test080-hotp revision 1.1.1.2
1 #! /bin/sh 2 # $OpenLDAP$ 3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 ## 5 ## Copyright 2016-2021 Ondej Kuznk, Symas Corp. 6 ## Copyright 2021-2024 The OpenLDAP Foundation. 7 ## All rights reserved. 8 ## 9 ## Redistribution and use in source and binary forms, with or without 10 ## modification, are permitted only as authorized by the OpenLDAP 11 ## Public License. 12 ## 13 ## A copy of this license is available in the file LICENSE in the 14 ## top-level directory of the distribution or, alternatively, at 15 ## <http://www.OpenLDAP.org/license.html>. 16 17 echo "running defines.sh" 18 . $SRCDIR/scripts/defines.sh 19 20 if test $OTP = otpno; then 21 echo "OTP overlay not available, test skipped" 22 exit 0 23 fi 24 25 OTP_DATA=$DATADIR/otp/hotp.ldif 26 27 # OTPs for this token 28 TOKEN_0=818800 29 TOKEN_1=320382 30 TOKEN_2=404533 31 TOKEN_3=127122 32 TOKEN_4=892599 33 TOKEN_5=407030 34 TOKEN_6=880935 35 TOKEN_7=920291 36 TOKEN_8=145192 37 TOKEN_9=316404 38 TOKEN_10=409144 39 40 # OTPs for the second set of parameters 41 TOKEN_SHA512_11=17544155 42 TOKEN_SHA512_12=48953477 43 44 mkdir -p $TESTDIR $DBDIR1 45 46 echo "Running slapadd to build slapd database..." 47 . $CONFFILTER $BACKEND < $CONF > $ADDCONF 48 $SLAPADD -f $ADDCONF -l $LDIFORDERED 49 RC=$? 50 if test $RC != 0 ; then 51 echo "slapadd failed ($RC)!" 52 exit $RC 53 fi 54 55 mkdir $TESTDIR/confdir 56 . $CONFFILTER $BACKEND < $CONF > $CONF1 57 58 $SLAPPASSWD -g -n >$CONFIGPWF 59 echo "database config" >>$CONF1 60 echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1 61 62 echo "Starting slapd on TCP/IP port $PORT1..." 63 $SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 & 64 PID=$! 65 if test $WAIT != 0 ; then 66 echo PID $PID 67 read foo 68 fi 69 KILLPIDS="$PID" 70 71 sleep $SLEEP0 72 73 for i in 0 1 2 3 4 5; do 74 $LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \ 75 'objectclass=*' > /dev/null 2>&1 76 RC=$? 77 if test $RC = 0 ; then 78 break 79 fi 80 echo "Waiting ${SLEEP1} seconds for slapd to start..." 81 sleep ${SLEEP1} 82 done 83 84 if [ "$OTP" = otpmod ]; then 85 $LDAPADD -D cn=config -H $URI1 -y $CONFIGPWF \ 86 >> $TESTOUT 2>&1 <<EOMOD 87 dn: cn=module,cn=config 88 objectClass: olcModuleList 89 cn: module 90 olcModulePath: $TESTWD/../servers/slapd/overlays 91 olcModuleLoad: otp.la 92 EOMOD 93 RC=$? 94 if test $RC != 0 ; then 95 echo "ldapmodify failed ($RC)!" 96 test $KILLSERVERS != no && kill -HUP $KILLPIDS 97 exit $RC 98 fi 99 fi 100 101 echo "Loading test otp configuration..." 102 $LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \ 103 >> $TESTOUT 2>&1 <<EOMOD 104 dn: olcOverlay={0}otp,olcDatabase={1}$BACKEND,cn=config 105 changetype: add 106 objectClass: olcOverlayConfig 107 EOMOD 108 RC=$? 109 if test $RC != 0 ; then 110 echo "ldapmodify failed ($RC)!" 111 test $KILLSERVERS != no && kill -HUP $KILLPIDS 112 exit $RC 113 fi 114 115 echo "Provisioning tokens and configuration..." 116 $LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 117 >> $TESTOUT 2>&1 < $OTP_DATA 118 RC=$? 119 if test $RC != 0 ; then 120 echo "ldapmodify failed ($RC)!" 121 test $KILLSERVERS != no && kill -HUP $KILLPIDS 122 exit $RC 123 fi 124 125 126 echo "Authentication tests:" 127 echo "\ttoken that's not valid yet..." 128 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_10" \ 129 >> $TESTOUT 2>&1 130 RC=$? 131 if test $RC != 49 ; then 132 echo "ldapwhoami should have failed ($RC)!" 133 test $KILLSERVERS != no && kill -HUP $KILLPIDS 134 exit $RC 135 fi 136 137 echo "\ta valid and expected token..." 138 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_4" \ 139 >> $TESTOUT 2>&1 140 RC=$? 141 if test $RC != 0 ; then 142 echo "ldapwhoami failed ($RC)!" 143 test $KILLSERVERS != no && kill -HUP $KILLPIDS 144 exit $RC 145 fi 146 147 echo "\ta valid token skipping some..." 148 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_6" \ 149 >> $TESTOUT 2>&1 150 RC=$? 151 if test $RC != 0 ; then 152 echo "ldapwhoami failed ($RC)!" 153 test $KILLSERVERS != no && kill -HUP $KILLPIDS 154 exit $RC 155 fi 156 157 echo "\treusing the same token..." 158 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_6" \ 159 >> $TESTOUT 2>&1 160 RC=$? 161 if test $RC != 49 ; then 162 echo "ldapwhoami should have failed ($RC)!" 163 test $KILLSERVERS != no && kill -HUP $KILLPIDS 164 exit $RC 165 fi 166 167 echo "\tanother account sharing the same token..." 168 $LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_7" \ 169 >> $TESTOUT 2>&1 170 RC=$? 171 if test $RC != 0 ; then 172 echo "ldapwhoami failed ($RC)!" 173 test $KILLSERVERS != no && kill -HUP $KILLPIDS 174 exit $RC 175 fi 176 177 echo "\ttrying an old token..." 178 $LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_5" \ 179 >> $TESTOUT 2>&1 180 RC=$? 181 if test $RC != 49 ; then 182 echo "ldapwhoami should have failed ($RC)!" 183 test $KILLSERVERS != no && kill -HUP $KILLPIDS 184 exit $RC 185 fi 186 187 echo "\tright token, wrong password..." 188 $LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjensen$TOKEN_8" \ 189 >> $TESTOUT 2>&1 190 RC=$? 191 if test $RC != 49 ; then 192 echo "ldapwhoami should have failed ($RC)!" 193 test $KILLSERVERS != no && kill -HUP $KILLPIDS 194 exit $RC 195 fi 196 197 echo "\tmaking sure previous token has been retired too..." 198 $LDAPWHOAMI -D "$BJORNSDN" -H $URI1 -w "bjorn$TOKEN_8" \ 199 >> $TESTOUT 2>&1 200 RC=$? 201 if test $RC != 49 ; then 202 echo "ldapwhoami should have failed ($RC)!" 203 test $KILLSERVERS != no && kill -HUP $KILLPIDS 204 exit $RC 205 fi 206 207 echo "\tthe first token we tested that's just become valid..." 208 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_10" \ 209 >> $TESTOUT 2>&1 210 RC=$? 211 if test $RC != 0 ; then 212 echo "ldapwhoami failed ($RC)!" 213 test $KILLSERVERS != no && kill -HUP $KILLPIDS 214 exit $RC 215 fi 216 217 echo "Reconfiguring token parameters..." 218 $LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \ 219 >/dev/null 2>&1 << EOMODS 220 dn: ou=Information Technology Division,ou=People,dc=example,dc=com 221 changetype: modify 222 replace: oathHOTPParams 223 oathHOTPParams: ou=Alumni Association,ou=People,dc=example,dc=com 224 EOMODS 225 RC=$? 226 if test $RC != 0 ; then 227 echo "ldapmodify failed ($RC)!" 228 test $KILLSERVERS != no && kill -HUP $KILLPIDS 229 exit $RC 230 fi 231 232 echo "A new round of tests:" 233 234 echo "\ta long token that's not valid yet..." 235 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_12" \ 236 >> $TESTOUT 2>&1 237 RC=$? 238 if test $RC != 49 ; then 239 echo "ldapwhoami should have failed ($RC)!" 240 test $KILLSERVERS != no && kill -HUP $KILLPIDS 241 exit $RC 242 fi 243 244 echo "\ta valid and expected token..." 245 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_11" \ 246 >> $TESTOUT 2>&1 247 RC=$? 248 if test $RC != 0 ; then 249 echo "ldapwhoami failed ($RC)!" 250 test $KILLSERVERS != no && kill -HUP $KILLPIDS 251 exit $RC 252 fi 253 254 echo "\tthe previous long token that's just become valid..." 255 $LDAPWHOAMI -D "$BABSDN" -H $URI1 -w "bjensen$TOKEN_SHA512_12" \ 256 >> $TESTOUT 2>&1 257 RC=$? 258 if test $RC != 0 ; then 259 echo "ldapwhoami failed ($RC)!" 260 test $KILLSERVERS != no && kill -HUP $KILLPIDS 261 exit $RC 262 fi 263 264 echo "Retrieving token status..." 265 $LDAPSEARCH -b "ou=Information Technology Division,ou=People,dc=example,dc=com" \ 266 -H $URI1 objectclass=oathHOTPToken '@oathHOTPToken' \ 267 >> $SEARCHOUT 2>&1 268 RC=$? 269 if test $RC != 0 ; then 270 echo "ldapsearch failed ($RC)!" 271 test $KILLSERVERS != no && kill -HUP $KILLPIDS 272 exit $RC 273 fi 274 275 test $KILLSERVERS != no && kill -HUP $KILLPIDS 276 277 LDIF=$DATADIR/otp/test001-out.ldif 278 279 echo "Filtering ldapsearch results..." 280 $LDIFFILTER < $SEARCHOUT > $SEARCHFLT 281 echo "Filtering ldif with expected data..." 282 $LDIFFILTER < $LDIF > $LDIFFLT 283 echo "Comparing filter output..." 284 $CMP $SEARCHFLT $LDIFFLT > $CMPOUT 285 286 if test $? != 0 ; then 287 echo "Comparison failed" 288 exit 1 289 fi 290 291 echo ">>>>> Test succeeded" 292 293 test $KILLSERVERS != no && wait 294 295 exit 0 296
Indexes created Sun Mar 01 05:31:48 UTC 2026