Add tests for anonymous kadmin

author Greg Hudson <ghudson@mit.edu>

Mon, 28 Oct 2013 17:34:04 +0000 (13:34 -0400)

committer Greg Hudson <ghudson@mit.edu>

Wed, 30 Oct 2013 16:31:00 +0000 (12:31 -0400)
author Greg Hudson <ghudson@mit.edu>
Mon, 28 Oct 2013 17:34:04 +0000 (13:34 -0400)
committer Greg Hudson <ghudson@mit.edu>
Wed, 30 Oct 2013 16:31:00 +0000 (12:31 -0400)
diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py

index 7b20fa37b73e3b48c1bb7ee30614c531dd9c62c6..762e32276bcc607ff0a07881a04eebfe6a340f09 100644 (file)
--- a/src/tests/t_pkinit.py
+++ b/src/tests/t_pkinit.py
@@ -71,6 +71,19 @@ realm.kinit('@%s' % realm.realm, flags=['-n'])
  realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
  realm.run([kvno, realm.host_princ])
  
+# Test anonymous kadmin.
+f = open(os.path.join(realm.testdir, 'acl'), 'a')
+f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
+f.close()
+realm.start_kadmind()
+out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd'])
+if 'created.' not in out:
+    fail('Could not create principal with anonymous kadmin')
+out = realm.run([kadmin, '-n', '-q', 'getprinc testadd'])
+if "Operation requires ``get'' privilege" not in out:
+    fail('Anonymous kadmin has too much privilege')
+realm.stop_kadmind()
+
  # Test with anonymous restricted; FAST should work but kvno should fail.
  r_env = realm.special_env('restrict', True, kdc_conf=restrictive_kdc_conf)
  realm.stop_kdc()
author	Greg Hudson <ghudson@mit.edu>
	Mon, 28 Oct 2013 17:34:04 +0000 (13:34 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Wed, 30 Oct 2013 16:31:00 +0000 (12:31 -0400)