}
+
+static int
+compare_groupid(const void *arg, const char *group, const int len)
+{
+ auto const char* groupid = (const char*)arg;
+ auto int err = LDAPU_FAILED;
+ if (len == strlen (groupid) && !strncasecmp (groupid, group, len)) {
+ err = LDAPU_SUCCESS;
+ }
+ return err;
+}
+
+static int
+compare_group(LDAP* directory, LDAPMessage* entry, void* set)
+{
+ auto int err = LDAPU_FAILED;
+ auto char** vals = ldap_get_values (directory, entry, "CN");
+ if (vals) {
+ auto char** val;
+ for (val = vals; *val; ++val) {
+ if (!strcasecmp (*val, (char*)set)) {
+ err = LDAPU_SUCCESS;
+ break;
+ }
+ }
+ ldap_value_free (vals);
+ }
+ return err;
+}
+
+int perform_test (int argc, char *argv[])
+{
+ int test_type;
+ int retval = LDAPU_SUCCESS;
+ DBConfDBInfo_t *db_info;
+ LDAPDatabase_t *ldb;
+ LDAP *ld;
+ char *dbmap_file = "dblist.conf";
+ char *binddn = 0;
+ char *bindpw = 0;
+ char *basedn;
+ int retry = 1;
+ int rv;
+
+ fprintf(stderr, "\nStart of test: ./auth %s \"%s\" \"%s\"\n",
+ argv[1], argv[2], argv[3]);
+
+ rv = dbconf_read_default_dbinfo(dbmap_file, &db_info);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "Error reading dbmap file \"%s\". Reason: %s\n",
+ dbmap_file, ldapu_err2string(rv));
+ return rv;
+ }
+
+ ldapu_dbinfo_attrval (db_info, LDAPU_ATTR_BINDDN, &binddn);
+ ldapu_dbinfo_attrval (db_info, LDAPU_ATTR_BINDPW, &bindpw);
+
+ rv = ldapu_url_parse (db_info->url, binddn, bindpw, &ldb);
+ free(binddn);
+ free(bindpw);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "Error parsing ldap url \"%s\". Reason: %s\n",
+ db_info->url, ldapu_err2string(rv));
+ return rv;
+ }
+
+ basedn = ldb->basedn;
+
+ test_type = atoi(argv[1]);
+
+ retry = 1;
+
+ while(retry) {
+ retry = 0;
+
+ rv = ldapu_ldap_init_and_bind (ldb);
+
+ if (rv != LDAPU_SUCCESS) {
+ fprintf(stderr, "Error initializing connection to LDAP. Reason: %s\n",
+ ldapu_err2string(rv));
+ return rv;
+ }
+
+ ld = ldb->ld;
+
+ switch(test_type) {
+ case 1:
+ fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupdn:\t\"%s\"\n",
+ argv[2], argv[3]);
+ retval = ldapu_auth_userdn_groupdn(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 2:
+ fprintf(stderr, "\nuid:\t\t\"%s\"\ngroupdn:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_uid_groupdn(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 3:
+ fprintf(stderr, "\nuid:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_uid_groupid(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 4:
+ fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_userdn_groupid(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 5:
+ fprintf(stderr, "\nuserdn:\t\t\"%s\"\nattrFilter:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_userdn_attrfilter(ld, argv[2], argv[3]);
+ break;
+
+ case 6:
+ fprintf(stderr, "\nuid:\t\t\"%s\"\nattrFilter:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_uid_attrfilter(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 7:
+ fprintf(stderr, "\nuserdn:\t\t\"%s\"\npassword:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_userdn_password(ld, argv[2], argv[3]);
+ break;
+
+ case 8:
+ fprintf(stderr, "\nuid:\t\t\"%s\"\npassword:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_uid_password(ld, argv[2], argv[3], basedn);
+ break;
+
+ case 9: {
+ /* plugin test */
+ LDAPMessage *entry = 0;
+ LDAPMessage *res = 0;
+
+ fprintf(stderr, "Cert Map issuer DN: \"%s\"\n", argv[2]);
+ fprintf(stderr, "Cert Map subject DN: \"%s\"\n", argv[3]);
+ retval = ldaputil_init("certmap.conf", dllname, NULL, NULL, NULL);
+
+ if (retval != LDAPU_SUCCESS) {
+ fprintf(stderr, "Cert Map info test failed. Reason: %s\n",
+ ldapu_err2string(retval));
+ break;
+ }
+
+ if (*(argv[2]))
+ global_issuer_dn = argv[2];
+ else
+ global_issuer_dn = 0;
+
+ retval = ldapu_cert_to_ldap_entry(argv[3], ld, ldb->basedn, &res);
+
+ if (retval == LDAPU_SUCCESS) {
+ char *dn;
+
+ entry = ldap_first_entry(ld, res);
+ dn = ldap_get_dn(ld, entry);
+ fprintf(stderr, "Matched entry to cert: \"%s\"\n", dn);
+ ldap_memfree(dn);
+ }
+ else if (retval == LDAPU_FAILED) {
+ /* Not an error but couldn't map the cert */
+ }
+ else {
+ fprintf(stderr, "Cert Map info test failed. Reason: %s\n",
+ ldapu_err2string(retval));
+ break;
+ }
+
+ /* TEMPORARY -- when & how to free the entry */
+ if (res) ldap_msgfree(res);
+
+ break;
+ } /* case 9 */
+
+ case 10:
+ if ((retval = config_test(argv[2], argv[3])) == LDAPU_SUCCESS) {
+ fprintf(stderr, "Config file test succeeded\n");
+ }
+ else {
+ fprintf(stderr, "Config file test failed\n");
+ }
+ break;
+
+ case 11:
+ retval = get_dbnames_test(argv[2]);
+ break;
+
+ case 12:
+ retval = ldapu_certinfo_save_test(argv[2], argv[3]);
+ break;
+
+ case 13:
+ retval = ldapu_certinfo_delete_test(argv[2], argv[3]);
+ break;
+
+ case 14:
+ retval = ldapu_certinfo_new_test(argv[2], argv[3]);
+ break;
+
+ case 15:
+ fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]);
+ {
+ auto LDAPU_DNList_t* userDNs = ldapu_DNList_alloc();
+ ldapu_DNList_add(userDNs, argv[2]);
+ retval = ldapu_auth_usercert_groups(ld, basedn, userDNs, NULL,
+ argv[3], compare_group, 30, NULL);
+ ldapu_DNList_free(userDNs);
+ }
+ break;
+
+ case 16:
+ fprintf(stderr, "\nuserCert:\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]);
+ retval = ldapu_auth_usercert_groupids(ld, NULL/*userDN*/, argv[2], argv[3],
+ compare_groupid, basedn, NULL/*group_out*/);
+ break;
+
+ } /* switch */
+
+ if (retval == LDAP_SERVER_DOWN) {
+ /* retry */
+ retry = 1;
+ ldb->ld = 0;
+ }
+ else if (retval == LDAPU_SUCCESS) {
+ fprintf(stderr, "Authentication succeeded.\n");
+ }
+ else {
+ fprintf(stderr, "Authentication failed.\n");
+ }
+ }
+
+ /* cleanup */
+// ldapu_free_LDAPDatabase_t(ldb);
+// dbconf_free_dbinfo(db_info);
+// ldaputil_exit();
+ return retval;
+}
+
+int main (int argc, char *argv[])
+{
+ int rv;
+
+ NSPR_INIT("auth");
+
+ if (argc != 4) {
+ fprintf(stderr, "argc = %d\n", argc);
+ fprintf(stderr, "usage: %s test_type user_dn group_dn\n", argv[0]);
+ fprintf(stderr, "\t%s 1 <userdn> <groupdn>\n", argv[0]);
+ fprintf(stderr, "\t%s 2 <uid> <groupdn>\n", argv[0]);
+ fprintf(stderr, "\t%s 3 <uid> <groupid>\n", argv[0]);
+ fprintf(stderr, "\t%s 4 <userdn> <groupid>\n", argv[0]);
+ fprintf(stderr, "\t%s 5 <userdn> <attrFilter>\n", argv[0]);
+ fprintf(stderr, "\t%s 6 <uid> <attrFilter>\n", argv[0]);
+ fprintf(stderr, "\t%s 7 <userdn> <password>\n", argv[0]);
+ fprintf(stderr, "\t%s 8 <uid> <password>\n", argv[0]);
+ fprintf(stderr, "\t%s 9 <certmap.conf> <subjectDN>\n", argv[0]);
+ fprintf(stderr, "\t%s 10 <binddn> <bindpw>\n", argv[0]);
+ fprintf(stderr, "\t%s 11 <dbmap> <ignore>\n", argv[0]);
+ fprintf(stderr, "\t%s 12 <newconfig> <oldconfig> ... to test save\n", argv[0]);
+ fprintf(stderr, "\t%s 13 <newconfig> <oldconfig> ... to test delete\n", argv[0]);
+ fprintf(stderr, "\t%s 14 <newconfig> <oldconfig> ... to test add\n", argv[0]);
+ fprintf(stderr, "\t%s 15 <userdn> <groupid>\n", argv[0]);
+ fprintf(stderr, "\t%s 16 <userCertDescription> <groupid>\n", argv[0]);
+ exit(LDAP_PARAM_ERROR);
+ }
+
+ rv = perform_test(argc, argv);
+ /* PR_Exit(); */
+
+ return rv;
+}
+
generated by cgit (git 2.34.1) at 2025-06-08 00:50:23 +0000