xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test079-proxy-timeout (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2) 
1#! /bin/sh
2# $OpenLDAP$
3## This work is part of OpenLDAP Software <http://www.openldap.org/>.
4##
5## Copyright 1998-2021 The OpenLDAP Foundation.
6## All rights reserved.
7##
8## Redistribution and use in source and binary forms, with or without
9## modification, are permitted only as authorized by the OpenLDAP
10## Public License.
11##
12## A copy of this license is available in the file LICENSE in the
13## top-level directory of the distribution or, alternatively, at
14## <http://www.OpenLDAP.org/license.html>.
15
16echo "running defines.sh"
17. $SRCDIR/scripts/defines.sh
18
19if test $BACKLDAP = "ldapno" ; then
20	echo "LDAP backend not available, test skipped"
21	exit 0
22fi
23if test $RWM = "rwmno" ; then
24        echo "rwm (rewrite/remap) overlay not available, test skipped"
25        exit 0
26fi
27
28mkdir -p $TESTDIR $DBDIR1 $DBDIR2
29$SLAPPASSWD -g -n >$CONFIGPWF
30
31#
32# Start slapd that acts as a remote LDAP server that will be proxied
33#
34echo "Running slapadd to build database for the remote slapd server..."
35. $CONFFILTER $BACKEND < $CONF > $CONF1
36$SLAPADD -f $CONF1 -l $LDIFORDERED
37RC=$?
38if test $RC != 0 ; then
39        echo "slapadd failed ($RC)!"
40        exit $RC
41fi
42
43echo "Starting remote slapd server on TCP/IP port $PORT1..."
44$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
45SERVERPID=$!
46if test $WAIT != 0 ; then
47    echo SERVERPID $SERVERPID
48    read foo
49fi
50
51echo "Using ldapsearch to check that slapd is running..."
52for i in 0 1 2 3 4 5; do
53	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
54		'objectclass=*' > /dev/null 2>&1
55	RC=$?
56	if test $RC = 0 ; then
57		break
58	fi
59	echo "Waiting $SLEEP1 seconds for slapd to start..."
60	sleep $SLEEP1
61done
62
63if test $RC != 0 ; then
64	echo "ldapsearch failed ($RC)!"
65	test $KILLSERVERS != no && kill -HUP $KILLPIDS
66	exit $RC
67fi
68
69#
70# Start ldapd that will proxy for the remote server
71#
72# Proxy is configured with two slapd-ldap backends:
73# - one with idle timeout set: dc=idle-timeout,$BASED
74# - one with connection TTL set: dc=conn-ttl,$BASEDN
75#
76echo "Starting slapd proxy on TCP/IP port $PORT2..."
77. $CONFFILTER $BACKEND < $DATADIR/slapd-proxytimeout.conf > $CONF2
78$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
79PROXYPID=$!
80if test $WAIT != 0 ; then
81    echo PROXYPID $PROXYPID
82    read foo
83fi
84
85KILLPIDS="$SERVERPID $PROXYPID"
86
87echo "Using ldapsearch to check that slapd is running..."
88for i in 0 1 2 3 4 5; do
89	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
90		'objectclass=*' > /dev/null 2>&1
91	RC=$?
92	if test $RC = 0 ; then
93		break
94	fi
95	echo "Waiting $SLEEP1 seconds for slapd to start..."
96	sleep $SLEEP1
97done
98
99if test $RC != 0 ; then
100	echo "ldapsearch failed ($RC)!"
101	test $KILLSERVERS != no && kill -HUP $KILLPIDS
102	exit $RC
103fi
104
105##############################################################################
106#
107# Test 1: Test that shared connections are timed out
108#
109
110CONN_BEGINS=`date +%s`
111CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
112echo "Create shared connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"
113
114$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
115        -D "cn=Manager,dc=local,dc=com" \
116        -H $URI2 \
117        -w $PASSWD \
118        'objectclass=*' > $TESTOUT 2>&1
119RC=$?
120if test $RC != 0 ; then
121        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
122        test $KILLSERVERS != no && kill -HUP $KILLPIDS
123        exit $RC
124fi
125
126$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
127        -D "cn=Manager,dc=local,dc=com" \
128        -H $URI2 \
129        -w $PASSWD \
130        'objectclass=*' >> $TESTOUT 2>&1
131RC=$?
132if test $RC != 0 ; then
133        echo "ldapsearch failed for base: dc=conn-ttl,$BASEDN ($RC)!"
134        test $KILLSERVERS != no && kill -HUP $KILLPIDS
135        exit $RC
136fi
137
138# Check that connections are established by searching for olmDbConnURI from Monitor
139
140echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
141
142$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
143        -D "cn=Manager,dc=local,dc=com" \
144        -H $URI2 \
145        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
146RC=$?
147if test $RC != 0 ; then
148    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
149    test $KILLSERVERS != no && kill -HUP $KILLPIDS
150    exit $RC
151fi
152
153$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
154        -D "cn=Manager,dc=local,dc=com" \
155        -H $URI2 \
156        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
157RC=$?
158if test $RC != 0 ; then
159    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
160    test $KILLSERVERS != no && kill -HUP $KILLPIDS
161    exit $RC
162fi
163
164# Wait for connections to be closed, either due to
165# - idle-timeout and
166# - conn-ttl
167# sleep 2 second overtime for robustness of the test case
168echo "Sleeping until idle-timeout and conn-ttl have passed"
169NOW=`date +%s`
170sleep `expr $CONN_EXPIRES - $NOW + 2`
171
172echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
173
174$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
175        -D "cn=Manager,dc=local,dc=com" \
176        -H $URI2 \
177        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
178RC=$?
179if test $RC != 1 ; then
180    echo "Error: LDAP connection to remote LDAP server was not closed"
181    test $KILLSERVERS != no && kill -HUP $KILLPIDS
182    exit $RC
183fi
184
185$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
186        -D "cn=Manager,dc=local,dc=com" \
187        -H $URI2 \
188        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
189RC=$?
190if test $RC != 1 ; then
191    echo "Error: LDAP connection to remote LDAP server was not closed"
192    test $KILLSERVERS != no && kill -HUP $KILLPIDS
193    exit $RC
194fi
195
196
197##############################################################################
198#
199# Test 2: Test that private connections are timed out
200#
201
202CONN_BEGINS=`date +%s`
203CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
204echo "Create private connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"
205
206# Create fifos that are used to pass searches from the test case to ldapsearch
207rm -f $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo
208mkfifo $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo
209
210# Execute ldapsearch on background and have it read searches from the fifo
211$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
212        -D "cn=Barbara Jensen,ou=Information Technology Division,dc=idle-timeout,$BASEDN" \
213        -H $URI2 \
214        -w "bjensen" \
215        -f $TESTDIR/ldapsearch1.fifo >> $TESTOUT 2>&1 &
216LDAPSEARCHPIDS=$!
217
218$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
219        -D "cn=Barbara Jensen,ou=Information Technology Division,dc=conn-ttl,$BASEDN" \
220        -H $URI2 \
221        -w "bjensen" \
222        -f $TESTDIR/ldapsearch2.fifo >> $TESTOUT 2>&1 &
223LDAPSEARCHPIDS="$LDAPSEARCHPIDS $!"
224
225# Open fifos as file descriptor
226exec 3>$TESTDIR/ldapsearch1.fifo
227exec 4>$TESTDIR/ldapsearch2.fifo
228
229# Trigger LDAP connections towards the proxy by executing a search
230echo 'objectclass=*' >&3
231echo 'objectclass=*' >&4
232
233# wait for ldapsearches (running as background processes) to execute search operations
234sleep 2
235
236echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"
237
238$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
239        -D "cn=Manager,dc=local,dc=com" \
240        -H $URI2 \
241        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
242RC=$?
243if test $RC != 0 ; then
244    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
245    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
246    exit $RC
247fi
248
249$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
250        -D "cn=Manager,dc=local,dc=com" \
251        -H $URI2 \
252        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
253RC=$?
254if test $RC != 0 ; then
255    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
256    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
257    exit $RC
258fi
259
260# Wait for connections to be closed, either due to
261# - idle-timeout and
262# - conn-ttl
263# sleep 2 second overtime for robustness of the test case
264echo "Sleeping until idle-timeout and conn-ttl have passed"
265NOW=`date +%s`
266sleep `expr $CONN_EXPIRES - $NOW + 2`
267
268echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"
269
270$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
271        -D "cn=Manager,dc=local,dc=com" \
272        -H $URI2 \
273        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
274RC=$?
275if test $RC != 1 ; then
276    echo "Error: LDAP connection to remote LDAP server was not closed"
277    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
278    exit $RC
279fi
280
281$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
282        -D "cn=Manager,dc=local,dc=com" \
283        -H $URI2 \
284        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
285RC=$?
286if test $RC != 1 ; then
287    echo "Error: LDAP connection to remote LDAP server was not closed"
288    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
289    exit $RC
290fi
291
292# Close the file descriptors associated with the fifos.
293# This will trigger EOF to ldapsearch which will cause it to exit.
294exec 3>&-
295exec 4>&-
296
297
298##############################################################################
299#
300# Test 3: Check that idle-timeout is reset on activity
301#
302
303echo "Checking that idle-timeout is reset on activity"
304CONN_BEGINS=`date +%s`
305CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
306echo "Create cached connection: idle-timeout timeout starts (time_t now=$CONN_BEGINS, original_timeout=$CONN_EXPIRES)"
307$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
308        -D "cn=Manager,dc=local,dc=com" \
309        -H $URI2 \
310        -w $PASSWD \
311        'objectclass=*' >> $TESTOUT 2>&1
312RC=$?
313if test $RC != 0 ; then
314        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
315        test $KILLSERVERS != no && kill -HUP $KILLPIDS
316        exit $RC
317fi
318
319# sleep until 2 seconds before idle-timeout, then extend the timeout by executing another search operation
320NOW=`date +%s`
321sleep `expr $CONN_EXPIRES - $NOW - 2`
322
323CONN_BEGINS=`date +%s`
324CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
325echo "Do another search to reset the timeout (time_t now=$CONN_BEGINS, new_timeout=$CONN_EXPIRES)"
326$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
327        -D "cn=Manager,dc=local,dc=com" \
328        -H $URI2 \
329        -w $PASSWD \
330        'objectclass=*' >> $TESTOUT 2>&1
331RC=$?
332if test $RC != 0 ; then
333        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
334        test $KILLSERVERS != no && kill -HUP $KILLPIDS
335        exit $RC
336fi
337
338# sleep until 2 seconds before new extended idle-timeout, check that connection still exist
339NOW=`date +%s`
340sleep `expr $CONN_EXPIRES - $NOW - 2`
341echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)"
342$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
343        -D "cn=Manager,dc=local,dc=com" \
344        -H $URI2 \
345        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
346RC=$?
347if test $RC != 0 ; then
348    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
349    test $KILLSERVERS != no && kill -HUP $KILLPIDS
350    exit $RC
351fi
352
353# sleep until 2 seconds after timeout, check that connection does not exist
354NOW=`date +%s`
355sleep `expr $CONN_EXPIRES - $NOW + 2`
356echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)"
357$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
358        -D "cn=Manager,dc=local,dc=com" \
359        -H $URI2 \
360        -w $PASSWD  2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
361RC=$?
362if test $RC != 1 ; then
363    echo "Error: LDAP connection to remote LDAP server was not closed"
364    test $KILLSERVERS != no && kill -HUP $KILLPIDS
365    exit $RC
366fi
367
368test $KILLSERVERS != no && kill -HUP $KILLPIDS
369
370echo ">>>>> Test succeeded"
371
372test $KILLSERVERS != no && wait
373
374exit 0
375