]> git.proxmox.com Git - proxmox.git/blob - proxmox-ldap/tests/glauth.rs
projects / proxmox.git / blob
? search:


88875d207942566121379e50a6dde42727e8c849
[proxmox.git] / proxmox-ldap / tests / glauth.rs
1 use std::{
2 process::{Child, Command, Stdio},
3 thread::sleep,
4 time::Duration,
5 };
6
7 use anyhow::{Context, Error};
8 use proxmox_ldap::*;
9
10 struct GlauthServer {
11 handle: Child,
12 }
13
14 impl GlauthServer {
15 fn new(path: &str) -> Result<Self, Error> {
16 let glauth_bin = std::env::var("GLAUTH_BIN").context("GLAUTH_BIN is not set")?;
17 let handle = Command::new(&glauth_bin)
18 .arg("-c")
19 .arg(path)
20 .stdin(Stdio::null())
21 .stdout(Stdio::null())
22 .stderr(Stdio::null())
23 .spawn()
24 .context("Could not start glauth process")?;
25
26 // Make 'sure' that glauth is up
27 sleep(Duration::from_secs(1));
28
29 Ok(Self { handle })
30 }
31 }
32
33 impl Drop for GlauthServer {
34 fn drop(&mut self) {
35 self.handle.kill().ok();
36 }
37 }
38
39 fn authenticate(con: &Connection, user: &str, pass: &str) -> Result<(), Error> {
40 proxmox_async::runtime::block_on(con.authenticate_user(user, pass))
41 }
42
43 fn check_connection(config: &Config) -> Result<(), Error> {
44 let connection = Connection::new(config.clone());
45 proxmox_async::runtime::block_on(connection.check_connection())
46 }
47
48 fn default_config() -> Config {
49 Config {
50 servers: vec!["localhost".into()],
51 port: Some(3893),
52 user_attr: "cn".into(),
53 base_dn: "dc=example,dc=com".into(),
54 bind_dn: Some("cn=serviceuser,ou=svcaccts,dc=example,dc=com".into()),
55 bind_password: Some("password".into()),
56 tls_mode: ConnectionMode::Ldap,
57 verify_certificate: false,
58 additional_trusted_certificates: None,
59 certificate_store_path: Some("/etc/ssl/certs".into()),
60 }
61 }
62
63 #[test]
64 #[ignore]
65 fn test_authentication() -> Result<(), Error> {
66 let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
67
68 let connection = Connection::new(default_config());
69
70 assert!(authenticate(&connection, "test1", "password").is_ok());
71 assert!(authenticate(&connection, "test2", "password").is_ok());
72 assert!(authenticate(&connection, "test3", "password").is_ok());
73 assert!(authenticate(&connection, "test1", "invalid").is_err());
74 assert!(authenticate(&connection, "invalid", "password").is_err());
75
76 Ok(())
77 }
78
79 #[test]
80 #[ignore]
81 fn test_authentication_via_ipv6() -> Result<(), Error> {
82 let _glauth = GlauthServer::new("tests/assets/glauth_v6.cfg")?;
83
84 let settings = Config {
85 servers: vec!["[::1]".into()],
86 ..default_config()
87 };
88
89 let connection = Connection::new(settings);
90
91 assert!(authenticate(&connection, "test1", "password").is_ok());
92
93 Ok(())
94 }
95
96 #[test]
97 #[ignore]
98 fn test_authentication_via_ldaps() -> Result<(), Error> {
99 let settings = Config {
100 port: Some(3894),
101 tls_mode: ConnectionMode::Ldaps,
102 verify_certificate: true,
103 additional_trusted_certificates: Some(vec!["tests/assets/glauth.crt".into()]),
104 ..default_config()
105 };
106
107 let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
108
109 let connection = Connection::new(settings);
110
111 assert!(authenticate(&connection, "test1", "password").is_ok());
112 assert!(authenticate(&connection, "test1", "invalid").is_err());
113
114 Ok(())
115 }
116
117 #[test]
118 #[ignore]
119 fn test_fallback() -> Result<(), Error> {
120 let settings = Config {
121 servers: vec!["invalid.host".into(), "localhost".into()],
122 ..default_config()
123 };
124
125 let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
126
127 let connection = Connection::new(settings);
128 assert!(authenticate(&connection, "test1", "password").is_ok());
129
130 Ok(())
131 }
132
133 #[test]
134 #[ignore]
135 fn test_search() -> Result<(), Error> {
136 let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
137
138 let connection = Connection::new(default_config());
139
140 let params = SearchParameters {
141 attributes: vec!["cn".into(), "mail".into(), "sn".into()],
142 user_classes: vec!["posixAccount".into()],
143 user_filter: Some("(cn=test*)".into()),
144 };
145
146 let search_results = proxmox_async::runtime::block_on(connection.search_entities(&params))?;
147
148 assert_eq!(search_results.len(), 3);
149
150 for a in search_results {
151 assert!(a.dn.starts_with("cn=test"));
152 assert!(a.dn.ends_with("ou=testgroup,ou=users,dc=example,dc=com"));
153
154 assert!(a
155 .attributes
156 .get("mail")
157 .unwrap()
158 .get(0)
159 .unwrap()
160 .ends_with("@example.com"));
161 assert!(a
162 .attributes
163 .get("sn")
164 .unwrap()
165 .get(0)
166 .unwrap()
167 .eq("User".into()));
168 }
169
170 Ok(())
171 }
172
173 #[test]
174 #[ignore]
175 fn test_check_connection() -> Result<(), Error> {
176 let _glauth = GlauthServer::new("tests/assets/glauth.cfg")?;
177
178 let mut config = default_config();
179 assert!(check_connection(&config).is_ok());
180
181 config.base_dn = "dc=invalid,dc=com".into();
182 assert!(check_connection(&config).is_err());
183 config.base_dn = "dc=example,dc=com".into();
184
185 config.bind_password = Some("invalid".into());
186 assert!(check_connection(&config).is_err());
187 config.bind_password = Some("password".into());
188
189 config.bind_password = None;
190 assert!(check_connection(&config).is_err());
191
192 Ok(())
193 }
RUST base library for proxmox