1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/bash
set -x
SLAPADD=/usr/sbin/slapadd
SLAPD=/usr/sbin/slapd
if [[ -z ${WORKDIR-} ]]; then
WORKDIR=$(mktemp -d -t nsscache.regtest.XXXXXX)
ARTIFACTS=${WORKDIR}
fi
slapd_apparmor_bkp="${WORKDIR}/slapd_profile.bkp"
slapd_apparmor_override="/etc/apparmor.d/local/usr.sbin.slapd"
slapd_apparmor="/etc/apparmor.d/usr.sbin.slapd"
cleanup() {
if [[ -f "$slapd_apparmor_bkp" ]]; then
sudo mv "$slapd_apparmor_bkp" "$slapd_apparmor_override"
sudo apparmor_parser -r -T -W "$slapd_apparmor"
fi
if [[ -e "$WORKDIR/slapd.pid" ]]; then
kill -TERM $(cat $WORKDIR/slapd.pid)
fi
if [[ -z ${ADTTMP-} ]]; then
rm -rf $WORKDIR
fi
}
trap cleanup 0 INT QUIT ABRT PIPE TERM
TESTDIR=$(dirname -- "$0")
apparmor_enabled() {
if [ -x /usr/sbin/aa-status ]; then
sudo /usr/sbin/aa-status --enabled && apparmor_enabled="0" || apparmor_enabled="1"
else
apparmor_enabled="1"
fi
return "$apparmor_enabled"
}
override_apparmor() {
# backup existing override
cp -af "$slapd_apparmor_override" "$slapd_apparmor_bkp"
# the test suite brings up a test slapd server running
# off /tmp/<tmpdir>.
echo "${WORKDIR}/ rw," | sudo tee "$slapd_apparmor_override"
echo "${WORKDIR}/** rwk," | sudo tee -a "$slapd_apparmor_override"
echo "${ARTIFACTS}/ rw," | sudo tee -a "$slapd_apparmor_override"
echo "${ARTIFACTS}/** rwk," | sudo tee -a "$slapd_apparmor_override"
sudo apparmor_parser -r -T -W "$slapd_apparmor"
}
setup_slapd() {
set -e
mkdir -p $WORKDIR/ldap
sed -e "s!@workdir@!$WORKDIR!" \
< ${TESTDIR}/slapd.conf.tmpl > $ARTIFACTS/slapd.conf
$SLAPD -VVV || true
$SLAPADD -d -1 -f $ARTIFACTS/slapd.conf -b dc=example,dc=com -l ${TESTDIR}/default.ldif
$SLAPD -h ldapi://${WORKDIR//\//%2F}%2Fldapi -f $ARTIFACTS/slapd.conf &
slappid=$!
attempts=0
until ldapsearch -x -H ldapi://${WORKDIR//\//%2F}%2Fldapi -b "dc=example,dc=com" '(objectclass=*)'; do
attempts=$(($attempts + 1))
if [[ $attempts -gt 10 ]]; then
echo "failed to connect to slapd in 60 attempts"
exit 1
fi
sleep 0.1
done
set +e
}
run_nsscache() {
source=$1
cache=$2
config_orig="${TESTDIR}/slapd-nsscache.conf.tmpl"
config=$(mktemp -p ${ARTIFACTS} nsscache.${source}.conf.XXXXXX)
sed -e "s!@cache@!$cache!" \
-e "s!@source@!$source!" \
-e "s!@workdir@!$WORKDIR!" \
< $config_orig > $config
mkdir $WORKDIR/$cache
mkdir $WORKDIR/ldap-timestamps-$cache
nsscache status
nsscache -d -c "${config}" update --full
r=$?
if [[ $r -ne 0 ]]; then
echo FAILED: $r
fi
test_${cache}
nsscache -d -c "${config}" status
}
test_files() {
ls -alR $WORKDIR
set -e
grep jaq $WORKDIR/files/passwd.cache
grep jaq $WORKDIR/files/passwd.cache.ixname
grep 37 $WORKDIR/files/passwd.cache.ixuid
grep hax0rs $WORKDIR/files/group.cache
grep hax0rs $WORKDIR/files/group.cache.ixname
grep 31337 $WORKDIR/files/group.cache.ixgid
grep jaq $WORKDIR/files/shadow.cache
grep jaq $WORKDIR/files/shadow.cache.ixname
[[ $(stat -c%A $WORKDIR/files/shadow.cache) == "-rw-r-----" ]] || exit 1
[[ $(stat -c%A $WORKDIR/files/shadow.cache.ixname) == "-rw-r-----" ]] || exit 1
}
check () {
which nsscache
if [[ $? -ne 0 ]]; then
(
cd ${TESTDIR}/..
pip3 install --target="${WORKDIR}" .
)
export PATH=$PATH:${WORKDIR}/bin
fi
set -e
nsscache --version
set +e
}
check
if apparmor_enabled; then
override_apparmor
fi
setup_slapd
run_nsscache ldap files
echo OK
|
