diff options
| author | Greg Hudson <ghudson@mit.edu> | 2014-02-28 20:41:20 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2014-03-03 11:58:58 -0500 |
| commit | 06817686bfdef99523f300464bcbb0c8b037a27d (patch) | |
| tree | d141b661c67f92cada0dc0ee6e432797065320b6 /src | |
| parent | 9f9c4acd9629913d2ff197e0f4994d091f2073d5 (diff) | |
| download | krb5-06817686bfdef99523f300464bcbb0c8b037a27d.tar.gz krb5-06817686bfdef99523f300464bcbb0c8b037a27d.tar.xz krb5-06817686bfdef99523f300464bcbb0c8b037a27d.zip | |
Add tests for gic_pwd password change
ticket: 7868
Diffstat (limited to 'src')
| -rw-r--r-- | src/tests/Makefile.in | 1 | ||||
| -rw-r--r-- | src/tests/t_changepw.py | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 2bd7a5ce1..958b8a954 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -97,6 +97,7 @@ check-pytests:: t_init_creds t_localauth $(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_changepw.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS) diff --git a/src/tests/t_changepw.py b/src/tests/t_changepw.py new file mode 100644 index 000000000..0b9832668 --- /dev/null +++ b/src/tests/t_changepw.py @@ -0,0 +1,37 @@ +#!/usr/bin/python +from k5test import * + +# This file is intended to cover any password-changing mechanism. For +# now it only contains a regression test for #7868. + +realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True) + +# Mark a principal as expired and change its password through kinit. +realm.run_kadminl('modprinc -pwexpire "1 day ago" user') +pwinput = password('user') + '\nabcd\nabcd\n' +realm.run([kinit, realm.user_princ], input=pwinput) + +# Do the same thing with FAST, with tracing turned on. +realm.run_kadminl('modprinc -pwexpire "1 day ago" user') +pwinput = 'abcd\nefgh\nefgh\n' +tracefile = os.path.join(realm.testdir, 'trace') +realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache, + realm.user_princ], input=pwinput) + +# Read the trace and check that FAST was used when getting the +# kadmin/changepw ticket. +f = open(tracefile, 'r') +trace = f.read() +f.close() +getting_changepw = fast_used_for_changepw = False +for line in trace.splitlines(): + if 'Getting initial credentials for user@' in line: + getting_changepw_ticket = False + if 'Setting initial creds service to kadmin/changepw' in line: + getting_changepw_ticket = True + if getting_changepw_ticket and 'Using FAST' in line: + fast_used_for_changepw = True +if not fast_used_for_changepw: + fail('FAST was not used to get kadmin/changepw ticket') + +success('Password change tests') |