diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-10-28 13:34:04 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-10-30 12:31:00 -0400 |
commit | 7b7e72f66cda405967b2a1da0b5ff8141feb0eb1 (patch) | |
tree | bc586f660af026e4ef17099cabd0d9b2c0fa02d1 | |
parent | a30a82abc72c2a1a8d25948fe9cd1af49eaf62ec (diff) | |
download | krb5-7b7e72f66cda405967b2a1da0b5ff8141feb0eb1.tar.gz krb5-7b7e72f66cda405967b2a1da0b5ff8141feb0eb1.tar.xz krb5-7b7e72f66cda405967b2a1da0b5ff8141feb0eb1.zip |
Add tests for anonymous kadmin
-rw-r--r-- | src/tests/t_pkinit.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py index 7b20fa37b7..762e32276b 100644 --- a/src/tests/t_pkinit.py +++ b/src/tests/t_pkinit.py @@ -71,6 +71,19 @@ realm.kinit('@%s' % realm.realm, flags=['-n']) realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS') realm.run([kvno, realm.host_princ]) +# Test anonymous kadmin. +f = open(os.path.join(realm.testdir, 'acl'), 'a') +f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *') +f.close() +realm.start_kadmind() +out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd']) +if 'created.' not in out: + fail('Could not create principal with anonymous kadmin') +out = realm.run([kadmin, '-n', '-q', 'getprinc testadd']) +if "Operation requires ``get'' privilege" not in out: + fail('Anonymous kadmin has too much privilege') +realm.stop_kadmind() + # Test with anonymous restricted; FAST should work but kvno should fail. r_env = realm.special_env('restrict', True, kdc_conf=restrictive_kdc_conf) realm.stop_kdc() |