Commits (4)
......@@ -529,6 +529,7 @@ SLAPD_LIBS=
BUILD_SLAPD=no
BUILD_REWRITE=no
BUILD_THREAD=no
BUILD_SLAPI=no
......@@ -3043,6 +3044,7 @@ AC_SUBST(WITH_SASL)
AC_SUBST(WITH_TLS)
AC_SUBST(WITH_MODULES_ENABLED)
AC_SUBST(WITH_ACI_ENABLED)
AC_SUBST(BUILD_REWRITE)
AC_SUBST(BUILD_THREAD)
AC_SUBST(BUILD_LIBS_DYNAMIC)
......
......@@ -696,47 +696,6 @@ meta_suffixm_config(
return rc;
}
static int
slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
{
int i;
BerVarray bva = NULL;
char ibuf[32], *ptr;
struct berval idx;
assert( in != NULL );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
/* count'em */ ;
if ( i == 0 ) {
return 1;
}
idx.bv_val = ibuf;
bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
BER_BVZERO( &bva[ 0 ] );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
if ( idx.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free( bva );
return 1;
}
bva[i].bv_len = idx.bv_len + in[i].bv_len;
bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
ptr = lutil_strcopy( bva[i].bv_val, ibuf );
ptr = lutil_strcopy( ptr, in[i].bv_val );
*ptr = '\0';
BER_BVZERO( &bva[ i + 1 ] );
}
*out = bva;
return 0;
}
int
meta_subtree_free( metasubtree_t *ms )
{
......
......@@ -81,9 +81,6 @@ static CfBackInfo cfBackInfo;
static char *passwd_salt;
static FILE *logfile;
static char *logfileName;
#ifdef SLAP_AUTH_REWRITE
static BerVarray authz_rewrites;
#endif
static AccessControl *defacl_parsed = NULL;
static struct berval cfdir;
......@@ -333,9 +330,9 @@ static ConfigTable config_back_cf_table[] = {
"SUBSTR caseIgnoreSubstringsMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
NULL, NULL },
{ "authid-rewrite", NULL, 2, 0, STRLENOF( "authid-rewrite" ),
{ "authid-rewrite", "rewrite", 2, 0, STRLENOF( "authid-rewrite" ),
#ifdef SLAP_AUTH_REWRITE
ARG_MAGIC|CFG_REWRITE|ARG_NO_INSERT, &config_generic,
ARG_MAGIC|CFG_REWRITE, &config_generic,
#else
ARG_IGNORED, NULL,
#endif
......@@ -346,7 +343,7 @@ static ConfigTable config_back_cf_table[] = {
&config_generic, "( OLcfgGlAt:7 NAME 'olcAuthzPolicy' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
{ "authz-regexp", "regexp> <DN", 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP|ARG_NO_INSERT,
{ "authz-regexp", "regexp> <DN", 3, 3, 0, ARG_MAGIC|CFG_AZREGEXP,
&config_generic, "( OLcfgGlAt:8 NAME 'olcAuthzRegexp' "
"EQUALITY caseIgnoreMatch "
"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )", NULL, NULL },
......@@ -1401,29 +1398,7 @@ config_generic(ConfigArgs *c) {
#endif
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE:
if ( authz_rewrites ) {
struct berval bv, idx;
char ibuf[32];
int i;
idx.bv_val = ibuf;
for ( i=0; !BER_BVISNULL( &authz_rewrites[i] ); i++ ) {
idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
if ( idx.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free_x( c->rvalue_vals, NULL );
c->rvalue_vals = NULL;
break;
}
bv.bv_len = idx.bv_len + authz_rewrites[i].bv_len;
bv.bv_val = ch_malloc( bv.bv_len + 1 );
AC_MEMCPY( bv.bv_val, idx.bv_val, idx.bv_len );
AC_MEMCPY( &bv.bv_val[ idx.bv_len ],
authz_rewrites[i].bv_val,
authz_rewrites[i].bv_len + 1 );
ber_bvarray_add( &c->rvalue_vals, &bv );
}
}
if ( !c->rvalue_vals ) rc = 1;
rc = slap_sasl_rewrite_unparse( &c->rvalue_vals );
break;
#endif
default:
......@@ -1455,8 +1430,6 @@ config_generic(ConfigArgs *c) {
/* no-ops, requires slapd restart */
case CFG_PLUGIN:
case CFG_MODLOAD:
case CFG_AZREGEXP:
case CFG_REWRITE:
snprintf(c->log, sizeof( c->log ), "change requires slapd restart");
break;
......@@ -1495,6 +1468,17 @@ config_generic(ConfigArgs *c) {
}
break;
#endif /* SLAP_AUXPROP_DONTUSECOPY */
case CFG_AZREGEXP:
rc = slap_sasl_regexp_delete( c->valx );
break;
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE:
rc = slap_sasl_rewrite_delete( c->valx );
break;
#endif /* SLAP_AUTH_REWRITE */
case CFG_SALT:
ch_free( passwd_salt );
passwd_salt = NULL;
......@@ -1884,7 +1868,7 @@ config_generic(ConfigArgs *c) {
break;
case CFG_AZREGEXP:
if (slap_sasl_regexp_config( c->argv[1], c->argv[2] ))
if (slap_sasl_regexp_config( c->argv[1], c->argv[2], c->valx ))
return(1);
break;
......@@ -2444,36 +2428,13 @@ sortval_reject:
#ifdef SLAP_AUTH_REWRITE
case CFG_REWRITE: {
struct berval bv;
char *line;
int rc = 0;
int rc;
if ( c->op == LDAP_MOD_ADD ) {
c->argv++;
c->argc--;
}
if(slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv))
rc = 1;
if ( rc == 0 ) {
if ( c->argc > 1 ) {
char *s;
/* quote all args but the first */
line = ldap_charray2str( c->argv, "\" \"" );
ber_str2bv( line, 0, 0, &bv );
s = ber_bvchr( &bv, '"' );
assert( s != NULL );
/* move the trailing quote of argv[0] to the end */
AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
bv.bv_val[ bv.bv_len - 1 ] = '"';
} else {
ber_str2bv( c->argv[ 0 ], 0, 1, &bv );
}
ber_bvarray_add( &authz_rewrites, &bv );
}
rc = slap_sasl_rewrite_config(c->fname, c->lineno, c->argc, c->argv, c->valx);
if ( c->op == LDAP_MOD_ADD ) {
c->argv--;
c->argc++;
......@@ -3988,6 +3949,47 @@ anlist_unparse( AttributeName *an, char *ptr, ber_len_t buflen ) {
return ptr;
}
int
slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
{
int i;
BerVarray bva = NULL;
char ibuf[32], *ptr;
struct berval idx;
assert( in != NULL );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
/* count'em */ ;
if ( i == 0 ) {
return 1;
}
idx.bv_val = ibuf;
bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
BER_BVZERO( &bva[ 0 ] );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), SLAP_X_ORDERED_FMT, i );
if ( idx.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free( bva );
return 1;
}
bva[i].bv_len = idx.bv_len + in[i].bv_len;
bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
ptr = lutil_strcopy( bva[i].bv_val, ibuf );
ptr = lutil_strcopy( ptr, in[i].bv_val );
*ptr = '\0';
BER_BVZERO( &bva[ i + 1 ] );
}
*out = bva;
return 0;
}
static int
config_updatedn(ConfigArgs *c) {
if (c->op == SLAP_CONFIG_EMIT) {
......
......@@ -1968,46 +1968,6 @@ static ConfigOCs rwmocs[] = {
{ NULL, 0, NULL }
};
static void
slap_bv_x_ordered_unparse( BerVarray in, BerVarray *out )
{
int i;
BerVarray bva = NULL;
char ibuf[32], *ptr;
struct berval idx;
assert( in != NULL );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ )
/* count'em */ ;
if ( i == 0 ) {
return;
}
idx.bv_val = ibuf;
bva = ch_malloc( ( i + 1 ) * sizeof(struct berval) );
BER_BVZERO( &bva[ 0 ] );
for ( i = 0; !BER_BVISNULL( &in[i] ); i++ ) {
idx.bv_len = snprintf( idx.bv_val, sizeof( ibuf ), "{%d}", i );
if ( idx.bv_len >= sizeof( ibuf ) ) {
ber_bvarray_free( bva );
return;
}
bva[i].bv_len = idx.bv_len + in[i].bv_len;
bva[i].bv_val = ch_malloc( bva[i].bv_len + 1 );
ptr = lutil_strcopy( bva[i].bv_val, ibuf );
ptr = lutil_strcopy( ptr, in[i].bv_val );
*ptr = '\0';
BER_BVZERO( &bva[ i + 1 ] );
}
*out = bva;
}
static int
rwm_bva_add(
BerVarray *bva,
......@@ -2108,10 +2068,7 @@ rwm_cf_gen( ConfigArgs *c )
rc = 1;
} else {
slap_bv_x_ordered_unparse( rwmap->rwm_bva_rewrite, &c->rvalue_vals );
if ( !c->rvalue_vals ) {
rc = 1;
}
rc = slap_bv_x_ordered_unparse( rwmap->rwm_bva_rewrite, &c->rvalue_vals );
}
break;
......
......@@ -760,6 +760,7 @@ LDAP_SLAPD_F (int) slap_client_connect LDAP_P(( LDAP **ldp, slap_bindconf *sb ))
LDAP_SLAPD_F (int) config_generic_wrapper LDAP_P(( Backend *be,
const char *fname, int lineno, int argc, char **argv ));
LDAP_SLAPD_F (char *) anlist_unparse LDAP_P(( AttributeName *, char *, ber_len_t buflen ));
LDAP_SLAPD_F (int) slap_bv_x_ordered_unparse LDAP_P(( BerVarray in, BerVarray *out ));
LDAP_SLAPD_F (int) slap_keepalive_parse( struct berval *val, void *bc,
slap_cf_aux_table *tab0, const char *tabmsg, int unparse );
......@@ -1714,7 +1715,7 @@ LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
struct berval *authcid,
struct berval *authzid ));
LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
const char *match, const char *replace ));
const char *match, const char *replace, int valx ));
LDAP_SLAPD_F (void) slap_sasl_regexp_unparse LDAP_P(( BerVarray *bva ));
LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
......@@ -1723,9 +1724,13 @@ LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
const char *fname,
int lineno,
int argc,
char **argv ));
LDAP_SLAPD_F (void) slap_sasl_regexp_destroy LDAP_P(( void ));
char **argv,
int valx ));
LDAP_SLAPD_F (int) slap_sasl_rewrite_delete LDAP_P(( int valx ));
LDAP_SLAPD_F (int) slap_sasl_rewrite_unparse LDAP_P(( BerVarray *bva ));
#endif /* SLAP_AUTH_REWRITE */
LDAP_SLAPD_F (void) slap_sasl_regexp_destroy LDAP_P(( void ));
LDAP_SLAPD_F (int) slap_sasl_regexp_delete LDAP_P(( int valx ));
LDAP_SLAPD_F (int) authzValidate LDAP_P((
Syntax *syn, struct berval *in ));
#if 0
......
......@@ -28,6 +28,7 @@
#include "slap.h"
#include "lutil.h"
#include "config.h"
#define SASLREGEX_REPLACE 10
......@@ -68,9 +69,11 @@
typedef struct sasl_regexp {
char *sr_match; /* regexp match pattern */
char *sr_replace; /* regexp replace pattern */
char *sr_replace; /* regexp replace pattern */
#ifndef SLAP_AUTH_REWRITE
regex_t sr_workspace; /* workspace for regexp engine */
int sr_offset[SASLREGEX_REPLACE+2]; /* offsets of $1,$2... in *replace */
#endif
} SaslRegexp_t;
static int nSaslRegexp = 0;
......@@ -80,6 +83,7 @@ static SaslRegexp_t *SaslRegexp = NULL;
#include "rewrite.h"
struct rewrite_info *sasl_rwinfo = NULL;
#define AUTHID_CONTEXT "authid"
static BerVarray authz_rewrites = NULL;
#endif /* SLAP_AUTH_REWRITE */
/* What SASL proxy authorization policies are allowed? */
......@@ -1279,7 +1283,7 @@ static int slap_sasl_rx_off(char *rep, int *off)
#endif /* ! SLAP_AUTH_REWRITE */
#ifdef SLAP_AUTH_REWRITE
int slap_sasl_rewrite_config(
static int slap_sasl_rewrite_config_argv(
const char *fname,
int lineno,
int argc,
......@@ -1287,22 +1291,80 @@ int slap_sasl_rewrite_config(
)
{
int rc;
char *savearg0;
char *argv0 = NULL;
if ( strncasecmp( argv[0], "authid-", STRLENOF( "authid-" ) ) == 0 ) {
/* strip "authid-" prefix for parsing */
argv0 = argv[0];
argv[0] = &argv0[ STRLENOF( "authid-" ) ];
}
/* init at first call */
if ( sasl_rwinfo == NULL ) {
sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
}
/* strip "authid-" prefix for parsing */
savearg0 = argv[0];
argv[0] += STRLENOF( "authid-" );
rc = rewrite_parse( sasl_rwinfo, fname, lineno, argc, argv );
argv[0] = savearg0;
rc = rewrite_parse( sasl_rwinfo, fname, lineno, argc, argv );
if ( argv0 )
argv[0] = argv0;
return rc;
}
static int slap_sasl_rewrite_config_bv(
const char *fname,
int lineno,
struct berval bv
)
{
int rc;
ConfigArgs ca = { 0 };
ca.line = bv.bv_val;
ca.argc = 0;
config_fp_parse_line( &ca );
rc = slap_sasl_rewrite_config_argv( fname, lineno, ca.argc, ca.argv );
ch_free( ca.tline );
ch_free( ca.argv );
return rc;
}
static void
slap_sasl_rewrite_bva_add(
BerVarray *bva,
int idx,
int argc,
char **argv
)
{
char *line, *s;
struct berval bv;
if ( argc > 1 ) {
/* quote all args but the first */
line = ldap_charray2str( argv, "\" \"" );
ber_str2bv( line, 0, 0, &bv );
s = ber_bvchr( &bv, '"' );
assert( s != NULL );
/* move the trailing quote of argv[0] to the end */
AC_MEMCPY( s, s + 1, bv.bv_len - ( s - bv.bv_val ) );
bv.bv_val[ bv.bv_len - 1 ] = '"';
} else {
ber_str2bv( argv[ 0 ], 0, 1, &bv );
}
if ( idx == -1 ) {
ber_bvarray_add( bva, &bv );
} else {
(*bva)[ idx ] = bv;
}
}
static int
slap_sasl_rewrite_destroy( void )
{
......@@ -1314,89 +1376,238 @@ slap_sasl_rewrite_destroy( void )
return 0;
}
int slap_sasl_regexp_rewrite_config(
int slap_sasl_rewrite_config(
const char *fname,
int lineno,
const char *match,
const char *replace,
const char *context )
int argc,
char **argv,
int valx
)
{
int rc, i, last;
char *line;
struct berval bv;
struct rewrite_info *rw = sasl_rwinfo;
for ( last = 0; authz_rewrites && !BER_BVISNULL( &authz_rewrites[ last ] ); last++ )
/* count'em */ ;
if ( valx == -1 || valx >= last ) {
valx = -1;
rc = slap_sasl_rewrite_config_argv( fname, lineno, argc, argv );
if ( rc == 0 ) {
slap_sasl_rewrite_bva_add( &authz_rewrites, valx, argc, argv );
}
return rc;
}
sasl_rwinfo = NULL;
for ( i = 0; i < valx; i++ )
{
rc = slap_sasl_rewrite_config_bv( fname, lineno, authz_rewrites[ i ] );
assert( rc == 0 );
}
rc = slap_sasl_rewrite_config_argv( fname, lineno, argc, argv );
if ( rc != 0 ) {
slap_sasl_rewrite_destroy();
sasl_rwinfo = rw;
return 1;
}
for ( i = valx; authz_rewrites && !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
{
rc = slap_sasl_rewrite_config_bv( fname, lineno, authz_rewrites[ i ] );
assert( rc == 0 );
}
authz_rewrites = ch_realloc( authz_rewrites,
( last + 2 )*sizeof( struct berval ) );
BER_BVZERO( &authz_rewrites[ last + 1 ] );
for ( i = last - 1; i >= valx; i-- )
{
authz_rewrites[ i + 1 ] = authz_rewrites[ i ];
}
slap_sasl_rewrite_bva_add( &authz_rewrites, valx, argc, argv );
if ( rw )
rewrite_info_delete( &rw );
return rc;
}
int slap_sasl_rewrite_delete( int valx ) {
int rc, i;
if ( valx == -1 ) {
slap_sasl_rewrite_destroy();
if ( authz_rewrites ) {
ber_bvarray_free( authz_rewrites );
authz_rewrites = NULL;
}
return 0;
}
for ( i = 0; !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
/* count'em */ ;
if ( valx >= i ) {
return 1;
}
ber_memfree( authz_rewrites[ i ].bv_val );
for ( i = valx; !BER_BVISNULL( &authz_rewrites[ i + 1 ] ); i++ )
{
authz_rewrites[ i ] = authz_rewrites[ i + 1 ];
}
BER_BVZERO( &authz_rewrites[ i ] );
slap_sasl_rewrite_destroy();
for ( i = 0; !BER_BVISNULL( &authz_rewrites[ i ] ); i++ )
{
rc = slap_sasl_rewrite_config_bv( "slapd", 0, authz_rewrites[ i ] );
assert( rc == 0 );
}
return rc;
}
int slap_sasl_rewrite_unparse( BerVarray *bva ) {
if ( authz_rewrites ) {
return slap_bv_x_ordered_unparse( authz_rewrites, bva );
}
return 0;
}
static int
slap_sasl_regexp_rewrite_config(
struct rewrite_info **rwinfo,
const char *fname,
int lineno,
const char *match,
const char *replace,
const char *context )
{
int rc;
char *argvRule[] = { "rewriteRule", NULL, NULL, ":@", NULL };
struct rewrite_info *rw = *rwinfo;
/* init at first call */
if ( sasl_rwinfo == NULL ) {
if ( rw == NULL ) {
char *argvEngine[] = { "rewriteEngine", "on", NULL };
char *argvContext[] = { "rewriteContext", NULL, NULL };
/* initialize rewrite engine */
sasl_rwinfo = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
rw = rewrite_info_init( REWRITE_MODE_USE_DEFAULT );
/* switch on rewrite engine */
rc = rewrite_parse( sasl_rwinfo, fname, lineno, 2, argvEngine );
if (rc != LDAP_SUCCESS) {
return rc;
rc = rewrite_parse( rw, fname, lineno, 2, argvEngine );
if (rc != LDAP_SUCCESS) {
goto out;
}
/* create generic authid context */
argvContext[1] = AUTHID_CONTEXT;
rc = rewrite_parse( sasl_rwinfo, fname, lineno, 2, argvContext );
if (rc != LDAP_SUCCESS) {
return rc;
rc = rewrite_parse( rw, fname, lineno, 2, argvContext );
if (rc != LDAP_SUCCESS) {
goto out;
}
}
argvRule[1] = (char *)match;
argvRule[2] = (char *)replace;
rc = rewrite_parse( sasl_rwinfo, fname, lineno, 4, argvRule );
rc = rewrite_parse( rw, fname, lineno, 4, argvRule );
out:
if (rc == LDAP_SUCCESS) {
*rwinfo = rw;
} else {
rewrite_info_delete( &rw );
}
return rc;
}
#endif /* SLAP_AUTH_REWRITE */
int slap_sasl_regexp_config( const char *match, const char *replace )
int slap_sasl_regexp_config( const char *match, const char *replace, int valx )
{
int rc;
SaslRegexp_t *reg;
SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp,
(nSaslRegexp + 1) * sizeof(SaslRegexp_t) );
int i, rc;
SaslRegexp_t sr;
struct rewrite_info *rw = NULL;
reg = &SaslRegexp[nSaslRegexp];
if ( valx < 0 || valx > nSaslRegexp )
valx = nSaslRegexp;
#ifdef SLAP_AUTH_REWRITE
rc = slap_sasl_regexp_rewrite_config( "sasl-regexp", 0,
for ( i = 0; i < valx; i++) {
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
SaslRegexp[i].sr_match,
SaslRegexp[i].sr_replace,
AUTHID_CONTEXT);
assert( rc == 0 );
}
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
match, replace, AUTHID_CONTEXT );
#else /* ! SLAP_AUTH_REWRITE */
/* Precompile matching pattern */
rc = regcomp( &reg->sr_workspace, match, REG_EXTENDED|REG_ICASE );
rc = regcomp( &sr.sr_workspace, match, REG_EXTENDED|REG_ICASE );
if ( rc ) {
Debug( LDAP_DEBUG_ANY,
"SASL match pattern %s could not be compiled by regexp engine\n",
match );
#ifdef ENABLE_REWRITE
/* Dummy block to force symbol references in librewrite */
if ( slapMode == ( SLAP_SERVER_MODE|SLAP_TOOL_MODE )) {
rewrite_info_init( 0 );
}
#endif
return( LDAP_OTHER );
}
rc = slap_sasl_rx_off( replace, reg->sr_offset );
rc = slap_sasl_rx_off( replace, sr.sr_offset );
#endif /* ! SLAP_AUTH_REWRITE */
if ( rc == LDAP_SUCCESS ) {
reg->sr_match = ch_strdup( match );
reg->sr_replace = ch_strdup( replace );
SaslRegexp = (SaslRegexp_t *) ch_realloc( (char *) SaslRegexp,
(nSaslRegexp + 1) * sizeof(SaslRegexp_t) );
for ( i = nSaslRegexp; i > valx; i-- ) {
SaslRegexp[i] = SaslRegexp[i - 1];
}
SaslRegexp[i] = sr;
SaslRegexp[i].sr_match = ch_strdup( match );
SaslRegexp[i].sr_replace = ch_strdup( replace );
nSaslRegexp++;
#ifdef SLAP_AUTH_REWRITE
for ( i = valx + 1; i < nSaslRegexp; i++ ) {
rc = slap_sasl_regexp_rewrite_config( &rw, "sasl-regexp", 0,
SaslRegexp[i].sr_match,
SaslRegexp[i].sr_replace,
AUTHID_CONTEXT);
assert( rc == 0 );
}
slap_sasl_rewrite_destroy();
sasl_rwinfo = rw;
} else {
rewrite_info_delete( &rw );
#endif
}
return rc;
}
static void
slap_sasl_regexp_destroy_one( int n )
{
ch_free( SaslRegexp[ n ].sr_match );
ch_free( SaslRegexp[ n ].sr_replace );
#ifndef SLAP_AUTH_REWRITE
regfree( &SaslRegexp[ n ].sr_workspace );
#endif /* ! SLAP_AUTH_REWRITE */
}
void
slap_sasl_regexp_destroy( void )
{
......@@ -1404,14 +1615,12 @@ slap_sasl_regexp_destroy( void )
int n;
for ( n = 0; n < nSaslRegexp; n++ ) {
ch_free( SaslRegexp[ n ].sr_match );
ch_free( SaslRegexp[ n ].sr_replace );
#ifndef SLAP_AUTH_REWRITE
regfree( &SaslRegexp[ n ].sr_workspace );
#endif /* SLAP_AUTH_REWRITE */
slap_sasl_regexp_destroy_one( n );
}
ch_free( SaslRegexp );
SaslRegexp = NULL;
nSaslRegexp = 0;
}
#ifdef SLAP_AUTH_REWRITE
......@@ -1419,6 +1628,39 @@ slap_sasl_regexp_destroy( void )
#endif /* SLAP_AUTH_REWRITE */
}
int slap_sasl_regexp_delete( int valx )
{
int rc = 0;
if ( valx >= nSaslRegexp ) {
rc = 1;
} else if ( valx < 0 || nSaslRegexp == 1 ) {
slap_sasl_regexp_destroy();
} else {
int i;
slap_sasl_regexp_destroy_one( valx );
nSaslRegexp--;
for ( i = valx; i < nSaslRegexp; i++ ) {
SaslRegexp[ i ] = SaslRegexp[ i + 1 ];
}
#ifdef SLAP_AUTH_REWRITE
slap_sasl_rewrite_destroy();
for ( i = 0; i < nSaslRegexp; i++ ) {
rc = slap_sasl_regexp_rewrite_config( &sasl_rwinfo, "sasl-regexp", 0,
SaslRegexp[ i ].sr_match,
SaslRegexp[ i ].sr_replace,
AUTHID_CONTEXT );
assert( rc == 0 );
}
#endif /* SLAP_AUTH_REWRITE */
}
return rc;
}
void slap_sasl_regexp_unparse( BerVarray *out )
{
int i;
......@@ -1534,8 +1776,8 @@ static int slap_authz_regexp( struct berval *in, struct berval *out,
"[rw] %s: \"%s\" -> \"%s\"\n",
context, in->bv_val, out->bv_val );
return 1;
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_UNWILLING:
case REWRITE_REGEXEC_ERR:
default:
return 0;
......@@ -1544,7 +1786,7 @@ static int slap_authz_regexp( struct berval *in, struct berval *out,
#else /* ! SLAP_AUTH_REWRITE */
char *saslname = in->bv_val;
SaslRegexp_t *reg;
regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
regmatch_t sr_strings[SASLREGEX_REPLACE]; /* strings matching $1,$2 ... */
int i;
memset( out, 0, sizeof( *out ) );
......
......@@ -59,6 +59,7 @@ AC_WITH_TLS=@WITH_TLS@
AC_TLS_TYPE=@WITH_TLS_TYPE@
AC_WITH_MODULES_ENABLED=@WITH_MODULES_ENABLED@
AC_ACI_ENABLED=aci@WITH_ACI_ENABLED@
AC_REWRITE=@BUILD_REWRITE@
AC_THREADS=threads@BUILD_THREAD@
AC_LIBS_DYNAMIC=lib@BUILD_LIBS_DYNAMIC@
......@@ -77,7 +78,7 @@ export AC_ldap AC_mdb AC_meta AC_asyncmeta AC_monitor AC_null AC_relay AC_sql \
AC_refint AC_retcode AC_rwm AC_unique AC_syncprov AC_translucent \
AC_valsort \
AC_WITH_SASL AC_WITH_TLS AC_WITH_MODULES_ENABLED AC_ACI_ENABLED \
AC_THREADS AC_LIBS_DYNAMIC AC_WITH_TLS AC_TLS_TYPE
AC_REWRITE AC_THREADS AC_LIBS_DYNAMIC AC_WITH_TLS AC_TLS_TYPE
if test ! -x ../servers/slapd/slapd ; then
echo "Could not locate slapd(8)"
......
......@@ -51,6 +51,7 @@ WITH_TLS=${AC_WITH_TLS-no}
WITH_TLS_TYPE=${AC_TLS_TYPE-no}
ACI=${AC_ACI_ENABLED-acino}
REWRITE=${AC_REWRITE-no}
THREADS=${AC_THREADS-threadsno}
SLEEP0=${SLEEP0-1}
SLEEP1=${SLEEP1-7}
......
#! /bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2020 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $WITH_SASL = no; then
echo "SASL authentication not available, test skipped"
exit 0
fi
CONFDIR=$TESTDIR/slapd.d
mkdir -p $TESTDIR $CONFDIR $DBDIR1
$SLAPPASSWD -g -n >$CONFIGPWF
echo "Starting slapd on TCP/IP port $PORT1... $PWD"
. $CONFFILTER $BACKEND $MONITORDB < $DYNAMICCONF > $CONFLDIF
$SLAPADD -F $CONFDIR -n 0 -l $CONFLDIF
cd $TESTDIR
$SLAPD -F ./slapd.d -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
PID=$!
if test $WAIT != 0 ; then
echo PID $PID
read foo
fi
KILLPIDS="$PID"
cd $TESTWD
sleep 1
echo "Using ldapsearch to check that slapd is running..."
for i in 0 1 2 3 4 5; do
$LDAPSEARCH -s base -b "" -H $URI1 \
'objectclass=*' > /dev/null 2>&1
RC=$?
if test $RC = 0 ; then
break
fi
echo "Waiting 5 seconds for slapd to start..."
sleep 5
done
if test $RC != 0 ; then
echo "ldapsearch failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo "Adding schema and database..."
$LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
include: file://$ABS_SCHEMADIR/core.ldif
include: file://$ABS_SCHEMADIR/cosine.ldif
include: file://$ABS_SCHEMADIR/inetorgperson.ldif
include: file://$ABS_SCHEMADIR/openldap.ldif
include: file://$ABS_SCHEMADIR/nis.ldif
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed for schema config ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
if [ "$BACKENDTYPE" = mod ]; then
$LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
olcModuleLoad: back_$BACKEND.la
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed for backend config ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
fi
$LDAPADD -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
olcDatabase: {1}$BACKEND
olcSuffix: $BASEDN
olcDbDirectory: $DBDIR1
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed for database config ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
if test $INDEXDB = indexdb ; then
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: olcDatabase={1}$BACKEND,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: objectClass,entryUUID,entryCSN eq
olcDbIndex: cn,uid pres,eq,sub
EOF
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed for index config ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
fi
echo "Using ldapadd to populate the database..."
$LDAPADD -H $URI1 -D "$MANAGERDN" -w $PASSWD < $LDIFORDERED >>$TESTOUT 2>&1
RC=$?
if test $RC != 0 ; then
echo "ldapadd failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Adding olcAuthzRegexp rule for static mapping..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: uid=manager,cn=[^,]+,cn=auth $MANAGERDN
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Adding olcAuthzRegexp rule to search by uid..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: uid=([^,]+),cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=\$1)
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Inserting olcAuthzRegexp rule before the last..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthzRegexp
olcAuthzRegexp: {1}uid=babs,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjensen)
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Deleting the first olcAuthzRegexp rule..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
olcAuthzRegexp: {0}
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 49; then
echo "ldapwhoami unexpected result ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Updating an olcAuthzRegexp rule in place..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
olcAuthzRegexp: {0}
-
add: olcAuthzRegexp
olcAuthzRegexp: {0}uid=biff,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjorn)
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 49; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=biff
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjorn
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Deleting all olcAuthzRegexp rules..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthzRegexp
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 49; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
if test $REWRITE = yes; then
echo "Initializing olcAuthIDRewrite engine..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthIDRewrite
olcAuthIDRewrite: rewriteEngine ON
olcAuthIDRewrite: rewriteContext authid
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Adding olcAuthIDRewrite rule for static mapping..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthIDRewrite
olcAuthIDRewrite: rewriteRule uid=manager,cn=[^,]+,cn=auth $MANAGERDN :
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Adding olcAuthIDRewrite rule to search by uid..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthIDRewrite
olcAuthIDRewrite: rewriteRule uid=([^,]+),cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=\$1) :
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Inserting olcAuthIDRewrite rule before the last..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
add: olcAuthIDRewrite
olcAuthIDRewrite: {3}rewriteRule uid=babs,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjensen) :
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Deleting the first olcAuthIDRewrite rule..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthIDRewrite
olcAuthIDRewrite: {2}
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=Manager
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $PASSWD
RC=$?
if test $RC != 49; then
echo "ldapwhoami unexpected result ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Updating an olcAuthIDRewrite rule in place..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthIDRewrite
olcAuthIDRewrite: {2}
-
add: olcAuthIDRewrite
olcAuthIDRewrite: {2}rewriteRule uid=biff,cn=[^,]+,cn=auth ldap:///$BASEDN??sub?(uid=bjorn) :
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=babs
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjensen
RC=$?
if test $RC != 49; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=biff
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w bjorn
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 0; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
echo "Deleting all olcAuthIDRewrite rules..."
$LDAPMODIFY -H $URI1 -D cn=config -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
dn: cn=config
changetype: modify
delete: olcAuthIDRewrite
EOF
RC=$?
if test $RC != 0; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
ID=bjensen
echo "Testing ldapwhoami as $ID (should fail)..."
$LDAPSASLWHOAMI -H $URI1 -U $ID -w $ID
RC=$?
if test $RC != 49; then
echo "ldapwhoami failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
echo
else
echo "librewrite not enabled, skipping olcAuthIDRewrite tests"
fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS
echo ">>>>> Test succeeded"
test $KILLSERVERS != no && wait
exit 0