diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-10-25 16:55:12 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-10-25 16:55:12 +0000 |
commit | 8d31a9d396f5bea88def4db395ad12dca2ac2e9f (patch) | |
tree | 244f8f5b525432a2a2a280403f38d7b2fbdc0dfd /src/lib/kadm5 | |
parent | b82e46df9b6cbf663512985a99c6d79f2b0cb796 (diff) | |
download | krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.zip krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.gz krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.bz2 |
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements
account lockout policies for preauth-using principals using existing
principal metadata fields and new policy fields. The kadmin API
version is bumped from 2 to 3 to compatibly extend the policy_ent_rec
structure.
ticket: 6577
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5')
35 files changed, 8672 insertions, 36 deletions
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h index 9c98a06..5105c5e 100644 --- a/src/lib/kadm5/admin.h +++ b/src/lib/kadm5/admin.h @@ -112,8 +112,8 @@ typedef long kadm5_ret_t; #endif #define KADM5_LOAD 0x200000 -/* all but KEY_DATA and TL_DATA */ -#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff +/* all but KEY_DATA, TL_DATA, LOAD */ +#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff /* kadm5_policy_ent_t */ @@ -123,6 +123,9 @@ typedef long kadm5_ret_t; #define KADM5_PW_MIN_CLASSES 0x020000 #define KADM5_PW_HISTORY_NUM 0x040000 #define KADM5_REF_COUNT 0x080000 +#define KADM5_PW_MAX_FAILURE 0x100000 +#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000 +#define KADM5_PW_LOCKOUT_DURATION 0x400000 /* kadm5_config_params */ #define KADM5_CONFIG_REALM 0x00000001 @@ -176,6 +179,7 @@ typedef long kadm5_ret_t; #define KADM5_API_VERSION_MASK 0x12345700 #define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02) +#define KADM5_API_VERSION_3 (KADM5_API_VERSION_MASK|0x03) typedef struct _kadm5_principal_ent_t { krb5_principal principal; @@ -210,6 +214,11 @@ typedef struct _kadm5_policy_ent_t { long pw_min_classes; long pw_history_num; long policy_refcnt; + + /* version 3 fields */ + krb5_kvno pw_max_fail; + krb5_deltat pw_failcnt_interval; + krb5_deltat pw_lockout_duration; } kadm5_policy_ent_rec, *kadm5_policy_ent_t; /* diff --git a/src/lib/kadm5/admin_internal.h b/src/lib/kadm5/admin_internal.h index 69e7bd6..f08325c 100644 --- a/src/lib/kadm5/admin_internal.h +++ b/src/lib/kadm5/admin_internal.h @@ -31,7 +31,7 @@ return KADM5_BAD_API_VERSION; \ if (srvr->api_version < KADM5_API_VERSION_2) \ return old_api_version; \ - if (srvr->api_version > KADM5_API_VERSION_2) \ + if (srvr->api_version > KADM5_API_VERSION_3) \ return new_api_version; \ } diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index cc48a8c..0b817b8 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -205,7 +205,7 @@ static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name, handle->destroy_cache = 0; handle->context = 0; *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_2; + handle->lhandle->api_version = KADM5_API_VERSION_3; handle->lhandle->struct_version = KADM5_STRUCT_VERSION; handle->lhandle->lhandle = handle->lhandle; @@ -361,6 +361,16 @@ static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name, #endif goto error; } + /* Drop down to v2 wire protocol if server does not support v3 */ + if (r->code == KADM5_NEW_SERVER_API_VERSION && + handle->api_version == KADM5_API_VERSION_3) { + handle->api_version = KADM5_API_VERSION_2; + r = init_2(&handle->api_version, handle->clnt); + if (r == NULL) { + code = KADM5_RPC_ERROR; + goto error; + } + } if (r->code) { code = r->code; goto error; diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index c357dbf..8ddf33a 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -14,6 +14,9 @@ static bool_t _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, int v); +static bool_t +_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers); + /* * Function: xdr_ui_4 * @@ -383,14 +386,14 @@ xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp) bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp) { - return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_2); + return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_3); } static bool_t _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, int v) { - unsigned int n; + unsigned int n; if (!xdr_krb5_principal(xdrs, &objp->principal)) { return (FALSE); @@ -457,11 +460,12 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, xdr_krb5_key_data_nocontents)) { return (FALSE); } + return (TRUE); } -bool_t -xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp) +static bool_t +_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers) { if (!xdr_nullstring(xdrs, &objp->policy)) { return (FALSE); @@ -487,16 +491,35 @@ xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp) if (!xdr_long(xdrs, &objp->policy_refcnt)) { return (FALSE); } + if (vers == KADM5_API_VERSION_3) { + if (!xdr_krb5_kvno(xdrs, &objp->pw_max_fail)) + return (FALSE); + if (!xdr_krb5_deltat(xdrs, &objp->pw_failcnt_interval)) + return (FALSE); + if (!xdr_krb5_deltat(xdrs, &objp->pw_lockout_duration)) + return (FALSE); + } else if (xdrs->x_op == XDR_DECODE) { + objp->pw_max_fail = 0; + objp->pw_failcnt_interval = 0; + objp->pw_lockout_duration = 0; + } return (TRUE); } bool_t +xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp) +{ + return _xdr_kadm5_policy_ent_rec(xdrs, objp, KADM5_API_VERSION_3); +} + +bool_t xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp) { if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); } - if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } if (!xdr_long(xdrs, &objp->mask)) { @@ -514,7 +537,8 @@ xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp) if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); } - if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } if (!xdr_long(xdrs, &objp->mask)) { @@ -563,7 +587,8 @@ xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp) if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); } - if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } if (!xdr_long(xdrs, &objp->mask)) { @@ -799,7 +824,8 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp) return (FALSE); } if(objp->code == KADM5_OK) { - if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } } @@ -813,7 +839,8 @@ xdr_cpol_arg(XDR *xdrs, cpol_arg *objp) if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); } - if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } if (!xdr_long(xdrs, &objp->mask)) { @@ -840,7 +867,8 @@ xdr_mpol_arg(XDR *xdrs, mpol_arg *objp) if (!xdr_ui_4(xdrs, &objp->api_version)) { return (FALSE); } - if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) { + if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec, + objp->api_version)) { return (FALSE); } if (!xdr_long(xdrs, &objp->mask)) { @@ -871,7 +899,8 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp) return (FALSE); } if(objp->code == KADM5_OK) { - if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) + if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec, + objp->api_version)) return (FALSE); } diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 4e890e8..c9bb073 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -111,12 +111,13 @@ extern krb5_principal current_caller; KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \ KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \ KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \ - KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA) + KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT ) #define ALL_POLICY_MASK \ (KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \ KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \ - KADM5_REF_COUNT) + KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \ + KADM5_PW_LOCKOUT_DURATION ) #define SERVER_CHECK_HANDLE(handle) \ { \ diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index 47bc22c..d5426f8 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -273,7 +273,7 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass, return ENOMEM; } *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_2; + handle->lhandle->api_version = KADM5_API_VERSION_3; handle->lhandle->struct_version = KADM5_STRUCT_VERSION; handle->lhandle->lhandle = handle->lhandle; diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 47f00c0..fe2020d 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -395,6 +395,9 @@ kdb_put_entry(kadm5_server_handle_t handle, one = 1; + /* we are always updating TL data */ + kdb->mask |= KADM5_TL_DATA; + ret = krb5_db_put_principal(handle->context, kdb, &one); if (ret) return(ret); diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c index 5b7828c..0d8c5ce 100644 --- a/src/lib/kadm5/srv/svr_policy.c +++ b/src/lib/kadm5/srv/svr_policy.c @@ -140,6 +140,26 @@ kadm5_create_policy_internal(void *server_handle, pent.policy_refcnt = 0; else pent.policy_refcnt = entry->policy_refcnt; + + if (handle->api_version == KADM5_API_VERSION_3) { + if (!(mask & KADM5_PW_MAX_FAILURE)) + pent.pw_max_fail = 0; + else + pent.pw_max_fail = entry->pw_max_fail; + if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) + pent.pw_failcnt_interval = 0; + else + pent.pw_failcnt_interval = entry->pw_failcnt_interval; + if (!(mask & KADM5_PW_LOCKOUT_DURATION)) + pent.pw_lockout_duration = 0; + else + pent.pw_lockout_duration = entry->pw_lockout_duration; + } else { + pent.pw_max_fail = 0; + pent.pw_failcnt_interval = 0; + pent.pw_lockout_duration = 0; + } + if ((ret = krb5_db_create_policy(handle->context, &pent))) return ret; else @@ -248,6 +268,14 @@ kadm5_modify_policy_internal(void *server_handle, } if ((mask & KADM5_REF_COUNT)) p->policy_refcnt = entry->policy_refcnt; + if (handle->api_version == KADM5_API_VERSION_3) { + if ((mask & KADM5_PW_MAX_FAILURE)) + p->pw_max_fail = entry->pw_max_fail; + if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL)) + p->pw_failcnt_interval = entry->pw_failcnt_interval; + if ((mask & KADM5_PW_LOCKOUT_DURATION)) + p->pw_lockout_duration = entry->pw_lockout_duration; + } ret = krb5_db_put_policy(handle->context, p); krb5_db_free_policy(handle->context, p); return ret; @@ -286,6 +314,11 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name, entry->pw_min_classes = t->pw_min_classes; entry->pw_history_num = t->pw_history_num; entry->policy_refcnt = t->policy_refcnt; + if (handle->api_version == KADM5_API_VERSION_3) { + entry->pw_max_fail = t->pw_max_fail; + entry->pw_failcnt_interval = t->pw_failcnt_interval; + entry->pw_lockout_duration = t->pw_lockout_duration; + } krb5_db_free_policy(handle->context, t); return KADM5_OK; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 1a60f52..7ba89ec 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -650,8 +650,6 @@ kadm5_modify_principal(void *server_handle, kdb.pw_expiration = entry->pw_expiration; if (mask & KADM5_MAX_RLIFE) kdb.max_renewable_life = entry->max_renewable_life; - if (mask & KADM5_FAIL_AUTH_COUNT) - kdb.fail_auth_count = entry->fail_auth_count; if((mask & KADM5_KVNO)) { for (i = 0; i < kdb.n_key_data; i++) @@ -674,6 +672,20 @@ kadm5_modify_principal(void *server_handle, } } + /* + * Setting entry->fail_auth_count to 0 can be used to manually unlock + * an account. It is not possible to set fail_auth_count to any other + * value using kadmin. + */ + if (mask & KADM5_FAIL_AUTH_COUNT) { + if (entry->fail_auth_count != 0) { + ret = KADM5_BAD_SERVER_PARAMS; + goto done; + } + + kdb.fail_auth_count = 0; + } + /* let the mask propagate to the database provider */ kdb.mask = mask; @@ -1443,8 +1455,13 @@ kadm5_chpass_principal_3(void *server_handle, if (ret) goto done; + /* unlock principal on this KDC */ + kdb.fail_auth_count = 0; + /* key data and attributes changed, let the database provider know */ - kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */; + kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES | + KADM5_FAIL_AUTH_COUNT; + /* | KADM5_CPW_FUNCTION */ if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1576,7 +1593,10 @@ kadm5_randkey_principal_3(void *server_handle, if (ret) goto done; - if (keyblocks) { + /* unlock principal on this KDC */ + kdb.fail_auth_count = 0; + + if (keyblocks) { ret = decrypt_key_data(handle->context, act_mkey, kdb.n_key_data, kdb.key_data, keyblocks, n_keys); @@ -1585,7 +1605,8 @@ kadm5_randkey_principal_3(void *server_handle, } /* key data changed, let the database provider know */ - kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */; + kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT; + /* | KADM5_RANDKEY_USED */; if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1753,6 +1774,9 @@ kadm5_setv4key_principal(void *server_handle, if (ret) goto done; + /* unlock principal on this KDC */ + kdb.fail_auth_count = 0; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1990,6 +2014,9 @@ kadm5_setkey_principal_3(void *server_handle, if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) goto done; + /* unlock principal on this KDC */ + kdb.fail_auth_count = 0; + if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; diff --git a/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp b/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp index 44c835e..9d65410 100644 --- a/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp +++ b/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp @@ -42,11 +42,12 @@ proc test100_104 {} { {KADM5_LAST_FAILED} } $origtest] "BAD_MASK" - test "modify-principal 103" - one_line_fail_test [format { - kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ - {KADM5_FAIL_AUTH_COUNT} - } $origtest] "BAD_MASK" +# This is now permitted to reset lockout count +# test "modify-principal 103" +# one_line_fail_test [format { +# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +# {KADM5_FAIL_AUTH_COUNT} +# } $origtest] "BAD_MASK" test "modify-principal 103.5" one_line_fail_test [format { diff --git a/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp new file mode 100644 index 0000000..8361fb0 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp @@ -0,0 +1,68 @@ +load_lib lib.t +api_exit +api_start + +test "chpass-principal 200" +proc test200 {} { + global test prompt + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal "$test/a"]} { + error_and_restart "$test: creating principal" + return + } + + # I'd like to specify a long list of keysalt tuples and make sure + # that chpass does the right thing, but we can only use those + # enctypes that krbtgt has a key for: des-cbc-crc:normal and + # des-cbc-crc:v4, according to the prototype kdc.conf. + if {! [cmd [format { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_chpass_principal $server_handle "%s/a" newpassword + } $test]]} { + perror "$test: unexpected failure in chpass_principal" + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" p \ + {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} + } $test]]} { + perror "$test: unexpected failure in get_principal" + } + send "lindex \$p 16\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_keys" + return + } + eof { + error_and_restart "$test: eof getting num_keys" + return + } + } + + # XXX Perhaps I should actually check the key type returned. + if {$num_keys == 3} { + pass "$test" + } else { + fail "$test: $num_keys keys, should be 3" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test200 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/chpass-principal.exp b/src/lib/kadm5/unit-test/api.3/chpass-principal.exp new file mode 100644 index 0000000..53a96e5 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/chpass-principal.exp @@ -0,0 +1,176 @@ +load_lib lib.t +api_exit +api_start + +test "chpass-principal 180" +proc test180 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_chpass_principal $server_handle "%s/a" FoobarBax + } $test] + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test180 } + +test "chpass-principal 180.5" +proc test1805 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_chpass_principal $server_handle "%s/a" FoobarBax + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test1805 } + +# +# admin with changepw service tickets try to change other principals +# password, failes with AUTH error +test "chpass-principal 180.625" +proc test180625 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_chpass_principal $server_handle "%s/a" password + } $test] "AUTH" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test180625 } + +test "chpass-principal 180.75" +proc test18075 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_chpass_principal $server_handle "%s/a" Foobar + } $test] "AUTH_CHANGEPW" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test18075 } + +test "chpass-principal 182" +proc test182 {} { + global test + + if { ! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_chpass_principal $server_handle kadmin/history password + } "PROTECT" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test182 + +test "chpass-principal 183" +proc test183 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if { ! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_chpass_principal null "%s/a" password + } $test] "BAD_SERVER_HANDLE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test183 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/crte-policy.exp b/src/lib/kadm5/unit-test/api.3/crte-policy.exp new file mode 100644 index 0000000..017bc31 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/crte-policy.exp @@ -0,0 +1,956 @@ +load_lib lib.t +api_exit +api_start + +# Description: (1) Fails for mask with undefined bit set. +# 01/24/94: pshuang: untried. +test "create-policy 1" +proc test1 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete policy \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + 0xF01000 + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test1 + +# Description: (2) Fails if caller connected with CHANGEPW_SERVICE. +test "create-policy 2" +proc test2 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy"; + return + } +} +if {$RPC} { test2 } + +# Description: (3) Fails for mask without POLICY bit set. +# 01/24/94: pshuang: untried. +test "create-policy 3" +proc test3 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete policy \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + 0x000000 + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test3 + +# Description: (4) Fails for mask with REF_COUNT bit set. +test "create-policy 4" +proc test4 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete policy \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_REF_COUNT} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test4 + +# Description: (5) Fails for invalid policy name. +# 01/24/94: pshuang: untried. +test "create-policy 5" +proc test5 {} { + global test + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/"] \ + {KADM5_POLICY} + } $test] "BAD_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test5 + +# Description: (6) Fails for existing policy name. +test "create-policy 6" +proc test6 {} { + global test +# set prms_id 777 +# setup_xfail {*-*-*} $prms_id + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_create_policy $server_handle [simple_policy test-pol] \ + {KADM5_POLICY} + } "DUP" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test6 + +# Description: (7) Fails for null policy name. +# 01/24/94: pshuang: untried. +test "create-policy 7" +proc test7 {} { + global test +# set prms_id 1977 +# setup_xfail {*-*-*} $prms_id + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_create_policy $server_handle [simple_policy null] \ + {KADM5_POLICY} + } "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test7 + +# Description: (8) Fails for empty-string policy name. +test "create-policy 8" +proc test8 {} { + global test + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_create_policy $server_handle [simple_policy ""] \ + {KADM5_POLICY} + } "BAD_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test8 + +# Description: (9) Accepts 0 for pw_min_life. +test "create-policy 9" +proc test9 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_PW_MIN_LIFE} + } $test]]} { + fail "$test: create failed" + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 1\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test9 + +# Description: (10) Accepts non-zero for pw_min_life. +test "create-policy 10" +proc test10 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \ + {KADM5_POLICY KADM5_PW_MIN_LIFE} + } $test]]} { + fail "$test" + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 1\n" + expect { + -re "32\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test10 + +# Description: (11) Accepts 0 for pw_max_life. +test "create-policy 11" +proc test11 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_PW_MAX_LIFE} + } $test]]} { + fail "$test" + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 2\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test11 + +# Description: (12) Accepts non-zero for pw_max_life. +test "create-policy 12" +proc test12 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \ + {KADM5_POLICY KADM5_PW_MAX_LIFE} + } $test]]} { + fail "$test" + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 2\n" + expect { + -re "32\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test12 + +# Description: (13) Rejects 0 for pw_min_length. +test "create-policy 13" +proc test13 {} { + global test + global prompt + + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_PW_MIN_LENGTH} + } $test] "BAD_LENGTH" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test13 + +# Description: (14) Accepts non-zero for pw_min_length. +test "create-policy 14" +proc test14 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \ + {KADM5_POLICY KADM5_PW_MIN_LENGTH} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 3\n" + expect { + -re "8\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test14 + +# Description: (15) Rejects 0 for pw_min_classes. +test "create-policy 15" +proc test15 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_PW_MIN_CLASSES} + } $test] "BAD_CLASS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test15 + +# Description: (16) Accepts 1 for pw_min_classes. +test "create-policy 16" +proc test16 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \ + {KADM5_POLICY KADM5_PW_MIN_CLASSES} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 4\n" + expect { + -re "1\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test16 + +# Description: (17) Accepts 4 for pw_min_classes. +test "create-policy 17" +proc test17 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \ + {KADM5_POLICY KADM5_PW_MIN_CLASSES} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 4\n" + expect { + -re "5\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test17 + +# Description: (18) Rejects 5 for pw_min_classes. +test "create-policy 18" +proc test18 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \ + {KADM5_POLICY KADM5_PW_MIN_CLASSES} + } $test] "BAD_CLASS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test18 + +# Description: (19) Rejects 0 for pw_history_num. +test "create-policy 19" +proc test19 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY KADM5_PW_HISTORY_NUM} + } $test] "BAD_HISTORY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test19 + +# Description: (20) Accepts 1 for pw_history_num. +test "create-policy 20" +proc test20 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \ + {KADM5_POLICY KADM5_PW_HISTORY_NUM} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retreuve policy" + return + } + send "lindex \$policy 5\n" + expect { + -re "1\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test20 + +# Description: (21) Accepts 10 for pw_history_num. +test "create-policy 21" +proc test21 {} { + global test + global prompt + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \ + {KADM5_POLICY KADM5_PW_HISTORY_NUM} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 5\n" + expect { + -re "10\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test21 + +# Description: (22) Fails for user with no access bits. +test "create-policy 22" +proc test22 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test22 + +# Description: (23) Fails for user with "get" but not "add". +test "create-policy 23" +proc test23 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test23 + +# Description: (24) Fails for user with "modify" but not "add". +# 01/24/94: pshuang: untried. +test "create-policy 24" +proc test24 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test24 + +# Description: (25) Fails for user with "delete" but not "add". +# 01/24/94: pshuang: untried. +test "create-policy 25" +proc test25 {} { + global test + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test25 + +# Description: Succeeds for user with "add". +test "create-policy 26" +proc test26 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test26 + +# Description: Succeeds for user with "get" and "add". +# 01/24/94: pshuang: untried. +test "create-policy 27" +proc test27 {} { + global test + + if {! (( ! [policy_exists "$test/a"]) || + [delete_policy "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_create_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test27 + +# Description: (28) Rejects null policy argument. +# 01/24/94: pshuang: untried. +test "create-policy 28" +proc test28 {} { + global test + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_create_policy $server_handle null {KADM5_POLICY} + } "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test28 + +test "create-policy 30" +proc test30 {} { + global test + one_line_fail_test [format { + kadm5_create_policy null [simple_policy "%s/a"] \ + {KADM5_POLICY} + } $test] "BAD_SERVER_HANDLE" +} +test30 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/crte-principal.exp b/src/lib/kadm5/unit-test/api.3/crte-principal.exp new file mode 100644 index 0000000..774e204 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/crte-principal.exp @@ -0,0 +1,1336 @@ +load_lib lib.t +api_exit +api_start + +#test "create-principal 1" +# +#proc test1 {} { +# global test +# begin_dump +# one_line_fail_test [format { +# kadm5_create_principal $server_handle \ +# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" +# } $test $test] "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test1 + +# v2 create-principal 3 test, to avoid name conflict +test "create-principal 1" +proc test1 {} { + global test +# set prms_id 777 +# setup_xfail {*-*-*} $prms_id + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} null + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test1 + +test "create-principal 2" + +proc test2 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_create_principal $server_handle null \ + {KADM5_PRINCIPAL} testpass + } "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test2 + +test "create-principal 4" +proc test4 {} { + global test + + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} "" + } $test] "_Q_TOOSHORT" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test4 + +test "create-principal 5" +proc test5 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle \ + [simple_principal "%s/a"] {0x100001} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test5 + +test "create-principal 6" +proc test6 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_LAST_PWD_CHANGE} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test6 + +test "create-principal 7" +proc test7 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MOD_TIME} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test7 + +test "create-principal 8" +proc test8 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MOD_NAME} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test8 + +test "create-principal 9" +proc test9 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MKVNO} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test9 + +test "create-principal 10" +proc test10 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_AUX_ATTRIBUTES} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test10 + +test "create-principal 11" +proc test11 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_POLICY_CLR} "%s/a" + } $test $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test11 + +test "create-principal 12" +proc test12 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" + +} +if {$RPC} { test12 } + +test "create-principal 13" +proc test13 {} { + global test + begin_dump + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +if {$RPC} { test13 } + +test "create-principal 14" +proc test14 {} { + global test + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +if {$RPC} { test14 } + +test "create-principal 15" +proc test15 {} { + global test + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +if {$RPC} { test15 } + +test "create-principal 16" +proc test16 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +if {$RPC} { test16 } + +test "create-principal 17" +proc test17 {} { + global test + + begin_dump + if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "DUP" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test17 + +test "create-principal 18" +proc test18 {} { + global test + + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY} tP + } $test] "_Q_TOOSHORT" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test18 + +test "create-principal 19" +proc test19 {} { + global test + + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY} testpassword + } $test] "_Q_CLASS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test19 + +test "create-principal 20" +proc test20 {} { + global test + + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY} Abyssinia + } $test] "_Q_DICT" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test20 + +test "create-principal 21" +proc test21 {} { + global test + + begin_dump + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" non-existant-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary + } $test] "UNK_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + end_dump_compare "no-diffs" +} +test21 + +test "create-principal 23" +proc test23 {} { + global test + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + one_line_succeed_test \ + [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test23 + +test "create-principal 24" +proc test24 {} { + global test + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/rename admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + one_line_succeed_test \ + [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test24 } + + +test "create-principal 28" +proc test28 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + + if {! [cmd [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return + } + send "lindex \$principal 10\n" + expect { + -re "test-pol.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test28 + +test "create-principal 29" +proc test29 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL KADM5_PRINC_EXPIRE_TIME} \ + inTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 1\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test29 + +test "create-principal 30" +proc test30 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ + NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test30 + +test "create-principal 31" +proc test31 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol-nopw] \ + {KADM5_PRINCIPAL KADM5_POLICY \ + KADM5_PW_EXPIRATION} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test31 + +test "create-principal 32" +proc test32 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + [princ_w_pol "%s/a" test-pol] \ + {KADM5_PRINCIPAL KADM5_POLICY \ + KADM5_PW_EXPIRATION} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { + error_and_restart "$test: cannot retrieve policy" + return + } + + send "lindex \$principal 6\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting mod_date" + return + } + eof { + error_and_restart "$test: eof getting mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { $pw_expire != 0 } { + fail "$test: pw_expire $pw_expire should be 0" + return + } else { + pass "$test" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test32 + +test "create-principal 33" +proc test33 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \ + {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ + NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "1234.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test33 + +test "create-principal 34" +proc test34 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \ + {KADM5_PRINCIPAL KADM5_POLICY \ + KADM5_PW_EXPIRATION} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "1234.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test34 + +test "create-principal 35" +proc test35 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \ + {KADM5_PRINCIPAL KADM5_POLICY \ + KADM5_PW_EXPIRATION} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "1234.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test35 + +test "create-principal 36" +proc test36 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle \ + {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \ + {KADM5_PRINCIPAL KADM5_POLICY \ + KADM5_PW_EXPIRATION} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol policy} ]} { + error_and_restart "$test: cannot retrieve policy" + return + } + + send "lindex \$principal 6\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting mod_date" + return + } + eof { + error_and_restart "$test: eof getting mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { $pw_expire != 999999999 } { + fail "$test: pw_expire is wrong" + return + } else { + pass "$test" + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test36 + +test "create-principal 37" +proc test37 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test37 + +test "create-principal 38" +proc test38 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ + test-pol-nopw] {KADM5_PRINCIPAL KADM5_POLICY} \ + NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 3\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test38 + +test "create-principal 39" +proc test39 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_PRINCIPAL KADM5_POLICY} \ + NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if { ! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: cannot not retrieve principal" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { + error_and_restart "$test: cannot retrieve policy" + return + } + send "lindex \$principal 6\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting mod_date" + return + } + eof { + error_and_restart "$test: eof getting mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } { + fail "$test: pw_expire is wrong" + return + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test39 + +test "create-principal 40" +proc test40 {} { + global test + global prompt + + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ + NotinTheDictionary + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: can not retreive principal" + return; + } + send "lindex \$principal 4\n" + expect { + -re "0.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test40 + +test "create-principal 43" +proc test43 {} { + global test + one_line_fail_test [format { + kadm5_create_principal null \ + [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" + } $test $test] "BAD_SERVER_HANDLE" +} +test43 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/destroy.exp b/src/lib/kadm5/unit-test/api.3/destroy.exp new file mode 100644 index 0000000..a3e2bfc --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/destroy.exp @@ -0,0 +1,203 @@ +load_lib lib.t +api_exit +api_start + +test "destroy 1" + +proc test1 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_destroy $server_handle} + end_dump_compare "no-diffs" +} +test1 + +#test "destroy 2" +# +#proc test2 {} { +# global test +# begin_dump +# if {! [cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }]} { +# perror "$test: unexpected failure on init" +# return +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# return +# } +# one_line_fail_test \ +# {kadm5_get_principal $server_handle admin principal} \ +# "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test2 + +#test "destroy 3" +#proc test3 {} { +# global test +# +# begin_dump +# if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { +# error_and_restart "$test couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }]} { +# perror "$test: unexpected failure on init" +# return +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# return +# } +# one_line_fail_test [format { +# kadm5_create_principal $server_handle \ +# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" +# } $test $test] "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test3 + +#test "destroy 4" +#proc test4 {} { +# global test prompt +# +# if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# begin_dump +# if {! ([cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }] && +# [cmd [format { +# kadm5_get_principal $server_handle "%s/a" principal +# } $test]])} { +# error_and_restart "$test: error getting principal" +# return; +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# return +# } +# one_line_fail_test [format { +# kadm5_modify_principal $server_handle \ +# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO} +# } $test "77"] "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test4 + +#test "destroy 5" +# +#proc test5 {} { +# global test +# +# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# begin_dump +# if {! [cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }]} { +# perror "$test: unexpected failure on init" +# return +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# return +# } +# one_line_fail_test [format { +# kadm5_delete_principal $server_handle "%s/a" +# } $test] "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test5 + +#test "destroy 6" +# +#proc test6 {} { +# global test +# begin_dump +# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test6 + + +#test "destroy 7" +# +#proc test7 {} { +# global test +# begin_dump +# if {! [cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT" +# end_dump_compare "no-diffs" +#} +#test7 + +test "destroy 8" +proc test8 {} { + global test + begin_dump + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } + one_line_succeed_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } + end_dump_compare "no-diffs" +} +test8 + +test "destroy 9" +proc test9 {} { + global test + one_line_fail_test {kadm5_destroy null} "BAD_SERVER_HANDLE" +} +test9 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/dlte-policy.exp b/src/lib/kadm5/unit-test/api.3/dlte-policy.exp new file mode 100644 index 0000000..cecb5c3 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/dlte-policy.exp @@ -0,0 +1,207 @@ +load_lib lib.t +api_exit +api_start + +test "delete-policy 2" +proc test2 {} { + global test +# set prms_id 744 +# setup_xfail {*-*-*} $prms_id + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test \ + {kadm5_delete_policy $server_handle ""} "BAD_POL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test2 + +test "delete-policy 5" +proc test5 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_policy $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if ${RPC} test5 + +test "delete-policy 6" +proc test6 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_policy $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if ${RPC} test6 + +test "delete-policy 7" +proc test7 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_policy $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test7 + +test "delete-policy 10" +proc test10 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_delete_policy $server_handle "%s/a" + } $test]]} { + fail "$test" + return + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + if { [policy_exists "$test/a"]} { + fail "$test" + return + } +} +test10 + +test "delete-policy 12" +proc test12 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test unexecpted failure in init" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ + "%s/a"] {KADM5_PRINCIPAL KADM5_POLICY} \ + NotinTheDictionary + } $test $test]]} { + fail "$test: can not create principal" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test \ + {kadm5_delete_policy $server_handle test-pol} "POLICY_REF" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test12 + +test "delete-policy 13" +proc test13 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + one_line_fail_test [format { + kadm5_delete_policy null "%s/a" + } $test] "BAD_SERVER_HANDLE" +} +test13 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/dlte-principal.exp b/src/lib/kadm5/unit-test/api.3/dlte-principal.exp new file mode 100644 index 0000000..f6d267f --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/dlte-principal.exp @@ -0,0 +1,329 @@ +load_lib lib.t + +api_exit +api_start + +#test "delete-principal 1" +#proc test1 {} { +# global test +# one_line_fail_test [format { +# kadm5_delete_principal $server_handle "%s/a" +# } $test] "NOT_INIT" +#} +#test1 + +test "delete-principal 2" +proc test2 {} { + global test + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test \ + {kadm5_delete_principal $server_handle null} "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: unexpected failure in destroy" + return + } +} +test2 + +test "delete-principal 5" +proc test5 {} { + global test + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "UNK_PRINC" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test5 + +test "delete-principal 6" +proc test6 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" test-pol])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test6 } + + +test "delete-principal 7" +proc test7 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test7 } + + +test "delete-principal 8" +proc test8 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test8 } + +test "delete-principal 9" +proc test9 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test9 } + +test "delete-principal 10" +proc test10 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_delete_principal $server_handle "%s/a" + } $test] "AUTH_DELETE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test10 } + +test "delete-principal 11" +proc test11 {} { + global test + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_delete_principal $server_handle "%s/a" + } $test]]} { + fail "$test: delete failed" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + if { [principal_exists "$test/a"] } { + fail "$test" + return + } +} +test11 + +test "delete-principal 12" +proc test12 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" test-pol])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if { ! [cmd [format { + kadm5_delete_principal $server_handle "%s/a" + } $test]]} { + fail "$test: delete failed" + return + } + if { [cmd [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + fail "$test: principal still exists" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} { + perror "$test: unexpected failure on get policy" + return + } + send "lindex \$p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + + send "lindex \$p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { [expr "$oldref - 1"] != $newref } { + fail "$test: policy reference count is wrong" + return; + } + pass "$test" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} + +test12 + +test "delete-principal 13" +proc test13 {} { + global test + one_line_fail_test [format { + kadm5_delete_principal null "%s/a" + } $test] "BAD_SERVER_HANDLE" +} +test13 + +return "" + + + + + diff --git a/src/lib/kadm5/unit-test/api.3/get-policy.exp b/src/lib/kadm5/unit-test/api.3/get-policy.exp new file mode 100644 index 0000000..c15ef0c --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/get-policy.exp @@ -0,0 +1,199 @@ +load_lib lib.t +api_exit +api_start + +test "get-policy 3" +proc test3 {} { + global test +# set prms_id 744 +# setup_xfail {*-*-*} $prms_id + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test3 + +test "get-policy 6" +proc test6 {} { + global test + + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ + "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } test6 + +test "get-policy 7" +proc test7 {} { + global test + + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ + "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } test7 + +test "get-policy 11" +proc test11 {} { + global test + + if {! [cmd { + kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test11 + +test "get-policy 12" +proc test12 {} { + global test + + if {! [cmd { + kadm5_init admin/get-pol StupidAdmin \ + $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test \ + {kadm5_get_policy $server_handle test-pol-nopw p} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test12 + +test "get-policy 15" +proc test15 {} { + global test + + if {! [cmd { + kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test \ + {kadm5_get_policy $server_handle test-pol-nopw p} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test15 + +test "get-policy 16" +proc test16 {} { + global test + + if {! [cmd { + kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test \ + {kadm5_get_policy $server_handle test-pol-nopw p} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test16 + +test "get-policy 17" +proc test17 {} { + global test + + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test17 + +test "get-policy 18" +proc test18 {} { + global test + + if {! [cmd { + kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ + "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } test18 + +test "get-policy 21" +proc test21 {} { + global test + + one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE" +} +test21 diff --git a/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp new file mode 100644 index 0000000..86c45f4 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp @@ -0,0 +1,250 @@ +load_lib lib.t +api_exit +api_start + +test "get-principal 100" +proc test100 {} { + global test prompt + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd { + kadm5_get_principal $server_handle testuser p \ + {KADM5_PRINCIPAL_NORMAL_MASK} + }]} { + perror "$test: unexpected failure in get_principal" + } + send "lindex \$p 16\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_keys" + return + } + eof { + error_and_restart "$test: eof getting num_keys" + return + } + } + send "lindex \$p 17\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_tl" + return + } + eof { + error_and_restart "$test: eof getting num_tl" + return + } + } + send "lindex \$p 18\n" + expect { + -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } + -re "\n$prompt" { set key_data {} } + timeout { + error_and_restart "$test: timeout getting key_data" + return + } + eof { + error_and_restart "$test: eof getting key_data" + return + } + } + send "lindex \$p 19\n" + expect { + -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) } + -re "\n$prompt" { set tl_data {} } + timeout { + error_and_restart "$test: timeout getting tl_data" + return + } + eof { + error_and_restart "$test: eof getting tl_data" + return + } + } + + set failed 0 + if {$num_keys != 0} { + fail "$test: num_keys $num_keys should be 0" + set failed 1 + } + if {$num_tl != 0} { + fail "$test: num_tl $num_tl should be 0" + set failed 1 + } + if {$key_data != {}} { + fail "$test: key_data $key_data should be {}" + set failed 1 + } + if {$tl_data != "{}"} { + fail "$test: tl_data $tl_data should be empty" + set failed 1 + } + if {$failed == 0} { + pass "$test" + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test100 + +proc test101_102 {rpc} { + global test prompt + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd { + kadm5_get_principal $server_handle testuser p \ + {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} + }]} { + perror "$test: unexpected failure in get_principal" + } + send "lindex \$p 16\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_keys" + return + } + eof { + error_and_restart "$test: eof getting num_keys" + return + } + } + send "lindex \$p 18\n" + expect { + -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } + -re "\n$prompt" { set key_data {} } + timeout { + error_and_restart "$test: timeout getting key_data" + return + } + eof { + error_and_restart "$test: eof getting key_data" + return + } + } + + set failed 0 + if {$num_keys != 3} { + fail "$test: num_keys $num_keys should be 3" + set failed 1 + } + for {set i 0} {$i < $num_keys} {incr i} { + set key "[lindex [lindex $key_data $i] 2]" + if {($rpc && [string compare $key ""] != 0) || + ((! $rpc) && [string compare $key ""] == 0)} { + fail "$test: key_data $key is wrong" + set failed 1 + + } + } + if {$failed == 0} { pass "$test" } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test "get-principal 101" +if {$RPC} {test101_102 $RPC} +test "get-principal 102" +if {! $RPC} {test101_102 $RPC} + +test "get-principal 103" +proc test103 {} { + global test prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{999 6 foobar}}" \ + {KADM5_TL_DATA} + } $test $test]]} { + fail "$test: cannot set TL_DATA" + return + } + + if {! [cmd [format { + kadm5_get_principal $server_handle {%s/a} p \ + {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA} + } $test]]} { + perror "$test: unexpected failure in get_principal" + } + send "lindex \$p 17\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_tl" + return + } + eof { + error_and_restart "$test: eof getting num_tl" + return + } + } + send "lindex \$p 19\n" + expect { + -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) } + -re "\n$prompt" { set tl_data {} } + timeout { + error_and_restart "$test: timeout getting tl_data" + return + } + eof { + error_and_restart "$test: eof getting tl_data" + return + } + } + + if {$num_tl == 0} { + fail "$test: num_tl $num_tl should not be 0" + } elseif {$tl_data == "{{999 6 foobar}}"} { + pass "$test" + } else { + fail "$test: tl_data $tl_data should be {{999 6 foobar}}" + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test103 + +return "" + + + + diff --git a/src/lib/kadm5/unit-test/api.3/get-principal.exp b/src/lib/kadm5/unit-test/api.3/get-principal.exp new file mode 100644 index 0000000..a33fdfe --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/get-principal.exp @@ -0,0 +1,346 @@ +load_lib lib.t +api_exit +api_start + +test "get-principal 1" +proc test1 {} { + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test \ + {kadm5_get_principal $server_handle null p KADM5_PRINCIPAL_NORMAL_MASK} "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test1 + +test "get-principal 2" +proc test2 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "UNK_PRINC" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test2 + +test "get-principal 3" +proc test3 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test3 } + +test "get-principal 4" +proc test4 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test4 } + +test "get-principal 5" +proc test5 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test5 } + +test "get-principal 6" +proc test6 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test6 } + +test "get-principal 7" +proc test7 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test7 } + + +test "get-principal 8" +proc test8 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK + } $test] "AUTH_GET" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test8 } + + +test "get-principal 9" +proc test9 {} { + global test + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test \ + {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test9 + +test "get-principal 10" +proc test10 {} { + global test + if {! [cmd { + kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test \ + {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test10 + +test "get-principal 11" +proc test11 {} { + global test + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test11 + +test "get-principal 12" +proc test12 {} { + global test + if {! [cmd { + kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test12 + +test "get-principal 13" +proc test13 {} { + global test + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test13 + +test "get-principal 14" +proc test14 {} { + global test + if {! [cmd { + kadm5_init admin/get-mod admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK} + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test14 + +test "get-principal 15" +proc test15 {} { + one_line_fail_test \ + {kadm5_get_principal null "admin" p KADM5_PRINCIPAL_NORMAL_MASK} "BAD_SERVER_HANDLE" +} +test15 + +return "" + + + + diff --git a/src/lib/kadm5/unit-test/api.3/init-v2.exp b/src/lib/kadm5/unit-test/api.3/init-v2.exp new file mode 100644 index 0000000..656f146 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/init-v2.exp @@ -0,0 +1,515 @@ +load_lib lib.t + +api_exit +api_start + +if ![info exists RESOLVE] { + set RESOLVE [findfile $objdir/../../../tests/resolve/resolve] +} +proc get_hostname { } { + global RESOLVE + global hostname + global localhostname + global domain + + if {[info exists hostname] && [info exists localhostname]} { + return 1 + } + + catch "exec $RESOLVE -q >myname" exec_output + if ![string match "" $exec_output] { + send_log "$exec_output\n" + verbose $exec_output + send_error "ERROR: can't get hostname\n" + return 0 + } + set file [open myname r] + if { [ gets $file hostname ] == -1 } { + send_error "ERROR: no output from hostname\n" + return 0 + } + close $file + catch "exec rm -f myname" exec_output + regexp "^(\[^.\]*)\.(.*)$" $hostname foo localhostname domain + + set hostname [string tolower $hostname] + set localhostname [string tolower $localhostname] + set domain [string tolower $domain] + verbose "hostname: $hostname; localhostname: $localhostname; domain $domain" + + return 1 +} + + +test "init 101" +proc test101 {} { + global test + global hostname + + get_hostname + tcl_cmd "set hostname $hostname" + + # XXX Fix to work with a remote TEST_SERVER. For now, make sure + # it fails in that case. + one_line_succeed_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "RPC_ERROR" +} +if {$RPC} test101 + +test "init 102" +proc test102 {} { + global test + + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "BAD_SERVER_NAME" +} +if {$RPC} test102 + +test "init 103" +proc test103 {} { + global test + + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "ENOENT" +} +#if {! $RPC} test103 +if {! $RPC} { + send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n" + untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)" +} + + +test "init 106" +proc test106 {} { + global test prompt + + set prompting 0 + send [string trim { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }] + send "\n" + expect { + -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1} + -re "\nOK .*$prompt$" { fail "$test: premature success" } + -re "\nERROR .*$prompt$" { fail "$test: premature failure" } + timeout { fail "$test: timeout" } + eof { fail "$test: eof" } + } + if {$prompting} { + one_line_succeed_test mrroot + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if {! $RPC} test106 + +test "init 107" +proc test107 {} { + global test + + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "KDB_CANTREAD_STORED" +} +if {! $RPC} test107 + +test "init 108" +proc test108 {} { + global test + + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "KRB5_KDB_CANTREAD_STORED" +} +if {! $RPC} test108 + +test "init 109-113" +proc test109 {} { + global test prompt + + delete_principal "$test/a" + + # I'd like to specify flags explicitly and check them, as in the + # following config_params, but tcl gets mighty confused if I do and + # I have no idea why. +# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ] + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + fail "$test: cannot init with max_life" + return + } + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test]]} { + fail "$test: can not create principal" + return; + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" p \ + {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} + } $test]]} { + fail "$test: can not get principal" + return; + } + send "puts \$p\n" + expect { + -re "$prompt" { } + timeout { + error_and_restart "$test: timeout getting prompt" + return + } + eof { + error_and_restart "$test: eof getting prompt" + return + } + } + send "lindex \$p 4\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting max_life" + return + } + eof { + error_and_restart "$test: eof getting max_life" + return + } + } + send "lindex \$p 12\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting max_rlife" + return + } + eof { + error_and_restart "$test: eof getting max_rlife" + return + } + } + send "lindex \$p 1\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting expiration" + return + } + eof { + error_and_restart "$test: eof getting expiration" + return + } + } + send "lindex \$p 7\n" + expect { + -re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting flags" + return + } + eof { + error_and_restart "$test: eof getting flags" + return + } + } + # This sorta worries me. Since the test is setting ENCTYPES to + # nothing, the principal has no keys. That means that nothing is + # printed for the keys in the correct case; but it feels too + # likely that nothing will be printed in the case of some problem. + send "lindex \$p 18\n" + expect { + -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } + -re "\n$prompt" { set key_data {} } + timeout { + error_and_restart "$test: timeout getting flags" + return + } + eof { + error_and_restart "$test: eof getting flags" + return + } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } + if {$max_life == 10} { + pass "$test" + } else { + fail "$test: $max_life is not 10" + } + if {$max_rlife == 20} { + pass "$test" + } else { + fail "$test: $max_rlife is not 20" + } + if {$expiration == 30} { + pass "$test" + } else { + fail "$test: $expiration is not 30" + } + if {$flags == ""} { + pass "$test" + } else { + fail "$test: flags $flags are wrong" + } + if {$key_data == {}} { + pass "$test" + } else { + fail "$test: key_data $key_data is wrong" + } +} +if {! $RPC} test109 + +test "init 116" +proc test116 {} { + global test + + delete_principal "$test/a" + + if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + get_add_handle}]} { + error_and_restart "$test: couldn't init with admin/get-add" + } + + if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + mod_delete_handle}]} { + error_and_restart "$test: couldn't init with admin/get-add" + } + + one_line_succeed_test { + kadm5_get_principal $get_add_handle testuser p \ + KADM5_PRINCIPAL_NORMAL_MASK + } + one_line_succeed_test [format { + kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] + one_line_fail_test { + kadm5_modify_principal $get_add_handle [simple_principal testuser] \ + {KADM5_PRINC_EXPIRE_TIME} + } "AUTH_MODIFY" + one_line_fail_test { + kadm5_delete_principal $get_add_handle testuser + } "AUTH_DELETE" + + one_line_fail_test { + kadm5_get_principal $mod_delete_handle testuser p \ + KADM5_PRINCIPAL_NORMAL_MASK + } "AUTH_GET" + one_line_fail_test [format { + kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} testpass + } $test] "AUTH_ADD" + one_line_succeed_test { + kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \ + {KADM5_PRINC_EXPIRE_TIME} + } + one_line_succeed_test [format { + kadm5_delete_principal $mod_delete_handle "%s/a" + } $test] + + if {! [cmd {kadm5_destroy $get_add_handle}]} { + error_and_restart "$test: couldn't close get_add_handle" + } + if {! [cmd {kadm5_destroy $mod_delete_handle}]} { + error_and_restart "$test: couldn't close mod_delete_handle" + } +} +if {$RPC} test116 + +test "init 117" +proc test117 {} { + global test env prompt + + if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} { + warning \ + "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test" + return + } + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + fail "$test: unexpected failure in init" + return + } + + if {! [cmd [format { + kadm5_create_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} "%s/a" + } $test $test]]} { + perror "$test: unexpected failure creating principal" + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 4\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting max_life" + return + } + eof { + error_and_restart "$test: eof getting max_life" + return + } + } + + if {$max_life == 86400} { + pass "$test" + } else { + fail "$test: max_life $max_life should be 86400" + } + + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close server_handle" + } +} +test117 + +send "puts \$KADM5_ADMIN_SERVICE\n" +expect { + -re "(\[a-zA-Z/@\]+)\n$prompt" { + set KADM5_ADMIN_SERVICE $expect_out(1,string) + } + default { + error_and_restart "$test: timeout/eof getting admin_service" + return + } +} + +send "puts \$KADM5_CHANGEPW_SERVICE\n" +expect { + -re "(\[a-zA-Z/@\]+)\n$prompt" { + set KADM5_CHANGEPW_SERVICE $expect_out(1,string) + } + default { + error_and_restart "$test: timeout/eof getting changepw_service" + return + } +} + +test "init 150" +proc test150 {} { + global test KADM5_ADMIN_SERVICE + + kdestroy + kinit testuser notathena "-S $KADM5_ADMIN_SERVICE" + one_line_succeed_test { + kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + kdestroy +} +if {$RPC} test150 + +test "init 151" +proc test151 {} { + global test KADM5_CHANGEPW_SERVICE + + kdestroy + kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE" + one_line_succeed_test { + kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + kdestroy +} +if {$RPC} test151 + +test "init 152" +proc test152 {} { + global test KADM5_ADMIN_SERVICE + + kdestroy + one_line_fail_test { + kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "KRB5_FCC_NOFILE" +} +if {$RPC} test152 + +test "init 153" +proc test153 {} { + global test KADM5_ADMIN_SERVICE + + kinit testuser notathena + one_line_fail_test { + kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "KRB5_CC_NOTFOUND" +} +if {$RPC} test153 + +test "init 154" +proc test154 {} { + global test env + + set orig $env(KRB5_KDC_PROFILE) + set env(KRB5_KDC_PROFILE) /does-not-exist + api_exit; api_start + set env(KRB5_KDC_PROFILE) $orig + + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } "ENOENT" + + api_exit; lib_start_api +} +if {0 && ! $RPC} test154 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/init.exp b/src/lib/kadm5/unit-test/api.3/init.exp new file mode 100644 index 0000000..b324df8 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/init.exp @@ -0,0 +1,732 @@ +load_lib lib.t + +# Assumptions: +# +# Principal "admin" exists, with "get", "add", "modify" and "delete" +# access bits and password "admin". +# The string "not-the-password" isn't the password of any user in the database. +# Database master password is "mrroot". + +api_exit +api_start +test "init 1" + +one_line_fail_test_nochk \ + {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_REALM} {""}] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} + +test "init 2" + +one_line_fail_test_nochk \ + {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_REALM} {@}] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} + +test "init 2.5" + +one_line_fail_test_nochk \ + {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_REALM} {BAD.REALM}] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} + +test "init 3" + +proc test3 {} { + global test + if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + one_line_fail_test_nochk [format { + kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + } $test] +} +if {$RPC} { test3 } + +test "init 4" + +proc test4 {} { + global test + if {! ((! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + + one_line_fail_test_nochk [format { + kadm5_init admin admin "%s/a" null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test] +} +if {$RPC} { test4 } + +test "init 5" + +if {$RPC} { + one_line_fail_test_nochk { + kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + } +} + +test "init 6" + +proc test6 {} { + global test + + send "kadm5_init admin null \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n" + + expect { + -re "assword\[^\r\n\]*:" { } + eof { + fail "$test: eof instead of password prompt" + api_exit + api_start + return + } + timeout { + fail "$test: timeout instead of password prompt" + return + } + } + one_line_succeed_test "admin" + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if { $RPC } { test6 } + +test "init 7" +proc test7 {} { + global test + + send "kadm5_init admin \"\" \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n" + + expect { + -re "assword\[^\r\n\]*:" { } + -re "key:$" { } + eof { + fail "$test: eof instead of password prompt" + api_exit + api_start + return + } + timeout { + fail "$test: timeout instead of password prompt" + return + } + } + one_line_succeed_test "admin" + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if { $RPC } { test7 } + +test "init 8" + +proc test8 {} { + global test + if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + one_line_fail_test_nochk [format { + kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test] +} +if {$RPC} { test8 } + +test "init 9" + +if {$RPC} { + global test + one_line_fail_test_nochk { + kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } +} + +test "init 10" + +proc test10 {} { + global test +# set prms_id 562 +# setup_xfail {*-*-*} $prms_id + one_line_fail_test_nochk { + kadm5_init null admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } +} +test10 + +#test "init 11" +# +#proc test11 {} { +# global test +# set prms_id 563 +# setup_xfail {*-*-*} $prms_id +# one_line_fail_test_nochk { +# kadm5_init "" admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# } +#} +#test11 + +test "init 12" + +proc test12 {} { + global test + one_line_fail_test_nochk [format { + kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test] +} +if {$RPC} { test12 } + +test "init 13" + +proc test13 {} { + global test + one_line_fail_test_nochk [format { + kadm5_init "%s/a@SECURE-TEST.OV.COM" admin \ + $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + } $test] +} +if {$RPC} { test13 } + +test "init 14" + +proc test14 {} { + global test + one_line_fail_test_nochk [format { + kadm5_init "%s/a@BAD.REALM" admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test] +} +if {$RPC} { test14 } + +test "init 15" + +if {$RPC} { + one_line_fail_test_nochk { + kadm5_init admin@BAD.REALM admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } +} + +test "init 16" + +proc test16 {} { + global test + one_line_succeed_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test16 + +test "init 17" + +proc test17 {} { + global test + one_line_succeed_test { + kadm5_init admin@SECURE-TEST.OV.COM admin \ + $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test17 + +test "init 18" + +proc test18 {} { + global test + one_line_succeed_test { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test18 + +test "init 19" + +proc test19 {} { + global test + one_line_succeed_test { + kadm5_init admin@SECURE-TEST.OV.COM admin \ + $KADM5_ADMIN_SERVICE \ + [config_params {KADM5_CONFIG_REALM} {SECURE-TEST.OV.COM}] \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test19 + +test "init 20" + +proc test20 {} { + global test + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + error_and_restart "$test: couldn't init database" + return + } + one_line_succeed_test \ + {kadm5_get_principal $server_handle admin principal KADM5_PRINCIPAL_NORMAL_MASK} + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test20 + +#test "init 21" +# +#proc test21 {} { +# global test +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }]} { +# error_and_restart "$test: couldn't init database" +# return +# } +# one_line_fail_test_nochk { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +#} +#test21 + + +# proc test22 {} { +# global test prompt +# set prompting 0 +# send [string trim { +# kadm5_init admin null null null $KADM5_STRUCT_VERSION \ +# $KADM5_API_VERSION_3 server_handle +# }] +# send "\n" +# expect { +# -re ":$" { set prompting 1} +# -re "\nOK .*$prompt$" { fail "$test: premature success" } +# -re "\nERROR .*$prompt$" { fail "$test: premature failure" } +# timeout { fail "$test: timeout" } +# eof { fail "$test: eof" } +# } +# if {$prompting} { +# one_line_succeed_test mrroot +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +# } +# if {! $RPC} { test22 } +# +# test "init 22.5" +# proc test225 {} { +# global test prompt +# set prompting 0 +# send [string trim { +# kadm5_init admin null null null $KADM5_STRUCT_VERSION \ +# $KADM5_API_VERSION_3 server_handle +# }] +# send "\n" +# expect { +# -re ":$" { set prompting 1} +# -re "\nOK .*$prompt$" { fail "$test: premature success" } +# -re "\nERROR .*$prompt$" { fail "$test: premature failure" } +# timeout { fail "$test: timeout" } +# eof { fail "$test: eof" } +# } +# if {$prompting} { +# one_line_succeed_test mrroot +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +# } +# if {! $RPC} { test225 } + +test "init 23" + +proc test23 {} { + global test + one_line_succeed_test { + kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE \ + null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if {! $RPC} { test23 } + +test "init 24" + +proc test24 {} { + global test + one_line_succeed_test { + kadm5_init admin admin null null $KADM5_STRUCT_VERSION \ + $KADM5_API_VERSION_3 server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if {! $RPC} { test24 } + +test "init 25" + +proc test25 {} { + global test + one_line_succeed_test { + kadm5_init admin admin foobar null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if {! $RPC} { test25 } + +test "init 26" + +#proc test26 {} { +# global test +# +# api_exit +# api_start +# one_line_fail_test_nochk { +# kadm5_get_principal $server_handle admin principal +# } +#} +#test26 + +#test "init 27" +# +#proc test27 {} { +# global test +# +# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# begin_dump +# if {[cmd [format { +# kadm5_create_principal $server_handle [simple_principal \ +# "%s/a"] {KADM5_PRINCIPAL} "%s/a" +# } $test $test]]} { +# fail "$test: unexpected success in add" +# return +# } +# end_dump_compare "no-diffs" +#} +#test27 + +#test "init 28" +# +#proc test28 {} { +# global test prompt +# +# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# begin_dump +# if {! ([cmd { +# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +# server_handle +# }] && [cmd [format { +# kadm5_get_principal $server_handle "%s/a" principal +# } $test]])} { +# error_and_restart "$test: error getting principal" +# return; +# } +# send "lindex \$principal 8\n" +# expect { +# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) } +# timeout { +# error_and_restart "$test: timeout getting principal kvno" +# return +# } +# eof { +# error_and_restart "$test: eof getting principal kvno" +# return +# } +# } +# api_exit +# api_start +# set new_kvno [expr "$kvno + 1"] +# if {[cmd [format { +# kadm5_modify_principal $server_handle \ +# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO} +# } $test $new_kvno]]} { +# fail "$test: unexpected success in modify" +# return; +# } +# end_dump_compare "no-diffs" +#} +#test28 + +#test "init 29" +# +#proc test29 {} { +# global test +# +# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# begin_dump +# if {[cmd [format { +# kadm5_delete_principal $server_handle "%s/a" +# } $test]]} { +# fail "$test: unexpected success in delete" +# return +# } +# end_dump_compare "no-diffs" +#} +#test29 + +test "init 30" +proc test30 {} { + global test + if {[cmd { + kadm5_init admin foobar $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + error_and_restart "$test: unexpected success" + return + } + one_line_succeed_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +if ${RPC} { test30 } + +test "init 31" +proc test31 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $bad_struct_version_mask $KADM5_API_VERSION_3 \ + server_handle + } "BAD_STRUCT_VERSION" +} +test31 + +test "init 32" +proc test32 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $no_struct_version_mask $KADM5_API_VERSION_3 \ + server_handle + } "BAD_STRUCT_VERSION" +} +test32 + +test "init 33" +proc test33 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $old_struct_version $KADM5_API_VERSION_3 \ + server_handle + } "OLD_STRUCT_VERSION" +} +test33 + +test "init 34" +proc test34 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $new_struct_version $KADM5_API_VERSION_3 \ + server_handle + } "NEW_STRUCT_VERSION" +} +test34 + +test "init 35" +proc test35 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $bad_api_version_mask \ + server_handle + } "BAD_API_VERSION" +} +test35 + +test "init 36" +proc test36 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $no_api_version_mask \ + server_handle + } "BAD_API_VERSION" +} +test36 + +test "init 37" +proc test37 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $old_api_version \ + server_handle + } "OLD_LIB_API_VERSION" +} +if { $RPC } test37 + +test "init 38" +proc test38 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $old_api_version \ + server_handle + } "OLD_SERVER_API_VERSION" +} +if { ! $RPC } test38 + +test "init 39" +proc test39 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $new_api_version \ + server_handle + } "NEW_LIB_API_VERSION" +} +if { $RPC } test39 + +test "init 40" +proc test40 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $new_api_version \ + server_handle + } "NEW_SERVER_API_VERSION" +} +if { ! $RPC } test40 + +test "init 41" +proc test41 {} { + global test + one_line_fail_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_API_VERSION_3 $KADM5_STRUCT_VERSION \ + server_handle + } "BAD_" +} +test41 + +test "init 42" +proc test42 {} { + global test + one_line_succeed_test { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } + if {! [cmd {kadm5_destroy $server_handle}]} { + error_and_restart "$test: couldn't close database" + } +} +test42 + + +proc test45_46 {service} { + global test kadmin_local env + + spawn $kadmin_local -q "delprinc -force $service" + expect { + -re "Principal .* deleted." {} + default { + perror "kadmin.local delprinc failed\n"; + } + } + expect eof + wait + + one_line_fail_test [concat {kadm5_init admin admin } \ + $service \ + { null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle}] "SECURE_PRINC_MISSING" + + # this leaves the keytab with an incorrect entry + spawn $kadmin_local -q "ank -randkey $service" + expect eof + wait + + # restart the api so it gets a new ccache + api_exit + api_start +} + +if {$RPC} { + test "init 45" + + test45_46 ovsec_adm/admin + + test "init 46" + + test45_46 ovsec_adm/changepw + + # re-extract the keytab so it is right + exec rm $env(K5ROOT)/ovsec_adm.srvtab + exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \ + -princ kadmin/admin -princ kadmin/changepw \ + $env(K5ROOT)/ovsec_adm.srvtab +} + +return "" + diff --git a/src/lib/kadm5/unit-test/api.3/mod-policy.exp b/src/lib/kadm5/unit-test/api.3/mod-policy.exp new file mode 100644 index 0000000..599e7d3 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/mod-policy.exp @@ -0,0 +1,739 @@ +load_lib lib.t +api_exit +api_start + +test "modify-policy 2" +proc test2 {} { + global test + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test] "AUTH_MODIFY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test2 } + +test "modify-policy 4" +proc test4 {} { + global test + + if {! ([policy_exists "$test/a"] || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_REF_COUNT} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test4 + +test "modify-policy 8" +proc test8 {} { + global test +# set prms_id 744 +# setup_xfail {*-*-*} $prms_id + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_modify_policy $server_handle [simple_policy ""] \ + {KADM5_PW_MAX_LIFE} + } "BAD_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test8 + +test "modify-policy 9" +proc test9 {} { + global test + global prompt + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MIN_LIFE} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 1\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test9 + +test "modify-policy 10" +proc test10 {} { + global test + global prompt + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0 0 0 0} \ + {KADM5_PW_MIN_LIFE} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 1\n" + expect { + -re "32\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test10 + + +test "modify-policy 11" +proc test11 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 2\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test11 + +test "modify-policy 12" +proc test12 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0 0 0 0} \ + {KADM5_PW_MAX_LIFE} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 2\n" + expect { + -re "32\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test12 + +test "modify-policy 13" +proc test13 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MIN_LENGTH} + } $test] "BAD_LENGTH" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test13 + +test "modify-policy 14" +proc test14 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0 0 0 0} \ + {KADM5_PW_MIN_LENGTH} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 3\n" + expect { + -re "8\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test14 + +test "modify-policy 15" +proc test15 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MIN_CLASSES} + } $test] "BAD_CLASS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test15 + +test "modify-policy 16" +proc test16 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 0} \ + {KADM5_PW_MIN_CLASSES} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 4\n" + expect { + -re "1\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test16 + +test "modify-policy 17" +proc test17 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a"])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0 0 0 0} \ + {KADM5_PW_MIN_CLASSES} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 4\n" + expect { + -re "5\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test17 + +test "modify-policy 18" +proc test18 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0 0 0 0} \ + {KADM5_PW_MIN_CLASSES} + } $test] "BAD_CLASS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test18 + +test "modify-policy 19" +proc test19 {} { + global test + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_HISTORY_NUM} + } $test] "BAD_HISTORY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test19 + +test "modify-policy 20" +proc test20 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0 0 0 0} \ + {KADM5_PW_HISTORY_NUM} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 5\n" + expect { + -re "1\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test20 + +test "modify-policy 21" +proc test21 {} { + global test + global prompt + + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0 0 0 0} \ + {KADM5_PW_HISTORY_NUM} + } $test]]} { + fail $test + return + } + if {! [cmd [format { + kadm5_get_policy $server_handle "%s/a" policy + } $test]]} { + fail "$test: can not retrieve policy" + return + } + send "lindex \$policy 5\n" + expect { + -re "10\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test21 + +test "modify-policy 22" +proc test22 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test] "AUTH_MODIFY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test22 + +test "modify-policy 23" +proc test23 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test] "AUTH_MODIFY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} test23 + +test "modify-policy 26" +proc test26 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test26 + +test "modify-policy 30" +proc test30 {} { + global test + + one_line_fail_test [format { + kadm5_modify_policy null [simple_policy "%s/a"] \ + {KADM5_PW_MAX_LIFE} + } $test] "BAD_SERVER_HANDLE" +} +test30 + +test "modify-policy 31" +proc test31 {} { + global test + if {! (( [policy_exists "$test/a"]) || + [create_policy "$test/a" ])} { + error_and_restart "$test: couldn't create policy \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 0 0 2 0 0} \ + {KADM5_PW_MAX_FAILURE} + } $test] + one_line_succeed_test [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 90 0} \ + {KADM5_PW_FAILURE_COUNT_INTERVAL} + } $test] + one_line_succeed_test [format { + kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 180} \ + {KADM5_PW_LOCKOUT_DURATION} + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test31 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp new file mode 100644 index 0000000..4abbeb5 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp @@ -0,0 +1,115 @@ +load_lib lib.t +api_exit +api_start + +test "modify-principal 100-105" +proc test100_104 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + + set origtest "$test" + + test "modify-principal 100" + one_line_succeed_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MAX_RLIFE} + } $origtest] + + test "modify-principal 101" + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_LAST_SUCCESS} + } $origtest] "BAD_MASK" + + test "modify-principal 102" + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_LAST_FAILED} + } $origtest] "BAD_MASK" + +# This is now permitted to reset lockout count +# test "modify-principal 103" +# one_line_fail_test [format { +# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +# {KADM5_FAIL_AUTH_COUNT} +# } $origtest] "BAD_MASK" + + test "modify-principal 103.5" + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_KEY_DATA} + } $origtest] "BAD_MASK" + + test "modify-principal 105" + one_line_fail_test [format { + kadm5_modify_principal $server_handle \ + "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{1 1 x}}" \ + {KADM5_TL_DATA} + } $origtest $origtest] "BAD_TL_TYPE" + + test "modify-principal 100,104" + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 88 0 0 0 0 1 {} {{990 6 foobar}}" \ + {KADM5_MAX_RLIFE KADM5_TL_DATA} + } $origtest $origtest]]} { + fail "$test: cannot set MAX_RLIFE or TL_DATA" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA} + } $origtest]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 12\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set rlife $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting rlife" + return + } + eof { + error_and_restart "$test: eof getting rlife" + return + } + } + send "lindex \$principal 19\n" + expect { + -re "\(\{.*\}\)\n$prompt$" {set tl $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting tl_data" + return + } + eof { + error_and_restart "$test: eof getting tl_data" + return + } + } + if {($rlife == 88) && ($tl == "{{990 6 foobar}}")} { + pass "$test" + } else { + fail "$test: $rlife should be 88, $tl should be {{990 6 foobar}}" + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test100_104 diff --git a/src/lib/kadm5/unit-test/api.3/mod-principal.exp b/src/lib/kadm5/unit-test/api.3/mod-principal.exp new file mode 100644 index 0000000..25fb272 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/mod-principal.exp @@ -0,0 +1,1971 @@ +load_lib lib.t +api_exit +api_start + +#test "modify-principal 1" +#proc test1 {} { +# global test +# one_line_fail_test [format { +# kadm5_modify_principal $server_handle [simple_principal \ +# "%s/a"] {KADM5_PW_EXPIRATION} +# } $test] "NOT_INIT" +#} +#test1 + +test "modify-principal 2" +proc test2 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "AUTH_MODIFY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test2 } + +test "modify-principal 4" +proc test4 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINCIPAL} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test4 + + +test "modify-principal 5" +proc test5 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_LAST_PWD_CHANGE} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test5 + +test "modify-principal 6" +proc test6 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MOD_TIME} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test6 + +test "modify-principal 7" +proc test7 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MOD_NAME} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test7 + +test "modify-principal 8" +proc test8 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MKVNO} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test8 + +test "modify-principal 9" +proc test9 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_AUX_ATTRIBUTES} + } $test] "BAD_MASK" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test9 + +test "modify-principal 10" +proc test10 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "UNK_PRINC" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test10 + +test "modify-principal 11" +proc test11 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "AUTH_MOD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test11 } + +test "modify-principal 12" +proc test12 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "AUTH_MOD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test12 } + +test "modify-principal 13" +proc test13 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "AUTH_MOD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test13 } + +test "modify-principal 14" +proc test14 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] "AUTH_MOD" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test14 } + +test "modify-principal 15" +proc test15 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test15 + +test "modify-principal 17" +proc test17 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + no-policy] {KADM5_POLICY} + } $test] "UNK_POLICY" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test17 + +test "modify-principal 18" +proc test18 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal "$test/a"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 10\n" + expect { + -re "test-pol\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + send "lindex \$p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} { + perror "$test: unexpected failure on get policy" + return + } + + send "lindex \$p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { [expr "$oldref + 1"] != $newref } { + fail "$test: policy reference count is wrong" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test18 + +test "modify-principal 19" +proc test19 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal "$test/a"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 10\n" + expect { + -re "test-pol\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + send "lindex \$p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} { + perror "$test: unexpected failure on get policy" + return + } + + send "lindex \$p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { [expr "$oldref + 1"] != $newref } { + fail "$test: policy reference count is wrong" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test19 + +test "modify-principal 20" +proc test20 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal_pol "$test/a" "test-pol"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_POLICY_CLR} + } $test]]} { + perror "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 10\n" + expect { + -re "test-pol\n$prompt$" { fail "$test" } + -re "null\n$prompt$" { pass "$test" } + timeout { pass "$test" } + } + send "lindex \$p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} { + perror "$test: unexpected failure on get policy" + return + } + + send "lindex \$p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { [expr "$oldref - 1"] != $newref } { + fail "$test: policy reference count is wrong" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test20 + +test "modify-principal 21" +proc test21 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal_pol "$test/a" "test-pol"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol-nopw old_p2}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol-nopw] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$old_p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + send "lindex \$old_p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set old_p2_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + + if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol-nopw new_p2}]} { + perror "$test: unexpected failure on get policy" + return + } + + send "lindex \$new_p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + send "lindex \$new_p2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set new_p2_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { [expr "$old_p1_ref - 1"] != $new_p1_ref } { + fail "$test: policy reference count is wrong" + return; + } + if { [expr "$old_p2_ref + 1"] != $new_p2_ref } { + fail "$test: policy reference count is wrong" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test21 + +test "modify-principal 21.5" +proc test21.5 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal_pol "$test/a" "test-pol"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$old_p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + + if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} { + perror "$test: unexpected failure on get policy" + return + } + + send "lindex \$new_p1 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + + if {$old_p1_ref != $new_p1_ref} { + fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)" + return + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test21.5 + +test "modify-principal 22" +proc test22 {} { + global test + global prompt + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modifiy failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test22 + +test "modify-principal 23" +proc test23 {} { + global test + global prompt + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" test-pol-nopw])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modifiy failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test23 + +test "modify-principal 24" +proc test24 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" "test-pol" ])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + error_and_restart "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: could not modify principal" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + if { ! [cmd [format { + kadm5_get_policy $server_handle %s policy + } test-pol]]} { + error_and_restart "$test: cannot retrieve policy" + return + } + send "lindex \$principal 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting mod_date" + return + } + eof { + error_and_restart "$test: eof getting pw_mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { $pw_expire != 0 } { + fail "$test: pw_expire $pw_expire should be 0" + return + } else { + pass "$test" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test24 + +test "modify-principal 25" +proc test25 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "1234\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test25 + +test "modify-principal 26" +proc test26 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" "test-pol-nopw" ])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "1234\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test26 + +test "modify-principal 27" +proc test27 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" "test-pol" ])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "1234\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test27 + +test "modify-principal 28" +proc test28 {} { + global test + global prompt +# set prms_id 1358 +# setup_xfail {*-*-*} $prms_id + + if {! (( [principal_exists "$test/a"]) || + [create_principal_pol "$test/a" "test-pol" ])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { + error_and_restart "$test: cannot retrieve policy" + return + } + send "lindex \$principal 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_mod_date" + return + } + eof { + error_and_restart "$test: eof getting pw_mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { $pw_expire != 999999999 } { + fail "$test: pw_expire $pw_expire should be 999999999" + return + } + pass "$test" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test28 + +test "modify-principal 29" +proc test29 {} { + global test + global prompt + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { ! ([create_principal_pol "$test/a" test-pol])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_POLICY_CLR} + } $test]]} { + fail "$test: modifiy failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test29 + +test "modify-principal 30" +proc test30 {} { + global test + global prompt + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal_pol "$test/a" test-pol])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol-nopw] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 3\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test30 + +test "modify-principal 31" +proc test31 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_POLICY} + } $test]]} { + fail "modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { + error_and_restart "$test: cannot retrieve policy" + return + } + send "lindex \$principal 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_mod_date" + return + } + eof { + error_and_restart "$test: eof getting pw_mod_date" + return + } + } + + send "lindex \$principal 3\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_expire" + return + } + eof { + error_and_restart "$test: eof getting pw_expire" + return + } + } + + send "lindex \$policy 2\n" + expect { + -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting pw_max_life" + return + } + eof { + error_and_restart "$test: eof getting pw_max_life" + return + } + } + if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } { + fail "$test: pw_expire is wrong" + return + } + + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test31 + +test "modify-principal 32" +proc test32 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \ + {KADM5_PRINC_EXPIRE_TIME} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 1\n" + expect { + -re "1234\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test32 + +test "modify-principal 33" +proc test33 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \ + {KADM5_ATTRIBUTES} + } $test]]} { + fail "$test: modified fail" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 7\n" + expect { + -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test33 + +test "modify-principal 33.25" +proc test3325 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \ + {KADM5_ATTRIBUTES} + } $test]]} { + fail "$test: modified fail" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 7\n" + expect { + -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test3325 + +test "modify-principal 33.5" +proc test335 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \ + {KADM5_ATTRIBUTES} + } $test]]} { + fail "$test: modified fail" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 7\n" + expect { + -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test335 + + +test "modify-principal 34" +proc test34 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {KADM5_MAX_LIFE} + } $test]]} { + fail "$test: modify failed" + return + } + + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 4\n" + expect { + -re "3456\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test34 + +test "modify-principal 35" +proc test35 {} { + global prompt + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {KADM5_KVNO} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 8\n" + expect { + -re "7\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test35 + +test "modify-principal 36" +proc test36 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal_pol "$test/a" "test-pol"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol pol}]} { + perror "$test: unexpected failure on get policy" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + test-pol] {KADM5_POLICY} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 10\n" + expect { + -re "test-pol\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + send "lindex \$pol 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { ! [cmd {kadm5_get_policy $server_handle test-pol pol2}]} { + perror "$test: unexpected failure on get policy" + return + } + send "lindex \$pol2 6\n" + expect { + -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting principal kvno (second time)" + return + } + eof { + error_and_restart "$test: eof getting principal kvno (second time)" + return + } + } + if { $oldref != $newref } { + fail "$test: policy reference count is wrong" + return; + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test36 + +test "modify-principal 37" +proc test37 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if { !( [create_principal "$test/a"])} { + error_and_restart "$test: could not create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_POLICY_CLR} + } $test]]} { + fail "$test: modify failed" + return + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test37 + +test "modify-principal 38" +proc test38 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_PRINC_EXPIRE_TIME} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 1\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test38 + +test "modify-principal 39" +proc test39 {} { + global test + global prompt + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! ([create_principal "$test/a"])} { + perror "$test: unexpected failure in creating principal" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ + {KADM5_MAX_LIFE} + } $test]]} { + fail "$test: modify failed" + return + } + if {! [cmd [format { + kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK + } $test]]} { + error_and_restart "$test: could not retrieve principal" + return + } + send "lindex \$principal 4\n" + expect { + -re "0\n$prompt$" { pass "$test" } + timeout { fail "$test" } + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test39 + +test "modify-principal 40" +proc test40 {} { + global test + global prompt + + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_modify_principal $server_handle null \ + {KADM5_PRINC_EXPIRE_TIME} + } "EINVAL" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test40 + +test "modify-principal 43" +proc test43 {} { + global test + one_line_fail_test [format { + kadm5_modify_principal null [simple_principal \ + "%s/a"] {KADM5_PW_EXPIRATION} + } $test] "BAD_SERVER_HANDLE" +} +test43 + +test "modify-principal 44" +proc test44 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + # setting fail auth count to a non-zero value must fail + one_line_fail_test [format { + kadm5_modify_principal $server_handle \ + {"%s/a" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1234 0 0 {} {}} {KADM5_FAIL_AUTH_COUNT} + } $test] "BAD_SERVER_PARAMS" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test44 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp new file mode 100644 index 0000000..ee652cb --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp @@ -0,0 +1,62 @@ +load_lib lib.t +api_exit +api_start + +test "randkey-principal 100" +proc test100 {} { + global test prompt + + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal "$test/a"]} { + error_and_restart "$test: creating principal" + return + } + + # I'd like to specify a long list of keysalt tuples and make sure + # that randkey does the right thing, but we can only use those + # enctypes that krbtgt has a key for: des-cbc-crc:normal and + # des-cbc-crc:v4, according to the prototype kdc.conf. + if {! [cmd [format { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test]]} { + perror "$test: unexpected failure in randkey_principal" + } + send "puts \$num_keys\n" + expect { + -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } + timeout { + error_and_restart "$test: timeout getting num_keys" + return + } + eof { + error_and_restart "$test: eof getting num_keys" + return + } + } + + # XXX Perhaps I should actually check the key type returned. + if {$num_keys == 2} { + pass "$test" + } else { + fail "$test: $num_keys keys, should be 2" + } + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test100 + +return "" diff --git a/src/lib/kadm5/unit-test/api.3/randkey-principal.exp b/src/lib/kadm5/unit-test/api.3/randkey-principal.exp new file mode 100644 index 0000000..f003863 --- /dev/null +++ b/src/lib/kadm5/unit-test/api.3/randkey-principal.exp @@ -0,0 +1,319 @@ +load_lib lib.t +api_exit +api_start + +test "randkey-principal 1" +proc test1 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd [format { + kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test $test]]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] "PASS_TOOSOON" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test1 } + +test "randkey-principal 3" +proc test3 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd [format { + kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test $test]]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] "PASS_TOOSOON" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if ${RPC} { test3 } + +test "randkey-principal 13" +proc test13 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + if {! [cmd [format { + kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ + once-a-min] KADM5_POLICY + } $test]]} { + perror "$test: failed modify" + return + } + one_line_succeed_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test13 + +test "randkey-principal 15" +proc test15 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal_pol "$test/a" once-a-min]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] "AUTH_CHANGEPW" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if { $RPC } { test15 } + +test "randkey-principal 28" +proc test28 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test28 + +test "randkey-principal 28.25" +proc test2825 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] "AUTH" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +if {$RPC} { test2825 } + +test "randkey-principal 28.5" +proc test285 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [cmd { + kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test285 + +test "randkey-principal 30" +proc test30 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't delete principal \"$test/a\"" + return + } + if {! [create_principal "$test/a"]} { + error_and_restart "$test: creating principal" + return + } + if {! [cmd [format { + kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test $test]]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test30 + +test "randkey-principal 31" +proc test31 {} { + global test + if {! (( ! [principal_exists "$test/a"]) || + [delete_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if {! [create_principal "$test/a"]} { + error_and_restart "$test: creating principal" + return + } + + if {! [cmd [format { + kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + } $test $test]]} { + perror "$test: unexpected failure in init" + return + } + one_line_succeed_test [format { + kadm5_randkey_principal $server_handle "%s/a" keys num_keys + } $test] + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test31 + +test "randkey-principal 32" +proc test32 {} { + global test + + if { ! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test { + kadm5_randkey_principal $server_handle kadmin/history keys num_keys + } "PROTECT" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} +test32 + +test "randkey-principal 33" +proc test33 {} { + global test + if {! (( [principal_exists "$test/a"]) || + [create_principal "$test/a"])} { + error_and_restart "$test: couldn't create principal \"$test/a\"" + return + } + if { ! [cmd { + kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ + server_handle + }]} { + perror "$test: unexpected failure in init" + return + } + one_line_fail_test [format { + kadm5_randkey_principal null "%s/a" keys num_keys + } $test] "BAD_SERVER_HANDLE" + if { ! [cmd {kadm5_destroy $server_handle}]} { + perror "$test: unexpected failure in destroy" + return + } +} + +test33 + +return "" diff --git a/src/lib/kadm5/unit-test/config/unix.exp b/src/lib/kadm5/unit-test/config/unix.exp index 0bbd72d..996e2b0 100644 --- a/src/lib/kadm5/unit-test/config/unix.exp +++ b/src/lib/kadm5/unit-test/config/unix.exp @@ -157,7 +157,7 @@ proc api_start {} { eof { perror "EOF setting API varibles"} timeout { perror "timeout setting API varibles"} } - send "set current_api_version \[expr \$KADM5_API_VERSION_2 &~ \$KADM5_API_VERSION_MASK\]\n" + send "set current_api_version \[expr \$KADM5_API_VERSION_3 &~ \$KADM5_API_VERSION_MASK\]\n" expect { -re "$prompt$" {} eof { perror "EOF setting API varibles"} diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c index e9dd25a..9aabb1a 100644 --- a/src/lib/kadm5/unit-test/destroy-test.c +++ b/src/lib/kadm5/unit-test/destroy-test.c @@ -27,7 +27,7 @@ int main() } for(x = 0; x < TEST_NUM; x++) { ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); if(ret != KADM5_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c index b5bc82f..6c26e5f 100644 --- a/src/lib/kadm5/unit-test/handle-test.c +++ b/src/lib/kadm5/unit-test/handle-test.c @@ -25,7 +25,7 @@ int main(int argc, char *argv[]) kadm5_init_krb5_context(&context); ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); if(ret != KADM5_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c index 8c7527c..cfa7937 100644 --- a/src/lib/kadm5/unit-test/init-test.c +++ b/src/lib/kadm5/unit-test/init-test.c @@ -20,7 +20,7 @@ int main() exit(1); } ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); if (ret == KADM5_RPC_ERROR) exit(0); diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c index e3e0b74..be15407 100644 --- a/src/lib/kadm5/unit-test/iter-test.c +++ b/src/lib/kadm5/unit-test/iter-test.c @@ -22,7 +22,7 @@ int main(int argc, char **argv) exit(1); } ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); if (ret != KADM5_OK) { com_err("iter-test", ret, "while initializing"); diff --git a/src/lib/kadm5/unit-test/lib/lib.t b/src/lib/kadm5/unit-test/lib/lib.t index 9537fc3..1cd1e04 100644 --- a/src/lib/kadm5/unit-test/lib/lib.t +++ b/src/lib/kadm5/unit-test/lib/lib.t @@ -19,7 +19,7 @@ proc lib_start_api {} { set lib_pid [api_start] if {! [cmd { kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ + $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ lib_handle }]} { perror "$test: unexpected failure in init" diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c index a9c9d98..4e6787a 100644 --- a/src/lib/kadm5/unit-test/randkey-test.c +++ b/src/lib/kadm5/unit-test/randkey-test.c @@ -23,7 +23,7 @@ int main() krb5_parse_name(context, "testuser", &tprinc); ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &server_handle); if(ret != KADM5_OK) { com_err("test", ret, "init"); diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c index 27bd7b7..1dadfc7 100644 --- a/src/lib/kadm5/unit-test/setkey-test.c +++ b/src/lib/kadm5/unit-test/setkey-test.c @@ -119,7 +119,7 @@ main(int argc, char **argv) } ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL, - KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL, + KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL, &handle); if (ret) { com_err(whoami, ret, "while initializing connection"); |