diff options
Diffstat (limited to 'lib/ldaputil/utest')
| -rw-r--r-- | lib/ldaputil/utest/Makefile | 117 | ||||
| -rw-r--r-- | lib/ldaputil/utest/auth.cpp | 574 | ||||
| -rwxr-xr-x | lib/ldaputil/utest/authtest | 106 | ||||
| -rw-r--r-- | lib/ldaputil/utest/certmap.conf | 36 | ||||
| -rw-r--r-- | lib/ldaputil/utest/dblist.conf | 15 | ||||
| -rw-r--r-- | lib/ldaputil/utest/example.c | 116 | ||||
| -rw-r--r-- | lib/ldaputil/utest/plugin.c | 115 | ||||
| -rw-r--r-- | lib/ldaputil/utest/plugin.h | 20 | ||||
| -rw-r--r-- | lib/ldaputil/utest/stubs.c | 107 | ||||
| -rw-r--r-- | lib/ldaputil/utest/stubs.cpp | 102 | ||||
| -rw-r--r-- | lib/ldaputil/utest/test.ref | 448 |
11 files changed, 1756 insertions, 0 deletions
diff --git a/lib/ldaputil/utest/Makefile b/lib/ldaputil/utest/Makefile new file mode 100644 index 00000000..e6f2e5c6 --- /dev/null +++ b/lib/ldaputil/utest/Makefile @@ -0,0 +1,117 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +# +# Makefile for ldaputil unit test. +# +MCOM_ROOT=../../../.. +MODULE=LibLdapUtil + +OBJDEST=. +UTESTDEST=utest + +include ../../../nsconfig.mk + +MODULE_CFLAGS=-I$(NSROOT)/include + +include $(INCLUDE_DEPENDS) + +TESTFLAGS = -DUTEST -DDBG_PRINT -DDONT_USE_LDAP_SSL + +CC=CC +PURIFY= + +CSRC = stubs.c +CPPSRC = auth.cpp +TSRC = authtest +SRC = $(CSRC) $(CPPSRC) $(TSRC) +XSRC = ../ldapauth.c ../ldapdb.c ../errors.c ../dbconf.c ../certmap.c ../ldapauth.c ../init.c ../encode.c + +COBJ = $(CPPSRC:%.cpp=%.o) $(CSRC:%.c=%.o) +XOBJ = $(XSRC:../%.c=../utest/%.o) + +ifeq ($(ARCH), WINNT) + BINS=./auth.exe + LDAP_LIBLINK = $(addprefix $(LDAP_LIBPATH)/, $(addsuffix .lib, $(LDAP_LIBNAMES))) + XLIBS = ${LDAP_LIBLINK} + LOCAL_LINK_EXE = link -OUT:"$@" /MAP $(ARCH_LINK_DEBUG) $(LCFLAGS) /NOLOGO \ + /PDB:NONE /INCREMENTAL:NO /SUBSYSTEM:windows $(XLIBS) +else + BINS = auth + LDAP_LIBLINK = -L$(LDAP_LIBPATH) $(addprefix -l, ${LDAP_SOLIB_NAMES}) +endif + +ifeq ($(ARCH), SOLARIS) + XLIBS = -R$(LDAP_LIBPATH) ${LDAP_LIBLINK} $(LIBNSPR) $(LIBSEC) -lthread -lposix4 -lsocket -lnsl -ldl +else + ifeq ($(ARCH), IRIX) + XLIBS = ${LDAP_LIBLINK} $(LIBNSPR) $(LIBSEC) + else + ifeq ($(ARCH), WINNT) + echo "XLIBS = ${XLIBS}" + else + #Other UNIX platforms + XLIBS = -R$(LDAP_LIBPATH) ${LDAP_LIBLINK} $(LIBNSPR) $(LIBSEC) -lthread -lposix4 -lsocket -lnsl -ldl + endif + endif +endif + +PLUGIN = plugin.so + +all: $(LIBLDAP) $(COBJ) $(TSRC) ${BINS} $(PLUGIN) + ./authtest 2> test.out + diff test.out test.ref + @echo + @echo "The unit test is passed if there is no diff output, and the" + @echo "Purify window shows no errors and 0 bytes leaked." + @echo + @echo "Run - gmake coverage - manually to get code coverage analysis." + @echo + +auth: $(XOBJ) $(COBJ) + $(PURIFY) $(CC) $(XLIBS) $^ -o $@ + +auth.exe: $(XOBJ) $(COBJ) + $(PURIFY) $(LOCAL_LINK_EXE) $(XOBJ) $(COBJ) ${XLIBS} + +testcert: testcert.o $(XOBJ) ../utest/cert.o + $(PURIFY) $(CC) $(XLIBS) $^ -o $@ + +%.o:%.c + $(PURIFY) $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) $< -o $@ + +../utest/%.o:../%.c + $(PURIFY) $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o + +../utest/%.o:../%.cpp + $(PURIFY) $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o + +PLUGIN_INC = ./include + +$(PLUGIN_INC): + mkdir -p include + +certmap.h: ../../../include/ldaputil/extcmap.h + \rm -rf $(PLUGIN_INC)/$@ + cp $^ $(PLUGIN_INC)/$@ + +ldap.h: $(LDAP_INCLUDE)/ldap.h + \rm -rf $(PLUGIN_INC)/$@ + cp $^ $(PLUGIN_INC)/$@ + +lber.h: $(LDAP_INCLUDE)/lber.h + \rm -rf $(PLUGIN_INC)/$@ + cp $^ $(PLUGIN_INC)/$@ + +example.o: example.c $(PLUGIN_INC) certmap.h ldap.h lber.h + $(CC) -c -I$(PLUGIN_INC) $*.c -o $(OBJDEST)/$*.o + +plugin.o: plugin.c $(PLUGIN_INC) certmap.h ldap.h lber.h + $(PURIFY) $(CC) -c -I. -I$(PLUGIN_INC) $*.c -o $(OBJDEST)/$*.o + +$(PLUGIN): plugin.o + $(LINK_DLL) $^ diff --git a/lib/ldaputil/utest/auth.cpp b/lib/ldaputil/utest/auth.cpp new file mode 100644 index 00000000..e952f742 --- /dev/null +++ b/lib/ldaputil/utest/auth.cpp @@ -0,0 +1,574 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <string.h> + +#include <prinit.h> // for PR_Init +#include <prpriv.h> // for PR_Exit +#include <ldaputil/certmap.h> +#include <ldaputil/init.h> +#include <ldaputil/ldapdb.h> +#include <ldaputil/ldapauth.h> +#include <ldaputil/dbconf.h> +#include <ldaputil/ldaputil.h> +#include <ldap.h> + +static const char* dllname = "plugin.so"; + +char *global_issuer_dn = "o=Netscape Communications, c=US"; + +#define NSPR_INIT(Program) (PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 8)) + +static int ldapu_certinfo_save_test (const char *fname, const char *old_fname) +{ + int rv; + + /* Read the original certmap config file first */ + rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_save_test failed. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp"); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_save_test failed. Reason: %s\n", + ldapu_err2string(rv)); + } + + return rv; +} + +static int ldapu_certinfo_delete_test (const char *fname, const char *old_fname) +{ + int rv; + + /* Read the original certmap config file first */ + rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_delete_test failed. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + /* rv = ldapu_certinfo_delete("o=Ace Industry, c=US"); */ + rv = ldapu_certinfo_delete("o=Netscape Communications, c=US"); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_delete failed. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp"); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_delete_test failed. Reason: %s\n", + ldapu_err2string(rv)); + } + + return rv; +} + +static int ldapu_certinfo_new_test (const char *fname, const char *old_fname) +{ + int rv; + LDAPUPropValList_t *propval_list; + LDAPUPropVal_t *propval; + + /* Read the original certmap config file first */ + rv = ldaputil_init(old_fname, dllname, NULL, NULL, NULL); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_new_test failed. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + /* Setup propval_list */ + rv = ldapu_list_alloc(&propval_list); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_propval_alloc("prop1", "val1", &propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_list_add_info(propval_list, propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_propval_alloc("prop2", "val2", &propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_list_add_info(propval_list, propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_propval_alloc("prop3", 0, &propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_list_add_info(propval_list, propval); + if (rv != LDAPU_SUCCESS) return rv; + + rv = ldapu_certinfo_modify("newmap", "o=Mcom Communications, c=US", + propval_list); + + ldapu_propval_list_free(propval_list); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_delete failed. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + rv = ldapu_certinfo_save(fname, old_fname, "certmap.tmp"); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "ldapu_certinfo_new_test failed. Reason: %s\n", + ldapu_err2string(rv)); + } + + return rv; +} + +static int get_dbnames_test (const char *mapfile) +{ + char **names; + int cnt; + int rv; + int i; + + rv = dbconf_get_dbnames(mapfile, &names, &cnt); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "get_dbnames_test failed. Reason: %s\n", + ldapu_err2string(rv)); + } + else { + for(i = 0; i < cnt; i++) { + fprintf(stderr, "\tdbname[%d] = \"%s\"\n", + i, names[i]); + } + } + + dbconf_free_dbnames(names); + + return rv; +} + +static int case_ignore_strcmp (const char *s1, const char *s2) +{ + int ls1, ls2; /* tolower values of chars in s1 & s2 resp. */ + + if (!s1) return !s2 ? 0 : 0-tolower(*s2); + else if (!s2) return tolower(*s1); + + while(*s1 && *s2 && (ls1 = tolower(*s1)) == (ls2 = tolower(*s2))) { s1++; s2++; } + + if (!*s1) + return *s2 ? 0-tolower(*s2) : 0; + else if (!*s2) + return tolower(*s1); + else + return ls1 - ls2; +} + +#define STRCASECMP3(s1, s2, rv) \ +{ \ + int i = case_ignore_strcmp(s1, s2); \ + fprintf(stderr, "strcasecmp(\"%s\", \"%s\")\t=\t%d\t%s\tExpected: %d\n", \ + s1 ? s1 : "<NULL>", s2 ? s2 : "<NULL>", \ + i, i == rv ? "SUCCESS" : "FAILED", rv); \ +} + +#ifndef XP_WIN32 +#define STRCASECMP(s1, s2) STRCASECMP3(s1, s2, strcasecmp(s1, s2)) +#else +#define STRCASECMP(s1, s2) STRCASECMP3(s1, s2, case_ignore_strcmp(s1, s2)) +#endif + +static void strcasecmp_test () +{ + STRCASECMP3(0, "aBcD", 0-tolower('a')); + STRCASECMP3(0, 0, 0); + STRCASECMP3("aBcD", 0, tolower('a')); + + STRCASECMP("AbCd", "aBcD"); + STRCASECMP("AbCd", "abcd"); + STRCASECMP("ABCD", "ABCD"); + STRCASECMP("abcd", "abcd"); + + STRCASECMP("AbCd", "aBcD3"); + STRCASECMP("AbCd", "abcd3"); + STRCASECMP("ABCD", "ABCD3"); + STRCASECMP("abcd", "abcd3"); + + STRCASECMP("AbCd1", "aBcD"); + STRCASECMP("AbCd2", "abcd"); + STRCASECMP("ABCDX", "ABCD"); + STRCASECMP("abcdY", "abcd"); + + STRCASECMP("AbCd5", "aBcD1"); + STRCASECMP("AbCd5", "abcd1"); + STRCASECMP("ABCD5", "ABCD1"); + STRCASECMP("abcd5", "abcd1"); + + STRCASECMP("AbCd2", "aBcDp"); + STRCASECMP("AbCd2", "abcdQ"); + STRCASECMP("ABCD2", "ABCDr"); + STRCASECMP("abcd2", "abcdS"); +} + +static int certmap_tests (const char *config_file) { return 0; } + +static int read_config_test (const char *config_file, const char *dbname, + const char *url, + const char *binddn, const char *bindpw) +{ + int rv; + DBConfDBInfo_t *db_info; + char *dn; + char *pw; + + rv = dbconf_read_default_dbinfo(config_file, &db_info); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "config_test failed: %s\n", + ldapu_err2string(rv)); + return LDAPU_FAILED; + } + + if (strcmp(db_info->dbname, dbname) || + strcmp(db_info->url, url)) { + fprintf(stderr, "config_test failed: %s\n", + "first line in config file is wrong"); + return LDAPU_FAILED; + } + + if ((ldapu_dbinfo_attrval(db_info, "binddn", &dn) != LDAPU_SUCCESS) || + (ldapu_dbinfo_attrval(db_info, "bindpw", &pw) != LDAPU_SUCCESS)) + { + fprintf(stderr, "config_test failed: %s\n", + "properties are missing"); + return LDAPU_FAILED; + } + + if (strcmp(dn, binddn) || + strcmp(pw, bindpw)) { + fprintf(stderr, "config_test failed: %s\n", + "property values are wrong"); + return LDAPU_FAILED; + } + + fprintf(stderr, "binddn from config file: \"%s\"\n", dn); + fprintf(stderr, "bindpw from config file: \"%s\"\n", pw); + + /* cleanup */ + dbconf_free_dbinfo(db_info); + free(dn); + free(pw); + + return LDAPU_SUCCESS; +} + +static int config_test (const char *binddn, const char *bindpw) +{ + char *config_file = "config_out.conf"; + FILE *fp = fopen(config_file, "w"); + const char *dbname = "default"; + const char *url = "file:/foobar/path"; + int rv; + + if (!fp) return LDAPU_FAILED; + + dbconf_output_db_directive(fp, dbname, url); + dbconf_output_propval(fp, dbname, "binddn", binddn, 0); + dbconf_output_propval(fp, dbname, "bindpw", bindpw, 1); + + fclose(fp); + + fprintf(stderr, "Config file written: %s\n", config_file); + + rv = read_config_test(config_file, dbname, url, binddn, bindpw); + + return rv; +} + +static int +compare_groupid(const void *arg, const char *group, const int len) +{ + auto const char* groupid = (const char*)arg; + auto int err = LDAPU_FAILED; + if (len == strlen (groupid) && !strncasecmp (groupid, group, len)) { + err = LDAPU_SUCCESS; + } + return err; +} + +static int +compare_group(LDAP* directory, LDAPMessage* entry, void* set) +{ + auto int err = LDAPU_FAILED; + auto char** vals = ldap_get_values (directory, entry, "CN"); + if (vals) { + auto char** val; + for (val = vals; *val; ++val) { + if (!strcasecmp (*val, (char*)set)) { + err = LDAPU_SUCCESS; + break; + } + } + ldap_value_free (vals); + } + return err; +} + +int perform_test (int argc, char *argv[]) +{ + int test_type; + int retval = LDAPU_SUCCESS; + DBConfDBInfo_t *db_info; + LDAPDatabase_t *ldb; + LDAP *ld; + char *dbmap_file = "dblist.conf"; + char *binddn = 0; + char *bindpw = 0; + char *basedn; + int retry = 1; + int rv; + + fprintf(stderr, "\nStart of test: ./auth %s \"%s\" \"%s\"\n", + argv[1], argv[2], argv[3]); + + rv = dbconf_read_default_dbinfo(dbmap_file, &db_info); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "Error reading dbmap file \"%s\". Reason: %s\n", + dbmap_file, ldapu_err2string(rv)); + return rv; + } + + ldapu_dbinfo_attrval (db_info, LDAPU_ATTR_BINDDN, &binddn); + ldapu_dbinfo_attrval (db_info, LDAPU_ATTR_BINDPW, &bindpw); + + rv = ldapu_url_parse (db_info->url, binddn, bindpw, &ldb); + free(binddn); + free(bindpw); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "Error parsing ldap url \"%s\". Reason: %s\n", + db_info->url, ldapu_err2string(rv)); + return rv; + } + + basedn = ldb->basedn; + + test_type = atoi(argv[1]); + + retry = 1; + + while(retry) { + retry = 0; + + rv = ldapu_ldap_init_and_bind (ldb); + + if (rv != LDAPU_SUCCESS) { + fprintf(stderr, "Error initializing connection to LDAP. Reason: %s\n", + ldapu_err2string(rv)); + return rv; + } + + ld = ldb->ld; + + switch(test_type) { + case 1: + fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupdn:\t\"%s\"\n", + argv[2], argv[3]); + retval = ldapu_auth_userdn_groupdn(ld, argv[2], argv[3], basedn); + break; + + case 2: + fprintf(stderr, "\nuid:\t\t\"%s\"\ngroupdn:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_uid_groupdn(ld, argv[2], argv[3], basedn); + break; + + case 3: + fprintf(stderr, "\nuid:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_uid_groupid(ld, argv[2], argv[3], basedn); + break; + + case 4: + fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_userdn_groupid(ld, argv[2], argv[3], basedn); + break; + + case 5: + fprintf(stderr, "\nuserdn:\t\t\"%s\"\nattrFilter:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_userdn_attrfilter(ld, argv[2], argv[3]); + break; + + case 6: + fprintf(stderr, "\nuid:\t\t\"%s\"\nattrFilter:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_uid_attrfilter(ld, argv[2], argv[3], basedn); + break; + + case 7: + fprintf(stderr, "\nuserdn:\t\t\"%s\"\npassword:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_userdn_password(ld, argv[2], argv[3]); + break; + + case 8: + fprintf(stderr, "\nuid:\t\t\"%s\"\npassword:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_uid_password(ld, argv[2], argv[3], basedn); + break; + + case 9: { + /* plugin test */ + LDAPMessage *entry = 0; + LDAPMessage *res = 0; + + fprintf(stderr, "Cert Map issuer DN: \"%s\"\n", argv[2]); + fprintf(stderr, "Cert Map subject DN: \"%s\"\n", argv[3]); + retval = ldaputil_init("certmap.conf", dllname, NULL, NULL, NULL); + + if (retval != LDAPU_SUCCESS) { + fprintf(stderr, "Cert Map info test failed. Reason: %s\n", + ldapu_err2string(retval)); + break; + } + + if (*(argv[2])) + global_issuer_dn = argv[2]; + else + global_issuer_dn = 0; + + retval = ldapu_cert_to_ldap_entry(argv[3], ld, ldb->basedn, &res); + + if (retval == LDAPU_SUCCESS) { + char *dn; + + entry = ldap_first_entry(ld, res); + dn = ldap_get_dn(ld, entry); + fprintf(stderr, "Matched entry to cert: \"%s\"\n", dn); + ldap_memfree(dn); + } + else if (retval == LDAPU_FAILED) { + /* Not an error but couldn't map the cert */ + } + else { + fprintf(stderr, "Cert Map info test failed. Reason: %s\n", + ldapu_err2string(retval)); + break; + } + + /* TEMPORARY -- when & how to free the entry */ + if (res) ldap_msgfree(res); + + break; + } /* case 9 */ + + case 10: + if ((retval = config_test(argv[2], argv[3])) == LDAPU_SUCCESS) { + fprintf(stderr, "Config file test succeeded\n"); + } + else { + fprintf(stderr, "Config file test failed\n"); + } + break; + + case 11: + retval = get_dbnames_test(argv[2]); + break; + + case 12: + retval = ldapu_certinfo_save_test(argv[2], argv[3]); + break; + + case 13: + retval = ldapu_certinfo_delete_test(argv[2], argv[3]); + break; + + case 14: + retval = ldapu_certinfo_new_test(argv[2], argv[3]); + break; + + case 15: + fprintf(stderr, "\nuserdn:\t\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]); + { + auto LDAPU_DNList_t* userDNs = ldapu_DNList_alloc(); + ldapu_DNList_add(userDNs, argv[2]); + retval = ldapu_auth_usercert_groups(ld, basedn, userDNs, NULL, + argv[3], compare_group, 30, NULL); + ldapu_DNList_free(userDNs); + } + break; + + case 16: + fprintf(stderr, "\nuserCert:\t\"%s\"\ngroupid:\t\"%s\"\n", argv[2], argv[3]); + retval = ldapu_auth_usercert_groupids(ld, NULL/*userDN*/, argv[2], argv[3], + compare_groupid, basedn, NULL/*group_out*/); + break; + + } /* switch */ + + if (retval == LDAP_SERVER_DOWN) { + /* retry */ + retry = 1; + ldb->ld = 0; + } + else if (retval == LDAPU_SUCCESS) { + fprintf(stderr, "Authentication succeeded.\n"); + } + else { + fprintf(stderr, "Authentication failed.\n"); + } + } + + /* cleanup */ +// ldapu_free_LDAPDatabase_t(ldb); +// dbconf_free_dbinfo(db_info); +// ldaputil_exit(); + return retval; +} + +int main (int argc, char *argv[]) +{ + int rv; + + NSPR_INIT("auth"); + + if (argc != 4) { + fprintf(stderr, "argc = %d\n", argc); + fprintf(stderr, "usage: %s test_type user_dn group_dn\n", argv[0]); + fprintf(stderr, "\t%s 1 <userdn> <groupdn>\n", argv[0]); + fprintf(stderr, "\t%s 2 <uid> <groupdn>\n", argv[0]); + fprintf(stderr, "\t%s 3 <uid> <groupid>\n", argv[0]); + fprintf(stderr, "\t%s 4 <userdn> <groupid>\n", argv[0]); + fprintf(stderr, "\t%s 5 <userdn> <attrFilter>\n", argv[0]); + fprintf(stderr, "\t%s 6 <uid> <attrFilter>\n", argv[0]); + fprintf(stderr, "\t%s 7 <userdn> <password>\n", argv[0]); + fprintf(stderr, "\t%s 8 <uid> <password>\n", argv[0]); + fprintf(stderr, "\t%s 9 <certmap.conf> <subjectDN>\n", argv[0]); + fprintf(stderr, "\t%s 10 <binddn> <bindpw>\n", argv[0]); + fprintf(stderr, "\t%s 11 <dbmap> <ignore>\n", argv[0]); + fprintf(stderr, "\t%s 12 <newconfig> <oldconfig> ... to test save\n", argv[0]); + fprintf(stderr, "\t%s 13 <newconfig> <oldconfig> ... to test delete\n", argv[0]); + fprintf(stderr, "\t%s 14 <newconfig> <oldconfig> ... to test add\n", argv[0]); + fprintf(stderr, "\t%s 15 <userdn> <groupid>\n", argv[0]); + fprintf(stderr, "\t%s 16 <userCertDescription> <groupid>\n", argv[0]); + exit(LDAP_PARAM_ERROR); + } + + rv = perform_test(argc, argv); + /* PR_Exit(); */ + + return rv; +} + diff --git a/lib/ldaputil/utest/authtest b/lib/ldaputil/utest/authtest new file mode 100755 index 00000000..c713349b --- /dev/null +++ b/lib/ldaputil/utest/authtest @@ -0,0 +1,106 @@ +#!/bin/ksh +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +# setup for test +USERDN="cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +USER2DN="cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + +UID="hmiller" +U2ID="scarter" + +GROUPDN="cn=Directory Administrators, o=Ace Industry, c=US" +GROUPID="Directory Administrators" + +ATTRFILTER="mail=hmiller@aceindustry.com" +ATTR2FILTER="mail=scarter@aceindustry.com" + +function check_result { + echo "\nStart of test: $1 $2 \"$3\" \"$4\"" + if ( `$1 $2 "$3" "$4"` ) then + if [ $5 == "fail" ]; then + echo "**** Test Failed ****"; + else + echo "Test Succeeded"; + fi + else + if [ $5 == "fail" ]; then + echo "Test Succeeded"; + else + echo "**** Test Failed ****"; + fi + fi +} + +function must_fail { + check_result $1 $2 "$3" "$4" "fail"; +} + +function must_succeed { + check_result $1 $2 "$3" "$4" "success"; +} + +# test for <userdn> <groupdn> +must_succeed ./auth 1 "${USERDN}" "${GROUPDN}" +must_fail ./auth 1 "${USER2DN}" "${GROUPDN}" + +# test for <uid> <groupdn> +must_succeed ./auth 2 "${UID}" "${GROUPDN}" +must_fail ./auth 2 "${U2ID}" "${GROUPDN}" + +# test for <uid> <groupid> +must_succeed ./auth 3 "${UID}" "${GROUPID}" +must_fail ./auth 3 "${U2ID}" "${GROUPID}" + +# test for <userdn> <groupid> +must_succeed ./auth 4 "${USERDN}" "${GROUPID}" +must_fail ./auth 4 "${USER2DN}" "${GROUPID}" +must_succeed ./auth 15 "${USERDN}" "${GROUPID}" +must_fail ./auth 15 "${USER2DN}" "${GROUPID}" +must_succeed ./auth 16 "{${USERDN}" "${GROUPID}" +must_fail ./auth 16 "{${USER2DN}" "${GROUPID}" + +# test for <userdn> <attrFilter> +must_succeed ./auth 5 "${USERDN}" "${ATTRFILTER}" +must_fail ./auth 5 "${USERDN}" "${ATTR2FILTER}" +must_fail ./auth 5 "${USER2DN}" "${ATTRFILTER}" + +# test for <uid> <attrFilter> +must_succeed ./auth 6 "${UID}" "${ATTRFILTER}" +must_fail ./auth 6 "${UID}" "${ATTR2FILTER}" +must_fail ./auth 6 "${U2ID}" "${ATTRFILTER}" + +# test for <userdn> <password> +must_succeed ./auth 7 "${USERDN}" "hillock" +must_fail ./auth 7 "${USERDN}" "garbage" + +# test for <uid> <password> +must_succeed ./auth 8 "${UID}" "hillock" +must_fail ./auth 8 "${UID}" "garbage" + +#test for cert to ldap entry mapping +must_succeed ./auth 9 "o=Ace Industry, c=US" "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" +#must_fail ./auth 9 "default" "cn=Kirsten Vaughan, o=Ace Industry, c=US" + +# test for encode/decode bindpw +must_succeed ./auth 10 "cn=Foo Bar, o=Netscape Communication, c=US" "foobar" + +# test for reading dbnames from dbswitch.conf file +must_succeed ./auth 11 dblist.conf ignore + +# test for saving certmap info +must_succeed ./auth 12 certmap.new certmap.conf +cat certmap.conf certmap.new 1>&2 + +# test for delete certmap info +must_succeed ./auth 13 certmap.new certmap.conf +cat certmap.conf certmap.new 1>&2 + +# test for add certmap info +must_succeed ./auth 14 certmap.new certmap.conf +cat certmap.conf certmap.new 1>&2 + diff --git a/lib/ldaputil/utest/certmap.conf b/lib/ldaputil/utest/certmap.conf new file mode 100644 index 00000000..53ab6fca --- /dev/null +++ b/lib/ldaputil/utest/certmap.conf @@ -0,0 +1,36 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default +#default:DNComps o, ou ,c +#default:FilterComps cn + + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l +#default1:verifycert + +# Following line has trailing spaces +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on diff --git a/lib/ldaputil/utest/dblist.conf b/lib/ldaputil/utest/dblist.conf new file mode 100644 index 00000000..c38580ac --- /dev/null +++ b/lib/ldaputil/utest/dblist.conf @@ -0,0 +1,15 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# + +directory default ldap://:3334/o=Airius.com +directory default1 ldap:///o=Ace Industry, c=US +directory default2 ldap:///o=Ace Industry, c=US +directory default3 ldap:///o=Ace Industry, c=US +directory default4 ldap:///o=Ace Industry, c=US +directory default5 ldap:///o=Ace Industry, c=US +directory default6 ldap:///o=Ace Industry, c=US diff --git a/lib/ldaputil/utest/example.c b/lib/ldaputil/utest/example.c new file mode 100644 index 00000000..185fbe51 --- /dev/null +++ b/lib/ldaputil/utest/example.c @@ -0,0 +1,116 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +#include <stdio.h> + +#include <certmap.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/* The init function must be defined extern "C" if using a C++ compiler */ +int plugin_init_fn (void *certmap_info, const char *issuerName, + const char *issuerDN); + +#ifdef __cplusplus +} +#endif + + +static int extract_ldapdn_and_filter (const char *subjdn, void *certmap_info, + char **ldapDN, char **filter) +{ + /* extract the ldapDN and filter from subjdn */ + /* You can also use the ldapu_certmap_info_attrval function to get value + of a config file parameter for the certmap_info. */ + return LDAPU_SUCCESS; +} + +static int plugin_mapping_fn (void *cert, LDAP *ld, void *certmap_info, + char **ldapDN, char **filter) +{ + char *subjdn; + int rv; + + fprintf(stderr, "plugin_mapping_fn called.\n"); + rv = ldapu_get_cert_subject_dn(cert, &subjdn); + + if (rv != LDAPU_SUCCESS) return rv; + + *ldapDN = 0; + *filter = 0; + + rv = extract_ldapdn_and_filter(subjdn, certmap_info, ldapDN, filter); + + if (rv != LDAPU_SUCCESS) { + /* This function must return LDAPU_FAILED or + LDAPU_CERT_MAP_FUNCTION_FAILED on error */ + return LDAPU_CERT_MAP_FUNCTION_FAILED; + } + + return LDAPU_SUCCESS; +} + +static int plugin_cmp_certs (void *subject_cert, + void *entry_cert_binary, + unsigned long entry_cert_len) +{ + /* compare the certs */ + return LDAPU_SUCCESS; +} + +static int plugin_verify_fn (void *cert, LDAP *ld, void *certmap_info, + LDAPMessage *res, LDAPMessage **entry_out) +{ + LDAPMessage *entry; + struct berval **bvals; + char *cert_attr = "userCertificate;binary"; + int i; + int rv; + + fprintf(stderr, "plugin_verify_fn called.\n"); + *entry_out = 0; + + for (entry = ldap_first_entry(ld, res); entry != NULL; + entry = ldap_next_entry(ld, entry)) + { + if ((bvals = ldap_get_values_len(ld, entry, cert_attr)) == NULL) { + rv = LDAPU_CERT_VERIFY_FUNCTION_FAILED; + /* Maybe one of the remaining entries will match */ + continue; + } + + for ( i = 0; bvals[i] != NULL; i++ ) { + rv = plugin_cmp_certs (cert, + bvals[i]->bv_val, + bvals[i]->bv_len); + + if (rv == LDAPU_SUCCESS) { + break; + } + } + + ldap_value_free_len(bvals); + + if (rv == LDAPU_SUCCESS) { + *entry_out = entry; + break; + } + } + + return rv; +} + +int plugin_init_fn (void *certmap_info, const char *issuerName, + const char *issuerDN) +{ + fprintf(stderr, "plugin_init_fn called.\n"); + ldapu_set_cert_mapfn(issuerDN, plugin_mapping_fn); + ldapu_set_cert_verifyfn(issuerDN, plugin_verify_fn); + return LDAPU_SUCCESS; +} + diff --git a/lib/ldaputil/utest/plugin.c b/lib/ldaputil/utest/plugin.c new file mode 100644 index 00000000..29f7765b --- /dev/null +++ b/lib/ldaputil/utest/plugin.c @@ -0,0 +1,115 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +#include <stdio.h> +#include <string.h> +#include <ctype.h> + +#include <plugin.h> /* must define extern "C" functions */ +#include <certmap.h> /* Public Certmap API */ + +static CertSearchFn_t default_searchfn = 0; + +static int plugin_attr_val (void *cert, int which_dn, const char *attr) +{ + char **val; + int rv = ldapu_get_cert_ava_val(cert, which_dn, attr, &val); + char **attr_val = val; /* preserve the pointer for free */ + + if (rv != LDAPU_SUCCESS || !val) { + fprintf(stderr, "\t%s: *** Failed ***\n", attr); + } + else if (!*val) { + fprintf(stderr, "\t%s: *** Empty ***\n", attr); + } + else { + fprintf(stderr, "\t%s: \"%s\"", attr, *val++); + while(*val) { + fprintf(stderr, ", \"%s\"", *val++); + } + fprintf(stderr, "\n"); + } + + ldapu_free_cert_ava_val(attr_val); + + return LDAPU_SUCCESS; +} + +static int plugin_mapping_fn (void *cert, LDAP *ld, void *certmap_info, + char **ldapDN, char **filter) +{ + char *subjdn; + char *issuerDN; + char *ptr; + char *comma; + + fprintf(stderr, "plugin_mapping_fn called.\n"); + ldapu_get_cert_subject_dn(cert, &subjdn); + ldapu_get_cert_issuer_dn(cert, &issuerDN); + + fprintf(stderr, "Value of attrs from subject DN & issuer DN:\n"); + fprintf(stderr, "\tCert: \"%s\"\n", (char *)cert); + fprintf(stderr, "\tsubjdn: \"%s\"\n", subjdn); + plugin_attr_val(cert, LDAPU_SUBJECT_DN, "cn"); + plugin_attr_val(cert, LDAPU_SUBJECT_DN, "ou"); + plugin_attr_val(cert, LDAPU_SUBJECT_DN, "o"); + plugin_attr_val(cert, LDAPU_SUBJECT_DN, "c"); + fprintf(stderr, "\tissuerDN: \"%s\"\n", issuerDN); + plugin_attr_val(cert, LDAPU_ISSUER_DN, "cn"); + plugin_attr_val(cert, LDAPU_ISSUER_DN, "ou"); + plugin_attr_val(cert, LDAPU_ISSUER_DN, "o"); + plugin_attr_val(cert, LDAPU_ISSUER_DN, "c"); + + if (subjdn && *subjdn) { + comma = ptr = strchr(subjdn, ','); + + while(*ptr == ',' || isspace(*ptr)) ptr++; + *ldapDN = strdup(ptr); + + /* Set filter to the first AVA in the subjdn */ + *filter = subjdn; + *comma = 0; + } + else { + *ldapDN = 0; + *filter = 0; + } + + return LDAPU_SUCCESS; +} + +static int plugin_search_fn (void *cert, LDAP *ld, void *certmap_info, + const char *basedn, + const char *dn, const char *filter, + const char **attrs, LDAPMessage **res) +{ + fprintf(stderr, "plugin_search_fn called.\n"); + return (*default_searchfn)(cert, ld, certmap_info, basedn, dn, filter, + attrs, res); +} + +static int plugin_verify_fn (void *cert, LDAP *ld, void *certmap_info, + LDAPMessage *res, LDAPMessage **entry) +{ + fprintf(stderr, "plugin_verify_fn called.\n"); + *entry = ldap_first_entry(ld, res); + return LDAPU_SUCCESS; +} + +int plugin_init_fn (void *certmap_info, const char *issuerName, + const char *issuerDN) +{ + fprintf(stderr, "plugin_init_fn called.\n"); + ldapu_set_cert_mapfn(issuerDN, plugin_mapping_fn); + ldapu_set_cert_verifyfn(issuerDN, plugin_verify_fn); + + if (!default_searchfn) + default_searchfn = ldapu_get_cert_searchfn(issuerDN); + + ldapu_set_cert_searchfn(issuerDN, plugin_search_fn); + return LDAPU_SUCCESS; +} + diff --git a/lib/ldaputil/utest/plugin.h b/lib/ldaputil/utest/plugin.h new file mode 100644 index 00000000..124a121a --- /dev/null +++ b/lib/ldaputil/utest/plugin.h @@ -0,0 +1,20 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _CERTMAP_PLUGIN_H +#define _CERTMAP_PLUGIN_H + +#ifdef __cplusplus +extern "C" { +#endif + +extern int plugin_init_fn (void *certmap_info, const char *issuerName, + const char *issuerDN); + +#ifdef __cplusplus +} +#endif + +#endif /* _CERTMAP_PLUGIN_H */ diff --git a/lib/ldaputil/utest/stubs.c b/lib/ldaputil/utest/stubs.c new file mode 100644 index 00000000..03717331 --- /dev/null +++ b/lib/ldaputil/utest/stubs.c @@ -0,0 +1,107 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <ctype.h> /* isspace */ +#include <string.h> +#include <stdio.h> /* sprintf */ +#include <stdlib.h> /* malloc */ + +#include <ldap.h> +#include <ldaputil/certmap.h> +#include <ldaputil/cert.h> +#include <ldaputil/errors.h> + +#define BIG_LINE 1024 + +NSAPI_PUBLIC int ldapu_get_cert_subject_dn (void *cert_in, char **subjectDN) +{ + char *cert = (char *)cert_in; + + *subjectDN = strdup((char *)cert); + return *subjectDN ? LDAPU_SUCCESS : LDAPU_FAILED; +} + +NSAPI_PUBLIC int ldapu_get_cert_issuer_dn (void *cert, char **issuerDN) +{ + extern char *global_issuer_dn; + /* TEMPORARY -- not implemented yet*/ + *issuerDN = global_issuer_dn ? strdup(global_issuer_dn) : 0; + return LDAPU_SUCCESS; +} + +/* A stub to remove link errors -- ignore SSL */ +LDAP *ldapssl_init (const char *host, int port, int secure) +{ + LDAP *ld = 0; + + if ((ld = ldap_init(host, port)) == NULL) { + fprintf(stderr, "ldap_init: Failed to initialize connection"); + return(0); + } + + return ld; +} + +NSAPI_PUBLIC int ldapu_get_cert_ava_val (void *cert_in, int which_dn, + const char *attr, char ***val_out) +{ + int rv; + char *cert_dn; + char **ptr; + char **val; + char *dnptr; + char attr_eq1[BIG_LINE]; + char attr_eq2[BIG_LINE]; + char *comma; + + *val_out = 0; + + if (which_dn == LDAPU_SUBJECT_DN) + rv = ldapu_get_cert_subject_dn(cert_in, &cert_dn); + else if (which_dn == LDAPU_ISSUER_DN) + rv = ldapu_get_cert_issuer_dn(cert_in, &cert_dn); + else + return LDAPU_ERR_INVALID_ARGUMENT; + + if (rv != LDAPU_SUCCESS) return rv; + + val = (char **)malloc(32*sizeof(char *)); + + if (!val) return LDAPU_ERR_OUT_OF_MEMORY; + + ptr = val; + sprintf(attr_eq1, "%s =", attr); + sprintf(attr_eq2, "%s=", attr); + + while(cert_dn && + ((dnptr = strstr(cert_dn, attr_eq1)) || + (dnptr = strstr(cert_dn, attr_eq2)))) + { + dnptr = strchr(dnptr, '='); + dnptr++; + while(isspace(*dnptr)) dnptr++; + comma = strchr(dnptr, ','); + + if (comma) { + *ptr = (char *)malloc((comma-dnptr+1)*sizeof(char)); + strncpy(*ptr, dnptr, (comma-dnptr)); + (*ptr++)[comma-dnptr] = 0; + } + else { + *ptr++ = strdup(dnptr); + } + cert_dn = comma; + } + + *ptr = 0; + *val_out = val; + return LDAPU_SUCCESS; +} + +NSAPI_PUBLIC int ldapu_get_cert_der (void *cert_in, unsigned char **der, + unsigned int *len) +{ + return LDAPU_FAILED; +} diff --git a/lib/ldaputil/utest/stubs.cpp b/lib/ldaputil/utest/stubs.cpp new file mode 100644 index 00000000..92e6f978 --- /dev/null +++ b/lib/ldaputil/utest/stubs.cpp @@ -0,0 +1,102 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <ctype.h> /* isspace */ +#include <string.h> +#include <stdio.h> /* sprintf */ +#include <stdlib.h> /* malloc */ + +#include <ldaputil/ldaputil.h> +#include <ldaputil/cert.h> +#include <ldaputil/errors.h> +#include "../ldaputili.h" + +#define BIG_LINE 1024 + +NSAPI_PUBLIC int ldapu_get_cert_subject_dn (void *cert_in, char **subjectDN) +{ + char *cert = (char *)cert_in; + + *subjectDN = strdup((char *)cert); + return *subjectDN ? LDAPU_SUCCESS : LDAPU_FAILED; +} + +NSAPI_PUBLIC int ldapu_get_cert_issuer_dn (void *cert, char **issuerDN) +{ + /* TEMPORARY -- not implemented yet*/ + *issuerDN = strdup("o=Netscape Communications, c=US"); + return *issuerDN ? LDAPU_SUCCESS : LDAPU_FAILED; +} + +NSAPI_PUBLIC int ldapu_get_cert_ava_val (void *cert_in, int which_dn, + const char *attr, char ***val_out) +{ + int rv; + char *cert_dn; + char **ptr; + char **val; + char *dnptr; + char attr_eq1[BIG_LINE]; + char attr_eq2[BIG_LINE]; + char *comma; + + *val_out = 0; + + if (which_dn == LDAPU_SUBJECT_DN) + rv = ldapu_get_cert_subject_dn(cert_in, &cert_dn); + else if (which_dn == LDAPU_ISSUER_DN) + rv = ldapu_get_cert_issuer_dn(cert_in, &cert_dn); + else + return LDAPU_ERR_INVALID_ARGUMENT; + + if (rv != LDAPU_SUCCESS) return rv; + + val = (char **)malloc(32*sizeof(char *)); + + if (!val) return LDAPU_ERR_OUT_OF_MEMORY; + + ptr = val; + sprintf(attr_eq1, "%s =", attr); + sprintf(attr_eq2, "%s=", attr); + + while(cert_dn && + ((dnptr = strstr(cert_dn, attr_eq1)) || + (dnptr = strstr(cert_dn, attr_eq2)))) + { + dnptr = strchr(dnptr, '='); + dnptr++; + while(isspace(*dnptr)) dnptr++; + comma = strchr(dnptr, ','); + + if (comma) { + *ptr = (char *)malloc((comma-dnptr+1)*sizeof(char)); + strncpy(*ptr, dnptr, (comma-dnptr)); + (*ptr++)[comma-dnptr] = 0; + } + else { + *ptr++ = strdup(dnptr); + } + cert_dn = comma; + } + + *ptr = 0; + *val_out = val; + return LDAPU_SUCCESS; +} + +NSAPI_PUBLIC int ldapu_get_cert_der (void *cert_in, unsigned char **der, + unsigned int *len) +{ + return LDAPU_FAILED; +} + +int +ldapu_member_certificate_match (void* cert, const char* desc) +{ + if (!strcasecmp ((char*)cert, desc)) { + return LDAPU_SUCCESS; + } + return LDAPU_FAILED; +} diff --git a/lib/ldaputil/utest/test.ref b/lib/ldaputil/utest/test.ref new file mode 100644 index 00000000..fae39056 --- /dev/null +++ b/lib/ldaputil/utest/test.ref @@ -0,0 +1,448 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# + +Start of test: ./auth 1 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "cn=Directory Administrators, o=Ace Industry, c=US" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +groupdn: "cn=Directory Administrators, o=Ace Industry, c=US" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US) (member=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +Authentication succeeded. + +Start of test: ./auth 1 "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" "cn=Directory Administrators, o=Ace Industry, c=US" + +userdn: "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" +groupdn: "cn=Directory Administrators, o=Ace Industry, c=US" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Find parent groups of "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "(& (| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US)) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 2 "hmiller" "cn=Directory Administrators, o=Ace Industry, c=US" + +uid: "hmiller" +groupdn: "cn=Directory Administrators, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "uid=hmiller" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US) (member=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +Authentication succeeded. + +Start of test: ./auth 2 "scarter" "cn=Directory Administrators, o=Ace Industry, c=US" + +uid: "scarter" +groupdn: "cn=Directory Administrators, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "uid=scarter" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Find parent groups of "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "(& (| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US)) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 3 "hmiller" "Directory Administrators" + +uid: "hmiller" +groupid: "Directory Administrators" + base: "o=Ace Industry, c=US" + filter: "(& (cn=Directory Administrators) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" + base: "o=Ace Industry, c=US" + filter: "uid=hmiller" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US) (member=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +Authentication succeeded. + +Start of test: ./auth 3 "scarter" "Directory Administrators" + +uid: "scarter" +groupid: "Directory Administrators" + base: "o=Ace Industry, c=US" + filter: "(& (cn=Directory Administrators) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" + base: "o=Ace Industry, c=US" + filter: "uid=scarter" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Find parent groups of "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "(& (| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US)) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 4 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "Directory Administrators" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +groupid: "Directory Administrators" + base: "o=Ace Industry, c=US" + filter: "(& (cn=Directory Administrators) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US) (member=cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +Authentication succeeded. + +Start of test: ./auth 4 "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" "Directory Administrators" + +userdn: "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" +groupid: "Directory Administrators" + base: "o=Ace Industry, c=US" + filter: "(& (cn=Directory Administrators) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" + base: "cn=Directory Administrators, o=Ace Industry, c=US" + filter: "(| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US))" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Find parent groups of "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + base: "o=Ace Industry, c=US" + filter: "(& (| (uniquemember=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US) (member=cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US)) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 5 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "mail=hmiller@aceindustry.com" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +attrFilter: "mail=hmiller@aceindustry.com" + base: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + filter: "mail=hmiller@aceindustry.com" + scope: "LDAP_SCOPE_BASE" +Authentication succeeded. + +Start of test: ./auth 5 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "mail=scarter@aceindustry.com" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +attrFilter: "mail=scarter@aceindustry.com" + base: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + filter: "mail=scarter@aceindustry.com" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 5 "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" "mail=hmiller@aceindustry.com" + +userdn: "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" +attrFilter: "mail=hmiller@aceindustry.com" + base: "cn=Sam Carter, ou=Accounting, o=Ace Industry, c=US" + filter: "mail=hmiller@aceindustry.com" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 6 "hmiller" "mail=hmiller@aceindustry.com" + +uid: "hmiller" +attrFilter: "mail=hmiller@aceindustry.com" + base: "o=Ace Industry, c=US" + filter: "(& (uid=hmiller) (mail=hmiller@aceindustry.com))" + scope: "LDAP_SCOPE_SUBTREE" +Authentication succeeded. + +Start of test: ./auth 6 "hmiller" "mail=scarter@aceindustry.com" + +uid: "hmiller" +attrFilter: "mail=scarter@aceindustry.com" + base: "o=Ace Industry, c=US" + filter: "(& (uid=hmiller) (mail=scarter@aceindustry.com))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 6 "scarter" "mail=hmiller@aceindustry.com" + +uid: "scarter" +attrFilter: "mail=hmiller@aceindustry.com" + base: "o=Ace Industry, c=US" + filter: "(& (uid=scarter) (mail=hmiller@aceindustry.com))" + scope: "LDAP_SCOPE_SUBTREE" +ldap_search_s: Entry not found +Authentication failed. + +Start of test: ./auth 7 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "hillock" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +password: "hillock" + userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + password: "hillock" +Authentication succeeded. + +Start of test: ./auth 7 "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" "garbage" + +userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" +password: "garbage" + userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + password: "garbage" +ldap_simple_bind_s: Invalid credentials +Authentication failed. + +Start of test: ./auth 8 "hmiller" "hillock" + +uid: "hmiller" +password: "hillock" + base: "o=Ace Industry, c=US" + filter: "uid=hmiller" + scope: "LDAP_SCOPE_SUBTREE" + userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + password: "hillock" +Authentication succeeded. + +Start of test: ./auth 8 "hmiller" "garbage" + +uid: "hmiller" +password: "garbage" + base: "o=Ace Industry, c=US" + filter: "uid=hmiller" + scope: "LDAP_SCOPE_SUBTREE" + userdn: "cn=Harry Miller, ou=Human Resources, o=Ace Industry, c=US" + password: "garbage" +ldap_simple_bind_s: Invalid credentials +Authentication failed. + +Start of test: ./auth 9 "o=Ace Industry, c=US" "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" +Cert Map issuer DN: "o=Ace Industry, c=US" +Cert Map subject DN: "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" +plugin_init_fn called. +plugin_init_fn called. +plugin_mapping_fn called. +Value of attrs from subject DN & issuer DN: + Cert: "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" + subjdn: "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" + cn: "Kirsten Vaughan" + ou: "Human Resources" + o: "Ace Industry" + c: "US" + issuerDN: "o=Ace Industry, c=US" + cn: *** Empty *** + ou: *** Empty *** + o: "Ace Industry" + c: "US" +plugin_search_fn called. + base: "ou=Human Resources, o=Ace Industry, c=US" + filter: "cn=Kirsten Vaughan" + scope: "LDAP_SCOPE_BASE" +ldap_search_s: Entry not found + base: "ou=Human Resources, o=Ace Industry, c=US" + filter: "cn=Kirsten Vaughan" + scope: "LDAP_SCOPE_SUBTREE" +plugin_verify_fn called. +Matched entry to cert: "cn=Kirsten Vaughan, ou=Human Resources, o=Ace Industry, c=US" +Authentication succeeded. + +Start of test: ./auth 10 "cn=Foo Bar, o=Netscape Communication, c=US" "foobar" +Config file written: config_out.conf +binddn from config file: "cn=Foo Bar, o=Netscape Communication, c=US" +bindpw from config file: "foobar" +Config file test succeeded +Authentication succeeded. + +Start of test: ./auth 11 "dblist.conf" "ignore" + dbname[0] = "default" + dbname[1] = "default1" + dbname[2] = "default2" + dbname[3] = "default3" + dbname[4] = "default4" + dbname[5] = "default5" + dbname[6] = "default6" +Authentication succeeded. + +Start of test: ./auth 12 "certmap.new" "certmap.conf" +plugin_init_fn called. +plugin_init_fn called. +Authentication succeeded. + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default +#default:DNComps o, ou ,c +#default:FilterComps cn + + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l +#default1:verifycert + +# Following line has trailing spaces +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l + +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + + +Start of test: ./auth 13 "certmap.new" "certmap.conf" +plugin_init_fn called. +plugin_init_fn called. +Authentication succeeded. + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default +#default:DNComps o, ou ,c +#default:FilterComps cn + + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l +#default1:verifycert + +# Following line has trailing spaces +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default + +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + + +Start of test: ./auth 14 "certmap.new" "certmap.conf" +plugin_init_fn called. +plugin_init_fn called. +Authentication succeeded. + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default +#default:DNComps o, ou ,c +#default:FilterComps cn + + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l +#default1:verifycert + +# Following line has trailing spaces +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + +# Comments before any certmap directive - line 1 +# Comments before any certmap directive - line 2 + +# Comments before any certmap directive - line 3 +# Comments before any certmap directive - line 4 +# Comments before any certmap directive - line 5 + + +# Comments before any certmap directive - line 6 + +certmap default default + +certmap default1 o=Netscape Communications, c=US +default1:library ./plugin.so +default1:InitFn plugin_init_fn +default1:DNComps ou o c +default1:FilterComps l + +certmap default2 o=Ace Industry, c=US +default2:InitFn plugin_init_fn +default2:DNComps cn o ou c +default2:FilterComps l +default2:verifycert on + +certmap newmap o=Mcom Communications, c=US +newmap:prop1 val1 +newmap:prop2 val2 +newmap:prop3 + |