From e0fc560dd3d669077a4649c5b863acae3e916357 Mon Sep 17 00:00:00 2001 From: mlan Date: Fri, 15 Jan 2021 19:25:09 +0100 Subject: [PATCH] - [test](test) Update to use `mlan/openldap:2`. - [demo](demo) Update to use `mlan/openldap:2`. --- CHANGELOG.md | 5 + ROADMAP.md | 4 + demo/.env | 48 ++++--- demo/Makefile | 274 ++++++++++++++++---------------------- demo/ad.mk | 1 + demo/dkr.mk | 1 + demo/docker-compose.yml | 16 ++- demo/ssl.mk | 1 + test/.gitignore | 2 - test/Makefile | 150 ++++++++++----------- test/acme/.gitignore | 4 + test/ad.mk | 38 ++++++ test/bin/gen-acme-json.sh | 9 +- test/dkr.mk | 34 +++++ test/ssl.mk | 125 +++++++++++++++++ test/ssl/.gitignore | 4 + 16 files changed, 451 insertions(+), 265 deletions(-) create mode 120000 demo/ad.mk create mode 120000 demo/dkr.mk create mode 120000 demo/ssl.mk create mode 100644 test/acme/.gitignore create mode 100644 test/ad.mk create mode 100644 test/dkr.mk create mode 100644 test/ssl.mk create mode 100644 test/ssl/.gitignore diff --git a/CHANGELOG.md b/CHANGELOG.md index 027fb21..7d9eef7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +# 1.2.8 + +- [test](test) Update to use `mlan/openldap:2`. +- [demo](demo) Update to use `mlan/openldap:2`. + # 1.2.7 - [kopano](src/kopano/plugin/movetopublicldap.py) Add LDAP support to the [Move to public](https://documentation.kopano.io/kopanocore_administrator_manual/special_kc_configurations.html#move-to-public ) kopano-dagent python plugin. diff --git a/ROADMAP.md b/ROADMAP.md index 0754588..74c801f 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,5 +1,9 @@ # Road map +## demo + +- check mta-test_imap + ## kDAV Consider integrating support for kDAV which provides CalDAV and CardDAV. diff --git a/demo/.env b/demo/.env index 9099823..da46563 100644 --- a/demo/.env +++ b/demo/.env @@ -1,28 +1,34 @@ COMPOSE_PROJECT_NAME=demo SYSLOG_LEVEL=6 LOG_LEVEL=6 +AD_DEBUG=stats +AD_ADM_CN=admin +AD_ADM_PW=admin +AD_ADM_TEL=555-540-9637 +AD_ADM_TIT=System Admin +AD_BASE=dc=example,dc=com +AD_GRP_CN=team +AD_GRP_OB=kopano-group +AD_GRP_OU=groups +AD_PUB_CN=public +AD_ROOT_CN=admin +AD_ROOT_PW=secret +AD_SHR_CN=shared +AD_USR_AS=trial +AD_USR_CN=demo +AD_USR_OB=kopano-user +AD_USR_OU=users +AD_USR_PW=demo +AD_USR_TEL=555-439-2736 +AD_USR_TIT=First User +DKIM_SELECTOR=default MAIL_DOMAIN=example.com MAIL_SRV=mx -REGEX_ALIAS='/([^+]+)[+-].*@(.+)/ $1@$2' -DKIM_SELECTOR=default -SA_TAG_LEVEL_DEFLT=-999 -SA_DEBUG=0 -RAZOR_REGISTRATION= -LDAP_BASE=dc=example,dc=com -LDAP_USEROU=users -LDAP_USEROBJ=kopano-user -LDAP_USERFLT= -LDAP_GROUPOU=groups -LDAP_GROUPOBJ=kopano-group -LDAP_TEST_USER=demo -LDAP_TEST_USERPW=demo -LDAP_TEST_USERAS=trial -LDAP_TEST_ADMIN=admin -LDAP_TEST_ADMINPW=admin -LDAP_TEST_GROUP=team -LDAP_TEST_PUB=public -LDAP_TEST_SHR=shared -MYSQL_ROOT_PASSWORD=secret MYSQL_DATABASE=kopano -MYSQL_USER=kopano MYSQL_PASSWORD=secret +MYSQL_ROOT_PASSWORD=secret +MYSQL_USER=kopano +RAZOR_REGISTRATION= +REGEX_ALIAS='/([^+]+)[+-].*@(.+)/ $1@$2' +SA_DEBUG=0 +SA_TAG_LEVEL_DEFLT=-999 diff --git a/demo/Makefile b/demo/Makefile index 1a8526e..5379332 100644 --- a/demo/Makefile +++ b/demo/Makefile @@ -1,19 +1,23 @@ -include *.mk .env .init.env -srv_list ?= auth app db mta -curl_dbg ?= -v -s -_ip = $(shell docker inspect -f \ - '{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' \ - $(1) | head -n1) +SRV_LIST ?= auth app db mta -.PHONY: +AD_DOM ?= $(call ad_sub_dot, $(AD_BASE)) +AD_DC ?= $(call ad_cut_dot, 1, 1, $(AD_DOM)) + +SSL_O = $(MAIL_DOMAIN) +SSL_MAIL = auto +SSL_PASS = $(AD_USR_PW) +#SSL_TRST = $(SSL_SMIME) + +CURL_DBG ?= -v -s variables: make -pn | grep -A1 "^# makefile"| grep -v "^#\|^--" | sort | uniq test: all-test_quiet mta-test_smtp -init: up auth-init db-init mta-init app-init +init: up auth-init db-init app-down app-up mta-init app-init ps: docker-compose ps @@ -36,49 +40,52 @@ logs: images: docker-compose images -$(addsuffix -up,$(srv_list)): +$(addsuffix -up,$(SRV_LIST)): docker-compose up -d $(patsubst %-up,%,$@) -$(addsuffix -down,$(srv_list)): - docker-compose rm -s $(patsubst %-down,%,$@) +$(addsuffix -down,$(SRV_LIST)): + docker-compose rm -sf $(patsubst %-down,%,$@) -$(addsuffix -restart,$(srv_list)): +$(addsuffix -restart,$(SRV_LIST)): docker-compose restart $(patsubst %-restart,%,$@) -$(addsuffix -renew,$(srv_list)): +$(addsuffix -renew,$(SRV_LIST)): docker-compose rm -s $(patsubst %-renew,%,$@) docker-compose up -d $(patsubst %-renew,%,$@) -$(addsuffix -top,$(srv_list)): +$(addsuffix -top,$(SRV_LIST)): docker-compose top $(patsubst %-top,%,$@) -$(addsuffix -logs,$(srv_list)): +$(addsuffix -logs,$(SRV_LIST)): docker-compose logs $(patsubst %-logs,%,$@) -$(addsuffix -pull,$(srv_list)): +$(addsuffix -pull,$(SRV_LIST)): docker-compose pull $(patsubst %-pull,%,$@) -$(addsuffix -sh,$(srv_list)): +$(addsuffix -sh,$(SRV_LIST)): docker-compose exec $(patsubst %-sh,%,$@) sh -c 'exec $$(getent passwd root | sed "s/.*://g")' -$(addsuffix -env,$(srv_list)): +$(addsuffix -env,$(SRV_LIST)): docker-compose exec $(patsubst %-env,%,$@) env -$(addsuffix -sv,$(srv_list)): +$(addsuffix -sv,$(SRV_LIST)): docker-compose exec $(patsubst %-sv,%,$@) sh -c 'sv status $$SVDIR/*' -$(addsuffix -diff,$(srv_list)): +$(addsuffix -diff,$(SRV_LIST)): docker container diff $(COMPOSE_PROJECT_NAME)_$(patsubst %-diff,%,$@)_1 +$(addsuffix -hostaddr,$(SRV_LIST)): + $(eval myhost := $(call dkr_srv_ip,$(patsubst %-hostaddr,%,$@))) + wait_%: sleep $* web: - firefox localhost:8008 & + browse http://localhost:8008 & -auth-init: wait_11 auth-mod_conf auth-add_schema auth-add_data auth-add_sto +auth-init: wait_3 auth-mod_conf auth-add_schema auth-add_data -define LDIF_MOD_CONF +export define LDIF_MOD_CONF dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcPasswordHash @@ -94,117 +101,102 @@ changetype: modify add: olcDbIndex olcDbIndex: cn,ou,uid,mail eq endef -export LDIF_MOD_CONF -define LDIF_ADD_DATA -dn: ou=$(LDAP_USEROU),$(LDAP_BASE) -changetype: add -ou: $(LDAP_USEROU) -objectClass: top +export define LDIF_ADD_DATA +dn: $(AD_BASE) +objectClass: organization +objectClass: dcObject +dc: $(AD_DC) +o: $(AD_DOM) + +dn: ou=$(AD_USR_OU),$(AD_BASE) +ou: $(AD_USR_OU) objectClass: organizationalUnit -dn: ou=$(LDAP_GROUPOU),$(LDAP_BASE) -changetype: add -ou: $(LDAP_GROUPOU) -objectClass: top +dn: ou=$(AD_GRP_OU),$(AD_BASE) +ou: $(AD_GRP_OU) objectClass: organizationalUnit -dn: cn=$(LDAP_TEST_GROUP),ou=$(LDAP_GROUPOU),$(LDAP_BASE) -changetype: add -cn: $(LDAP_TEST_GROUP) -objectClass: top +dn: cn=$(AD_GRP_CN),ou=$(AD_GRP_OU),$(AD_BASE) +cn: $(AD_GRP_CN) objectClass: groupOfNames objectClass: kopano-group -member: uid=$(LDAP_TEST_ADMIN),ou=$(LDAP_USEROU),$(LDAP_BASE) -member: uid=$(LDAP_TEST_USER),ou=$(LDAP_USEROU),$(LDAP_BASE) -mail: $(LDAP_TEST_GROUP)@$(MAIL_DOMAIN) +member: uid=$(AD_ADM_CN),ou=$(AD_USR_OU),$(AD_BASE) +member: uid=$(AD_USR_CN),ou=$(AD_USR_OU),$(AD_BASE) +mail: $(AD_GRP_CN)@$(MAIL_DOMAIN) -dn: uid=$(LDAP_TEST_ADMIN),ou=$(LDAP_USEROU),$(LDAP_BASE) +dn: uid=$(AD_ADM_CN),ou=$(AD_USR_OU),$(AD_BASE) changetype: add -cn: $(LDAP_TEST_ADMIN) -objectClass: top +cn: $(AD_ADM_CN) objectClass: inetOrgPerson objectClass: kopano-user -sn: $(LDAP_TEST_ADMIN) -uid: $(LDAP_TEST_ADMIN) -mail: $(LDAP_TEST_ADMIN)@$(MAIL_DOMAIN) -userPassword: $(LDAP_TEST_ADMINPW) -telephoneNumber: 0123 987654321 -title: System Admin +sn: $(AD_ADM_CN) +uid: $(AD_ADM_CN) +mail: $(AD_ADM_CN)@$(MAIL_DOMAIN) +userPassword: $(AD_ADM_PW) +telephoneNumber: $(AD_ADM_TEL) +title: $(AD_ADM_TIT) kopanoAccount: 1 kopanoAdmin: 1 kopanoEnabledFeatures: imap kopanoEnabledFeatures: pop3 -dn: uid=$(LDAP_TEST_USER),ou=$(LDAP_USEROU),$(LDAP_BASE) +dn: uid=$(AD_USR_CN),ou=$(AD_USR_OU),$(AD_BASE) changetype: add -cn: $(LDAP_TEST_USER) -objectClass: top +cn: $(AD_USR_CN) objectClass: inetOrgPerson objectClass: kopano-user -sn: $(LDAP_TEST_USER) -uid: $(LDAP_TEST_USER) -mail: $(LDAP_TEST_USER)@$(MAIL_DOMAIN) -userPassword: $(LDAP_TEST_USERPW) -telephoneNumber: 0123 123456789 -title: First User +sn: $(AD_USR_CN) +uid: $(AD_USR_CN) +mail: $(AD_USR_CN)@$(MAIL_DOMAIN) +userPassword: $(AD_USR_PW) +telephoneNumber: $(AD_USR_TEL) +title: $(AD_USR_TIT) kopanoAccount: 1 -kopanoAliases: $(LDAP_TEST_USERAS)@$(MAIL_DOMAIN) +kopanoAliases: $(AD_USR_AS)@$(MAIL_DOMAIN) kopanoEnabledFeatures: imap kopanoEnabledFeatures: pop3 -endef -export LDIF_ADD_DATA -define LDIF_ADD_STO -dn: uid=$(LDAP_TEST_SHR),ou=$(LDAP_USEROU),$(LDAP_BASE) -changetype: add -cn: $(LDAP_TEST_SHR) -objectClass: top +dn: uid=$(AD_SHR_CN),ou=$(AD_USR_OU),$(AD_BASE) +cn: $(AD_SHR_CN) objectClass: inetOrgPerson objectClass: kopano-user -sn: $(LDAP_TEST_SHR) -uid: $(LDAP_TEST_SHR) -mail: $(LDAP_TEST_SHR)@$(MAIL_DOMAIN) +sn: $(AD_SHR_CN) +uid: $(AD_SHR_CN) +mail: $(AD_SHR_CN)@$(MAIL_DOMAIN) kopanoAccount: 1 kopanoSharedStoreOnly: 1 -dn: uid=$(LDAP_TEST_PUB),ou=$(LDAP_USEROU),$(LDAP_BASE) -changetype: add -cn: $(LDAP_TEST_PUB) -objectClass: top +dn: uid=$(AD_PUB_CN),ou=$(AD_USR_OU),$(AD_BASE) +cn: $(AD_PUB_CN) objectClass: inetOrgPerson objectClass: kopano-user -sn: $(LDAP_TEST_PUB) -uid: $(LDAP_TEST_PUB) -mail: $(LDAP_TEST_PUB)@$(MAIL_DOMAIN) +sn: $(AD_PUB_CN) +uid: $(AD_PUB_CN) +mail: $(AD_PUB_CN)@$(MAIL_DOMAIN) kopanoAccount: 1 kopanoHidden: 1 kopanoSharedStoreOnly: 1 kopanoResourceType: publicFolder:Public Stores/public - endef -export LDIF_ADD_STO auth-mod_conf: - echo "$$LDIF_MOD_CONF" | docker-compose exec -T auth ldap modify + echo "$$LDIF_MOD_CONF" | docker-compose exec -T auth ldapmodify -Q auth-add_data: - echo "$$LDIF_ADD_DATA" | docker-compose exec -T auth ldap modify - -auth-add_sto: - echo "$$LDIF_ADD_STO" | docker-compose exec -T auth ldap modify + echo "$$LDIF_ADD_DATA" | docker-compose exec -T auth ldapadd -Q auth-add_schema: docker-compose exec app zcat /usr/share/doc/kopano/kopano.ldif.gz \ - | docker-compose exec -T auth ldapadd -H ldapi://%2Fvar%2Frun%2Fopenldap%2Fldapi/ -Y EXTERNAL + | docker-compose exec -T auth ldapadd -Q auth-show_conf: - docker-compose exec auth ldap search -b cn=config "(cn=config)" - docker-compose exec auth ldap search -b cn=config olcDatabase={-1}frontend - docker-compose exec auth ldap search -b cn=config olcDatabase={1}mdb + docker-compose exec auth ldapsearch -QLLLb cn=config "(cn=config)" + docker-compose exec auth ldapsearch -QLLLb cn=config olcDatabase={-1}frontend + docker-compose exec auth ldapsearch -QLLLb cn=config olcDatabase={1}mdb auth-show_data: - docker-compose exec auth ldap search -b "$(LDAP_BASE)" + docker-compose exec auth ldapsearch -QLLL auth-show_cat0: docker-compose exec auth slapcat -n0 @@ -228,30 +220,30 @@ mta-bayes: docker-compose exec mta sh -c 'rm -f bayesian.database.gz && wget http://artinvoice.hu/spams/bayesian.database.gz && gunzip bayesian.database.gz && sa-learn --restore bayesian.database && chown -R amavis: /var/amavis/.spamassassin && rm -rf bayesian.database' mta-test_smtp: - printf "From: A tester \nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! You can receive email.\n" \ + printf "From: A tester \nTo: <$(AD_USR_CN)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! You can receive email.\n" \ | curl smtp://localhost -T - --mail-from test@example.biz \ - --mail-rcpt $(LDAP_TEST_USER)@$(MAIL_DOMAIN) $(curl_dbg) + --mail-rcpt $(AD_USR_CN)@$(MAIL_DOMAIN) $(CURL_DBG) mta-test_smtps: - printf "From: A tester \nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTPS test message\n\nGreat news! You can receive secure email.\n" \ + printf "From: A tester \nTo: <$(AD_USR_CN)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTPS test message\n\nGreat news! You can receive secure email.\n" \ | curl smtps://localhost -T - --mail-from test@example.biz -k \ - -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) \ - --mail-rcpt $(LDAP_TEST_USER)@$(MAIL_DOMAIN) $(curl_dbg) + -u $(AD_USR_CN):$(AD_USR_PW) \ + --mail-rcpt $(AD_USR_CN)@$(MAIL_DOMAIN) $(CURL_DBG) mta-test_smtp2: - printf "From: A info tester \nTo: <$(LDAP_TEST_USER)-info@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message \n\nGreat news! $(LDAP_TEST_USER)-info@$(MAIL_DOMAIN) can also receive email.\n" \ + printf "From: A info tester \nTo: <$(AD_USR_CN)-info@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message \n\nGreat news! $(AD_USR_CN)-info@$(MAIL_DOMAIN) can also receive email.\n" \ | curl smtp://localhost -T - --mail-from test@example.biz \ - --mail-rcpt $(LDAP_TEST_USER)@$(MAIL_DOMAIN) $(curl_dbg) + --mail-rcpt $(AD_USR_CN)@$(MAIL_DOMAIN) $(CURL_DBG) mta-test_shared: all-test_quiet - printf "From: A tester \nTo: <$(LDAP_TEST_SHR)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! A shared store can receive email.\n" \ + printf "From: A tester \nTo: <$(AD_SHR_CN)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! A shared store can receive email.\n" \ | curl smtp://localhost -T - --mail-from test@example.biz \ - --mail-rcpt $(LDAP_TEST_SHR)@$(MAIL_DOMAIN) $(curl_dbg) + --mail-rcpt $(AD_SHR_CN)@$(MAIL_DOMAIN) $(CURL_DBG) mta-test_public: all-test_quiet - printf "From: A tester \nTo: <$(LDAP_TEST_PUB)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! A public store can receive email.\n" \ + printf "From: A tester \nTo: <$(AD_PUB_CN)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A SMTP test message\n\nGreat news! A public store can receive email.\n" \ | curl smtp://localhost -T - --mail-from test@example.biz \ - --mail-rcpt $(LDAP_TEST_PUB)@$(MAIL_DOMAIN) $(curl_dbg) + --mail-rcpt $(AD_PUB_CN)@$(MAIL_DOMAIN) $(CURL_DBG) mta-razor: docker-compose exec mta run amavis_register_razor @@ -291,19 +283,16 @@ mta-show_mailq: mta-flush_mailq: docker-compose exec mta postqueue -f -mta-hostaddr: - $(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_mta_1)) - mta-test_auth: - docker-compose exec mta doveadm auth test $(LDAP_TEST_USER) $(LDAP_TEST_USERPW) + docker-compose exec mta doveadm auth test $(AD_USR_CN) $(AD_USR_PW) mta-test_imap: mta-hostaddr - curl imap://$(myhost) -X CAPABILITY - curl imap://$(myhost) -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) + curl imap://$(myhost) -X CAPABILITY $(CURL_DBG) + curl imap://$(myhost) -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) mta-test_rimap: docker-compose exec mta curl imap://app -X CAPABILITY - docker-compose exec mta curl imap://app -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) + docker-compose exec mta curl imap://app -u $(AD_USR_CN):$(AD_USR_PW) mta-test_ldap: mta-debugtools docker-compose exec mta ldapsearch -H ldap://auth:389 -xLLL -s base namingContexts @@ -323,7 +312,7 @@ db-gui-up: db-gui-down: docker rm -f db-gui || true -app-init: #wait_92 app-public_store +app-init: app-public_store app-create_smime app-debugtools: docker-compose exec app apt-get update @@ -333,54 +322,51 @@ app-debugtools: app-htop: app-debugtools docker-compose exec app htop -app-man_server: - docker-compose exec app man kopano-server.cfg - -app-man_ldap: - docker-compose exec app man kopano-ldap.cfg - -app-hostaddr: - $(eval myhost := $(call _ip,$(COMPOSE_PROJECT_NAME)_app_1)) - app-test_smtp: mta-test_smtp app-test_lmtp: app-hostaddr - printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester \nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(myhost) 2003 + printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(AD_USR_CN)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester \nTo: <$(AD_USR_CN)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A LMTP test message from me to you\n\nDelete me, please \n.\nQUIT\n" | nc -C $(myhost) 2003 app-test_all: all-test_muted app-test_imap app-test_pop3 app-test_ical app-test_imaps app-test_pop3s app-test_icals app-test_imap: app-hostaddr - curl imap://$(myhost) -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl imap://$(myhost) -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_imaps: app-hostaddr - curl imaps://$(myhost) -k -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl imaps://$(myhost) -k -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_pop3: app-hostaddr - curl pop3://$(myhost) -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl pop3://$(myhost) -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_pop3s: app-hostaddr - curl pop3s://$(myhost) -k -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl pop3s://$(myhost) -k -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_ical: app-hostaddr - curl http://$(myhost):8080 -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl http://$(myhost):8080 -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_icals: app-hostaddr - curl https://$(myhost):8443 -k -u $(LDAP_TEST_USER):$(LDAP_TEST_USERPW) $(curl_dbg) + curl https://$(myhost):8443 -k -u $(AD_USR_CN):$(AD_USR_PW) $(CURL_DBG) app-test_tls: app-hostaddr docker run --rm -it --network demo_backend drwetter/testssl.sh app:993 || true +app-test_oof1: + docker-compose exec app kopano-oof -u $(AD_USR_CN) -m 1 -t "Dunno when I return" + +app-test_oof0: + docker-compose exec app kopano-oof -u $(AD_USR_CN) -m 0 + app-show_user1: - docker-compose exec app kopano-admin --details $(LDAP_TEST_USER) + docker-compose exec app kopano-admin --details $(AD_USR_CN) app-show_user2: app-debugtools - docker-compose exec app ldapsearch -H ldap://auth:389 -xLLL -b $(LDAP_BASE) '*' + docker-compose exec app ldapsearch -H ldap://auth:389 -xLLL -b $(AD_BASE) '*' app-show_sync: docker-compose exec app z-push-top app-create_store: - docker-compose exec app kopano-admin --create-store $(LDAP_TEST_USER) + docker-compose exec app kopano-admin --create-store $(AD_USR_CN) app-public_store: docker-compose exec app kopano-storeadm -P @@ -388,44 +374,16 @@ app-public_store: $(addprefix app-parms_,archiver dagent gateway ical ldap search server spamd spooler): docker-compose exec app run list_parms $(patsubst app-parms_%,%,$@) -app-create_smime: all-create_smime ssl/ca.crt +app-create_smime: all-create_smime docker cp ssl/ca.crt $$(docker-compose ps -q app):/usr/local/share/ca-certificates/$(MAIL_DOMAIN)_CA.crt docker-compose exec app update-ca-certificates all-test_quiet: - $(eval curl_dbg := -s -S ) + $(eval CURL_DBG := -s -S ) all-test_muted: - $(eval curl_dbg := -s -S >/dev/null || true) + $(eval CURL_DBG := -s -S >/dev/null || true) -all-create_smime: ssl/$(LDAP_TEST_USER).smime.p12 +all-create_smime: ssl/$(AD_USR_CN).p12 -all-destroy_smime: - rm -rf ssl - -#.PRECIOUS: %.key %.crt %.smime.crt - -%.p12: %.crt - openssl pkcs12 -export -in $< -inkey $*.key -out $@ \ - -passout pass:$(LDAP_TEST_USERPW) - -%.csr: %.key - openssl req -new -key $< -out $@ \ - -subj "/O=$(MAIL_DOMAIN)/CN=$(LDAP_TEST_USER)/emailAddress=$(LDAP_TEST_USER)@$(MAIL_DOMAIN)" - -%.smime.crt: %.smime.csr ssl/ca.crt - openssl x509 -req -in $< -CA $(@D)/ca.crt -CAkey $(@D)/ca.key -out $@ \ - -setalias "Self Signed SMIME" -addtrust emailProtection \ - -addreject clientAuth -addreject serverAuth -trustout \ - -CAcreateserial - -%.crt: %.key - openssl req -x509 -batch -key $< -out $@ \ - -subj "/O=$(MAIL_DOMAIN)" - -%.key: ssl - openssl genrsa -out $@ - chmod a+r $@ - -ssl: - mkdir -p $@ +all-destroy_smime: ssl-destroy diff --git a/demo/ad.mk b/demo/ad.mk new file mode 120000 index 0000000..9d9f685 --- /dev/null +++ b/demo/ad.mk @@ -0,0 +1 @@ +../test/ad.mk \ No newline at end of file diff --git a/demo/dkr.mk b/demo/dkr.mk new file mode 120000 index 0000000..dd631ac --- /dev/null +++ b/demo/dkr.mk @@ -0,0 +1 @@ +../test/dkr.mk \ No newline at end of file diff --git a/demo/docker-compose.yml b/demo/docker-compose.yml index 8b74096..3cc8ac9 100644 --- a/demo/docker-compose.yml +++ b/demo/docker-compose.yml @@ -22,9 +22,9 @@ services: - LDAP_URI=ldap://auth:389/ - MYSQL_HOST=db - SMTP_SERVER=mta - - LDAP_SEARCH_BASE=${LDAP_BASE-dc=example,dc=com} - - LDAP_USER_TYPE_ATTRIBUTE_VALUE=${LDAP_USEROBJ-posixAccount} - - LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=${LDAP_GROUPOBJ-posixGroup} + - LDAP_SEARCH_BASE=${AD_BASE-dc=example,dc=com} + - LDAP_USER_TYPE_ATTRIBUTE_VALUE=${AD_USR_OB-kopano-user} + - LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=${AD_GRP_OB-kopano-group} - LDAP_GROUPMEMBERS_ATTRIBUTE_TYPE=dn - LDAP_PROPMAP= - DAGENT_PLUGINS=movetopublicldap @@ -67,8 +67,8 @@ services: - SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL-} - SMTP_TLS_WRAPPERMODE=${SMTP_TLS_WRAPPERMODE-no} - SMTPD_USE_TLS=yes - - LDAP_USER_BASE=ou=${LDAP_USEROU-users},${LDAP_BASE-dc=example,dc=com} - - LDAP_QUERY_FILTER_USER=(&(objectclass=${LDAP_USEROBJ-posixAccount})(mail=%s)) + - LDAP_USER_BASE=ou=${AD_USR_OU-users},${AD_BASE-dc=example,dc=com} + - LDAP_QUERY_FILTER_USER=(&(objectclass=${AD_USR_OB-kopano-user})(mail=%s)) - LDAP_QUERY_ATTRS_PASS=uid=user - REGEX_ALIAS=${REGEX_ALIAS-} - DKIM_SELECTOR=${DKIM_SELECTOR-default} @@ -100,11 +100,13 @@ services: - /etc/localtime:/etc/localtime:ro # Use host timezone auth: - image: mlan/openldap + image: mlan/openldap:2 networks: - backend + command: --root-cn ${AD_ROOT_CN-admin} --root-pw ${AD_ROOT_PW-secret} environment: - - LDAP_LOGLEVEL=parse + - LDAPBASE=${AD_BASE-dc=example,dc=com} + - LDAPDEBUG=${AD_DEBUG-parse} volumes: - auth:/srv - /etc/localtime:/etc/localtime:ro # Use host timezone diff --git a/demo/ssl.mk b/demo/ssl.mk new file mode 120000 index 0000000..a78a036 --- /dev/null +++ b/demo/ssl.mk @@ -0,0 +1 @@ +../test/ssl.mk \ No newline at end of file diff --git a/test/.gitignore b/test/.gitignore index 77d226c..ac1e2a4 100644 --- a/test/.gitignore +++ b/test/.gitignore @@ -1,3 +1 @@ local.* -ssl -acme diff --git a/test/Makefile b/test/Makefile index bd9dc62..e44eaf6 100644 --- a/test/Makefile +++ b/test/Makefile @@ -3,35 +3,19 @@ IMG_REPO ?= mlan/kopano IMG_VER ?= latest _ver = $(if $(findstring latest,$(1)),$(2),$(1)-$(2)) -_ip = $(shell docker inspect -f \ - '{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' \ - $(1) | head -n1) - -TST_NAME ?= test -SSL_KEYF ?= priv_key.pem -SSL_CRTF ?= cert.pem -SSL_CRTD ?= 30 -SSL_ACMF ?= acme.json -TST_SSLD ?= ssl -TST_ACMD ?= acme -TST_KEY ?= $(TST_SSLD)/$(SSL_KEYF) -TST_CERT ?= $(TST_SSLD)/$(SSL_CRTF) -TST_ACME ?= $(TST_ACMD)/$(SSL_ACMF) NET_NAME ?= test-net NET_ENV ?= --network $(NET_NAME) -LDAP_BAS ?= dc=example,dc=com -LDAP_UOU ?= users -LDAP_UOB ?= posixAccount -LDAP_GOU ?= groups -LDAP_FOU ?= "(&(objectclass=$(LDAP_UOB))(mail=%s))" -LDAP_FPW ?= "(&(objectclass=$(LDAP_UOB))(uid=%u))" -LDAP_APW ?= uid=user +AD_BASE ?= dc=example,dc=com +AD_DOM ?= $(call ad_sub_dot, $(AD_BASE)) +AD_DC ?= $(call ad_cut_dot, 1, 1, $(AD_DOM)) +AD_GRP_OU ?= groups +AD_USR_OB ?= kopano-user +AD_USR_OU ?= users +AD_USR_CN ?= hero +AD_USR_PW ?= enigma -MAIL_DOM ?= example.com -MAIL_US1 ?= hero -MAIL_PW1 ?= enigma MAIL_SUB ?= ~~~test~message~~~ MAIL_MSG ?= Enjoy! @@ -46,10 +30,10 @@ SQL_ENV ?= \ -e MYSQL_PASSWORD=$(SQL_PASS) \ APP_NAME ?= app -APP_IMG ?= -APP_FQDN ?= $(APP_NAME).$(MAIL_DOM) +APP_FQDN ?= $(APP_NAME).$(AD_DOM) +APP_CERT ?= ssl/$(APP_FQDN).crt +APP_KEY ?= ssl/$(APP_FQDN).key APP_VOL ?= -APP_SSLD ?= /etc/kopano/ssl APP_SLOG ?= 7 APP_ALOG ?= 6 APP_ENV ?= $(NET_ENV) $(SQL_ENV) \ @@ -58,9 +42,9 @@ APP_ENV ?= $(NET_ENV) $(SQL_ENV) \ -e MYSQL_HOST=$(DB_NAME) \ -e USER_PLUGIN=ldap \ -e LDAP_URI=ldap://$(AUT_NAME):389/ \ --e LDAP_SEARCH_BASE=$(LDAP_BAS) \ --e LDAP_USER_TYPE_ATTRIBUTE_VALUE=$(LDAP_UOB) \ --e LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=$(LDAP_GOU) \ +-e LDAP_SEARCH_BASE=$(AD_BASE) \ +-e LDAP_USER_TYPE_ATTRIBUTE_VALUE=$(AD_USR_OB) \ +-e LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=$(AD_GRP_OU) \ -e LDAP_PROPMAP= \ -e IMAP_LISTEN=*:143 \ -e POP3_LISTEN=*:110 \ @@ -73,21 +57,22 @@ APPS_ENV ?= $(APP_ENV) \ -e IMAPS_LISTEN=*:993 \ -e POP3S_LISTEN=*:995 \ -e ICALS_LISTEN=*:8443 -APPF_ENV ?= $(APPS_ENV) \ --v $(shell pwd)/$(TST_SSLD):/$(APP_SSLD) APPA_ENV ?= $(APPS_ENV) \ --v $(shell pwd)/$(TST_ACMD):/$(TST_ACMD) - -#-p "127.0.0.1:2003:2003" +-v $(shell pwd)/acme:/acme AUT_NAME ?= auth AUT_IMG ?= mlan/openldap -AUT_FQDN ?= $(AUT_NAME).$(MAIL_DOM) +AUT_FQDN ?= $(AUT_NAME).$(AD_DOM) AUT_VOL ?= AUT_ENV ?= $(NET_ENV) \ --name $(AUT_NAME) \ --hostname $(AUT_FQDN) +TAW_NAME ?= throwaway +TAW_ENV ?= --entrypoint /bin/bash \ +--name $(TAW_NAME) \ +--rm + CURL_OPT ?= -s -v CURL_IMG ?= curlimages/curl CURL_ENV ?= $(NET_ENV) \ @@ -95,7 +80,7 @@ CURL_ENV ?= $(NET_ENV) \ DB_NAME ?= db DB_IMG ?= mariadb -DB_FQDN ?= $(DB_NAME).$(MAIL_DOM) +DB_FQDN ?= $(DB_NAME).$(AD_DOM) DB_VOL ?= DB_CMD ?= --log_warnings=1 DB_ENV ?= $(NET_ENV) $(SQL_ENV) \ @@ -110,6 +95,33 @@ TST_W8S2 ?= 20 TST_W8L1 ?= 20 TST_W8L2 ?= 120 +export define LDIF_ADD_DATA +dn: $(AD_BASE) +objectClass: organization +objectClass: dcObject +dc: $(AD_DC) +o: $(AD_DOM) + +dn: ou=$(AD_USR_OU),$(AD_BASE) +objectClass: organizationalUnit +ou: $(AD_USR_OU) + +dn: ou=$(AD_GRP_OU),$(AD_BASE) +objectClass: organizationalUnit +ou: $(AD_GRP_OU) + +dn: uid=$(AD_USR_CN),ou=$(AD_USR_OU),$(AD_BASE) +objectClass: inetOrgPerson +objectClass: $(AD_USR_OB) +cn: $(AD_USR_CN) +sn: $(AD_USR_CN) +uid: $(AD_USR_CN) +mail: $(AD_USR_CN)@$(AD_DOM) +kopanoAccount: 1 +userPassword: $(AD_USR_PW) +endef + + variables: make -pn | grep -A1 "^# makefile"| grep -v "^#\|^--" | sort | uniq @@ -121,6 +133,7 @@ test-all: test-up_0 test_1 test_2 test_3 test_%: test-up_% test-waitl_% test-logs_% test-service_% test-down_% + test-pull: $(addprefix docker pull ,$(CURL_IMG); $(AUT_IMG); $(DB_IMG)) @@ -145,12 +158,12 @@ test-up_0: test-up-net sleep $(TST_W8S1) # # - # test (0) successful + # test (0) success ☺ # # # -test-up_1: test-up-net test-up-auth_1 +test-up_1: test-up-net test-up-deps_1 test-up-auth_1 # # # @@ -161,11 +174,9 @@ test-up_1: test-up-net test-up-auth_1 # recv: curl imap://app # # - docker run -d $(DB_ENV) $(DB_VOL) $(DB_IMG) $(DB_CMD) - sleep $(TST_W8L1) docker run -d $(APP_ENV) $(APP_VOL) $(IMG_REPO):$(call _ver,$(IMG_VER),core) -test-up_2: test-up-net test-up-auth_2 $(TST_CERT) +test-up_2: test-up-net test-up-deps_2 test-up-auth_2 # # # @@ -176,11 +187,9 @@ test-up_2: test-up-net test-up-auth_2 $(TST_CERT) # recv: curl imaps://app # # - docker run -d $(DB_ENV) $(DB_VOL) $(DB_IMG) $(DB_CMD) - sleep $(TST_W8L1) - docker run -d $(APPF_ENV) $(APP_VOL) $(IMG_REPO):$(call _ver,$(IMG_VER),core) + docker run -d $(APPS_ENV) $(APP_VOL) $(IMG_REPO):$(call _ver,$(IMG_VER),core) -test-up_3: test-up-net test-up-auth_3 $(TST_ACME) +test-up_3: test-up-net test-up-deps_3 test-up-auth_3 acme/acme.json # # # @@ -192,8 +201,6 @@ test-up_3: test-up-net test-up-auth_3 $(TST_ACME) # web: curl http://app # # - docker run -d $(DB_ENV) $(DB_VOL) $(DB_IMG) $(DB_CMD) - sleep $(TST_W8L1) docker run -d $(APPA_ENV) $(APP_VOL) $(IMG_REPO):$(call _ver,$(IMG_VER),full) test-up: test-up_1 @@ -203,7 +210,7 @@ test-service: test-service_0 test-service_%: test-pop3_% test-imap_% test-http_% # # - # test ($*) successful + # test ($*) success ☺ # # # @@ -230,19 +237,24 @@ test-down: test-down_0 docker network rm $(NET_NAME) 2>/dev/null || true test-down_%: - docker rm -fv $(APP_NAME) $(DB_NAME) $(AUT_NAME) 2>/dev/null || true - if [ $* -ge 0 ]; then sleep $(TST_W8S1); fi + @docker rm -fv $(APP_NAME) $(DB_NAME) $(AUT_NAME) $(TAW_NAME) 2>/dev/null || true + @if [ $* -ge 0 ]; then sleep $(TST_W8S1); fi + +test-up-deps_%: + docker run -d $(DB_ENV) $(DB_VOL) $(DB_IMG) $(DB_CMD) + docker run -d $(AUT_ENV) $(AUT_VOL) $(AUT_IMG) test-up-auth_%: - docker run -d $(AUT_ENV) $(AUT_VOL) $(AUT_IMG) sleep $(TST_W8L1) - printf "dn: ou=$(LDAP_UOU),$(LDAP_BAS)\nchangetype: add\nobjectClass: organizationalUnit\nobjectClass: top\nou: $(LDAP_UOU)\n\ndn: ou=$(LDAP_GOU),$(LDAP_BAS)\nchangetype: add\nobjectClass: organizationalUnit\nobjectClass: top\nou: $(LDAP_GOU)\n\ndn: uid=$(MAIL_US1),ou=$(LDAP_UOU),$(LDAP_BAS)\nchangetype: add\nobjectClass: top\nobjectClass: inetOrgPerson\nobjectClass: $(LDAP_UOB)\ncn: $(MAIL_US1)\nsn: $(MAIL_US1)\nuid: $(MAIL_US1)\nmail: $(MAIL_US1)@$(MAIL_DOM)\nuidNumber: 1234\ngidNumber: 1234\nhomeDirectory: /home/$(MAIL_US1)\nuserPassword: $(MAIL_PW1)\n" \ - | docker exec -i $(AUT_NAME) ldap modify + docker run $(TAW_ENV) $(IMG_REPO):$(call _ver,$(IMG_VER),core) \ + zcat /usr/share/doc/kopano/kopano.ldif.gz \ + | docker exec -i $(AUT_NAME) ldapadd -Q + echo "$$LDIF_ADD_DATA" | docker exec -i $(AUT_NAME) ldapadd -Q test-lmtp: test-lmtp_0 test-lmtp_%: - printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(MAIL_US1)@$(MAIL_DOM)>\nDATA\nFrom: A tester \nTo: <$(MAIL_US1)@$(MAIL_DOM)>\nDate: $$(date)\nSubject: $(MAIL_SUB)$*\n$(MAIL_MSG)$*\n.\nQUIT\n"\ - | nc -C $(call _ip,$(APP_NAME)) 2003 # > /dev/null + printf "LHLO mx\nMAIL FROM: \nRCPT TO: <$(AD_USR_CN)@$(AD_DOM)>\nDATA\nFrom: A tester \nTo: <$(AD_USR_CN)@$(AD_DOM)>\nDate: $$(date)\nSubject: $(MAIL_SUB)$*\n$(MAIL_MSG)$*\n.\nQUIT\n"\ + | nc -C $(call dkr_cnt_ip,$(APP_NAME)) 2003 # > /dev/null # | nc -C localhost 2003 # > /dev/null case $* in [1-3]) sleep $(TST_W8S1);; [4-9]) sleep $(TST_W8S2);; esac @@ -255,13 +267,13 @@ test-imap: test-imap_0 test-imaps: test-imap_9 test-imap_%: test-cfg_% test-lmtp_% docker run $(CURL_ENV) $(CURL_IMG) $(CURL_OPT) imap$(cfg_s)://$(APP_NAME)/inbox \ - --ssl --anyauth -k -X "fetch 1 all" -u $(MAIL_US1):$(MAIL_PW1) | grep $(GREP_ENV) $(MAIL_SUB)$* + --ssl --anyauth -k -X "fetch 1 all" -u $(AD_USR_CN):$(AD_USR_PW) | grep $(GREP_ENV) $(MAIL_SUB)$* test-pop3: test-pop3_0 test-pop3s: test-pop3_9 test-pop3_%: test-cfg_% test-lmtp_% docker run $(CURL_ENV) $(CURL_IMG) $(CURL_OPT) pop3$(cfg_s)://$(APP_NAME)/1 \ - --ssl --anyauth -k -u $(MAIL_US1):$(MAIL_PW1) | grep $(GREP_ENV) $(MAIL_SUB)$* + --ssl --anyauth -k -u $(AD_USR_CN):$(AD_USR_PW) | grep $(GREP_ENV) $(MAIL_SUB)$* test-http: test-http_9 test-http_%: test-cfg_% @@ -295,22 +307,8 @@ test-htop: test-debugtools test-tls: #--starttls imap docker run --rm -it $(NET_ENV) drwetter/testssl.sh $(APP_NAME):993 || true -test-ssl-gen: $(TST_ACME) +acme-destroy: ssl-destroy + rm -f acme/* -test-ssl-rm: - rm -rf $(TST_SSLD) $(TST_ACMD) -# rm $(TST_KEY) $(TST_CRT) $(TST_ACME) - -$(TST_ACME): $(TST_ACMD) $(TST_CERT) - bin/gen-acme-json.sh $(MAIL_US1)@$(MAIL_DOM) $(APP_FQDN) $(TST_KEY) $(TST_CERT) > $(TST_ACME) - -$(TST_CERT): $(TST_KEY) - openssl req -x509 -utf8 -new -batch -days $(SSL_CRTD) \ - -subj "/CN=$(APP_FQDN)" -key $(TST_KEY) -out $@ - -$(TST_KEY): $(TST_SSLD) - openssl genrsa -out $@ - chmod a+r $@ - -$(TST_SSLD) $(TST_ACMD): - mkdir -p $@ +acme/acme.json: $(APP_CERT) + bin/gen-acme-json.sh $(AD_USR_CN)@$(AD_DOM) $(APP_FQDN) $(APP_KEY) $(APP_CERT) > $@ diff --git a/test/acme/.gitignore b/test/acme/.gitignore new file mode 100644 index 0000000..5e7d273 --- /dev/null +++ b/test/acme/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/test/ad.mk b/test/ad.mk new file mode 100644 index 0000000..cbd0467 --- /dev/null +++ b/test/ad.mk @@ -0,0 +1,38 @@ +# ad.mk +# +# AD and LDAP make-functions +# + +# +# chars +# +char_null := +char_space := $(char_null) # +char_comma := , +char_dot := . +char_colon := : + +# +# $(call ad_sub_dc,example.com) -> dc=example,dc=com +# +ad_sub_dc = $(subst $(char_space),$(char_comma),$(addprefix dc=, $(subst ., ,$(1)))) +# +# $(call ad_sub_dot,dc=example,dc=com) -> example.com +# +ad_sub_dot = $(subst $(char_comma)dc=,$(char_dot),$(patsubst dc=%,%,$(1))) +# +# $(call ad_cat_dn,admin,dc=example,dc=com) -> cn=admin,dc=example,dc=com +# +ad_cat_dn = cn=$(1),$(2) +# +# $(call ad_cut_dot,1,1,example.com) -> example +# +ad_cut_dot = $(subst $(char_space),$(char_dot),$(wordlist $(1), $(2), $(subst $(char_dot),$(char_space),$(3)))) +# +# $(call ad_rootdc,2,9,adm.dom.org:secret) -> dom.org +# +ad_rootdc = $(subst $(char_space),$(char_dot),$(wordlist $(1), $(2), $(subst $(char_dot),$(char_space),$(firstword $(subst $(char_colon),$(char_space),$(3)))))) +# +# $(call ad_rootpw,adm.dom.org:secret) -> secret +# +ad_rootpw = $(lastword $(subst $(char_colon),$(char_space),$(1))) diff --git a/test/bin/gen-acme-json.sh b/test/bin/gen-acme-json.sh index 7488d6c..38e76f4 100755 --- a/test/bin/gen-acme-json.sh +++ b/test/bin/gen-acme-json.sh @@ -5,6 +5,13 @@ host=$2 keyfile=$3 certfile=$4 +# +# The "PrivateKey": attribute needs a PKCS#1 key without tags and line breaks +# "openssl req -newkey rsa" generates a key stored in PKCS#8 so needs conversion +# +#acme_strip_tag() { openssl rsa -in $1 | sed '/^-----/d' | sed ':a;N;$!ba;s/\n//g' ;} +acme_strip_tag() { sed '/^-----/d' $1 | sed ':a;N;$!ba;s/\n//g' ;} + cat <<-!cat { "Account": { @@ -18,7 +25,7 @@ cat <<-!cat }, "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/$RANDOM" }, - "PrivateKey": "$(sed '/^-----/d' $keyfile | sed ':a;N;$!ba;s/\n//g')", + "PrivateKey": "$(acme_strip_tag $keyfile)", "KeyType": "2048" }, "Certificates": [ diff --git a/test/dkr.mk b/test/dkr.mk new file mode 100644 index 0000000..f348ffc --- /dev/null +++ b/test/dkr.mk @@ -0,0 +1,34 @@ +# dkr.mk +# +# Container make-functions +# + +# +# $(call dkr_srv_cnt,app) -> d03dda046e0b90c... +# +dkr_srv_cnt = $(shell docker-compose ps -q $(1) | head -n1) +# +# $(call dkr_cnt_ip,demo_app_1) -> 172.28.0.3 +# +dkr_cnt_ip = $(shell docker inspect -f \ + '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' \ + $(1) | head -n1) +# +# $(call dkr_srv_ip,app) -> 172.28.0.3 +# +dkr_srv_ip = $(shell docker inspect -f \ + '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' \ + $$(docker-compose ps -q $(1)) | head -n1) +# +#cnt_ip_old = $(shell docker inspect -f \ +# '{{range .NetworkSettings.Networks}}{{println .IPAddress}}{{end}}' \ +# $(1) | head -n1) + +# +# List IPs of containers +# +ip-list: + @for srv in $$(docker ps --format "{{.Names}}"); do \ + echo $$srv $$(docker inspect -f \ + '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $$srv); \ + done | column -t diff --git a/test/ssl.mk b/test/ssl.mk new file mode 100644 index 0000000..9d6ef1f --- /dev/null +++ b/test/ssl.mk @@ -0,0 +1,125 @@ +# ssl.mk +# +# SSL and TLS make-functions +# + +SSL_O ?= example.com +SSL_KEY ?= rsa:2048 # rsa:2048 rsa:4096 +SSL_MAIL ?= +SSL_PASS ?= secret +SSL_SAN ?= +SSL_TRST ?= + +# +# Usage: OpenLDAP +# +#SSL_O = $(AD_DOM) +#target: ssl/auth.crt ssl/demo.crt + +# +# Usage: SMIME +# +#SSL_O = $(MAIL_DOMAIN) +#SSL_MAIL = auto +#SSL_PASS = $(AD_USR_PW) +##SSL_TRST = $(SSL_SMIME) +#target: ssl/$(AD_USR_CN)@$(MAIL_DOMAIN).p12 +SSL_SMIME = -setalias "Self Signed SMIME" -addtrust emailProtection \ + -addreject clientAuth -addreject serverAuth + +# +# Usage: SUbject Alternate Name SAN +# +#SSL_O = example.com +#SSL_SAN = "subjectAltName=DNS:auth,DNS:*.docker" +#target: ssl/auth.crt + + +# +# $(call ssl_subj,root,example.com,) -> -subj "/CN=root/O=example.com" +# $(call ssl_subj,root,example.com,auto) -> -subj "/CN=root/O=example.com/emailAddress=root@example.com" +# $(call ssl_subj,root,example.com,admin@my.org) -> -subj "/CN=root/O=example.com/emailAddress=admin@my.org" +# +ssl_subj = -subj "/CN=$(1)/O=$(2)$(if $(3),/emailAddress=$(if $(findstring @,$(3)),$(3),$(1)@$(2)),)" + +# +# $(call ssl_extfile,"subjectAltName=DNS:auth") -> -extfile <(printf "subjectAltName=DNS:auth") +# +ssl_extfile = $(if $(1),-extfile <(printf $(1)),) + + +.PRECIOUS: %.crt %.csr %.key +SHELL = /bin/bash + +# +# Personal information exchange file PKCS#12 +# +%.p12: %.crt + openssl pkcs12 -export -in $< -inkey $*.key -out $@ \ + -passout pass:$(SSL_PASS) + +# +# Certificate PEM +# +%.crt: %.csr ssl/ca.crt + openssl x509 -req -in $< -CA $(@D)/ca.crt -CAkey $(@D)/ca.key -out $@ \ + $(call ssl_extfile,$(SSL_SAN)) $(SSL_TRST) -CAcreateserial + +# +# Certificate signing request PEM +# +%.csr: ssl + openssl req -new -newkey $(SSL_KEY) -nodes -keyout $*.key -out $@ \ + $(call ssl_subj,$(*F),$(SSL_O),$(SSL_MAIL)) + +# +# Certificate authority certificate PEM +# +ssl/ca.crt: ssl + openssl req -x509 -new -newkey $(SSL_KEY) -nodes -keyout ssl/ca.key -out $@ \ + $(call ssl_subj,root,$(SSL_O),$(SSL_MAIL)) + +# +# SSL directory +# +ssl: + mkdir -p $@ + +# +# Remove all files in SSL directory +# +ssl-destroy: + rm -f ssl/* + +# +# Inspect all files in SSL directory +# +ssl-list: + @for file in $$(ls ssl/*); do \ + case $$file in \ + *.crt) \ + printf "\e[33;1m%s\e[0m\n" $$file; \ + openssl x509 -noout -issuer -subject -ext basicConstraints,keyUsage,extendedKeyUsage,subjectAltName -in $$file;; \ + *.csr) \ + printf "\e[33;1m%s\e[0m\n" $$file; \ + openssl req -noout -subject -in $$file;; \ + *.key) \ + printf "\e[33;1m%s\e[0m\n" $$file; \ + openssl rsa -text -noout -in $$file | head -n 1;; \ + esac \ + done + +ssl-inspect: + @for file in $$(ls ssl/*); do \ + case $$file in \ + *.crt) \ + printf "\e[33;1m%s\e[0m " $$file; \ + openssl x509 -text -noout -certopt no_sigdump,no_pubkey -in $$file;; \ + *.csr) \ + printf "\e[33;1m%s\e[0m " $$file; \ + openssl req -text -noout -reqopt no_sigdump,no_pubkey,ext_default -in $$file;; \ + *.key) \ + printf "\e[33;1m%s\e[0m " $$file; \ + openssl rsa -text -noout -in $$file | head -n 1;; \ + esac \ + done diff --git a/test/ssl/.gitignore b/test/ssl/.gitignore new file mode 100644 index 0000000..5e7d273 --- /dev/null +++ b/test/ssl/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore