simple ldap filter test

2025-01-18 22:52:11 +01:00 · 2015-03-04 11:12:16 +01:00 · 2015-03-04 11:12:16 +01:00 · 35c8acce6e
commit 35c8acce6e
parent 71339bb8a1
2 changed files with 40 additions and 14 deletions
--- a/tests/aux/ldap.pl
+++ b/tests/aux/ldap.pl
@ -43,8 +43,9 @@ use constant RESULT_OK => {
 };

 my %objects = (
-  'uid=foo,ou=users,dc=example,dc=com' => ['vvincredible'],
-  'uid=test,ou=users,dc=example,dc=com' =>['cccccccfhcbe', 'ccccccbchvth'],
+  'base=uid=foo,ou=users,dc=example,dc=com' => {keys => ['vvincredible']},
+  'base=uid=test,ou=users,dc=example,dc=com' => {keys => ['cccccccfhcbe', 'ccccccbchvth']},
+  'sub:base=:(uid=test)' => {keys => ['cccccccfhcbe', 'ccccccbchvth'], dn => 'uid=test,out=users,dc=example,dc=com'},
 );

 sub bind {
@ -56,14 +57,22 @@ sub bind {
 sub search {
  my $self = shift;
  my $reqData = shift;
-  my $base = $reqData->{'baseObject'};
-  my $id = $objects{$base};
+  my $id;
+  my $base;
+  if($reqData->{'scope'} == 0) {
+    $base = $reqData->{'baseObject'};
+    $id = $objects{'base=' . $base};
+  } elsif($reqData->{'scope'} == 2) {
+    my $match = $reqData->{'filter'}->{'equalityMatch'};
+    $id = $objects{'sub:base=' . $reqData->{'baseObject'} . ':(' . $match->{'attributeDesc'} . '=' . $match->{'assertionValue'} . ')'};
+    $base = $id->{'dn'};
+  }
  my @entries;
  if($id) {
    my $entry = Net::LDAP::Entry->new;
    $entry->dn($base);
    $entry->add(objectClass => [ "person" ]);
-    $entry->add(yubiKeyId => $id);
+    $entry->add(yubiKeyId => $id->{'keys'});
    push @entries, $entry;
  }
  return RESULT_OK, @entries;
--- a/tests/pam_test.c
+++ b/tests/pam_test.c
@ -70,6 +70,15 @@ static const char *ldap_cfg[] = {
  "debug"
 };

+static const char *ldap_cfg2[] = {
+  "id=1",
+  "urllist=http://localhost:"YKVAL_PORT1"/wsapi/2/verify;http://localhost:"YKVAL_PORT2"/wsapi/2/verify",
+  "ldap_uri=ldap://localhost:"LDAP_PORT,
+  "ldap_filter=(uid=%u)",
+  "yubi_attr=yubiKeyId",
+  "debug"
+};
+
 static const struct data *test_get_data(void *id) {
  return &_data[(long)id];
 }
@ -211,6 +220,10 @@ static int test_authenticate_ldap2(void) {
  return pam_sm_authenticate(4, 0, sizeof(ldap_cfg) / sizeof(char*), ldap_cfg);
 }

+static int test_authenticate_ldap3(void) {
+  return pam_sm_authenticate(4, 0, sizeof(ldap_cfg2) / sizeof(char*), ldap_cfg2);
+}
+
 static pid_t run_mock(const char *port, const char *type) {
  pid_t pid = fork();
  if(pid == 0) {
@ -250,28 +263,32 @@ int main(void) {
    ret = 5;
    goto out;
  }
-#ifdef HAVE_LIBLDAP
-  if(test_authenticate_ldap1() != PAM_SUCCESS) {
+  if(test_authenticate3() != PAM_SUCCESS) {
    ret = 6;
    goto out;
  }
+#ifdef HAVE_LIBLDAP
+  if(test_authenticate_ldap1() != PAM_SUCCESS) {
+    ret = 1001;
+    goto out;
+  }
  if(test_authenticate_ldap_fail1() != PAM_USER_UNKNOWN) {
-    ret = 7;
+    ret = 1002;
    goto out;
  }
  if(test_authenticate_ldap_fail2() != PAM_AUTH_ERR) {
-    ret = 8;
+    ret = 1003;
    goto out;
  }
  if(test_authenticate_ldap2() != PAM_SUCCESS) {
-    ret = 9;
+    ret = 1004;
+    goto out;
+  }
+  if(test_authenticate_ldap3() != PAM_SUCCESS) {
+    ret = 1005;
    goto out;
  }
 #endif
-  if(test_authenticate3() != PAM_SUCCESS) {
-    ret = 10;
-    goto out;
-  }

 out:
  kill(child, 9);