summaryrefslogtreecommitdiffstats
path: root/src/kadmin/v4server/unit-test/v4server.1/access.exp
diff options
context:
space:
mode:
authorMarc Horowitz <marc@mit.edu>1996-07-22 20:49:46 +0000
committerMarc Horowitz <marc@mit.edu>1996-07-22 20:49:46 +0000
commitedf8b4d8a6a665c2aa150993cd813ea6c5cf12e1 (patch)
tree6c2974a97b448c040fa4a31708ec5e02f187526c /src/kadmin/v4server/unit-test/v4server.1/access.exp
parent013bb1391582ed9e653ae706e398ddb8d08cfcc9 (diff)
downloadkrb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.gz
krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.tar.xz
krb5-edf8b4d8a6a665c2aa150993cd813ea6c5cf12e1.zip
this commit includes all the changes on the OV_9510_INTEGRATION and
OV_MERGE branches. This includes, but is not limited to, the new openvision admin system, and major changes to gssapi to add functionality, and bring the implementation in line with rfc1964. before committing, the code was built and tested for netbsd and solaris. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kadmin/v4server/unit-test/v4server.1/access.exp')
-rw-r--r--src/kadmin/v4server/unit-test/v4server.1/access.exp88
1 files changed, 88 insertions, 0 deletions
diff --git a/src/kadmin/v4server/unit-test/v4server.1/access.exp b/src/kadmin/v4server/unit-test/v4server.1/access.exp
new file mode 100644
index 000000000..4d30fc9c7
--- /dev/null
+++ b/src/kadmin/v4server/unit-test/v4server.1/access.exp
@@ -0,0 +1,88 @@
+load_lib "helpers.exp"
+
+set timeout 30
+
+# Setup: make sure the principals we will use have V4 salt
+fix_salt "A.setup" testuser notathena notathena
+unexpire "A.setup" testuser
+unexpire "A.setup" changepw/kerberos
+
+proc kill_admin_server {} {
+ global env kill getpid
+
+ set pid [exec $getpid kadmind]
+ if {$pid != ""} {
+ exec $kill $pid
+ }
+}
+
+proc start_admin_server {} {
+ global ovsec_adm_server sleep
+
+ set max_tries 60
+
+ for {set num_tries 0} {$num_tries <= $max_tries} {incr num_tries} {
+ if {$num_tries} {
+ exec $sleep 5
+ verbose "$ovsec_adm_server couldn't bind; retrying ($num_tries so far)"
+ }
+ if {[catch "exec $ovsec_adm_server" msg]} {
+ if {[regexp {Address already in use} $msg]} {
+ continue
+ }
+ fail "starting $ovsec_adm_server: $msg"
+ }
+ return
+ }
+ fail "starting $ovsec_adm_server: $msg"
+}
+
+proc remove_changepw_perms {} {
+ global remove_changepw_perms
+
+ exec $remove_changepw_perms
+}
+
+proc set_changepw_perms { perms } {
+ remove_changepw_perms
+
+ exec echo "changepw/kerberos@SECURE-TEST.OV.COM $perms" \
+ >> /krb5/ovsec_adm.acl
+}
+
+# start off with a dead admin server
+kill_admin_server
+
+set_changepw_perms "i"
+start_admin_server
+server_start A.1 "-n" 1 {
+ "KADM Server starting in the OVSEC_KADM mode" {}
+}
+kpasswd_v4 A.1 testuser 2 notathena foobar {
+ "Operation requires ``change-password'' privilege" {}
+} {
+ "$kpasswd_v4: Insufficient access to perform requested operation while attempting to change password." {}
+} {
+ "Password NOT changed." {}
+}
+server_exit A.1 -1
+kill_admin_server
+
+set_changepw_perms "c"
+start_admin_server
+server_start A.2 "-n" 1 {
+ "KADM Server starting in the OVSEC_KADM mode" {}
+}
+kpasswd_v4 A.2 testuser 2 notathena foobar {
+ "Operation requires ``get'' privilege" {}
+} {
+ "$kpasswd_v4: Insufficient access to perform requested operation while attempting to change password." {}
+} {
+ "Password NOT changed." {}
+}
+server_exit A.2 -1
+kill_admin_server
+
+set_changepw_perms "ci"
+
+start_admin_server
generated by cgit (git 2.34.1) at 2026-02-19 19:05:31 +0000