blob: 57ec5040b562b191016270e13940842c211a6a38 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
load_lib "helpers.exp"
set timeout 30
# Setup: make sure the principals we will use have V4 salt
fix_salt "A.setup" testuser notathena notathena
unexpire "A.setup" testuser
unexpire "A.setup" changepw/kerberos
proc kill_admin_server {} {
global env kill getpid
set pid [exec $getpid kadmind]
if {$pid != ""} {
exec $kill $pid
}
}
proc start_admin_server {} {
global ovsec_adm_server_path ovsec_adm_server_name sleep env
set max_tries 60
for {set num_tries 0} {$num_tries <= $max_tries} {incr num_tries} {
if {$num_tries} {
exec $sleep 5
verbose "$ovsec_adm_server couldn't bind; retrying ($num_tries so far)"
}
if {[catch "system {cd $ovsec_adm_server_path; exec $ovsec_adm_server_name}" msg]} {
if {[regexp {Address already in use} $msg]} {
continue
}
fail "starting $ovsec_adm_server_name: $msg"
}
return
}
fail "starting $ovsec_adm_server_name: $msg"
}
proc remove_changepw_perms {} {
global remove_changepw_perms
exec $remove_changepw_perms
}
proc set_changepw_perms { perms } {
global env
remove_changepw_perms
exec echo "changepw/kerberos@SECURE-TEST.OV.COM $perms" \
>> $env(K5ROOT)/ovsec_adm.acl
}
# start off with a dead admin server
kill_admin_server
set_changepw_perms "i"
start_admin_server
server_start A.1 "-n" 1 {
"KADM Server starting in the OVSEC_KADM mode" {}
}
kpasswd_v4 A.1 testuser 2 notathena foobar {
"Operation requires ``change-password'' privilege" {}
} {
"$kpasswd_v4: Insufficient access to perform requested operation while attempting to change password." {}
} {
"Password NOT changed." {}
}
server_exit A.1 -1
kill_admin_server
set_changepw_perms "c"
start_admin_server
server_start A.2 "-n" 1 {
"KADM Server starting in the OVSEC_KADM mode" {}
}
kpasswd_v4 A.2 testuser 2 notathena foobar {
"Operation requires ``get'' privilege" {}
} {
"$kpasswd_v4: Insufficient access to perform requested operation while attempting to change password." {}
} {
"Password NOT changed." {}
}
server_exit A.2 -1
kill_admin_server
set_changepw_perms "ci"
start_admin_server
|
