mirror of
https://gitlab.com/davical-project/davical.git
synced 2026-01-27 00:33:34 +00:00
261 lines
7.2 KiB
Plaintext
261 lines
7.2 KiB
Plaintext
# Test again for an invalid user with fail caching enable to make sure
|
|
# the failure is cached, then wait a short while to see it is expired.
|
|
BEGINPERL
|
|
if ($debug) { $ENV{'LDAP_DEBUG'} = 1 };
|
|
|
|
use Net::LDAP::Server::Test;
|
|
use Net::LDAP;
|
|
use IO::Socket::INET;
|
|
|
|
#my $port = find_idle_port();
|
|
|
|
#my $ldap_port = RT::Test->find_idle_port;
|
|
my $ldap_port = 21394;
|
|
my $ldap_socket = IO::Socket::INET->new(
|
|
Listen => 5,
|
|
Proto => 'tcp',
|
|
Reuse => 1,
|
|
LocalPort => $ldap_port,
|
|
);
|
|
|
|
# Keep it around after this block exits.
|
|
$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 );
|
|
|
|
my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!";
|
|
$ldap->bind();
|
|
my $username = "ldap1";
|
|
my $base = "dc=example,dc=com";
|
|
my $dn = "uid=$username,ou=users,$base";
|
|
my $entry = {
|
|
cn => $username,
|
|
mail => "$username\@example.com",
|
|
uid => $username,
|
|
objectClass => 'User',
|
|
userPassword => 'ldap1',
|
|
};
|
|
$ldap->add( $base );
|
|
$ldap->add( $dn, attr => [%$entry] );
|
|
|
|
# We need to keep the client around, otherwise the test server will exit.
|
|
$evaled{'ldap_client'} = $ldap;
|
|
#sleep 100;
|
|
ENDPERL
|
|
|
|
APPCONF=common
|
|
|
|
# Cache failed auth checks for 10 seconds.
|
|
BEGINAPPCONF
|
|
$c->auth_cache_fail = 10;
|
|
ENDAPPCONF
|
|
|
|
# Clear cache
|
|
SCRIPT=echo flush_all | nc -N 127.0.0.1 11211
|
|
|
|
TYPE=PROPFIND
|
|
HEADER=Content-Type: text/xml
|
|
HEADER=Depth: 1
|
|
AUTH=ldap2:ldap2
|
|
HEAD
|
|
|
|
BEGINDATA
|
|
<?xml version="1.0" encoding="utf-8" ?>
|
|
<D:propfind xmlns:D="DAV:">
|
|
<D:prop>
|
|
<D:resourcetype/>
|
|
</D:prop>
|
|
</D:propfind>
|
|
ENDDATA
|
|
|
|
URL=http://regression_ldap.host/caldav.php/
|
|
|
|
# Check that no usr record has been created.
|
|
QUERY
|
|
SELECT active, email, fullname, last_used, password, username, user_no
|
|
FROM usr
|
|
WHERE username = 'ldap2';
|
|
ENDQUERY
|
|
|
|
# Check to make sure there is log line about no cached credentials
|
|
# and that LDAP is checked. Then entry is cached.
|
|
BEGINPERL
|
|
my $log_file = '/var/log/apache2/regression-error.log';
|
|
open(my $log, "< $log_file")
|
|
|| die "Failed to open $log_file for reading: $!";
|
|
|
|
my $no_salt = 0;
|
|
my $cached_creds = 0;
|
|
my $ldap_conn = 0;
|
|
my $failed_disabled = 0;
|
|
|
|
if (defined $request_id) {
|
|
while (<$log>) {
|
|
if (/davical: $request_id: (?:\*\*\*|ALL): (?:(?:ERROR:)?HTTPAuth:CheckCache|LDAP:drivers_ldap ): (.*)/) {
|
|
my $msg = $1;
|
|
if ($msg =~ /^No stored salt for ldap2,/) {
|
|
$no_salt = 1;
|
|
} elsif ($msg =~ /^Cached credentials for ldap2/) {
|
|
$cached_creds = 1;
|
|
} elsif ($msg =~ /^Connected to LDAP server/) {
|
|
$ldap_conn = 1;
|
|
} elsif ($msg =~ /^SetCache: Expiry set to 0, not caching credential/) {
|
|
$failed_disabled = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($no_salt) {
|
|
print "No salt for ldap2 found, passed\n";
|
|
} else {
|
|
print "Salt found for ldap2, passed\n";
|
|
}
|
|
|
|
if ($cached_creds) {
|
|
print "Cached credentials found, incorrect, failed\n";
|
|
} else {
|
|
print "No cached credentials found, passed\n";
|
|
}
|
|
|
|
if ($ldap_conn) {
|
|
print "Connected to LDAP server, passed\n";
|
|
} else {
|
|
print "No connection to LDAP, auth bailed out due to cached credentials, failed\n";
|
|
}
|
|
|
|
if ($failed_disabled) {
|
|
print "Credential caching for failed attempts disabled, failed\n";
|
|
} else {
|
|
print "Credential caching for failed attempts disabled not seen, passed\n";
|
|
}
|
|
} else {
|
|
print "No request_id found, can't check log file, failed\n";
|
|
}
|
|
|
|
# Put some blank lines in the output to break up the sections.
|
|
print "\n\n\n";
|
|
ENDPERL
|
|
|
|
URL=http://regression_ldap.host/caldav.php/
|
|
|
|
# Check again to make sure cached credentialsare checked.
|
|
BEGINPERL
|
|
my $log_file = '/var/log/apache2/regression-error.log';
|
|
open(my $log, "< $log_file")
|
|
|| die "Failed to open $log_file for reading: $!";
|
|
|
|
my $no_salt = 0;
|
|
my $cached_creds = 0;
|
|
my $ldap_conn = 0;
|
|
my $failed_disabled = 0;
|
|
|
|
if (defined $request_id) {
|
|
while (<$log>) {
|
|
if (/davical: $request_id: (?:\*\*\*|ALL): (?:(?:ERROR:)?HTTPAuth:CheckCache|LDAP:drivers_ldap ): (.*)/) {
|
|
my $msg = $1;
|
|
if ($msg =~ /^No stored salt for ldap2,/) {
|
|
$no_salt = 1;
|
|
} elsif ($msg =~ /^Cached credentials for ldap2 are good and invalid/) {
|
|
$cached_creds = 1;
|
|
} elsif ($msg =~ /^Connected to LDAP server/) {
|
|
$ldap_conn = 1;
|
|
} elsif ($msg =~ /^SetCache: Expiry set to 0, not caching credential/) {
|
|
$failed_disabled = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($no_salt) {
|
|
print "No salt for ldap2 found, failed\n";
|
|
} else {
|
|
print "Salt found for ldap2, passed\n";
|
|
}
|
|
|
|
if ($cached_creds) {
|
|
print "Cached credentials found, correct, passed\n";
|
|
} else {
|
|
print "No cached credentials found, failed\n";
|
|
}
|
|
|
|
if ($ldap_conn) {
|
|
print "Connected to LDAP server, failed\n";
|
|
} else {
|
|
print "No connection to LDAP, passed\n";
|
|
}
|
|
|
|
if ($failed_disabled) {
|
|
print "Credential caching for failed attempts disabled, failed\n";
|
|
} else {
|
|
print "Credential caching for failed attempts disabled not seen, passed\n";
|
|
}
|
|
} else {
|
|
print "No request_id found, can't check log file, failed\n";
|
|
}
|
|
|
|
# Wait longer than failed cache expiry time.
|
|
sleep 15;
|
|
|
|
# Put some blank lines in the output to break up the sections.
|
|
print "\n\n\n";
|
|
ENDPERL
|
|
|
|
URL=http://regression_ldap.host/caldav.php/
|
|
|
|
# Check to make sure there is log line about no cached credentials
|
|
# and that LDAP is checked. Then entry is cached.
|
|
BEGINPERL
|
|
my $log_file = '/var/log/apache2/regression-error.log';
|
|
open(my $log, "< $log_file")
|
|
|| die "Failed to open $log_file for reading: $!";
|
|
|
|
my $no_salt = 0;
|
|
my $cached_creds = 0;
|
|
my $ldap_conn = 0;
|
|
my $failed_disabled = 0;
|
|
|
|
if (defined $request_id) {
|
|
while (<$log>) {
|
|
if (/davical: $request_id: (?:\*\*\*|ALL): (?:(?:ERROR:)?HTTPAuth:CheckCache|LDAP:drivers_ldap ): (.*)/) {
|
|
my $msg = $1;
|
|
if ($msg =~ /^No stored salt for ldap2,/) {
|
|
$no_salt = 1;
|
|
} elsif ($msg =~ /^Cached credentials for ldap2/) {
|
|
$cached_creds = 1;
|
|
} elsif ($msg =~ /^Connected to LDAP server/) {
|
|
$ldap_conn = 1;
|
|
} elsif ($msg =~ /^SetCache: Expiry set to 0, not caching credential/) {
|
|
$failed_disabled = 1;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($no_salt) {
|
|
print "No salt for ldap2 found, failed\n";
|
|
} else {
|
|
print "Salt found for ldap2, passed\n";
|
|
}
|
|
|
|
if ($cached_creds) {
|
|
print "Cached credentials found, incorrect, failed\n";
|
|
} else {
|
|
print "No cached credentials found, passed\n";
|
|
}
|
|
|
|
if ($ldap_conn) {
|
|
print "Connected to LDAP server, passed\n";
|
|
} else {
|
|
print "No connection to LDAP, auth bailed out due to cached credentials, failed\n";
|
|
}
|
|
|
|
if ($failed_disabled) {
|
|
print "Credential caching for failed attempts disabled, failed\n";
|
|
} else {
|
|
print "Credential caching for failed attempts disabled not seen, passed\n";
|
|
}
|
|
} else {
|
|
print "No request_id found, can't check log file, failed\n";
|
|
}
|
|
|
|
# Put some blank lines in the output to break up the sections.
|
|
print "\n\n\n";
|
|
ENDPERL
|
|
|