blob: 4abbeb52d59561ece73e633fa552497c95a0a116 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
load_lib lib.t
api_exit
api_start
test "modify-principal 100-105"
proc test100_104 {} {
global test
global prompt
if {! (( [principal_exists "$test/a"]) ||
[create_principal "$test/a"])} {
error_and_restart "$test: couldn't create principal \"$test/a\""
return
}
if {! [cmd {
kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
server_handle
}]} {
perror "$test: unexpected failure in init"
return
}
set origtest "$test"
test "modify-principal 100"
one_line_succeed_test [format {
kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
{KADM5_MAX_RLIFE}
} $origtest]
test "modify-principal 101"
one_line_fail_test [format {
kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
{KADM5_LAST_SUCCESS}
} $origtest] "BAD_MASK"
test "modify-principal 102"
one_line_fail_test [format {
kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
{KADM5_LAST_FAILED}
} $origtest] "BAD_MASK"
# This is now permitted to reset lockout count
# test "modify-principal 103"
# one_line_fail_test [format {
# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
# {KADM5_FAIL_AUTH_COUNT}
# } $origtest] "BAD_MASK"
test "modify-principal 103.5"
one_line_fail_test [format {
kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
{KADM5_KEY_DATA}
} $origtest] "BAD_MASK"
test "modify-principal 105"
one_line_fail_test [format {
kadm5_modify_principal $server_handle \
"{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{1 1 x}}" \
{KADM5_TL_DATA}
} $origtest $origtest] "BAD_TL_TYPE"
test "modify-principal 100,104"
if { ! [cmd [format {
kadm5_modify_principal $server_handle \
"{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 88 0 0 0 0 1 {} {{990 6 foobar}}" \
{KADM5_MAX_RLIFE KADM5_TL_DATA}
} $origtest $origtest]]} {
fail "$test: cannot set MAX_RLIFE or TL_DATA"
return
}
if {! [cmd [format {
kadm5_get_principal $server_handle "%s/a" principal {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA}
} $origtest]]} {
error_and_restart "$test: could not retrieve principal"
return
}
send "lindex \$principal 12\n"
expect {
-re "(\[0-9\]+)\n$prompt$" {set rlife $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting rlife"
return
}
eof {
error_and_restart "$test: eof getting rlife"
return
}
}
send "lindex \$principal 19\n"
expect {
-re "\(\{.*\}\)\n$prompt$" {set tl $expect_out(1,string) }
timeout {
error_and_restart "$test: timeout getting tl_data"
return
}
eof {
error_and_restart "$test: eof getting tl_data"
return
}
}
if {($rlife == 88) && ($tl == "{{990 6 foobar}}")} {
pass "$test"
} else {
fail "$test: $rlife should be 88, $tl should be {{990 6 foobar}}"
}
if { ! [cmd {kadm5_destroy $server_handle}]} {
perror "$test: unexpected failure in destroy"
return
}
}
test100_104
|
