security_multiple_schemes.xml revision d25372dc8e65a9ed019a88fdf659ca61313f1b31
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
! add the following below this CDDL HEADER, with the fields enclosed
! by brackets "[]" replaced with your own identifying information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
! Copyright 2006-2008 Sun Microsystems, Inc.
! -->
<stax>
<defaultcall function="multiple_schemes"/>
<function name="multiple_schemes">
<!---
Place suite-specific test information here.
#@TestSuiteName Multiple Schemes
#@TestSuitePurpose Test the support for multiple password schemes.
#@TestSuiteGroup Multiple Password Storage Scheme Tests
#@TestScript security_multiple_schemes.xml
-->
<sequence>
<!--- Test case: Admin Add Base64 Storage Scheme -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName Multiple Schemes Preamble
#@TestIssue 322
#@TestPurpose Add BASE64 password scheme
#@TestPreamble none
#@TestStep Admin deletes Salted SHA-1.
#@TestStep Admin creates new Salted SHA-1.
#@TestStep Admin adds new Salted SHA-1 to default storage scheme of the Default Password Policy.
#@TestStep Admin add palin SHA-1.
#@TestStep Admin add BASE64.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
for all operations.
-->
<testcase name="getTestCaseName('Multiple Schemes - Preamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Preamble - Admin deleting Salted SHA-1 storage scheme'
</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'delete-password-storage-scheme' ,
'objectType' : 'scheme-name' ,
'objectName' : 'Salted SHA-1',
'expectedRC' : 0 }
</call>
<message>
'Security: Multiple Pwd Schemes: Preamble - Admin creating new storage scheme'
</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'create-password-storage-scheme' ,
'objectType' : 'scheme-name' ,
'objectName' : 'Custom Salted SHA-1',
'optionsString' : '--type salted-sha1 --set enabled:true ',
'expectedRC' : 0 }
</call>
<message>
'Security: Multiple Pwd Schemes: Preamble - Admin adding new storage scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Custom Salted SHA-1' }
</call>
<message>
'Security: Multiple Pwd Schemes: Preamble - Admin adding SHA-1 storage scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'SHA-1' ,
'modifyType' : 'add' }
</call>
<message>
'Security: Multiple Pwd Schemes: Preamble - Admin adding BASE64 storage scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Base64' ,
'modifyType' : 'add' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check for Multi-value for Pwd Schemes - SSHA-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName Check for SSHA Password Scheme
#@TestIssue 322
#@TestPurpose Test for the default SSHA scheme in the password policy
#@TestPreamble none
#@TestStep Admin retrieve the value for
ds-cfg-default-password-storage-scheme.
#@TestPostamble none
#@TestResult Success if the string, "SSHA",
is part of the return string.
-->
<testcase name="getTestCaseName('Multiple Schemes - Check Pwd Schemes - Custom SSHA')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Checking for Password Schemes - Custom SSHA'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-default-password-storage-scheme' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'cn=Custom Salted SHA-1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check for Multi-value for Pwd Schemes - BASE64-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName Check for BASE64 Password Scheme
#@TestIssue 322
#@TestPurpose Test for the BASE64 scheme in the password policy
#@TestPreamble none
#@TestStep Admin retrieve the value for
ds-cfg-default-password-storage-scheme.
#@TestPostamble none
#@TestResult Success if the string, "BASE64",
is part of the return string.
-->
<testcase name="getTestCaseName('Multiple Schemes - Check Pwd Schemes - BASE64')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Checking for Password Schemes - BASE64'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-default-password-storage-scheme' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'cn=Base64' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : Check for Multi-value for Pwd Schemes - BASE64-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName Check for SHA-1 Password Scheme
#@TestIssue 322
#@TestPurpose Test for the SHA-1 scheme in the password policy
#@TestPreamble none
#@TestStep Admin retrieve the value for
ds-cfg-default-password-storage-scheme.
#@TestPostamble none
#@TestResult Success if the string, "SHA-1",
is part of the return string.
-->
<testcase name="getTestCaseName('Multiple Schemes - Check Pwd Schemes - SHA-1')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Checking for Password Schemes - SHA-1'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'cn=Default Password Policy,cn=Password Policies,cn=config' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'ds-cfg-default-password-storage-scheme' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : 'cn=SHA-1' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Change Password Multiple Schemes-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName user Password Change
#@TestIssue 322
#@TestPurpose Test that a user's password is stored in the new schemes.
#@TestPreamble none
#@TestStep User changes his password.
#@TestStep User binds with new password.
#@TestStep Admin retrieves userpassword from user entry and
checks for the prefix string {SSHA}.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user password is stored in both
SSHA scheme.
-->
<testcase name="getTestCaseName('Multiple Schemes - Pwd Change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: User Changing Password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'oranges' ,
'DNToModify' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'manyoranges' ,
'changetype' : 'replace' }
</call>
<message>
'Security: Multiple Pwd Schemes: User Binding With New Password'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'manyoranges' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<message>
'Security: Multiple Pwd Schemes: Checking for SSHA Scheme On New Password'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : '{SSHA}' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName User Password Change
#@TestIssue 322
#@TestPurpose Test that a user's password is stored in the new schemes.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry and
checks for the prefix string {BASE64}.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user password is stored in
BASE64 scheme.
-->
<testcase name="getTestCaseName('Multiple Schemes - Check for Second Scheme On Pwd Change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Checking for BASE64 Scheme On New Password'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : '{BASE64}' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName User Password Change
#@TestIssue 322
#@TestPurpose Test that a user's password is stored in the new schemes.
#@TestPreamble none
#@TestStep Admin retrieves userpassword from user entry and
checks for the prefix string {SHA-1}.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
and the user password is stored in
SHA-1 scheme.
-->
<testcase name="getTestCaseName('Multiple Schemes - Check for New Scheme On Pwd Change')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Checking for New Scheme On New Password'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsBaseDN' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'attributes' : 'userpassword' }
</call>
<script>
returnString = STAXResult[0][1]
</script>
<call function="'checktestString'">
{ 'returnString' : returnString ,
'expectedString' : '{SHA}' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test Case : User Improperly Add a Password-->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName User Improper Password Add
#@TestIssue 322
#@TestPurpose Test the response when a user improperly adds a password.
#@TestPreamble none
#@TestStep User adds a pasword to his entry
#@TestPostamble none
#@TestResult Success if OpenDS returns 53
-->
<testcase name="getTestCaseName('Multiple Schemes - Improper Pwd Add')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: User Improperly Add Password'
</message>
<call function="'modifyAnAttribute'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'manyoranges' ,
'DNToModify' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'attributeName' : 'userpassword' ,
'newAttributeValue' : 'anotherorange' ,
'changetype' : 'add' ,
'expectedRC' : 53 }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
<!--- Test case: Admin Reset To SSHA Storage Scheme -->
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
#@TestMarker Multiple Schemes
#@TestName Multiple Schemes Postamble
#@TestIssue 322
#@TestPurpose Reset back to SSHA storage scheme alone
#@TestPreamble none
#@TestStep Admin create new SSHA password scheme.
#@TestStep Admin reset the password policy to SSHA password scheme.
#@TestStep User binds.
#@TestPostamble none
#@TestResult Success if OpenDS returns 0
-->
<testcase name="getTestCaseName('Multiple Schemes - Postamble')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
'Security: Multiple Pwd Schemes: Postamble - Admin creating new SSHA storage scheme'
</message>
<call function="'dsconfig'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'subcommand' : 'create-password-storage-scheme' ,
'objectType' : 'scheme-name' ,
'objectName' : 'Salted SHA-1',
'optionsString' : '--type salted-sha1 --set enabled:true ',
'expectedRC' : 0 }
</call>
<message>
'Security: Mult Pwd Schemes: Postamble - Admin Resetting to SSHA Storage Scheme'
</message>
<call function="'modifyPwdPolicy'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'propertyName' : 'Default Password Policy' ,
'attributeName' : 'default-password-storage-scheme' ,
'attributeValue' : 'Salted SHA-1' }
</call>
<message>
'Security: Multiple Pwd Schemes: User Bind Final'
</message>
<call function="'SearchObject'">
{ 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : 'uid=bhall,ou=people,ou=password tests,o=Pwd Storage Tests,dc=example,dc=com' ,
'dsInstancePswd' : 'manyoranges' ,
'dsBaseDN' : 'dc=example,dc=com' ,
'dsFilter' : 'objectclass=*' ,
'extraParams' : '-s base' }
</call>
<call function="'testCase_Postamble'"/>
</sequence>
</testcase>
</sequence>
</function>
</stax>