/src/kadmin/server/kadmind
-/src/kadmin/testing/admin_*
-/src/kadmin/testing/init-*
-/src/kadmin/testing/kadmin_*
-/src/kadmin/testing/krb5-test-root/
-
-/src/kadmin/testing/scripts/compare_dump.pl
-/src/kadmin/testing/scripts/env-setup.sh
-/src/kadmin/testing/scripts/env-setup.stamp
-/src/kadmin/testing/scripts/make-host-keytab.pl
-/src/kadmin/testing/scripts/qualname.pl
-/src/kadmin/testing/scripts/simple_dump.pl
-/src/kadmin/testing/scripts/verify_xrunner_report.pl
-
-/src/kadmin/testing/util/kadm5_clnt_tcl
-/src/kadmin/testing/util/kadm5_srv_tcl
-
/src/kdc/kdc5_err.[ch]
/src/kdc/krb5kdc
/src/kdc/rtest
/src/lib/kadm5/chpass_util_strings.[ch]
/src/lib/kadm5/kadm_err.[ch]
-/src/lib/kadm5/unit-test/*.log
-/src/lib/kadm5/unit-test/*.sum
-/src/lib/kadm5/unit-test/*-test
-
/src/lib/kdb/adb_err.[ch]
/src/lib/kdb/t_sort_key_data
+++ /dev/null
-% This document is included for historical purposes only, and does not
-% apply to krb5 today.
-
-\documentstyle[times,fullpage]{article}
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Make _ actually generate an _, and allow line-breaking after it.
-\let\underscore=\_
-\catcode`_=13
-\def_{\underscore\penalty75\relax}
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
-\newcommand{\test}[1]{\begin{description}
-\setlength{\itemsep}{0pt}
-#1
-\end{description}
-
-}
-
-\newcommand{\numtest}[2]{\begin{description}
-\setlength{\itemsep}{0pt}
-\Number{#1}
-#2
-\end{description}
-
-}
-
-\newcommand{\Number}[1]{\item[Number:] #1}
-\newcommand{\Reason}[1]{\item[Reason:] #1}
-\newcommand{\Expected}[1]{\item[Expected:] #1}
-\newcommand{\Conditions}[1]{\item[Conditions:] #1}
-\newcommand{\Priority}[1]{\item[Priority:] #1}
-\newcommand{\Status}[1]{\item[Status:] #1}
-\newcommand{\Vtwonote}[1]{\item[V2 note:] #1}
-\newcommand{\Version}[1]{\item[Version:] #1}
-\newcommand{\Call}[1]{}
-%\newcommand{\Call}[1]{\item[Call:] #1}
-%\newcommand{\Number}[1]{}
-%\newcommand{\Reason}[1]{}
-%\newcommand{\Expected}[1]{}
-%\newcommand{\Conditions}[1]{}
-%\newcommand{\Priority}[1]{}
-
-\title{KADM5 Admin API\\
-Unit Test Description}
-\author{Jonathan I. Kamens}
-
-\begin{document}
-
-\maketitle
-
-%\tableofcontents
-
-\section{Introduction}
-
-The following is a description of a black-box unit test of the KADM5
-API. Each API function is listed, followed by the tests that should be
-performed on it.
-
-The tests described here are based on the ``Kerberos Administration
-System KADM5 API Functional Specifications'', revision 1.68. This
-document was originally written based on the OpenVision API functional
-specifications, version 1.41, dated August 18, 1994, and many
-indications of the original version remain.
-
-All tests which test for success should verify, using some means other
-than the return value of the function being tested, that the requested
-operation was successfully performed. For example: for init, test
-that other operations can be performed after init; for destroy, test
-that other operations can't be performed after destroy; for modify
-functions, verify that all modifications to the database which should
-have taken place did, and that the new, modified data is in effect;
-for get operations, verify that the data retrieved is the data that
-should actually be in the database.
-
-The tests would be better if they compared the actual contents of the
-database before and after each test, rather than relying on the KADM5
-API to report the results of changes.
-
-Similarly, all tests which test for failure should verify that the
-no component of the requested operation took place. For example: if
-init fails, other operations should not work. If a modify fails, all
-data in the database should be the same as it was before the attempt
-to modify, and the old data should still be what is enforced.
-Furthermore, tests which test for failure should verify that the
-failure code returned is correct for the specific failure condition
-tested.
-
-Most of the tests listed below should be run twice -- once locally on
-the server after linking against the server API library, and once
-talking to the server via authenticated Sun RPC after linking against
-the client API library. Tests which should only be run locally or via
-RPC are labelled with a ``local'' or ``RPC''.
-
-Furthermore, in addition to the tests labelled below, a test should be
-implemented to verify that a client can't perform operations on the
-server through the client API library when it's linked against
-standard Sun RPC instead of OpenV*Secure's authenticated Sun RPC.
-This will require a client with a modified version of ovsec_kadm_init
-which doesn't call auth_gssapi_create. This client should call this
-modified ovsec_kadm_init and then call some other admin API function,
-specifying arguments to both functions that would work if the
-authenticated Sun RPC had been used, but shouldn't if authentication
-wasn't used. The test should verify that the API function call after
-the init doesn't succeed.
-
-There is also another test to see if all the API functions handle getting an
-invalid server handle correctly. This is not done as part of the tests that
-are run through the TCL program cause the TCL program has no way of
-invalidating a server handle. So there is a program that calls init and
-changes the handle magic number, and then attempts to call each API function
-with the corrupted server handle.
-
-A number of tests have been added or changed to correspond with KADM5
-API version 2. Tests which are only performed against the newer
-version specify the version number in the test description.
-
-\section{ovsec_kadm_init}
-
-\numtest{1}{
-\Reason{An empty string realm is rejected.}
-\Status{Implemented}
-\Vtwonote{The empty string is now passed as the realm field of the
-parameters structure.}
-}
-
-\numtest{2}{
-\Reason{A realm containing invalid characters is rejected.}
-\Status{Implemented}
-\Vtwonote{The invalid character is now passed as the realm field of the
-parameters structure.}
-}
-
-\numtest{2.5}{
-\Reason{A non-existent realm is rejected.}
-\Status{Implemented}
-\Vtwonote{The non-existent realm is now passed as the realm field of the
-parameters structure.}
-}
-
-\numtest{3}{
-\Reason{A bad service name representing an existing principal
- (different from the client principal) is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Reason{A bad service name representing a non-existent
- principal is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{A bad service name identical to the (existing) client
- name is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Reason{A null password causes password prompting.}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{An empty-string causes password prompting}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{An incorrect password which is the password of another
- user is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Reason{An incorrect password which isn't the password of any
- user is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Reason{A null client_name is rejected.}
-\Status{Implemented}
-}
-
-% Empty string client name is legal.
-%\numtest{11}{
-%\Reason{An empty-string client_name is rejected.}
-%}
-
-\numtest{12}{
-\Reason{A client_name referring to a non-existent principal in
- the default realm is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Reason{A client_name referring to a non-existent principal
- with the local realm specified explicitly is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Reason{A client_name referring to a non-existent principal in
- a nonexistent realm is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Reason{A client_name referring to an existing principal in a
- nonexistent realm is rejected.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Reason{Valid invocation.}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Reason{Valid invocation (explicit client realm).}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Reason{Valid invocation (CHANGEPW_SERVICE).}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Reason{Valid invocation (explicit service realm).}
-\Status{Implemented}
-\Vtwonote{The explicit realm is now passed as the realm field of the
-configuration parameters.}
-}
-
-\numtest{20}{
-\Reason{Valid invocation (database access allowed after init).}
-\Status{Implemented}
-}
-
-%\numtest{21}{
-%\Reason{Init fails when called twice in a row.}
-%\Status{Implemented}
-%}
-
-\numtest{22}{
-\Reason{A null password causes master-key prompting.}
-\Conditions{local}
-\Status{Implemented}
-\Vtwonote{Obsolete.}
-}
-
-\numtest{22.5}{
-\Reason{A empty string password causes master-key prompting.}
-\Conditions{local}
-\Status{Implemented}
-\Vtwonote{Obsolete.}
-}
-
-%\numtest{23}{
-%\Reason{A non-null password causes reading from the kstash.}
-%\Conditions{local}
-%\Status{Implemented}
-%}
-
-\numtest{24}{
-\Reason{Null service name is ignored in local invocation.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{25}{
-\Reason{Non-null service name is ignored in local invocation.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-%\numtest{26}{
-%\Reason{Can't do ``get'' operation before calling init.}
-%\Status{Implemented}
-%}
-
-%\numtest{27}{
-%\Reason{Can't do ``add'' operation before calling init.}
-%\Status{Implemented}
-%}
-
-%\numtest{28}{
-%\Reason{Can't do ``modify'' operation before calling init.}
-%\Status{Implemented}
-%}
-
-%\numtest{29}{
-%\Reason{Can't do ``delete'' operation before calling init.}
-%\Status{Implemented}
-%}
-
-\numtest{30}{
-\Reason{Can init after failed init attempt.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{31}{
-\Priority{High}
-\Reason{Return BAD_STRUCT_VERSION when the mask bits are set to invalid values}
-\Status{Implemented}
-}
-
-\numtest{32}{
-\Priority{High}
-\Reason{Return BAD_STRUCT_VERSION when the mask bits are not set}
-\Status{Implemented}
-}
-
-\numtest{33}{
-\Priority{High}
-\Reason{Return OLD_STRUCT_VERSION when attempting to use an old/unsupported
- structure version}
-\Status{Implemented}
-}
-
-\numtest{34}{
-\Priority{High}
-\Reason{Return NEW_STRUCT_VERSION when attempting to use a newer version of
- of the structure then what is supported}
-\Status{Implemented}
-}
-
-\numtest{35}{
-\Priority{High}
-\Reason{Return BAD_API_VERSION when the mask bits are set to invalid values}
-\Status{Implemented}
-}
-
-\numtest{36}{
-\Priority{High}
-\Reason{Return BAD_API_VERSION when the mask bits are not set}
-\Status{Implemented}
-}
-
-\numtest{37}{
-\Priority{High}
-\Reason{Return OLD_LIB_API_VERSION when using an old/unsuppored
- api version number}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{38}{
-\Priority{High}
-\Reason{Return OLD_SERVER_API_VERSION attempting to use an
- old/unsupported api version number}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{39}{
-\Priority{High}
-\Reason{Return NEW_LIB_API_VERSION when using a newer api
- version number then supported}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{40}{
-\Priority{High}
-\Reason{Return NEW_SERVER_API_VERSION when using a newer api version
- number then supported}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{41}{
-\Priority{High}
-\Reason{Return BAD_XXX_VERSION when the API and the structure
- version numbers are reversed}
-\Status{Implemented}
-}
-
-\numtest{42}{
-\Priority{High}
-\Reason{Succeeds when using valid api and struct version numbers and masks}
-\Status{Implemented}
-}
-
-\numtest{43}{
-\Priority{Low}
-\Reason{Returns two different server handle when called twice with same info}
-}
-
-\numtest{44}{
-\Priority{Low}
-\Reason{Returns two different server handles when called twice with
- different info}
-}
-
-\numtest{45}{
-\Priority{Bug fix, secure-install/3390}
-\Reason{Returns SECURE_PRINC_MISSING when ADMIN_SERVICE does not
-exist.}
-\Status{Implemented}
-}
-
-\numtest{46}{
-\Priority{Bug fix, secure-install/3390}
-\Reason{Returns SECURE_PRINC_MISSING when CHANGEPW_SERVICE does not
-exist.}
-\Status{Implemented}
-}
-
-\numtest{100}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the profile field of the configuration parameters, if
-set.}
-\Status{Implemented}
-}
-
-\numtest{101}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the kadmind_port field of the configuration parameters,
-if set.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{102}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the admin_server field of the configuration parameters,
-if set with only an admin server name.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{102.5}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the admin_server field of the configuration parameters,
-if set with a host name and port number.}
-\Conditions{RPC}
-}
-
-\numtest{103}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the dbname field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{104}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the admin_dbname field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{105}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the admin_lockfile field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{106}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the mkey_from_kbd field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{107}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the stash_file field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{108}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the mkey_name field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{109}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the max_life field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{110}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the max_rlife field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{111}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the expiration field of the configuration parameters, if
-set.}
-\Status{Implemented}
-\Conditions{local}
-}
-
-\numtest{112}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the flags field of the configuration parameters, if
-set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{113}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Obeys the keysalts and num_keysalts field of the configuration
-parameters, if set.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{114}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Returns KADM5_BAD_SERVER_PARAMS if any client-only parameters
-are specified to server-side init.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{115}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Returns KADM5_BAD_CLIENT_PARAMS if any client-only parameters
-are specified to server-side init.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{116}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Two calls to init with clients having different privileges
-succeeds, and both clients maintain their correct privileges.}
-\Priority{Bug fix}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{117}{
-\Version{KADM5_API_VERSION_2}
-\Reason{The max_life field defaults to value specified in the API
-Functional Specification when kdc.conf is unreadable.}
-\Priority{Bug fix, krb5-admin/18}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{150}{
-\Version{KADM5_API_VERSION_2}
-\Reason{init_with_creds works when given an open ccache with a valid
-credential for ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{151}{
-\Version{KADM5_API_VERSION_2}
-\Reason{init_with_creds works when given an open ccache with a valid
-credential for CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{152}{
-\Version{KADM5_API_VERSION_2}
-\Reason{init_with_creds fails with KRB5_FCC_NOFILE (was
- KADM5_GSS_ERROR) when given an open
-ccache with no credentials.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{153}{
-\Version{KADM5_API_VERSION_2}
-\Reason{init_with_creds fails with KRB5_CC_NOTFOUND (was
- KADM5_GSS_ERROR) when given an open
-ccache without credentials for ADMIN_SERVICE or CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{154}{
-\Version{KADM5_API_VERSION_2}
-\Reason{If the KRB5_KDC_PROFILE environment variable is set to a filename
-that does not exist, init fails with ENOENT.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\section{ovsec_kadm_destroy}
-
-\numtest{1}{
-\Reason{Valid invocation.}
-\Status{Implemented}
-}
-
-%\numtest{2}{
-%\Reason{Valid invocation (``get'' not allowed after destroy).}
-%\Status{Implemented}
-%}
-
-%\numtest{3}{
-%\Reason{Valid invocation (``add'' not allowed after destroy).}
-%\Status{Implemented}
-%}
-
-%\numtest{4}{
-%\Reason{Valid invocation (``modify'' not allowed after destroy).}
-%\Status{Implemented}
-%}
-
-%\numtest{5}{
-%\Reason{Valid invocation (``delete'' not allowed after destroy).}
-%\Status{Implemented}
-%}
-
-%\numtest{6}{
-%\Reason{Fails if database not initialized.}
-%\Status{Implemented}
-%}
-
-%\numtest{7}{
-%\Reason{Fails if invoked twice in a row.}
-%\Status{Implemented}
-%}
-
-\numtest{8}{
-\Reason{Database can be reinitialized after destroy.}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{client}
-}
-
-\section{ovsec_kadm_create_principal}
-
-%In the tests below, ``getu'' refers to a user who has only ``get'' access,
-%''addu'' refers to a user who has only ``add'' access, ``modifyu'' refers to
-%a user who has only ``modify'' access, and ``deleteu'' refers to a user
-%who has only ``delete'' access. ``amu'' refers to a user with ``add'' and
-%''modify'' access. ``new_princ'' refers to a principal entry structure
-%filled in as follows:
-%
-% krb5_parse_name("newuser", \&new_princ.principal);
-% krb5_timeofday(\&new_princ.princ_expire_time);
-% new_princ.princ_expire_time += 130;
-% krb5_timeofday(\&new_princ.last_pwd_change);
-% new_princ.last_pwd_change += 140;
-% krb5_timeofday(\&new_princ.pw_expiration);
-% new_princ.pw_expiration += 150;
-% new_princ.max_life = 160;
-% krb5_parse_name("usera", \&new_princ.mod_name);
-% krb5_timeofday(\&new_princ.mod_date);
-% new_princ.mod_date += 170;
-% new_princ.attributes = 0xabcdabcd;
-% new_princ.kvno = 180;
-% new_princ.mkvno = 190;
-% new_princ.policy = null;
-% new_princ.aux_attributes = 0xdeadbeef;
-%
-%The offsets of 130 through 190 above are used to ensure that the
-%fields are all known to be different from each other, so that
-%accidentally switched fields can be detected. Some of the fields in
-%this structure may be changed by the tests, but they should clean up
-%after themselves.
-
-%\numtest{1}{
-%\Reason{Fails if database not initialized.}
-%\Status{Implemented}
-%}
-
-\numtest{2}{
-\Reason{Fails on null princ argument.}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Reason{Fails on null password argument.}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Reason{Fails on empty-string password argument.}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{Fails when mask contains undefined bit.}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Reason{Fails when mask contains LAST_PWD_CHANGE bit.}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{Fails when mask contains MOD_TIME bit.}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{Fails when mask contains MOD_NAME bit.}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Reason{Fails when mask contains MKVNO bit.}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Reason{Fails when mask contains AUX_ATTRIBUTES bit.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Reason{Fails when mask contains POLICY_CLR bit.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Reason{Fails for caller with no access bits.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Reason{Fails when caller has ``get'' access and not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Reason{Fails when caller has ``modify'' access and not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Reason{Fails when caller has ``delete'' access and not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Reason{Fails when caller connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Reason{Fails on attempt to create existing principal.}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Reason{Fails when password is too short.}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Reason{Fails when password has too few classes.}
-\Status{Implemented}
-}
-
-\numtest{20}{
-\Reason{Fails when password is in dictionary.}
-\Status{Implemented}
-}
-
-\numtest{21}{
-\Reason{Nonexistent policy is rejected.}
-\Status{Implemented}
-}
-
-\numtest{22}{
-\Reason{Fails on invalid principal name.}
-\Status{Implemented}
-}
-
-\numtest{23}{
-\Reason{Valid invocation.}
-\Status{Implemented}
-}
-
-\numtest{24}{
-\Reason{Succeeds when caller has ``add'' access and another one.}
-\Status{Implemented}
-}
-
-%\numtest{25}{
-%\Reason{Fails when password is too short, when override_qual is true.}
-%}
-
-%\numtest{26}{
-%\Reason{Fails when password has too few classes, when
-% override_qual is true.}
-%}
-
-%\numtest{27}{
-%\Reason{Fails when password is in dictionary, when override_qual is
-% true.}
-%}
-
-\numtest{28}{
-\Reason{Succeeds when assigning policy.}
-\Status{Implemented}
-}
-
-\numtest{29}{
-\Priority{High}
-\Reason{Allows 0 (never) for princ_expire_time.}
-\Status{Implemented}
-}
-
-\numtest{30}{
-\Reason{Allows 0 (never) for pw_expiration when there's no policy.}
-\Status{Implemented}
-}
-
-\numtest{31}{
-\Reason{Allows 0 (never) for pw_expiration when there's a policy with
- 0 for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{32}{
-\Reason{Accepts 0 (never) for pw_expiration when there's a policy with
- non-zero pw_max_life, and sets pw_expiration to zero.}
-\Status{Implemented}
-}
-
-\numtest{33}{
-\Reason{Accepts and sets non-zero pw_expiration when no policy.}
-\Status{Implemented}
-}
-
-\numtest{34}{
-\Reason{Accepts and sets non-zero pw_expiration when there's a policy
- with zero pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{35}{
-\Reason{Accepts and sets non-zero pw_expiration when there's a policy
- with pw_max_life later than the specified pw_expiration.}
-\Status{Implemented}
-}
-
-\numtest{36}{
-\Reason{Accepts and sets non-zero pw_expiration greater than now_pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{37}{
-\Priority{High}
-\Reason{Sets pw_expiration to 0 (never) if there's no policy and no
- specified pw_expiration.}
-\Status{Implemented}
-}
-
-\numtest{38}{
-\Priority{High}
-\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the
- policy has a 0 (never) pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{39}{
-\Priority{High}
-\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified
- and the policy has a non-zero pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{40}{
-\Priority{High}
-\Reason{Allows 0 (forever) for max_life.}
-\Status{Implemented}
-}
-
-\numtest{41}{
-\Priority{High}
-\Reason{Doesn't modify or free mod_name on success.}
-}
-
-\numtest{42}{
-\Priority{High}
-\Reason{Doesn't modify or free mod_name on failure.}
-}
-
-\numtest{43}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{44}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-
-\section{ovsec_kadm_delete_principal}
-
-%\numtest{1}{
-%\Reason{Fails if database not initialized.}
-%\Status{Implemented}
-%}
-
-\numtest{2}{
-\Reason{Fails on null principal.}
-\Status{Implemented}
-}
-
-% Empty string principal is legal.
-%\numtest{3}{
-%\Reason{Fails on empty-string principal.}
-%}
-
-% There is not invalid principal names
-%\numtest{4}{
-%\Reason{Fails on invalid principal name.}
-%}
-
-\numtest{5}{
-\Priority{High}
-\Reason{Fails on nonexistent principal.}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Priority{High}
-\Reason{Fails when caller connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Priority{High}
-\Reason{Fails if caller has ``add'' access and not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Priority{High}
-\Reason{Fails if caller has ``modify'' access and not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Fails if caller has ``get'' access and not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Priority{High}
-\Reason{Fails if caller has no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Priority{High}
-\Reason{Valid invocation.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Valid invocation (on principal with policy).}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-
-\section{ovsec_kadm_modify_principal}
-
-%\numtest{1}{
-%\Reason{Fails if database not initialized.}
-%\Status{Implemented}
-%}
-
-\numtest{2}{
-\Priority{High}
-\Reason{Fails if user connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Reason{Fails on mask with undefined bit set.}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Reason{Fails on mask with PRINCIPAL set.}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Priority{High}
-\Reason{Fails on mask with LAST_PWD_CHANGE set.}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Reason{Fails on mask with MOD_TIME set.}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{Fails on mask with MOD_NAME set.}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{Fails on mask with MKVNO set.}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Fails on mask with AUX_ATTRIBUTES set.}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Reason{Fails on nonexistent principal.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Priority{High}
-\Reason{Fails for user with no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Fails for user with ``get'' access.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Fails for user with ``add'' access.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{High}
-\Reason{Fails for user with ``delete'' access.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Priority{High}
-\Reason{Succeeds for user with ``modify'' access.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Reason{Succeeds for user with ``modify'' and another access.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Priority{High}
-\Reason{Fails when nonexistent policy is specified.}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Priority{High}
-\Reason{Succeeds when existent policy is specified.}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Reason{Updates policy count when setting policy from none.}
-\Status{Implemented}
-}
-
-\numtest{20}{
-\Reason{Updates policy count when clearing policy from set.}
-\Status{Implemented}
-}
-
-\numtest{21}{
-\Reason{Updates policy count when setting policy from other policy.}
-\Status{Implemented}
-}
-
-\numtest{21.5}{
-\Reason{Policy reference count remains unchanged when policy is
- changed to itself.}
-\Status{Implemented.}
-}
-
-\numtest{22}{
-\Reason{Allows 0 (never) for pw_expiration when there's no policy.}
-\Status{Implemented}
-}
-
-\numtest{23}{
-\Reason{Allows 0 (never) for pw_expiration when there's a policy with
- 0 for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{24}{
-\Reason{Accepts 0 (never) for pw_expiration when there's a policy with
- non-zero pw_max_life, but actually sets pw_expiration to
- last_pwd_change + pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{25}{
-\Reason{Accepts and sets non-zero pw_expiration when no policy.}
-\Status{Implemented}
-}
-
-\numtest{26}{
-\Reason{Accepts and sets non-zero pw_expiration when there's a policy
- with zero pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{27}{
-\Reason{Accepts and sets non-zero pw_expiration when there's a policy
- with pw_max_life later than the specified pw_expiration.}
-\Status{Implemented}
-}
-
-\numtest{28}{
-\Reason{Accepts non-zero pw_expiration and limits it to last_pwd_change +
- pw_max_life when it's later than last_pwd_change + non-zero
- pw_max_life in policy.}
-\Status{Implemented}
-}
-
-\numtest{29}{
-\Priority{High}
-\Reason{Sets pw_expiration to 0 (never) when a policy is cleared and
-no pw_expiration is specified.}
-\Status{Implemented}
-}
-
-\numtest{30}{
-\Priority{High}
-\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the
- new policy has a 0 (never) pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{31}{
-\Priority{High}
-\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified
- and the new policy has a non-zero pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{32}{
-\Priority{High}
-\Reason{Accepts princ_expire_time change.}
-\Status{Implemented}
-}
-
-
-
-\numtest{33}{
-\Priority{High}
-\Reason{Accepts attributes change.}
-\Status{Implemented}
-}
-
-\numtest{33.25}{
-\Priority{High}
-\Reason{Accepts attributes change (KRB5_KDB_REQUIRES_PW_CHANGE).}
-\Status{Implemented}
-}
-
-\numtest{33.5}{
-\Priority{High}
-\Reason{Accepts attributes change (KRB5_DISALLOW_TGT_BASE).}
-\Status{Implemented}
-}
-
-\numtest{33.75}{
-\Priority{High}
-\Reason{Accepts attributes change (KRB5_PW_CHANGE_SERVICE).}
-\Status{Implemented}
-}
-
-\numtest{34}{
-\Priority{High}
-\Reason{Accepts max_life change.}
-\Status{Implemented}
-}
-
-\numtest{35}{
-\Priority{High}
-\Reason{Accepts kvno change.}
-\Status{Implemented}
-}
-
-\numtest{36}{
-\Reason{Behaves correctly when policy is set to the same as it was
- before.}
-\Status{Implemented}
-}
-
-\numtest{37}{
-\Reason{Behaves properly when POLICY_CLR is specified and there was no
- policy before.}
-\Status{Implemented}
-}
-
-\numtest{38}{
-\Priority{High}
-\Reason{Accepts 0 (never) for princ_expire_time.}
-\Status{Implemented}
-}
-
-\numtest{39}{
-\Priority{High}
-\Reason{Accepts 0 for max_life.}
-\Status{Implemented}
-}
-
-\numtest{40}{
-\Reason{Rejects null principal argument.}
-\Status{Implemented}
-}
-
-\numtest{41}{
-\Priority{High}
-\Reason{Doesn't modify or free mod_name on success.}
-}
-
-\numtest{42}{
-\Priority{High}
-\Reason{Doesn't modify or free mod_name on failure.}
-}
-
-\numtest{43}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{44}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\numtest{100}{
-\Version{KADM5_API_VERSION_2}
-\Priority{bug-fix}
-\Reason{Accepts max_rlife change.}
-\Status{Implemented}
-}
-
-\numtest{101}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Rejects last_success change.}
-\Status{Implemented}
-}
-
-\numtest{102}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Rejects last_failed change.}
-\Status{Implemented}
-}
-
-\numtest{103}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Rejects fail_auth_count change.}
-\Status{Implemented}
-}
-
-\numtest{103.5}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Rejects key_data change.}
-\Status{Implemented}
-}
-
-\numtest{104}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Accepts tl_data change when all types are greater than 256.}
-\Status{Implemented}
-}
-
-\numtest{105}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Returns KADM5_BAD_TL_TYPE when given tl_data with a type less
-than 256.}
-\Status{Implemented}
-}
-
-\section{ovsec_kadm_rename_principal}
-
-%\numtest{1}{
-%\Reason{Fails if database not initialized.}
-%\Status{Implemented}
-%}
-
-\numtest{2}{
-\Priority{High}
-\Reason{Fails if user connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Priority{High}
-\Reason{Fails for user with no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Reason{Fails for user with ``modify'' access and not ``add'' or
-``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{Fails for user with ``get'' access and not ``add'' or
-``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Reason{Fails for user with ``modify'' and ``add'' but not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{Fails for user with ``modify'' and ``delete'' but not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{Fails for user with ``get'' and ``add'' but not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Reason{Fails for user with ``get'' and ``delete'' but not ``add.''}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Reason{Fails for user with ``modify'', ``get'' and ``add'', but not
- ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Reason{Fails for user with ``modify'', ``get'' and ``delete'', but
- not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Fails for user with ``add'' but not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Fails for user with ``delete'' but not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{High}
-\Reason{Succeeds for user with ``add'' and ``delete'', when that user
-has non-name-based salt.}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Priority{High}
-\Reason{Fails if target principal name exists.}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\numtest{18}{
-\Priority{bug fix}
-\Reason{Returns NO_RENAME_SALT when asked to rename a principal whose
-salt depends on the principal name.}
-\Status{Implemented}
-}
-
-\section{ovsec_kadm_chpass_principal}
-\label{ovseckadmchpassprincipal}
-
-\subsection{Quality/history enforcement tests}
-
-This section lists a series of tests which will be run a number of
-times, with various parameter settings (e.g., which access bits user
-has, whether user connected with ADMIN_SERVICE or CHANGEPW_SERVICE,
-etc.). The table following the
-list of tests gives the various parameter settings under which the
-tests should be run, as well which should succeed and which should
-fail for each choice of parameter settings.
-
-\subsubsection{List of tests}
-
-The test number of each of these tests is an offset from the base
-given in the table below.
-
-\numtest{1}{
-\Priority{High}
-\Reason{With history setting of 1, change password to itself.}
-}
-
-\numtest{2}{
-\Reason{With history setting of 2 but no password changes since
- principal creation, change password to itself.}
-}
-
-\numtest{3}{
-\Reason{With history setting of 2 and one password change since
- principal creation, change password to itself
- and directly previous password.}
-}
-
-\numtest{4}{
-\Priority{High}
-\Reason{With a history setting of 3 and no password changes,
- change password to itself.}
-}
-
-\numtest{5}{
-\Priority{High}
-\Reason{With a history setting of 3 and 1 password change,
- change password to itself or previous password.}
-}
-
-\numtest{6}{
-\Priority{High}
-\Reason{With a history setting of 3 and 2 password changes,
- change password to itself and the two previous passwords.}
-}
-
-\numtest{7}{
-\Priority{High}
-\Reason{Change to previously unused password when now -
- last_pwd_change $<$ pw_min_life.}
-}
-
-\numtest{8}{
-\Priority{High}
-\Reason{Change to previously unused password that doesn't contain enough
- character classes.}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Change to previously unused password that's too short.}
-}
-
-\numtest{10}{
-\Priority{High}
-\Reason{Change to previously unused password that's in the dictionary.}
-}
-
-\subsubsection{List of parameter settings}
-
-In the table below, ``7 passes'' means that test 7 above passes and
-the rest of the tests fail.
-
-\begin{tabular}{llllll}
-Base & Modify access? & Own password? & Service & Pass/Fail \\ \hline
-0 & No & Yes & ADMIN & all fail \\
-20 & No & Yes & CHANGEPW & all fail \\
-40 & No & No & ADMIN & all fail \\
-60 & No & No & CHANGEPW & all fail \\
-80 & Yes & Yes & ADMIN & 7 passes \\
-100 & Yes & Yes & CHANGEPW & all fail \\
-120 & Yes & No & ADMIN & 7 passes \\
-140 & Yes & No & CHANGEPW & all fail \\
-\end{tabular}
-
-\subsection{Other quality/history tests}
-
-\numtest{161}{
-\Priority{High}
-\Reason{With history of 1, can change password to anything other than
- itself that doesn't conflict with other quality
- rules.}
-}
-
-\numtest{162}{
-\Reason{With history of 2 and 2 password changes, can change password
- to original password.}
-}
-
-\numtest{163}{
-\Priority{High}
-\Reason{With history of 3 and 3 password changes, can change password
- to original password.}
-}
-
-\numtest{164}{
-\Priority{High}
-\Reason{Can change password when now - last_pwd_change $>$ pw_min_life.}
-}
-
-\numtest{165}{
-\Priority{High}
-\Reason{Can change password when it contains exactly the number of
- classes required by the policy.}
-}
-
-\numtest{166}{
-\Priority{High}
-\Reason{Can change password when it is exactly the length required by
- the policy.}
-}
-
-\numtest{167}{
-\Priority{High}
-\Reason{Can change password to a word that isn't in the dictionary.}
-}
-
-
-\subsection{Other tests}
-
-%\numtest{168}{
-%\Reason{Fails if database not initialized.}
-%}
-
-\numtest{169}{
-\Reason{Fails for non-existent principal.}
-}
-
-\numtest{170}{
-\Reason{Fails for null password.}
-}
-
-\numtest{171}{
-\Priority{High}
-\Reason{Fails for empty-string password.}
-}
-
-\numtest{172}{
-\Priority{High}
-\Reason{Pw_expiration is set to now + max_pw_life if policy exists and
- has non-zero max_pw_life.}
-}
-
-\numtest{173}{
-\Priority{High}
-\Reason{Pw_expiration is set to 0 if policy exists and has zero
- max_pw_life.}
-}
-
-\numtest{174}{
-\Priority{High}
-\Reason{Pw_expiration is set to 0 if no policy.}
-}
-
-\numtest{175}{
-\Priority{High}
-\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when password is
- successfully changed.}
-}
-
-\numtest{176}{
-\Priority{High}
-\Reason{Fails for user with no access bits, on other's password.}
-}
-
-\numtest{177}{
-\Priority{High}
-\Reason{Fails for user with ``get'' but not ``modify'' access, on
- other's password.}
-}
-
-\numtest{178}{
-\Reason{Fails for user with ``delete'' but not ``modify'' access, on
- other's password.}
-}
-
-\numtest{179}{
-\Reason{Fails for user with ``add'' but not ``modify'' access, on
- other's password.}
-}
-
-\numtest{180}{
-\Reason{Succeeds for user with ``get'' and ``modify'' access, on
- other's password.}
-\Status{Implemented}
-}
-
-\numtest{180.5}{
-\Priority{High}
-\Reason{Succeeds for user with ``modify'' but not ``get'' access, on
- other's password.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-\numtest{180.625}{
-\Priority{High}
-\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE on
- others password}
-\Conditions{RPC}
-\Status{Implemented}
-}
-\numtest{180.75}{
-\Priority{High}
-\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE
- on other's password which has expired}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-%\numtest{181}{
-%\Reason{Password that would succeed if override_qual were false fails
-% if override_qual is true.}
-%\Expected{Returns CANNOT_OVERRIDE.}
-%}
-
-\numtest{182}{
-\Priority{High}
-\Reason{Can not change key of ovsec_adm/history principal.}
-\Status{Implemented}
-}
-
-\numtest{183}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{184}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\numtest{200}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Creates a key for the principal for each unique encryption
-type/salt type in use.}
-\Status{Implemented}
-}
-
-\section{ovsec_kadm_chpass_principal_util}
-
-Rerun all the tests listed for ovsec_kadm_chpass_principal above in
-Section \ref{ovseckadmchpassprincipal}. Verify that they succeed
-and fail in the same circumstances. Also verify that in each failure
-case, the error message returned in msg_ret is as specified in the
-functional specification.
-
-Also, run the following additional tests.
-
-\numtest{1}{
-\Reason{Null msg_ret is rejected.}
-}
-
-\numtest{2}{
-\Priority{High}
-\Reason{New password is put into pw_ret, when it's prompted for.}
-}
-
-\numtest{3}{
-\Priority{High}
-Reason{New password is put into pw_ret, when it's supplied by the
- caller.}
-}
-
-\numtest{4}{
-\Priority{High}
-\Reason{Successful invocation when pw_ret is null.}
-}
-
-
-
-\section{ovsec_kadm_randkey_principal}
-
-\subsection{TOOSOON enforcement tests}
-
-This test should be run a number of times, as indicated in the table
-following it. The table also indicates the expected result of each
-run of the test.
-
-\test{
-\Reason{Change key when now - last_pwd_change $<$ pw_min_life.}
-}
-
-\subsubsection{List of parameter settings}
-
-\begin{tabular}{llllll}
-Number & Modify Access? & Own Key? & Service & Pass/Fail & Implemented? \\ \hline
-1 & No & Yes & ADMIN & fail & Yes \\
-3 & No & Yes & CHANGEPW & fail & Yes \\
-5 & No & No & ADMIN & fail \\
-7 & No & No & CHANGEPW & fail \\
-9 & Yes & Yes & ADMIN & pass \\
-11 & Yes & Yes & CHANGEPW & fail \\
-13 & Yes & No & ADMIN & pass & Yes \\
-15 & Yes & No & CHANGEPW & fail & Yes \\
-\end{tabular}
-
-\subsection{Other tests}
-
-\numtest{17}{
-\Reason{Fails if database not initialized.}
-}
-
-\numtest{18}{
-\Reason{Fails for non-existent principal.}
-}
-
-\numtest{19}{
-\Reason{Fails for null keyblock pointer.}
-}
-
-\numtest{20}{
-\Priority{High}
-\Reason{Pw_expiration is set to now + max_pw_life if policy exists and
- has non-zero max_pw_life.}
-}
-
-\numtest{21}{
-\Priority{High}
-\Reason{Pw_expiration is set to 0 if policy exists and has zero
- max_pw_life.}
-}
-
-\numtest{22}{
-\Priority{High}
-\Reason{Pw_expiration is set to 0 if no policy.}
-}
-
-\numtest{23}{
-\Priority{High}
-\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when key is
- successfully changed.}
-}
-
-\numtest{24}{
-\Priority{High}
-\Reason{Fails for user with no access bits, on other's password.}
-}
-
-\numtest{25}{
-\Priority{High}
-\Reason{Fails for user with ``get'' but not ``modify'' access, on
- other's password.}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{26}{
-\Reason{Fails for user with ``delete'' but not ``modify'' access, on
- other's password.}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{27}{
-\Reason{Fails for user with ``add'' but not ``modify'' access, on
- other's password.}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{28}{
-\Reason{Succeeds for user with ``get'' and ``modify'' access, on
- other's password.}
-\Status{Implemented}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{28.25}{
-\Priority{High}
-\Reason{Fails for user with get and modify access on others password
- When conneceted with CHANGEPW_SERVICE}
-\Status{Implemented}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{28.5}{
-\Priority{High}
-\Reason{Succeeds for user with ``modify'' but not ``get'' access, on
- other's password.}
-\Status{Implemented}
-\Vtwonote{Change-password instead of modify access.}
-}
-
-\numtest{29}{
-\Reason{The new key that's assigned is truly random. XXX not sure how
- to test this.}
-}
-
-\numtest{30}{
-\Reason{Succeeds for own key, no other access bits when connecting with CHANGEPW service}
-\Status{Implemented}
-}
-\numtest{31}{
-\Reason{Succeeds for own key, no other access bits when connecting with ADMIM service}
-\Status{Implemented}
-}
-
-\numtest{32}{
-\Reason{Cannot change ovsec_adm/history key}
-\Status{Implemented}
-}
-
-\numtest{33}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{34}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\numtest{100}{
-\Version{KADM5_API_VERSION_2}
-\Reason{Returns a key for each unique encryption type specified in the
-keysalts.}
-}
-
-\section{ovsec_kadm_get_principal}
-
-\numtest{1}{
-\Reason{Fails for null ent.}
-\Status{Implemented}
-}
-
-\numtest{2}{
-\Reason{Fails for non-existent principal.}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Priority{High}
-\Reason{Fails for user with no access bits, retrieving other principal.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Priority{High}
-\Reason{Fails for user with ``add'' but not ``get'', getting principal
- other than his own, using ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{Fails for user with ``modify'' but not ``get'', getting
- principal other than his own, using ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Reason{Fails for user with ``delete'' but not ``get'', getting
- principal other than his own, using ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{Fails for user with ``delete'' but not ``get'', getting
- principal other than his own, using CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Priority{High}
-\Reason{Fails for user with ``get'', getting principal other than his
- own, using CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Succeeds for user without ``get'', retrieving self, using
- ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Reason{Succeeds for user without ``get'', retrieving self, using
- CHANGEPW_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Reason{Succeeds for user with ``get'', retrieving self, using
- ADMIN_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Reason{Succeeds for user with ``get'', retrieving self, using
- CHANGEPW_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Succeeds for user with ``get'', retrieving other user, using
- ADMIN_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Reason{Succeeds for user with ``get'' and ``modify'', retrieving
- other principal, using ADMIN_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\numtest{100}{
-\Version{KADM5_API_VERSION_2}
-\Reason{If KADM5_PRINCIPAL_NORMAL_MASK is specified, the key_data and
-tl_data fields are NULL/zero.}
-\Status{Implemented}
-}
-
-\numtest{101}{
-\Version{KADM5_API_VERSION_2}
-\Reason{If KADM5_KEY_DATA is specified, the key_data fields contain
-data but the contents are all NULL.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{102}{
-\Version{KADM5_API_VERSION_2}
-\Reason{If KADM5_KEY_DATA is specified, the key_data fields contain
-data and the contents are all non-NULL.}
-\Conditions{local}
-\Status{Implemented}
-}
-
-\numtest{103}{
-\Version{KADM5_API_VERSION_2}
-\Reason{If KADM5_TL_DATA is specified, the tl_data field contains the
-correct tl_data and no entries whose type is less than 256.}
-\Status{Implemented}
-}
-
-
-\section{ovsec_kadm_create_policy}
-
-\numtest{1}{
-\Reason{Fails for mask with undefined bit set.}
-\Status{Implemented - untested}
-}
-
-\numtest{2}{
-\Priority{High}
-\Reason{Fails if caller connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Reason{Fails for mask without POLICY bit set.}
-\Status{Implemented - untested}
-}
-
-\numtest{4}{
-\Reason{Fails for mask with REF_COUNT bit set.}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{Fails for invalid policy name.}
-\Status{Implemented - untested}
-}
-
-\numtest{6}{
-\Priority{High}
-\Reason{Fails for existing policy name.}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Reason{Fails for null policy name.}
-\Status{Implemented - untested}
-}
-
-\numtest{8}{
-\Priority{High}
-\Reason{Fails for empty-string policy name.}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Accepts 0 for pw_min_life.}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_min_life.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Priority{High}
-\Reason{Accepts 0 for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Rejects 0 for pw_min_length.}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_min_length.}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Priority{High}
-\Reason{Rejects 0 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Priority{High}
-\Reason{Accepts 1 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Priority{High}
-\Reason{Accepts 4 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Priority{High}
-\Reason{Rejects 5 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Priority{High}
-\Reason{Rejects 0 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{20}{
-\Priority{High}
-\Reason{Accepts 1 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{21}{
-\Priority{High}
-\Reason{Accepts 10 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{21.5}{
-\Reason{Rejects 11 for pw_history_num.}
-\Status{Implemented - untested}
-}
-
-\numtest{22}{
-\Priority{High}
-\Reason{Fails for user with no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{23}{
-\Priority{High}
-\Reason{Fails for user with ``get'' but not ``add''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{24}{
-\Reason{Fails for user with ``modify'' but not ``add.''}
-\Conditions{RPC}
-\Status{Implemented - untested}
-}
-
-\numtest{25}{
-\Reason{Fails for user with ``delete'' but not ``add.''}
-\Conditions{RPC}
-\Status{Implemented - untested}
-}
-
-\numtest{26}{
-\Priority{High}
-\Reason{Succeeds for user with ``add.''}
-\Status{Implemented}
-}
-
-\numtest{27}{
-\Reason{Succeeds for user with ``get'' and ``add.''}
-\Status{Implemented - untested}
-}
-
-\numtest{28}{
-\Reason{Rejects null policy argument.}
-\Status{Implemented - untested}
-}
-
-\numtest{29}{
-\Reason{Rejects pw_min_life greater than pw_max_life.}
-}
-
-\numtest{30}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{31}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-
-\section{ovsec_kadm_delete_policy}
-
-\numtest{1}{
-\Reason{Fails for null policy name.}
-}
-
-\numtest{2}{
-\Priority{High}
-\Reason{Fails for empty-string policy name.}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Reason{Fails for non-existent policy name.}
-}
-
-\numtest{4}{
-\Reason{Fails for bad policy name.}
-}
-
-\numtest{5}{
-\Priority{High}
-\Reason{Fails if caller connected with CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{6}{
-\Priority{High}
-\Reason{Fails for user with no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Priority{High}
-\Reason{Fails for user with ``add'' but not ``delete''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{Fails for user with ``modify'' but not ``delete''.}
-\Conditions{RPC}
-}
-
-\numtest{9}{
-\Reason{Fails for user with ``get'' but not ``delete.''}
-\Conditions{RPC}
-}
-
-\numtest{10}{
-\Priority{High}
-\Reason{Succeeds for user with only ``delete''.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Reason{Succeeds for user with ``delete'' and ``add''.}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Fails for policy with non-zero reference count.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-
-\section{ovsec_kadm_modify_policy}
-
-\numtest{1}{
-\Reason{Fails for mask with undefined bit set.}
-\Conditions{RPC}
-}
-
-\numtest{2}{
-\Priority{High}
-\Reason{Fails if caller connected with CHANGEPW_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{3}{
-\Reason{Fails for mask with POLICY bit set.}
-}
-
-\numtest{4}{
-\Reason{Fails for mask with REF_COUNT bit set.}
-\Status{Implemented}
-}
-
-\numtest{5}{
-\Reason{Fails for invalid policy name.}
-}
-
-\numtest{6}{
-\Reason{Fails for non-existent policy name.}
-}
-
-\numtest{7}{
-\Reason{Fails for null policy name.}
-}
-
-\numtest{8}{
-\Priority{High}
-\Reason{Fails for empty-string policy name.}
-\Status{Implemented}
-}
-
-\numtest{9}{
-\Priority{High}
-\Reason{Accepts 0 for pw_min_life.}
-\Status{Implemented}
-}
-
-\numtest{10}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_min_life.}
-\Status{Implemented}
-}
-
-\numtest{11}{
-\Priority{High}
-\Reason{Accepts 0 for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_max_life.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Priority{High}
-\Reason{Accepts 0 for pw_min_length.}
-\Status{Implemented}
-}
-
-\numtest{14}{
-\Priority{High}
-\Reason{Accepts non-zero for pw_min_length.}
-\Status{Implemented}
-}
-
-\numtest{15}{
-\Priority{High}
-\Reason{Rejects 0 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{16}{
-\Priority{High}
-\Reason{Accepts 1 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Priority{High}
-\Reason{Accepts 4 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Priority{High}
-\Reason{Rejects 5 for pw_min_classes.}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Priority{High}
-\Reason{Rejects 0 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{20}{
-\Priority{High}
-\Reason{Accepts 1 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{21}{
-\Priority{High}
-\Reason{Accepts 10 for pw_history_num.}
-\Status{Implemented}
-}
-
-\numtest{22}{
-\Priority{High}
-\Reason{Fails for user with no access bits.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{23}{
-\Priority{High}
-\Reason{Fails for user with ``get'' but not ``modify''.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{24}{
-\Reason{Fails for user with ``add'' but not ``modify.''}
-\Conditions{RPC}
-}
-
-\numtest{25}{
-\Reason{Fails for user with ``delete'' but not ``modify.''}
-\Conditions{RPC}
-}
-
-\numtest{26}{
-\Priority{High}
-\Reason{Succeeds for user with ``modify.''}
-\Status{Implemented}
-}
-
-\numtest{27}{
-\Reason{Succeeds for user with ``get'' and ``modify.''}
-}
-
-\numtest{28}{
-\Reason{Rejects null policy argument.}
-}
-
-\numtest{29}{
-\Reason{Rejects change which makes pw_min_life greater than
- pw_max_life.}
-}
-
-\numtest{30}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{31}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-\section{ovsec_kadm_get_policy}
-
-\numtest{1}{
-\Reason{Fails for null policy.}
-}
-
-\numtest{2}{
-\Reason{Fails for invalid policy name.}
-}
-
-\numtest{3}{
-\Priority{High}
-\Reason{Fails for empty-string policy name.}
-\Status{Implemented}
-}
-
-\numtest{4}{
-\Reason{Fails for non-existent policy name.}
-}
-
-\numtest{5}{
-\Reason{Fails for null ent.}
-}
-
-\numtest{6}{
-\Priority{High}
-\Reason{Fails for user with no access bits trying to get other's
- policy, using ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{7}{
-\Priority{High}
-\Reason{Fails for user with ``add'' but not ``get'' trying to get
- other's policy, using ADMIN_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{8}{
-\Reason{Fails for user with ``modify'' but not ``get'' trying to get
- other's policy, using ADMIN_SERVICE.}
-\Conditions{RPC}
-}
-
-\numtest{9}{
-\Reason{Fails for user with ``delete'' but not ``get'' trying to get
- other's policy, using ADMIN_SERVICE.}
-\Conditions{RPC}
-}
-
-\numtest{10}{
-\Reason{Fails for user with ``delete'' but not ``get'' trying to get
- other's policy, using CHANGEPW_SERVICE.}
-\Conditions{RPC}
-}
-
-\numtest{11}{
-\Priority{High}
-\Reason{Succeeds for user with only ``get'', trying to get own policy,
- using ADMIN_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{12}{
-\Priority{High}
-\Reason{Succeeds for user with only ``get'', trying to get own policy,
- using CHANGEPW_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{13}{
-\Reason{Succeeds for user with ``add'' and ``get'', trying to get own
- policy, using ADMIN_SERVICE.}
-}
-
-\numtest{14}{
-\Reason{Succeeds for user with ``add'' and ``get'', trying to get own
- policy, using CHANGEPW_SERVICE.}
-}
-
-\numtest{15}{
-\Reason{Succeeds for user without ``get'', trying to get own policy,
- using ADMIN_SERVICE.}
-}
-
-\numtest{16}{
-\Priority{High}
-\Reason{Succeeds for user without ``get'', trying to get own policy,
- using CHANGEPW_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{17}{
-\Priority{High}
-\Reason{Succeeds for user with ``get'', trying to get other's policy,
- using ADMIN_SERVICE.}
-\Status{Implemented}
-}
-
-\numtest{18}{
-\Priority{High}
-\Reason{Fails for user with ``get'', trying to get other's policy,
- using CHANGEPW_SERVICE.}
-\Conditions{RPC}
-\Status{Implemented}
-}
-
-\numtest{19}{
-\Reason{Succeeds for user with ``modify'' and ``get'', trying to get
- other's policy, using ADMIN_SERVICE.}
-}
-
-\numtest{20}{
-\Reason{Fails for user with ``modify'' and ``get'', trying to get
- other's policy, using CHANGEPW_SERVICE.}
-}
-
-\numtest{21}{
-\Priority{High}
-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
-\Status{Implemented}
-}
-
-\numtest{22}{
-\Priority{Low}
-\Reason{Connects to correct server when multiple handles exist}
-\Conditions{RPC}
-}
-
-
-\section{ovsec_kadm_free_principal_ent}
-
-In addition to the tests listed here, a memory-leak detector such as
-TestCenter, Purify or dbmalloc should be used to verify that the
-memory freed by this function is really freed.
-
-\numtest{1}{
-\Reason{Null princ succeeds.}
-}
-
-\numtest{2}{
-\Reason{Non-null princ succeeds.}
-}
-
-
-\section{ovsec_kadm_free_policy_ent}
-
-In addition to the tests listed here, a memory-leak detector such as
-TestCenter, Purify or dbmalloc should be used to verify that the
-memory freed by this function is really freed.
-
-\numtest{1}{
-\Reason{Null policy succeeds.}
-}
-
-\numtest{2}{
-\Reason{Non-null policy succeeds.}
-}
-
-
-
-\section{ovsec_kadm_get_privs}
-
-\numtest{1}{
-\Reason{Fails for null pointer argument.}
-}
-
-This test should be run with the 16 possible combinations of access
-bits (since there are 4 access bits, there are $2^4 = 16$ possible
-combinations of them):
-
-\numtest{2}{
-\Priority{High}
-\Reason{Returns correct bit mask for access bits of user.}
-\Conditions{RPC}
-}
-
-This test should be run locally:
-
-\numtest{3}{
-\Priority{High}
-\Reason{Returns 0x0f.}
-\Conditions{local}
-}
-
-\end{document}
$(KRB5_INCDIR)/gssapi \
$(KRB5_INCDIR)/gssrpc
-#
-# Macros used by the KADM5 (OV-based) unit test system.
-# XXX check which of these are actually used!
-#
SKIPTESTS = $(BUILDTOP)/skiptests
-TESTDIR = $(BUILDTOP)/kadmin/testing
-STESTDIR = $(top_srcdir)/kadmin/testing
-ENV_SETUP = $(TESTDIR)/scripts/env-setup.sh
-CLNTTCL = $(TESTDIR)/util/kadm5_clnt_tcl
-SRVTCL = $(TESTDIR)/util/kadm5_srv_tcl
+
# Dejagnu variables.
# We have to set the host with --host so that setup_xfail will work.
# If we don't set it, then the host type used is "native", which
RUNPYTEST = PYTHONPATH=$(top_srcdir)/util VALGRIND="$(VALGRIND)" \
$(PYTHON)
-START_SERVERS = $(STESTDIR)/scripts/start_servers $(TEST_SERVER) $(TEST_PATH)
-START_SERVERS_LOCAL = $(STESTDIR)/scripts/start_servers_local
-
-STOP_SERVERS = $(STESTDIR)/scripts/stop_servers $(TEST_SERVER) $(TEST_PATH)
-STOP_SERVERS_LOCAL = $(STESTDIR)/scripts/stop_servers_local
-#
-# End of macros for the KADM5 unit test system.
-#
transform = @program_transform_name@
AC_ARG_ENABLE([athena],
[ --enable-athena build with MIT Project Athena configuration],
ath_compat=compat,)
-# The following are tests for the presence of programs required for
-# kadmin testing.
-AC_CHECK_PROG(have_RUNTEST,runtest,runtest)
-AC_CHECK_PROG(have_PERL,perl,perl)
-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then
- DO_TEST=ok
-fi
-AC_SUBST(DO_TEST)
-
-# The following are substituted into kadmin/testing/scripts/env-setup.sh
-RBUILD=`pwd`
-AC_SUBST(RBUILD)
-case "$srcdir" in
-/*) S_TOP=$srcdir ;;
-*) S_TOP=`pwd`/$srcdir ;;
-esac
-AC_SUBST(S_TOP)
-AC_PATH_PROG(EXPECT,expect)
-# For kadmin/testing/util/Makefile.in
-if test "$TCL_LIBS" != "" ; then
- DO_ALL=tcl
-fi
-AC_SUBST(DO_ALL)
+
KRB5_AC_PRIOCNTL_HACK
-K5_GEN_FILE(kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin)
-# for lib/kadm5
-AC_CHECK_PROG(RUNTEST,runtest,runtest)
+
AC_CHECK_PROG(PERL,perl,perl)
# lib/gssapi
lib/rpc lib/rpc/unit-test
- lib/kadm5 lib/kadm5/clnt lib/kadm5/srv lib/kadm5/unit-test
+ lib/kadm5 lib/kadm5/clnt lib/kadm5/srv
lib/krad
lib/apputils
clients/kdestroy clients/kpasswd clients/ksu clients/kswitch
kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
- kadmin/testing kadmin/testing/scripts kadmin/testing/util
appl
appl/sample appl/sample/sclient appl/sample/sserver
mydir=kadmin
BUILDTOP=$(REL)..
-SUBDIRS = cli dbutil ktutil server testing
+SUBDIRS = cli dbutil ktutil server
all:
+++ /dev/null
-mydir=kadmin$(S)testing
-BUILDTOP=$(REL)..$(S)..
-SUBDIRS = scripts util
-
-all:
-
-clean:
- -$(RM) -r krb5-test-root admin_* init-* *.rcache2 ovsec-*
+++ /dev/null
-# No dependencies here.
+++ /dev/null
-[kdcdefaults]
- kdc_listen = 1750
- kdc_tcp_listen = 1750
-
-[realms]
- __REALM__ = {
- profile = __K5ROOT__/krb5.conf
- database_name = __K5ROOT__/kdb5
- key_stash_file = __K5ROOT__/.k5.__REALM__
- acl_file = __K5ROOT__/ovsec_adm.acl
- dict_file = __K5ROOT__/ovsec_adm.dict
- kadmind_port = 1751
- kpasswd_port = 1752
- master_key_type = des3-hmac-sha1
- supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal
- }
+++ /dev/null
-[libdefaults]
- default_realm = __REALM__
- default_keytab_name = FILE:__K5ROOT__/keytab
- dns_fallback = no
- dns_canonicalize_hostname = fallback
- qualify_shortname = ""
- plugin_base_dir = __PLUGIN_DIR__
- allow_weak_crypto = true
-
-[realms]
- __REALM__ = {
- kdc = __HOSTNAME__:1750
- admin_server = __HOSTNAME__:1751
- database_module = foobar_db2_module_blah
- }
-
-[domain_realm]
- __HOSTNAME__ = __REALM__
-
-[logging]
- admin_server = FILE:__K5ROOT__/syslog
- kdc = FILE:__K5ROOT__/syslog
- default = FILE:__K5ROOT__/syslog
-
-
-# THIS SHOULD BE IN KDC.CONF INSTEAD!
-[dbmodules]
- db_module_dir = __MODDIR__
- foobar_db2_module_blah = {
- db_library = db2
- database_name = __K5ROOT__/kdb5
- }
+++ /dev/null
-Abyssinia
-Discordianism
-foo
+++ /dev/null
-mydir=kadmin$(S)testing$(S)scripts
-BUILDTOP=$(REL)..$(S)..$(S)..
-
-all: env-setup.sh runenv.sh $(GEN_SCRIPTS)
-
-# Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5
-# makefile post-processing is unconditional and would trash the makefile.
-env-setup.sh: env-setup.stamp
-env-setup.stamp: $(srcdir)/env-setup.shin $(BUILDTOP)/config.status \
- Makefile
- (cd $(BUILDTOP) && \
- CONFIG_FILES=$(mydir)/env-setup.sh:$(mydir)/env-setup.shin $(SHELL) \
- config.status)
- chmod +x env-setup.sh
- touch env-setup.stamp
-
-clean:
- -rm -f env-setup.sh env-setup.stamp
+++ /dev/null
-# No dependencies here.
+++ /dev/null
-#!/bin/sh
-#
-# The KADM5 unit tests were developed to work under gmake. As a
-# result, they expect to inherit a number of environment variables.
-# Rather than rewrite the tests, we simply use this script as an
-# execution wrapper that sets all the necessary environment variables
-# before running the program specified on its command line.
-#
-# The variable settings all came from OV's config.mk.
-#
-# Usage: env-setup.sh <command line>
-#
-
-TOP=@RBUILD@/kadmin
-STOP=@S_TOP@/kadmin
-export TOP
-export STOP
-# These two may be needed in case $libdir references them.
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@ ; eval "libdir=$libdir"; export libdir
-
-# The shared library run time setup
-TOPLIBD=@RBUILD@/lib
-PROG_LIBPATH=-L@RBUILD@/lib
-BUILDTOP=@RBUILD@
-# XXX kludge!
-PROG_RPATH=@RBUILD@/lib
-# This converts $(TOPLIBD) to $TOPLIBD
-cat > /tmp/env_setup$$ <<\EOF
-@KRB5_RUN_ENV@
-EOF
-
-foo=`sed -e 's/(//g' -e 's/)//g' -e 's/\\\$\\\$/\$/g' /tmp/env_setup$$`
-eval $foo
-export @KRB5_RUN_VARS@
-
-# This will get put in setup.csh for convenience
-KRB5_RUN_ENV_CSH=`eval echo "$foo" | \
- sed -e 's/\([^=]*\)=\(.*\)/setenv \1 \2/g'`
-export KRB5_RUN_ENV_CSH
-rm /tmp/env_setup$$
-
-TESTDIR=$TOP/testing; export TESTDIR
-STESTDIR=$STOP/testing; export STESTDIR
-if [ "$K5ROOT" = "" ]; then
- K5ROOT="`cd $TESTDIR; pwd`/krb5-test-root"
- export K5ROOT
-fi
-
-# If $VERBOSE_TEST is non-null, enter verbose mode. Set $VERBOSE to
-# true or false so its exit status identifies the mode.
-if test x$VERBOSE_TEST = x; then
- VERBOSE=false
-else
- VERBOSE=true
-fi
-export VERBOSE
-
-REALM=SECURE-TEST.OV.COM; export REALM
-
-if test x$EXPECT = x; then
- EXPECT=@EXPECT@; export EXPECT
-fi
-
-COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP
-INITDB=$STESTDIR/scripts/init_db; export INITDB
-SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP
-TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
-BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
-CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
-SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
-
-HOSTNAME=`hostname | tr '[A-Z]' '[a-z]'`
-export HOSTNAME
-
-KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
-KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
-KRB5_KTNAME=$K5ROOT/ovsec_adm.keytab; export KRB5_KTNAME
-KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME
-KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME
-GSS_MECH_CONFIG=$K5ROOT/mech.conf; export GSS_MECH_CONFIG
-
-# Make sure we don't get confused by translated messages
-# or localized times.
-LC_ALL=C; export LC_ALL
-
-if [ "x$PS_ALL" = "x" ]; then
- if ps auxww >/dev/null 2>&1; then
- PS_ALL="ps auxww"
- PS_PID="ps uwwp"
- elif ps -ef >/dev/null 2>&1; then
- PS_ALL="ps -ef"
- PS_PID="ps -fp"
- else
- PS_ALL="ps auxww"
- PS_PID="ps uwwp"
- echo "WARNING! Cannot auto-detect ps type, assuming BSD."
- fi
-
- export PS_ALL PS_PID
-fi
-
-exec ${1+"$@"}
+++ /dev/null
-#!/bin/sh
-
-if $VERBOSE; then
- REDIRECT=
-else
- REDIRECT='>/dev/null'
-fi
-
-# Requires that $K5ROOT, /etc/krb.conf, and .k5.$REALM be world-writeable.
-
-if [ "$TOP" = "" ]; then
- echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2
- exit 1
-fi
-
-if [ "$STOP" = "" ]; then
- echo "init_db: Environment variable \$STOP must point to top of source tree" 1>&2
- exit 1
-fi
-
-if [ "$libdir" = "" ]; then
- echo "init_db: Environment variable \$libdir must point to library install directory" 1>&2
- exit 1
-fi
-
-IROOT=$TOP/..
-ADMIN=$TOP/dbutil
-BIN=$IROOT/bin
-ETC=$IROOT/etc
-MODDIR=$TOP/../plugins/kdb
-SBIN=$TOP/keytab:$TOP/server
-DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
-
-. ./runenv.sh
-
-if [ ! -d $MODDIR ]; then
- echo "+++" 1>&2
- echo "+++ Error! $MODDIR does not exist!" 1>&2
- echo "+++ The MODDIR variable should point to the directory in which" 1>&2
- echo "+++ database modules have been installed for testing." 1>&2
- echo "+++" 1>&2
- exit 1
-fi
-
-DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
-DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
-DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
-
-PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH
-
-if [ ! -x $SRVTCL ]; then
- echo "+++" 1>&2
- echo "+++ Error! $SRVTCL does not exist!" 1>&2
- echo "+++ It was probably not compiled because TCL was not available. If you" 1>&2
- echo "+++ now have TCL installed, cd into that directory, re-run configure" 1>&2
- echo "+++ with the --with-tcl option, and then re-run make." 1>&2
- echo "+++" 1>&2
-
- exit 1
-fi
-
-rm -rf $K5ROOT/*
-if [ -d $K5ROOT ]; then
- true
-else
- mkdir $K5ROOT
-fi
-
-# touch $K5ROOT/syslog
-# for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do
-# case "$pid" in
-# xxx) ;;
-# *)
-# if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi
-# kill -1 $pid
-# ;;
-# esac
-# done
-
-sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
- -e "s/__HOSTNAME__/$HOSTNAME/g" \
- -e "s#__MODDIR__#$MODDIR#g" \
- < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
-sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
- < $STESTDIR/proto/kdc.conf.proto > $K5ROOT/kdc.conf
-
-eval kdb5_util -r $REALM create -W -P mrroot -s $REDIRECT || exit 1
-
-cp $STESTDIR/proto/ovsec_adm.dict $K5ROOT/ovsec_adm.dict
-
-cat - > /tmp/init_db$$ <<\EOF
-source $env(TCLUTIL)
-set r $env(REALM)
-if {[info exists env(USER)]} {
- set whoami $env(USER)
-} else {
- set whoami [exec whoami]
-}
-
-set cmds {
- {kadm5_init $env(SRVTCL) mrroot null \
- [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle}
-
- {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0 2 90 180" \
- {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM KADM5_PW_MAX_FAILURE KADM5_PW_FAILURE_COUNT_INTERVAL KADM5_PW_LOCKOUT_DURATION}}
- {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0 0 0 0" \
- {KADM5_POLICY KADM5_PW_MIN_LIFE}}
- {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0 0 0 0" \
- {KADM5_POLICY}}
- {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \
- {KADM5_POLICY}}
-
- {kadm5_create_principal $server_handle \
- [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena}
- {kadm5_create_principal $server_handle \
- [simple_principal test1@$r] {KADM5_PRINCIPAL} test1}
- {kadm5_create_principal $server_handle \
- [simple_principal test2@$r] {KADM5_PRINCIPAL} test2}
- {kadm5_create_principal $server_handle \
- [simple_principal test3@$r] {KADM5_PRINCIPAL} test3}
- {kadm5_create_principal $server_handle \
- [simple_principal admin@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \
- admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \
- admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin}
- {kadm5_create_principal $server_handle \
- [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \
- KADM5_POLICY} pol111111}
- {kadm5_create_principal $server_handle \
- [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \
- KADM5_POLICY} pol222222}
- {kadm5_create_principal $server_handle \
- [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \
- KADM5_POLICY} pol333333}
- {kadm5_create_principal $server_handle \
- [princ_w_pol admin/get-pol@$r test-pol-nopw] \
- {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin}
- {kadm5_create_principal $server_handle \
- [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \
- KADM5_POLICY} StupidAdmin}
-
- {kadm5_create_principal $server_handle \
- [simple_principal changepw/kerberos] \
- {KADM5_PRINCIPAL} {XXX THIS IS WRONG}}
-
- {kadm5_create_principal $server_handle \
- [simple_principal $whoami] \
- {KADM5_PRINCIPAL} $whoami}
-
- {kadm5_create_principal $server_handle \
- [simple_principal testkeys@$r] {KADM5_PRINCIPAL} testkeys}
-
- {kadm5_destroy $server_handle}
-}
-
-foreach cmd $cmds {
- if {[catch $cmd output]} {
- puts stderr "Error! Command: $cmd\nError: $output"
- exit 1
- } else {
- puts stdout $output
- }
-}
-EOF
-eval "$SRVTCL < /tmp/init_db$$ $REDIRECT"
-rm /tmp/init_db$$
-
-if [ $? -ne 0 ]; then
- echo "Error in $SRVTCL!" 1>&2
- exit 1
-fi
-
-cat > $K5ROOT/ovsec_adm.acl <<EOF
-admin@$REALM admcilse
-admin/get@$REALM il
-admin/modify@$REALM mc
-admin/delete@$REALM d
-admin/add@$REALM a
-admin/get-pol@$REALM il
-admin/rename@$REALM adil
-admin/mod-add@$REALM amc
-admin/mod-delete@$REALM mcd
-admin/get-add@$REALM ail
-admin/get-delete@$REALM ild
-admin/get-mod@$REALM ilmc
-admin/no-add@$REALM mcdil
-admin/no-delete@$REALM amcil
-changepw/kerberos@$REALM cil
-
-EOF
-
-# Create $K5ROOT/setup.csh to make it easy to run other programs against
-# the test db
-cat > $K5ROOT/setup.csh <<EOF
-setenv KRB5_CONFIG $KRB5_CONFIG
-setenv KRB5_KDC_PROFILE $KRB5_KDC_PROFILE
-setenv KRB5_KTNAME $KRB5_KTNAME
-setenv KRB5_CLIENT_KTNAME $KRB5_CLIENT_KTNAME
-setenv GSS_MECH_CONFIG $GSS_MECH_CONFIG
-$KRB5_RUN_ENV_CSH
-EOF
-
+++ /dev/null
-#!/bin/sh
-#
-# Usage: start_servers [hostname [path]]
-#
-# This script turns a host into a OpenV*Secure primary server for the
-# realm SECURE-TEST.OV.COM. If no arguments are specified,
-# the local host is affected. Otherwise, the host hostname is
-# affected; the path argument is the top of the Secure install tree on
-# that host, and if it is not specified the current canonical value of
-# TOP is used.
-
-DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${START_SERVERS_LOCAL=$STESTDIR/scripts/start_servers_local}
-# This'll be wrong sometimes
-DUMMY=${RSH_CMD=rsh}
-
-local=1
-
-if [ $# -gt 0 ]; then
- if [ $# != 1 -a $# != 2 ]; then
- echo "Usage: $0 [hostname [path]]" 1>&2
- exit 1
- fi
-
- local=0
- hostname=$1
- if [ $# = 1 ]; then
- rempath=`sh -c "cd $TOP && pwd"`
- else
- rempath=$2
- fi
-fi
-
-if [ $local = 0 ]; then
-
- # Fix up the local krb5.conf to point to the remote
- sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \
- -e "s/__HOSTNAME__/$HOSTNAME/g" \
- -e "s#__MODDIR__#$TOP/../plugins/kdb#g"\
- -e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\
- < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf
-
-# Using /usr/ucb/rsh and getting rid of "-k $REALM" until we get
-# around to fixing the fact that Kerberos rsh doesn't strip out "-k
-# REALM" when falling back.
-
- START_SERVERS_LOCAL=`echo $START_SERVERS_LOCAL|sed "s%$TOP%$rempath%"`
- CMD="$RSH_CMD $hostname -n \
- \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \
- $rempath/testing/scripts/env-setup.sh \
- $START_SERVERS_LOCAL $rempath'\""
-
- if $VERBOSE; then
- echo "+++"
- echo "+++ Begin execution of start_servers_local on $hostname"
- echo "+++"
- echo $CMD
- fi
- eval $CMD
- if $VERBOSE; then
- echo "+++"
- echo "+++ End execution of start_servers_local on $hostname"
- echo "+++"
- fi
-else
- $START_SERVERS_LOCAL
-fi
-
+++ /dev/null
-#!/bin/sh
-
-DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${INITDB=$STESTDIR/scripts/init_db}
-DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
-DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
-DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
-
-. ./runenv.sh
-
-if [ -d /usr/tmp ]; then
- usrtmp=/usr/tmp
-else
- usrtmp=/var/tmp
-fi
-
-$STOP_SERVERS_LOCAL -start_servers
-
-if $VERBOSE; then
- REDIRECT=
-else
- REDIRECT='>/dev/null'
-fi
-
-while :; do
- case $1 in
- -keysalt)
- shift
- if [ $# -gt 0 ]; then
- keysalts="$keysalts $1"
- else
- break
- fi
- ;;
- -kdcport)
- shift
- if [ $# -gt 0 ]; then
- kdcport=$1
- else
- break
- fi
- ;;
- *)
- break
- ;;
- esac
- shift
-done
-
-if [ $# -gt 1 ]; then
- echo "Usage: $0 [-kdcport port] [-keysalts tuple] ... [top]" 1>&2
- exit 1
-elif [ $# = 1 ]; then
- TOP=$1
- export TOP
-fi
-
-# create a fresh db
-
-$INITDB "$keysalts" || exit 1
-
-# Post-process the config files based on our arguments
-if [ "$keysalts" != "" ]; then
- sedcmd="s/\([ ]*supported_enctypes =\).*/\1 $keysalts/"
- sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new
- mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf
-fi
-if [ "$kdcport" != "" ] ; then
- sedcmd="s/\(kdc_ports = .*\)[ ]*/\1, $kdcport/"
- sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new
- mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf
-fi
-
-# allow admin to krlogin as root (for cleanup)
-DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM
-
-cat - > /tmp/start_servers_local$$ <<\EOF
-if { [catch {
- source $env(STOP)/testing/tcl/util.t
- set r $env(REALM)
- set q $env(HOSTNAME)
- puts stdout [kadm5_init $env(SRVTCL) mrroot null \
- [config_params {KADM5_CONFIG_REALM} $r] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle]
- puts stdout [kadm5_create_principal $server_handle \
- [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena]
- puts stdout [kadm5_destroy $server_handle]
-} err]} {
- puts stderr "initialization error: $err"
- exit 1
-}
-exit 0
-EOF
-eval "$SRVTCL < /tmp/start_servers_local$$ $REDIRECT"
-x=$?
-rm /tmp/start_servers_local$$
-if test $x != 0 ; then exit 1 ; fi
-
-# run the servers (from the build tree)
-
-adm_start_file=/tmp/adm_server_start.$$
-kdc_start_file=/tmp/kdc_server_start.$$
-
-rm -f $kdc_start_file
-
-if test "x$USER" = x ; then
- USER=$LOGNAME ; export USER
-fi
-
-kdc_args="-R dfl:kdc_rcache.$USER"
-
-(trap "" 2; $TOP/../kdc/krb5kdc $kdc_args; touch $kdc_start_file) \
- < /dev/null > $usrtmp/kdc-log.$USER 2>&1 &
-
-s=1
-max_s=60
-sofar_s=0
-timewait_s=300
-
-ovadm_args=-W
-
-rm -f $adm_start_file
-
-(sleep 1; $TOP/server/kadmind $ovadm_args; \
- touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 &
-
-# wait until they start
-
-while [ $sofar_s -le $max_s ]; do
- if $VERBOSE; then
- echo "Sleeping for $s seconds to allow servers" \
- "to start..."
- fi
-
- sofar_s=`expr $sofar_s + $s`
-
- sleep $s
-
- if [ -f $adm_start_file -a -f $kdc_start_file ]; then
- break
- fi
-done
-
-if [ $sofar_s -gt $max_s ]; then
- echo "Admin server or KDC failed to start after $sofar_s" \
- "seconds." 1>&2
- if [ ! -f $adm_start_file ]; then
- echo " No admin server start file $adm_start_file." 1>&2
- fi
- if [ ! -f $kdc_start_file ]; then
- echo " No KDC start file $adm_start_file." 1>&2
- fi
- exit 1
-fi
-
-rm -f $kdc_start_file $adm_start_file
+++ /dev/null
-#!/bin/sh
-#
-# Usage: stop_servers [hostname [path]]
-#
-# This script turns a host into a OpenV*Secure primary server for the
-# realm SECURE-TEST.OV.COM. If no arguments are specified,
-# the local host is affected. Otherwise, the host hostname is
-# affected; the path argument is the top of the Secure install tree on
-# that host, and if it is not specified the current canonical value of
-# TOP is used.
-
-DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
-# This'll be wrong sometimes
-DUMMY=${RSH_CMD=rsh}
-
-local=1
-
-if [ $# -gt 0 ]; then
- if [ $# != 1 -a $# != 2 ]; then
- echo "Usage: $0 [hostname [path]]" 1>&2
- exit 1
- fi
-
- local=0
- hostname=$1
- if [ $# = 1 ]; then
- rempath=`sh -c "cd $TOP && pwd"`
- else
- rempath=$2
- fi
-fi
-
-if [ $local = 0 ]; then
- if $VERBOSE; then
- echo "+++ Stopping servers on remote host $hostname..."
- fi
-
- STOP_SERVERS_LOCAL=`echo $STOP_SERVERS_LOCAL | sed "s%$TOP%$rempath%"`
- CMD="$RSH_CMD $hostname -n \
- \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \
- $rempath/testing/scripts/env-setup.sh \
- $STOP_SERVERS_LOCAL $rempath'\""
-
- if $VERBOSE; then
- echo "+++"
- echo "+++ Begin execution of stop_servers_local on $hostname"
- echo "+++"
- echo $CMD
- fi
- eval $CMD
- if $VERBOSE; then
- echo "+++"
- echo "+++ End execution of stop_servers_local on $hostname"
- echo "+++"
- fi
-else
- $STOP_SERVERS_LOCAL
-fi
+++ /dev/null
-#!/bin/sh
-
-DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${KRB5RCACHEDIR=$TESTDIR}
-
-while [ $# -gt 0 ] ; do
- case $1 in
- -start_servers)
- start_servers=$1
- ;;
- *)
- TOP=$1
- export TOP
- ;;
- esac
- shift
-done
-
-# kill any running servers.
-
-if $VERBOSE; then echo "Killing servers:"; fi
-
-for pid in xxx \
- `$PS_ALL | grep krb5kdc | grep -v grep | awk '{print $2}'` \
- `$PS_ALL | grep kadmind | grep -v grep | awk '{print $2}'` \
- ; do
- case "$pid" in
- xxx)
- ;;
- *)
- if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi
- kill $pid
- ;;
- esac
-done
-
-# Destroy the kdc replay cache so we don't lose if we try to run the
-# KDC as another unix user.
-if test "x$USER" = x ; then
- USER=$LOGNAME
-fi
-rm -f $KRB5RCACHEDIR/krb5kdc_rcache.$USER
-
-exit 0
+++ /dev/null
-proc simple_principal {name} {
- return "{$name} 0 0 0 0 {$name} 0 0 0 0 null 0"
-}
-
-proc princ_w_pol {name policy} {
- return "{$name} 0 0 0 0 {$name} 0 0 0 0 {$policy} 0"
-}
-
-proc simple_policy {name} {
- return "{$name} 0 0 0 0 0 0 0 0 0"
-}
-
-proc config_params {masks values} {
- if {[llength $masks] != [llength $values]} {
- error "config_params: length of mask and values differ"
- }
-
- set params [list $masks 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 {}]
- for {set i 0} {$i < [llength $masks]} {incr i} {
- set mask [lindex $masks $i]
- set value [lindex $values $i]
- switch -glob -- $mask {
- "KADM5_CONFIG_REALM" {set params [lreplace $params 1 1 $value]}
- "KADM5_CONFIG_KADMIND_PORT" {
- set params [lreplace $params 2 2 $value]}
- "KADM5_CONFIG_ADMIN_SERVER" {
- set params [lreplace $params 3 3 $value]}
- "KADM5_CONFIG_DBNAME" {set params [lreplace $params 4 4 $value]}
- "KADM5_CONFIG_ADBNAME" {set params [lreplace $params 5 5 $value]}
- "KADM5_CONFIG_ADB_LOCKFILE" {
- set params [lreplace $params 6 6 $value]}
- "KADM5_CONFIG_ACL_FILE" {set params [lreplace $params 8 8 $value]}
- "KADM5_CONFIG_DICT_FILE" {
- set params [lreplace $params 9 9 $value]}
- "KADM5_CONFIG_MKEY_FROM_KBD" {
- set params [lreplace $params 10 10 $value]}
- "KADM5_CONFIG_STASH_FILE" {
- set params [lreplace $params 11 11 $value]}
- "KADM5_CONFIG_MKEY_NAME" {
- set params [lreplace $params 12 12 $value]}
- "KADM5_CONFIG_ENCTYPE" {set params [lreplace $params 13 13 $value]}
- "KADM5_CONFIG_MAX_LIFE" {
- set params [lreplace $params 14 14 $value]}
- "KADM5_CONFIG_MAX_RLIFE" {
- set params [lreplace $params 15 15 $value]}
- "KADM5_CONFIG_EXPIRATION" {
- set params [lreplace $params 16 16 $value]}
- "KADM5_CONFIG_FLAGS" {set params [lreplace $params 17 17 $value]}
- "KADM5_CONFIG_ENCTYPES" {
- set params [lreplace $params 18 19 [llength $value] $value]}
- "*" {error "config_params: unknown mask $mask"}
- }
- }
- return $params
-}
-
-
-
+++ /dev/null
-mydir=kadmin$(S)testing$(S)util
-BUILDTOP=$(REL)..$(S)..$(S)..
-LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/
-# Force Tcl headers to use stdarg.h, because krb5 does too, and if
-# Tcl uses varargs.h it'll just mess things up.
-DEFINES= -DHAS_STDARG
-KRB5_PTHREAD_LIB=$(THREAD_LINKOPTS)
-
-PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
-PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
-
-SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
-OBJS = tcl_kadm5.o test.o
-
-CLNTPROG= kadm5_clnt_tcl
-SRVPROG = kadm5_srv_tcl
-
-DO_ALL=@DO_ALL@
-
-all: all-$(DO_ALL)
-
-all-:
- @echo "+++"
- @echo "+++ WARNING: Tcl not available. The kadm5 tests will not be run."
- @echo "+++"
- @echo 'Skipped kadm5 tests: Tcl not found' >> $(SKIPTESTS)
-
-all-tcl: $(CLNTPROG) $(SRVPROG)
-
-$(SRVPROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $(SRVPROG) $(OBJS) $(TCL_MAYBE_RPATH) \
- $(KADMSRV_LIBS) $(KRB5_PTHREAD_LIB) $(KRB5_BASE_LIBS) $(TCL_LIBS)
-
-$(CLNTPROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $(CLNTPROG) $(OBJS) $(TCL_MAYBE_RPATH) \
- $(KRB5_PTHREAD_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS)
-
-bsddb_dump: bsddb_dump.o
- $(CC_LINK) -o bsddb_dump bsddb_dump.o $(KADMSRV_LIBS)
-
-clean:
- $(RM) $(CLNTPROG) $(SRVPROG)
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * $Id$
- */
-
-#include <sys/file.h>
-#include <fcntl.h>
-#include <db.h>
-#include <stdio.h>
-
-main(int argc, char *argv[])
-{
- char *file;
- DB *db;
- DBT dbkey, dbdata;
- int code, i;
-
- HASHINFO info;
-
- info.hash = NULL;
- info.bsize = 256;
- info.ffactor = 8;
- info.nelem = 25000;
- info.lorder = 0;
-
- if (argc != 2) {
- fprintf(stderr, "usage: argv[0] dbfile\n");
- exit(2);
- }
-
- file = argv[1];
-
- if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) {
- perror("Opening db file");
- exit(1);
- }
-
- if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) {
- perror("starting db iteration");
- exit(1);
- }
-
- while (code == 0) {
- for (i=0; i<dbkey.size; i++)
- printf("%02x", (int) ((unsigned char *) dbkey.data)[i]);
- printf("\t");
- for (i=0; i<dbdata.size; i++)
- printf("%02x", (int) ((unsigned char *) dbdata.data)[i]);
- printf("\n");
-
- code = (*db->seq)(db, &dbkey, &dbdata, R_NEXT);
- }
-
- if (code == -1) {
- perror("during db iteration");
- exit(1);
- }
-
- if ((*db->close)(db) == -1) {
- perror("closing db");
- exit(1);
- }
-
- exit(0);
-}
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h tcl_kadm5.c tcl_kadm5.h
-$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- tcl_kadm5.h test.c
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include "autoconf.h"
-#include <stdio.h>
-#include <string.h>
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#define USE_KADM5_API_VERSION 2
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <adb_err.h>
-#include "tcl_kadm5.h"
-
-struct flagval {
- char *name;
- krb5_flags val;
-};
-
-/* XXX This should probably be in the hash table like server_handle */
-static krb5_context context;
-
-static struct flagval krb5_flags_array[] = {
- {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
- {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
- {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
- {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
- {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
- {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
- {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
- {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
- {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
- {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
- {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
- {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
-};
-
-static struct flagval aux_attributes[] = {
- {"KADM5_POLICY", KADM5_POLICY}
-};
-
-static struct flagval principal_mask_flags[] = {
- {"KADM5_PRINCIPAL", KADM5_PRINCIPAL},
- {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME},
- {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION},
- {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE},
- {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES},
- {"KADM5_MAX_LIFE", KADM5_MAX_LIFE},
- {"KADM5_MOD_TIME", KADM5_MOD_TIME},
- {"KADM5_MOD_NAME", KADM5_MOD_NAME},
- {"KADM5_KVNO", KADM5_KVNO},
- {"KADM5_MKVNO", KADM5_MKVNO},
- {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES},
- {"KADM5_POLICY", KADM5_POLICY},
- {"KADM5_POLICY_CLR", KADM5_POLICY_CLR},
- {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE},
- {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS},
- {"KADM5_LAST_FAILED", KADM5_LAST_FAILED},
- {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT},
- {"KADM5_KEY_DATA", KADM5_KEY_DATA},
- {"KADM5_TL_DATA", KADM5_TL_DATA},
- {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK}
-};
-
-static struct flagval policy_mask_flags[] = {
- {"KADM5_POLICY", KADM5_POLICY},
- {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE},
- {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE},
- {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH},
- {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES},
- {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM},
- {"KADM5_REF_COUNT", KADM5_REF_COUNT},
- {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE},
- {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL},
- {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION},
-};
-
-static struct flagval config_mask_flags[] = {
- {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM},
- {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME},
- {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME},
- {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE},
- {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE},
- {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION},
- {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS},
- {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE},
- {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE},
- {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME},
- {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE},
- {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE},
- {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT},
- {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES},
- {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER},
- {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE},
- {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD},
-};
-
-static struct flagval priv_flags[] = {
- {"KADM5_PRIV_GET", KADM5_PRIV_GET},
- {"KADM5_PRIV_ADD", KADM5_PRIV_ADD},
- {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY},
- {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE}
-};
-
-
-static char *arg_error = "wrong # args";
-
-static Tcl_HashTable *struct_table = 0;
-
-static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
-{
- int i = 1, newPtr = 0;
- static char buf[20];
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- sprintf(buf, "kadm5_handle%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, handle);
-
- *name = buf;
-
- return TCL_OK;
-}
-
-static int get_server_handle(Tcl_Interp *interp, const char *name,
- void **handle)
-{
- Tcl_HashEntry *entry;
-
- if(!strcasecmp(name, "null"))
- *handle = 0;
- else {
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
- *handle = (void *) Tcl_GetHashValue(entry);
- }
- return TCL_OK;
-}
-
-static int remove_server_handle(Tcl_Interp *interp, const char *name)
-{
- Tcl_HashEntry *entry;
-
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
-
- Tcl_SetHashValue(entry, NULL);
- return TCL_OK;
-}
-
-#define GET_HANDLE(num_args, ignored) \
- void *server_handle; \
- const char *whoami = argv[0]; \
- argv++, argc--; \
- if (argc != num_args + 1) { \
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \
- return TCL_ERROR; \
- } \
- { \
- int ltcl_ret; \
- if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
- != TCL_OK) { \
- return ltcl_ret; \
- } \
- } \
- argv++, argc--;
-
-static Tcl_HashTable *create_flag_table(struct flagval *flags, int size)
-{
- Tcl_HashTable *table;
- Tcl_HashEntry *entry;
- int i;
-
- if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_InitHashTable(table, TCL_STRING_KEYS);
-
- for (i = 0; i < size; i++) {
- int newPtr;
-
- if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_SetHashValue(entry, &flags[i].val);
- }
-
- return table;
-}
-
-
-static Tcl_DString *unparse_str(char *in_str)
-{
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- if (! in_str) {
- Tcl_DStringAppend(str, "null", -1);
- }
- else {
- Tcl_DStringAppend(str, in_str, -1);
- }
-
- return str;
-}
-
-
-
-static int parse_str(Tcl_Interp *interp, const char *in_str, char **out_str)
-{
- if (! in_str) {
- *out_str = 0;
- }
- else if (! strcasecmp(in_str, "null")) {
- *out_str = 0;
- }
- else {
- *out_str = (char *) in_str;
- }
- return TCL_OK;
-}
-
-
-static void set_ok(Tcl_Interp *interp, char *string)
-{
- Tcl_SetResult(interp, "OK", TCL_STATIC);
- Tcl_AppendElement(interp, "KADM5_OK");
- Tcl_AppendElement(interp, string);
-}
-
-
-
-static Tcl_DString *unparse_err(kadm5_ret_t code)
-{
- char *code_string;
- const char *error_string;
- Tcl_DString *dstring;
-
- switch (code) {
- case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break;
- case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break;
- case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break;
- case KADM5_AUTH_MODIFY:
- code_string = "KADM5_AUTH_MODIFY"; break;
- case KADM5_AUTH_DELETE:
- code_string = "KADM5_AUTH_DELETE"; break;
- case KADM5_AUTH_INSUFFICIENT:
- code_string = "KADM5_AUTH_INSUFFICIENT"; break;
- case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break;
- case KADM5_DUP: code_string = "KADM5_DUP"; break;
- case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break;
- case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break;
- case KADM5_BAD_HIST_KEY:
- code_string = "KADM5_BAD_HIST_KEY"; break;
- case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break;
- case KADM5_INIT: code_string = "KADM5_INIT"; break;
- case KADM5_BAD_PASSWORD:
- code_string = "KADM5_BAD_PASSWORD"; break;
- case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break;
- case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break;
- case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break;
- case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break;
- case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break;
- case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break;
- case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break;
- case KADM5_BAD_PRINCIPAL:
- code_string = "KADM5_BAD_PRINCIPAL"; break;
- case KADM5_BAD_AUX_ATTR:
- code_string = "KADM5_BAD_AUX_ATTR"; break;
- case KADM5_PASS_Q_TOOSHORT:
- code_string = "KADM5_PASS_Q_TOOSHORT"; break;
- case KADM5_PASS_Q_CLASS:
- code_string = "KADM5_PASS_Q_CLASS"; break;
- case KADM5_PASS_Q_DICT:
- code_string = "KADM5_PASS_Q_DICT"; break;
- case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break;
- case KADM5_PASS_TOOSOON:
- code_string = "KADM5_PASS_TOOSOON"; break;
- case KADM5_POLICY_REF:
- code_string = "KADM5_POLICY_REF"; break;
- case KADM5_PROTECT_PRINCIPAL:
- code_string = "KADM5_PROTECT_PRINCIPAL"; break;
- case KADM5_BAD_SERVER_HANDLE:
- code_string = "KADM5_BAD_SERVER_HANDLE"; break;
- case KADM5_BAD_STRUCT_VERSION:
- code_string = "KADM5_BAD_STRUCT_VERSION"; break;
- case KADM5_OLD_STRUCT_VERSION:
- code_string = "KADM5_OLD_STRUCT_VERSION"; break;
- case KADM5_NEW_STRUCT_VERSION:
- code_string = "KADM5_NEW_STRUCT_VERSION"; break;
- case KADM5_BAD_API_VERSION:
- code_string = "KADM5_BAD_API_VERSION"; break;
- case KADM5_OLD_LIB_API_VERSION:
- code_string = "KADM5_OLD_LIB_API_VERSION"; break;
- case KADM5_OLD_SERVER_API_VERSION:
- code_string = "KADM5_OLD_SERVER_API_VERSION"; break;
- case KADM5_NEW_LIB_API_VERSION:
- code_string = "KADM5_NEW_LIB_API_VERSION"; break;
- case KADM5_NEW_SERVER_API_VERSION:
- code_string = "KADM5_NEW_SERVER_API_VERSION"; break;
- case KADM5_SECURE_PRINC_MISSING:
- code_string = "KADM5_SECURE_PRINC_MISSING"; break;
- case KADM5_NO_RENAME_SALT:
- code_string = "KADM5_NO_RENAME_SALT"; break;
- case KADM5_BAD_CLIENT_PARAMS:
- code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
- case KADM5_BAD_SERVER_PARAMS:
- code_string = "KADM5_BAD_SERVER_PARAMS"; break;
- case KADM5_AUTH_LIST:
- code_string = "KADM5_AUTH_LIST"; break;
- case KADM5_AUTH_CHANGEPW:
- code_string = "KADM5_AUTH_CHANGEPW"; break;
- case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break;
- case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break;
- case KADM5_MISSING_CONF_PARAMS:
- code_string = "KADM5_MISSING_CONF_PARAMS"; break;
- case KADM5_BAD_SERVER_NAME:
- code_string = "KADM5_BAD_SERVER_NAME"; break;
- case KADM5_MISSING_KRB5_CONF_PARAMS:
- code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break;
- case KADM5_XDR_FAILURE: code_string = "KADM5_XDR_FAILURE"; break;
- case KADM5_CANT_RESOLVE: code_string = "KADM5_CANT_RESOLVE"; break;
-
-
- case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
- case OSA_ADB_NOENT: code_string = "ENOENT"; break;
- case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
- case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
- case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
- case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
- case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
- case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break;
- case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break;
- case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break;
- case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break;
- case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break;
-
- case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
- case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
- case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
- case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
- case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
- case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
- case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
- case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
- case KRB5_KDB_TRUNCATED_RECORD:
- code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
- case KRB5_KDB_RECURSIVELOCK:
- code_string = "KRB5_KDB_RECURSIVELOCK"; break;
- case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
- case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
- case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
- case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
- case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
- case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
- case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
- case KRB5_KDB_INVALIDKEYSIZE:
- code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
- case KRB5_KDB_CANTREAD_STORED:
- code_string = "KRB5_KDB_CANTREAD_STORED"; break;
- case KRB5_KDB_BADSTORED_MKEY:
- code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
- case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
- case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
-
- case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
- case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
- case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
- case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
- case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
- case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break;
-
- case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break;
- case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break;
-
- case EINVAL: code_string = "EINVAL"; break;
- case ENOENT: code_string = "ENOENT"; break;
-
- default:
- fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
- error_message (code));
- code_string = "UNKNOWN";
- break;
- }
-
- error_string = error_message(code);
-
- if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX Do we really want to exit? Ok if this is */
- /* just a test program, but what about if it gets */
- /* used for other things later? */
- }
-
- Tcl_DStringInit(dstring);
-
- if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
- Tcl_DStringAppendElement(dstring, code_string) &&
- Tcl_DStringAppendElement(dstring, error_string))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- return dstring;
-}
-
-
-
-static void stash_error(Tcl_Interp *interp, krb5_error_code code)
-{
- Tcl_DString *dstring = unparse_err(code);
- Tcl_DStringResult(interp, dstring);
- Tcl_DStringFree(dstring);
- free(dstring);
-}
-
-static Tcl_DString *unparse_key_data(krb5_key_data *key_data, int n_key_data)
-{
- Tcl_DString *str;
- char buf[2048];
- int i, j;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
- for (i = 0; i < n_key_data; i++) {
- krb5_key_data *key = &key_data[i];
-
- Tcl_DStringStartSublist(str);
- sprintf(buf, "%d", key->key_data_type[0]);
- Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", key->key_data_ver > 1 ?
- key->key_data_type[1] : -1);
- Tcl_DStringAppendElement(str, buf);
- if (key->key_data_contents[0]) {
- sprintf(buf, "0x");
- for (j = 0; j < key->key_data_length[0]; j++) {
- sprintf(buf + 2*(j+1), "%02x",
- key->key_data_contents[0][j]);
- }
- } else *buf = '\0';
- Tcl_DStringAppendElement(str, buf);
- Tcl_DStringEndSublist(str);
- }
-
- return str;
-}
-
-static Tcl_DString *unparse_tl_data(krb5_tl_data *tl_data, int n_tl_data)
-{
- Tcl_DString *str;
- char buf[2048];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
- Tcl_DStringStartSublist(str);
- for (; tl_data; tl_data = tl_data->tl_data_next) {
- Tcl_DStringStartSublist(str);
- sprintf(buf, "%d", tl_data->tl_data_type);
- Tcl_DStringAppendElement(str, buf);
- sprintf(buf, "%d", tl_data->tl_data_length);
- Tcl_DStringAppendElement(str, buf);
- Tcl_DStringAppend(str, " ", 1);
- Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents,
- tl_data->tl_data_length);
- Tcl_DStringEndSublist(str);
- }
- Tcl_DStringEndSublist(str);
-
- return str;
-}
-
-static Tcl_DString *unparse_flags(struct flagval *array, int size,
- krb5_int32 flags)
-{
- int i;
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- for (i = 0; i < size; i++) {
- if (flags & array[i].val) {
- Tcl_DStringAppendElement(str, array[i].name);
- }
- }
-
- return str;
-}
-
-
-static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table,
- struct flagval *array, int size, const char *str,
- krb5_flags *flags)
-{
- int tmp, argc, i, retcode = TCL_OK;
- const char **argv;
- Tcl_HashEntry *entry;
-
- if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
- *flags = tmp;
- return TCL_OK;
- }
- Tcl_ResetResult(interp);
-
- if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
- return TCL_ERROR;
- }
-
- if (! table) {
- table = create_flag_table(array, size);
- }
-
- *flags = 0;
-
- for (i = 0; i < argc; i++) {
- if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
- Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
- retcode = TCL_ERROR;
- break;
- }
- *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
- }
-
- Tcl_Free((char *) argv);
- return(retcode);
-}
-
-static Tcl_DString *unparse_privs(krb5_flags flags)
-{
- return unparse_flags(priv_flags, sizeof(priv_flags) /
- sizeof(struct flagval), flags);
-}
-
-
-static Tcl_DString *unparse_krb5_flags(krb5_flags flags)
-{
- return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
- sizeof(struct flagval), flags);
-}
-
-static int parse_krb5_flags(Tcl_Interp *interp, const char *str,
- krb5_flags *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
- sizeof(krb5_flags_array) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static Tcl_DString *unparse_aux_attributes(krb5_int32 flags)
-{
- return unparse_flags(aux_attributes, sizeof(aux_attributes) /
- sizeof(struct flagval), flags);
-}
-
-
-static int parse_aux_attributes(Tcl_Interp *interp, const char *str,
- long *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, aux_attributes,
- sizeof(aux_attributes) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static int parse_principal_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
- sizeof(principal_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static int parse_policy_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
- sizeof(policy_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-
-static Tcl_DString *unparse_principal_ent(kadm5_principal_ent_t princ,
- krb5_int32 mask)
-{
- Tcl_DString *str, *tmp_dstring;
- char *tmp;
- char buf[20];
- krb5_error_code krb5_ret;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp = 0; /* It looks to me from looking at the library source */
- /* code for krb5_parse_name that the pointer passed into */
- /* it should be initialized to 0 if I want it do be */
- /* allocated automatically. */
- if (mask & KADM5_PRINCIPAL) {
- krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
- if (krb5_ret) {
- /* XXX Do we want to return an error? Not sure. */
- Tcl_DStringAppendElement(str, "[unparsable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
- } else
- Tcl_DStringAppendElement(str, "null");
-
- sprintf(buf, "%u", (unsigned int)princ->princ_expire_time);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%u", (unsigned int)princ->last_pwd_change);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%u", (unsigned int)princ->pw_expiration);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->max_life);
- Tcl_DStringAppendElement(str, buf);
-
- tmp = 0;
- if (mask & KADM5_MOD_NAME) {
- if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) {
- /* XXX */
- Tcl_DStringAppendElement(str, "[unparsable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
- } else
- Tcl_DStringAppendElement(str, "null");
-
- sprintf(buf, "%u", (unsigned int)princ->mod_date);
- Tcl_DStringAppendElement(str, buf);
-
- if (mask & KADM5_ATTRIBUTES) {
- tmp_dstring = unparse_krb5_flags(princ->attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
- } else
- Tcl_DStringAppendElement(str, "null");
-
- sprintf(buf, "%d", princ->kvno);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->mkvno);
- Tcl_DStringAppendElement(str, buf);
-
- /* XXX This may be dangerous, because the contents of the policy */
- /* field are undefined if the POLICY bit isn't set. However, I */
- /* think it's a bug for the field not to be null in that case */
- /* anyway, so we should assume that it will be null so that we'll */
- /* catch it if it isn't. */
-
- tmp_dstring = unparse_str(princ->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%d", princ->max_renewable_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%u", (unsigned int)princ->last_success);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%u", (unsigned int)princ->last_failed);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->fail_auth_count);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->n_key_data);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->n_tl_data);
- Tcl_DStringAppendElement(str, buf);
-
- tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- return str;
-}
-
-static int parse_keysalts(Tcl_Interp *interp, const char *list,
- krb5_key_salt_tuple **keysalts,
- int num_keysalts)
-{
- const char **argv, **argv1 = NULL;
- int i, tmp, argc, argc1, retcode;
-
- *keysalts = NULL;
- if (list == NULL)
- return TCL_OK;
-
- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return retcode;
- }
- if (argc != num_keysalts) {
- Tcl_SetResult(interp, "wrong number of keysalts", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
- *keysalts = (krb5_key_salt_tuple *)
- malloc(sizeof(krb5_key_salt_tuple)*num_keysalts);
- for (i = 0; i < num_keysalts; i++) {
- if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
- TCL_OK) {
- goto finished;
- }
- if (argc1 != 2) {
- Tcl_SetResult(interp, "wrong # of fields in keysalt", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
- /* XXX this used to be argv1[1] too! */
- if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing ks_enctype");
- retcode = TCL_ERROR;
- goto finished;
- }
- (*keysalts)[i].ks_enctype = tmp;
- if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing ks_salttype");
- goto finished;
- }
- (*keysalts)[i].ks_salttype = tmp;
-
- Tcl_Free((char *) argv1);
- argv1 = NULL;
- }
-
-finished:
- if (argv1) {
- Tcl_Free((char *) argv1);
- }
- Tcl_Free((char *) argv);
- return retcode;
-}
-
-static int parse_key_data(Tcl_Interp *interp, const char *list,
- krb5_key_data **key_data,
- int n_key_data)
-{
- const char **argv = NULL;
- int argc, retcode;
-
- *key_data = NULL;
- if (list == NULL) {
- if (n_key_data != 0) {
- Tcl_SetResult(interp, "wrong number of key_datas", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- } else
- return TCL_OK;
- }
-
- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return retcode;
- }
- if (argc != n_key_data) {
- Tcl_SetResult(interp, "wrong number of key_datas", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (argc != 0) {
- Tcl_SetResult(interp, "cannot parse key_data yet", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
-finished:
- Tcl_Free((char *) argv);
- return retcode;
-}
-
-static int parse_tl_data(Tcl_Interp *interp, const char *list,
- krb5_tl_data **tlp,
- int n_tl_data)
-{
- krb5_tl_data *tl, *tl2;
- const char **argv = NULL, **argv1 = NULL;
- int i, tmp, argc, argc1, retcode;
-
- *tlp = NULL;
- if (list == NULL) {
- if (n_tl_data != 0) {
- Tcl_SetResult(interp, "wrong number of tl_datas", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- } else
- return TCL_OK;
- }
-
- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return retcode;
- }
- if (argc != n_tl_data) {
- Tcl_SetResult(interp, "wrong number of tl_datas", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- tl = tl2 = NULL;
- for (i = 0; i < n_tl_data; i++) {
- tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data));
- memset(tl2, 0, sizeof(krb5_tl_data));
- tl2->tl_data_next = tl;
- tl = tl2;
- }
- tl2 = tl;
-
- for (i = 0; i < n_tl_data; i++) {
- if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) !=
- TCL_OK) {
- goto finished;
- }
- if (argc1 != 3) {
- Tcl_SetResult(interp, "wrong # of fields in tl_data", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing tl_data_type");
- retcode = TCL_ERROR;
- goto finished;
- }
- tl->tl_data_type = tmp;
- if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing tl_data_length");
- retcode = TCL_ERROR;
- goto finished;
- }
- tl->tl_data_length = tmp;
- if (tl->tl_data_length != strlen(argv1[2])) {
- Tcl_SetResult(interp, "length != string length", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
- tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]);
-
- Tcl_Free((char *) argv1);
- argv1 = NULL;
- tl = tl->tl_data_next;
- }
- if (tl != NULL) {
- Tcl_SetResult(interp, "tl is not NULL!", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
- *tlp = tl2;
-
-finished:
- if (argv1) {
- Tcl_Free((char *) argv1);
- }
- Tcl_Free((char *) argv);
- return retcode;
-}
-
-static int parse_config_params(Tcl_Interp *interp, char *list,
- kadm5_config_params *params)
-{
- static Tcl_HashTable *table = 0;
- const char **argv = NULL;
- int tmp, argc, retcode;
-
- memset(params, 0, sizeof(kadm5_config_params));
- if (list == NULL)
- return TCL_OK;
-
- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return retcode;
- }
-
- if (argc != 20) {
- Tcl_SetResult(interp, "wrong # args in config params structure",
- TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((retcode = parse_flags(interp, table, config_mask_flags,
- sizeof(config_mask_flags) /
- sizeof(struct flagval),
- argv[0], &tmp)) != TCL_OK) {
- goto finished;
- }
- params->mask = tmp;
-
- if ((retcode = parse_str(interp, argv[1], ¶ms->realm)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing realm name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing kadmind_port");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->kadmind_port = tmp;
- if ((retcode = parse_str(interp, argv[3], ¶ms->admin_server))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing profile name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = parse_str(interp, argv[4], ¶ms->dbname)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing profile name");
- retcode = TCL_ERROR;
- goto finished;
- }
- /* Ignore argv[5], which used to set the admin_dbname field. */
- /* Ignore argv[6], which used to set the admin_lockfile field. */
- /* Ignore argv[7], which used to set the admin_keytab field. */
- if ((retcode = parse_str(interp, argv[8], ¶ms->acl_file)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing acl_file name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = parse_str(interp, argv[9], ¶ms->dict_file)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing dict_file name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = Tcl_GetInt(interp, argv[10], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mkey_from_kbd");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->mkey_from_kbd = tmp;
- if ((retcode = parse_str(interp, argv[11], ¶ms->stash_file)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing stash_file name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = parse_str(interp, argv[12], ¶ms->mkey_name)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mkey_name name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((retcode = Tcl_GetInt(interp, argv[13], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing enctype");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->enctype = tmp;
- if ((retcode = Tcl_GetInt(interp, argv[14], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->max_life = tmp;
- if ((retcode = Tcl_GetInt(interp, argv[15], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_rlife");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->max_rlife = tmp;
- if ((retcode = Tcl_GetInt(interp, argv[16], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing expiration");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->expiration = tmp;
- if ((retcode = parse_krb5_flags(interp, argv[17], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing flags");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->flags = tmp;
- if ((retcode = Tcl_GetInt(interp, argv[18], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing num_keysalts");
- retcode = TCL_ERROR;
- goto finished;
- }
- params->num_keysalts = tmp;
- if ((retcode = parse_keysalts(interp, argv[19], ¶ms->keysalts,
- params->num_keysalts)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing keysalts");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-finished:
- return retcode;
-}
-
-static int parse_principal_ent(Tcl_Interp *interp, char *list,
- kadm5_principal_ent_t *out_princ)
-{
- kadm5_principal_ent_t princ = 0;
- krb5_error_code krb5_ret;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 12 && argc != 20) {
- Tcl_SetResult(interp, "wrong # args in principal structure",
- TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (princ = malloc(sizeof *princ))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- memset(princ, 0, sizeof(*princ));
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing princ_expire_time");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->princ_expire_time = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing last_pwd_change");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->last_pwd_change = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_expiration");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->pw_expiration = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->max_life = tmp;
-
- if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing mod_name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mod_date");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mod_date = tmp;
-
- if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing kvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->kvno = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mkvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mkvno = tmp;
-
- if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- retcode = TCL_ERROR;
- goto finished;
- }
- if(princ->policy != NULL) {
- if(!(princ->policy = strdup(princ->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1);
- }
- }
-
- if ((tcl_ret = parse_aux_attributes(interp, argv[11],
- &princ->aux_attributes)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing aux_attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (argc == 12) goto finished;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_renewable_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->max_renewable_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing last_success");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->last_success = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing last_failed");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->last_failed = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing fail_auth_count");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->fail_auth_count = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing n_key_data");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->n_key_data = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing n_tl_data");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->n_tl_data = tmp;
-
- if ((tcl_ret = parse_key_data(interp, argv[18],
- &princ->key_data,
- princ->n_key_data)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing key_data");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = parse_tl_data(interp, argv[19],
- &princ->tl_data,
- princ->n_tl_data)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing tl_data");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->n_tl_data = tmp;
-
-finished:
- Tcl_Free((char *) argv);
- *out_princ = princ;
- return retcode;
-}
-
-
-static void free_principal_ent(kadm5_principal_ent_t *princ)
-{
- krb5_free_principal(context, (*princ)->principal);
- krb5_free_principal(context, (*princ)->mod_name);
- free((*princ)->policy);
- free(*princ);
- *princ = 0;
-}
-
-static Tcl_DString *unparse_policy_ent(kadm5_policy_ent_t policy)
-{
- Tcl_DString *str, *tmp_dstring;
- char buf[20];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp_dstring = unparse_str(policy->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%ld", policy->pw_min_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_max_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_length);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_classes);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_history_num);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->policy_refcnt);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", policy->pw_max_fail);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", policy->pw_failcnt_interval);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", policy->pw_lockout_duration);
- Tcl_DStringAppendElement(str, buf);
-
- return str;
-}
-
-
-
-static int parse_policy_ent(Tcl_Interp *interp, char *list,
- kadm5_policy_ent_t *out_policy)
-{
- kadm5_policy_ent_t policy = 0;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 7 && argc != 10) {
- Tcl_SetResult(interp, "wrong # args in policy structure", TCL_STATIC);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (policy = malloc(sizeof *policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if(policy->policy != NULL) {
- if (! (policy->policy = strdup(policy->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_max_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_length");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_length = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_classes");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_classes = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_history_num");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_history_num = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy_refcnt");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->policy_refcnt = tmp;
-
- if (argc == 7) goto finished;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_max_fail");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_max_fail = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_failcnt_interval");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_failcnt_interval = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_lockout_duration");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_lockout_duration = tmp;
-
-finished:
- Tcl_Free((char *) argv);
- *out_policy = policy;
- return retcode;
-}
-
-
-static void free_policy_ent(kadm5_policy_ent_t *policy)
-{
- free((*policy)->policy);
- free(*policy);
- *policy = 0;
-}
-
-static Tcl_DString *unparse_keytype(krb5_enctype enctype)
-{
- Tcl_DString *str;
- char buf[50];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- switch (enctype) {
- /* XXX is this right? */
- case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
- default:
- sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
- Tcl_DStringAppend(str, buf, -1);
- break;
- }
-
- return str;
-}
-
-
-static Tcl_DString *unparse_keyblocks(krb5_keyblock *keyblocks, int num_keys)
-{
- Tcl_DString *str;
- Tcl_DString *keytype;
- unsigned int i;
- int j;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- for (j = 0; j < num_keys; j++) {
- krb5_keyblock *keyblock = &keyblocks[j];
-
- Tcl_DStringStartSublist(str);
-
- keytype = unparse_keytype(keyblock->enctype);
- Tcl_DStringAppendElement(str, keytype->string);
- Tcl_DStringFree(keytype);
- free(keytype);
- if (keyblock->length == 0) {
- Tcl_DStringAppendElement(str, "0x00");
- }
- else {
- Tcl_DStringAppendElement(str, "0x");
- for (i = 0; i < keyblock->length; i++) {
- char buf[3];
- sprintf(buf, "%02x", (int) keyblock->contents[i]);
- Tcl_DStringAppend(str, buf, -1);
- }
- }
-
- Tcl_DStringEndSublist(str);
- }
-
-
- return str;
-}
-
-enum init_type { INIT_NONE, INIT_PASS, INIT_CREDS };
-
-static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData,
- Tcl_Interp *interp, int argc, const char *argv[])
-{
- kadm5_ret_t ret;
- char *client_name, *pass, *service_name;
- int tcl_ret;
- krb5_ui_4 struct_version, api_version;
- const char *handle_var;
- void *server_handle;
- char *handle_name, *params_str;
- const char *whoami = argv[0];
- kadm5_config_params params;
-
- argv++, argc--;
-
- kadm5_init_krb5_context(&context);
-
- if (argc != 7) {
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
- return TCL_ERROR;
- }
-
- if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[3], ¶ms_str)) != TCL_OK) ||
- ((tcl_ret = parse_config_params(interp, params_str, ¶ms))
- != TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
- TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
- TCL_OK)) {
- return tcl_ret;
- }
-
- handle_var = argv[6];
-
- if (! (handle_var && *handle_var)) {
- Tcl_SetResult(interp, "must specify server handle variable name",
- TCL_STATIC);
- return TCL_ERROR;
- }
-
- if (init_type == INIT_CREDS) {
- krb5_ccache cc;
-
- if (pass == NULL) {
- if ((ret = krb5_cc_default(context, &cc))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- } else {
- if ((ret = krb5_cc_resolve(context, pass, &cc))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- }
-
- ret = kadm5_init_with_creds(context, client_name, cc, service_name,
- ¶ms, struct_version,
- api_version, NULL, &server_handle);
-
- (void) krb5_cc_close(context, cc);
- } else
- ret = kadm5_init(context, client_name, pass, service_name, ¶ms,
- struct_version, api_version, NULL, &server_handle);
-
- /* The string fields of params are aliases into argv[3], but
- * params.keysalts is allocated, so clean it up. */
- free(params.keysalts);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
- != TCL_OK) {
- return tcl_ret;
- }
-
- if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
- return TCL_ERROR;
- }
-
- set_ok(interp, "KADM5 API initialized.");
- return TCL_OK;
-}
-
-static int tcl_kadm5_init(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv);
-}
-
-static int tcl_kadm5_init_with_creds(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv);
-}
-
-static int tcl_kadm5_destroy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- kadm5_ret_t ret;
- int tcl_ret;
-
- GET_HANDLE(0, 0);
-
- ret = kadm5_destroy(server_handle);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
- return tcl_ret;
- }
-
- set_ok(interp, "KADM5 API deinitialized.");
- return TCL_OK;
-}
-
-static int tcl_kadm5_create_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
- char *princ_string;
- kadm5_principal_ent_t princ = 0;
- krb5_int32 mask;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
-
- GET_HANDLE(3, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#ifdef OVERRIDE
- if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
- TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#endif
-
-#ifdef OVERRIDE
- ret = kadm5_create_principal(server_handle, princ, mask, pw,
- override_qual);
-#else
- ret = kadm5_create_principal(server_handle, princ, mask, pw);
-#endif
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Principal created.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-
-static int tcl_kadm5_delete_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_error_code krb5_ret;
- kadm5_ret_t ret;
- int tcl_ret;
- char *name;
-
- GET_HANDLE(1, 0);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- return TCL_ERROR;
- }
- } else princ = NULL;
- ret = kadm5_delete_principal(server_handle, princ);
-
- if(princ != NULL)
- krb5_free_principal(context, princ);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_kadm5_modify_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *princ_string;
- kadm5_principal_ent_t princ = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- kadm5_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_modify_principal(server_handle, princ, mask);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal modified.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-static int tcl_kadm5_rename_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal source, target;
- krb5_error_code krb5_ret;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing source");
- return TCL_ERROR;
- }
-
- if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing target");
- krb5_free_principal(context, source);
- return TCL_ERROR;
- }
-
- ret = kadm5_rename_principal(server_handle, source, target);
-
- if (ret == KADM5_OK) {
- set_ok(interp, "Principal renamed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
- krb5_free_principal(context, source);
- krb5_free_principal(context, target);
- return retcode;
-}
-
-
-
-static int tcl_kadm5_chpass_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- krb5_error_code krb5_ret;
- int retcode = TCL_OK;
- kadm5_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing password");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_chpass_principal(server_handle,
- princ, pw, override_qual);
-#else
- ret = kadm5_chpass_principal(server_handle, princ, pw);
-#endif
-
- if (ret == KADM5_OK) {
- set_ok(interp, "Password changed.");
- goto finished;
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_kadm5_chpass_principal_util(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *new_pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- char *pw_ret, *pw_ret_var;
- char msg_ret[1024], *msg_ret_var;
- krb5_error_code krb5_ret;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(4, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing new password");
- retcode = TCL_ERROR;
- goto finished;
- }
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-#endif
- if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing msg_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_chpass_principal_util(server_handle, princ, new_pw,
-#ifdef OVERRIDE
- override_qual,
-#endif
- pw_ret_var ? &pw_ret : 0,
- msg_ret_var ? msg_ret : 0,
- msg_ret_var ? sizeof(msg_ret) : 0);
-
- if (ret == KADM5_OK) {
- if (pw_ret_var &&
- (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp, "while setting pw_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- if (msg_ret_var &&
- (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp,
- "while setting msg_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Password changed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_kadm5_randkey_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_keyblock *keyblocks;
- int num_keys;
- char *keyblock_var, *num_var, buf[50];
- Tcl_DString *keyblock_dstring = 0;
- krb5_error_code krb5_ret;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(3, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing keyblock variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if (parse_str(interp, argv[2], &num_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing keyblock variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_randkey_principal(server_handle,
- princ, keyblock_var ? &keyblocks : 0,
- &num_keys);
-
- if (ret == KADM5_OK) {
- if (keyblock_var) {
- keyblock_dstring = unparse_keyblocks(keyblocks, num_keys);
- if (! Tcl_SetVar(interp, keyblock_var,
- keyblock_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting keyblock variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- }
- if (num_var) {
- sprintf(buf, "%d", num_keys);
- if (! Tcl_SetVar(interp, num_var, buf,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting num_keys variable");
- }
- }
- set_ok(interp, "Key randomized.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- if (keyblock_dstring) {
- Tcl_DStringFree(keyblock_dstring);
- free(keyblock_dstring);
- }
- return retcode;
-}
-
-
-
-static int tcl_kadm5_get_principal(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- kadm5_principal_ent_rec ent;
- Tcl_DString *ent_dstring = 0;
- char *ent_var;
- char *name;
- krb5_error_code krb5_ret;
- int tcl_ret;
- kadm5_ret_t ret = -1;
- krb5_int32 mask;
- int retcode = TCL_OK;
-
- GET_HANDLE(3, 1);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
- } else princ = NULL;
-
- if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
- if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal mask");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0,
- mask);
-
- if (ret == KADM5_OK) {
- if (ent_var) {
- ent_dstring = unparse_principal_ent(&ent, mask);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Principal retrieved.");
- }
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if(princ != NULL)
- krb5_free_principal(context, princ);
- if (ret == KADM5_OK && ent_var &&
- (ret = kadm5_free_principal_ent(server_handle, &ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- return retcode;
-}
-
-static int tcl_kadm5_create_policy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
- char *policy_string;
- kadm5_policy_ent_t policy = 0;
- krb5_int32 mask;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- ret = kadm5_create_policy(server_handle, policy, mask);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Policy created.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-
-static int tcl_kadm5_delete_policy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- kadm5_ret_t ret;
- char *policy;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- ret = kadm5_delete_policy(server_handle, policy);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_kadm5_modify_policy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *policy_string;
- kadm5_policy_ent_t policy = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- kadm5_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = kadm5_modify_policy(server_handle, policy, mask);
-
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy modified.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-static int tcl_kadm5_get_policy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- kadm5_policy_ent_rec ent;
- Tcl_DString *ent_dstring = 0;
- char *policy;
- char *ent_var;
- kadm5_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 1);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- return TCL_ERROR;
- }
-
- ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0);
-
- if (ret == KADM5_OK) {
- if (ent_var) {
- ent_dstring = unparse_policy_ent(&ent);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Policy retrieved.");
- }
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if (ent_var && ret == KADM5_OK &&
- (ret = kadm5_free_policy_ent(server_handle, &ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- return retcode;
-}
-
-
-
-static int tcl_kadm5_free_principal_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- kadm5_principal_ent_t ent;
- kadm5_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = kadm5_free_principal_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "principal handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry);
-
- ret = kadm5_free_principal_ent(server_handle, ent);
- if (ret != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Principal freed.");
- return TCL_OK;
-}
-
-
-static int tcl_kadm5_free_policy_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- kadm5_policy_ent_t ent;
- kadm5_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = kadm5_free_policy_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "policy handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry);
-
- if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Policy freed.");
- return TCL_OK;
-}
-
-
-static int tcl_kadm5_get_privs(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- const char *set_ret;
- kadm5_ret_t ret;
- char *priv_var;
- long privs;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing privs variable name");
- return TCL_ERROR;
- }
-
- ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0);
-
- if (ret == KADM5_OK) {
- if (priv_var) {
- Tcl_DString *str = unparse_privs(privs);
- set_ret = Tcl_SetVar(interp, priv_var, str->string,
- TCL_LEAVE_ERR_MSG);
- Tcl_DStringFree(str);
- free(str);
- if (! set_ret) {
- Tcl_AppendElement(interp, "while setting priv variable");
- return TCL_ERROR;
- }
- }
- set_ok(interp, "Privileges retrieved.");
- return TCL_OK;
- }
- else {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-}
-
-
-void Tcl_kadm5_init(Tcl_Interp *interp)
-{
- char buf[20];
-
- Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE",
- KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
- Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE",
- KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
- Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_2);
- Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_3);
- Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_4);
- Tcl_SetVar(interp, "KADM5_API_VERSION_4", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
- Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK);
- Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf,
- TCL_GLOBAL_ONLY);
-
- Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_init_with_creds",
- tcl_kadm5_init_with_creds, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0,
- 0);
- Tcl_CreateCommand(interp, "kadm5_create_principal",
- tcl_kadm5_create_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_delete_principal",
- tcl_kadm5_delete_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_modify_principal",
- tcl_kadm5_modify_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_rename_principal",
- tcl_kadm5_rename_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_chpass_principal",
- tcl_kadm5_chpass_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_chpass_principal_util",
- tcl_kadm5_chpass_principal_util, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_randkey_principal",
- tcl_kadm5_randkey_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_get_principal",
- tcl_kadm5_get_principal, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_create_policy",
- tcl_kadm5_create_policy, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_delete_policy",
- tcl_kadm5_delete_policy, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_modify_policy",
- tcl_kadm5_modify_policy, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_get_policy",
- tcl_kadm5_get_policy, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_free_principal_ent",
- tcl_kadm5_free_principal_ent, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_free_policy_ent",
- tcl_kadm5_free_policy_ent, 0, 0);
- Tcl_CreateCommand(interp, "kadm5_get_privs",
- tcl_kadm5_get_privs, 0, 0);
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-
-void Tcl_kadm5_init(Tcl_Interp *interp);
+++ /dev/null
-Here's a brief summary of the syntax of the tcl versions of the
-kadm5 functions:
-
-string Can be a string or "null" which will turn into a null pointer
-principal_ent A 12-field list in the order of the principal_ent
- structure: {string number number number number string
- number mask number number string mask}
- It can also be "null", like a string, to indicate that
- a null structure pointer should be used.
-mask Either a number, representing the actual value of the
- mask, or a sequence of symbols in a list. Example:
- {PRINCIPAL ATTRIBUTES} is a valid principal mask.
-boolean "1", "0", "true", "false", etc.
-varname The name of a Tcl variable, or "null" to not assign.
-policy_ent Similar to principal_ent, but with seven fields,
- instead of 12. The first is a string, and the rest
- are numbers.
-
-init
- client_name:string pass:string service_name:string
- realm:string struct_version:int api_version:int
- server_handle_ret:varname
-destroy
- server_handle:string
-create_principal
- server_handle:string principal:principal_ent
- mask:principal_mask password:string
-delete_principal
- server_handle:string name:string
-modify_principal
- server_handle:string principal_principal_ent
- mask:principal_mask
-rename_principal
- server_handle:string source:string target:string
-chpass_principal
- server_handle:string name:string password:string
-chpass_principal_util
- server_handle:string name:string password:string
- pw_ret:varname msg_ret:varname
-randkey_principal
- server_handle:string name:string keyblock_var:varname
-get_principal [-struct]
- server_handle:string name:string princ_var:varname
-create_policy
- server_handle:string policy:policy_ent mask:policy_mask
-delete_policy
- server_handle:string name:string
-modify_policy
- server_handle:string policy:policy_ent mask:policy_mask
-get_policy [-struct]
- server_handle:string name:string policy_var:varname
-free_principal_ent
- server_handle:string handle:string
-free_policy_ent
- server_handle:string handle:string
-get_privs
- server_handle:string privs:priv_var
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/*
- * All of the TCL krb5 functions which return (or place into output
- * variables) structures or pointers to structures that can't be
- * represented as tcl native types, do so by returning a handle for
- * the appropriate structure. The handle is a string of the form
- * "type$id", where "type" is the type of datum represented by the
- * handle and "id" is a unique identifier for it. This handle can
- * then be used later by the caller to refer to the object, and
- * internally to retrieve the actually datum from the appropriate hash
- * table.
- *
- * The functions in this file do four things:
- *
- * 1) Given a pointer to a datum and a string representing the type of
- * datum to which the pointer refers, create a new handle for the
- * datum, store the datum in the hash table using the new handle as
- * its key, and return the new handle.
- *
- * 2) Given a handle, locate and return the appropriate hash table
- * datum.
- *
- * 3) Given a handle, look through a table of types and unparse
- * functions to figure out what function to call to get a string
- * representation of the datum, call it with the appropriate pointer
- * (obtained from the hash table) as an argument, and return the
- * resulting string as the unparsed form of the datum.
- *
- * 4) Given a handle, remove that handle and its associated datum from
- * the hash table (but don't free it -- it's assumed to have already
- * been freed by the caller).
- */
-
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#include <assert.h>
-
-#define SEP_STR "$"
-
-static char *memory_error = "out of memory";
-
-/*
- * Right now, we're only using one hash table. However, at some point
- * in the future, we might decide to use a separate hash table for
- * every type. Therefore, I'm putting this function in as an
- * abstraction so it's the only thing we'll have to change if we
- * decide to do that.
- *
- * Also, this function allows us to put in just one place the code for
- * checking to make sure that the hash table exists and initializing
- * it if it doesn't.
- */
-
-static TclHashTable *get_hash_table(Tcl_Interp *interp,
- char *type)
-{
- static Tcl_HashTable *hash_table = 0;
-
- if (! hash_table) {
- if (! (hash_table = malloc(sizeof(*hash_table)))) {
- Tcl_SetResult(interp, memory_error, TCL_STATIC);
- return 0;
- }
- Tcl_InitHashTable(hash_table, TCL_STRING_KEYS);
- }
- return hash_table;
-}
-
-#define MAX_ID 999999999
-#define ID_BUF_SIZE 10
-
-static Tcl_HashEntry *get_new_handle(Tcl_Interp *interp,
- char *type)
-{
- static unsigned long int id_counter = 0;
- Tcl_DString *handle;
- char int_buf[ID_BUF_SIZE];
-
- if (! (handle = malloc(sizeof(*handle)))) {
- Tcl_SetResult(interp, memory_error, TCL_STATIC);
- return 0;
- }
- Tcl_DStringInit(handle);
-
- assert(id_counter <= MAX_ID);
-
- sprintf(int_buf, "%d", id_counter++);
-
- Tcl_DStringAppend(handle, type, -1);
- Tcl_DStringAppend(handle, SEP_STR, -1);
- Tcl_DStringAppend(handle, int_buf, -1);
-
- return handle;
-}
-
-
-Tcl_DString *tcl_krb5_create_object(Tcl_Interp *interp,
- char *type,
- ClientData datum)
-{
- Tcl_HashTable *table;
- Tcl_DString *handle;
- Tcl_HashEntry *entry;
- int entry_created = 0;
-
- if (! (table = get_hash_table(interp, type))) {
- return 0;
- }
-
- if (! (handle = get_new_handle(interp, type))) {
- return 0;
- }
-
- if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) {
- Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC);
- Tcl_DStringFree(handle);
- return TCL_ERROR;
- }
-
- assert(entry_created);
-
- Tcl_SetHashValue(entry, datum);
-
- return handle;
-}
-
-ClientData tcl_krb5_get_object(Tcl_Interp *interp,
- char *handle)
-{
- char *myhandle, *id_ptr;
- Tcl_HashTable *table;
- Tcl_HashEntry *entry;
-
- if (! (myhandle = strdup(handle))) {
- Tcl_SetResult(interp, memory_error, TCL_STATIC);
- return 0;
- }
-
- if (! (id_ptr = index(myhandle, *SEP_STR))) {
- free(myhandle);
- Tcl_ResetResult(interp);
- Tcl_AppendResult(interp, "malformatted handle \"", handle,
- "\"", 0);
- return 0;
- }
-
- *id_ptr = '\0';
-
- if (! (table = get_hash_table(interp, myhandle))) {
- free(myhandle);
- return 0;
- }
-
- free(myhandle);
-
- if (! (entry = Tcl_FindHashEntry(table, handle))) {
- Tcl_ResetResult(interp);
- Tcl_AppendResult(interp, "no object corresponding to handle \"",
- handle, "\"", 0);
- return 0;
- }
-
- return(Tcl_GetHashValue(entry));
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include "autoconf.h"
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#include "tcl_kadm5.h"
-
-#define _TCL_MAIN ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 704)
-
-#if _TCL_MAIN
-int
-main(argc, argv)
- int argc; /* Number of command-line arguments. */
- char **argv; /* Values of command-line arguments. */
-{
- Tcl_Main(argc, argv, Tcl_AppInit);
- return 0; /* Needed only to prevent compiler warning. */
-}
-#else
-/*
- * The following variable is a special hack that allows applications
- * to be linked using the procedure "main" from the Tcl library. The
- * variable generates a reference to "main", which causes main to
- * be brought in from the library (and all of Tcl with it).
- */
-
-extern int main();
-int *tclDummyMainPtr = (int *) main;
-#endif
-
-int Tcl_AppInit(Tcl_Interp *interp)
-{
- Tcl_kadm5_init(interp);
-
- return(TCL_OK);
-}
mydir=lib$(S)kadm5
BUILDTOP=$(REL)..$(S)..
-SUBDIRS = clnt srv unit-test
+SUBDIRS = clnt srv
##DOSBUILDTOP = ..\..
check-windows:
clean-unix:: clean-libobjs
+ $(RM) t_kadm5clnt t_kadm5srv t_kadm5.o
clean-windows::
+++ /dev/null
-mydir=lib$(S)kadm5$(S)unit-test
-BUILDTOP=$(REL)..$(S)..$(S)..
-KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
-
-SRCS= init-test.c destroy-test.c handle-test.c iter-test.c setkey-test.c \
- randkey-test.c lock-test.c
-
-#
-# The client-side test programs.
-#
-
-init-test: init-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o init-test init-test.o \
- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-destroy-test: destroy-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o destroy-test destroy-test.o \
- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-client-handle-test: client-handle-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o client-handle-test client-handle-test.o \
- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-client-handle-test.o: handle-test.c
- $(CC) $(ALL_CFLAGS) -DCLIENT_TEST -o client-handle-test.o -c $(srcdir)/handle-test.c
-
-client-iter-test: iter-test.o $(KADMLCNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o client-iter-test iter-test.o \
- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-client-setkey-test: setkey-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o client-setkey-test setkey-test.o \
- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-#
-# The server-side test programs.
-#
-
-randkey-test: randkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o randkey-test randkey-test.o \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-
-server-handle-test: handle-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o server-handle-test handle-test.o \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-
-lock-test: lock-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o lock-test lock-test.o \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-
-server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o server-iter-test iter-test.o \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-
-server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o server-setkey-test setkey-test.o \
- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-
-runenv.exp: Makefile
- $(RUN_SETUP); for i in $(RUN_VARS); do \
- eval echo "set env\($$i\) \$$$$i"; done > runenv.exp
-
-#
-# The unit-test targets
-#
-
-check: check-@DO_TEST@
-
-check-:
- @echo "+++"
- @echo "+++ WARNING: lib/kadm5 unit tests not run."
- @echo "+++ Either tcl, runtest, or Perl is unavailable."
- @echo "+++"
-
-check-ok unit-test: unit-test-client unit-test-server
-
-unit-test-client: unit-test-client-setup unit-test-client-body \
- unit-test-client-cleanup
-
-unit-test-server: unit-test-server-setup unit-test-server-body \
- unit-test-server-cleanup
-
-test-randkey: randkey-test
- $(ENV_SETUP) $(VALGRIND) ./randkey-test
-
-test-handle-server: server-handle-test
- $(ENV_SETUP) $(VALGRIND) ./server-handle-test
-
-test-handle-client: client-handle-test
- $(ENV_SETUP) $(VALGRIND) ./client-handle-test
-
-test-noauth: init-test
- $(ENV_SETUP) $(VALGRIND) ./init-test
-
-test-destroy: destroy-test
- $(ENV_SETUP) $(VALGRIND) ./destroy-test
-
-test-setkey-client: client-setkey-test
- $(ENV_SETUP) $(VALGRIND) ./client-setkey-test testkeys admin admin
-
-unit-test-client-setup: runenv.sh
- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
-
-unit-test-client-cleanup:
- $(ENV_SETUP) $(STOP_SERVERS)
-
-unit-test-server-setup: runenv.sh
- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS_LOCAL)
-
-unit-test-server-cleanup:
- $(ENV_SETUP) $(STOP_SERVERS_LOCAL)
-
-unit-test-client-body: site.exp test-noauth test-destroy test-handle-client \
- test-setkey-client runenv.exp
- $(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \
- KINIT=$(BUILDTOP)/clients/kinit/kinit \
- KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \
- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \
- $(RUNTESTFLAGS)
- -mv api.log capi.log
- -mv api.sum capi.sum
-
-unit-test-server-body: site.exp test-handle-server lock-test
- $(ENV_SETUP) $(RUNTEST) --tool api RPC=0 API=$(SRVTCL) \
- LOCKTEST=./lock-test \
- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \
- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \
- $(RUNTESTFLAGS)
- -mv api.log sapi.log
- -mv api.sum sapi.sum
-
-clean:
- $(RM) init-test client_init.o init-test.o
- $(RM) destroy-test destroy-test.o
- $(RM) client-handle-test handle-test.o client-handle-test.o
- $(RM) client-iter-test iter-test.o
- $(RM) randkey-test randkey-test.o
- $(RM) server-handle-test handle-test.o
- $(RM) lock-test lock-test.o
- $(RM) server-iter-test iter-test.o
- $(RM) server-setkey-test client-setkey-test setkey-test.o
- $(RM) *.log *.plog *.sum *.psum unit-test-log.* runenv.exp
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-# Description: (1) Fails for mask with undefined bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 1"
-proc test1 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- 0xF01000
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test1
-
-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE.
-test "create-policy 2"
-proc test2 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy";
- return
- }
-}
-if {$RPC} { test2 }
-
-# Description: (3) Fails for mask without POLICY bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 3"
-proc test3 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- 0x000000
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-# Description: (5) Fails for invalid policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 5"
-proc test5 {} {
- global test
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/\a"] \
- {KADM5_POLICY}
- } $test] "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-# Description: (6) Fails for existing policy name.
-test "create-policy 6"
-proc test6 {} {
- global test
-# set prms_id 777
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy test-pol] \
- {KADM5_POLICY}
- } "DUP"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test6
-
-# Description: (7) Fails for null policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 7"
-proc test7 {} {
- global test
-# set prms_id 1977
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy null] \
- {KADM5_POLICY}
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test7
-
-# Description: (8) Fails for empty-string policy name.
-test "create-policy 8"
-proc test8 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy ""] \
- {KADM5_POLICY}
- } "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-# Description: (9) Accepts 0 for pw_min_life.
-test "create-policy 9"
-proc test9 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail "$test: create failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-# Description: (10) Accepts non-zero for pw_min_life.
-test "create-policy 10"
-proc test10 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-# Description: (11) Accepts 0 for pw_max_life.
-test "create-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-# Description: (12) Accepts non-zero for pw_max_life.
-test "create-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-# Description: (13) Rejects 0 for pw_min_length.
-test "create-policy 13"
-proc test13 {} {
- global test
- global prompt
-
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-# Description: (14) Accepts non-zero for pw_min_length.
-test "create-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-# Description: (15) Rejects 0 for pw_min_classes.
-test "create-policy 15"
-proc test15 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-# Description: (16) Accepts 1 for pw_min_classes.
-test "create-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-# Description: (17) Accepts 4 for pw_min_classes.
-test "create-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-# Description: (18) Rejects 5 for pw_min_classes.
-test "create-policy 18"
-proc test18 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-# Description: (19) Rejects 0 for pw_history_num.
-test "create-policy 19"
-proc test19 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-# Description: (20) Accepts 1 for pw_history_num.
-test "create-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-# Description: (21) Accepts 10 for pw_history_num.
-test "create-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-# Description: (22) Fails for user with no access bits.
-test "create-policy 22"
-proc test22 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-# Description: (23) Fails for user with "get" but not "add".
-test "create-policy 23"
-proc test23 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-# Description: (24) Fails for user with "modify" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 24"
-proc test24 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test24
-
-# Description: (25) Fails for user with "delete" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 25"
-proc test25 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test25
-
-# Description: Succeeds for user with "add".
-test "create-policy 26"
-proc test26 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-# Description: Succeeds for user with "get" and "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 27"
-proc test27 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test27
-
-# Description: (28) Rejects null policy argument.
-# 01/24/94: pshuang: untried.
-test "create-policy 28"
-proc test28 {} {
- global test
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle null {KADM5_POLICY}
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "create-policy 30"
-proc test30 {} {
- global test
- one_line_fail_test [format {
- kadm5_create_policy null [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-policy 3"
-proc test3 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-test "get-policy 6"
-proc test6 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test6
-
-test "get-policy 7"
-proc test7 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test7
-
-test "get-policy 11"
-proc test11 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "get-policy 12"
-proc test12 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get-pol StupidAdmin \
- $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_2 server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "get-policy 15"
-proc test15 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "get-policy 16"
-proc test16 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "get-policy 17"
-proc test17 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "get-policy 18"
-proc test18 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test18
-
-test "get-policy 21"
-proc test21 {} {
- global test
-
- one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE"
-}
-test21
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "modify-policy 2"
-proc test2 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2 }
-
-test "modify-policy 8"
-proc test8 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_modify_policy $server_handle [simple_policy ""] \
- {KADM5_PW_MAX_LIFE}
- } "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-test "modify-policy 9"
-proc test9 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "modify-policy 10"
-proc test10 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0} \
- {KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-
-test "modify-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "modify-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0} \
- {KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "modify-policy 13"
-proc test13 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "modify-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0} \
- {KADM5_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "modify-policy 15"
-proc test15 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "modify-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "modify-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "modify-policy 18"
-proc test18 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-test "modify-policy 19"
-proc test19 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-test "modify-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
- {KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-test "modify-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
- {KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-test "modify-policy 22"
-proc test22 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-test "modify-policy 23"
-proc test23 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-test "modify-policy 26"
-proc test26 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-test "modify-policy 30"
-proc test30 {} {
- global test
-
- one_line_fail_test [format {
- kadm5_modify_policy null [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "chpass-principal 200"
-proc test200 {} {
- global test prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- # I'd like to specify a long list of keysalt tuples and make sure
- # that chpass does the right thing, but we can only use those
- # enctypes that krbtgt has a key for: the AES enctypes, according to
- # the prototype kdc.conf.
- if {! [cmd [format {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_chpass_principal $server_handle "%s/a" newpassword
- } $test]]} {
- perror "$test: unexpected failure in chpass_principal"
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" p \
- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
- } $test]]} {
- perror "$test: unexpected failure in get_principal"
- }
- send "lindex \$p 16\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_keys"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_keys"
- return
- }
- }
-
- # XXX Perhaps I should actually check the key type returned.
- if {$num_keys == 5} {
- pass "$test"
- } else {
- fail "$test: $num_keys keys, should be 5"
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test200
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "chpass-principal 180"
-proc test180 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_chpass_principal $server_handle "%s/a" FoobarBax
- } $test]
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test180 }
-
-test "chpass-principal 180.5"
-proc test1805 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_chpass_principal $server_handle "%s/a" FoobarBax
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test1805 }
-
-#
-# admin with changepw service tickets try to change other principals
-# password, fails with AUTH error
-test "chpass-principal 180.625"
-proc test180625 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_chpass_principal $server_handle "%s/a" password
- } $test] "AUTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test180625 }
-
-test "chpass-principal 180.75"
-proc test18075 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_chpass_principal $server_handle "%s/a" Foobar
- } $test] "AUTH_CHANGEPW"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test18075 }
-
-test "chpass-principal 182"
-proc test182 {} {
- global test
-
- if { ! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_chpass_principal $server_handle kadmin/history password
- } "PROTECT"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test182
-
-test "chpass-principal 183"
-proc test183 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if { ! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_chpass_principal null "%s/a" password
- } $test] "BAD_SERVER_HANDLE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test183
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-# Description: (1) Fails for mask with undefined bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 1"
-proc test1 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- 0xF01000
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test1
-
-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE.
-test "create-policy 2"
-proc test2 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy";
- return
- }
-}
-if {$RPC} { test2 }
-
-# Description: (3) Fails for mask without POLICY bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 3"
-proc test3 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- 0x000000
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-# Description: (5) Fails for invalid policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 5"
-proc test5 {} {
- global test
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/\a"] \
- {KADM5_POLICY}
- } $test] "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-# Description: (6) Fails for existing policy name.
-test "create-policy 6"
-proc test6 {} {
- global test
-# set prms_id 777
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy test-pol] \
- {KADM5_POLICY}
- } "DUP"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test6
-
-# Description: (7) Fails for null policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 7"
-proc test7 {} {
- global test
-# set prms_id 1977
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy null] \
- {KADM5_POLICY}
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test7
-
-# Description: (8) Fails for empty-string policy name.
-test "create-policy 8"
-proc test8 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle [simple_policy ""] \
- {KADM5_POLICY}
- } "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-# Description: (9) Accepts 0 for pw_min_life.
-test "create-policy 9"
-proc test9 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail "$test: create failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-# Description: (10) Accepts non-zero for pw_min_life.
-test "create-policy 10"
-proc test10 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-# Description: (11) Accepts 0 for pw_max_life.
-test "create-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-# Description: (12) Accepts non-zero for pw_max_life.
-test "create-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-# Description: (13) Rejects 0 for pw_min_length.
-test "create-policy 13"
-proc test13 {} {
- global test
- global prompt
-
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-# Description: (14) Accepts non-zero for pw_min_length.
-test "create-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-# Description: (15) Rejects 0 for pw_min_classes.
-test "create-policy 15"
-proc test15 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-# Description: (16) Accepts 1 for pw_min_classes.
-test "create-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-# Description: (17) Accepts 4 for pw_min_classes.
-test "create-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-# Description: (18) Rejects 5 for pw_min_classes.
-test "create-policy 18"
-proc test18 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
- {KADM5_POLICY KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-# Description: (19) Rejects 0 for pw_history_num.
-test "create-policy 19"
-proc test19 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-# Description: (20) Accepts 1 for pw_history_num.
-test "create-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-# Description: (21) Accepts 10 for pw_history_num.
-test "create-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
- {KADM5_POLICY KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-# Description: (22) Fails for user with no access bits.
-test "create-policy 22"
-proc test22 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-# Description: (23) Fails for user with "get" but not "add".
-test "create-policy 23"
-proc test23 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-# Description: (24) Fails for user with "modify" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 24"
-proc test24 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test24
-
-# Description: (25) Fails for user with "delete" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 25"
-proc test25 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test25
-
-# Description: Succeeds for user with "add".
-test "create-policy 26"
-proc test26 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-# Description: Succeeds for user with "get" and "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 27"
-proc test27 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test27
-
-# Description: (28) Rejects null policy argument.
-# 01/24/94: pshuang: untried.
-test "create-policy 28"
-proc test28 {} {
- global test
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_policy $server_handle null {KADM5_POLICY}
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "create-policy 30"
-proc test30 {} {
- global test
- one_line_fail_test [format {
- kadm5_create_policy null [simple_policy "%s/a"] \
- {KADM5_POLICY}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-#test "create-principal 1"
-#
-#proc test1 {} {
-# global test
-# begin_dump
-# one_line_fail_test [format {
-# kadm5_create_principal $server_handle \
-# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
-# } $test $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test1
-
-# v2 create-principal 3 test, to avoid name conflict
-test "create-principal 1"
-proc test1 {} {
- global test
-# set prms_id 777
-# setup_xfail {*-*-*} $prms_id
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} null
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test1
-
-test "create-principal 2"
-
-proc test2 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_create_principal $server_handle null \
- {KADM5_PRINCIPAL} testpass
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test2
-
-test "create-principal 4"
-proc test4 {} {
- global test
-
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} ""
- } $test] "_Q_TOOSHORT"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test4
-
-test "create-principal 5"
-proc test5 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle \
- [simple_principal "%s/a"] {0x100001} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test5
-
-test "create-principal 6"
-proc test6 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_LAST_PWD_CHANGE} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test6
-
-test "create-principal 7"
-proc test7 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MOD_TIME} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test7
-
-test "create-principal 8"
-proc test8 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MOD_NAME} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test8
-
-test "create-principal 9"
-proc test9 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MKVNO} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test9
-
-test "create-principal 10"
-proc test10 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_AUX_ATTRIBUTES} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test10
-
-test "create-principal 11"
-proc test11 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_POLICY_CLR} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test11
-
-test "create-principal 12"
-proc test12 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-
-}
-if {$RPC} { test12 }
-
-test "create-principal 13"
-proc test13 {} {
- global test
- begin_dump
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test13 }
-
-test "create-principal 14"
-proc test14 {} {
- global test
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test14 }
-
-test "create-principal 15"
-proc test15 {} {
- global test
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test15 }
-
-test "create-principal 16"
-proc test16 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test16 }
-
-test "create-principal 17"
-proc test17 {} {
- global test
-
- begin_dump
- if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "DUP"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test17
-
-test "create-principal 18"
-proc test18 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY} tP
- } $test] "_Q_TOOSHORT"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test18
-
-test "create-principal 19"
-proc test19 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY} testpassword
- } $test] "_Q_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test19
-
-test "create-principal 20"
-proc test20 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY} Abyssinia
- } $test] "_Q_DICT"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test20
-
-test "create-principal 21"
-proc test21 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" non-existant-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test21
-
-test "create-principal 23"
-proc test23 {} {
- global test
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- one_line_succeed_test \
- [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test23
-
-test "create-principal 24"
-proc test24 {} {
- global test
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/rename admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- one_line_succeed_test \
- [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test24 }
-
-
-test "create-principal 28"
-proc test28 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "create-principal 29"
-proc test29 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL KADM5_PRINC_EXPIRE_TIME} \
- inTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 1\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test29
-
-test "create-principal 30"
-proc test30 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "create-principal 31"
-proc test31 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol-nopw] \
- {KADM5_PRINCIPAL KADM5_POLICY \
- KADM5_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "create-principal 32"
-proc test32 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {KADM5_PRINCIPAL KADM5_POLICY \
- KADM5_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
-
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 0 } {
- fail "$test: pw_expire $pw_expire should be 0"
- return
- } else {
- pass "$test"
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test32
-
-test "create-principal 33"
-proc test33 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \
- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test33
-
-test "create-principal 34"
-proc test34 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \
- {KADM5_PRINCIPAL KADM5_POLICY \
- KADM5_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test34
-
-test "create-principal 35"
-proc test35 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \
- {KADM5_PRINCIPAL KADM5_POLICY \
- KADM5_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test35
-
-test "create-principal 36"
-proc test36 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle \
- {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \
- {KADM5_PRINCIPAL KADM5_POLICY \
- KADM5_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy} ]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
-
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 999999999 } {
- fail "$test: pw_expire is wrong"
- return
- } else {
- pass "$test"
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test36
-
-test "create-principal 37"
-proc test37 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test37
-
-test "create-principal 38"
-proc test38 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
- test-pol-nopw] {KADM5_PRINCIPAL KADM5_POLICY} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test38
-
-test "create-principal 39"
-proc test39 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {KADM5_PRINCIPAL KADM5_POLICY} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if { ! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: cannot not retrieve principal"
- return
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } {
- fail "$test: pw_expire is wrong"
- return
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test39
-
-test "create-principal 40"
-proc test40 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- fail "$test: can not retrieve principal"
- return;
- }
- send "lindex \$principal 4\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test40
-
-test "create-principal 43"
-proc test43 {} {
- global test
- one_line_fail_test [format {
- kadm5_create_principal null \
- [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
- } $test $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "destroy 1"
-
-proc test1 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_destroy $server_handle}
- end_dump_compare "no-diffs"
-}
-test1
-
-#test "destroy 2"
-#
-#proc test2 {} {
-# global test
-# begin_dump
-# if {! [cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test \
-# {kadm5_get_principal $server_handle admin principal} \
-# "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test2
-
-#test "destroy 3"
-#proc test3 {} {
-# global test
-#
-# begin_dump
-# if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-# error_and_restart "$test couldn't delete principal \"$test/a\""
-# return
-# }
-# if {! [cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# kadm5_create_principal $server_handle \
-# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a"
-# } $test $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test3
-
-#test "destroy 4"
-#proc test4 {} {
-# global test prompt
-#
-# if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! ([cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }] &&
-# [cmd [format {
-# kadm5_get_principal $server_handle "%s/a" principal
-# } $test]])} {
-# error_and_restart "$test: error getting principal"
-# return;
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# kadm5_modify_principal $server_handle \
-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO}
-# } $test "77"] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test4
-
-#test "destroy 5"
-#
-#proc test5 {} {
-# global test
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! [cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# kadm5_delete_principal $server_handle "%s/a"
-# } $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test5
-
-#test "destroy 6"
-#
-#proc test6 {} {
-# global test
-# begin_dump
-# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test6
-
-
-#test "destroy 7"
-#
-#proc test7 {} {
-# global test
-# begin_dump
-# if {! [cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure in init"
-# return
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test7
-
-test "destroy 8"
-proc test8 {} {
- global test
- begin_dump
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
- end_dump_compare "no-diffs"
-}
-test8
-
-test "destroy 9"
-proc test9 {} {
- global test
- one_line_fail_test {kadm5_destroy null} "BAD_SERVER_HANDLE"
-}
-test9
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "delete-policy 2"
-proc test2 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {kadm5_delete_policy $server_handle ""} "BAD_POL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "delete-policy 5"
-proc test5 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} test5
-
-test "delete-policy 6"
-proc test6 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} test6
-
-test "delete-policy 7"
-proc test7 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test7
-
-test "delete-policy 10"
-proc test10 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_delete_policy $server_handle "%s/a"
- } $test]]} {
- fail "$test"
- return
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if { [policy_exists "$test/a"]} {
- fail "$test"
- return
- }
-}
-test10
-
-test "delete-policy 12"
-proc test12 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \
- "%s/a"] {KADM5_PRINCIPAL KADM5_POLICY} \
- NotinTheDictionary
- } $test $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_delete_policy $server_handle "%s/a"
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "delete-policy 13"
-proc test13 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- one_line_fail_test [format {
- kadm5_delete_policy null "%s/a"
- } $test] "BAD_SERVER_HANDLE"
-}
-test13
-
-return ""
+++ /dev/null
-load_lib lib.t
-
-api_exit
-api_start
-
-#test "delete-principal 1"
-#proc test1 {} {
-# global test
-# one_line_fail_test [format {
-# kadm5_delete_principal $server_handle "%s/a"
-# } $test] "NOT_INIT"
-#}
-#test1
-
-test "delete-principal 2"
-proc test2 {} {
- global test
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {kadm5_delete_principal $server_handle null} "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "delete-principal 5"
-proc test5 {} {
- global test
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "UNK_PRINC"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-test "delete-principal 6"
-proc test6 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" test-pol])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test6 }
-
-
-test "delete-principal 7"
-proc test7 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test7 }
-
-
-test "delete-principal 8"
-proc test8 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test8 }
-
-test "delete-principal 9"
-proc test9 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test9 }
-
-test "delete-principal 10"
-proc test10 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test10 }
-
-test "delete-principal 11"
-proc test11 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_delete_principal $server_handle "%s/a"
- } $test]]} {
- fail "$test: delete failed"
- return;
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if { [principal_exists "$test/a"] } {
- fail "$test"
- return
- }
-}
-test11
-
-test "delete-principal 13"
-proc test13 {} {
- global test
- one_line_fail_test [format {
- kadm5_delete_principal null "%s/a"
- } $test] "BAD_SERVER_HANDLE"
-}
-test13
-
-return ""
-
-
-
-
-
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-policy 3"
-proc test3 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-test "get-policy 6"
-proc test6 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test6
-
-test "get-policy 7"
-proc test7 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test7
-
-test "get-policy 11"
-proc test11 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "get-policy 12"
-proc test12 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get-pol StupidAdmin \
- $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "get-policy 15"
-proc test15 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "get-policy 16"
-proc test16 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "get-policy 17"
-proc test17 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "get-policy 18"
-proc test18 {} {
- global test
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test18
-
-test "get-policy 21"
-proc test21 {} {
- global test
-
- one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE"
-}
-test21
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-principal 100"
-proc test100 {} {
- global test prompt
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd {
- kadm5_get_principal $server_handle testuser p \
- {KADM5_PRINCIPAL_NORMAL_MASK}
- }]} {
- perror "$test: unexpected failure in get_principal"
- }
- send "lindex \$p 16\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_keys"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_keys"
- return
- }
- }
- send "lindex \$p 17\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_tl"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_tl"
- return
- }
- }
- send "lindex \$p 18\n"
- expect {
- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
- -re "\n$prompt" { set key_data {} }
- timeout {
- error_and_restart "$test: timeout getting key_data"
- return
- }
- eof {
- error_and_restart "$test: eof getting key_data"
- return
- }
- }
- send "lindex \$p 19\n"
- expect {
- -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) }
- -re "\n$prompt" { set tl_data {} }
- timeout {
- error_and_restart "$test: timeout getting tl_data"
- return
- }
- eof {
- error_and_restart "$test: eof getting tl_data"
- return
- }
- }
-
- set failed 0
- if {$num_keys != 0} {
- fail "$test: num_keys $num_keys should be 0"
- set failed 1
- }
- if {$num_tl != 0} {
- fail "$test: num_tl $num_tl should be 0"
- set failed 1
- }
- if {$key_data != {}} {
- fail "$test: key_data $key_data should be {}"
- set failed 1
- }
- if {$tl_data != "{}"} {
- fail "$test: tl_data $tl_data should be empty"
- set failed 1
- }
- if {$failed == 0} {
- pass "$test"
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test100
-
-proc test101_102 {rpc} {
- global test prompt
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd {
- kadm5_get_principal $server_handle testuser p \
- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
- }]} {
- perror "$test: unexpected failure in get_principal"
- }
- send "lindex \$p 16\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_keys"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_keys"
- return
- }
- }
- send "lindex \$p 18\n"
- expect {
- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
- -re "\n$prompt" { set key_data {} }
- timeout {
- error_and_restart "$test: timeout getting key_data"
- return
- }
- eof {
- error_and_restart "$test: eof getting key_data"
- return
- }
- }
-
- set failed 0
- if {$num_keys != 5} {
- fail "$test: num_keys $num_keys should be 5"
- set failed 1
- }
- for {set i 0} {$i < $num_keys} {incr i} {
- set key "[lindex [lindex $key_data $i] 2]"
- if {($rpc && [string compare $key ""] != 0) ||
- ((! $rpc) && [string compare $key ""] == 0)} {
- fail "$test: key_data $key is wrong"
- set failed 1
-
- }
- }
- if {$failed == 0} { pass "$test" }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test "get-principal 101"
-if {$RPC} {test101_102 $RPC}
-test "get-principal 102"
-if {! $RPC} {test101_102 $RPC}
-
-test "get-principal 103"
-proc test103 {} {
- global test prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{999 6 foobar}}" \
- {KADM5_TL_DATA}
- } $test $test]]} {
- fail "$test: cannot set TL_DATA"
- return
- }
-
- if {! [cmd [format {
- kadm5_get_principal $server_handle {%s/a} p \
- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA}
- } $test]]} {
- perror "$test: unexpected failure in get_principal"
- }
- send "lindex \$p 17\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_tl"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_tl"
- return
- }
- }
- send "lindex \$p 19\n"
- expect {
- -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) }
- -re "\n$prompt" { set tl_data {} }
- timeout {
- error_and_restart "$test: timeout getting tl_data"
- return
- }
- eof {
- error_and_restart "$test: eof getting tl_data"
- return
- }
- }
-
- if {$num_tl == 0} {
- fail "$test: num_tl $num_tl should not be 0"
- } elseif {$tl_data == "{{999 6 foobar}}"} {
- pass "$test"
- } else {
- fail "$test: tl_data $tl_data should be {{999 6 foobar}}"
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test103
-
-return ""
-
-
-
-
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-principal 1"
-proc test1 {} {
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {kadm5_get_principal $server_handle null p KADM5_PRINCIPAL_NORMAL_MASK} "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test1
-
-test "get-principal 2"
-proc test2 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "UNK_PRINC"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "get-principal 3"
-proc test3 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test3 }
-
-test "get-principal 4"
-proc test4 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test4 }
-
-test "get-principal 5"
-proc test5 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test5 }
-
-test "get-principal 6"
-proc test6 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test6 }
-
-test "get-principal 7"
-proc test7 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test7 }
-
-
-test "get-principal 8"
-proc test8 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK
- } $test] "AUTH_GET"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test8 }
-
-
-test "get-principal 9"
-proc test9 {} {
- global test
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "get-principal 10"
-proc test10 {} {
- global test
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-test "get-principal 11"
-proc test11 {} {
- global test
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "get-principal 12"
-proc test12 {} {
- global test
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "get-principal 13"
-proc test13 {} {
- global test
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "get-principal 14"
-proc test14 {} {
- global test
- if {! [cmd {
- kadm5_init admin/get-mod admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK}
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "get-principal 15"
-proc test15 {} {
- one_line_fail_test \
- {kadm5_get_principal null "admin" p KADM5_PRINCIPAL_NORMAL_MASK} "BAD_SERVER_HANDLE"
-}
-test15
-
-return ""
-
-
-
-
+++ /dev/null
-load_lib lib.t
-
-api_exit
-api_start
-
-proc get_hostname { } {
- global hostname
-
- if {[info exists hostname]} {
- return 1
- }
-
- catch "exec hostname >myname" exec_output
- if ![string match "" $exec_output] {
- send_log "$exec_output\n"
- verbose $exec_output
- send_error "ERROR: can't get hostname\n"
- return 0
- }
- set file [open myname r]
- if { [ gets $file hostname ] == -1 } {
- send_error "ERROR: no output from hostname\n"
- return 0
- }
- close $file
- catch "exec rm -f myname" exec_output
-
- set hostname [string tolower $hostname]
- verbose "hostname: $hostname"
-
- return 1
-}
-
-
-test "init 101"
-proc test101 {} {
- global test
- global hostname
-
- get_hostname
- tcl_cmd "set hostname $hostname"
-
- # XXX Fix to work with a remote TEST_SERVER. For now, make sure
- # it fails in that case.
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "RPC_ERROR"
-}
-if {$RPC} test101
-
-test "init 102"
-proc test102 {} {
- global test
-
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "CANT_RESOLVE"
-}
-if {$RPC} test102
-
-test "init 103"
-proc test103 {} {
- global test
-
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "ENOENT"
-}
-#if {! $RPC} test103
-if {! $RPC} {
- send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n"
- untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)"
-}
-
-
-test "init 106"
-proc test106 {} {
- global test prompt
-
- set prompting 0
- send [string trim {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]
- send "\n"
- expect {
- -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
- -re "\nOK .*$prompt$" { fail "$test: premature success" }
- -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
- timeout { fail "$test: timeout" }
- eof { fail "$test: eof" }
- }
- if {$prompting} {
- one_line_succeed_test mrroot
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} test106
-
-test "init 107"
-proc test107 {} {
- global test
-
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "KDB_CANTREAD_STORED"
-}
-if {! $RPC} test107
-
-test "init 108"
-proc test108 {} {
- global test
-
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "KRB5_KDB_CANTREAD_STORED"
-}
-if {! $RPC} test108
-
-test "init 109-113"
-proc test109 {} {
- global test prompt
-
- delete_principal "$test/a"
-
- # I'd like to specify flags explicitly and check them, as in the
- # following config_params, but tcl gets mighty confused if I do and
- # I have no idea why.
-# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ]
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- fail "$test: cannot init with max_life"
- return
- }
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" p \
- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
- } $test]]} {
- fail "$test: can not get principal"
- return;
- }
- send "puts \$p\n"
- expect {
- -re "$prompt" { }
- timeout {
- error_and_restart "$test: timeout getting prompt"
- return
- }
- eof {
- error_and_restart "$test: eof getting prompt"
- return
- }
- }
- send "lindex \$p 4\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting max_life"
- return
- }
- }
- send "lindex \$p 12\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting max_rlife"
- return
- }
- eof {
- error_and_restart "$test: eof getting max_rlife"
- return
- }
- }
- send "lindex \$p 1\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting expiration"
- return
- }
- eof {
- error_and_restart "$test: eof getting expiration"
- return
- }
- }
- send "lindex \$p 7\n"
- expect {
- -re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting flags"
- return
- }
- eof {
- error_and_restart "$test: eof getting flags"
- return
- }
- }
- # This sorta worries me. Since the test is setting ENCTYPES to
- # nothing, the principal has no keys. That means that nothing is
- # printed for the keys in the correct case; but it feels too
- # likely that nothing will be printed in the case of some problem.
- send "lindex \$p 18\n"
- expect {
- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) }
- -re "\n$prompt" { set key_data {} }
- timeout {
- error_and_restart "$test: timeout getting flags"
- return
- }
- eof {
- error_and_restart "$test: eof getting flags"
- return
- }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if {$max_life == 10} {
- pass "$test"
- } else {
- fail "$test: $max_life is not 10"
- }
- if {$max_rlife == 20} {
- pass "$test"
- } else {
- fail "$test: $max_rlife is not 20"
- }
- if {$expiration == 30} {
- pass "$test"
- } else {
- fail "$test: $expiration is not 30"
- }
- if {$flags == ""} {
- pass "$test"
- } else {
- fail "$test: flags $flags are wrong"
- }
- if {$key_data == {}} {
- pass "$test"
- } else {
- fail "$test: key_data $key_data is wrong"
- }
-}
-if {! $RPC} test109
-
-test "init 116"
-proc test116 {} {
- global test
-
- delete_principal "$test/a"
-
- if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- get_add_handle}]} {
- error_and_restart "$test: couldn't init with admin/get-add"
- }
-
- if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- mod_delete_handle}]} {
- error_and_restart "$test: couldn't init with admin/get-add"
- }
-
- one_line_succeed_test {
- kadm5_get_principal $get_add_handle testuser p \
- KADM5_PRINCIPAL_NORMAL_MASK
- }
- one_line_succeed_test [format {
- kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test]
- one_line_fail_test {
- kadm5_modify_principal $get_add_handle [simple_principal testuser] \
- {KADM5_PRINC_EXPIRE_TIME}
- } "AUTH_MODIFY"
- one_line_fail_test {
- kadm5_delete_principal $get_add_handle testuser
- } "AUTH_DELETE"
-
- one_line_fail_test {
- kadm5_get_principal $mod_delete_handle testuser p \
- KADM5_PRINCIPAL_NORMAL_MASK
- } "AUTH_GET"
- one_line_fail_test [format {
- kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- one_line_succeed_test {
- kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \
- {KADM5_PRINC_EXPIRE_TIME}
- }
- one_line_succeed_test [format {
- kadm5_delete_principal $mod_delete_handle "%s/a"
- } $test]
-
- if {! [cmd {kadm5_destroy $get_add_handle}]} {
- error_and_restart "$test: couldn't close get_add_handle"
- }
- if {! [cmd {kadm5_destroy $mod_delete_handle}]} {
- error_and_restart "$test: couldn't close mod_delete_handle"
- }
-}
-if {$RPC} test116
-
-test "init 117"
-proc test117 {} {
- global test env prompt
-
- if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} {
- warning \
- "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test"
- return
- }
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- fail "$test: unexpected failure in init"
- return
- }
-
- if {! [cmd [format {
- kadm5_create_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL} "%s/a"
- } $test $test]]} {
- perror "$test: unexpected failure creating principal"
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 4\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting max_life"
- return
- }
- }
-
- if {$max_life == 86400} {
- pass "$test"
- } else {
- fail "$test: max_life $max_life should be 86400"
- }
-
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close server_handle"
- }
-}
-test117
-
-send "puts \$KADM5_ADMIN_SERVICE\n"
-expect {
- -re "(\[a-zA-Z/@\]+)\n$prompt" {
- set KADM5_ADMIN_SERVICE $expect_out(1,string)
- }
- default {
- error_and_restart "$test: timeout/eof getting admin_service"
- return
- }
-}
-
-send "puts \$KADM5_CHANGEPW_SERVICE\n"
-expect {
- -re "(\[a-zA-Z/@\]+)\n$prompt" {
- set KADM5_CHANGEPW_SERVICE $expect_out(1,string)
- }
- default {
- error_and_restart "$test: timeout/eof getting changepw_service"
- return
- }
-}
-
-test "init 150"
-proc test150 {} {
- global test KADM5_ADMIN_SERVICE
-
- kdestroy
- kinit testuser notathena "-S $KADM5_ADMIN_SERVICE"
- one_line_succeed_test {
- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- kdestroy
-}
-if {$RPC} test150
-
-test "init 151"
-proc test151 {} {
- global test KADM5_CHANGEPW_SERVICE
-
- kdestroy
- kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE"
- one_line_succeed_test {
- kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- kdestroy
-}
-if {$RPC} test151
-
-test "init 152"
-proc test152 {} {
- global test KADM5_ADMIN_SERVICE
-
- kdestroy
- one_line_fail_test {
- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "KRB5_FCC_NOFILE"
-}
-if {$RPC} test152
-
-test "init 153"
-proc test153 {} {
- global test KADM5_ADMIN_SERVICE
-
- kinit testuser notathena
- one_line_fail_test {
- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "KRB5_CC_NOTFOUND"
-}
-if {$RPC} test153
-
-test "init 154"
-proc test154 {} {
- global test env
-
- set orig $env(KRB5_KDC_PROFILE)
- set env(KRB5_KDC_PROFILE) /does-not-exist
- api_exit; api_start
- set env(KRB5_KDC_PROFILE) $orig
-
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } "ENOENT"
-
- api_exit; lib_start_api
-}
-if {0 && ! $RPC} test154
-
-return ""
+++ /dev/null
-load_lib lib.t
-
-# Assumptions:
-#
-# Principal "admin" exists, with "get", "add", "modify" and "delete"
-# access bits and password "admin".
-# The string "not-the-password" isn't the password of any user in the database.
-# Database master password is "mrroot".
-
-api_exit
-api_start
-test "init 1"
-
-one_line_fail_test_nochk \
- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_REALM} {""}] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
-
-test "init 2"
-
-one_line_fail_test_nochk \
- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_REALM} {@}] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
-
-test "init 2.5"
-
-one_line_fail_test_nochk \
- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_REALM} {BAD.REALM}] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle}
-
-test "init 3"
-
-proc test3 {} {
- global test
- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- one_line_fail_test_nochk [format {
- kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- } $test]
-}
-if {$RPC} { test3 }
-
-test "init 4"
-
-proc test4 {} {
- global test
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- one_line_fail_test_nochk [format {
- kadm5_init admin admin "%s/a" null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test]
-}
-if {$RPC} { test4 }
-
-test "init 5"
-
-if {$RPC} {
- one_line_fail_test_nochk {
- kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- }
-}
-
-test "init 6"
-
-proc test6 {} {
- global test
-
- send "kadm5_init admin null \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n"
-
- expect {
- -re "assword\[^\r\n\]*:" { }
- eof {
- fail "$test: eof instead of password prompt"
- api_exit
- api_start
- return
- }
- timeout {
- fail "$test: timeout instead of password prompt"
- return
- }
- }
- one_line_succeed_test "admin"
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if { $RPC } { test6 }
-
-test "init 8"
-
-proc test8 {} {
- global test
- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- one_line_fail_test_nochk [format {
- kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test]
-}
-if {$RPC} { test8 }
-
-test "init 9"
-
-if {$RPC} {
- global test
- one_line_fail_test_nochk {
- kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
-}
-
-test "init 10"
-
-proc test10 {} {
- global test
-# set prms_id 562
-# setup_xfail {*-*-*} $prms_id
- one_line_fail_test_nochk {
- kadm5_init null admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
-}
-test10
-
-#test "init 11"
-#
-#proc test11 {} {
-# global test
-# set prms_id 563
-# setup_xfail {*-*-*} $prms_id
-# one_line_fail_test_nochk {
-# kadm5_init "" admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }
-#}
-#test11
-
-test "init 12"
-
-proc test12 {} {
- global test
- one_line_fail_test_nochk [format {
- kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test]
-}
-if {$RPC} { test12 }
-
-test "init 13"
-
-proc test13 {} {
- global test
- one_line_fail_test_nochk [format {
- kadm5_init "%s/a@SECURE-TEST.OV.COM" admin \
- $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- } $test]
-}
-if {$RPC} { test13 }
-
-test "init 14"
-
-proc test14 {} {
- global test
- one_line_fail_test_nochk [format {
- kadm5_init "%s/a@BAD.REALM" admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test]
-}
-if {$RPC} { test14 }
-
-test "init 15"
-
-if {$RPC} {
- one_line_fail_test_nochk {
- kadm5_init admin@BAD.REALM admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
-}
-
-test "init 16"
-
-proc test16 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test16
-
-test "init 17"
-
-proc test17 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin@SECURE-TEST.OV.COM admin \
- $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test17
-
-test "init 18"
-
-proc test18 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test18
-
-test "init 19"
-
-proc test19 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin@SECURE-TEST.OV.COM admin \
- $KADM5_ADMIN_SERVICE \
- [config_params {KADM5_CONFIG_REALM} {SECURE-TEST.OV.COM}] \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test19
-
-test "init 20"
-
-proc test20 {} {
- global test
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- error_and_restart "$test: couldn't init database"
- return
- }
- one_line_succeed_test \
- {kadm5_get_principal $server_handle admin principal KADM5_PRINCIPAL_NORMAL_MASK}
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test20
-
-#test "init 21"
-#
-#proc test21 {} {
-# global test
-# if {! [cmd {
-# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }]} {
-# error_and_restart "$test: couldn't init database"
-# return
-# }
-# one_line_fail_test_nochk {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-#}
-#test21
-
-
-# proc test22 {} {
-# global test prompt
-# set prompting 0
-# send [string trim {
-# kadm5_init admin null null null $KADM5_STRUCT_VERSION \
-# $KADM5_API_VERSION_3 server_handle
-# }]
-# send "\n"
-# expect {
-# -re ":$" { set prompting 1}
-# -re "\nOK .*$prompt$" { fail "$test: premature success" }
-# -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
-# timeout { fail "$test: timeout" }
-# eof { fail "$test: eof" }
-# }
-# if {$prompting} {
-# one_line_succeed_test mrroot
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-# }
-# if {! $RPC} { test22 }
-#
-# test "init 22.5"
-# proc test225 {} {
-# global test prompt
-# set prompting 0
-# send [string trim {
-# kadm5_init admin null null null $KADM5_STRUCT_VERSION \
-# $KADM5_API_VERSION_3 server_handle
-# }]
-# send "\n"
-# expect {
-# -re ":$" { set prompting 1}
-# -re "\nOK .*$prompt$" { fail "$test: premature success" }
-# -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
-# timeout { fail "$test: timeout" }
-# eof { fail "$test: eof" }
-# }
-# if {$prompting} {
-# one_line_succeed_test mrroot
-# }
-# if {! [cmd {kadm5_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-# }
-# if {! $RPC} { test225 }
-
-test "init 23"
-
-proc test23 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE \
- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test23 }
-
-test "init 24"
-
-proc test24 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin admin null null $KADM5_STRUCT_VERSION \
- $KADM5_API_VERSION_3 server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test24 }
-
-test "init 25"
-
-proc test25 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin admin foobar null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test25 }
-
-test "init 26"
-
-#proc test26 {} {
-# global test
-#
-# api_exit
-# api_start
-# one_line_fail_test_nochk {
-# kadm5_get_principal $server_handle admin principal
-# }
-#}
-#test26
-
-#test "init 27"
-#
-#proc test27 {} {
-# global test
-#
-# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-# error_and_restart "$test: couldn't delete principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {[cmd [format {
-# kadm5_create_principal $server_handle [simple_principal \
-# "%s/a"] {KADM5_PRINCIPAL} "%s/a"
-# } $test $test]]} {
-# fail "$test: unexpected success in add"
-# return
-# }
-# end_dump_compare "no-diffs"
-#}
-#test27
-
-#test "init 28"
-#
-#proc test28 {} {
-# global test prompt
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! ([cmd {
-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
-# server_handle
-# }] && [cmd [format {
-# kadm5_get_principal $server_handle "%s/a" principal
-# } $test]])} {
-# error_and_restart "$test: error getting principal"
-# return;
-# }
-# send "lindex \$principal 8\n"
-# expect {
-# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
-# timeout {
-# error_and_restart "$test: timeout getting principal kvno"
-# return
-# }
-# eof {
-# error_and_restart "$test: eof getting principal kvno"
-# return
-# }
-# }
-# api_exit
-# api_start
-# set new_kvno [expr "$kvno + 1"]
-# if {[cmd [format {
-# kadm5_modify_principal $server_handle \
-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO}
-# } $test $new_kvno]]} {
-# fail "$test: unexpected success in modify"
-# return;
-# }
-# end_dump_compare "no-diffs"
-#}
-#test28
-
-#test "init 29"
-#
-#proc test29 {} {
-# global test
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {[cmd [format {
-# kadm5_delete_principal $server_handle "%s/a"
-# } $test]]} {
-# fail "$test: unexpected success in delete"
-# return
-# }
-# end_dump_compare "no-diffs"
-#}
-#test29
-
-test "init 30"
-proc test30 {} {
- global test
- if {[cmd {
- kadm5_init admin foobar $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- error_and_restart "$test: unexpected success"
- return
- }
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if ${RPC} { test30 }
-
-test "init 31"
-proc test31 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $bad_struct_version_mask $KADM5_API_VERSION_3 \
- server_handle
- } "BAD_STRUCT_VERSION"
-}
-test31
-
-test "init 32"
-proc test32 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $no_struct_version_mask $KADM5_API_VERSION_3 \
- server_handle
- } "BAD_STRUCT_VERSION"
-}
-test32
-
-test "init 33"
-proc test33 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $old_struct_version $KADM5_API_VERSION_3 \
- server_handle
- } "OLD_STRUCT_VERSION"
-}
-test33
-
-test "init 34"
-proc test34 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $new_struct_version $KADM5_API_VERSION_3 \
- server_handle
- } "NEW_STRUCT_VERSION"
-}
-test34
-
-test "init 35"
-proc test35 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $bad_api_version_mask \
- server_handle
- } "BAD_API_VERSION"
-}
-test35
-
-test "init 36"
-proc test36 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $no_api_version_mask \
- server_handle
- } "BAD_API_VERSION"
-}
-test36
-
-test "init 37"
-proc test37 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $old_api_version \
- server_handle
- } "OLD_LIB_API_VERSION"
-}
-if { $RPC } test37
-
-test "init 38"
-proc test38 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $old_api_version \
- server_handle
- } "OLD_SERVER_API_VERSION"
-}
-if { ! $RPC } test38
-
-test "init 39"
-proc test39 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $new_api_version \
- server_handle
- } "NEW_LIB_API_VERSION"
-}
-if { $RPC } test39
-
-test "init 40"
-proc test40 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $new_api_version \
- server_handle
- } "NEW_SERVER_API_VERSION"
-}
-if { ! $RPC } test40
-
-test "init 41"
-proc test41 {} {
- global test
- one_line_fail_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_API_VERSION_3 $KADM5_STRUCT_VERSION \
- server_handle
- } "BAD_"
-}
-test41
-
-test "init 42"
-proc test42 {} {
- global test
- one_line_succeed_test {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }
- if {! [cmd {kadm5_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test42
-
-
-proc test45_46 {service} {
- global test kadmin_local env
-
- spawn $kadmin_local -q "delprinc -force $service"
- expect {
- -re "Principal .* deleted." {}
- default {
- perror "kadmin.local delprinc failed\n";
- }
- }
- expect eof
- wait
-
- one_line_fail_test [concat {kadm5_init admin admin } \
- $service \
- { null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle}] "SECURE_PRINC_MISSING"
-
- # this leaves the keytab with an incorrect entry
- spawn $kadmin_local -q "ank -randkey $service"
- expect eof
- wait
-
- # restart the api so it gets a new ccache
- api_exit
- api_start
-}
-
-if {$RPC} {
- test "init 45"
-
- test45_46 kadmin/admin
-
- test "init 46"
-
- test45_46 kadmin/changepw
-}
-
-return ""
-
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "modify-policy 2"
-proc test2 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2 }
-
-test "modify-policy 8"
-proc test8 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_modify_policy $server_handle [simple_policy ""] \
- {KADM5_PW_MAX_LIFE}
- } "BAD_POLICY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-test "modify-policy 9"
-proc test9 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "modify-policy 10"
-proc test10 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0 0 0 0} \
- {KADM5_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-
-test "modify-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "modify-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0 0 0 0} \
- {KADM5_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "modify-policy 13"
-proc test13 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "modify-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0 0 0 0} \
- {KADM5_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "modify-policy 15"
-proc test15 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "modify-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "modify-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0 0 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "modify-policy 18"
-proc test18 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0 0 0 0} \
- {KADM5_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-test "modify-policy 19"
-proc test19 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-test "modify-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0 0 0 0} \
- {KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-test "modify-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0 0 0 0} \
- {KADM5_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- kadm5_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-test "modify-policy 22"
-proc test22 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-test "modify-policy 23"
-proc test23 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-test "modify-policy 26"
-proc test26 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-test "modify-policy 30"
-proc test30 {} {
- global test
-
- one_line_fail_test [format {
- kadm5_modify_policy null [simple_policy "%s/a"] \
- {KADM5_PW_MAX_LIFE}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-test "modify-policy 31"
-proc test31 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 0 0 2 0 0} \
- {KADM5_PW_MAX_FAILURE}
- } $test]
- one_line_succeed_test [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 90 0} \
- {KADM5_PW_FAILURE_COUNT_INTERVAL}
- } $test]
- one_line_succeed_test [format {
- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 180} \
- {KADM5_PW_LOCKOUT_DURATION}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "modify-principal 100-105"
-proc test100_104 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- set origtest "$test"
-
- test "modify-principal 100"
- one_line_succeed_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MAX_RLIFE}
- } $origtest]
-
- test "modify-principal 101"
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_LAST_SUCCESS}
- } $origtest] "BAD_MASK"
-
- test "modify-principal 102"
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_LAST_FAILED}
- } $origtest] "BAD_MASK"
-
-# This is now permitted to reset lockout count
-# test "modify-principal 103"
-# one_line_fail_test [format {
-# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
-# {KADM5_FAIL_AUTH_COUNT}
-# } $origtest] "BAD_MASK"
-
- test "modify-principal 103.5"
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_KEY_DATA}
- } $origtest] "BAD_MASK"
-
- test "modify-principal 105"
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle \
- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{1 1 x}}" \
- {KADM5_TL_DATA}
- } $origtest $origtest] "BAD_TL_TYPE"
-
- test "modify-principal 100,104"
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 88 0 0 0 0 1 {} {{990 6 foobar}}" \
- {KADM5_MAX_RLIFE KADM5_TL_DATA}
- } $origtest $origtest]]} {
- fail "$test: cannot set MAX_RLIFE or TL_DATA"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA}
- } $origtest]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 12\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set rlife $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting rlife"
- return
- }
- eof {
- error_and_restart "$test: eof getting rlife"
- return
- }
- }
- send "lindex \$principal 19\n"
- expect {
- -re "\(\{.*\}\)\n$prompt$" {set tl $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting tl_data"
- return
- }
- eof {
- error_and_restart "$test: eof getting tl_data"
- return
- }
- }
- if {($rlife == 88) && ($tl == "{{990 6 foobar}}")} {
- pass "$test"
- } else {
- fail "$test: $rlife should be 88, $tl should be {{990 6 foobar}}"
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test100_104
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-#test "modify-principal 1"
-#proc test1 {} {
-# global test
-# one_line_fail_test [format {
-# kadm5_modify_principal $server_handle [simple_principal \
-# "%s/a"] {KADM5_PW_EXPIRATION}
-# } $test] "NOT_INIT"
-#}
-#test1
-
-test "modify-principal 2"
-proc test2 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2 }
-
-test "modify-principal 4"
-proc test4 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINCIPAL}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
-
-test "modify-principal 5"
-proc test5 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_LAST_PWD_CHANGE}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-test "modify-principal 6"
-proc test6 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MOD_TIME}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test6
-
-test "modify-principal 7"
-proc test7 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MOD_NAME}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test7
-
-test "modify-principal 8"
-proc test8 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MKVNO}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-test "modify-principal 9"
-proc test9 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_AUX_ATTRIBUTES}
- } $test] "BAD_MASK"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "modify-principal 10"
-proc test10 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "UNK_PRINC"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-test "modify-principal 11"
-proc test11 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test11 }
-
-test "modify-principal 12"
-proc test12 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test12 }
-
-test "modify-principal 13"
-proc test13 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test13 }
-
-test "modify-principal 14"
-proc test14 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test14 }
-
-test "modify-principal 15"
-proc test15 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "modify-principal 17"
-proc test17 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- no-policy] {KADM5_POLICY}
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "modify-principal 21.5"
-proc test21.5 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {KADM5_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$old_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$new_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- if {$old_p1_ref != $new_p1_ref} {
- fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)"
- return
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21.5
-
-test "modify-principal 22"
-proc test22 {} {
- global test
- global prompt
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test22
-
-test "modify-principal 23"
-proc test23 {} {
- global test
- global prompt
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" test-pol-nopw])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test23
-
-test "modify-principal 24"
-proc test24 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- error_and_restart "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: could not modify principal"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd [format {
- kadm5_get_policy $server_handle %s policy
- } test-pol]]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 0 } {
- fail "$test: pw_expire $pw_expire should be 0"
- return
- } else {
- pass "$test"
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test24
-
-test "modify-principal 25"
-proc test25 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test25
-
-test "modify-principal 26"
-proc test26 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol-nopw" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-test "modify-principal 27"
-proc test27 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test27
-
-test "modify-principal 28"
-proc test28 {} {
- global test
- global prompt
-# set prms_id 1358
-# setup_xfail {*-*-*} $prms_id
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 999999999 } {
- fail "$test: pw_expire $pw_expire should be 999999999"
- return
- }
- pass "$test"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "modify-principal 29"
-proc test29 {} {
- global test
- global prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { ! ([create_principal_pol "$test/a" test-pol])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_POLICY_CLR}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test29
-
-test "modify-principal 30"
-proc test30 {} {
- global test
- global prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal_pol "$test/a" test-pol])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol-nopw] {KADM5_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "modify-principal 31"
-proc test31 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {KADM5_POLICY}
- } $test]]} {
- fail "modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } {
- fail "$test: pw_expire is wrong"
- return
- }
-
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "modify-principal 32"
-proc test32 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 1\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test32
-
-test "modify-principal 33"
-proc test33 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \
- {KADM5_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test33
-
-test "modify-principal 33.25"
-proc test3325 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \
- {KADM5_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3325
-
-test "modify-principal 33.5"
-proc test335 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \
- {KADM5_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test335
-
-
-test "modify-principal 34"
-proc test34 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {KADM5_MAX_LIFE}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
-
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 4\n"
- expect {
- -re "3456\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test34
-
-test "modify-principal 35"
-proc test35 {} {
- global prompt
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {KADM5_KVNO}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 8\n"
- expect {
- -re "7\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test35
-
-test "modify-principal 36"
-proc test36 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol pol}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {KADM5_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- send "lindex \$pol 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { ! [cmd {kadm5_get_policy $server_handle test-pol pol2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- send "lindex \$pol2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { $oldref != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test36
-
-test "modify-principal 37"
-proc test37 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal "$test/a"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_POLICY_CLR}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test37
-
-test "modify-principal 38"
-proc test38 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_PRINC_EXPIRE_TIME}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test38
-
-test "modify-principal 39"
-proc test39 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
- {KADM5_MAX_LIFE}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 4\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test39
-
-test "modify-principal 40"
-proc test40 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- kadm5_modify_principal $server_handle null \
- {KADM5_PRINC_EXPIRE_TIME}
- } "EINVAL"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test40
-
-test "modify-principal 43"
-proc test43 {} {
- global test
- one_line_fail_test [format {
- kadm5_modify_principal null [simple_principal \
- "%s/a"] {KADM5_PW_EXPIRATION}
- } $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-test "modify-principal 44"
-proc test44 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- # setting fail auth count to a non-zero value must fail
- one_line_fail_test [format {
- kadm5_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1234 0 0 {} {}} {KADM5_FAIL_AUTH_COUNT}
- } $test] "BAD_SERVER_PARAMS"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test44
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "randkey-principal 100"
-proc test100 {} {
- global test prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- # I'd like to specify a long list of keysalt tuples and make sure that
- # randkey does the right thing, but we can only use those enctypes that
- # krbtgt has a key for: 3DES and AES, according to the prototype kdc.conf.
- if {! [cmd [format {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]]} {
- perror "$test: unexpected failure in randkey_principal"
- }
- send "puts \$num_keys\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting num_keys"
- return
- }
- eof {
- error_and_restart "$test: eof getting num_keys"
- return
- }
- }
-
- # XXX Perhaps I should actually check the key type returned.
- if {$num_keys == 5} {
- pass "$test"
- } else {
- fail "$test: $num_keys keys, should be 5"
- }
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test100
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "randkey-principal 1"
-proc test1 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test] "PASS_TOOSOON"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test1 }
-
-test "randkey-principal 3"
-proc test3 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test] "PASS_TOOSOON"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} { test3 }
-
-test "randkey-principal 13"
-proc test13 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
- once-a-min] KADM5_POLICY
- } $test]]} {
- perror "$test: failed modify"
- return
- }
- one_line_succeed_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "randkey-principal 15"
-proc test15 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test] "AUTH_CHANGEPW"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test15 }
-
-test "randkey-principal 28"
-proc test28 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "randkey-principal 28.25"
-proc test2825 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test] "AUTH"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2825 }
-
-test "randkey-principal 28.5"
-proc test285 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test285
-
-test "randkey-principal 30"
-proc test30 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
- if {! [cmd [format {
- kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "randkey-principal 31"
-proc test31 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- kadm5_randkey_principal $server_handle "%s/a" keys num_keys
- } $test]
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "randkey-principal 33"
-proc test33 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if { ! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- kadm5_randkey_principal null "%s/a" keys num_keys
- } $test] "BAD_SERVER_HANDLE"
- if { ! [cmd {kadm5_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-
-test33
-
-return ""
+++ /dev/null
-source runenv.exp
-
-set prompt "% "
-set stty_init {-onlcr -opost intr \^C kill \^U}
-set kadmin_local $KADMIN_LOCAL
-
-# Backward compatibility until we're using expect 5 everywhere
-if {[info exists exp_version_4]} {
- global wait_error_index wait_errno_index wait_status_index
- set wait_error_index 0
- set wait_errno_index 1
- set wait_status_index 1
-} else {
- set wait_error_index 2
- set wait_errno_index 3
- set wait_status_index 3
-}
-
-if { [string length $VALGRIND] } {
- rename spawn valgrind_aux_spawn
- proc spawn { args } {
- global VALGRIND
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- # Only run valgrind for local programs, not
- # system ones.
-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
- set newargs [concat $newargs $VALGRIND]
- }
- }
- lappend newargs $arg
- }
- set pid [eval valgrind_aux_spawn $newargs]
- return $pid
- }
-}
-
-# Hack around Solaris 9 kernel race condition that causes last output
-# from a pty to get dropped.
-if { $PRIOCNTL_HACK } {
- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
- rename spawn oldspawn
- proc spawn { args } {
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- set newargs [concat $newargs {priocntl -e -c FX -p 0}]
- }
- lappend newargs $arg
- }
- set pid [eval oldspawn $newargs]
- return $pid
- }
-}
-
-# Variables for keeping track of api process state
-set api_pid "0"
-
-proc api_exit {} {
- global spawn_id
- global api_pid
-
-# puts stdout "Starting api_exit (spawn_id $spawn_id)."
- catch {close} errMsg
- catch {wait} errMsg
-# puts stdout "Finishing api_exit for $api_pid."
- set api_pid "0"
-}
-
-proc api_isrunning {pid} {
- global api_pid
-
-# puts stdout "testing $pid, api_pid is $api_pid"
- if {$pid == $api_pid} {
- return 1;
- } else {
- return 0;
- }
-}
-
-proc api_version {} {
-}
-
-proc api_start {} {
- global API
- global env
- global spawn_id
- global prompt
- global api_pid
-
- set pid [spawn $API]
- expect {
- -re "$prompt$" {}
- eof { perror "EOF starting API" }
- timeout { perror "Timeout starting API" }
- }
- if {! [info exists env(TCLUTIL)]} {
- perror "TCLUTIL environment variable isn't set"
- }
- # tcl 8.4 for some reason screws up autodetection of output
- # EOL translation. Work around it for now.
- send "if { \[info commands fconfigure\] ne \"\" } { fconfigure stdout -translation lf }\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF starting API" }
- timeout { perror "Timeout starting API" }
- }
- send "source $env(TCLUTIL)\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF starting API" }
- timeout { perror "Timeout starting API" }
- }
- send "set current_struct_version \[expr \$KADM5_STRUCT_VERSION &~ \$KADM5_STRUCT_VERSION_MASK\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set current_api_version \[expr \$KADM5_API_VERSION_3 &~ \$KADM5_API_VERSION_MASK\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set bad_struct_version_mask \[expr 0x65432100 | \$current_struct_version\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set bad_api_version_mask \[expr 0x65432100 | \$current_api_version\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set no_api_version_mask \$current_api_version\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set no_struct_version_mask \$current_struct_version\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set old_api_version \[expr \$KADM5_API_VERSION_MASK | 0x00\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set old_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0x00\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set new_api_version \[expr \$KADM5_API_VERSION_MASK | 0xca\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
- send "set new_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0xca\]\n"
- expect {
- -re "$prompt$" {}
- eof { perror "EOF setting API variables"}
- timeout { perror "timeout setting API variables"}
- }
-
- set api_pid $pid
-# puts stdout "Finishing api_start (spawn_id $spawn_id, pid $api_pid)."
- return $pid
-}
-api_start
-
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h init-test.c
-$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h destroy-test.c
-$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \
- handle-test.c
-$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h iter-test.c
-$(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
- $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \
- $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \
- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
- setkey-test.c
-$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h randkey-test.c
-$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
- $(top_srcdir)/include/krb5.h lock-test.c
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <stdio.h>
-#include <krb5.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <unistd.h>
-#include <netinet/in.h>
-#include <kadm5/client_internal.h>
-#include <string.h>
-
-#define TEST_NUM 25
-
-int main()
-{
- kadm5_ret_t ret;
- char *cp;
- int x;
- void *server_handle;
- kadm5_server_handle_t handle;
- krb5_context context;
-
- ret = kadm5_init_krb5_context(&context);
- if (ret != 0) {
- com_err("test", ret, "context init");
- exit(2);
- }
- for(x = 0; x < TEST_NUM; x++) {
- ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &server_handle);
- if(ret != KADM5_OK) {
- com_err("test", ret, "init");
- exit(2);
- }
- handle = (kadm5_server_handle_t) server_handle;
- cp = strdup(strchr(handle->cache_name, ':') + 1);
- kadm5_destroy(server_handle);
- if(access(cp, F_OK) == 0) {
- puts("ticket cache not destroyed");
- exit(2);
- }
- free(cp);
- }
- krb5_free_context(context);
- exit(0);
-}
+++ /dev/null
-##! nochanges
-
+++ /dev/null
-##! nochanges
-
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <stdio.h>
-#include <krb5.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <unistd.h>
-#include <netinet/in.h>
-#ifdef CLIENT_TEST
-#include <kadm5/client_internal.h>
-#else
-#include <kadm5/server_internal.h>
-#include <kadm5/admin.h>
-#endif
-
-int main(int argc, char *argv[])
-{
- kadm5_ret_t ret;
- void *server_handle;
- kadm5_server_handle_t handle;
- kadm5_server_handle_rec orig_handle;
- kadm5_policy_ent_rec pol;
- kadm5_principal_ent_t princ;
- kadm5_principal_ent_rec kprinc;
- krb5_keyblock *key;
- krb5_principal tprinc;
- krb5_context context;
-
-
- kadm5_init_krb5_context(&context);
-
- ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &server_handle);
- if(ret != KADM5_OK) {
- com_err("test", ret, "init");
- exit(2);
- }
- handle = (kadm5_server_handle_t) server_handle;
- orig_handle = *handle;
- handle->magic_number = KADM5_STRUCT_VERSION;
- krb5_parse_name(context, "testuser", &tprinc);
- ret = kadm5_get_principal(server_handle, tprinc, &kprinc,
- KADM5_PRINCIPAL_NORMAL_MASK);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_get_policy(server_handle, "pol1", &pol);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
- error_message(ret));
- exit(1);
- }
-
- princ = &kprinc;
- ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass");
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_delete_principal(server_handle, tprinc);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_delete_policy(server_handle, "pol1");
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar");
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "chpass",
- error_message(ret));
- exit(1);
- }
- ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "randkey",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_rename_principal(server_handle, tprinc, tprinc);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "rename",
- error_message(ret));
- exit(1);
- }
-
- ret = kadm5_destroy(server_handle);
- if(ret != KADM5_BAD_SERVER_HANDLE) {
- fprintf(stderr, "%s -- returned -- %s\n", "destroy",
- error_message(ret));
- exit(1);
- }
-
- *handle = orig_handle;
- ret = kadm5_destroy(server_handle);
- if (ret != KADM5_OK) {
- fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
- error_message(ret));
- exit(1);
- }
-
- krb5_free_principal(context, tprinc);
- krb5_free_context(context);
- exit(0);
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <krb5.h>
-#include <string.h>
-
-int main()
-{
- kadm5_ret_t ret;
- void *server_handle;
- kadm5_config_params params;
- krb5_context context;
-
- memset(¶ms, 0, sizeof(params));
- params.mask |= KADM5_CONFIG_NO_AUTH;
- ret = kadm5_init_krb5_context(&context);
- if (ret != 0) {
- com_err("init-test", ret, "while initializing krb5 context");
- exit(1);
- }
- ret = kadm5_init(context, "admin", "admin", NULL, ¶ms,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &server_handle);
- if (!ret)
- (void)kadm5_destroy(server_handle);
- krb5_free_context(context);
- if (ret == KADM5_RPC_ERROR) {
- exit(0);
- }
- else if (ret != 0) {
- com_err("init-test", ret, "while initializing without auth");
- exit(1);
- } else {
- fprintf(stderr, "Unexpected success while initializing without auth!\n");
- exit(1);
- }
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <stdio.h>
-#include <kadm5/admin.h>
-#include <string.h>
-
-int main(int argc, char **argv)
-{
- kadm5_ret_t ret;
- void *server_handle;
- char **names;
- int count, princ, i;
- krb5_context context;
-
- if (argc != 3) {
- fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]);
- exit(1);
- }
- princ = (strcmp(argv[1], "-princ") == 0);
-
- ret = kadm5_init_krb5_context(&context);
- if (ret != KADM5_OK) {
- com_err("iter-test", ret, "while initializing context");
- exit(1);
- }
- ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &server_handle);
- if (ret != KADM5_OK) {
- com_err("iter-test", ret, "while initializing");
- exit(1);
- }
-
- if (princ)
- ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
- else
- ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
-
- if (ret != KADM5_OK) {
- com_err("iter-test", ret, "while retrieving list");
- exit(1);
- }
-
- for (i = 0; i < count; i++)
- printf("%d: %s\n", i, names[i]);
-
- kadm5_free_name_list(server_handle, names, count);
-
- (void) kadm5_destroy(server_handle);
-
- return 0;
-}
+++ /dev/null
-global timeout
-set timeout 60
-
-set lib_pid 0
-
-#
-# The functions in this library used to be responsible for bazillions
-# of wasted api_starts. Now, they all just use their own library
-# handle so they are not interrupted when the main tests call init or
-# destroy. They have to keep track of when the api exists and
-# restarts, though, since the lib_handle needs to be re-opened in that
-# case.
-#
-proc lib_start_api {} {
- global spawn_id lib_pid test
-
- if {! [api_isrunning $lib_pid]} {
- api_exit
- set lib_pid [api_start]
- if {! [cmd {
- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
- lib_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- verbose "+++ restarted api ($lib_pid) for lib"
- } else {
- verbose "+++ api $lib_pid already running for lib"
- }
-}
-
-proc cmd {command} {
- global prompt
- global spawn_id
- global test
-
- send "[string trim $command]\n"
- expect {
- -re "OK .*$prompt$" { return 1 }
- -re "ERROR .*$prompt$" { return 0 }
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- timeout { fail "$test: timeout"; return 0 }
- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 }
- }
-}
-
-proc tcl_cmd {command} {
- global prompt spawn_id test
-
- send "[string trim $command]\n"
- expect {
- -re "$prompt$" { return 1}
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- timeout { error_and_restart "timeout" }
- eof { api_exit; lib_start_api; return 0 }
- }
-}
-
-proc one_line_succeed_test {command} {
- global prompt
- global spawn_id
- global test
-
- send "[string trim $command]\n"
- expect {
- -re "OK .*$prompt$" { pass "$test"; return 1 }
- -re "ERROR .*$prompt$" {
- fail "$test: $expect_out(buffer)"; return 0
- }
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- timeout { fail "$test: timeout"; return 0 }
- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 }
- }
-}
-
-proc one_line_fail_test {command code} {
- global prompt
- global spawn_id
- global test
-
- send "[string trim $command]\n"
- expect {
- -re "ERROR .*$code.*$prompt$" { pass "$test"; return 1 }
- -re "ERROR .*$prompt$" { fail "$test: bad failure"; return 0 }
- -re "OK .*$prompt$" { fail "$test: bad success"; return 0 }
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- timeout { fail "$test: timeout"; return 0 }
- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 }
- }
-}
-
-proc one_line_fail_test_nochk {command} {
- global prompt
- global spawn_id
- global test
-
- send "[string trim $command]\n"
- expect {
- -re "ERROR .*$prompt$" { pass "$test:"; return 1 }
- -re "OK .*$prompt$" { fail "$test: bad success"; return 0 }
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- timeout { fail "$test: timeout"; return 0 }
- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 }
- }
-}
-
-proc resync {} {
- global prompt spawn_id test
-
- expect {
- -re "$prompt$" {}
- "wrong # args" { perror "$test: wrong number args"; return 0 }
- eof { api_exit; lib_start_api }
- }
-}
-
-proc create_principal {name} {
- lib_start_api
-
- set ret [cmd [format {
- kadm5_create_principal $lib_handle [simple_principal \
- "%s"] {KADM5_PRINCIPAL} "%s"
- } $name $name]]
-
- return $ret
-}
-
-proc create_policy {name} {
- lib_start_api
-
- set ret [cmd [format {
- kadm5_create_policy $lib_handle [simple_policy "%s"] \
- {KADM5_POLICY}
- } $name $name]]
-
- return $ret
-}
-
-proc create_principal_pol {name policy} {
- lib_start_api
-
- set ret [cmd [format {
- kadm5_create_principal $lib_handle [princ_w_pol "%s" \
- "%s"] {KADM5_PRINCIPAL KADM5_POLICY} "%s"
- } $name $policy $name]]
-
- return $ret
-}
-
-proc delete_principal {name} {
- lib_start_api
-
- set ret [cmd [format {
- kadm5_delete_principal $lib_handle "%s"
- } $name]]
-
- return $ret
-}
-
-proc delete_policy {name} {
- lib_start_api
-
- set ret [cmd [format {kadm5_delete_policy $lib_handle "%s"} $name]]
-
- return $ret
-}
-
-proc principal_exists {name} {
-# puts stdout "Starting principal_exists."
-
- lib_start_api
-
- set ret [cmd [format {
- kadm5_get_principal $lib_handle "%s" principal \
- KADM5_PRINCIPAL_NORMAL_MASK
- } $name]]
-
-# puts stdout "Finishing principal_exists."
-
- return $ret
-}
-
-proc policy_exists {name} {
- lib_start_api
-
-# puts stdout "Starting policy_exists."
-
- set ret [cmd [format {
- kadm5_get_policy $lib_handle "%s" policy
- } $name]]
-
-# puts stdout "Finishing policy_exists."
-
- return $ret
-}
-
-proc error_and_restart {error} {
- api_exit
- api_start
- perror $error
-}
-
-proc test {name} {
- global test verbose
-
- set test $name
- if {$verbose >= 1} {
- puts stdout "At $test"
- }
-}
-
-proc begin_dump {} {
- global TOP
- global RPC
-
- if { ! $RPC } {
-# exec $env(SIMPLE_DUMP) > /tmp/dump.before
- }
-}
-
-proc end_dump_compare {name} {
- global file
- global TOP
- global RPC
-
- if { ! $RPC } {
-# set file $TOP/admin/lib/unit-test/diff-files/$name
-# exec $env(SIMPLE_DUMP) > /tmp/dump.after
-# exec $env(COMPARE_DUMP) /tmp/dump.before /tmp/dump.after $file
- }
-}
-
-proc kinit { princ pass {opts ""} } {
- global env;
- global KINIT
-
- eval spawn $KINIT -5 $opts $princ
- expect {
- -re {Password for .*: $}
- {send "$pass\n"}
- timeout {puts "Timeout waiting for prompt" ; close }
- }
-
- # this necessary so close(1) in the child will not sleep waiting for
- # the parent, which is us, to read pending data.
-
- expect {
- "when initializing cache" { perror "kinit failed: $expect_out(buffer)" }
- eof {}
- }
- wait
-}
-
-proc kdestroy {} {
- global KDESTROY
- global errorCode errorInfo
- global env
-
- if {[info exists errorCode]} {
- set saveErrorCode $errorCode
- }
- if {[info exists errorInfo]} {
- set saveErrorInfo $errorInfo
- }
- catch "exec $KDESTROY -5 2>/dev/null"
- if {[info exists saveErrorCode]} {
- set errorCode $saveErrorCode
- } elseif {[info exists errorCode]} {
- unset errorCode
- }
- if {[info exists saveErrorInfo]} {
- set errorInfo $saveErrorInfo
- } elseif {[info exists errorInfo]} {
- unset errorInfo
- }
-}
-
-proc create_principal_with_keysalts {name keysalts} {
- global kadmin_local
-
- spawn $kadmin_local -e "$keysalts"
- expect {
- "kadmin.local:" {}
- default { perror "waiting for kadmin.local prompt"; return 1}
- }
- send "ank -pw \"$name\" \"$name\"\n"
- expect {
- -re "Principal \"$name.*\" created." {}
- "kadmin.local:" {
- perror "expecting principal created message";
- return 1
- }
- default { perror "waiting for principal created message"; return 1 }
- }
- expect {
- "kadmin.local:" {}
- default { perror "waiting for kadmin.local prompt"; return 1 }
- }
- close
- wait
- return 0
-}
-
-
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <stdio.h>
-#include <krb5.h>
-#include <kadm5/admin.h>
-#include <kdb.h>
-#include <string.h>
-
-char *whoami;
-
-static void usage()
-{
- fprintf(stderr,
- "Usage: %s {shared|exclusive|permanent|release|"
- "get name|wait} ...\n", whoami);
- exit(1);
-}
-
-int main(int argc, char **argv)
-{
- krb5_error_code ret;
- osa_policy_ent_t entry;
- krb5_context context;
- kadm5_config_params params;
- krb5_error_code kret;
-
- whoami = argv[0];
-
- kret = kadm5_init_krb5_context(&context);
- if (kret) {
- com_err(whoami, kret, "while initializing krb5");
- exit(1);
- }
-
- params.mask = 0;
- ret = kadm5_get_config_params(context, 1, ¶ms, ¶ms);
- if (ret) {
- com_err(whoami, ret, "while retrieving configuration parameters");
- exit(1);
- }
- if (! (params.mask & KADM5_CONFIG_ADBNAME)) {
- com_err(whoami, KADM5_BAD_SERVER_PARAMS,
- "while retrieving configuration parameters");
- exit(1);
- }
-
- ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW);
- if (ret) {
- com_err(whoami, ret, "while opening database");
- exit(1);
- }
-
- argc--; argv++;
- while (argc) {
- if (strcmp(*argv, "shared") == 0) {
- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED);
- if (ret)
- com_err(whoami, ret, "while getting shared lock");
- else
- printf("shared\n");
- } else if (strcmp(*argv, "exclusive") == 0) {
- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
- if (ret)
- com_err(whoami, ret, "while getting exclusive lock");
- else
- printf("exclusive\n");
- } else if (strcmp(*argv, "permanent") == 0) {
- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE );
- if (ret)
- com_err(whoami, ret, "while getting permanent lock");
- else
- printf("permanent\n");
- } else if (strcmp(*argv, "release") == 0) {
- ret = krb5_db_unlock(context);
- if (ret)
- com_err(whoami, ret, "while releasing lock");
- else
- printf("released\n");
- } else if (strcmp(*argv, "get") == 0) {
- argc--; argv++;
- if (!argc) usage();
- if ((ret = krb5_db_get_policy(context, *argv, &entry))) {
- com_err(whoami, ret, "while getting policy");
- } else {
- printf("retrieved\n");
- krb5_db_free_policy(context, entry);
- }
- } else if (strcmp(*argv, "wait") == 0) {
- getchar();
- } else {
- fprintf(stderr, "%s: Invalid argument \"%s\"\n",
- whoami, *argv);
- usage();
- }
-
- argc--; argv++;
- }
-
- ret = krb5_db_fini(context);
- if (ret) {
- com_err(whoami, ret, "while closing database");
- exit(1);
- }
-
- return 0;
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <stdio.h>
-#include <krb5.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <string.h>
-
-#define TEST_NUM 1000
-
-int main()
-{
- kadm5_ret_t ret;
- krb5_keyblock *keys[TEST_NUM];
- krb5_principal tprinc;
- krb5_keyblock *newkey;
- krb5_context context;
- void *server_handle;
-
- int x, i;
-
- kadm5_init_krb5_context(&context);
-
- krb5_parse_name(context, "testuser", &tprinc);
- ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &server_handle);
- if(ret != KADM5_OK) {
- com_err("test", ret, "init");
- exit(2);
- }
- for(x = 0; x < TEST_NUM; x++) {
- kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
- for(i = 0; i < x; i++) {
- if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
- puts("match found");
- }
- }
- kadm5_destroy(server_handle);
- exit(0);
-}
+++ /dev/null
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-#include <k5-int.h>
-#include <kadm5/admin.h>
-
-#if HAVE_SRAND48
-#define RAND() lrand48()
-#define SRAND(a) srand48(a)
-#define RAND_TYPE long
-#elif HAVE_SRAND
-#define RAND() rand()
-#define SRAND(a) srand(a)
-#define RAND_TYPE int
-#elif HAVE_SRANDOM
-#define RAND() random()
-#define SRAND(a) srandom(a)
-#define RAND_TYPE long
-#else /* no random */
-need a random number generator
-#endif /* no random */
-
-krb5_keyblock test1[] = {
- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
- {-1},
-};
-krb5_keyblock test2[] = {
- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
- {-1},
-};
-krb5_keyblock test3[] = {
- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0},
- {-1},
-};
-
-krb5_keyblock *tests[] = {
- test1, test2, test3, NULL
-};
-
-krb5_data tgtname = {
- 0,
- KRB5_TGS_NAME_SIZE,
- KRB5_TGS_NAME
-};
-
-krb5_enctype ktypes[] = { 0, 0 };
-
-extern krb5_kt_ops krb5_ktf_writable_ops;
-
-int
-main(int argc, char **argv)
-{
- krb5_context context;
- krb5_keytab kt;
- krb5_keytab_entry ktent;
- krb5_encrypt_block eblock;
- krb5_creds my_creds;
- krb5_get_init_creds_opt *opt;
- kadm5_principal_ent_rec princ_ent;
- krb5_principal princ, server;
- char pw[16];
- char *whoami, *principal, *authprinc, *authpwd;
- krb5_data pwdata;
- void *handle;
- int ret, test, encnum;
- unsigned int i;
-
- whoami = argv[0];
-
- if (argc < 2 || argc > 4) {
- fprintf(stderr, "Usage: %s principal [authuser] [authpwd]\n", whoami);
- exit(1);
- }
- principal = argv[1];
- authprinc = (argc > 2) ? argv[2] : argv[0];
- authpwd = (argc > 3) ? argv[3] : NULL;
-
- /*
- * Setup. Initialize data structures, open keytab, open connection
- * to kadm5 server.
- */
-
- memset(&context, 0, sizeof(context));
- kadm5_init_krb5_context(&context);
-
- ret = krb5_parse_name(context, principal, &princ);
- if (ret) {
- com_err(whoami, ret, "while parsing principal name %s", principal);
- exit(1);
- }
-
- if((ret = krb5_build_principal_ext(context, &server,
- krb5_princ_realm(kcontext, princ)->length,
- krb5_princ_realm(kcontext, princ)->data,
- tgtname.length, tgtname.data,
- krb5_princ_realm(kcontext, princ)->length,
- krb5_princ_realm(kcontext, princ)->data,
- 0))) {
- com_err(whoami, ret, "while building server name");
- exit(1);
- }
-
- ret = krb5_kt_default(context, &kt);
- if (ret) {
- com_err(whoami, ret, "while opening keytab");
- exit(1);
- }
-
- ret = kadm5_init(context, authprinc, authpwd, KADM5_ADMIN_SERVICE, NULL,
- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL,
- &handle);
- if (ret) {
- com_err(whoami, ret, "while initializing connection");
- exit(1);
- }
-
- /* these pw's don't need to be secure, just different every time */
- SRAND((RAND_TYPE)time((void *) NULL));
- pwdata.data = pw;
- pwdata.length = sizeof(pw);
-
- /*
- * For each test:
- *
- * For each enctype in the test, construct a random password/key.
- * Assign all keys to principal with kadm5_setkey_principal. Add
- * each key to the keytab, and acquire an initial ticket with the
- * keytab (XXX can I specify the kvno explicitly?). If
- * krb5_get_init_creds_keytab succeeds, then the keys were set
- * successfully.
- */
- for (test = 0; tests[test] != NULL; test++) {
- krb5_keyblock *testp = tests[test];
- kadm5_key_data *extracted;
- int n_extracted, match;
- printf("+ Test %d:\n", test);
-
- for (encnum = 0; testp[encnum].magic != -1; encnum++) {
- for (i = 0; i < sizeof(pw); i++)
- pw[i] = (RAND() % 26) + '0'; /* XXX */
-
- krb5_use_enctype(context, &eblock, testp[encnum].enctype);
- ret = krb5_string_to_key(context, &eblock, &testp[encnum],
- &pwdata, NULL);
- if (ret) {
- com_err(whoami, ret, "while converting string to key");
- exit(1);
- }
- }
-
- /* now, encnum == # of keyblocks in testp */
- ret = kadm5_setkey_principal(handle, princ, testp, encnum);
- if (ret) {
- com_err(whoami, ret, "while setting keys");
- exit(1);
- }
-
- ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO);
- if (ret) {
- com_err(whoami, ret, "while retrieving principal");
- exit(1);
- }
-
- ret = kadm5_get_principal_keys(handle, princ, 0, &extracted,
- &n_extracted);
- if (ret) {
- com_err(whoami, ret, "while extracting keys");
- exit(1);
- }
-
- for (encnum = 0; testp[encnum].magic != -1; encnum++) {
- printf("+ enctype %d\n", testp[encnum].enctype);
-
- for (match = 0; match < n_extracted; match++) {
- if (extracted[match].key.enctype == testp[encnum].enctype)
- break;
- }
- if (match >= n_extracted) {
- com_err(whoami, KRB5_WRONG_ETYPE, "while matching enctypes");
- exit(1);
- }
- if (extracted[match].key.length != testp[encnum].length ||
- memcmp(extracted[match].key.contents, testp[encnum].contents,
- testp[encnum].length) != 0) {
- com_err(whoami, KRB5_KDB_NO_MATCHING_KEY, "verifying keys");
- exit(1);
- }
-
- memset(&ktent, 0, sizeof(ktent));
- ktent.principal = princ;
- ktent.key = testp[encnum];
- ktent.vno = princ_ent.kvno;
-
- ret = krb5_kt_add_entry(context, kt, &ktent);
- if (ret) {
- com_err(whoami, ret, "while adding keytab entry");
- exit(1);
- }
-
- memset(&my_creds, 0, sizeof(my_creds));
- my_creds.client = princ;
- my_creds.server = server;
-
- ktypes[0] = testp[encnum].enctype;
- ret = krb5_get_init_creds_opt_alloc(context, &opt);
- if (ret) {
- com_err(whoami, ret, "while allocating gic opts");
- exit(1);
- }
- krb5_get_init_creds_opt_set_etype_list(opt, ktypes, 1);
- ret = krb5_get_init_creds_keytab(context, &my_creds, princ,
- kt, 0, NULL /* in_tkt_service */,
- opt);
- krb5_get_init_creds_opt_free(context, opt);
- if (ret) {
- com_err(whoami, ret, "while acquiring initial ticket");
- exit(1);
- }
- krb5_free_cred_contents(context, &my_creds);
-
- /* since I can't specify enctype explicitly ... */
- ret = krb5_kt_remove_entry(context, kt, &ktent);
- if (ret) {
- com_err(whoami, ret, "while removing keytab entry");
- exit(1);
- }
- }
-
- (void)kadm5_free_kadm5_key_data(context, n_extracted, extracted);
- }
-
- ret = krb5_kt_close(context, kt);
- if (ret) {
- com_err(whoami, ret, "while closing keytab");
- exit(1);
- }
-
- ret = kadm5_destroy(handle);
- if (ret) {
- com_err(whoami, ret, "while closing kadmin connection");
- exit(1);
- }
-
- krb5_free_principal(context, princ);
- krb5_free_principal(context, server);
- krb5_free_context(context);
- return 0;
-}
+++ /dev/null
-set tool kadm5_srv_tcl
-set prompt "% "
projects / thirdparty / krb5.git / commitdiff
