Add another kadmin ACL test for backreferences

Add a test using backreferences which don't correspond directly to
principal components, to verify that *N refers to the Nth wildcard and
not the Nth component.

(cherry picked from commit 119281156097a9da659ce5a7c06f0d517994781c)

ticket: 8183 (new)
version_fixed: 1.12.4

diff --git a/src/tests/t_kadmin_acl.py b/src/tests/t_kadmin_acl.py
index 32e57b89650e4477bb0c8cb9980142805872adcb..c4b8465d8dd73bd5d4160a65e833161b99033798 100644 (file)
--- a/src/tests/t_kadmin_acl.py
+++ b/src/tests/t_kadmin_acl.py
@@ -40,6 +40,7 @@ wctarget = make_client('wctarget')
 admin = make_client('user/admin')
 none = make_client('none')
 restrictions = make_client('restrictions')
+onetwothreefour = make_client('one/two/three/four')
 
 realm.run_kadminl('addpol -minlife "1 day" minlife')
 
@@ -64,6 +65,7 @@ restricted_modify  im  *         +preauth
 restricted_rename  ad  *         +preauth
 
 */*                d   *2/*1
+*/two/*/*          d   *3/*1/*2
 */admin            a
 wctarget           a   wild/*
 restrictions       a   type1     -policy minlife
@@ -328,6 +330,10 @@ if 'Principal "admin/user@KRBTEST.COM" deleted.' not in out:
 out = kadmin_as(admin, 'delprinc -force none')
 if 'Operation requires' not in out:
     fail('delprinc failure (wildcard backreferences not matched)')
+realm.addprinc('four/one/three', 'pw')
+out = kadmin_as(onetwothreefour, 'delprinc -force four/one/three')
+if 'Principal "four/one/three@KRBTEST.COM" deleted.' not in out:
+    fail('delprinc success (wildcard backreferences 2)')
 
 kadmin_as(restrictions, 'addprinc -pw pw type1')
 out = realm.run_kadminl('getprinc type1')