aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kadm5
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2009-10-25 16:55:12 +0000
committerGreg Hudson <ghudson@mit.edu>2009-10-25 16:55:12 +0000
commit8d31a9d396f5bea88def4db395ad12dca2ac2e9f (patch)
tree244f8f5b525432a2a2a280403f38d7b2fbdc0dfd /src/lib/kadm5
parentb82e46df9b6cbf663512985a99c6d79f2b0cb796 (diff)
downloadkrb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.zip
krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.gz
krb5-8d31a9d396f5bea88def4db395ad12dca2ac2e9f.tar.bz2
Account lockout
Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5')
-rw-r--r--src/lib/kadm5/admin.h13
-rw-r--r--src/lib/kadm5/admin_internal.h2
-rw-r--r--src/lib/kadm5/clnt/client_init.c12
-rw-r--r--src/lib/kadm5/kadm_rpc_xdr.c51
-rw-r--r--src/lib/kadm5/server_internal.h5
-rw-r--r--src/lib/kadm5/srv/server_init.c2
-rw-r--r--src/lib/kadm5/srv/server_kdb.c3
-rw-r--r--src/lib/kadm5/srv/svr_policy.c33
-rw-r--r--src/lib/kadm5/srv/svr_principal.c37
-rw-r--r--src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp11
-rw-r--r--src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp68
-rw-r--r--src/lib/kadm5/unit-test/api.3/chpass-principal.exp176
-rw-r--r--src/lib/kadm5/unit-test/api.3/crte-policy.exp956
-rw-r--r--src/lib/kadm5/unit-test/api.3/crte-principal.exp1336
-rw-r--r--src/lib/kadm5/unit-test/api.3/destroy.exp203
-rw-r--r--src/lib/kadm5/unit-test/api.3/dlte-policy.exp207
-rw-r--r--src/lib/kadm5/unit-test/api.3/dlte-principal.exp329
-rw-r--r--src/lib/kadm5/unit-test/api.3/get-policy.exp199
-rw-r--r--src/lib/kadm5/unit-test/api.3/get-principal-v2.exp250
-rw-r--r--src/lib/kadm5/unit-test/api.3/get-principal.exp346
-rw-r--r--src/lib/kadm5/unit-test/api.3/init-v2.exp515
-rw-r--r--src/lib/kadm5/unit-test/api.3/init.exp732
-rw-r--r--src/lib/kadm5/unit-test/api.3/mod-policy.exp739
-rw-r--r--src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp115
-rw-r--r--src/lib/kadm5/unit-test/api.3/mod-principal.exp1971
-rw-r--r--src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp62
-rw-r--r--src/lib/kadm5/unit-test/api.3/randkey-principal.exp319
-rw-r--r--src/lib/kadm5/unit-test/config/unix.exp2
-rw-r--r--src/lib/kadm5/unit-test/destroy-test.c2
-rw-r--r--src/lib/kadm5/unit-test/handle-test.c2
-rw-r--r--src/lib/kadm5/unit-test/init-test.c2
-rw-r--r--src/lib/kadm5/unit-test/iter-test.c2
-rw-r--r--src/lib/kadm5/unit-test/lib/lib.t2
-rw-r--r--src/lib/kadm5/unit-test/randkey-test.c2
-rw-r--r--src/lib/kadm5/unit-test/setkey-test.c2
35 files changed, 8672 insertions, 36 deletions
diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index 9c98a06..5105c5e 100644
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -112,8 +112,8 @@ typedef long kadm5_ret_t;
#endif
#define KADM5_LOAD 0x200000
-/* all but KEY_DATA and TL_DATA */
-#define KADM5_PRINCIPAL_NORMAL_MASK 0x01ffff
+/* all but KEY_DATA, TL_DATA, LOAD */
+#define KADM5_PRINCIPAL_NORMAL_MASK 0x41ffff
/* kadm5_policy_ent_t */
@@ -123,6 +123,9 @@ typedef long kadm5_ret_t;
#define KADM5_PW_MIN_CLASSES 0x020000
#define KADM5_PW_HISTORY_NUM 0x040000
#define KADM5_REF_COUNT 0x080000
+#define KADM5_PW_MAX_FAILURE 0x100000
+#define KADM5_PW_FAILURE_COUNT_INTERVAL 0x200000
+#define KADM5_PW_LOCKOUT_DURATION 0x400000
/* kadm5_config_params */
#define KADM5_CONFIG_REALM 0x00000001
@@ -176,6 +179,7 @@ typedef long kadm5_ret_t;
#define KADM5_API_VERSION_MASK 0x12345700
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
+#define KADM5_API_VERSION_3 (KADM5_API_VERSION_MASK|0x03)
typedef struct _kadm5_principal_ent_t {
krb5_principal principal;
@@ -210,6 +214,11 @@ typedef struct _kadm5_policy_ent_t {
long pw_min_classes;
long pw_history_num;
long policy_refcnt;
+
+ /* version 3 fields */
+ krb5_kvno pw_max_fail;
+ krb5_deltat pw_failcnt_interval;
+ krb5_deltat pw_lockout_duration;
} kadm5_policy_ent_rec, *kadm5_policy_ent_t;
/*
diff --git a/src/lib/kadm5/admin_internal.h b/src/lib/kadm5/admin_internal.h
index 69e7bd6..f08325c 100644
--- a/src/lib/kadm5/admin_internal.h
+++ b/src/lib/kadm5/admin_internal.h
@@ -31,7 +31,7 @@
return KADM5_BAD_API_VERSION; \
if (srvr->api_version < KADM5_API_VERSION_2) \
return old_api_version; \
- if (srvr->api_version > KADM5_API_VERSION_2) \
+ if (srvr->api_version > KADM5_API_VERSION_3) \
return new_api_version; \
}
diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
index cc48a8c..0b817b8 100644
--- a/src/lib/kadm5/clnt/client_init.c
+++ b/src/lib/kadm5/clnt/client_init.c
@@ -205,7 +205,7 @@ static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name,
handle->destroy_cache = 0;
handle->context = 0;
*handle->lhandle = *handle;
- handle->lhandle->api_version = KADM5_API_VERSION_2;
+ handle->lhandle->api_version = KADM5_API_VERSION_3;
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
@@ -361,6 +361,16 @@ static kadm5_ret_t _kadm5_init_any(krb5_context context, char *client_name,
#endif
goto error;
}
+ /* Drop down to v2 wire protocol if server does not support v3 */
+ if (r->code == KADM5_NEW_SERVER_API_VERSION &&
+ handle->api_version == KADM5_API_VERSION_3) {
+ handle->api_version = KADM5_API_VERSION_2;
+ r = init_2(&handle->api_version, handle->clnt);
+ if (r == NULL) {
+ code = KADM5_RPC_ERROR;
+ goto error;
+ }
+ }
if (r->code) {
code = r->code;
goto error;
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index c357dbf..8ddf33a 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -14,6 +14,9 @@
static bool_t
_xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
int v);
+static bool_t
+_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers);
+
/*
* Function: xdr_ui_4
*
@@ -383,14 +386,14 @@ xdr_kadm5_ret_t(XDR *xdrs, kadm5_ret_t *objp)
bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
kadm5_principal_ent_rec *objp)
{
- return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_2);
+ return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_3);
}
static bool_t
_xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
int v)
{
- unsigned int n;
+ unsigned int n;
if (!xdr_krb5_principal(xdrs, &objp->principal)) {
return (FALSE);
@@ -457,11 +460,12 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp,
xdr_krb5_key_data_nocontents)) {
return (FALSE);
}
+
return (TRUE);
}
-bool_t
-xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp)
+static bool_t
+_xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers)
{
if (!xdr_nullstring(xdrs, &objp->policy)) {
return (FALSE);
@@ -487,16 +491,35 @@ xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp)
if (!xdr_long(xdrs, &objp->policy_refcnt)) {
return (FALSE);
}
+ if (vers == KADM5_API_VERSION_3) {
+ if (!xdr_krb5_kvno(xdrs, &objp->pw_max_fail))
+ return (FALSE);
+ if (!xdr_krb5_deltat(xdrs, &objp->pw_failcnt_interval))
+ return (FALSE);
+ if (!xdr_krb5_deltat(xdrs, &objp->pw_lockout_duration))
+ return (FALSE);
+ } else if (xdrs->x_op == XDR_DECODE) {
+ objp->pw_max_fail = 0;
+ objp->pw_failcnt_interval = 0;
+ objp->pw_lockout_duration = 0;
+ }
return (TRUE);
}
bool_t
+xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp)
+{
+ return _xdr_kadm5_policy_ent_rec(xdrs, objp, KADM5_API_VERSION_3);
+}
+
+bool_t
xdr_cprinc_arg(XDR *xdrs, cprinc_arg *objp)
{
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
@@ -514,7 +537,8 @@ xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp)
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
@@ -563,7 +587,8 @@ xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp)
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
@@ -799,7 +824,8 @@ xdr_gprinc_ret(XDR *xdrs, gprinc_ret *objp)
return (FALSE);
}
if(objp->code == KADM5_OK) {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_principal_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
}
@@ -813,7 +839,8 @@ xdr_cpol_arg(XDR *xdrs, cpol_arg *objp)
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
@@ -840,7 +867,8 @@ xdr_mpol_arg(XDR *xdrs, mpol_arg *objp)
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec)) {
+ if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+ objp->api_version)) {
return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
@@ -871,7 +899,8 @@ xdr_gpol_ret(XDR *xdrs, gpol_ret *objp)
return (FALSE);
}
if(objp->code == KADM5_OK) {
- if (!xdr_kadm5_policy_ent_rec(xdrs, &objp->rec))
+ if (!_xdr_kadm5_policy_ent_rec(xdrs, &objp->rec,
+ objp->api_version))
return (FALSE);
}
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h
index 4e890e8..c9bb073 100644
--- a/src/lib/kadm5/server_internal.h
+++ b/src/lib/kadm5/server_internal.h
@@ -111,12 +111,13 @@ extern krb5_principal current_caller;
KADM5_LAST_PWD_CHANGE | KADM5_ATTRIBUTES | KADM5_MAX_LIFE | \
KADM5_MOD_TIME | KADM5_MOD_NAME | KADM5_KVNO | KADM5_MKVNO | \
KADM5_AUX_ATTRIBUTES | KADM5_POLICY_CLR | KADM5_POLICY | \
- KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA)
+ KADM5_MAX_RLIFE | KADM5_TL_DATA | KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT )
#define ALL_POLICY_MASK \
(KADM5_POLICY | KADM5_PW_MAX_LIFE | KADM5_PW_MIN_LIFE | \
KADM5_PW_MIN_LENGTH | KADM5_PW_MIN_CLASSES | KADM5_PW_HISTORY_NUM | \
- KADM5_REF_COUNT)
+ KADM5_REF_COUNT | KADM5_PW_MAX_FAILURE | KADM5_PW_FAILURE_COUNT_INTERVAL | \
+ KADM5_PW_LOCKOUT_DURATION )
#define SERVER_CHECK_HANDLE(handle) \
{ \
diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c
index 47bc22c..d5426f8 100644
--- a/src/lib/kadm5/srv/server_init.c
+++ b/src/lib/kadm5/srv/server_init.c
@@ -273,7 +273,7 @@ kadm5_ret_t kadm5_init(krb5_context context, char *client_name, char *pass,
return ENOMEM;
}
*handle->lhandle = *handle;
- handle->lhandle->api_version = KADM5_API_VERSION_2;
+ handle->lhandle->api_version = KADM5_API_VERSION_3;
handle->lhandle->struct_version = KADM5_STRUCT_VERSION;
handle->lhandle->lhandle = handle->lhandle;
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index 47f00c0..fe2020d 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -395,6 +395,9 @@ kdb_put_entry(kadm5_server_handle_t handle,
one = 1;
+ /* we are always updating TL data */
+ kdb->mask |= KADM5_TL_DATA;
+
ret = krb5_db_put_principal(handle->context, kdb, &one);
if (ret)
return(ret);
diff --git a/src/lib/kadm5/srv/svr_policy.c b/src/lib/kadm5/srv/svr_policy.c
index 5b7828c..0d8c5ce 100644
--- a/src/lib/kadm5/srv/svr_policy.c
+++ b/src/lib/kadm5/srv/svr_policy.c
@@ -140,6 +140,26 @@ kadm5_create_policy_internal(void *server_handle,
pent.policy_refcnt = 0;
else
pent.policy_refcnt = entry->policy_refcnt;
+
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ if (!(mask & KADM5_PW_MAX_FAILURE))
+ pent.pw_max_fail = 0;
+ else
+ pent.pw_max_fail = entry->pw_max_fail;
+ if (!(mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+ pent.pw_failcnt_interval = 0;
+ else
+ pent.pw_failcnt_interval = entry->pw_failcnt_interval;
+ if (!(mask & KADM5_PW_LOCKOUT_DURATION))
+ pent.pw_lockout_duration = 0;
+ else
+ pent.pw_lockout_duration = entry->pw_lockout_duration;
+ } else {
+ pent.pw_max_fail = 0;
+ pent.pw_failcnt_interval = 0;
+ pent.pw_lockout_duration = 0;
+ }
+
if ((ret = krb5_db_create_policy(handle->context, &pent)))
return ret;
else
@@ -248,6 +268,14 @@ kadm5_modify_policy_internal(void *server_handle,
}
if ((mask & KADM5_REF_COUNT))
p->policy_refcnt = entry->policy_refcnt;
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ if ((mask & KADM5_PW_MAX_FAILURE))
+ p->pw_max_fail = entry->pw_max_fail;
+ if ((mask & KADM5_PW_FAILURE_COUNT_INTERVAL))
+ p->pw_failcnt_interval = entry->pw_failcnt_interval;
+ if ((mask & KADM5_PW_LOCKOUT_DURATION))
+ p->pw_lockout_duration = entry->pw_lockout_duration;
+ }
ret = krb5_db_put_policy(handle->context, p);
krb5_db_free_policy(handle->context, p);
return ret;
@@ -286,6 +314,11 @@ kadm5_get_policy(void *server_handle, kadm5_policy_t name,
entry->pw_min_classes = t->pw_min_classes;
entry->pw_history_num = t->pw_history_num;
entry->policy_refcnt = t->policy_refcnt;
+ if (handle->api_version == KADM5_API_VERSION_3) {
+ entry->pw_max_fail = t->pw_max_fail;
+ entry->pw_failcnt_interval = t->pw_failcnt_interval;
+ entry->pw_lockout_duration = t->pw_lockout_duration;
+ }
krb5_db_free_policy(handle->context, t);
return KADM5_OK;
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 1a60f52..7ba89ec 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -650,8 +650,6 @@ kadm5_modify_principal(void *server_handle,
kdb.pw_expiration = entry->pw_expiration;
if (mask & KADM5_MAX_RLIFE)
kdb.max_renewable_life = entry->max_renewable_life;
- if (mask & KADM5_FAIL_AUTH_COUNT)
- kdb.fail_auth_count = entry->fail_auth_count;
if((mask & KADM5_KVNO)) {
for (i = 0; i < kdb.n_key_data; i++)
@@ -674,6 +672,20 @@ kadm5_modify_principal(void *server_handle,
}
}
+ /*
+ * Setting entry->fail_auth_count to 0 can be used to manually unlock
+ * an account. It is not possible to set fail_auth_count to any other
+ * value using kadmin.
+ */
+ if (mask & KADM5_FAIL_AUTH_COUNT) {
+ if (entry->fail_auth_count != 0) {
+ ret = KADM5_BAD_SERVER_PARAMS;
+ goto done;
+ }
+
+ kdb.fail_auth_count = 0;
+ }
+
/* let the mask propagate to the database provider */
kdb.mask = mask;
@@ -1443,8 +1455,13 @@ kadm5_chpass_principal_3(void *server_handle,
if (ret)
goto done;
+ /* unlock principal on this KDC */
+ kdb.fail_auth_count = 0;
+
/* key data and attributes changed, let the database provider know */
- kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES /* | KADM5_CPW_FUNCTION */;
+ kdb.mask = KADM5_KEY_DATA | KADM5_ATTRIBUTES |
+ KADM5_FAIL_AUTH_COUNT;
+ /* | KADM5_CPW_FUNCTION */
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
@@ -1576,7 +1593,10 @@ kadm5_randkey_principal_3(void *server_handle,
if (ret)
goto done;
- if (keyblocks) {
+ /* unlock principal on this KDC */
+ kdb.fail_auth_count = 0;
+
+ if (keyblocks) {
ret = decrypt_key_data(handle->context, act_mkey,
kdb.n_key_data, kdb.key_data,
keyblocks, n_keys);
@@ -1585,7 +1605,8 @@ kadm5_randkey_principal_3(void *server_handle,
}
/* key data changed, let the database provider know */
- kdb.mask = KADM5_KEY_DATA /* | KADM5_RANDKEY_USED */;
+ kdb.mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
+ /* | KADM5_RANDKEY_USED */;
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
@@ -1753,6 +1774,9 @@ kadm5_setv4key_principal(void *server_handle,
if (ret)
goto done;
+ /* unlock principal on this KDC */
+ kdb.fail_auth_count = 0;
+
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
@@ -1990,6 +2014,9 @@ kadm5_setkey_principal_3(void *server_handle,
if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)))
goto done;
+ /* unlock principal on this KDC */
+ kdb.fail_auth_count = 0;
+
if ((ret = kdb_put_entry(handle, &kdb, &adb)))
goto done;
diff --git a/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp b/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp
index 44c835e..9d65410 100644
--- a/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp
+++ b/src/lib/kadm5/unit-test/api.2/mod-principal-v2.exp
@@ -42,11 +42,12 @@ proc test100_104 {} {
{KADM5_LAST_FAILED}
} $origtest] "BAD_MASK"
- test "modify-principal 103"
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_FAIL_AUTH_COUNT}
- } $origtest] "BAD_MASK"
+# This is now permitted to reset lockout count
+# test "modify-principal 103"
+# one_line_fail_test [format {
+# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+# {KADM5_FAIL_AUTH_COUNT}
+# } $origtest] "BAD_MASK"
test "modify-principal 103.5"
one_line_fail_test [format {
diff --git a/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp
new file mode 100644
index 0000000..8361fb0
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/chpass-principal-v2.exp
@@ -0,0 +1,68 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "chpass-principal 200"
+proc test200 {} {
+ global test prompt
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal "$test/a"]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ # I'd like to specify a long list of keysalt tuples and make sure
+ # that chpass does the right thing, but we can only use those
+ # enctypes that krbtgt has a key for: des-cbc-crc:normal and
+ # des-cbc-crc:v4, according to the prototype kdc.conf.
+ if {! [cmd [format {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_chpass_principal $server_handle "%s/a" newpassword
+ } $test]]} {
+ perror "$test: unexpected failure in chpass_principal"
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" p \
+ {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
+ } $test]]} {
+ perror "$test: unexpected failure in get_principal"
+ }
+ send "lindex \$p 16\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_keys"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_keys"
+ return
+ }
+ }
+
+ # XXX Perhaps I should actually check the key type returned.
+ if {$num_keys == 3} {
+ pass "$test"
+ } else {
+ fail "$test: $num_keys keys, should be 3"
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test200
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/chpass-principal.exp b/src/lib/kadm5/unit-test/api.3/chpass-principal.exp
new file mode 100644
index 0000000..53a96e5
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/chpass-principal.exp
@@ -0,0 +1,176 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "chpass-principal 180"
+proc test180 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_chpass_principal $server_handle "%s/a" FoobarBax
+ } $test]
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test180 }
+
+test "chpass-principal 180.5"
+proc test1805 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_chpass_principal $server_handle "%s/a" FoobarBax
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test1805 }
+
+#
+# admin with changepw service tickets try to change other principals
+# password, failes with AUTH error
+test "chpass-principal 180.625"
+proc test180625 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_chpass_principal $server_handle "%s/a" password
+ } $test] "AUTH"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test180625 }
+
+test "chpass-principal 180.75"
+proc test18075 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_chpass_principal $server_handle "%s/a" Foobar
+ } $test] "AUTH_CHANGEPW"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test18075 }
+
+test "chpass-principal 182"
+proc test182 {} {
+ global test
+
+ if { ! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_chpass_principal $server_handle kadmin/history password
+ } "PROTECT"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test182
+
+test "chpass-principal 183"
+proc test183 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if { ! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_chpass_principal null "%s/a" password
+ } $test] "BAD_SERVER_HANDLE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test183
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/crte-policy.exp b/src/lib/kadm5/unit-test/api.3/crte-policy.exp
new file mode 100644
index 0000000..017bc31
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/crte-policy.exp
@@ -0,0 +1,956 @@
+load_lib lib.t
+api_exit
+api_start
+
+# Description: (1) Fails for mask with undefined bit set.
+# 01/24/94: pshuang: untried.
+test "create-policy 1"
+proc test1 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete policy \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ 0xF01000
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test1
+
+# Description: (2) Fails if caller connected with CHANGEPW_SERVICE.
+test "create-policy 2"
+proc test2 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy";
+ return
+ }
+}
+if {$RPC} { test2 }
+
+# Description: (3) Fails for mask without POLICY bit set.
+# 01/24/94: pshuang: untried.
+test "create-policy 3"
+proc test3 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete policy \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ 0x000000
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test3
+
+# Description: (4) Fails for mask with REF_COUNT bit set.
+test "create-policy 4"
+proc test4 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete policy \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_REF_COUNT}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test4
+
+# Description: (5) Fails for invalid policy name.
+# 01/24/94: pshuang: untried.
+test "create-policy 5"
+proc test5 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/"] \
+ {KADM5_POLICY}
+ } $test] "BAD_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test5
+
+# Description: (6) Fails for existing policy name.
+test "create-policy 6"
+proc test6 {} {
+ global test
+# set prms_id 777
+# setup_xfail {*-*-*} $prms_id
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_create_policy $server_handle [simple_policy test-pol] \
+ {KADM5_POLICY}
+ } "DUP"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test6
+
+# Description: (7) Fails for null policy name.
+# 01/24/94: pshuang: untried.
+test "create-policy 7"
+proc test7 {} {
+ global test
+# set prms_id 1977
+# setup_xfail {*-*-*} $prms_id
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_create_policy $server_handle [simple_policy null] \
+ {KADM5_POLICY}
+ } "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test7
+
+# Description: (8) Fails for empty-string policy name.
+test "create-policy 8"
+proc test8 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_create_policy $server_handle [simple_policy ""] \
+ {KADM5_POLICY}
+ } "BAD_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test8
+
+# Description: (9) Accepts 0 for pw_min_life.
+test "create-policy 9"
+proc test9 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_PW_MIN_LIFE}
+ } $test]]} {
+ fail "$test: create failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 1\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test9
+
+# Description: (10) Accepts non-zero for pw_min_life.
+test "create-policy 10"
+proc test10 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \
+ {KADM5_POLICY KADM5_PW_MIN_LIFE}
+ } $test]]} {
+ fail "$test"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 1\n"
+ expect {
+ -re "32\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test10
+
+# Description: (11) Accepts 0 for pw_max_life.
+test "create-policy 11"
+proc test11 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_PW_MAX_LIFE}
+ } $test]]} {
+ fail "$test"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 2\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test11
+
+# Description: (12) Accepts non-zero for pw_max_life.
+test "create-policy 12"
+proc test12 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \
+ {KADM5_POLICY KADM5_PW_MAX_LIFE}
+ } $test]]} {
+ fail "$test"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 2\n"
+ expect {
+ -re "32\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test12
+
+# Description: (13) Rejects 0 for pw_min_length.
+test "create-policy 13"
+proc test13 {} {
+ global test
+ global prompt
+
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_PW_MIN_LENGTH}
+ } $test] "BAD_LENGTH"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test13
+
+# Description: (14) Accepts non-zero for pw_min_length.
+test "create-policy 14"
+proc test14 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \
+ {KADM5_POLICY KADM5_PW_MIN_LENGTH}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 3\n"
+ expect {
+ -re "8\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test14
+
+# Description: (15) Rejects 0 for pw_min_classes.
+test "create-policy 15"
+proc test15 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_PW_MIN_CLASSES}
+ } $test] "BAD_CLASS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test15
+
+# Description: (16) Accepts 1 for pw_min_classes.
+test "create-policy 16"
+proc test16 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \
+ {KADM5_POLICY KADM5_PW_MIN_CLASSES}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 4\n"
+ expect {
+ -re "1\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test16
+
+# Description: (17) Accepts 4 for pw_min_classes.
+test "create-policy 17"
+proc test17 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
+ {KADM5_POLICY KADM5_PW_MIN_CLASSES}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 4\n"
+ expect {
+ -re "5\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test17
+
+# Description: (18) Rejects 5 for pw_min_classes.
+test "create-policy 18"
+proc test18 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
+ {KADM5_POLICY KADM5_PW_MIN_CLASSES}
+ } $test] "BAD_CLASS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test18
+
+# Description: (19) Rejects 0 for pw_history_num.
+test "create-policy 19"
+proc test19 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY KADM5_PW_HISTORY_NUM}
+ } $test] "BAD_HISTORY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test19
+
+# Description: (20) Accepts 1 for pw_history_num.
+test "create-policy 20"
+proc test20 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
+ {KADM5_POLICY KADM5_PW_HISTORY_NUM}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retreuve policy"
+ return
+ }
+ send "lindex \$policy 5\n"
+ expect {
+ -re "1\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test20
+
+# Description: (21) Accepts 10 for pw_history_num.
+test "create-policy 21"
+proc test21 {} {
+ global test
+ global prompt
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
+ {KADM5_POLICY KADM5_PW_HISTORY_NUM}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 5\n"
+ expect {
+ -re "10\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test21
+
+# Description: (22) Fails for user with no access bits.
+test "create-policy 22"
+proc test22 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test22
+
+# Description: (23) Fails for user with "get" but not "add".
+test "create-policy 23"
+proc test23 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test23
+
+# Description: (24) Fails for user with "modify" but not "add".
+# 01/24/94: pshuang: untried.
+test "create-policy 24"
+proc test24 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test24
+
+# Description: (25) Fails for user with "delete" but not "add".
+# 01/24/94: pshuang: untried.
+test "create-policy 25"
+proc test25 {} {
+ global test
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test25
+
+# Description: Succeeds for user with "add".
+test "create-policy 26"
+proc test26 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test26
+
+# Description: Succeeds for user with "get" and "add".
+# 01/24/94: pshuang: untried.
+test "create-policy 27"
+proc test27 {} {
+ global test
+
+ if {! (( ! [policy_exists "$test/a"]) ||
+ [delete_policy "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_create_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test27
+
+# Description: (28) Rejects null policy argument.
+# 01/24/94: pshuang: untried.
+test "create-policy 28"
+proc test28 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_create_policy $server_handle null {KADM5_POLICY}
+ } "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test28
+
+test "create-policy 30"
+proc test30 {} {
+ global test
+ one_line_fail_test [format {
+ kadm5_create_policy null [simple_policy "%s/a"] \
+ {KADM5_POLICY}
+ } $test] "BAD_SERVER_HANDLE"
+}
+test30
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/crte-principal.exp b/src/lib/kadm5/unit-test/api.3/crte-principal.exp
new file mode 100644
index 0000000..774e204
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/crte-principal.exp
@@ -0,0 +1,1336 @@
+load_lib lib.t
+api_exit
+api_start
+
+#test "create-principal 1"
+#
+#proc test1 {} {
+# global test
+# begin_dump
+# one_line_fail_test [format {
+# kadm5_create_principal $server_handle \
+# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
+# } $test $test] "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test1
+
+# v2 create-principal 3 test, to avoid name conflict
+test "create-principal 1"
+proc test1 {} {
+ global test
+# set prms_id 777
+# setup_xfail {*-*-*} $prms_id
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} null
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test1
+
+test "create-principal 2"
+
+proc test2 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_create_principal $server_handle null \
+ {KADM5_PRINCIPAL} testpass
+ } "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test2
+
+test "create-principal 4"
+proc test4 {} {
+ global test
+
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} ""
+ } $test] "_Q_TOOSHORT"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test4
+
+test "create-principal 5"
+proc test5 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle \
+ [simple_principal "%s/a"] {0x100001} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test5
+
+test "create-principal 6"
+proc test6 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_LAST_PWD_CHANGE} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test6
+
+test "create-principal 7"
+proc test7 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MOD_TIME} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test7
+
+test "create-principal 8"
+proc test8 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MOD_NAME} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test8
+
+test "create-principal 9"
+proc test9 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MKVNO} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test9
+
+test "create-principal 10"
+proc test10 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_AUX_ATTRIBUTES} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test10
+
+test "create-principal 11"
+proc test11 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_POLICY_CLR} "%s/a"
+ } $test $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test11
+
+test "create-principal 12"
+proc test12 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+
+}
+if {$RPC} { test12 }
+
+test "create-principal 13"
+proc test13 {} {
+ global test
+ begin_dump
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+if {$RPC} { test13 }
+
+test "create-principal 14"
+proc test14 {} {
+ global test
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+if {$RPC} { test14 }
+
+test "create-principal 15"
+proc test15 {} {
+ global test
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+if {$RPC} { test15 }
+
+test "create-principal 16"
+proc test16 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+if {$RPC} { test16 }
+
+test "create-principal 17"
+proc test17 {} {
+ global test
+
+ begin_dump
+ if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "DUP"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test17
+
+test "create-principal 18"
+proc test18 {} {
+ global test
+
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY} tP
+ } $test] "_Q_TOOSHORT"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test18
+
+test "create-principal 19"
+proc test19 {} {
+ global test
+
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY} testpassword
+ } $test] "_Q_CLASS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test19
+
+test "create-principal 20"
+proc test20 {} {
+ global test
+
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY} Abyssinia
+ } $test] "_Q_DICT"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test20
+
+test "create-principal 21"
+proc test21 {} {
+ global test
+
+ begin_dump
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" non-existant-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary
+ } $test] "UNK_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ end_dump_compare "no-diffs"
+}
+test21
+
+test "create-principal 23"
+proc test23 {} {
+ global test
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ one_line_succeed_test \
+ [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test23
+
+test "create-principal 24"
+proc test24 {} {
+ global test
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/rename admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ one_line_succeed_test \
+ [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test24 }
+
+
+test "create-principal 28"
+proc test28 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return
+ }
+ send "lindex \$principal 10\n"
+ expect {
+ -re "test-pol.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test28
+
+test "create-principal 29"
+proc test29 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL KADM5_PRINC_EXPIRE_TIME} \
+ inTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 1\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test29
+
+test "create-principal 30"
+proc test30 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
+ NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test30
+
+test "create-principal 31"
+proc test31 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol-nopw] \
+ {KADM5_PRINCIPAL KADM5_POLICY \
+ KADM5_PW_EXPIRATION} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test31
+
+test "create-principal 32"
+proc test32 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ [princ_w_pol "%s/a" test-pol] \
+ {KADM5_PRINCIPAL KADM5_POLICY \
+ KADM5_PW_EXPIRATION} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+
+ send "lindex \$principal 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { $pw_expire != 0 } {
+ fail "$test: pw_expire $pw_expire should be 0"
+ return
+ } else {
+ pass "$test"
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test32
+
+test "create-principal 33"
+proc test33 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \
+ {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
+ NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test33
+
+test "create-principal 34"
+proc test34 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \
+ {KADM5_PRINCIPAL KADM5_POLICY \
+ KADM5_PW_EXPIRATION} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test34
+
+test "create-principal 35"
+proc test35 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \
+ {KADM5_PRINCIPAL KADM5_POLICY \
+ KADM5_PW_EXPIRATION} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test35
+
+test "create-principal 36"
+proc test36 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle \
+ {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \
+ {KADM5_PRINCIPAL KADM5_POLICY \
+ KADM5_PW_EXPIRATION} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol policy} ]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+
+ send "lindex \$principal 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { $pw_expire != 999999999 } {
+ fail "$test: pw_expire is wrong"
+ return
+ } else {
+ pass "$test"
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test36
+
+test "create-principal 37"
+proc test37 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test37
+
+test "create-principal 38"
+proc test38 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol-nopw] {KADM5_PRINCIPAL KADM5_POLICY} \
+ NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test38
+
+test "create-principal 39"
+proc test39 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_PRINCIPAL KADM5_POLICY} \
+ NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if { ! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: cannot not retrieve principal"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+ send "lindex \$principal 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } {
+ fail "$test: pw_expire is wrong"
+ return
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test39
+
+test "create-principal 40"
+proc test40 {} {
+ global test
+ global prompt
+
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
+ NotinTheDictionary
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: can not retreive principal"
+ return;
+ }
+ send "lindex \$principal 4\n"
+ expect {
+ -re "0.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test40
+
+test "create-principal 43"
+proc test43 {} {
+ global test
+ one_line_fail_test [format {
+ kadm5_create_principal null \
+ [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
+ } $test $test] "BAD_SERVER_HANDLE"
+}
+test43
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/destroy.exp b/src/lib/kadm5/unit-test/api.3/destroy.exp
new file mode 100644
index 0000000..a3e2bfc
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/destroy.exp
@@ -0,0 +1,203 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "destroy 1"
+
+proc test1 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_destroy $server_handle}
+ end_dump_compare "no-diffs"
+}
+test1
+
+#test "destroy 2"
+#
+#proc test2 {} {
+# global test
+# begin_dump
+# if {! [cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }]} {
+# perror "$test: unexpected failure on init"
+# return
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# return
+# }
+# one_line_fail_test \
+# {kadm5_get_principal $server_handle admin principal} \
+# "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test2
+
+#test "destroy 3"
+#proc test3 {} {
+# global test
+#
+# begin_dump
+# if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
+# error_and_restart "$test couldn't delete principal \"$test/a\""
+# return
+# }
+# if {! [cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }]} {
+# perror "$test: unexpected failure on init"
+# return
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# return
+# }
+# one_line_fail_test [format {
+# kadm5_create_principal $server_handle \
+# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
+# } $test $test] "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test3
+
+#test "destroy 4"
+#proc test4 {} {
+# global test prompt
+#
+# if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} {
+# error_and_restart "$test: couldn't create principal \"$test/a\""
+# return
+# }
+# begin_dump
+# if {! ([cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }] &&
+# [cmd [format {
+# kadm5_get_principal $server_handle "%s/a" principal
+# } $test]])} {
+# error_and_restart "$test: error getting principal"
+# return;
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# return
+# }
+# one_line_fail_test [format {
+# kadm5_modify_principal $server_handle \
+# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO}
+# } $test "77"] "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test4
+
+#test "destroy 5"
+#
+#proc test5 {} {
+# global test
+#
+# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
+# error_and_restart "$test: couldn't create principal \"$test/a\""
+# return
+# }
+# begin_dump
+# if {! [cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }]} {
+# perror "$test: unexpected failure on init"
+# return
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# return
+# }
+# one_line_fail_test [format {
+# kadm5_delete_principal $server_handle "%s/a"
+# } $test] "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test5
+
+#test "destroy 6"
+#
+#proc test6 {} {
+# global test
+# begin_dump
+# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test6
+
+
+#test "destroy 7"
+#
+#proc test7 {} {
+# global test
+# begin_dump
+# if {! [cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }]} {
+# perror "$test: unexpected failure in init"
+# return
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# }
+# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT"
+# end_dump_compare "no-diffs"
+#}
+#test7
+
+test "destroy 8"
+proc test8 {} {
+ global test
+ begin_dump
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+ end_dump_compare "no-diffs"
+}
+test8
+
+test "destroy 9"
+proc test9 {} {
+ global test
+ one_line_fail_test {kadm5_destroy null} "BAD_SERVER_HANDLE"
+}
+test9
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/dlte-policy.exp b/src/lib/kadm5/unit-test/api.3/dlte-policy.exp
new file mode 100644
index 0000000..cecb5c3
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/dlte-policy.exp
@@ -0,0 +1,207 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "delete-policy 2"
+proc test2 {} {
+ global test
+# set prms_id 744
+# setup_xfail {*-*-*} $prms_id
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test \
+ {kadm5_delete_policy $server_handle ""} "BAD_POL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test2
+
+test "delete-policy 5"
+proc test5 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_policy $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if ${RPC} test5
+
+test "delete-policy 6"
+proc test6 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_policy $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if ${RPC} test6
+
+test "delete-policy 7"
+proc test7 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_policy $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test7
+
+test "delete-policy 10"
+proc test10 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_delete_policy $server_handle "%s/a"
+ } $test]]} {
+ fail "$test"
+ return
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ if { [policy_exists "$test/a"]} {
+ fail "$test"
+ return
+ }
+}
+test10
+
+test "delete-policy 12"
+proc test12 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test unexecpted failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
+ "%s/a"] {KADM5_PRINCIPAL KADM5_POLICY} \
+ NotinTheDictionary
+ } $test $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test \
+ {kadm5_delete_policy $server_handle test-pol} "POLICY_REF"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test12
+
+test "delete-policy 13"
+proc test13 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_policy null "%s/a"
+ } $test] "BAD_SERVER_HANDLE"
+}
+test13
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/dlte-principal.exp b/src/lib/kadm5/unit-test/api.3/dlte-principal.exp
new file mode 100644
index 0000000..f6d267f
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/dlte-principal.exp
@@ -0,0 +1,329 @@
+load_lib lib.t
+
+api_exit
+api_start
+
+#test "delete-principal 1"
+#proc test1 {} {
+# global test
+# one_line_fail_test [format {
+# kadm5_delete_principal $server_handle "%s/a"
+# } $test] "NOT_INIT"
+#}
+#test1
+
+test "delete-principal 2"
+proc test2 {} {
+ global test
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test \
+ {kadm5_delete_principal $server_handle null} "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: unexpected failure in destroy"
+ return
+ }
+}
+test2
+
+test "delete-principal 5"
+proc test5 {} {
+ global test
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "UNK_PRINC"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test5
+
+test "delete-principal 6"
+proc test6 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" test-pol])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test6 }
+
+
+test "delete-principal 7"
+proc test7 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test7 }
+
+
+test "delete-principal 8"
+proc test8 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test8 }
+
+test "delete-principal 9"
+proc test9 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test9 }
+
+test "delete-principal 10"
+proc test10 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test] "AUTH_DELETE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test10 }
+
+test "delete-principal 11"
+proc test11 {} {
+ global test
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test]]} {
+ fail "$test: delete failed"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ if { [principal_exists "$test/a"] } {
+ fail "$test"
+ return
+ }
+}
+test11
+
+test "delete-principal 12"
+proc test12 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" test-pol])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_delete_principal $server_handle "%s/a"
+ } $test]]} {
+ fail "$test: delete failed"
+ return
+ }
+ if { [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ fail "$test: principal still exists"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ send "lindex \$p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+
+ send "lindex \$p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { [expr "$oldref - 1"] != $newref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ pass "$test"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+
+test12
+
+test "delete-principal 13"
+proc test13 {} {
+ global test
+ one_line_fail_test [format {
+ kadm5_delete_principal null "%s/a"
+ } $test] "BAD_SERVER_HANDLE"
+}
+test13
+
+return ""
+
+
+
+
+
diff --git a/src/lib/kadm5/unit-test/api.3/get-policy.exp b/src/lib/kadm5/unit-test/api.3/get-policy.exp
new file mode 100644
index 0000000..c15ef0c
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/get-policy.exp
@@ -0,0 +1,199 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "get-policy 3"
+proc test3 {} {
+ global test
+# set prms_id 744
+# setup_xfail {*-*-*} $prms_id
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test3
+
+test "get-policy 6"
+proc test6 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
+ "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } test6
+
+test "get-policy 7"
+proc test7 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
+ "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } test7
+
+test "get-policy 11"
+proc test11 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test11
+
+test "get-policy 12"
+proc test12 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/get-pol StupidAdmin \
+ $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_policy $server_handle test-pol-nopw p}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test12
+
+test "get-policy 15"
+proc test15 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_policy $server_handle test-pol-nopw p}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test15
+
+test "get-policy 16"
+proc test16 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_policy $server_handle test-pol-nopw p}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test16
+
+test "get-policy 17"
+proc test17 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test17
+
+test "get-policy 18"
+proc test18 {} {
+ global test
+
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
+ "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } test18
+
+test "get-policy 21"
+proc test21 {} {
+ global test
+
+ one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE"
+}
+test21
diff --git a/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp
new file mode 100644
index 0000000..86c45f4
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/get-principal-v2.exp
@@ -0,0 +1,250 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "get-principal 100"
+proc test100 {} {
+ global test prompt
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd {
+ kadm5_get_principal $server_handle testuser p \
+ {KADM5_PRINCIPAL_NORMAL_MASK}
+ }]} {
+ perror "$test: unexpected failure in get_principal"
+ }
+ send "lindex \$p 16\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_keys"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_keys"
+ return
+ }
+ }
+ send "lindex \$p 17\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_tl"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_tl"
+ return
+ }
+ }
+ send "lindex \$p 18\n"
+ expect {
+ -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
+ -re "\n$prompt" { set key_data {} }
+ timeout {
+ error_and_restart "$test: timeout getting key_data"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting key_data"
+ return
+ }
+ }
+ send "lindex \$p 19\n"
+ expect {
+ -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) }
+ -re "\n$prompt" { set tl_data {} }
+ timeout {
+ error_and_restart "$test: timeout getting tl_data"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting tl_data"
+ return
+ }
+ }
+
+ set failed 0
+ if {$num_keys != 0} {
+ fail "$test: num_keys $num_keys should be 0"
+ set failed 1
+ }
+ if {$num_tl != 0} {
+ fail "$test: num_tl $num_tl should be 0"
+ set failed 1
+ }
+ if {$key_data != {}} {
+ fail "$test: key_data $key_data should be {}"
+ set failed 1
+ }
+ if {$tl_data != "{}"} {
+ fail "$test: tl_data $tl_data should be empty"
+ set failed 1
+ }
+ if {$failed == 0} {
+ pass "$test"
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test100
+
+proc test101_102 {rpc} {
+ global test prompt
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd {
+ kadm5_get_principal $server_handle testuser p \
+ {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
+ }]} {
+ perror "$test: unexpected failure in get_principal"
+ }
+ send "lindex \$p 16\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_keys"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_keys"
+ return
+ }
+ }
+ send "lindex \$p 18\n"
+ expect {
+ -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
+ -re "\n$prompt" { set key_data {} }
+ timeout {
+ error_and_restart "$test: timeout getting key_data"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting key_data"
+ return
+ }
+ }
+
+ set failed 0
+ if {$num_keys != 3} {
+ fail "$test: num_keys $num_keys should be 3"
+ set failed 1
+ }
+ for {set i 0} {$i < $num_keys} {incr i} {
+ set key "[lindex [lindex $key_data $i] 2]"
+ if {($rpc && [string compare $key ""] != 0) ||
+ ((! $rpc) && [string compare $key ""] == 0)} {
+ fail "$test: key_data $key is wrong"
+ set failed 1
+
+ }
+ }
+ if {$failed == 0} { pass "$test" }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test "get-principal 101"
+if {$RPC} {test101_102 $RPC}
+test "get-principal 102"
+if {! $RPC} {test101_102 $RPC}
+
+test "get-principal 103"
+proc test103 {} {
+ global test prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{999 6 foobar}}" \
+ {KADM5_TL_DATA}
+ } $test $test]]} {
+ fail "$test: cannot set TL_DATA"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle {%s/a} p \
+ {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA}
+ } $test]]} {
+ perror "$test: unexpected failure in get_principal"
+ }
+ send "lindex \$p 17\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_tl"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_tl"
+ return
+ }
+ }
+ send "lindex \$p 19\n"
+ expect {
+ -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) }
+ -re "\n$prompt" { set tl_data {} }
+ timeout {
+ error_and_restart "$test: timeout getting tl_data"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting tl_data"
+ return
+ }
+ }
+
+ if {$num_tl == 0} {
+ fail "$test: num_tl $num_tl should not be 0"
+ } elseif {$tl_data == "{{999 6 foobar}}"} {
+ pass "$test"
+ } else {
+ fail "$test: tl_data $tl_data should be {{999 6 foobar}}"
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test103
+
+return ""
+
+
+
+
diff --git a/src/lib/kadm5/unit-test/api.3/get-principal.exp b/src/lib/kadm5/unit-test/api.3/get-principal.exp
new file mode 100644
index 0000000..a33fdfe
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/get-principal.exp
@@ -0,0 +1,346 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "get-principal 1"
+proc test1 {} {
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test \
+ {kadm5_get_principal $server_handle null p KADM5_PRINCIPAL_NORMAL_MASK} "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test1
+
+test "get-principal 2"
+proc test2 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "UNK_PRINC"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test2
+
+test "get-principal 3"
+proc test3 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test3 }
+
+test "get-principal 4"
+proc test4 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test4 }
+
+test "get-principal 5"
+proc test5 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test5 }
+
+test "get-principal 6"
+proc test6 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test6 }
+
+test "get-principal 7"
+proc test7 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test7 }
+
+
+test "get-principal 8"
+proc test8 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
+ } $test] "AUTH_GET"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test8 }
+
+
+test "get-principal 9"
+proc test9 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test9
+
+test "get-principal 10"
+proc test10 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test10
+
+test "get-principal 11"
+proc test11 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test11
+
+test "get-principal 12"
+proc test12 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test12
+
+test "get-principal 13"
+proc test13 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test13
+
+test "get-principal 14"
+proc test14 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin/get-mod admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK}
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test14
+
+test "get-principal 15"
+proc test15 {} {
+ one_line_fail_test \
+ {kadm5_get_principal null "admin" p KADM5_PRINCIPAL_NORMAL_MASK} "BAD_SERVER_HANDLE"
+}
+test15
+
+return ""
+
+
+
+
diff --git a/src/lib/kadm5/unit-test/api.3/init-v2.exp b/src/lib/kadm5/unit-test/api.3/init-v2.exp
new file mode 100644
index 0000000..656f146
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/init-v2.exp
@@ -0,0 +1,515 @@
+load_lib lib.t
+
+api_exit
+api_start
+
+if ![info exists RESOLVE] {
+ set RESOLVE [findfile $objdir/../../../tests/resolve/resolve]
+}
+proc get_hostname { } {
+ global RESOLVE
+ global hostname
+ global localhostname
+ global domain
+
+ if {[info exists hostname] && [info exists localhostname]} {
+ return 1
+ }
+
+ catch "exec $RESOLVE -q >myname" exec_output
+ if ![string match "" $exec_output] {
+ send_log "$exec_output\n"
+ verbose $exec_output
+ send_error "ERROR: can't get hostname\n"
+ return 0
+ }
+ set file [open myname r]
+ if { [ gets $file hostname ] == -1 } {
+ send_error "ERROR: no output from hostname\n"
+ return 0
+ }
+ close $file
+ catch "exec rm -f myname" exec_output
+ regexp "^(\[^.\]*)\.(.*)$" $hostname foo localhostname domain
+
+ set hostname [string tolower $hostname]
+ set localhostname [string tolower $localhostname]
+ set domain [string tolower $domain]
+ verbose "hostname: $hostname; localhostname: $localhostname; domain $domain"
+
+ return 1
+}
+
+
+test "init 101"
+proc test101 {} {
+ global test
+ global hostname
+
+ get_hostname
+ tcl_cmd "set hostname $hostname"
+
+ # XXX Fix to work with a remote TEST_SERVER. For now, make sure
+ # it fails in that case.
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "RPC_ERROR"
+}
+if {$RPC} test101
+
+test "init 102"
+proc test102 {} {
+ global test
+
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "BAD_SERVER_NAME"
+}
+if {$RPC} test102
+
+test "init 103"
+proc test103 {} {
+ global test
+
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "ENOENT"
+}
+#if {! $RPC} test103
+if {! $RPC} {
+ send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n"
+ untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)"
+}
+
+
+test "init 106"
+proc test106 {} {
+ global test prompt
+
+ set prompting 0
+ send [string trim {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]
+ send "\n"
+ expect {
+ -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
+ -re "\nOK .*$prompt$" { fail "$test: premature success" }
+ -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
+ timeout { fail "$test: timeout" }
+ eof { fail "$test: eof" }
+ }
+ if {$prompting} {
+ one_line_succeed_test mrroot
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if {! $RPC} test106
+
+test "init 107"
+proc test107 {} {
+ global test
+
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "KDB_CANTREAD_STORED"
+}
+if {! $RPC} test107
+
+test "init 108"
+proc test108 {} {
+ global test
+
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "KRB5_KDB_CANTREAD_STORED"
+}
+if {! $RPC} test108
+
+test "init 109-113"
+proc test109 {} {
+ global test prompt
+
+ delete_principal "$test/a"
+
+ # I'd like to specify flags explicitly and check them, as in the
+ # following config_params, but tcl gets mighty confused if I do and
+ # I have no idea why.
+# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ]
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ fail "$test: cannot init with max_life"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test]]} {
+ fail "$test: can not create principal"
+ return;
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" p \
+ {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
+ } $test]]} {
+ fail "$test: can not get principal"
+ return;
+ }
+ send "puts \$p\n"
+ expect {
+ -re "$prompt" { }
+ timeout {
+ error_and_restart "$test: timeout getting prompt"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting prompt"
+ return
+ }
+ }
+ send "lindex \$p 4\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting max_life"
+ return
+ }
+ }
+ send "lindex \$p 12\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting max_rlife"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting max_rlife"
+ return
+ }
+ }
+ send "lindex \$p 1\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting expiration"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting expiration"
+ return
+ }
+ }
+ send "lindex \$p 7\n"
+ expect {
+ -re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting flags"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting flags"
+ return
+ }
+ }
+ # This sorta worries me. Since the test is setting ENCTYPES to
+ # nothing, the principal has no keys. That means that nothing is
+ # printed for the keys in the correct case; but it feels too
+ # likely that nothing will be printed in the case of some problem.
+ send "lindex \$p 18\n"
+ expect {
+ -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
+ -re "\n$prompt" { set key_data {} }
+ timeout {
+ error_and_restart "$test: timeout getting flags"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting flags"
+ return
+ }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+ if {$max_life == 10} {
+ pass "$test"
+ } else {
+ fail "$test: $max_life is not 10"
+ }
+ if {$max_rlife == 20} {
+ pass "$test"
+ } else {
+ fail "$test: $max_rlife is not 20"
+ }
+ if {$expiration == 30} {
+ pass "$test"
+ } else {
+ fail "$test: $expiration is not 30"
+ }
+ if {$flags == ""} {
+ pass "$test"
+ } else {
+ fail "$test: flags $flags are wrong"
+ }
+ if {$key_data == {}} {
+ pass "$test"
+ } else {
+ fail "$test: key_data $key_data is wrong"
+ }
+}
+if {! $RPC} test109
+
+test "init 116"
+proc test116 {} {
+ global test
+
+ delete_principal "$test/a"
+
+ if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ get_add_handle}]} {
+ error_and_restart "$test: couldn't init with admin/get-add"
+ }
+
+ if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ mod_delete_handle}]} {
+ error_and_restart "$test: couldn't init with admin/get-add"
+ }
+
+ one_line_succeed_test {
+ kadm5_get_principal $get_add_handle testuser p \
+ KADM5_PRINCIPAL_NORMAL_MASK
+ }
+ one_line_succeed_test [format {
+ kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test]
+ one_line_fail_test {
+ kadm5_modify_principal $get_add_handle [simple_principal testuser] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } "AUTH_MODIFY"
+ one_line_fail_test {
+ kadm5_delete_principal $get_add_handle testuser
+ } "AUTH_DELETE"
+
+ one_line_fail_test {
+ kadm5_get_principal $mod_delete_handle testuser p \
+ KADM5_PRINCIPAL_NORMAL_MASK
+ } "AUTH_GET"
+ one_line_fail_test [format {
+ kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} testpass
+ } $test] "AUTH_ADD"
+ one_line_succeed_test {
+ kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ }
+ one_line_succeed_test [format {
+ kadm5_delete_principal $mod_delete_handle "%s/a"
+ } $test]
+
+ if {! [cmd {kadm5_destroy $get_add_handle}]} {
+ error_and_restart "$test: couldn't close get_add_handle"
+ }
+ if {! [cmd {kadm5_destroy $mod_delete_handle}]} {
+ error_and_restart "$test: couldn't close mod_delete_handle"
+ }
+}
+if {$RPC} test116
+
+test "init 117"
+proc test117 {} {
+ global test env prompt
+
+ if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} {
+ warning \
+ "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test"
+ return
+ }
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ fail "$test: unexpected failure in init"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_create_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL} "%s/a"
+ } $test $test]]} {
+ perror "$test: unexpected failure creating principal"
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 4\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting max_life"
+ return
+ }
+ }
+
+ if {$max_life == 86400} {
+ pass "$test"
+ } else {
+ fail "$test: max_life $max_life should be 86400"
+ }
+
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close server_handle"
+ }
+}
+test117
+
+send "puts \$KADM5_ADMIN_SERVICE\n"
+expect {
+ -re "(\[a-zA-Z/@\]+)\n$prompt" {
+ set KADM5_ADMIN_SERVICE $expect_out(1,string)
+ }
+ default {
+ error_and_restart "$test: timeout/eof getting admin_service"
+ return
+ }
+}
+
+send "puts \$KADM5_CHANGEPW_SERVICE\n"
+expect {
+ -re "(\[a-zA-Z/@\]+)\n$prompt" {
+ set KADM5_CHANGEPW_SERVICE $expect_out(1,string)
+ }
+ default {
+ error_and_restart "$test: timeout/eof getting changepw_service"
+ return
+ }
+}
+
+test "init 150"
+proc test150 {} {
+ global test KADM5_ADMIN_SERVICE
+
+ kdestroy
+ kinit testuser notathena "-S $KADM5_ADMIN_SERVICE"
+ one_line_succeed_test {
+ kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ kdestroy
+}
+if {$RPC} test150
+
+test "init 151"
+proc test151 {} {
+ global test KADM5_CHANGEPW_SERVICE
+
+ kdestroy
+ kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE"
+ one_line_succeed_test {
+ kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ kdestroy
+}
+if {$RPC} test151
+
+test "init 152"
+proc test152 {} {
+ global test KADM5_ADMIN_SERVICE
+
+ kdestroy
+ one_line_fail_test {
+ kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "KRB5_FCC_NOFILE"
+}
+if {$RPC} test152
+
+test "init 153"
+proc test153 {} {
+ global test KADM5_ADMIN_SERVICE
+
+ kinit testuser notathena
+ one_line_fail_test {
+ kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "KRB5_CC_NOTFOUND"
+}
+if {$RPC} test153
+
+test "init 154"
+proc test154 {} {
+ global test env
+
+ set orig $env(KRB5_KDC_PROFILE)
+ set env(KRB5_KDC_PROFILE) /does-not-exist
+ api_exit; api_start
+ set env(KRB5_KDC_PROFILE) $orig
+
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } "ENOENT"
+
+ api_exit; lib_start_api
+}
+if {0 && ! $RPC} test154
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/init.exp b/src/lib/kadm5/unit-test/api.3/init.exp
new file mode 100644
index 0000000..b324df8
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/init.exp
@@ -0,0 +1,732 @@
+load_lib lib.t
+
+# Assumptions:
+#
+# Principal "admin" exists, with "get", "add", "modify" and "delete"
+# access bits and password "admin".
+# The string "not-the-password" isn't the password of any user in the database.
+# Database master password is "mrroot".
+
+api_exit
+api_start
+test "init 1"
+
+one_line_fail_test_nochk \
+ {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_REALM} {""}] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
+
+test "init 2"
+
+one_line_fail_test_nochk \
+ {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_REALM} {@}] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
+
+test "init 2.5"
+
+one_line_fail_test_nochk \
+ {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_REALM} {BAD.REALM}] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
+
+test "init 3"
+
+proc test3 {} {
+ global test
+ if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ one_line_fail_test_nochk [format {
+ kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ } $test]
+}
+if {$RPC} { test3 }
+
+test "init 4"
+
+proc test4 {} {
+ global test
+ if {! ((! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+
+ one_line_fail_test_nochk [format {
+ kadm5_init admin admin "%s/a" null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test]
+}
+if {$RPC} { test4 }
+
+test "init 5"
+
+if {$RPC} {
+ one_line_fail_test_nochk {
+ kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ }
+}
+
+test "init 6"
+
+proc test6 {} {
+ global test
+
+ send "kadm5_init admin null \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n"
+
+ expect {
+ -re "assword\[^\r\n\]*:" { }
+ eof {
+ fail "$test: eof instead of password prompt"
+ api_exit
+ api_start
+ return
+ }
+ timeout {
+ fail "$test: timeout instead of password prompt"
+ return
+ }
+ }
+ one_line_succeed_test "admin"
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if { $RPC } { test6 }
+
+test "init 7"
+proc test7 {} {
+ global test
+
+ send "kadm5_init admin \"\" \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n"
+
+ expect {
+ -re "assword\[^\r\n\]*:" { }
+ -re "key:$" { }
+ eof {
+ fail "$test: eof instead of password prompt"
+ api_exit
+ api_start
+ return
+ }
+ timeout {
+ fail "$test: timeout instead of password prompt"
+ return
+ }
+ }
+ one_line_succeed_test "admin"
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if { $RPC } { test7 }
+
+test "init 8"
+
+proc test8 {} {
+ global test
+ if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ one_line_fail_test_nochk [format {
+ kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test]
+}
+if {$RPC} { test8 }
+
+test "init 9"
+
+if {$RPC} {
+ global test
+ one_line_fail_test_nochk {
+ kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+}
+
+test "init 10"
+
+proc test10 {} {
+ global test
+# set prms_id 562
+# setup_xfail {*-*-*} $prms_id
+ one_line_fail_test_nochk {
+ kadm5_init null admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+}
+test10
+
+#test "init 11"
+#
+#proc test11 {} {
+# global test
+# set prms_id 563
+# setup_xfail {*-*-*} $prms_id
+# one_line_fail_test_nochk {
+# kadm5_init "" admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }
+#}
+#test11
+
+test "init 12"
+
+proc test12 {} {
+ global test
+ one_line_fail_test_nochk [format {
+ kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test]
+}
+if {$RPC} { test12 }
+
+test "init 13"
+
+proc test13 {} {
+ global test
+ one_line_fail_test_nochk [format {
+ kadm5_init "%s/a@SECURE-TEST.OV.COM" admin \
+ $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ } $test]
+}
+if {$RPC} { test13 }
+
+test "init 14"
+
+proc test14 {} {
+ global test
+ one_line_fail_test_nochk [format {
+ kadm5_init "%s/a@BAD.REALM" admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test]
+}
+if {$RPC} { test14 }
+
+test "init 15"
+
+if {$RPC} {
+ one_line_fail_test_nochk {
+ kadm5_init admin@BAD.REALM admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+}
+
+test "init 16"
+
+proc test16 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test16
+
+test "init 17"
+
+proc test17 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin@SECURE-TEST.OV.COM admin \
+ $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test17
+
+test "init 18"
+
+proc test18 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test18
+
+test "init 19"
+
+proc test19 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin@SECURE-TEST.OV.COM admin \
+ $KADM5_ADMIN_SERVICE \
+ [config_params {KADM5_CONFIG_REALM} {SECURE-TEST.OV.COM}] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test19
+
+test "init 20"
+
+proc test20 {} {
+ global test
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ error_and_restart "$test: couldn't init database"
+ return
+ }
+ one_line_succeed_test \
+ {kadm5_get_principal $server_handle admin principal KADM5_PRINCIPAL_NORMAL_MASK}
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test20
+
+#test "init 21"
+#
+#proc test21 {} {
+# global test
+# if {! [cmd {
+# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }]} {
+# error_and_restart "$test: couldn't init database"
+# return
+# }
+# one_line_fail_test_nochk {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# }
+#}
+#test21
+
+
+# proc test22 {} {
+# global test prompt
+# set prompting 0
+# send [string trim {
+# kadm5_init admin null null null $KADM5_STRUCT_VERSION \
+# $KADM5_API_VERSION_3 server_handle
+# }]
+# send "\n"
+# expect {
+# -re ":$" { set prompting 1}
+# -re "\nOK .*$prompt$" { fail "$test: premature success" }
+# -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
+# timeout { fail "$test: timeout" }
+# eof { fail "$test: eof" }
+# }
+# if {$prompting} {
+# one_line_succeed_test mrroot
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# }
+# }
+# if {! $RPC} { test22 }
+#
+# test "init 22.5"
+# proc test225 {} {
+# global test prompt
+# set prompting 0
+# send [string trim {
+# kadm5_init admin null null null $KADM5_STRUCT_VERSION \
+# $KADM5_API_VERSION_3 server_handle
+# }]
+# send "\n"
+# expect {
+# -re ":$" { set prompting 1}
+# -re "\nOK .*$prompt$" { fail "$test: premature success" }
+# -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
+# timeout { fail "$test: timeout" }
+# eof { fail "$test: eof" }
+# }
+# if {$prompting} {
+# one_line_succeed_test mrroot
+# }
+# if {! [cmd {kadm5_destroy $server_handle}]} {
+# error_and_restart "$test: couldn't close database"
+# }
+# }
+# if {! $RPC} { test225 }
+
+test "init 23"
+
+proc test23 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE \
+ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if {! $RPC} { test23 }
+
+test "init 24"
+
+proc test24 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin admin null null $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_3 server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if {! $RPC} { test24 }
+
+test "init 25"
+
+proc test25 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin admin foobar null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if {! $RPC} { test25 }
+
+test "init 26"
+
+#proc test26 {} {
+# global test
+#
+# api_exit
+# api_start
+# one_line_fail_test_nochk {
+# kadm5_get_principal $server_handle admin principal
+# }
+#}
+#test26
+
+#test "init 27"
+#
+#proc test27 {} {
+# global test
+#
+# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
+# error_and_restart "$test: couldn't delete principal \"$test/a\""
+# return
+# }
+# begin_dump
+# if {[cmd [format {
+# kadm5_create_principal $server_handle [simple_principal \
+# "%s/a"] {KADM5_PRINCIPAL} "%s/a"
+# } $test $test]]} {
+# fail "$test: unexpected success in add"
+# return
+# }
+# end_dump_compare "no-diffs"
+#}
+#test27
+
+#test "init 28"
+#
+#proc test28 {} {
+# global test prompt
+#
+# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
+# error_and_restart "$test: couldn't create principal \"$test/a\""
+# return
+# }
+# begin_dump
+# if {! ([cmd {
+# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+# server_handle
+# }] && [cmd [format {
+# kadm5_get_principal $server_handle "%s/a" principal
+# } $test]])} {
+# error_and_restart "$test: error getting principal"
+# return;
+# }
+# send "lindex \$principal 8\n"
+# expect {
+# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
+# timeout {
+# error_and_restart "$test: timeout getting principal kvno"
+# return
+# }
+# eof {
+# error_and_restart "$test: eof getting principal kvno"
+# return
+# }
+# }
+# api_exit
+# api_start
+# set new_kvno [expr "$kvno + 1"]
+# if {[cmd [format {
+# kadm5_modify_principal $server_handle \
+# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO}
+# } $test $new_kvno]]} {
+# fail "$test: unexpected success in modify"
+# return;
+# }
+# end_dump_compare "no-diffs"
+#}
+#test28
+
+#test "init 29"
+#
+#proc test29 {} {
+# global test
+#
+# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
+# error_and_restart "$test: couldn't create principal \"$test/a\""
+# return
+# }
+# begin_dump
+# if {[cmd [format {
+# kadm5_delete_principal $server_handle "%s/a"
+# } $test]]} {
+# fail "$test: unexpected success in delete"
+# return
+# }
+# end_dump_compare "no-diffs"
+#}
+#test29
+
+test "init 30"
+proc test30 {} {
+ global test
+ if {[cmd {
+ kadm5_init admin foobar $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ error_and_restart "$test: unexpected success"
+ return
+ }
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+if ${RPC} { test30 }
+
+test "init 31"
+proc test31 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $bad_struct_version_mask $KADM5_API_VERSION_3 \
+ server_handle
+ } "BAD_STRUCT_VERSION"
+}
+test31
+
+test "init 32"
+proc test32 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $no_struct_version_mask $KADM5_API_VERSION_3 \
+ server_handle
+ } "BAD_STRUCT_VERSION"
+}
+test32
+
+test "init 33"
+proc test33 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $old_struct_version $KADM5_API_VERSION_3 \
+ server_handle
+ } "OLD_STRUCT_VERSION"
+}
+test33
+
+test "init 34"
+proc test34 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $new_struct_version $KADM5_API_VERSION_3 \
+ server_handle
+ } "NEW_STRUCT_VERSION"
+}
+test34
+
+test "init 35"
+proc test35 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $bad_api_version_mask \
+ server_handle
+ } "BAD_API_VERSION"
+}
+test35
+
+test "init 36"
+proc test36 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $no_api_version_mask \
+ server_handle
+ } "BAD_API_VERSION"
+}
+test36
+
+test "init 37"
+proc test37 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $old_api_version \
+ server_handle
+ } "OLD_LIB_API_VERSION"
+}
+if { $RPC } test37
+
+test "init 38"
+proc test38 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $old_api_version \
+ server_handle
+ } "OLD_SERVER_API_VERSION"
+}
+if { ! $RPC } test38
+
+test "init 39"
+proc test39 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $new_api_version \
+ server_handle
+ } "NEW_LIB_API_VERSION"
+}
+if { $RPC } test39
+
+test "init 40"
+proc test40 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $new_api_version \
+ server_handle
+ } "NEW_SERVER_API_VERSION"
+}
+if { ! $RPC } test40
+
+test "init 41"
+proc test41 {} {
+ global test
+ one_line_fail_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_API_VERSION_3 $KADM5_STRUCT_VERSION \
+ server_handle
+ } "BAD_"
+}
+test41
+
+test "init 42"
+proc test42 {} {
+ global test
+ one_line_succeed_test {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }
+ if {! [cmd {kadm5_destroy $server_handle}]} {
+ error_and_restart "$test: couldn't close database"
+ }
+}
+test42
+
+
+proc test45_46 {service} {
+ global test kadmin_local env
+
+ spawn $kadmin_local -q "delprinc -force $service"
+ expect {
+ -re "Principal .* deleted." {}
+ default {
+ perror "kadmin.local delprinc failed\n";
+ }
+ }
+ expect eof
+ wait
+
+ one_line_fail_test [concat {kadm5_init admin admin } \
+ $service \
+ { null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle}] "SECURE_PRINC_MISSING"
+
+ # this leaves the keytab with an incorrect entry
+ spawn $kadmin_local -q "ank -randkey $service"
+ expect eof
+ wait
+
+ # restart the api so it gets a new ccache
+ api_exit
+ api_start
+}
+
+if {$RPC} {
+ test "init 45"
+
+ test45_46 ovsec_adm/admin
+
+ test "init 46"
+
+ test45_46 ovsec_adm/changepw
+
+ # re-extract the keytab so it is right
+ exec rm $env(K5ROOT)/ovsec_adm.srvtab
+ exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
+ -princ kadmin/admin -princ kadmin/changepw \
+ $env(K5ROOT)/ovsec_adm.srvtab
+}
+
+return ""
+
diff --git a/src/lib/kadm5/unit-test/api.3/mod-policy.exp b/src/lib/kadm5/unit-test/api.3/mod-policy.exp
new file mode 100644
index 0000000..599e7d3
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/mod-policy.exp
@@ -0,0 +1,739 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "modify-policy 2"
+proc test2 {} {
+ global test
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test] "AUTH_MODIFY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test2 }
+
+test "modify-policy 4"
+proc test4 {} {
+ global test
+
+ if {! ([policy_exists "$test/a"] ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_REF_COUNT}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test4
+
+test "modify-policy 8"
+proc test8 {} {
+ global test
+# set prms_id 744
+# setup_xfail {*-*-*} $prms_id
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_modify_policy $server_handle [simple_policy ""] \
+ {KADM5_PW_MAX_LIFE}
+ } "BAD_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test8
+
+test "modify-policy 9"
+proc test9 {} {
+ global test
+ global prompt
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MIN_LIFE}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 1\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test9
+
+test "modify-policy 10"
+proc test10 {} {
+ global test
+ global prompt
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0 0 0 0} \
+ {KADM5_PW_MIN_LIFE}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 1\n"
+ expect {
+ -re "32\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test10
+
+
+test "modify-policy 11"
+proc test11 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 2\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test11
+
+test "modify-policy 12"
+proc test12 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0 0 0 0} \
+ {KADM5_PW_MAX_LIFE}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 2\n"
+ expect {
+ -re "32\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test12
+
+test "modify-policy 13"
+proc test13 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MIN_LENGTH}
+ } $test] "BAD_LENGTH"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test13
+
+test "modify-policy 14"
+proc test14 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0 0 0 0} \
+ {KADM5_PW_MIN_LENGTH}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 3\n"
+ expect {
+ -re "8\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test14
+
+test "modify-policy 15"
+proc test15 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MIN_CLASSES}
+ } $test] "BAD_CLASS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test15
+
+test "modify-policy 16"
+proc test16 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 0} \
+ {KADM5_PW_MIN_CLASSES}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 4\n"
+ expect {
+ -re "1\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test16
+
+test "modify-policy 17"
+proc test17 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a"])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0 0 0 0} \
+ {KADM5_PW_MIN_CLASSES}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 4\n"
+ expect {
+ -re "5\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test17
+
+test "modify-policy 18"
+proc test18 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0 0 0 0} \
+ {KADM5_PW_MIN_CLASSES}
+ } $test] "BAD_CLASS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test18
+
+test "modify-policy 19"
+proc test19 {} {
+ global test
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_HISTORY_NUM}
+ } $test] "BAD_HISTORY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test19
+
+test "modify-policy 20"
+proc test20 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0 0 0 0} \
+ {KADM5_PW_HISTORY_NUM}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 5\n"
+ expect {
+ -re "1\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test20
+
+test "modify-policy 21"
+proc test21 {} {
+ global test
+ global prompt
+
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0 0 0 0} \
+ {KADM5_PW_HISTORY_NUM}
+ } $test]]} {
+ fail $test
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_policy $server_handle "%s/a" policy
+ } $test]]} {
+ fail "$test: can not retrieve policy"
+ return
+ }
+ send "lindex \$policy 5\n"
+ expect {
+ -re "10\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test21
+
+test "modify-policy 22"
+proc test22 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test] "AUTH_MODIFY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test22
+
+test "modify-policy 23"
+proc test23 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test] "AUTH_MODIFY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} test23
+
+test "modify-policy 26"
+proc test26 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test26
+
+test "modify-policy 30"
+proc test30 {} {
+ global test
+
+ one_line_fail_test [format {
+ kadm5_modify_policy null [simple_policy "%s/a"] \
+ {KADM5_PW_MAX_LIFE}
+ } $test] "BAD_SERVER_HANDLE"
+}
+test30
+
+test "modify-policy 31"
+proc test31 {} {
+ global test
+ if {! (( [policy_exists "$test/a"]) ||
+ [create_policy "$test/a" ])} {
+ error_and_restart "$test: couldn't create policy \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 0 0 2 0 0} \
+ {KADM5_PW_MAX_FAILURE}
+ } $test]
+ one_line_succeed_test [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 90 0} \
+ {KADM5_PW_FAILURE_COUNT_INTERVAL}
+ } $test]
+ one_line_succeed_test [format {
+ kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 180} \
+ {KADM5_PW_LOCKOUT_DURATION}
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test31
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp
new file mode 100644
index 0000000..4abbeb5
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/mod-principal-v2.exp
@@ -0,0 +1,115 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "modify-principal 100-105"
+proc test100_104 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+
+ set origtest "$test"
+
+ test "modify-principal 100"
+ one_line_succeed_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MAX_RLIFE}
+ } $origtest]
+
+ test "modify-principal 101"
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_LAST_SUCCESS}
+ } $origtest] "BAD_MASK"
+
+ test "modify-principal 102"
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_LAST_FAILED}
+ } $origtest] "BAD_MASK"
+
+# This is now permitted to reset lockout count
+# test "modify-principal 103"
+# one_line_fail_test [format {
+# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+# {KADM5_FAIL_AUTH_COUNT}
+# } $origtest] "BAD_MASK"
+
+ test "modify-principal 103.5"
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_KEY_DATA}
+ } $origtest] "BAD_MASK"
+
+ test "modify-principal 105"
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle \
+ "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{1 1 x}}" \
+ {KADM5_TL_DATA}
+ } $origtest $origtest] "BAD_TL_TYPE"
+
+ test "modify-principal 100,104"
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 88 0 0 0 0 1 {} {{990 6 foobar}}" \
+ {KADM5_MAX_RLIFE KADM5_TL_DATA}
+ } $origtest $origtest]]} {
+ fail "$test: cannot set MAX_RLIFE or TL_DATA"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA}
+ } $origtest]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 12\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set rlife $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting rlife"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting rlife"
+ return
+ }
+ }
+ send "lindex \$principal 19\n"
+ expect {
+ -re "\(\{.*\}\)\n$prompt$" {set tl $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting tl_data"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting tl_data"
+ return
+ }
+ }
+ if {($rlife == 88) && ($tl == "{{990 6 foobar}}")} {
+ pass "$test"
+ } else {
+ fail "$test: $rlife should be 88, $tl should be {{990 6 foobar}}"
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test100_104
diff --git a/src/lib/kadm5/unit-test/api.3/mod-principal.exp b/src/lib/kadm5/unit-test/api.3/mod-principal.exp
new file mode 100644
index 0000000..25fb272
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/mod-principal.exp
@@ -0,0 +1,1971 @@
+load_lib lib.t
+api_exit
+api_start
+
+#test "modify-principal 1"
+#proc test1 {} {
+# global test
+# one_line_fail_test [format {
+# kadm5_modify_principal $server_handle [simple_principal \
+# "%s/a"] {KADM5_PW_EXPIRATION}
+# } $test] "NOT_INIT"
+#}
+#test1
+
+test "modify-principal 2"
+proc test2 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "AUTH_MODIFY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test2 }
+
+test "modify-principal 4"
+proc test4 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINCIPAL}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test4
+
+
+test "modify-principal 5"
+proc test5 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_LAST_PWD_CHANGE}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test5
+
+test "modify-principal 6"
+proc test6 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MOD_TIME}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test6
+
+test "modify-principal 7"
+proc test7 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MOD_NAME}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test7
+
+test "modify-principal 8"
+proc test8 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MKVNO}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test8
+
+test "modify-principal 9"
+proc test9 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_AUX_ATTRIBUTES}
+ } $test] "BAD_MASK"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test9
+
+test "modify-principal 10"
+proc test10 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "UNK_PRINC"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test10
+
+test "modify-principal 11"
+proc test11 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "AUTH_MOD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test11 }
+
+test "modify-principal 12"
+proc test12 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "AUTH_MOD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test12 }
+
+test "modify-principal 13"
+proc test13 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "AUTH_MOD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test13 }
+
+test "modify-principal 14"
+proc test14 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test] "AUTH_MOD"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test14 }
+
+test "modify-principal 15"
+proc test15 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test15
+
+test "modify-principal 17"
+proc test17 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ no-policy] {KADM5_POLICY}
+ } $test] "UNK_POLICY"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test17
+
+test "modify-principal 18"
+proc test18 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal "$test/a"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 10\n"
+ expect {
+ -re "test-pol\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ send "lindex \$p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+
+ send "lindex \$p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { [expr "$oldref + 1"] != $newref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test18
+
+test "modify-principal 19"
+proc test19 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal "$test/a"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 10\n"
+ expect {
+ -re "test-pol\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ send "lindex \$p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+
+ send "lindex \$p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { [expr "$oldref + 1"] != $newref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test19
+
+test "modify-principal 20"
+proc test20 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal_pol "$test/a" "test-pol"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_POLICY_CLR}
+ } $test]]} {
+ perror "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 10\n"
+ expect {
+ -re "test-pol\n$prompt$" { fail "$test" }
+ -re "null\n$prompt$" { pass "$test" }
+ timeout { pass "$test" }
+ }
+ send "lindex \$p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+
+ send "lindex \$p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { [expr "$oldref - 1"] != $newref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test20
+
+test "modify-principal 21"
+proc test21 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal_pol "$test/a" "test-pol"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol-nopw old_p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol-nopw] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$old_p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ send "lindex \$old_p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set old_p2_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol-nopw new_p2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+
+ send "lindex \$new_p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ send "lindex \$new_p2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set new_p2_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { [expr "$old_p1_ref - 1"] != $new_p1_ref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { [expr "$old_p2_ref + 1"] != $new_p2_ref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test21
+
+test "modify-principal 21.5"
+proc test21.5 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal_pol "$test/a" "test-pol"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$old_p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+
+ send "lindex \$new_p1 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+
+ if {$old_p1_ref != $new_p1_ref} {
+ fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)"
+ return
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test21.5
+
+test "modify-principal 22"
+proc test22 {} {
+ global test
+ global prompt
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modifiy failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test22
+
+test "modify-principal 23"
+proc test23 {} {
+ global test
+ global prompt
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" test-pol-nopw])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modifiy failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test23
+
+test "modify-principal 24"
+proc test24 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" "test-pol" ])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ error_and_restart "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: could not modify principal"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_get_policy $server_handle %s policy
+ } test-pol]]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+ send "lindex \$principal 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { $pw_expire != 0 } {
+ fail "$test: pw_expire $pw_expire should be 0"
+ return
+ } else {
+ pass "$test"
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test24
+
+test "modify-principal 25"
+proc test25 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test25
+
+test "modify-principal 26"
+proc test26 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" "test-pol-nopw" ])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test26
+
+test "modify-principal 27"
+proc test27 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" "test-pol" ])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "1234\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test27
+
+test "modify-principal 28"
+proc test28 {} {
+ global test
+ global prompt
+# set prms_id 1358
+# setup_xfail {*-*-*} $prms_id
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal_pol "$test/a" "test-pol" ])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+ send "lindex \$principal 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { $pw_expire != 999999999 } {
+ fail "$test: pw_expire $pw_expire should be 999999999"
+ return
+ }
+ pass "$test"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test28
+
+test "modify-principal 29"
+proc test29 {} {
+ global test
+ global prompt
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { ! ([create_principal_pol "$test/a" test-pol])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_POLICY_CLR}
+ } $test]]} {
+ fail "$test: modifiy failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test29
+
+test "modify-principal 30"
+proc test30 {} {
+ global test
+ global prompt
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal_pol "$test/a" test-pol])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol-nopw] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 3\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test30
+
+test "modify-principal 31"
+proc test31 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_POLICY}
+ } $test]]} {
+ fail "modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
+ error_and_restart "$test: cannot retrieve policy"
+ return
+ }
+ send "lindex \$principal 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_mod_date"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_mod_date"
+ return
+ }
+ }
+
+ send "lindex \$principal 3\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_expire"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_expire"
+ return
+ }
+ }
+
+ send "lindex \$policy 2\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting pw_max_life"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting pw_max_life"
+ return
+ }
+ }
+ if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } {
+ fail "$test: pw_expire is wrong"
+ return
+ }
+
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test31
+
+test "modify-principal 32"
+proc test32 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 1\n"
+ expect {
+ -re "1234\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test32
+
+test "modify-principal 33"
+proc test33 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \
+ {KADM5_ATTRIBUTES}
+ } $test]]} {
+ fail "$test: modified fail"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 7\n"
+ expect {
+ -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test33
+
+test "modify-principal 33.25"
+proc test3325 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \
+ {KADM5_ATTRIBUTES}
+ } $test]]} {
+ fail "$test: modified fail"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 7\n"
+ expect {
+ -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test3325
+
+test "modify-principal 33.5"
+proc test335 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \
+ {KADM5_ATTRIBUTES}
+ } $test]]} {
+ fail "$test: modified fail"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 7\n"
+ expect {
+ -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test335
+
+
+test "modify-principal 34"
+proc test34 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {KADM5_MAX_LIFE}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 4\n"
+ expect {
+ -re "3456\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test34
+
+test "modify-principal 35"
+proc test35 {} {
+ global prompt
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {KADM5_KVNO}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 8\n"
+ expect {
+ -re "7\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test35
+
+test "modify-principal 36"
+proc test36 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal_pol "$test/a" "test-pol"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol pol}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ test-pol] {KADM5_POLICY}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 10\n"
+ expect {
+ -re "test-pol\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ send "lindex \$pol 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { ! [cmd {kadm5_get_policy $server_handle test-pol pol2}]} {
+ perror "$test: unexpected failure on get policy"
+ return
+ }
+ send "lindex \$pol2 6\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting principal kvno (second time)"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting principal kvno (second time)"
+ return
+ }
+ }
+ if { $oldref != $newref } {
+ fail "$test: policy reference count is wrong"
+ return;
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test36
+
+test "modify-principal 37"
+proc test37 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if { !( [create_principal "$test/a"])} {
+ error_and_restart "$test: could not create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_POLICY_CLR}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test37
+
+test "modify-principal 38"
+proc test38 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 1\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test38
+
+test "modify-principal 39"
+proc test39 {} {
+ global test
+ global prompt
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! ([create_principal "$test/a"])} {
+ perror "$test: unexpected failure in creating principal"
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
+ {KADM5_MAX_LIFE}
+ } $test]]} {
+ fail "$test: modify failed"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
+ } $test]]} {
+ error_and_restart "$test: could not retrieve principal"
+ return
+ }
+ send "lindex \$principal 4\n"
+ expect {
+ -re "0\n$prompt$" { pass "$test" }
+ timeout { fail "$test" }
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test39
+
+test "modify-principal 40"
+proc test40 {} {
+ global test
+ global prompt
+
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_modify_principal $server_handle null \
+ {KADM5_PRINC_EXPIRE_TIME}
+ } "EINVAL"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test40
+
+test "modify-principal 43"
+proc test43 {} {
+ global test
+ one_line_fail_test [format {
+ kadm5_modify_principal null [simple_principal \
+ "%s/a"] {KADM5_PW_EXPIRATION}
+ } $test] "BAD_SERVER_HANDLE"
+}
+test43
+
+test "modify-principal 44"
+proc test44 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ # setting fail auth count to a non-zero value must fail
+ one_line_fail_test [format {
+ kadm5_modify_principal $server_handle \
+ {"%s/a" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1234 0 0 {} {}} {KADM5_FAIL_AUTH_COUNT}
+ } $test] "BAD_SERVER_PARAMS"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test44
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp
new file mode 100644
index 0000000..ee652cb
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/randkey-principal-v2.exp
@@ -0,0 +1,62 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "randkey-principal 100"
+proc test100 {} {
+ global test prompt
+
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal "$test/a"]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ # I'd like to specify a long list of keysalt tuples and make sure
+ # that randkey does the right thing, but we can only use those
+ # enctypes that krbtgt has a key for: des-cbc-crc:normal and
+ # des-cbc-crc:v4, according to the prototype kdc.conf.
+ if {! [cmd [format {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]]} {
+ perror "$test: unexpected failure in randkey_principal"
+ }
+ send "puts \$num_keys\n"
+ expect {
+ -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
+ timeout {
+ error_and_restart "$test: timeout getting num_keys"
+ return
+ }
+ eof {
+ error_and_restart "$test: eof getting num_keys"
+ return
+ }
+ }
+
+ # XXX Perhaps I should actually check the key type returned.
+ if {$num_keys == 2} {
+ pass "$test"
+ } else {
+ fail "$test: $num_keys keys, should be 2"
+ }
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test100
+
+return ""
diff --git a/src/lib/kadm5/unit-test/api.3/randkey-principal.exp b/src/lib/kadm5/unit-test/api.3/randkey-principal.exp
new file mode 100644
index 0000000..f003863
--- /dev/null
+++ b/src/lib/kadm5/unit-test/api.3/randkey-principal.exp
@@ -0,0 +1,319 @@
+load_lib lib.t
+api_exit
+api_start
+
+test "randkey-principal 1"
+proc test1 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test $test]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test] "PASS_TOOSOON"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test1 }
+
+test "randkey-principal 3"
+proc test3 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test $test]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test] "PASS_TOOSOON"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if ${RPC} { test3 }
+
+test "randkey-principal 13"
+proc test13 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
+ once-a-min] KADM5_POLICY
+ } $test]]} {
+ perror "$test: failed modify"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test13
+
+test "randkey-principal 15"
+proc test15 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal_pol "$test/a" once-a-min]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test] "AUTH_CHANGEPW"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if { $RPC } { test15 }
+
+test "randkey-principal 28"
+proc test28 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test28
+
+test "randkey-principal 28.25"
+proc test2825 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test] "AUTH"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+if {$RPC} { test2825 }
+
+test "randkey-principal 28.5"
+proc test285 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [cmd {
+ kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test285
+
+test "randkey-principal 30"
+proc test30 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't delete principal \"$test/a\""
+ return
+ }
+ if {! [create_principal "$test/a"]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+ if {! [cmd [format {
+ kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test $test]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test30
+
+test "randkey-principal 31"
+proc test31 {} {
+ global test
+ if {! (( ! [principal_exists "$test/a"]) ||
+ [delete_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if {! [create_principal "$test/a"]} {
+ error_and_restart "$test: creating principal"
+ return
+ }
+
+ if {! [cmd [format {
+ kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ } $test $test]]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_succeed_test [format {
+ kadm5_randkey_principal $server_handle "%s/a" keys num_keys
+ } $test]
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test31
+
+test "randkey-principal 32"
+proc test32 {} {
+ global test
+
+ if { ! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test {
+ kadm5_randkey_principal $server_handle kadmin/history keys num_keys
+ } "PROTECT"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+test32
+
+test "randkey-principal 33"
+proc test33 {} {
+ global test
+ if {! (( [principal_exists "$test/a"]) ||
+ [create_principal "$test/a"])} {
+ error_and_restart "$test: couldn't create principal \"$test/a\""
+ return
+ }
+ if { ! [cmd {
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
+ server_handle
+ }]} {
+ perror "$test: unexpected failure in init"
+ return
+ }
+ one_line_fail_test [format {
+ kadm5_randkey_principal null "%s/a" keys num_keys
+ } $test] "BAD_SERVER_HANDLE"
+ if { ! [cmd {kadm5_destroy $server_handle}]} {
+ perror "$test: unexpected failure in destroy"
+ return
+ }
+}
+
+test33
+
+return ""
diff --git a/src/lib/kadm5/unit-test/config/unix.exp b/src/lib/kadm5/unit-test/config/unix.exp
index 0bbd72d..996e2b0 100644
--- a/src/lib/kadm5/unit-test/config/unix.exp
+++ b/src/lib/kadm5/unit-test/config/unix.exp
@@ -157,7 +157,7 @@ proc api_start {} {
eof { perror "EOF setting API varibles"}
timeout { perror "timeout setting API varibles"}
}
- send "set current_api_version \[expr \$KADM5_API_VERSION_2 &~ \$KADM5_API_VERSION_MASK\]\n"
+ send "set current_api_version \[expr \$KADM5_API_VERSION_3 &~ \$KADM5_API_VERSION_MASK\]\n"
expect {
-re "$prompt$" {}
eof { perror "EOF setting API varibles"}
diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c
index e9dd25a..9aabb1a 100644
--- a/src/lib/kadm5/unit-test/destroy-test.c
+++ b/src/lib/kadm5/unit-test/destroy-test.c
@@ -27,7 +27,7 @@ int main()
}
for(x = 0; x < TEST_NUM; x++) {
ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&server_handle);
if(ret != KADM5_OK) {
com_err("test", ret, "init");
diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c
index b5bc82f..6c26e5f 100644
--- a/src/lib/kadm5/unit-test/handle-test.c
+++ b/src/lib/kadm5/unit-test/handle-test.c
@@ -25,7 +25,7 @@ int main(int argc, char *argv[])
kadm5_init_krb5_context(&context);
ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&server_handle);
if(ret != KADM5_OK) {
com_err("test", ret, "init");
diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c
index 8c7527c..cfa7937 100644
--- a/src/lib/kadm5/unit-test/init-test.c
+++ b/src/lib/kadm5/unit-test/init-test.c
@@ -20,7 +20,7 @@ int main()
exit(1);
}
ret = kadm5_init(context, "admin", "admin", NULL, &params,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&server_handle);
if (ret == KADM5_RPC_ERROR)
exit(0);
diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c
index e3e0b74..be15407 100644
--- a/src/lib/kadm5/unit-test/iter-test.c
+++ b/src/lib/kadm5/unit-test/iter-test.c
@@ -22,7 +22,7 @@ int main(int argc, char **argv)
exit(1);
}
ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&server_handle);
if (ret != KADM5_OK) {
com_err("iter-test", ret, "while initializing");
diff --git a/src/lib/kadm5/unit-test/lib/lib.t b/src/lib/kadm5/unit-test/lib/lib.t
index 9537fc3..1cd1e04 100644
--- a/src/lib/kadm5/unit-test/lib/lib.t
+++ b/src/lib/kadm5/unit-test/lib/lib.t
@@ -19,7 +19,7 @@ proc lib_start_api {} {
set lib_pid [api_start]
if {! [cmd {
kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
lib_handle
}]} {
perror "$test: unexpected failure in init"
diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c
index a9c9d98..4e6787a 100644
--- a/src/lib/kadm5/unit-test/randkey-test.c
+++ b/src/lib/kadm5/unit-test/randkey-test.c
@@ -23,7 +23,7 @@ int main()
krb5_parse_name(context, "testuser", &tprinc);
ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&server_handle);
if(ret != KADM5_OK) {
com_err("test", ret, "init");
diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c
index 27bd7b7..1dadfc7 100644
--- a/src/lib/kadm5/unit-test/setkey-test.c
+++ b/src/lib/kadm5/unit-test/setkey-test.c
@@ -119,7 +119,7 @@ main(int argc, char **argv)
}
ret = kadm5_init(context, authprinc, NULL, KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_3, NULL,
&handle);
if (ret) {
com_err(whoami, ret, "while initializing connection");
generated by cgit v1.1 at 2024-08-01 23:47:18 +0000