Implement channel bindings

Author: gpotter2

.config/ci/install.sh

@@ -37,12 +37,7 @@ then
   sudo apt-get -qy install can-utils || exit 1
   sudo apt-get -qy install linux-modules-extra-$(uname -r) || exit 1
   sudo apt-get -qy install samba smbclient
-  # For OpenLDAP, we need to pre-populate some setup questions
-  sudo debconf-set-selections <<< 'slapd slapd/password2 password Bonjour1'
-  sudo debconf-set-selections <<< 'slapd slapd/password1 password Bonjour1'
-  sudo debconf-set-selections <<< 'slapd slapd/domain string scapy.net'
-  sudo apt-get -qy install slapd
-  ldapadd -D "cn=admin,dc=scapy,dc=net" -w Bonjour1 -f $CUR/openldap-testdata.ldif -c
+  sudo bash $CUR/openldap/install.sh
   # Make sure libpcap is installed
   if [ ! -z $SCAPY_USE_LIBPCAP ]
   then

.config/ci/openldap-testdata.ldif

@@ -0,0 +1,26 @@
+# SPDX-License-Identifier: GPL-2.0-only
+# This file is part of Scapy
+
+# Contains the configuration of our OpenLDAP test server
+
+# Configure LDAPS
+dn: cn=config
+add: olcTLSCACertificateFile
+olcTLSCACertificateFile: {{CAFILE}}
+
+dn: cn=config
+add: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: {{KEYFILE}}
+
+dn: cn=config
+add: olcTLSCertificateFile
+olcTLSCertificateFile: {{CRTFILE}}
+
+dn: cn=config
+add: olcTLSVerifyClient
+olcTLSVerifyClient: never
+
+# Set channel bindings to 'tls-endpoint', like it would be on Windows
+dn: cn=config
+replace: olcSaslCbinding
+olcSaslCbinding: tls-endpoint

.config/ci/openldap/config.ldif

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# SPDX-License-Identifier: GPL-2.0-only
+# This file is part of Scapy
+# See https://scapy.net/ for more information
+
+# Install an OpenLDAP test server
+
+# Pre-populate some setup questions
+sudo debconf-set-selections <<< 'slapd slapd/password2 password Bonjour1'
+sudo debconf-set-selections <<< 'slapd slapd/password1 password Bonjour1'
+sudo debconf-set-selections <<< 'slapd slapd/domain string scapy.net'
+
+# Run setup
+sudo apt-get -qy install slapd
+
+# Enable LDAPs
+sudo sed -i '/^SLAPD_SERVICES/ c\SLAPD_SERVICES="ldap:/// ldapi:/// ldaps://"' /etc/default/slapd
+sudo service slapd restart
+
+# Copy config template and replace variables.
+CUR=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+openldap_conf=$(mktemp /tmp/scapy_openldapconf_XXXXXX.ldif)
+pkipath=$(realpath "$CUR/../../../test/scapy/layers/tls/pki")
+cp $CUR/config.ldif $openldap_conf
+sed -i "s@{{CAFILE}}@${pkipath}/ca_cert.pem@g" $openldap_conf
+sed -i "s@{{CRTFILE}}@${pkipath}/srv_cert.pem@g" $openldap_conf
+sed -i "s@{{KEYFILE}}@${pkipath}/srv_key.pem@g" $openldap_conf
+
+echo $openldap_conf
+
+sudo ldapmodify -Y EXTERNAL -H "ldapi:///" -w Bonjour1 -f $openldap_conf
+sudo ldapadd    -D "cn=admin,dc=scapy,dc=net" -w Bonjour1 -f $CUR/testdata.ldif -c

.config/ci/openldap/install.sh

@@ -0,0 +1,66 @@
+# SPDX-License-Identifier: OLDAP-2.8
+# This file is based on https://git.openldap.org/openldap/openldap/-/blob/master/tests/data/ppolicy.ldif?ref_type=heads
+# (renamed to dc=scapy, dc=net)
+
+dn: dc=scapy, dc=net
+objectClass: top
+objectClass: organization
+objectClass: dcObject
+o: Scapy
+dc: scapy
+
+dn: ou=People, dc=scapy, dc=net
+objectClass: top
+objectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups, dc=scapy, dc=net
+objectClass: organizationalUnit
+ou: Groups
+
+dn: cn=Policy Group, ou=Groups, dc=scapy, dc=net
+objectClass: groupOfNames
+cn: Policy Group
+member: uid=nd, ou=People, dc=scapy, dc=net
+owner: uid=ndadmin, ou=People, dc=scapy, dc=net
+
+dn: cn=Test Group, ou=Groups, dc=scapy, dc=net
+objectClass: groupOfNames
+cn: Policy Group
+member: uid=another, ou=People, dc=scapy, dc=net
+
+dn: ou=Policies, dc=scapy, dc=net
+objectClass: top
+objectClass: organizationalUnit
+ou: Policies
+
+dn: uid=nd, ou=People, dc=scapy, dc=net
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: Neil Dunbar
+uid: nd
+sn: Dunbar
+givenName: Neil
+userPassword: testpassword
+
+dn: uid=ndadmin, ou=People, dc=scapy, dc=net
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: Neil Dunbar (Admin)
+uid: ndadmin
+sn: Dunbar
+givenName: Neil
+userPassword: testpw
+
+dn: uid=another, ou=People, dc=scapy, dc=net
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: Another Test
+uid: another
+sn: Test
+givenName:  Another
+userPassword: testing
+