245 lines
5.8 KiB
Perl
245 lines
5.8 KiB
Perl
use strict;
|
|
use warnings;
|
|
|
|
package LDAPContext;
|
|
use POSIX qw(SIGKILL);
|
|
use File::Path qw(make_path);
|
|
use WWW::Form::UrlEncoded::PP qw();
|
|
use Hydra::Helper::Exec;
|
|
|
|
# Set up an LDAP server to run during the test.
|
|
#
|
|
# It creates a top level organization and structure, and provides
|
|
# add_user and add_group.
|
|
#
|
|
# Hash Parameters:
|
|
#
|
|
# * root_password: The clear text password required for connecting to the LDAP server
|
|
#
|
|
# The server is automatically terminated when the class is dropped.
|
|
sub new {
|
|
my ($class, %opts) = @_;
|
|
|
|
my $rootPassword = $opts{'root_password'} // rand_chars();
|
|
|
|
my $root = File::Temp->newdir();
|
|
mkdir $root;
|
|
|
|
my $pid_file = "$root/slapd.pid";
|
|
|
|
my $slapd_dir = "$root/slap.d";
|
|
mkdir $slapd_dir;
|
|
|
|
my $db_dir = "$root/db";
|
|
mkdir $db_dir;
|
|
|
|
my $socket = "$root/slapd.socket";
|
|
|
|
my $self = {
|
|
_db_dir => $db_dir,
|
|
_openldap_source => $ENV{"OPENLDAP_ROOT"},
|
|
_pid_file => $pid_file,
|
|
_slapd_dir => $slapd_dir,
|
|
_socket => $socket,
|
|
_tmpdir => $root,
|
|
root_password => $rootPassword,
|
|
};
|
|
|
|
my $blessed = bless $self, $class;
|
|
$blessed->start();
|
|
|
|
return $blessed;
|
|
}
|
|
|
|
# Create a user with a specific email address and password
|
|
#
|
|
# Hash Parameters:
|
|
#
|
|
# * password: The clear text password, will be hashed when stored in the DB.
|
|
# * email: The user's email address. Defaults to $name@example.net
|
|
#
|
|
# Return: a hash of parameters for the user
|
|
#
|
|
# * username: The user's provided $name
|
|
# * password: The plaintext password, generated if not provided in the arguments
|
|
# * hashed_password: The hashed password
|
|
# * email: Their email address
|
|
sub add_user {
|
|
my ($self, $name, %opts) = @_;
|
|
|
|
my $email = $opts{'email'} // "$name\@example";
|
|
my $password = $opts{'password'} // rand_chars();
|
|
|
|
my ($res, $stdout, $stderr) = captureStdoutStderr(1, ("slappasswd", "-s", $password));
|
|
if ($res) {
|
|
die "Failed to execute slappasswd ($res): $stderr, $stdout";
|
|
}
|
|
my $hashedPassword = $stdout;
|
|
$hashedPassword =~ s/^\s+|\s+$//g; # Trim whitespace
|
|
|
|
$self->load_ldif("dc=example", <<LDIF);
|
|
dn: cn=$name,ou=users,dc=example
|
|
objectClass: organizationalPerson
|
|
objectClass: inetOrgPerson
|
|
sn: $name
|
|
cn: $name
|
|
mail: $email
|
|
userPassword: $hashedPassword
|
|
LDIF
|
|
|
|
return {
|
|
username => $name,
|
|
email => $email,
|
|
password => $password,
|
|
hashed_password => $hashedPassword,
|
|
};
|
|
}
|
|
|
|
# Create a group with a specific name and members
|
|
sub add_group {
|
|
my ($self, $name, @users) = @_;
|
|
|
|
my $members = join "\n", (map "member: cn=$_,ou=users,dc=example", @users);
|
|
|
|
$self->load_ldif("dc=example", <<LDIF);
|
|
dn: cn=$name,ou=groups,dc=example
|
|
cn: $name
|
|
description: User group $name
|
|
objectClass: groupOfNames
|
|
$members
|
|
LDIF
|
|
}
|
|
|
|
sub _makeBootstrapConfig {
|
|
my ($self) = @_;
|
|
# This has been copied from the generated config used by the
|
|
# ldap test in the flake.nix.
|
|
return <<EOF;
|
|
dn: cn=config
|
|
cn: config
|
|
objectClass: olcGlobal
|
|
olcPidFile: ${\$self->{"_pid_file"}}
|
|
|
|
dn: cn=schema,cn=config
|
|
cn: schema
|
|
objectClass: olcSchemaConfig
|
|
|
|
include: file://${\$self->{"_openldap_source"}}/etc/schema/core.ldif
|
|
include: file://${\$self->{"_openldap_source"}}/etc/schema/cosine.ldif
|
|
include: file://${\$self->{"_openldap_source"}}/etc/schema/inetorgperson.ldif
|
|
include: file://${\$self->{"_openldap_source"}}/etc/schema/nis.ldif
|
|
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
objectClass: olcMdbConfig
|
|
olcDatabase: {1}mdb
|
|
olcDbDirectory: ${\$self->{"_db_dir"}}
|
|
olcRootDN: cn=root,dc=example
|
|
olcRootPW: ${\$self->{"root_password"}}
|
|
olcSuffix: dc=example
|
|
EOF
|
|
}
|
|
|
|
sub _makeBootstrapOrganization {
|
|
my ($self) = @_;
|
|
# This has been copied from the generated config used by the
|
|
# ldap test in the flake.nix.
|
|
return <<EOF;
|
|
dn: dc=example
|
|
dc: example
|
|
o: Root
|
|
objectClass: top
|
|
objectClass: dcObject
|
|
objectClass: organization
|
|
|
|
dn: ou=users,dc=example
|
|
ou: users
|
|
description: All users
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
|
|
dn: ou=groups,dc=example
|
|
ou: groups
|
|
description: All groups
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
EOF
|
|
}
|
|
|
|
sub start {
|
|
my ($self) = @_;
|
|
|
|
$self->load_ldif("cn=config", $self->_makeBootstrapConfig());
|
|
$self->load_ldif("dc=example", $self->_makeBootstrapOrganization());
|
|
|
|
$self->_spawn()
|
|
}
|
|
|
|
sub validateConfig {
|
|
my ($self) = @_;
|
|
|
|
expectOkay(1, ("slaptest", "-u", "-F", $self->{"_slapd_dir"}));
|
|
}
|
|
|
|
sub _spawn {
|
|
my ($self) = @_;
|
|
|
|
my $pid = fork;
|
|
die "When starting the LDAP server: failed to fork." if not defined $pid;
|
|
|
|
if ($pid == 0) {
|
|
exec("${\$self->{'_openldap_source'}}/libexec/slapd",
|
|
# A debug flag `-d` must be specified to avoid backgrounding, and an empty
|
|
# argument means no additional debugging.
|
|
"-d", "",
|
|
# "-d", "conns", "-d", "filter", "-d", "config",
|
|
"-F", $self->{"_slapd_dir"}, "-h", $self->server_url()) or die "Could not start slapd";
|
|
} else {
|
|
$self->{"_pid"} = $pid;
|
|
}
|
|
}
|
|
|
|
sub server_url {
|
|
my ($self) = @_;
|
|
|
|
my $encoded_socket_path = WWW::Form::UrlEncoded::PP::url_encode($self->{"_socket"});
|
|
|
|
return "ldapi://$encoded_socket_path";
|
|
}
|
|
|
|
sub tmpdir {
|
|
my ($self) = @_;
|
|
|
|
return $self->{"_tmpdir"};
|
|
}
|
|
|
|
sub load_ldif {
|
|
my ($self, $suffix, $content) = @_;
|
|
|
|
my $path = "${\$self->{'_tmpdir'}}/load.ldif";
|
|
write_file($path, $content);
|
|
expectOkay(1, ("slapadd", "-F", $self->{"_slapd_dir"}, "-b", $suffix, "-l", $path));
|
|
$self->validateConfig();
|
|
}
|
|
|
|
sub DESTROY
|
|
{
|
|
my ($self) = @_;
|
|
if ($self->{"_pid"}) {
|
|
kill SIGKILL, $self->{"_pid"};
|
|
}
|
|
}
|
|
|
|
sub write_file {
|
|
my ($path, $text) = @_;
|
|
open(my $fh, '>', $path) or die "Could not open file '$path' $!";
|
|
print $fh $text || "";
|
|
close $fh;
|
|
}
|
|
|
|
sub rand_chars {
|
|
return sprintf("t%08X", rand(0xFFFFFFFF));
|
|
}
|
|
|
|
1;
|