1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 2016-2021 Ondřej Kuzník, Symas Corp. 6## Copyright 2021 The OpenLDAP Foundation. 7## All rights reserved. 8## 9## Redistribution and use in source and binary forms, with or without 10## modification, are permitted only as authorized by the OpenLDAP 11## Public License. 12## 13## A copy of this license is available in the file LICENSE in the 14## top-level directory of the distribution or, alternatively, at 15## <http://www.OpenLDAP.org/license.html>. 16 17echo "running defines.sh" 18. $SRCDIR/scripts/defines.sh 19 20if test $OTP = otpno; then 21 echo "OTP overlay not available, test skipped" 22 exit 0 23fi 24 25OTP_DATA=$DATADIR/otp/hotp.ldif 26 27# OTPs for this token 28TOKEN_0=818800 29TOKEN_1=320382 30TOKEN_2=404533 31TOKEN_3=127122 32TOKEN_4=892599 33TOKEN_5=407030 34TOKEN_6=880935 35TOKEN_7=920291 36TOKEN_8=145192 37TOKEN_9=316404 38TOKEN_10=409144 39 40# OTPs for the second set of parameters 41TOKEN_SHA512_11=17544155 42TOKEN_SHA512_12=48953477 43 44mkdir -p $TESTDIR $DBDIR1 45 46echo "Running slapadd to build slapd database..." 47. $CONFFILTER $BACKEND < $CONF > $ADDCONF 48$SLAPADD -f $ADDCONF -l $LDIFORDERED 49RC=$? 50if test $RC != 0 ; then 51 echo "slapadd failed ($RC)!" 52 exit $RC 53fi 54 55mkdir $TESTDIR/confdir 56. $CONFFILTER $BACKEND < $CONF > $CONF1 57 58$SLAPPASSWD -g -n >$CONFIGPWF 59echo "database config" >>$CONF1 60echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1 61 62echo "Starting slapd on TCP/IP port $PORT1..." 63$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 & 64PID=$! 65if test $WAIT != 0 ; then 66 echo PID $PID 67 read foo 68fi 69KILLPIDS="$PID" 70 71sleep $SLEEP0 72 73for i in 0 1 2 3 4 5; do 74 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 75 'objectclass=*' > /dev/null 2>&1 76 RC=$? 77 if test $RC = 0 ; then 78 break 79 fi 80 echo "Waiting ${SLEEP1} seconds for slapd to start..." 81 sleep ${SLEEP1} 82done 83 84if [ "$OTP" = otpmod ]; then 85$LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF \ 86 >> $TESTOUT 2>&1 <<EOMOD 87dn: cn=module,cn=config 88objectClass: olcModuleList 89cn: module 90olcModulePath: $TESTWD/../servers/slapd/overlays 91olcModuleLoad: otp.la 92EOMOD 93RC=$? 94if test $RC != 0 ; then 95 echo "ldapmodify failed ($RC)!" 96 test $KILLSERVERS != no && kill -HUP $KILLPIDS 97 exit $RC 98fi 99fi 100 101echo "Loading test otp configuration..." 102$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ 103 >> $TESTOUT 2>&1 <<EOMOD 104dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config 105changetype: add 106objectClass: olcOverlayConfig 107EOMOD 108RC=$? 109if test $RC != 0 ; then 110 echo "ldapmodify failed ($RC)!" 111 test $KILLSERVERS != no && kill -HUP $KILLPIDS 112 exit $RC 113fi 114 115echo "Provisioning tokens and configuration..." 116$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 117 >> $TESTOUT 2>&1 < $OTP_DATA 118RC=$? 119if test $RC != 0 ; then 120 echo "ldapmodify failed ($RC)!" 121 test $KILLSERVERS != no && kill -HUP $KILLPIDS 122 exit $RC 123fi 124 125 126echo "Authentication tests:" 127echo "\ttoken that's not valid yet..." 128$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_10" \ 129 >> $TESTOUT 2>&1 130RC=$? 131if test $RC != 49 ; then 132 echo "ldapwhoami should have failed ($RC)!" 133 test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 exit $RC 135fi 136 137echo "\ta valid and expected token..." 138$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_4" \ 139 >> $TESTOUT 2>&1 140RC=$? 141if test $RC != 0 ; then 142 echo "ldapwhoami failed ($RC)!" 143 test $KILLSERVERS != no && kill -HUP $KILLPIDS 144 exit $RC 145fi 146 147echo "\ta valid token skipping some..." 148$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_6" \ 149 >> $TESTOUT 2>&1 150RC=$? 151if test $RC != 0 ; then 152 echo "ldapwhoami failed ($RC)!" 153 test $KILLSERVERS != no && kill -HUP $KILLPIDS 154 exit $RC 155fi 156 157echo "\treusing the same token..." 158$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_6" \ 159 >> $TESTOUT 2>&1 160RC=$? 161if test $RC != 49 ; then 162 echo "ldapwhoami should have failed ($RC)!" 163 test $KILLSERVERS != no && kill -HUP $KILLPIDS 164 exit $RC 165fi 166 167echo "\tanother account sharing the same token..." 168$LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_7" \ 169 >> $TESTOUT 2>&1 170RC=$? 171if test $RC != 0 ; then 172 echo "ldapwhoami failed ($RC)!" 173 test $KILLSERVERS != no && kill -HUP $KILLPIDS 174 exit $RC 175fi 176 177echo "\ttrying an old token..." 178$LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_5" \ 179 >> $TESTOUT 2>&1 180RC=$? 181if test $RC != 49 ; then 182 echo "ldapwhoami should have failed ($RC)!" 183 test $KILLSERVERS != no && kill -HUP $KILLPIDS 184 exit $RC 185fi 186 187echo "\tright token, wrong password..." 188$LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjensen$TOKEN_8" \ 189 >> $TESTOUT 2>&1 190RC=$? 191if test $RC != 49 ; then 192 echo "ldapwhoami should have failed ($RC)!" 193 test $KILLSERVERS != no && kill -HUP $KILLPIDS 194 exit $RC 195fi 196 197echo "\tmaking sure previous token has been retired too..." 198$LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_8" \ 199 >> $TESTOUT 2>&1 200RC=$? 201if test $RC != 49 ; then 202 echo "ldapwhoami should have failed ($RC)!" 203 test $KILLSERVERS != no && kill -HUP $KILLPIDS 204 exit $RC 205fi 206 207echo "\tthe first token we tested that's just become valid..." 208$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_10" \ 209 >> $TESTOUT 2>&1 210RC=$? 211if test $RC != 0 ; then 212 echo "ldapwhoami failed ($RC)!" 213 test $KILLSERVERS != no && kill -HUP $KILLPIDS 214 exit $RC 215fi 216 217echo "Reconfiguring token parameters..." 218$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 219 >/dev/null 2>&1 << EOMODS 220dn: ou=Information Technology Division,ou=People,dc=example,dc=com 221changetype: modify 222replace: oathHOTPParams 223oathHOTPParams: ou=Alumni Association,ou=People,dc=example,dc=com 224EOMODS 225RC=$? 226if test $RC != 0 ; then 227 echo "ldapmodify failed ($RC)!" 228 test $KILLSERVERS != no && kill -HUP $KILLPIDS 229 exit $RC 230fi 231 232echo "A new round of tests:" 233 234echo "\ta long token that's not valid yet..." 235$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_12" \ 236 >> $TESTOUT 2>&1 237RC=$? 238if test $RC != 49 ; then 239 echo "ldapwhoami should have failed ($RC)!" 240 test $KILLSERVERS != no && kill -HUP $KILLPIDS 241 exit $RC 242fi 243 244echo "\ta valid and expected token..." 245$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_11" \ 246 >> $TESTOUT 2>&1 247RC=$? 248if test $RC != 0 ; then 249 echo "ldapwhoami failed ($RC)!" 250 test $KILLSERVERS != no && kill -HUP $KILLPIDS 251 exit $RC 252fi 253 254echo "\tthe previous long token that's just become valid..." 255$LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_12" \ 256 >> $TESTOUT 2>&1 257RC=$? 258if test $RC != 0 ; then 259 echo "ldapwhoami failed ($RC)!" 260 test $KILLSERVERS != no && kill -HUP $KILLPIDS 261 exit $RC 262fi 263 264echo "Retrieving token status..." 265$LDAPSEARCH -b "ou=Information Technology Division,ou=People,dc=example,dc=com" \ 266 -H $URI1 objectclass=oathHOTPToken '@oathHOTPToken' \ 267 >> $SEARCHOUT 2>&1 268RC=$? 269if test $RC != 0 ; then 270 echo "ldapsearch failed ($RC)!" 271 test $KILLSERVERS != no && kill -HUP $KILLPIDS 272 exit $RC 273fi 274 275test $KILLSERVERS != no && kill -HUP $KILLPIDS 276 277LDIF=$DATADIR/otp/test001-out.ldif 278 279echo "Filtering ldapsearch results..." 280$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 281echo "Filtering ldif with expected data..." 282$LDIFFILTER < $LDIF > $LDIFFLT 283echo "Comparing filter output..." 284$CMP $SEARCHFLT $LDIFFLT > $CMPOUT 285 286if test $? != 0 ; then 287 echo "Comparison failed" 288 exit 1 289fi 290 291echo ">>>>> Test succeeded" 292 293test $KILLSERVERS != no && wait 294 295exit 0 296