diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-01-08 15:20:45 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-01-09 15:35:43 -0500 |
| commit | 0780e46fc13dbafa177525164997cd204cc50b51 (patch) | |
| tree | eacb2400a78bfab43bbc95cb8ab3055498da881b /src/tests | |
| parent | 090f561c631db7e4970b71cbe1426d636c39c77a (diff) | |
Allow principals to refer to nonexistent policies
Stop using and maintaining the policy_refcnt field, and do not try to
prevent deletion of a policy which is still referenced by principals.
Instead, allow principals to refer to policy names which do not exist
as policy objects; treat those principals as having no associated
policy.
In the kadmin client, warn if addprinc or modprinc tries to reference
a policy which doesn't exist, since the server will no longer error
out in this case.
ticket: 7385
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/dejagnu/krb-standalone/kadmin.exp | 3 | ||||
| -rw-r--r-- | src/tests/kdbtest.c | 3 |
2 files changed, 2 insertions, 4 deletions
diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp index 1822bc38a8..c62e183e75 100644 --- a/src/tests/dejagnu/krb-standalone/kadmin.exp +++ b/src/tests/dejagnu/krb-standalone/kadmin.exp @@ -711,7 +711,6 @@ proc kadmin_addpol { pname } { expect "Minimum number of password character classes:" { verbose "got min pw character classes" } expect "Number of old keys kept:" { verbose "got num old keys kept" } - expect "Reference count:" { verbose "got refcount" } expect "kadmin.local: " { send "q\r" } expect_after @@ -924,7 +923,7 @@ proc kadmin_showpol { pname } { } expect -re "assword\[^\r\n\]*: *" send "adminpass$KEY\r" - expect -re "\r.*Policy: $pname.*Number of old keys kept: .*Reference count: .*\r" + expect -re "\r.*Policy: $pname.*Number of old keys kept: .*\r" expect_after expect eof set k_stat [wait -i $spawn_id] diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c index b569b56235..93de07be87 100644 --- a/src/tests/kdbtest.c +++ b/src/tests/kdbtest.c @@ -167,7 +167,7 @@ static osa_policy_ent_rec sample_policy = { 6, /* pw_min_length */ 2, /* pw_min_classes */ 3, /* pw_history_num */ - 1, /* policy_refcnt */ + 0, /* policy_refcnt */ 2, /* pw_max_fail */ 60, /* pw_failcnt_interval */ 120, /* pw_lockout_duration */ @@ -377,7 +377,6 @@ main() CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy)); ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA; CHECK(krb5_db_put_principal(ctx, ent)); - /* Deleting polname should work now that the reference is gone. */ CHECK(krb5_db_delete_policy(ctx, polname)); /* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as |