From 06817686bfdef99523f300464bcbb0c8b037a27d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 28 Feb 2014 20:41:20 -0500 Subject: Add tests for gic_pwd password change ticket: 7868 --- src/tests/Makefile.in | 1 + src/tests/t_changepw.py | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 src/tests/t_changepw.py diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 2bd7a5ce1d..958b8a9543 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -97,6 +97,7 @@ check-pytests:: t_init_creds t_localauth $(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_changepw.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS) diff --git a/src/tests/t_changepw.py b/src/tests/t_changepw.py new file mode 100644 index 0000000000..0b9832668e --- /dev/null +++ b/src/tests/t_changepw.py @@ -0,0 +1,37 @@ +#!/usr/bin/python +from k5test import * + +# This file is intended to cover any password-changing mechanism. For +# now it only contains a regression test for #7868. + +realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True) + +# Mark a principal as expired and change its password through kinit. +realm.run_kadminl('modprinc -pwexpire "1 day ago" user') +pwinput = password('user') + '\nabcd\nabcd\n' +realm.run([kinit, realm.user_princ], input=pwinput) + +# Do the same thing with FAST, with tracing turned on. +realm.run_kadminl('modprinc -pwexpire "1 day ago" user') +pwinput = 'abcd\nefgh\nefgh\n' +tracefile = os.path.join(realm.testdir, 'trace') +realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache, + realm.user_princ], input=pwinput) + +# Read the trace and check that FAST was used when getting the +# kadmin/changepw ticket. +f = open(tracefile, 'r') +trace = f.read() +f.close() +getting_changepw = fast_used_for_changepw = False +for line in trace.splitlines(): + if 'Getting initial credentials for user@' in line: + getting_changepw_ticket = False + if 'Setting initial creds service to kadmin/changepw' in line: + getting_changepw_ticket = True + if getting_changepw_ticket and 'Using FAST' in line: + fast_used_for_changepw = True +if not fast_used_for_changepw: + fail('FAST was not used to get kadmin/changepw ticket') + +success('Password change tests') -- cgit