Merge branch 'master' into jammyjellyfish2204

# Conflicts: # setup/management.sh # setup/mods.available/connect-nextcloud-to-miab.sh # setup/start.sh # setup/webmail.sh # tests/lib/carddav.sh # tests/lib/system.sh # tests/system-setup/setup-defaults.sh # tests/system-setup/setup-funcs.sh # tests/system-setup/upgrade.sh
2026-03-12 17:07:23 +01:00 · 2022-09-05 10:17:17 -04:00
parent 549fdbf97a f6cd8f56c3
commit f63488aa1a
20 changed files with 494 additions and 17 deletions
--- a/tests/lib/carddav.sh
+++ b/tests/lib/carddav.sh
@@ -247,9 +247,7 @@ roundcube_force_carddav_refresh() {
    [ -z "$carddav_major" ] && carddav_major="3"

    if [ $carddav_major -eq 3 ]; then
-        if [ ! -e "$RCM_DIR/bin/carddav_refresh.sh" ]; then
-            echo "Please ignore the following errors about no such table carddav_addressbooks and carddav_migrations"
-        fi
+        # old version
        sync_script="$assets_dir/mail/roundcube/carddav_refresh_v3.sh"
    else
        sync_script="$assets_dir/mail/roundcube/carddav_refresh.sh"
@@ -261,6 +259,7 @@ roundcube_force_carddav_refresh() {
    fi
    
    pushd "$RCM_DIR" >/dev/null
+    echo "Please ignore errors about 'no such table carddav_addressbooks' and 'no such table carddav_migrations'"
    /usr/bin/php${PHP_VER} bin/carddav_refresh.sh "$user" "$pass"
    code=$?
    popd >/dev/null
--- a/tests/lib/installed-state.sh
+++ b/tests/lib/installed-state.sh
@@ -6,6 +6,29 @@
 # installations to a subsequent MiaB-LDAP upgrade
 #

+parse_miab_version_string() {
+    local tmpfile
+    tmpfile=$(mktemp)
+    awk -F- '
+/^v[0-9]+\./ { split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2; next }  
+
+$1 ~ /^v[0-9]+[a-z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"a"+1; print "RELEASE="; next }
+
+$1 ~ /^v[0-9]+[A-Z]$/ { print "MAJOR="substr($1,2,length($1)-2); print "MINOR="substr($1,length($1))-"A"+1; print "RELEASE="; next }
+
+$1 ~ /^v[0-9]+$/ { print "MAJOR="substr($1,2); print "MINOR="; print "RELEASE="; next } 
+
+{ exit 1 }' >> "$tmpfile" <<< "$1"
+    
+    if [ $? -ne 0 ]; then
+        rm -f "$tmpfile"
+        return 1
+    fi
+    source "$tmpfile"
+    rm -f "$tmpfile"
+    return 0
+}
+

 installed_state_capture() {
    # users and aliases
@@ -29,8 +52,25 @@ installed_state_capture() {
    fi
    H2 "create info.txt"
    echo "STATE_VERSION=1" > "$info"
-    echo "GIT_VERSION='$(git describe)'" >>"$info"
-    git describe | awk -F- '{ split($1,a,"."); print "MAJOR="substr(a[1],2); print "MINOR="a[2]; print "RELEASE="$2 }' >>"$info"
+    local gitver=$(git describe)
+    echo "GIT_VERSION='$gitver'" >>"$info"
+
+    if [ -z "$gitver" ]; then
+        # git: "No names found, cannot describe anything"
+        MAJOR=999
+        MINOR=
+        RELEASE=
+    else
+        parse_miab_version_string "$gitver"
+        if [ $? -ne 0 ]; then
+            echo "Unable to parse version string: '$gitver'"
+            return 1
+        fi
+    fi
+    echo "MAJOR=$MAJOR" >>"$info"
+    echo "MINOR=$MINOR" >>"$info"
+    echo "RELEASE=$RELEASE" >>"$info"
+    
    echo "GIT_ORIGIN='$(git remote -v | grep ^origin | grep 'fetch)$' | awk '{print $2}')'" >>"$info"
    echo "MIGRATION_VERSION=$([ -e "$STORAGE_ROOT/mailinabox.version" ] && cat "$STORAGE_ROOT/mailinabox.version")" >>"$info"
    echo "MIGRATION_ML_VERSION=$([ -e "$STORAGE_ROOT/mailinabox-ldap.version" ] && cat "$STORAGE_ROOT/mailinabox-ldap.version")" >>"$info"
@@ -85,14 +125,14 @@ installed_state_compare() {
    #
    source "$s1/info.txt"
    MAJOR_A="$MAJOR"
-    MINOR_A="$MINOR"
+    MINOR_A="${MINOR:-0}"
    RELEASE_A="${RELEASE:-0}"
    PROD_A="miab"
    grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_A="miabldap"
    
    source "$s2/info.txt"
    MAJOR_B="$MAJOR"
-    MINOR_B="$MINOR"
+    MINOR_B="${MINOR:-0}"
    RELEASE_B="${RELEASE:-0}"
    PROD_B="miab"
    grep "mailinabox-ldap" <<<"$GIT_ORIGIN" >/dev/null && PROD_B="miabldap"
--- a/tests/suites/ldap-access.sh
+++ b/tests/suites/ldap-access.sh
@@ -19,6 +19,10 @@
 #	   no anonymous binds to root DSE
 #	   no anonymous binds to database
 #
+# Exception: the nextcloud service account is allowed to change user
+# passwords until this issue is fixed:
+#
+#    https://github.com/nextcloud/server/issues/18406


 test_user_change_password() {
@@ -113,6 +117,30 @@ test_user_access() {
 }


+test_nextcloud_service_access() {
+	# The nextcloud service account is allowed to change user
+	# passwords until issue #18406 is fixed
+	test_start "nextcloud-service-access"
+
+	# create regular user with password "alice"
+	local alice="alice@somedomain.com"	  
+	create_user "alice@somedomain.com" "alice"
+	local alice_dn="$ATTR_DN"
+
+	# allowed: update userPassword of a user account
+	assert_w_access "$alice_dn" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" write "userPassword=$(slappasswd_hash "alice-new")"
+
+	# not allowed: update userPassword of service account
+	assert_w_access "$LDAP_POSTFIX_DN" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" no-write "userPassword=$(slappasswd_hash "test-new")"
+	
+	# not allowed: update userPassword of own account
+	assert_w_access "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_DN" "$LDAP_NEXTCLOUD_PASSWORD" no-write "userPassword=$(slappasswd_hash "test-new")"
+	
+	delete_user "$alice"
+	
+	test_end
+}
+

 test_service_change_password() {
 	# service accounts should not be able to change other user's
@@ -249,6 +277,7 @@ test_user_change_password
 test_user_access
 test_service_change_password
 test_service_access
+test_nextcloud_service_access
 test_root_dse
 test_anon_bind

--- a/tests/system-setup/upgrade.sh
+++ b/tests/system-setup/upgrade.sh
@@ -1,9 +1,9 @@
 #!/bin/bash

 # setup MiaB-LDAP by:
-#    1. installing older version of MiaB-LDAP
+#    1. installing a prior version of MiaB-LDAP
 #    2. adding some data (users/aliases/etc)
-#    3. upgrading to latest MiaB-LDAP
+#    3. upgrading to master branch version of MiaB-LDAP
 #
 # See setup-defaults.sh for usernames and passwords
 #