security_deprecated_schemes.xml revision d81978a0815d5b8a75633c35e3e1f8708d36f017
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2006-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="deprecated_schemes"/>
<function name="deprecated_schemes">
<!---
Place suite-specific test information here.
#@TestSuiteName Deprecated Schemes
#@TestSuitePurpose Test the support for deprecated password schemes.
#@TestSuiteGroup Deprecated Password Storage Scheme Tests
#@TestScript security_deprecated_schemes.xml
-->
<sequence>
<!--- Test case: Admin Add Three Additional Pwd Storage Schemes -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Deprecated Schemes Preamble
#@TestIssue 323
#@TestPurpose Prepare to deprecate MD5 scheme
#@TestPreamble none
#@TestStep Admin Adding 3 Pwd Storage Schemes,
MD5, SSHA256, and BASE64.
#@TestStep User Change Password.
#@TestStep Check MD5 Scheme Before Deprecating.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations and a user password
is successfully stored in the MD5 scheme.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: Preamble Step 1. Admin Adding 3 Pwd Storage Schemes'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'MD5' ,
'modifyType' : 'add' }
</call>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Base64' ,
'modifyType' : 'add' }
</call>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-256' ,
'modifyType' : 'add' }
</call>
<message>
'Security: Deprecated Pwd Schemes: Preamble Step 2. User Change Password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'squatted' ,
'DNToModify' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'squinted' ,
'changetype' : 'replace' }
</call>
<message>
'Security: Deprecating Pwd Schemes: Preamble Step 3. Checking for MD5 Scheme Before Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'MD5' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Admin Deprecate MD5 Scheme-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Admin Deprecate MD5
#@TestIssue 323
#@TestPurpose Deprecate MD5 scheme
#@TestPreamble none
#@TestStep Admin Deprecate MD5 Scheme.
#@TestStep Admin Remove MD5 Scheme From Default.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Admin Deprecate MD5')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: Admin Deprecating MD5 Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'deprecated-password-storage-scheme' ,
'attributeValue' : 'MD5' }
</call>
<message>
'Security: Deprecated Pwd Schemes: Admin Removing MD5 Scheme From Default'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'DNToModify' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'attributeName' : 'ds-cfg-default-password-storage-scheme' ,
'newAttributeValue' : 'cn=MD5,cn=Password Storage Schemes,cn=config' ,
'changetype' : 'delete' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Bind -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName User Bind
#@TestIssue 323
#@TestPurpose Test a user bind.
#@TestPreamble none
#@TestStep User binds.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user binds successfully.
-->
<testcase name="getTestCaseName('Deprecated Schemes - User Bind')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecated Pwd Schemes: User Binding'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'squinted' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that MD5 hashed password was deleted from from user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For MD5 Password Deletion
#@TestIssue 323
#@TestPurpose Test to determine if the user password in MD5 scheme was deleted.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {MD5}, is not found
in the userpassword.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Deletion')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for MD5 Hashed Pwd After Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestStringNotPresent'">
{ 'returnString' : returnString ,
'testString' : 'MD5' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check that other schemes were not deleted from from user's entry-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For SSHA256 Password Deletion
#@TestIssue 323
#@TestPurpose Test to determine if the user password in SSHA256 scheme was deleted.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {SSHA256}, is found
in the userpassword.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Non-Deletions - SSHA256')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for SSHA256 Hashed Pwd After Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'SSHA256' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Check For BASE64 Password Deletion
#@TestIssue 323
#@TestPurpose Test to determine if the user password in Base64 scheme was deleted.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry.
#@TestPostamble none
#@TestResult Success if the prefix string, {BASE64}, is found
in the userpassword.
-->
<testcase name="getTestCaseName('Deprecated Schemes - Check For Non-Deletions - BASE64')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Checking for BASE64 Hashed Pwd After Deprecating'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=tmason,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'BASE64' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin Reset To SSHA Storage Scheme -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Deprecated Schemes
#@TestName Deprecated Schemes Postamble
#@TestIssue 323
#@TestPurpose Reset back to the default SSHA storage scheme.
#@TestPreamble none
#@TestStep Admin reset the password policy to SSHA password scheme.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
-->
<testcase name="getTestCaseName('Deprecated Schemes - Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Deprecating Pwd Schemes: Postamble - Admin Resetting to SSHA Storage Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>