From 9b399f85fad8dc5d99a74d8973a7d1d646174d37 Mon Sep 17 00:00:00 2001
From: mkeyes <mkeyes@localhost>
Date: Wed, 27 Jun 2007 21:29:47 +0000
Subject: [PATCH] Partial commit for functional test cases for Issues 460 and 463.
---
opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml | 141 ++++++++
opendj-sdk/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml | 808 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 949 insertions(+), 0 deletions(-)
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml
index dbd4066..f5e17a1 100755
--- a/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/aci/aci_bindtypes.xml
@@ -5497,6 +5497,147 @@
</sequence>
</testcase>
+<!-- authmethod tests -->
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker ACI Bind Type Tests
+ #@TestName authmethod equals none
+ #@TestIssue 460
+ #@TestPurpose Test bind where an ACI authmethod equals none applies.
+ #@TestPreamble none
+ #@TestStep Anonymous search.
+ #@TestStep Admin adds ACI.
+ #@TestStep Anonymous search.
+ #@TestStep Admin deletes ACI.
+ #@TestStep Anonymous search.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0 for all ldap operations.
+ Entry returned for step 3.
+ -->
+ <testcase name="'Security: Bind Types: authmethod equals none'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Security: Bind Types: authmethod equals none, anonymous search'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-T' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: Bind Types: authmethod equals none, adding authmethod ACI'
+ </message>
+
+ <script>
+ curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"none\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: Bind Types: authmethod equals none, anonymous search'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-T' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: Bind Types: authmethod equals none, deleting authmethod ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: Bind Types: authmethod equals none, anonymous search'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'uid=dmiller,ou=People,ou=aci branch,o=Bind Type Tests,o=ACI Tests,dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-T' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'checktestStringNotPresent'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=dmiller,ou=People' }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
<!---
Place test-specific test information here.
The tag, TestMarker, must be the same as the tag, TestSuiteName.
diff --git a/opendj-sdk/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml b/opendj-sdk/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
index b968458..28d0ef0 100755
--- a/opendj-sdk/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
+++ b/opendj-sdk/opends/tests/functional-tests/testcases/security/sasl/security_sasl_digest-md5.xml
@@ -992,6 +992,814 @@
</sequence>
</testcase>
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName uid (dn:) Bind with ACI with authmethod equal sasl
+ #@TestIssue 460
+ #@TestPurpose Test bind where an ACI authmethod equal sasl applies.
+ #@TestPreamble none
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes global search ACI.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin adds ACI with authmethod equals sasl.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes ACI with authmethod equals sasl.
+ #@TestStep Admin puts global search ACI.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0 for all ldap operations.
+ Entries returned for steps 1, 2, and 7.
+ -->
+ <testcase name="'Security: SASL DIGEST-MD5: User (dn:) Bind with ACI with authmethod equal sasl'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, delete global search ACI'
+ </message>
+
+ <script>
+ global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, adding authmethod ACI'
+ </message>
+
+ <script>
+ curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"sasl DIGEST-MD5\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equal sasl, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, deleting authmethod ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equal sasl, put back global search ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName uid (dn:) Bind with ACI with authmethod not equals simple
+ #@TestIssue 460
+ #@TestPurpose Test bind where an ACI authmethod not equals simple applies.
+ #@TestPreamble none
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes global search ACI.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin adds ACI with authmethod equals sasl.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes ACI with authmethod equals sasl.
+ #@TestStep Admin puts global search ACI.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0 for all ldap operations.
+ Entries returned for steps 1, 2, and 7.
+ -->
+ <testcase name="'Security: SASL DIGEST-MD5: User (dn:) Bind with ACI with authmethod not equals simple'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, delete global search ACI'
+ </message>
+
+ <script>
+ global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, adding authmethod ACI'
+ </message>
+
+ <script>
+ curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod!=\"simple\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod not equals simple, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, deleting authmethod ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod not equals simple, put back global search ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+ <!---
+ Place test-specific test information here.
+ The tag, TestMarker, must be the same as the tag, TestSuiteName.
+ #@TestMarker SASL DIGEST-MD5 Tests
+ #@TestName uid (dn:) Bind with ACI with authmethod equals none
+ #@TestIssue 460
+ #@TestPurpose Test bind where an ACI authmethod equals none applies.
+ #@TestPreamble none
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes global search ACI.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin adds ACI with authmethod equals sasl.
+ #@TestStep User binds with sasl authetication and with authid=dn:[DN] format.
+ #@TestStep User binds with simple authetication.
+ #@TestStep Admin deletes ACI with authmethod equals sasl.
+ #@TestStep Admin puts global search ACI.
+ #@TestPostamble none
+ #@TestResult Success if OpenDS returns 0 for all ldap operations.
+ Entries returned for steps 1, 2, and 7.
+ -->
+ <testcase name="'Security: SASL DIGEST-MD5: User (dn:) Bind with ACI with authmethod equals none'">
+ <sequence>
+ <call function="'testCase_Preamble'"/>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, delete global search ACI'
+ </message>
+
+ <script>
+ global_aci="(targetattr!=\"userPassword||authPassword\")(version 3.0; acl \"Anonymous read access\"; allow (read,search,compare) userdn=\"ldap:///anyone\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w bad' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'bad' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '0'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, adding authmethod ACI'
+ </message>
+
+ <script>
+ curr_aci="(targetattr=\"*\")(version 3.0; acl \"aci1\"; allow (read,search,compare) authmethod=\"none\";)"
+ </script>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding with authmethod equals none, sasl authentication'
+ </message>
+
+ <call function="'AnonSearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' ,
+ 'extraParams' : '-o mech=DIGEST-MD5 -o "authid=dn:uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com" -w frogleg' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, simple authentication'
+ </message>
+
+ <call function="'SearchObject'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : 'uid=jwalleye,ou=People,o=SASL Realm Tests,dc=example,dc=com' ,
+ 'dsInstancePswd' : 'frogleg' ,
+ 'dsBaseDN' : 'dc=example,dc=com' ,
+ 'dsFilter' : 'objectclass=*' }
+ </call>
+
+ <script>
+ returnString = STAXResult[0][1]
+ </script>
+
+ <call function="'searchStringForSubstring'">
+ { 'returnString' : returnString ,
+ 'testString' : 'dn: uid=tmorris,ou=People' }
+ </call>
+
+ <if expr="returnCode != '1'">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, deleting authmethod ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'o=SASL Tests,dc=example,dc=com' ,
+ 'attributeName' : 'aci' ,
+ 'newAttributeValue' : curr_aci ,
+ 'changetype' : 'delete' }
+ </call>
+
+ <if expr="RC != 0">
+ <tcstatus result="'fail'"/>
+ </if>
+
+ <message>
+ 'Security: SASL DIGEST-MD5: User (dn:) Binding With ACI with authmethod equals none, put back global search ACI'
+ </message>
+
+ <call function="'modifyAnAttribute'">
+ { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
+ 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
+ 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
+ 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
+ 'DNToModify' : 'cn=Access Control Handler,cn=config' ,
+ 'attributeName' : 'ds-cfg-global-aci' ,
+ 'newAttributeValue' : global_aci ,
+ 'changetype' : 'add' }
+ </call>
+
+ <call function="'checktestRC'">
+ { 'returncode' : RC ,
+ 'result' : STAXResult }
+ </call>
+
+ <call function="'testCase_Postamble'"/>
+
+ </sequence>
+ </testcase>
+
+
<!--- Test case: DIGEST-MD5 SASL Mechanism -->
<!---
Place test-specific test information here.
--
Gitblit v1.10.0