Commit 7c28aa05 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add password check and generation check.

Modify tests to use -h "ldap://localhost:port/" instead of -p port.
parent d331d4c1
......@@ -9,8 +9,6 @@ slapd \- Stand-alone LDAP Daemon
.B [\-f slapd\-config\-file]
.B [\-h URLs]
.B [\-d debug\-level]
.B [\-p port\-number]
.B [\-P tls\-port\-number]
.B [\-s syslog\-level] [\-l syslog\-local\-user]
.B [\-u user] [\-g group]
.B
......@@ -112,25 +110,6 @@ a DN or other optional parameters. Hosts may be specified in either
Internet '.' format (preferred) or by name. Ports, if specfied,
must be numeric.
.TP
.BI \-p " port\-number"
.B slapd
will use on the default port (389) for LDAP URLs unless this
option is given to override the default.
A numeric port number is expected.
.TP
.BI \-P " tls\-port\-number"
.B slapd
will use on the default port (636) for LDAPS (LDAP over TLS) URLs
unless this option is given to override the default. A numeric port
number is expected.
.TP
.BI \-P " port\-number"
Changes the port where
.B slapd
will expect LDAP over raw TLS connections. If this option is not given,
the default port for this purpose (636) will be used. A numeric port
number is expected.
.TP
.BI \-u " user"
.B slapd
will run slapd with the specified user name or id, and that user's
......
......@@ -177,17 +177,14 @@ static void slapd_close(ber_socket_t s) {
}
static Listener *
open_listener(
const char* url,
int port,
int tls_port )
static Listener * open_listener( const char* url )
{
int tmp, rc;
Listener l;
Listener *li;
LDAPURLDesc *lud;
char *s;
int port;
rc = ldap_url_parse( url, &lud );
......@@ -208,14 +205,14 @@ open_listener(
}
if(! lud->lud_port ) {
lud->lud_port = port;
lud->lud_port = LDAP_PORT;
}
#else
l.sl_is_tls = lud->lud_ldaps;
if(! lud->lud_port ) {
lud->lud_port = lud->lud_ldaps ? tls_port : port;
lud->lud_port = lud->lud_ldaps ? LDAPS_PORT : LDAP_PORT;
}
#endif
......@@ -333,7 +330,7 @@ open_listener(
static int sockinit(void);
static int sockdestroy(void);
int slapd_daemon_init(char *urls, int port, int tls_port )
int slapd_daemon_init( char *urls )
{
int i, rc;
char **u;
......@@ -342,8 +339,8 @@ int slapd_daemon_init(char *urls, int port, int tls_port )
assert( tls_port == 0 );
#endif
Debug( LDAP_DEBUG_ARGS, "daemon_init: %s (%d/%d)\n",
urls ? urls : "<null>", port, tls_port );
Debug( LDAP_DEBUG_ARGS, "daemon_init: %s\n",
urls ? urls : "<null>", 0, 0 );
if( (rc = sockinit()) != 0 ) {
return rc;
......@@ -408,7 +405,7 @@ int slapd_daemon_init(char *urls, int port, int tls_port )
slap_listeners = ch_malloc( (i+1)*sizeof(Listener *) );
for(i = 0; u[i] != NULL; i++ ) {
slap_listeners[i] = open_listener( u[i], port, tls_port );
slap_listeners[i] = open_listener( u[i] );
if( slap_listeners[i] == NULL ) {
charray_free( u );
......
......@@ -116,10 +116,6 @@ usage( char *name )
"\t-n NTserviceName\tNT service name\n"
#endif
"\t-p port\tLDAP Port\n"
#ifdef HAVE_TLS
"\t-P port\tLDAP over TLS Port\n"
#endif
"\t-s level\tSyslog Level\n"
#ifdef SLAPD_BDB2
"\t-t\t\tEnable BDB2 timing\n"
......@@ -158,13 +154,6 @@ int main( int argc, char **argv )
char *serverName;
int serverMode = SLAP_SERVER_MODE;
int port = LDAP_PORT;
#ifdef HAVE_TLS
int tls_port = LDAPS_PORT;
#else
int tls_port = 0;
#endif
#ifdef CSRIMALLOC
FILE *leakfile;
if( ( leakfile = fopen( "slapd.leak", "w" )) == NULL ) {
......@@ -184,20 +173,6 @@ int main( int argc, char **argv )
CommenceStartupProcessing( NTservice, slap_sig_shutdown );
}
i = (int*)getRegParam( NULL, "Port" );
if ( i != NULL )
{
port = *i;
Debug ( LDAP_DEBUG_ANY, "new port from registry is: %d\n", port, 0, 0 );
}
#ifdef HAVE_TLS
i = (int*)getRegParam( NULL, "TLSPort" );
if ( i != NULL )
{
tls_port = *i;
Debug ( LDAP_DEBUG_ANY, "new TLS port from registry is: %d\n", tls_port, 0, 0 );
}
#endif
i = (int*)getRegParam( NULL, "DebugLevel" );
if ( i != NULL )
{
......@@ -214,7 +189,7 @@ int main( int argc, char **argv )
#endif
while ( (i = getopt( argc, argv,
"d:f:h:p:s:"
"d:f:h:s:"
#ifdef LOG_LOCAL4
"l:"
#endif
......@@ -229,9 +204,6 @@ int main( int argc, char **argv )
#endif
#ifdef HAVE_NT_EVENT_LOG
"n:"
#endif
#ifdef HAVE_TLS
"P:"
#endif
)) != EOF ) {
switch ( i ) {
......@@ -255,30 +227,6 @@ int main( int argc, char **argv )
configfile = ch_strdup( optarg );
break;
case 'p': { /* port on which to listen */
int p = atoi( optarg );
if(! p ) {
fprintf(stderr, "-p %s must be numeric\n", optarg);
} else if( p < 0 || p >= 1<<16) {
fprintf(stderr, "-p %s invalid\n", optarg);
} else {
port = p;
}
} break;
#ifdef HAVE_TLS
case 'P': { /* port on which to listen for TLS */
int p = atoi( optarg );
if(! p ) {
fprintf(stderr, "-P %s must be numeric\n", optarg);
} else if( p < 0 || p >= 1<<16) {
fprintf(stderr, "-P %s invalid\n", optarg);
} else {
tls_port = p;
}
} break;
#endif
case 's': /* set syslog level */
ldap_syslog = atoi( optarg );
break;
......@@ -347,7 +295,7 @@ int main( int argc, char **argv )
openlog( serverName, OPENLOG_OPTIONS );
#endif
if( slapd_daemon_init( urls, port, tls_port ) != 0 ) {
if( slapd_daemon_init( urls ) != 0 ) {
rc = 1;
SERVICE_EXIT( ERROR_SERVICE_SPECIFIC_ERROR, 16 );
goto stop;
......
......@@ -596,7 +596,7 @@ LIBSLAPD_F (int) slap_destroy LDAP_P((void));
struct sockaddr_in;
LIBSLAPD_F (int) slapd_daemon_init( char *urls, int port, int tls_port );
LIBSLAPD_F (int) slapd_daemon_init( char *urls );
LIBSLAPD_F (int) slapd_daemon_destroy(void);
LIBSLAPD_F (int) slapd_daemon(void);
......
......@@ -522,7 +522,7 @@ struct slap_backend_db {
slap_access_t be_dfltaccess; /* access given if no acl matches */
char **be_replica; /* replicas of this backend (in master) */
char *be_replogfile; /* replication log file (in master) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
char *be_update_ndn; /* allowed to make changes (in replicas) */
struct berval **be_update_refs; /* where to refer modifying clients to */
int be_lastmod; /* keep track of lastmodified{by,time} */
......
dn: o=University of Michigan, c=US
objectclass: top
objectclass: organization
o: University of Michigan
dn: cn=md5, o=University of Michigan, c=US
objectclass: top
objectclass: person
cn: md5
userpassword:: e01ENX1YcjRpbE96UTRQQ09xM2FRMHFidWFRPT0=
dn: cn=smd5, o=University of Michigan, c=US
objectclass: top
objectclass: person
cn: smd5
userpassword: secret
dn: cn=sha, o=University of Michigan, c=US
objectclass: top
objectclass: person
cn: sha
userpassword:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
dn: cn=ssha, o=University of Michigan, c=US
objectclass: top
objectclass: person
cn: ssha
userpassword: secret
# $OpenLDAP$
#
# master slapd config -- for testing
#
include ./data/slapd.at.conf
include ./data/slapd.oc.conf
schemacheck off
pidfile ./test-db/slapd.pid
argsfile ./test-db/slapd.args
# password-hash {md5}
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
cachesize 0
suffix "o=University of Michigan, c=US"
directory ./test-db
rootdn "cn=Manager, o=University of Michigan, c=US"
rootpw secret
index cn,sn,uid pres,eq,approx
index default none
lastmod on
defaultaccess none
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
access to attr=userpassword
by anonymous auth
by self write
access to *
by self write
by * read
# $OpenLDAP$
#
# master slapd config -- for testing
#
include ./data/slapd.at.conf
include ./data/slapd.oc.conf
schemacheck off
pidfile ./test-db/slapd.pid
argsfile ./test-db/slapd.args
# password-hash {md5}
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
cachesize 0
suffix "o=University of Michigan, c=US"
directory ./test-db
rootdn "cn=Manager, o=University of Michigan, c=US"
rootpw secret
index cn,sn,uid pres,eq,approx
index default none
lastmod on
defaultaccess none
#
# normal installations should protect root dse,
# cn=monitor, cn=schema, and cn=config
#
access to attr=userpassword
by anonymous auth
by self write
access to *
by self write
by * read
......@@ -6,6 +6,7 @@ PROGDIR=./progs
if test "$BACKEND" = "bdb2" ; then
CONF=$DATADIR/slapd-bdb2-master.conf
PWCONF=$DATADIR/slapd-bdb2-pw.conf
ACLCONF=$DATADIR/slapd-bdb2-acl.conf
MASTERCONF=$DATADIR/slapd-bdb2-repl-master.conf
SLAVECONF=$DATADIR/slapd-bdb2-repl-slave.conf
......@@ -13,6 +14,7 @@ if test "$BACKEND" = "bdb2" ; then
TIMING="-t"
else
CONF=$DATADIR/slapd-master.conf
PWCONF=$DATADIR/slapd-pw.conf
ACLCONF=$DATADIR/slapd-acl.conf
MASTERCONF=$DATADIR/slapd-repl-master.conf
SLAVECONF=$DATADIR/slapd-repl-slave.conf
......@@ -32,6 +34,7 @@ LDIF2LDBM="../servers/slapd/tools/slapadd $LDAP_VERBOSE"
SLAPD=../servers/slapd/slapd
SLURPD=../servers/slurpd/slurpd
LDAPPASSWD="$CLIENTDIR/ldappasswd"
LDAPSEARCH="$CLIENTDIR/ldapsearch $PROTO -LLL"
LDAPMODIFY="$CLIENTDIR/ldapmodify $PROTO"
LDAPADD="$CLIENTDIR/ldapadd $PROTO"
......@@ -41,10 +44,14 @@ LVL=${SLAPD_DEBUG-5}
ADDR=127.0.0.1
PORT=9009
SLAVEPORT=9010
MASTERURI="ldap://localhost:$PORT/"
SLAVEURI="ldap://localhost:$SLAVEPORT/"
DBDIR=./test-db
REPLDIR=./test-repl
LDIF=$DATADIR/test.ldif
LDIFORDERED=$DATADIR/test-ordered.ldif
LDIFPASSWD=$DATADIR/passwd.ldif
LDIFPASSWDOUT=$DATADIR/passwd-out.ldif
MONITOR="cn=monitor"
BASEDN="o=University of Michigan, c=US"
MANAGERDN="cn=Manager, o=University of Michigan, c=US"
......
......@@ -29,7 +29,7 @@ if test $RC != 0 ; then
fi
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Using ldapsearch to retrieve all the entries..."
......
......@@ -18,7 +18,7 @@ echo "Cleaning up in $DBDIR..."
rm -f $DBDIR/[!C]*
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Using ldapsearch to check that slapd is running..."
......
......@@ -26,7 +26,7 @@ if test $RC != 0 ; then
fi
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Testing slapd searching..."
......
......@@ -26,7 +26,7 @@ if test $RC != 0 ; then
fi
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Testing slapd modify operations..."
......
......@@ -26,7 +26,7 @@ if test $RC != 0 ; then
fi
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Testing slapd modrdn operations..."
......
......@@ -26,7 +26,7 @@ if test $RC != 0 ; then
fi
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $ACLCONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $ACLCONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Testing slapd access control..."
......
......@@ -35,11 +35,11 @@ echo "Cleaning up in $REPLDIR..."
rm -f $REPLDIR/[!C]*
echo "Starting master slapd on TCP/IP port $PORT..."
$SLAPD -f $MASTERCONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $MASTERCONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Starting slave slapd on TCP/IP port $SLAVEPORT..."
$SLAPD -f $SLAVECONF -p $SLAVEPORT -d $LVL $TIMING > $SLAVELOG 2>&1 &
$SLAPD -f $SLAVECONF -h $SLAVEURI -d $LVL $TIMING > $SLAVELOG 2>&1 &
SLAVEPID=$!
echo "Using ldapsearch to check that master slapd is running..."
......
......@@ -32,7 +32,7 @@ echo "Waiting 5 seconds for slapadd to build slapd database..."
sleep 5
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Using ldapsearch to check that slapd is running..."
......
......@@ -31,11 +31,11 @@ if test $RC != 0 ; then
fi
echo "Starting master slapd on TCP/IP port $PORT..."
$SLAPD -f $CONF -p $PORT -d $LVL $TIMING > $MASTERLOG 2>&1 &
$SLAPD -f $CONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Starting slave slapd on TCP/IP port $SLAVEPORT..."
$SLAPD -f $REFSLAVECONF -p $SLAVEPORT -d $LVL $TIMING > $SLAVELOG 2>&1 &
$SLAPD -f $REFSLAVECONF -h $SLAVEURI -d $LVL $TIMING > $SLAVELOG 2>&1 &
SLAVEPID=$!
echo "Testing for master slapd..."
......
#! /bin/sh
# $OpenLDAP$
if test $# -eq 0 ; then
SRCDIR="."
else
SRCDIR=$1; shift
fi
if test $# -eq 1 ; then
BACKEND=$1; shift
fi
echo "running defines.sh $SRCDIR $BACKEND"
. $SRCDIR/scripts/defines.sh
echo "Cleaning up in $DBDIR..."
rm -f $DBDIR/[!C]*
echo "Starting slapd on TCP/IP port $PORT..."
$SLAPD -f $PWCONF -h $MASTERURI -d $LVL $TIMING > $MASTERLOG 2>&1 &
PID=$!
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "$MONITOR" -h localhost -p $PORT \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 1 ; then
echo "Waiting 5 seconds for slapd to start..."
sleep 5
fi
done
echo "Using ldapadd to populate the database..."
$LDAPADD -D "$MANAGERDN" -h localhost -p $PORT -w $PASSWD < \
$LDIFPASSWD > $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed!"
kill -HUP $PID
exit $RC
fi
echo > $SEARCHOUT
echo > $TESTOUT
echo "Using ldapsearch to verify population ..."
echo "++ Initial search" >> $SEARCHOUT
$LDAPSEARCH -h localhost -p $PORT \
-D "$MANAGERDN" -w $PASSWD \
-b "$BASEDN" \
'objectclass=*' >> $SEARCHOUT 2>&1
echo "Using ldappasswd (PASS 1) ..."
echo "Pass 1" >> $TESTOUT
$LDAPPASSWD -h localhost -p $PORT \
-w secret -s newsecret \
"cn=md5, $BASEDN" >> $TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w secret -s newsecret \
"cn=smd5, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w secret -s newsecret \
"cn=sha, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w secret -s newsecret \
"cn=ssha, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
echo "" >> $TESTOUT
echo "Pass 2" >> $TESTOUT
echo "Using ldappasswd (PASS 2) ..."
$LDAPPASSWD -h localhost -p $PORT \
-w newsecret \
"cn=md5, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w newsecret \
"cn=smd5, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w newsecret \
"cn=sha, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
$LDAPPASSWD -h localhost -p $PORT \
-w newsecret \
"cn=ssha, $BASEDN" >> $TESTOUT 2>&1
if test $RC != 0 ; then
echo "ldappasswd failed!"
kill -HUP $PID
exit $RC
fi
kill -HUP $PID
echo ">>>>> Test succeeded"
exit 0
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment