From 9156349c9a55c34ed75a828ff217259fa02ff1e7 Mon Sep 17 00:00:00 2001
From: ugaston <ugaston@localhost>
Date: Fri, 26 Dec 2008 14:30:27 +0000
Subject: [PATCH] Add set of QoP testcases to SASL test suite
---
opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml | 459 ++++++++++++++++++++++++++++
opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java | 236 ++++++++++++++
opends/tests/staf-tests/shared/functions/ldap.xml | 219 +++++++++++++
3 files changed, 908 insertions(+), 6 deletions(-)
diff --git a/opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml b/opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
index f77f7c8..a2a49ab 100755
--- a/opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
+++ b/opends/tests/staf-tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
@@ -2412,7 +2412,7 @@
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2455,7 +2455,7 @@
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2497,7 +2497,7 @@
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname!=fqdn ; uri!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2575,7 +2575,7 @@
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2617,7 +2617,7 @@
#@TestResult Success if sasl bind succeeds.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2659,7 +2659,7 @@
#@TestResult Success if sasl bind fails with 49.
-->
<testcase name=
- "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn')">
+ "getTestCaseName('DIGEST-MD5 - FQDN {hostname=fqdn ; uri!=fqdn}')">
<sequence>
<call function="'testCase_Preamble'"/>
<message>
@@ -2687,7 +2687,454 @@
</testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-int ; server:none}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-int, server qop=none
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:none}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:none}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-int',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-conf ; server:none}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-conf, server qop=none
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:none}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:none}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-conf',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+
+ <!--- Test case: Admin set qop -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName Set qop = integrity
+ #@TestIssue
+ #@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
+ #@TestPreamble none
+ #@TestStep ldapmodify used to set qop.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <testcase name="getTestCaseName('DIGEST-MD5 - Set QOP = integrity')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: Set QOP = integrity'
+ </message>
+
+ <call function="'modifySaslMech'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'handlerName' : 'DIGEST-MD5',
+ 'propertyName' : 'quality-of-protection',
+ 'propertyValue' : 'integrity'
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth ; server:integrity}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth, server qop=int
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:int}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth ; server:int}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-int ; server:integrity}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-int, server qop=int
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:int}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:int}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-int'
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-conf ; server:integrity}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-conf, server qop=int
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:int}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:int}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-conf',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+
+ <!--- Test case: Admin set qop -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName Set qop = confidentiality
+ #@TestIssue
+ #@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
+ #@TestPreamble none
+ #@TestStep ldapmodify used to set qop.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - Set QOP = confidentiality')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: Set QOP = confidentiality'
+ </message>
+
+ <call function="'modifySaslMech'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'handlerName' : 'DIGEST-MD5',
+ 'propertyName' : 'quality-of-protection',
+ 'propertyValue' : 'confidentiality'
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth ; server:confidentiality}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth, server qop=conf
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth ; server:conf}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth ; server:conf}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-int ; server:confidentiality}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-int, server qop=conf
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-int ; server:conf}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-int ; server:conf}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-int',
+ 'expectedRC' : 89
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName QOP {client:auth-conf ; server:confidentiality}
+ #@TestIssue
+ #@TestPurpose Test the quality-of-protection
+ #@TestPreamble none
+ #@TestStep SASL bind with qop=auth-conf, server qop=conf
+ #@TestPostamble none
+ #@TestResult Success if sasl bind fails with 89.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - QOP {client:auth-conf ; server:conf}')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: QOP {client:auth-conf ; server:conf}'
+ </message>
+
+ <script>
+ test_user = 'uid=test-user, ou=People, o=SASL Tests, dc=example,dc=com'
+ </script>
+ <call function="'saslSearch'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
+ 'dsBaseDN' : 'dc=example,dc=com',
+ 'dsFilter' : 'objectclass=*',
+ 'mechanism' : 'DIGEST-MD5',
+ 'authenticationId' : 'dn:%s' % test_user,
+ 'password' : 'newleg',
+ 'protection' : 'auth-conf'
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
+ <!--- Test case: Admin unset qop -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName Set qop = none
+ #@TestIssue
+ #@TestPurpose Admin set QOP in SASL DIGEST-MD5 mechanism.
+ #@TestPreamble none
+ #@TestStep ldapmodify used to set qop.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0.
+ -->
+ <testcase name=
+ "getTestCaseName('DIGEST-MD5 - Set QOP = none')">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+ <message>
+ 'Security: SASL DIGEST-MD5: Set QOP = none'
+ </message>
+
+ <call function="'modifySaslMech'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
+ 'handlerName' : 'DIGEST-MD5',
+ 'propertyName' : 'quality-of-protection',
+ 'propertyValue' : 'none'
+ }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
diff --git a/opends/tests/staf-tests/shared/functions/ldap.xml b/opends/tests/staf-tests/shared/functions/ldap.xml
index 67d6278..7f1e9fd 100755
--- a/opends/tests/staf-tests/shared/functions/ldap.xml
+++ b/opends/tests/staf-tests/shared/functions/ldap.xml
@@ -3186,4 +3186,223 @@
</return>
</sequence>
</function>
+
+
+
+ <!-- Modify an attribute -->
+ <function name="saslSearch">
+ <function-prolog>
+ This function searches the Directory Server using SASL authentication
+ </function-prolog>
+ <function-map-args>
+ <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
+ <function-arg-description>
+ Location of target host
+ </function-arg-description>
+ <function-arg-property name="type" value="hostname"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
+ <function-arg-description>
+ Pathname to installation root
+ </function-arg-description>
+ <function-arg-property name="type" value="filepath"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstanceHost" type="optional" default="STAF_REMOTE_HOSTNAME">
+ <function-arg-description>
+ Directory server hostname or IP address
+ </function-arg-description>
+ <function-arg-property name="type" value="hostname"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsInstancePort" type="required">
+ <function-arg-description>
+ Directory server port number
+ </function-arg-description>
+ <function-arg-property name="type" value="Port number"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsScope" type="optional">
+ <function-arg-description>
+ Search scope
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsBaseDN" type="required">
+ <function-arg-description>
+ Search base dn
+ </function-arg-description>
+ <function-arg-property name="type" value="DN"/>
+ </function-arg-def>
+
+ <function-arg-def name="dsFilter" type="required">
+ <function-arg-description>
+ Search filter
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="mechanism" type="required">
+ <function-arg-description>
+ SASL mechanism
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="authenticationId" type="required">
+ <function-arg-description>
+ Authentication ID
+ </function-arg-description>
+ <function-arg-property name="type" value="DN"/>
+ </function-arg-def>
+
+ <function-arg-def name="password" type="required">
+ <function-arg-description>
+ Authentication password
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="authorizationId" type="optional">
+ <function-arg-description>
+ Authorization ID
+ </function-arg-description>
+ <function-arg-property name="type" value="DN"/>
+ </function-arg-def>
+
+ <function-arg-def name="realm" type="optional">
+ <function-arg-description>
+ Attribute to modify
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="protection" type="optional">
+ <function-arg-description>
+ Quality of protection (auth / auth-int / auth-conf)
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="strength" type="optional">
+ <function-arg-description>
+ Cipher strength (low / medium / high)
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="maxbuffersize" type="optional">
+ <function-arg-description>
+ Maximum receive buffer size.
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="suppressTestStatus" type="optional" default="0">
+ <function-arg-description>
+ Supress the call to checkTestRC
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="expectedRC" type="optional" default="0">
+ <function-arg-description>
+ Expected return code value. Default value is 0
+ Wildcard 'noCheck' to not check the RC
+ </function-arg-description>
+ <function-arg-property name="type" value="string"/>
+ </function-arg-def>
+
+ <function-arg-def name="knownIssue" type="optional" default="None">
+ <function-arg-description>
+ Known issue. Corresponds to an issue number.
+ </function-arg-description>
+ <function-arg-property name="type" value="string" />
+ </function-arg-def>
+
+ </function-map-args>
+ <sequence>
+
+ <!-- Local variables -->
+ <script>
+ mylocation=location
+
+
+ <!-- Build the Command -->
+
+ STAFCmdParamsList=[]
+ STAFCmdParams=''
+ STAFCmd=''
+ </script>
+
+ <!-- Set common ldap arguments -->
+ <call function="'_ldapCommonArgs'"/>
+
+ <script>
+ if dsScope:
+ STAFCmdParamsList.append('-s "%s"' % dsScope)
+
+ if dsBaseDN:
+ STAFCmdParamsList.append('-b "%s"' % dsBaseDN)
+
+ if dsFilter:
+ STAFCmdParamsList.append('-f "%s"' % dsFilter)
+
+ if mechanism:
+ STAFCmdParamsList.append('--mech "%s"' % mechanism)
+
+ if authenticationId:
+ STAFCmdParamsList.append('--authid "%s"' % authenticationId)
+
+ if password:
+ STAFCmdParamsList.append('-w "%s"' % password)
+
+ if authorizationId:
+ STAFCmdParamsList.append('--authorizationId "%s"' % authorizationId)
+
+ if realm:
+ STAFCmdParamsList.append('--realm "%s"' % realm)
+
+ if protection:
+ STAFCmdParamsList.append('--qop "%s"' % protection)
+
+ if strength:
+ STAFCmdParamsList.append('--strength "%s"' % strength)
+
+ if maxbuffersize:
+ STAFCmdParamsList.append('--maxbufsize "%s"' % maxbufsize)
+
+
+ STAFCmdParams=' '.join(STAFCmdParamsList)
+
+ STAFCmd='saslSearchClient'
+ </script>
+
+ <if expr="suppressTestStatus == '1'">
+ <script>
+ expectedRC = 'noCheck'
+ </script>
+ </if>
+
+ <call function="'runCommand'" >
+ { 'name' : 'Modify An Attribute value',
+ 'command' : '%s/bin/java' % JAVA_HOME,
+ 'arguments' : '%s %s' % (STAFCmd,STAFCmdParams),
+ 'location' : location,
+ 'envCmd' : ['CLASSPATH=%s/../%s/ldap' % (dsPath,remote.reljavadir)],
+ 'path' : '%s/../%s/ldap' % (dsPath,remote.reljavadir),
+ 'expectedRC': expectedRC,
+ 'knownIssue': knownIssue
+ }
+ </call>
+
+ <return>
+ [RC,STAXResult]
+ </return>
+ </sequence>
+
+ </function>
+
</stax>
diff --git a/opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java b/opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java
new file mode 100644
index 0000000..fb54766
--- /dev/null
+++ b/opends/tests/staf-tests/shared/java/ldap/saslSearchClient.java
@@ -0,0 +1,236 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License"). You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at
+ * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ * add the following below this CDDL HEADER, with the fields enclosed
+ * by brackets "[]" replaced with your own identifying information:
+ * Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ *
+ *
+ * Copyright 2008 Sun Microsystems, Inc.
+ */
+
+import java.util.Hashtable;
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.CompositeName;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.CommunicationException;
+import javax.naming.directory.InvalidSearchFilterException;
+import javax.security.sasl.AuthenticationException;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * Perform an Ldap search using SASL as authentication mechanism.
+ * Supports sasl encryption.
+ * The function returns the ldap error code
+ */
+public class saslSearchClient {
+
+ /**
+ * Main.
+ *
+ * @param args arguments
+ */
+ public static void main(String[] args) {
+
+ // Ldapsearch parameters
+ String hostname = null;
+ String ldapPort = null;
+ String scope = null;
+ String basedn = null;
+ String filter = null;
+
+
+ // SASL options
+ String mechanism = null;
+ String authid = null;
+ String password = null;
+ String authzid = null;
+ String realm = null;
+ String qop = null;
+ String strength = null;
+ String maxbufsize = null;
+
+
+ String errorCode = null;
+ String errorMessage = null;
+ String errorCause = null;
+
+
+ Hashtable envLdap = new Hashtable();
+ LdapContext ctx = null;
+
+
+
+ for (int k=0; k< args.length; k++) {
+ String opt1 = args[k];
+ String val1 = args[k+1];
+
+ // Get ldapsearch parameters
+ if (opt1.equals("-h")) {
+ hostname = val1;
+ }
+ if (opt1.equals("-p")) {
+ ldapPort = val1;
+ }
+ if (opt1.equals("-s")) {
+ scope = val1;
+ }
+ if (opt1.equals("-b")) {
+ basedn = val1;
+ }
+ if (opt1.equals("-f")) {
+ filter = val1;
+ }
+
+ // Get SASL options
+ if (opt1.equals("--mech")) {
+ mechanism = val1;
+ }
+ if (opt1.equals("--authid")) {
+ authid = val1;
+ }
+ if (opt1.equals("-w")) {
+ password = val1;
+ }
+ if (opt1.equals("--authzid")) {
+ authzid = val1;
+ }
+ if (opt1.equals("--realm")) {
+ realm = val1;
+ }
+ if (opt1.equals("--qop")) {
+ qop = val1;
+ }
+ if (opt1.equals("--strength")) {
+ strength = val1;
+ }
+ if (opt1.equals("--maxbufsize")) {
+ maxbufsize = val1;
+ }
+ k++;
+ }
+
+
+
+
+ String provider = "ldap://" + hostname + ":" + ldapPort + "/";
+
+ envLdap.put("java.naming.factory.initial",
+ "com.sun.jndi.ldap.LdapCtxFactory");
+ envLdap.put(Context.PROVIDER_URL, provider);
+
+ if (mechanism != null) {
+ envLdap.put(Context.SECURITY_AUTHENTICATION, mechanism);
+ }
+
+ envLdap.put(Context.SECURITY_PRINCIPAL, authid);
+ envLdap.put(Context.SECURITY_CREDENTIALS, password);
+
+ if (authzid != null) {
+ envLdap.put("javax.security.sasl.authorizationId", authzid);
+ }
+ if (realm != null) {
+ envLdap.put("javax.security.sasl.realm", realm);
+ }
+ if (qop != null) {
+ envLdap.put("javax.security.sasl.qop", qop);
+ }
+ if (strength != null) {
+ envLdap.put("javax.security.sasl.strength", strength);
+ }
+ if (maxbufsize != null) {
+ envLdap.put("javax.security.sasl.maxbuf", maxbufsize);
+ }
+
+ try {
+ System.out.println("Search with SASL auth " + mechanism);
+ System.out.println("Authentication ID " + authid);
+ System.out.println("Password " + password);
+ System.out.println("Authorization ID " + authzid);
+ System.out.println("Realm " + realm);
+ System.out.println("Quality of Protection " + qop);
+ System.out.println("Cipher Strength " + strength);
+ System.out.println("Maximum receive buffer size " + maxbufsize);
+
+ // connect to server
+ ctx = new InitialLdapContext(envLdap, null);
+
+ // issue ldapsearch
+ ctx.search(basedn, filter, null);
+
+ ctx.close();
+ } catch (CommunicationException e1) {
+ e1.printStackTrace();
+ errorMessage = e1.getMessage();
+ if (e1.getCause() != null)
+ errorCause = e1.getCause().toString();
+ } catch (InvalidSearchFilterException e2) {
+ e2.printStackTrace();
+ errorMessage = e2.getMessage();
+ if (e2.getCause() != null)
+ errorCause = e2.getCause().toString();
+ } catch (NamingException e3) {
+ e3.printStackTrace();
+ errorMessage = e3.getMessage();
+ if (e3.getCause() != null)
+ errorCause = e3.getCause().toString();
+ } catch (Exception e4) {
+ e4.printStackTrace();
+ errorMessage = e4.getMessage();
+ if (e4.getCause() != null)
+ errorCause = e4.getCause().toString();
+ }
+
+
+ String NO_COMMON_QOP_LAYER =
+ "No common protection layer between client and server";
+
+
+ // No error, the modify is success
+ if ( errorMessage == null ) {
+ errorCode = "0";
+ } else {
+ System.out.println();
+ System.out.println(errorMessage);
+ if (errorCause != null)
+ System.out.println(errorCause);
+ System.out.println();
+ System.out.println();
+ if (errorCause != null && errorCause.indexOf(NO_COMMON_QOP_LAYER) != -1) {
+ // return 89-LDAP_PARAM_ERROR, which is also returned by ldap clients
+ errorCode = "89";
+ } else {
+ int ind = errorMessage.indexOf("-");
+ if ( ind > 0 ) {
+ errorCode = errorMessage.substring(18, ind-1);
+ } else errorCode = "0";
+ }
+ }
+
+ int RC = Integer.parseInt(errorCode);
+ System.exit(RC);
+ }
+
+}
--
Gitblit v1.10.0