diff options
author | Greg Hudson <ghudson@mit.edu> | 2014-08-25 13:02:03 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2014-09-08 22:38:56 -0400 |
commit | dc46bfbe660b2b057a5892dd95cbf53b6d46e44a (patch) | |
tree | 5761acf83c66a14a67736565949ceb2276b30d35 | |
parent | bba0b2058ad372372bacbbef9a753a671ba79ab4 (diff) | |
download | krb5-dc46bfbe660b2b057a5892dd95cbf53b6d46e44a.zip krb5-dc46bfbe660b2b057a5892dd95cbf53b6d46e44a.tar.gz krb5-dc46bfbe660b2b057a5892dd95cbf53b6d46e44a.tar.bz2 |
Add test case for -keepold mkey re-encryption
(cherry picked from commit 8ee40f56e6c789a87dc403bf70d524d2b3b21dbf)
ticket: 7995
version_fixed: 1.13
status: resolved
-rw-r--r-- | src/tests/t_mkey.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/tests/t_mkey.py b/src/tests/t_mkey.py index 477044e..8a5b84e 100644 --- a/src/tests/t_mkey.py +++ b/src/tests/t_mkey.py @@ -279,11 +279,19 @@ update_princ_encryption(False, 3, nprincs - 1, 0) check_mkey_list((3, aes128, True, True), (2, defetype, True, False)) check_mkvno(realm.user_princ, 3) -# Regression test for #7994 (randkey does not update principal mkvno). -add_mkey([]) +# Regression test for #7994 (randkey does not update principal mkvno) +# and #7995 (-keepold does not re-encrypt old keys). +add_mkey(['-s']) realm.run([kdb5_util, 'use_mkey', '4', 'now-1day']) -realm.run_kadminl('cpw -randkey %s' % realm.user_princ) +realm.run_kadminl('cpw -randkey -keepold %s' % realm.user_princ) +# With #7994 unfixed, mkvno of user will still be 3. check_mkvno(realm.user_princ, 4) +# With #7995 unfixed, old keys are still encrypted with mkvno 3. +update_princ_encryption(False, 4, nprincs - 2, 1) +realm.run([kdb5_util, 'purge_mkeys', '-f']) +out = realm.run_kadminl('xst -norandkey %s' % realm.user_princ) +if 'Decrypt integrity check failed' in out or 'added to keytab' not in out: + fail('Preserved old key data not updated to new master key') realm.stop() |