mrc0mmand / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone

Blame SOURCES/openldap-cbinding-auth-add-SASL-GSSAPI-tests.patch

ef2d9b
From 8e3e85e329f5cbd989936b0df8a0ac06906a4824 Mon Sep 17 00:00:00 2001
ef2d9b
From: Isaac Boukris <iboukris@gmail.com>
ef2d9b
Date: Tue, 14 Apr 2020 16:19:05 +0300
ef2d9b
Subject: [PATCH] auth: add SASL/GSSAPI tests
ef2d9b
ef2d9b
---
ef2d9b
 tests/data/krb5.conf              |  32 ++++++
ef2d9b
 tests/data/slapd-sasl-gssapi.conf |  65 ++++++++++++
ef2d9b
 tests/scripts/conf.sh             |   3 +
ef2d9b
 tests/scripts/defines.sh          |   5 +
ef2d9b
 tests/scripts/setup_kdc.sh        | 144 +++++++++++++++++++++++++++
ef2d9b
 tests/scripts/test077-sasl-gssapi | 159 ++++++++++++++++++++++++++++++
ef2d9b
 6 files changed, 408 insertions(+)
ef2d9b
 create mode 100644 tests/data/krb5.conf
ef2d9b
 create mode 100644 tests/data/slapd-sasl-gssapi.conf
ef2d9b
 create mode 100755 tests/scripts/setup_kdc.sh
ef2d9b
 create mode 100755 tests/scripts/test077-sasl-gssapi
ef2d9b
ef2d9b
diff --git a/tests/data/krb5.conf b/tests/data/krb5.conf
ef2d9b
new file mode 100644
ef2d9b
index 000000000..739113742
ef2d9b
--- /dev/null
ef2d9b
+++ b/tests/data/krb5.conf
ef2d9b
@@ -0,0 +1,32 @@
ef2d9b
+[libdefaults]
ef2d9b
+  default_realm = @KRB5REALM@
ef2d9b
+  dns_lookup_realm = false
ef2d9b
+  dns_lookup_kdc = false
ef2d9b
+  default_ccache_name = FILE://@TESTDIR@/ccache
ef2d9b
+  #udp_preference_limit = 1
ef2d9b
+[realms]
ef2d9b
+ @KRB5REALM@ = {
ef2d9b
+  kdc = @KDCHOST@:@KDCPORT@
ef2d9b
+  acl_file = @TESTDIR@/kadm.acl
ef2d9b
+  database_name = @TESTDIR@/kdc.db
ef2d9b
+  key_stash_file = @TESTDIR@/kdc.stash
ef2d9b
+ }
ef2d9b
+[kdcdefaults]
ef2d9b
+  kdc_ports = @KDCPORT@
ef2d9b
+  kdc_tcp_ports = @KDCPORT@
ef2d9b
+[logging]
ef2d9b
+  kdc = FILE:@TESTDIR@/kdc.log
ef2d9b
+  admin_server = FILE:@TESTDIR@/kadm.log
ef2d9b
+  default = FILE:@TESTDIR@/krb5.log
ef2d9b
+
ef2d9b
+#Heimdal
ef2d9b
+[kdc]
ef2d9b
+ database = {
ef2d9b
+  dbname = @TESTDIR@/kdc.db
ef2d9b
+  realm = @KRB5REALM@
ef2d9b
+  mkey_file = @TESTDIR@/kdc.stash
ef2d9b
+  log_file = @TESTDIR@/kdc.log
ef2d9b
+  acl_file = @TESTDIR@/kadm.acl
ef2d9b
+ }
ef2d9b
+[hdb]
ef2d9b
+  db-dir = @TESTDIR@
ef2d9b
diff --git a/tests/data/slapd-sasl-gssapi.conf b/tests/data/slapd-sasl-gssapi.conf
ef2d9b
new file mode 100644
ef2d9b
index 000000000..611fc7097
ef2d9b
--- /dev/null
ef2d9b
+++ b/tests/data/slapd-sasl-gssapi.conf
ef2d9b
@@ -0,0 +1,65 @@
ef2d9b
+# stand-alone slapd config -- for testing (with indexing)
ef2d9b
+# $OpenLDAP$
ef2d9b
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
ef2d9b
+##
ef2d9b
+## Copyright 1998-2020 The OpenLDAP Foundation.
ef2d9b
+## All rights reserved.
ef2d9b
+##
ef2d9b
+## Redistribution and use in source and binary forms, with or without
ef2d9b
+## modification, are permitted only as authorized by the OpenLDAP
ef2d9b
+## Public License.
ef2d9b
+##
ef2d9b
+## A copy of this license is available in the file LICENSE in the
ef2d9b
+## top-level directory of the distribution or, alternatively, at
ef2d9b
+## <http://www.OpenLDAP.org/license.html>.
ef2d9b
+
ef2d9b
+#
ef2d9b
+include		@SCHEMADIR@/core.schema
ef2d9b
+include		@SCHEMADIR@/cosine.schema
ef2d9b
+#
ef2d9b
+include		@SCHEMADIR@/corba.schema
ef2d9b
+include		@SCHEMADIR@/java.schema
ef2d9b
+include		@SCHEMADIR@/inetorgperson.schema
ef2d9b
+include		@SCHEMADIR@/misc.schema
ef2d9b
+include		@SCHEMADIR@/nis.schema
ef2d9b
+include		@SCHEMADIR@/openldap.schema
ef2d9b
+#
ef2d9b
+include		@SCHEMADIR@/duaconf.schema
ef2d9b
+include		@SCHEMADIR@/dyngroup.schema
ef2d9b
+
ef2d9b
+#
ef2d9b
+pidfile		@TESTDIR@/slapd.1.pid
ef2d9b
+argsfile	@TESTDIR@/slapd.1.args
ef2d9b
+
ef2d9b
+# SSL configuration
ef2d9b
+TLSCACertificateFile @TESTDIR@/tls/ca/certs/testsuiteCA.crt
ef2d9b
+TLSCertificateKeyFile @TESTDIR@/tls/private/localhost.key
ef2d9b
+TLSCertificateFile @TESTDIR@/tls/certs/localhost.crt
ef2d9b
+
ef2d9b
+#
ef2d9b
+rootdse 	@DATADIR@/rootdse.ldif
ef2d9b
+
ef2d9b
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
ef2d9b
+#mod#moduleload	back_@BACKEND@.la
ef2d9b
+#monitormod#modulepath ../servers/slapd/back-monitor/
ef2d9b
+#monitormod#moduleload back_monitor.la
ef2d9b
+
ef2d9b
+
ef2d9b
+#######################################################################
ef2d9b
+# database definitions
ef2d9b
+#######################################################################
ef2d9b
+
ef2d9b
+database	@BACKEND@
ef2d9b
+suffix          "dc=example,dc=com"
ef2d9b
+rootdn          "cn=Manager,dc=example,dc=com"
ef2d9b
+rootpw          secret
ef2d9b
+#~null~#directory	@TESTDIR@/db.1.a
ef2d9b
+#indexdb#index		objectClass eq
ef2d9b
+#indexdb#index		mail eq
ef2d9b
+#ndb#dbname db_1_a
ef2d9b
+#ndb#include @DATADIR@/ndb.conf
ef2d9b
+
ef2d9b
+#monitor#database	monitor
ef2d9b
+
ef2d9b
+sasl-realm	@KRB5REALM@
ef2d9b
+sasl-host	localhost
ef2d9b
diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh
ef2d9b
index b0393865d..c9e1a4b0a 100755
ef2d9b
--- a/tests/scripts/conf.sh
ef2d9b
+++ b/tests/scripts/conf.sh
ef2d9b
@@ -99,4 +99,7 @@ sed -e "s/@BACKEND@/${BACKEND}/"			\
ef2d9b
 	-e "s;@TESTWD@;${TESTWD};"			\
ef2d9b
 	-e "s;@DATADIR@;${DATADIR};"			\
ef2d9b
 	-e "s;@SCHEMADIR@;${SCHEMADIR};"		\
ef2d9b
+	-e "s;@KRB5REALM@;${KRB5REALM};"		\
ef2d9b
+	-e "s;@KDCHOST@;${KDCHOST};"			\
ef2d9b
+	-e "s;@KDCPORT@;${KDCPORT};"			\
ef2d9b
 	-e "/^#/d"
ef2d9b
diff --git a/tests/scripts/defines.sh b/tests/scripts/defines.sh
ef2d9b
index 1d6c2b3f1..ccb2e5b41 100755
ef2d9b
--- a/tests/scripts/defines.sh
ef2d9b
+++ b/tests/scripts/defines.sh
ef2d9b
@@ -114,6 +114,7 @@ REFSLAVECONF=$DATADIR/slapd-ref-slave.conf
ef2d9b
 SCHEMACONF=$DATADIR/slapd-schema.conf
ef2d9b
 TLSCONF=$DATADIR/slapd-tls.conf
ef2d9b
 TLSSASLCONF=$DATADIR/slapd-tls-sasl.conf
ef2d9b
+SASLGSSAPICONF=$DATADIR/slapd-sasl-gssapi.conf
ef2d9b
 GLUECONF=$DATADIR/slapd-glue.conf
ef2d9b
 REFINTCONF=$DATADIR/slapd-refint.conf
ef2d9b
 RETCODECONF=$DATADIR/slapd-retcode.conf
ef2d9b
@@ -223,6 +224,7 @@ PORT3=`expr $BASEPORT + 3`
ef2d9b
 PORT4=`expr $BASEPORT + 4`
ef2d9b
 PORT5=`expr $BASEPORT + 5`
ef2d9b
 PORT6=`expr $BASEPORT + 6`
ef2d9b
+KDCPORT=`expr $BASEPORT + 7`
ef2d9b
 URI1="ldap://${LOCALHOST}:$PORT1/"
ef2d9b
 URIP1="ldap://${LOCALIP}:$PORT1/"
ef2d9b
 URI2="ldap://${LOCALHOST}:$PORT2/"
ef2d9b
@@ -248,6 +250,9 @@ SURIP5="ldaps://${LOCALIP}:$PORT5/"
ef2d9b
 SURI6="ldaps://${LOCALHOST}:$PORT6/"
ef2d9b
 SURIP6="ldaps://${LOCALIP}:$PORT6/"
ef2d9b
 
ef2d9b
+KRB5REALM="K5.REALM"
ef2d9b
+KDCHOST=$LOCALHOST
ef2d9b
+
ef2d9b
 # LDIF
ef2d9b
 LDIF=$DATADIR/test.ldif
ef2d9b
 LDIFADD1=$DATADIR/do_add.1
ef2d9b
diff --git a/tests/scripts/setup_kdc.sh b/tests/scripts/setup_kdc.sh
ef2d9b
new file mode 100755
ef2d9b
index 000000000..1cb784075
ef2d9b
--- /dev/null
ef2d9b
+++ b/tests/scripts/setup_kdc.sh
ef2d9b
@@ -0,0 +1,144 @@
ef2d9b
+#! /bin/sh
ef2d9b
+# $OpenLDAP$
ef2d9b
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
ef2d9b
+##
ef2d9b
+## Copyright 1998-2020 The OpenLDAP Foundation.
ef2d9b
+## All rights reserved.
ef2d9b
+##
ef2d9b
+## Redistribution and use in source and binary forms, with or without
ef2d9b
+## modification, are permitted only as authorized by the OpenLDAP
ef2d9b
+## Public License.
ef2d9b
+##
ef2d9b
+## A copy of this license is available in the file LICENSE in the
ef2d9b
+## top-level directory of the distribution or, alternatively, at
ef2d9b
+## <http://www.OpenLDAP.org/license.html>.
ef2d9b
+
ef2d9b
+export KRB5_TRACE=$TESTDIR/k5_trace
ef2d9b
+export KRB5_CONFIG=$TESTDIR/krb5.conf
ef2d9b
+export KRB5_KDC_PROFILE=$KRB5_CONFIG
ef2d9b
+export KRB5_KTNAME=$TESTDIR/server.kt
ef2d9b
+export KRB5_CLIENT_KTNAME=$TESTDIR/client.kt
ef2d9b
+export KRB5CCNAME=$TESTDIR/client.ccache
ef2d9b
+
ef2d9b
+KDCLOG=$TESTDIR/setup_kdc.log
ef2d9b
+KSERVICE=ldap/$LOCALHOST
ef2d9b
+KUSER=kuser
ef2d9b
+
ef2d9b
+. $CONFFILTER < $DATADIR/krb5.conf > $KRB5_CONFIG
ef2d9b
+
ef2d9b
+PATH=${PATH}:/usr/lib/heimdal-servers:/usr/sbin:/usr/local/sbin
ef2d9b
+
ef2d9b
+echo "Trying Heimdal KDC..."
ef2d9b
+
ef2d9b
+kdc --version 2>&1 | grep Heimdal > $KDCLOG 2>&1
ef2d9b
+RC=$?
ef2d9b
+if test $RC = 0 ; then
ef2d9b
+
ef2d9b
+	kstash --random-key > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kstash failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	flags="--realm-max-ticket-life=1h --realm-max-renewable-life=1h"
ef2d9b
+	kadmin -l init $flags $KRB5REALM > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kadmin init failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin -l add --random-key --use-defaults $KSERVICE > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin -l ext -k $KRB5_KTNAME $KSERVICE > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin -l add --random-key --use-defaults $KUSER > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kadmin add failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin -l ext -k $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "Heimdal: kadmin ext failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kdc --addresses=$LOCALIP --ports="$KDCPORT/udp" > $KDCLOG 2>&1 &
ef2d9b
+else
ef2d9b
+	echo "Trying MIT KDC..."
ef2d9b
+
ef2d9b
+	kdb5_util create -r $KRB5REALM -s -P password > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "MIT: kdb5_util create failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin.local -q "addprinc -randkey $KSERVICE" > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "MIT: admin addprinc failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin.local -q "ktadd -k $KRB5_KTNAME $KSERVICE" > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin.local -q "addprinc -randkey $KUSER" > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "MIT: kadmin addprinc failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	kadmin.local -q "ktadd -k $KRB5_CLIENT_KTNAME $KUSER" > $KDCLOG 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "MIT: kadmin ktadd failed, skipping GSSAPI tests"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	krb5kdc -n > $KDCLOG 2>&1 &
ef2d9b
+fi
ef2d9b
+
ef2d9b
+KDCPROC=$!
ef2d9b
+sleep 1
ef2d9b
+
ef2d9b
+kinit -kt $KRB5_CLIENT_KTNAME $KUSER > $KDCLOG 2>&1
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	kill $KDCPROC
ef2d9b
+	echo "SASL/GSSAPI: kinit failed, skipping GSSAPI tests"
ef2d9b
+	exit 0
ef2d9b
+fi
ef2d9b
+
ef2d9b
+pluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+
ef2d9b
+	saslpluginviewer -m GSSAPI > $TESTDIR/plugin_out 2>/dev/null
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		kill $KDCPROC
ef2d9b
+		echo "cyrus-sasl has no GSSAPI support, test skipped"
ef2d9b
+		exit 0
ef2d9b
+	fi
ef2d9b
+fi
ef2d9b
diff --git a/tests/scripts/test077-sasl-gssapi b/tests/scripts/test077-sasl-gssapi
ef2d9b
new file mode 100755
ef2d9b
index 000000000..64abe16fe
ef2d9b
--- /dev/null
ef2d9b
+++ b/tests/scripts/test077-sasl-gssapi
ef2d9b
@@ -0,0 +1,159 @@
ef2d9b
+#! /bin/sh
ef2d9b
+# $OpenLDAP$
ef2d9b
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
ef2d9b
+##
ef2d9b
+## Copyright 1998-2020 The OpenLDAP Foundation.
ef2d9b
+## All rights reserved.
ef2d9b
+##
ef2d9b
+## Redistribution and use in source and binary forms, with or without
ef2d9b
+## modification, are permitted only as authorized by the OpenLDAP
ef2d9b
+## Public License.
ef2d9b
+##
ef2d9b
+## A copy of this license is available in the file LICENSE in the
ef2d9b
+## top-level directory of the distribution or, alternatively, at
ef2d9b
+## <http://www.OpenLDAP.org/license.html>.
ef2d9b
+
ef2d9b
+echo "running defines.sh"
ef2d9b
+. $SRCDIR/scripts/defines.sh
ef2d9b
+
ef2d9b
+if test $WITH_SASL = no ; then
ef2d9b
+        echo "SASL support not available, test skipped"
ef2d9b
+        exit 0
ef2d9b
+fi
ef2d9b
+
ef2d9b
+mkdir -p $TESTDIR $DBDIR1
ef2d9b
+cp -r $DATADIR/tls $TESTDIR
ef2d9b
+
ef2d9b
+cd $TESTWD
ef2d9b
+
ef2d9b
+
ef2d9b
+echo "Starting KDC for SASL/GSSAPI tests..."
ef2d9b
+. $SRCDIR/scripts/setup_kdc.sh
ef2d9b
+
ef2d9b
+echo "Running slapadd to build slapd database..."
ef2d9b
+. $CONFFILTER $BACKEND $MONITORDB < $SASLGSSAPICONF > $CONF1
ef2d9b
+$SLAPADD -f $CONF1 -l $LDIFORDERED
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "slapadd failed ($RC)!"
ef2d9b
+	kill $KDCPROC
ef2d9b
+	exit $RC
ef2d9b
+fi
ef2d9b
+
ef2d9b
+echo "Starting ldap:/// slapd on TCP/IP port $PORT1 and ldaps:/// slapd on $PORT2..."
ef2d9b
+$SLAPD -f $CONF1 -h "$URI1 $SURI2" -d $LVL $TIMING > $LOG1 2>&1 &
ef2d9b
+PID=$!
ef2d9b
+if test $WAIT != 0 ; then
ef2d9b
+    echo PID $PID
ef2d9b
+    read foo
ef2d9b
+fi
ef2d9b
+KILLPIDS="$PID"
ef2d9b
+
ef2d9b
+sleep 1
ef2d9b
+
ef2d9b
+for i in 0 1 2 3 4 5; do
ef2d9b
+	$LDAPSEARCH -s base -b "" -H $URI1 \
ef2d9b
+		'objectclass=*' > /dev/null 2>&1
ef2d9b
+        RC=$?
ef2d9b
+        if test $RC = 0 ; then
ef2d9b
+                break
ef2d9b
+        fi
ef2d9b
+        echo "Waiting 5 seconds for slapd to start..."
ef2d9b
+        sleep 5
ef2d9b
+done
ef2d9b
+
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "ldapsearch failed ($RC)!"
ef2d9b
+	kill $KDCPROC
ef2d9b
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+	exit $RC
ef2d9b
+fi
ef2d9b
+
ef2d9b
+$LDAPSEARCH -x -H $URI1 -s "base" -b "" supportedSASLMechanisms > $TESTOUT 2>&1
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "ldapsearch failed ($RC)!"
ef2d9b
+	kill $KDCPROC
ef2d9b
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+	exit $RC
ef2d9b
+fi
ef2d9b
+
ef2d9b
+grep GSSAPI $TESTOUT
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "failed: GSSAPI mechanism not in supportedSASLMechanisms."
ef2d9b
+	kill $KDCPROC
ef2d9b
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+	exit $RC
ef2d9b
+fi
ef2d9b
+
ef2d9b
+echo -n "Using ldapwhoami with SASL/GSSAPI: "
ef2d9b
+$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 > $TESTOUT 2>&1
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "ldapwhoami failed ($RC)!"
ef2d9b
+	kill $KDCPROC
ef2d9b
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+	exit $RC
ef2d9b
+else
ef2d9b
+	echo "success"
ef2d9b
+fi
ef2d9b
+
ef2d9b
+echo -n "Validating mapped SASL/GSSAPI ID: "
ef2d9b
+echo "dn:uid=$KUSER,cn=$KRB5REALM,cn=gssapi,cn=auth" > $TESTDIR/dn.out
ef2d9b
+$CMP $TESTDIR/dn.out $TESTOUT > $CMPOUT
ef2d9b
+RC=$?
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo "Comparison failed"
ef2d9b
+	kill $KDCPROC
ef2d9b
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+	exit $RC
ef2d9b
+else
ef2d9b
+	echo "success"
ef2d9b
+fi
ef2d9b
+
ef2d9b
+if test $WITH_TLS = no ; then
ef2d9b
+        echo "SASL/GSSAPI: TLS support not available, skipping TLS part."
ef2d9b
+else
ef2d9b
+	echo -n "Using ldapwhoami with SASL/GSSAPI with start-tls: "
ef2d9b
+	$LDAPSASLWHOAMI -N -Y GSSAPI -H $URI1 -ZZ -o tls_reqcert=allow	\
ef2d9b
+		-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt	\
ef2d9b
+		> $TESTOUT 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "ldapwhoami failed ($RC)!"
ef2d9b
+		kill $KDCPROC
ef2d9b
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+		exit $RC
ef2d9b
+	else
ef2d9b
+		echo "success"
ef2d9b
+	fi
ef2d9b
+
ef2d9b
+	echo -n "Using ldapwhoami with SASL/GSSAPI with ldaps: "
ef2d9b
+	$LDAPSASLWHOAMI -N -Y GSSAPI -H $SURI2 -o tls_reqcert=allow	\
ef2d9b
+		-o tls_cacert=$TESTDIR/tls/ca/certs/testsuiteCA.crt	\
ef2d9b
+		> $TESTOUT 2>&1
ef2d9b
+	RC=$?
ef2d9b
+	if test $RC != 0 ; then
ef2d9b
+		echo "ldapwhoami failed ($RC)!"
ef2d9b
+		kill $KDCPROC
ef2d9b
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+		exit $RC
ef2d9b
+	else
ef2d9b
+		echo "success"
ef2d9b
+	fi
ef2d9b
+fi
ef2d9b
+
ef2d9b
+kill $KDCPROC
ef2d9b
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
ef2d9b
+
ef2d9b
+if test $RC != 0 ; then
ef2d9b
+	echo ">>>>> Test failed"
ef2d9b
+else
ef2d9b
+	echo ">>>>> Test succeeded"
ef2d9b
+	RC=0
ef2d9b
+fi
ef2d9b
+
ef2d9b
+test $KILLSERVERS != no && wait
ef2d9b
+
ef2d9b
+exit $RC
ef2d9b
-- 
ef2d9b
2.26.2
ef2d9b