xref: /netbsd-src/external/bsd/openldap/dist/tests/scripts/test079-proxy-timeout (revision e670fd5c413e99c2f6a37901bb21c537fcd322d2)

#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.

echo "running defines.sh"
. $SRCDIR/scripts/defines.sh

if test $BACKLDAP = "ldapno" ; then
	echo "LDAP backend not available, test skipped"
	exit 0
fi
if test $RWM = "rwmno" ; then
        echo "rwm (rewrite/remap) overlay not available, test skipped"
        exit 0
fi

mkdir -p $TESTDIR $DBDIR1 $DBDIR2
$SLAPPASSWD -g -n >$CONFIGPWF

#
# Start slapd that acts as a remote LDAP server that will be proxied
#
echo "Running slapadd to build database for the remote slapd server..."
. $CONFFILTER $BACKEND < $CONF > $CONF1
$SLAPADD -f $CONF1 -l $LDIFORDERED
RC=$?
if test $RC != 0 ; then
        echo "slapadd failed ($RC)!"
        exit $RC
fi

echo "Starting remote slapd server on TCP/IP port $PORT1..."
$SLAPD -f $CONF1 -h $URI1 -d $LVL > $LOG1 2>&1 &
SERVERPID=$!
if test $WAIT != 0 ; then
    echo SERVERPID $SERVERPID
    read foo
fi

echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting $SLEEP1 seconds for slapd to start..."
	sleep $SLEEP1
done

if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

#
# Start ldapd that will proxy for the remote server
#
# Proxy is configured with two slapd-ldap backends:
# - one with idle timeout set: dc=idle-timeout,$BASED
# - one with connection TTL set: dc=conn-ttl,$BASEDN
#
echo "Starting slapd proxy on TCP/IP port $PORT2..."
. $CONFFILTER $BACKEND < $DATADIR/slapd-proxytimeout.conf > $CONF2
$SLAPD -f $CONF2 -h $URI2 -d $LVL > $LOG2 2>&1 &
PROXYPID=$!
if test $WAIT != 0 ; then
    echo PROXYPID $PROXYPID
    read foo
fi

KILLPIDS="$SERVERPID $PROXYPID"

echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
		'objectclass=*' > /dev/null 2>&1
	RC=$?
	if test $RC = 0 ; then
		break
	fi
	echo "Waiting $SLEEP1 seconds for slapd to start..."
	sleep $SLEEP1
done

if test $RC != 0 ; then
	echo "ldapsearch failed ($RC)!"
	test $KILLSERVERS != no && kill -HUP $KILLPIDS
	exit $RC
fi

##############################################################################
#
# Test 1: Test that shared connections are timed out
#

CONN_BEGINS=`date +%s`
CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
echo "Create shared connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"

$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD \
        'objectclass=*' > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD \
        'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
        echo "ldapsearch failed for base: dc=conn-ttl,$BASEDN ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

# Check that connections are established by searching for olmDbConnURI from Monitor

echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"

$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 0 ; then
    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 0 ; then
    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

# Wait for connections to be closed, either due to
# - idle-timeout and
# - conn-ttl
# sleep 2 second overtime for robustness of the test case
echo "Sleeping until idle-timeout and conn-ttl have passed"
NOW=`date +%s`
sleep `expr $CONN_EXPIRES - $NOW + 2`

echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"

$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 1 ; then
    echo "Error: LDAP connection to remote LDAP server was not closed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 1 ; then
    echo "Error: LDAP connection to remote LDAP server was not closed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi


##############################################################################
#
# Test 2: Test that private connections are timed out
#

CONN_BEGINS=`date +%s`
CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
echo "Create private connection towards remote LDAP (time_t now=$CONN_BEGINS timeout=$CONN_EXPIRES)"

# Create fifos that are used to pass searches from the test case to ldapsearch
rm -f $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo
mkfifo $TESTDIR/ldapsearch1.fifo $TESTDIR/ldapsearch2.fifo

# Execute ldapsearch on background and have it read searches from the fifo
$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
        -D "cn=Barbara Jensen,ou=Information Technology Division,dc=idle-timeout,$BASEDN" \
        -H $URI2 \
        -w "bjensen" \
        -f $TESTDIR/ldapsearch1.fifo >> $TESTOUT 2>&1 &
LDAPSEARCHPIDS=$!

$LDAPSEARCH -b "dc=conn-ttl,$BASEDN" \
        -D "cn=Barbara Jensen,ou=Information Technology Division,dc=conn-ttl,$BASEDN" \
        -H $URI2 \
        -w "bjensen" \
        -f $TESTDIR/ldapsearch2.fifo >> $TESTOUT 2>&1 &
LDAPSEARCHPIDS="$LDAPSEARCHPIDS $!"

# Open fifos as file descriptor
exec 3>$TESTDIR/ldapsearch1.fifo
exec 4>$TESTDIR/ldapsearch2.fifo

# Trigger LDAP connections towards the proxy by executing a search
echo 'objectclass=*' >&3
echo 'objectclass=*' >&4

# wait for ldapsearches (running as background processes) to execute search operations
sleep 2

echo "Checking that proxy has created connections towards backend (time_t now=`date +%s`)"

$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 0 ; then
    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
    exit $RC
fi

$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 0 ; then
    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
    exit $RC
fi

# Wait for connections to be closed, either due to
# - idle-timeout and
# - conn-ttl
# sleep 2 second overtime for robustness of the test case
echo "Sleeping until idle-timeout and conn-ttl have passed"
NOW=`date +%s`
sleep `expr $CONN_EXPIRES - $NOW + 2`

echo "Checking that proxy has closed expired connections towards the remote LDAP server (time_t now=`date +%s`)"

$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 1 ; then
    echo "Error: LDAP connection to remote LDAP server was not closed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
    exit $RC
fi

$LDAPSEARCH -b "cn=Connections,cn=database 3,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 1 ; then
    echo "Error: LDAP connection to remote LDAP server was not closed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS $LDAPSEARCHPIDS
    exit $RC
fi

# Close the file descriptors associated with the fifos.
# This will trigger EOF to ldapsearch which will cause it to exit.
exec 3>&-
exec 4>&-


##############################################################################
#
# Test 3: Check that idle-timeout is reset on activity
#

echo "Checking that idle-timeout is reset on activity"
CONN_BEGINS=`date +%s`
CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
echo "Create cached connection: idle-timeout timeout starts (time_t now=$CONN_BEGINS, original_timeout=$CONN_EXPIRES)"
$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD \
        'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

# sleep until 2 seconds before idle-timeout, then extend the timeout by executing another search operation
NOW=`date +%s`
sleep `expr $CONN_EXPIRES - $NOW - 2`

CONN_BEGINS=`date +%s`
CONN_EXPIRES=`expr $CONN_BEGINS + $TIMEOUT`
echo "Do another search to reset the timeout (time_t now=$CONN_BEGINS, new_timeout=$CONN_EXPIRES)"
$LDAPSEARCH -b "dc=idle-timeout,$BASEDN" \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD \
        'objectclass=*' >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
        echo "ldapsearch failed for base: dc=idle-timeout,$BASEDN ($RC)!"
        test $KILLSERVERS != no && kill -HUP $KILLPIDS
        exit $RC
fi

# sleep until 2 seconds before new extended idle-timeout, check that connection still exist
NOW=`date +%s`
sleep `expr $CONN_EXPIRES - $NOW - 2`
echo "Check that connection is still alive due to idle-timeout reset (time_t now=`date +%s`)"
$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD 2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 0 ; then
    echo "Error: LDAP connection to remote LDAP server is not found ($RC)"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

# sleep until 2 seconds after timeout, check that connection does not exist
NOW=`date +%s`
sleep `expr $CONN_EXPIRES - $NOW + 2`
echo "Check that connection is closed after extended idle-timeout has passed (time_t now=`date +%s`)"
$LDAPSEARCH -b "cn=Connections,cn=database 2,cn=databases,cn=monitor" -s one -LLL olmDbConnURI \
        -D "cn=Manager,dc=local,dc=com" \
        -H $URI2 \
        -w $PASSWD  2>&1 | tee -a $TESTOUT | grep ldap://${LOCALHOST}:$PORT1 >/dev/null
RC=$?
if test $RC != 1 ; then
    echo "Error: LDAP connection to remote LDAP server was not closed"
    test $KILLSERVERS != no && kill -HUP $KILLPIDS
    exit $RC
fi

test $KILLSERVERS != no && kill -HUP $KILLPIDS

echo ">>>>> Test succeeded"

test $KILLSERVERS != no && wait

exit 0