2 process
::{Child, Command, Stdio}
,
7 use anyhow
::{Context, Error}
;
15 fn new(path
: &str) -> Result
<Self, Error
> {
16 let glauth_bin
= std
::env
::var("GLAUTH_BIN").context("GLAUTH_BIN is not set")?
;
17 let handle
= Command
::new(&glauth_bin
)
21 .stdout(Stdio
::null())
22 .stderr(Stdio
::null())
24 .context("Could not start glauth process")?
;
26 // Make 'sure' that glauth is up
27 sleep(Duration
::from_secs(1));
33 impl Drop
for GlauthServer
{
35 self.handle
.kill().ok();
39 fn authenticate(con
: &Connection
, user
: &str, pass
: &str) -> Result
<(), Error
> {
40 proxmox_async
::runtime
::block_on(con
.authenticate_user(user
, pass
))
43 fn check_connection(config
: &Config
) -> Result
<(), Error
> {
44 let connection
= Connection
::new(config
.clone());
45 proxmox_async
::runtime
::block_on(connection
.check_connection())
48 fn default_config() -> Config
{
50 servers
: vec
!["localhost".into()],
52 user_attr
: "cn".into(),
53 base_dn
: "dc=example,dc=com".into(),
54 bind_dn
: Some("cn=serviceuser,ou=svcaccts,dc=example,dc=com".into()),
55 bind_password
: Some("password".into()),
56 tls_mode
: ConnectionMode
::Ldap
,
57 verify_certificate
: false,
58 additional_trusted_certificates
: None
,
59 certificate_store_path
: Some("/etc/ssl/certs".into()),
65 fn test_authentication() -> Result
<(), Error
> {
66 let _glauth
= GlauthServer
::new("tests/assets/glauth.cfg")?
;
68 let connection
= Connection
::new(default_config());
70 assert
!(authenticate(&connection
, "test1", "password").is_ok());
71 assert
!(authenticate(&connection
, "test2", "password").is_ok());
72 assert
!(authenticate(&connection
, "test3", "password").is_ok());
73 assert
!(authenticate(&connection
, "test1", "invalid").is_err());
74 assert
!(authenticate(&connection
, "invalid", "password").is_err());
81 fn test_authentication_via_ipv6() -> Result
<(), Error
> {
82 let _glauth
= GlauthServer
::new("tests/assets/glauth_v6.cfg")?
;
84 let settings
= Config
{
85 servers
: vec
!["[::1]".into()],
89 let connection
= Connection
::new(settings
);
91 assert
!(authenticate(&connection
, "test1", "password").is_ok());
98 fn test_authentication_via_ldaps() -> Result
<(), Error
> {
99 let settings
= Config
{
101 tls_mode
: ConnectionMode
::Ldaps
,
102 verify_certificate
: true,
103 additional_trusted_certificates
: Some(vec
!["tests/assets/glauth.crt".into()]),
107 let _glauth
= GlauthServer
::new("tests/assets/glauth.cfg")?
;
109 let connection
= Connection
::new(settings
);
111 assert
!(authenticate(&connection
, "test1", "password").is_ok());
112 assert
!(authenticate(&connection
, "test1", "invalid").is_err());
119 fn test_fallback() -> Result
<(), Error
> {
120 let settings
= Config
{
121 servers
: vec
!["invalid.host".into(), "localhost".into()],
125 let _glauth
= GlauthServer
::new("tests/assets/glauth.cfg")?
;
127 let connection
= Connection
::new(settings
);
128 assert
!(authenticate(&connection
, "test1", "password").is_ok());
135 fn test_search() -> Result
<(), Error
> {
136 let _glauth
= GlauthServer
::new("tests/assets/glauth.cfg")?
;
138 let connection
= Connection
::new(default_config());
140 let params
= SearchParameters
{
141 attributes
: vec
!["cn".into(), "mail".into(), "sn".into()],
142 user_classes
: vec
!["posixAccount".into()],
143 user_filter
: Some("(cn=test*)".into()),
146 let search_results
= proxmox_async
::runtime
::block_on(connection
.search_entities(¶ms
))?
;
148 assert_eq
!(search_results
.len(), 3);
150 for a
in search_results
{
151 assert
!(a
.dn
.starts_with("cn=test"));
152 assert
!(a
.dn
.ends_with("ou=testgroup,ou=users,dc=example,dc=com"));
160 .ends_with("@example.com"));
175 fn test_check_connection() -> Result
<(), Error
> {
176 let _glauth
= GlauthServer
::new("tests/assets/glauth.cfg")?
;
178 let mut config
= default_config();
179 assert
!(check_connection(&config
).is_ok());
181 config
.base_dn
= "dc=invalid,dc=com".into();
182 assert
!(check_connection(&config
).is_err());
183 config
.base_dn
= "dc=example,dc=com".into();
185 config
.bind_password
= Some("invalid".into());
186 assert
!(check_connection(&config
).is_err());
187 config
.bind_password
= Some("password".into());
189 config
.bind_password
= None
;
190 assert
!(check_connection(&config
).is_err());