From ad88d4fd50a31f6cfe4de56d387f1a6f1aa5468c Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Fri, 3 Dec 2021 11:25:46 +0100 Subject: [PATCH] Add patches to support OpenSSL 3.0.0 Signed-off-by: Antonio Torres --- ...detection-of-the-OpenSSL-3-KDF-inter.patch | 25 + Fix-k5tls-module-for-OpenSSL-3.patch | 3 +- ...pkcs11-build-issues-with-openssl-3.0.patch | 3 +- Handle-OpenSSL-3-s-providers.patch | 301 + Remove-TCL-based-libkadm5-API-tests.patch | 18229 ++++++++++++++++ ...ecated-OpenSSL-calls-from-softpkcs11.patch | 7 +- ...KDF-and-KRB5KDF-for-deriving-long-te.patch | 482 + ...SSL-s-SSKDF-in-PKINIT-when-available.patch | 408 + downstream-Remove-3des-support.patch | 68 +- krb5.spec | 25 +- 10 files changed, 19474 insertions(+), 77 deletions(-) create mode 100644 Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch create mode 100644 Handle-OpenSSL-3-s-providers.patch create mode 100644 Remove-TCL-based-libkadm5-API-tests.patch create mode 100644 Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch create mode 100644 Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch diff --git a/Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch b/Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch new file mode 100644 index 0000000..269a457 --- /dev/null +++ b/Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch @@ -0,0 +1,25 @@ +From 2f039fc910022c9569fe6941a194f0b26bd6c894 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 20 Sep 2019 16:11:29 -0400 +Subject: [PATCH] Add buildsystem detection of the OpenSSL-3 KDF interface + +(cherry picked from commit a3e03dfd40928c4615bd9b8546eac0c104377850) +--- + src/configure.ac | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/configure.ac b/src/configure.ac +index eb6307468..9c2e816fe 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -282,6 +282,10 @@ AC_SUBST(CRYPTO_IMPL) + AC_SUBST(CRYPTO_IMPL_CFLAGS) + AC_SUBST(CRYPTO_IMPL_LIBS) + ++if test "$CRYPTO_IMPL" = openssl; then ++ AC_CHECK_FUNCS(EVP_KDF_fetch) ++fi ++ + AC_ARG_WITH([prng-alg], + AC_HELP_STRING([--with-prng-alg=ALG], [use specified PRNG algorithm. @<:@fortuna@:>@]), + [PRNG_ALG=$withval diff --git a/Fix-k5tls-module-for-OpenSSL-3.patch b/Fix-k5tls-module-for-OpenSSL-3.patch index f53a23c..a2b9e34 100644 --- a/Fix-k5tls-module-for-OpenSSL-3.patch +++ b/Fix-k5tls-module-for-OpenSSL-3.patch @@ -1,4 +1,4 @@ -From 7e4429640f69acdd5d4f9caa655c011d8bd736f0 Mon Sep 17 00:00:00 2001 +From 51938a8b731740299fe47d132b8840edba4141bc Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Sat, 29 May 2021 12:05:49 -0400 Subject: [PATCH] Fix k5tls module for OpenSSL 3 @@ -16,6 +16,7 @@ doesn't clear existing options. [ghudson@mit.edu: edited commit message and comment] (cherry picked from commit aa9b4a2a64046afd2fab7cb49c346295874a5fb6) +(cherry picked from commit 201e38845e9f70234bcaa9ba7c25b28e38169b0a) --- src/plugins/tls/k5tls/openssl.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/Fix-softpkcs11-build-issues-with-openssl-3.0.patch b/Fix-softpkcs11-build-issues-with-openssl-3.0.patch index 184c1bf..ba5a8b5 100644 --- a/Fix-softpkcs11-build-issues-with-openssl-3.0.patch +++ b/Fix-softpkcs11-build-issues-with-openssl-3.0.patch @@ -1,4 +1,4 @@ -From 391379bff864751262dbcedb897f2c2dd394345f Mon Sep 17 00:00:00 2001 +From f85a818fe1a7438db7e1ea579818da67e0be017d Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Sat, 15 May 2021 17:35:25 -0400 Subject: [PATCH] Fix softpkcs11 build issues with openssl 3.0 @@ -17,6 +17,7 @@ Move several argument validation checks to the top of their functions. Fix some incorrect/inconsistent log messages. (cherry picked from commit 00de1aad7b3647b91017c7009b0bc65cd0c8b2e0) +(cherry picked from commit a86b780ef275b35e8dc1e6d1886ec8e8d941f7c4) --- src/tests/softpkcs11/main.c | 360 ++++++++++++++---------------------- 1 file changed, 141 insertions(+), 219 deletions(-) diff --git a/Handle-OpenSSL-3-s-providers.patch b/Handle-OpenSSL-3-s-providers.patch new file mode 100644 index 0000000..d7b0d90 --- /dev/null +++ b/Handle-OpenSSL-3-s-providers.patch @@ -0,0 +1,301 @@ +From e3f3d31a3db23f6c8437cd0efe45f67a7f4fc6aa Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Sat, 15 May 2021 21:18:06 -0400 +Subject: [PATCH] Handle OpenSSL 3's providers + +OpenSSL 3 compartmentalizes what algorithms it uses, which for us means +another hoop to jump through to use dubious cryptography. (Right now, +we need to load "legacy" in order to access MD4 and RC4.) + +Use our normal initializer logic to set up providers both in the OpenSSL +provider an the PKINIT plugin. Since DT_FINI is too late, release them +using atexit() as OpenSSL does. + +(cherry picked from commit bea5a703a06da1f1ab56821b77a2d3661cb0dda4) +[rharwood@redhat.com: work around des3 removal and rc4 fips changes] +--- + src/configure.ac | 1 + + src/lib/crypto/openssl/enc_provider/aes.c | 16 ++++++ + .../crypto/openssl/enc_provider/camellia.c | 16 ++++++ + src/lib/crypto/openssl/enc_provider/rc4.c | 4 ++ + .../crypto/openssl/hash_provider/hash_evp.c | 5 ++ + src/lib/crypto/openssl/init.c | 53 +++++++++++++++++++ + src/plugins/preauth/pkinit/Makefile.in | 1 + + .../preauth/pkinit/pkinit_crypto_openssl.c | 33 ++++++++++-- + 8 files changed, 126 insertions(+), 3 deletions(-) + +diff --git a/src/configure.ac b/src/configure.ac +index 9c2e816fe..20066918b 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -284,6 +284,7 @@ AC_SUBST(CRYPTO_IMPL_LIBS) + + if test "$CRYPTO_IMPL" = openssl; then + AC_CHECK_FUNCS(EVP_KDF_fetch) ++ AC_CHECK_FUNCS(OSSL_PROVIDER_load) + fi + + AC_ARG_WITH([prng-alg], +diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c +index 6b4622fe9..31c90a69d 100644 +--- a/src/lib/crypto/openssl/enc_provider/aes.c ++++ b/src/lib/crypto/openssl/enc_provider/aes.c +@@ -68,6 +68,10 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx; + struct iov_cursor cursor; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; +@@ -102,6 +106,10 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx; + struct iov_cursor cursor; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; +@@ -137,6 +145,10 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + struct iov_cursor cursor; + AES_KEY enck; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + memset(iv_cts,0,sizeof(iv_cts)); + if (ivec && ivec->data){ + if (ivec->length != sizeof(iv_cts)) +@@ -190,6 +202,10 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + struct iov_cursor cursor; + AES_KEY deck; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + memset(iv_cts,0,sizeof(iv_cts)); + if (ivec && ivec->data){ + if (ivec->length != sizeof(iv_cts)) +diff --git a/src/lib/crypto/openssl/enc_provider/camellia.c b/src/lib/crypto/openssl/enc_provider/camellia.c +index f79679a0b..7cc7fc6fb 100644 +--- a/src/lib/crypto/openssl/enc_provider/camellia.c ++++ b/src/lib/crypto/openssl/enc_provider/camellia.c +@@ -92,6 +92,10 @@ cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx; + struct iov_cursor cursor; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; +@@ -126,6 +130,10 @@ cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx; + struct iov_cursor cursor; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return ENOMEM; +@@ -161,6 +169,10 @@ cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + struct iov_cursor cursor; + CAMELLIA_KEY enck; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + memset(iv_cts,0,sizeof(iv_cts)); + if (ivec && ivec->data){ + if (ivec->length != sizeof(iv_cts)) +@@ -214,6 +226,10 @@ cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data, + struct iov_cursor cursor; + CAMELLIA_KEY deck; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + memset(iv_cts,0,sizeof(iv_cts)); + if (ivec && ivec->data){ + if (ivec->length != sizeof(iv_cts)) +diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c +index 9bf407899..a10cb5192 100644 +--- a/src/lib/crypto/openssl/enc_provider/rc4.c ++++ b/src/lib/crypto/openssl/enc_provider/rc4.c +@@ -66,6 +66,10 @@ k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data, + EVP_CIPHER_CTX *ctx = NULL; + struct arcfour_state *arcstate; + ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; ++ + if (FIPS_mode()) + return KRB5_CRYPTO_INTERNAL; + +diff --git a/src/lib/crypto/openssl/hash_provider/hash_evp.c b/src/lib/crypto/openssl/hash_provider/hash_evp.c +index 2eb5139c0..09d7b3896 100644 +--- a/src/lib/crypto/openssl/hash_provider/hash_evp.c ++++ b/src/lib/crypto/openssl/hash_provider/hash_evp.c +@@ -41,6 +41,11 @@ hash_evp(const EVP_MD *type, const krb5_crypto_iov *data, size_t num_data, + const krb5_data *d; + size_t i; + int ok; ++ krb5_error_code ret; ++ ++ ret = krb5int_crypto_init(); ++ if (ret) ++ return ret; + + if (output->length != (unsigned int)EVP_MD_size(type)) + return KRB5_CRYPTO_INTERNAL; +diff --git a/src/lib/crypto/openssl/init.c b/src/lib/crypto/openssl/init.c +index 1139bce53..f72dbfe81 100644 +--- a/src/lib/crypto/openssl/init.c ++++ b/src/lib/crypto/openssl/init.c +@@ -26,12 +26,65 @@ + + #include "crypto_int.h" + ++#ifdef HAVE_OSSL_PROVIDER_LOAD ++ ++/* ++ * Starting in OpenSSL 3, algorithms are grouped into containers called ++ * "providers", not all of which are loaded by default. At time of writing, ++ * we need MD4 and RC4 from the legacy provider. Oddly, 3DES is not in ++ * legacy. ++ */ ++ ++#include ++ ++static OSSL_PROVIDER *legacy_provider = NULL; ++static OSSL_PROVIDER *default_provider = NULL; ++ ++static void ++unload_providers(void) ++{ ++ if (default_provider != NULL) ++ (void)OSSL_PROVIDER_unload(default_provider); ++ if (legacy_provider != NULL) ++ (void)OSSL_PROVIDER_unload(legacy_provider); ++ default_provider = NULL; ++ legacy_provider = NULL; ++} ++ ++int ++krb5int_crypto_impl_init(void) ++{ ++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); ++ default_provider = OSSL_PROVIDER_load(NULL, "default"); ++ ++ /* ++ * Someone might build openssl without the legacy provider. They will ++ * have a bad time, but some things will still work. I don't know think ++ * this configuration is worth supporting. ++ */ ++ if (legacy_provider == NULL || default_provider == NULL) ++ abort(); ++ ++ /* ++ * If we attempt to do this with our normal LIBFINIFUNC logic (DT_FINI), ++ * OpenSSL will have cleaned itself up by the time we're invoked. OpenSSL ++ * registers its cleanup (OPENSSL_cleanup) with atexit() - do the same and ++ * we'll be higher on the stack. ++ */ ++ atexit(unload_providers); ++ return 0; ++} ++ ++#else /* !HAVE_OSSL_PROVIDER_LOAD */ ++ + int + krb5int_crypto_impl_init(void) + { + return 0; + } + ++#endif ++ + void + krb5int_crypto_impl_cleanup(void) + { +diff --git a/src/plugins/preauth/pkinit/Makefile.in b/src/plugins/preauth/pkinit/Makefile.in +index 15ca0eb48..d20fb18a8 100644 +--- a/src/plugins/preauth/pkinit/Makefile.in ++++ b/src/plugins/preauth/pkinit/Makefile.in +@@ -5,6 +5,7 @@ MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR) + LIBBASE=pkinit + LIBMAJOR=0 + LIBMINOR=0 ++LIBINITFUNC=pkinit_openssl_init + RELDIR=../plugins/preauth/pkinit + # Depends on libk5crypto and libkrb5 + SHLIB_EXPDEPS = \ +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 350c2118a..42e5c581d 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -44,6 +44,13 @@ + #include + #endif + ++#ifdef HAVE_OSSL_PROVIDER_LOAD ++#include ++ ++static OSSL_PROVIDER *legacy_provider = NULL; ++static OSSL_PROVIDER *default_provider = NULL; ++#endif ++ + static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); + static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); + +@@ -2937,12 +2944,32 @@ cleanup: + return retval; + } + ++/* pkinit_openssl_init() and unload_providers() are largely duplicated from ++ * lib/crypto/openssl/init.c - see explanations there. */ ++static void ++unload_providers(void) ++{ ++ if (default_provider != NULL) ++ (void)OSSL_PROVIDER_unload(default_provider); ++ if (legacy_provider != NULL) ++ (void)OSSL_PROVIDER_unload(legacy_provider); ++ default_provider = NULL; ++ legacy_provider = NULL; ++} ++ + int + pkinit_openssl_init() + { +- /* Initialize OpenSSL. */ +- ERR_load_crypto_strings(); +- OpenSSL_add_all_algorithms(); ++#ifdef HAVE_OSSL_PROVIDER_LOAD ++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy"); ++ default_provider = OSSL_PROVIDER_load(NULL, "default"); ++ ++ if (legacy_provider == NULL || default_provider == NULL) ++ abort(); ++ ++ atexit(unload_providers); ++#endif ++ + return 0; + } + diff --git a/Remove-TCL-based-libkadm5-API-tests.patch b/Remove-TCL-based-libkadm5-API-tests.patch new file mode 100644 index 0000000..7819198 --- /dev/null +++ b/Remove-TCL-based-libkadm5-API-tests.patch @@ -0,0 +1,18229 @@ +From ddb189ff95350afc0e3e063016a0f0dd5213dc4c Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 16 Apr 2021 10:24:04 -0400 +Subject: [PATCH] Remove TCL-based libkadm5 API tests + +[antorres@redhat.com: remove diff for .gitignore] +--- + .gitignore | 20 - + doc/kadm5/api-unit-test.tex | 2680 ----------------- + src/config/pre.in | 18 +- + src/configure.ac | 31 +- + src/kadmin/Makefile.in | 2 +- + src/kadmin/testing/Makefile.in | 8 - + src/kadmin/testing/deps | 1 - + src/kadmin/testing/proto/kdc.conf.proto | 16 - + src/kadmin/testing/proto/krb5.conf.proto | 32 - + src/kadmin/testing/proto/ovsec_adm.dict | 3 - + src/kadmin/testing/scripts/Makefile.in | 18 - + src/kadmin/testing/scripts/deps | 1 - + src/kadmin/testing/scripts/env-setup.shin | 104 - + src/kadmin/testing/scripts/init_db | 229 -- + src/kadmin/testing/scripts/start_servers | 69 - + .../testing/scripts/start_servers_local | 157 - + src/kadmin/testing/scripts/stop_servers | 60 - + src/kadmin/testing/scripts/stop_servers_local | 44 - + src/kadmin/testing/tcl/util.t | 58 - + src/kadmin/testing/util/Makefile.in | 42 - + src/kadmin/testing/util/bsddb_dump.c | 65 - + src/kadmin/testing/util/deps | 16 - + src/kadmin/testing/util/tcl_kadm5.c | 2566 ---------------- + src/kadmin/testing/util/tcl_kadm5.h | 3 - + src/kadmin/testing/util/tcl_kadm5_syntax | 57 - + src/kadmin/testing/util/tcl_krb5_hash.c | 167 - + src/kadmin/testing/util/test.c | 38 - + src/lib/kadm5/Makefile.in | 3 +- + src/lib/kadm5/unit-test/Makefile.in | 143 - + src/lib/kadm5/unit-test/api.2/crte-policy.exp | 927 ------ + src/lib/kadm5/unit-test/api.2/get-policy.exp | 199 -- + src/lib/kadm5/unit-test/api.2/mod-policy.exp | 675 ----- + .../api.current/chpass-principal-v2.exp | 68 - + .../api.current/chpass-principal.exp | 176 -- + .../unit-test/api.current/crte-policy.exp | 927 ------ + .../unit-test/api.current/crte-principal.exp | 1336 -------- + .../kadm5/unit-test/api.current/destroy.exp | 203 -- + .../unit-test/api.current/dlte-policy.exp | 208 -- + .../unit-test/api.current/dlte-principal.exp | 253 -- + .../unit-test/api.current/get-policy.exp | 199 -- + .../api.current/get-principal-v2.exp | 250 -- + .../unit-test/api.current/get-principal.exp | 346 --- + .../kadm5/unit-test/api.current/init-v2.exp | 506 ---- + src/lib/kadm5/unit-test/api.current/init.exp | 699 ----- + .../unit-test/api.current/mod-policy.exp | 711 ----- + .../api.current/mod-principal-v2.exp | 115 - + .../unit-test/api.current/mod-principal.exp | 1606 ---------- + .../api.current/randkey-principal-v2.exp | 61 - + .../api.current/randkey-principal.exp | 297 -- + src/lib/kadm5/unit-test/config/unix.exp | 222 -- + src/lib/kadm5/unit-test/deps | 86 - + src/lib/kadm5/unit-test/destroy-test.c | 48 - + src/lib/kadm5/unit-test/diff-files/destroy-1 | 2 - + src/lib/kadm5/unit-test/diff-files/no-diffs | 2 - + src/lib/kadm5/unit-test/handle-test.c | 140 - + src/lib/kadm5/unit-test/init-test.c | 39 - + src/lib/kadm5/unit-test/iter-test.c | 51 - + src/lib/kadm5/unit-test/lib/lib.t | 306 -- + src/lib/kadm5/unit-test/lock-test.c | 105 - + src/lib/kadm5/unit-test/randkey-test.c | 42 - + src/lib/kadm5/unit-test/setkey-test.c | 246 -- + src/lib/kadm5/unit-test/site.exp | 2 - + 62 files changed, 7 insertions(+), 17697 deletions(-) + delete mode 100644 doc/kadm5/api-unit-test.tex + delete mode 100644 src/kadmin/testing/Makefile.in + delete mode 100644 src/kadmin/testing/deps + delete mode 100644 src/kadmin/testing/proto/kdc.conf.proto + delete mode 100644 src/kadmin/testing/proto/krb5.conf.proto + delete mode 100644 src/kadmin/testing/proto/ovsec_adm.dict + delete mode 100644 src/kadmin/testing/scripts/Makefile.in + delete mode 100644 src/kadmin/testing/scripts/deps + delete mode 100755 src/kadmin/testing/scripts/env-setup.shin + delete mode 100755 src/kadmin/testing/scripts/init_db + delete mode 100755 src/kadmin/testing/scripts/start_servers + delete mode 100755 src/kadmin/testing/scripts/start_servers_local + delete mode 100755 src/kadmin/testing/scripts/stop_servers + delete mode 100755 src/kadmin/testing/scripts/stop_servers_local + delete mode 100644 src/kadmin/testing/tcl/util.t + delete mode 100644 src/kadmin/testing/util/Makefile.in + delete mode 100644 src/kadmin/testing/util/bsddb_dump.c + delete mode 100644 src/kadmin/testing/util/deps + delete mode 100644 src/kadmin/testing/util/tcl_kadm5.c + delete mode 100644 src/kadmin/testing/util/tcl_kadm5.h + delete mode 100644 src/kadmin/testing/util/tcl_kadm5_syntax + delete mode 100644 src/kadmin/testing/util/tcl_krb5_hash.c + delete mode 100644 src/kadmin/testing/util/test.c + delete mode 100644 src/lib/kadm5/unit-test/Makefile.in + delete mode 100644 src/lib/kadm5/unit-test/api.2/crte-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.2/get-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.2/mod-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/chpass-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/crte-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/crte-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/destroy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/dlte-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/dlte-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/get-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/get-principal-v2.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/get-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/init-v2.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/init.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/mod-policy.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/mod-principal-v2.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/mod-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp + delete mode 100644 src/lib/kadm5/unit-test/api.current/randkey-principal.exp + delete mode 100644 src/lib/kadm5/unit-test/config/unix.exp + delete mode 100644 src/lib/kadm5/unit-test/deps + delete mode 100644 src/lib/kadm5/unit-test/destroy-test.c + delete mode 100644 src/lib/kadm5/unit-test/diff-files/destroy-1 + delete mode 100644 src/lib/kadm5/unit-test/diff-files/no-diffs + delete mode 100644 src/lib/kadm5/unit-test/handle-test.c + delete mode 100644 src/lib/kadm5/unit-test/init-test.c + delete mode 100644 src/lib/kadm5/unit-test/iter-test.c + delete mode 100644 src/lib/kadm5/unit-test/lib/lib.t + delete mode 100644 src/lib/kadm5/unit-test/lock-test.c + delete mode 100644 src/lib/kadm5/unit-test/randkey-test.c + delete mode 100644 src/lib/kadm5/unit-test/setkey-test.c + delete mode 100644 src/lib/kadm5/unit-test/site.exp + +diff --git a/doc/kadm5/api-unit-test.tex b/doc/kadm5/api-unit-test.tex +deleted file mode 100644 +index 014242037..000000000 +--- a/doc/kadm5/api-unit-test.tex ++++ /dev/null +@@ -1,2680 +0,0 @@ +-% This document is included for historical purposes only, and does not +-% apply to krb5 today. +- +-\documentstyle[times,fullpage]{article} +- +-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +-%% Make _ actually generate an _, and allow line-breaking after it. +-\let\underscore=\_ +-\catcode`_=13 +-\def_{\underscore\penalty75\relax} +-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +- +-\newcommand{\test}[1]{\begin{description} +-\setlength{\itemsep}{0pt} +-#1 +-\end{description} +- +-} +- +-\newcommand{\numtest}[2]{\begin{description} +-\setlength{\itemsep}{0pt} +-\Number{#1} +-#2 +-\end{description} +- +-} +- +-\newcommand{\Number}[1]{\item[Number:] #1} +-\newcommand{\Reason}[1]{\item[Reason:] #1} +-\newcommand{\Expected}[1]{\item[Expected:] #1} +-\newcommand{\Conditions}[1]{\item[Conditions:] #1} +-\newcommand{\Priority}[1]{\item[Priority:] #1} +-\newcommand{\Status}[1]{\item[Status:] #1} +-\newcommand{\Vtwonote}[1]{\item[V2 note:] #1} +-\newcommand{\Version}[1]{\item[Version:] #1} +-\newcommand{\Call}[1]{} +-%\newcommand{\Call}[1]{\item[Call:] #1} +-%\newcommand{\Number}[1]{} +-%\newcommand{\Reason}[1]{} +-%\newcommand{\Expected}[1]{} +-%\newcommand{\Conditions}[1]{} +-%\newcommand{\Priority}[1]{} +- +-\title{KADM5 Admin API\\ +-Unit Test Description} +-\author{Jonathan I. Kamens} +- +-\begin{document} +- +-\maketitle +- +-%\tableofcontents +- +-\section{Introduction} +- +-The following is a description of a black-box unit test of the KADM5 +-API. Each API function is listed, followed by the tests that should be +-performed on it. +- +-The tests described here are based on the ``Kerberos Administration +-System KADM5 API Functional Specifications'', revision 1.68. This +-document was originally written based on the OpenVision API functional +-specifications, version 1.41, dated August 18, 1994, and many +-indications of the original version remain. +- +-All tests which test for success should verify, using some means other +-than the return value of the function being tested, that the requested +-operation was successfully performed. For example: for init, test +-that other operations can be performed after init; for destroy, test +-that other operations can't be performed after destroy; for modify +-functions, verify that all modifications to the database which should +-have taken place did, and that the new, modified data is in effect; +-for get operations, verify that the data retrieved is the data that +-should actually be in the database. +- +-The tests would be better if they compared the actual contents of the +-database before and after each test, rather than relying on the KADM5 +-API to report the results of changes. +- +-Similarly, all tests which test for failure should verify that the +-no component of the requested operation took place. For example: if +-init fails, other operations should not work. If a modify fails, all +-data in the database should be the same as it was before the attempt +-to modify, and the old data should still be what is enforced. +-Furthermore, tests which test for failure should verify that the +-failure code returned is correct for the specific failure condition +-tested. +- +-Most of the tests listed below should be run twice -- once locally on +-the server after linking against the server API library, and once +-talking to the server via authenticated Sun RPC after linking against +-the client API library. Tests which should only be run locally or via +-RPC are labelled with a ``local'' or ``RPC''. +- +-Furthermore, in addition to the tests labelled below, a test should be +-implemented to verify that a client can't perform operations on the +-server through the client API library when it's linked against +-standard Sun RPC instead of OpenV*Secure's authenticated Sun RPC. +-This will require a client with a modified version of ovsec_kadm_init +-which doesn't call auth_gssapi_create. This client should call this +-modified ovsec_kadm_init and then call some other admin API function, +-specifying arguments to both functions that would work if the +-authenticated Sun RPC had been used, but shouldn't if authentication +-wasn't used. The test should verify that the API function call after +-the init doesn't succeed. +- +-There is also another test to see if all the API functions handle getting an +-invalid server handle correctly. This is not done as part of the tests that +-are run through the TCL program cause the TCL program has no way of +-invalidating a server handle. So there is a program that calls init and +-changes the handle magic number, and then attempts to call each API function +-with the corrupted server handle. +- +-A number of tests have been added or changed to correspond with KADM5 +-API version 2. Tests which are only performed against the newer +-version specify the version number in the test description. +- +-\section{ovsec_kadm_init} +- +-\numtest{1}{ +-\Reason{An empty string realm is rejected.} +-\Status{Implemented} +-\Vtwonote{The empty string is now passed as the realm field of the +-parameters structure.} +-} +- +-\numtest{2}{ +-\Reason{A realm containing invalid characters is rejected.} +-\Status{Implemented} +-\Vtwonote{The invalid character is now passed as the realm field of the +-parameters structure.} +-} +- +-\numtest{2.5}{ +-\Reason{A non-existent realm is rejected.} +-\Status{Implemented} +-\Vtwonote{The non-existent realm is now passed as the realm field of the +-parameters structure.} +-} +- +-\numtest{3}{ +-\Reason{A bad service name representing an existing principal +- (different from the client principal) is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Reason{A bad service name representing a non-existent +- principal is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{A bad service name identical to the (existing) client +- name is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Reason{A null password causes password prompting.} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{An empty-string causes password prompting} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{An incorrect password which is the password of another +- user is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Reason{An incorrect password which isn't the password of any +- user is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Reason{A null client_name is rejected.} +-\Status{Implemented} +-} +- +-% Empty string client name is legal. +-%\numtest{11}{ +-%\Reason{An empty-string client_name is rejected.} +-%} +- +-\numtest{12}{ +-\Reason{A client_name referring to a non-existent principal in +- the default realm is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Reason{A client_name referring to a non-existent principal +- with the local realm specified explicitly is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Reason{A client_name referring to a non-existent principal in +- a nonexistent realm is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Reason{A client_name referring to an existing principal in a +- nonexistent realm is rejected.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Reason{Valid invocation.} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Reason{Valid invocation (explicit client realm).} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Reason{Valid invocation (CHANGEPW_SERVICE).} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Reason{Valid invocation (explicit service realm).} +-\Status{Implemented} +-\Vtwonote{The explicit realm is now passed as the realm field of the +-configuration parameters.} +-} +- +-\numtest{20}{ +-\Reason{Valid invocation (database access allowed after init).} +-\Status{Implemented} +-} +- +-%\numtest{21}{ +-%\Reason{Init fails when called twice in a row.} +-%\Status{Implemented} +-%} +- +-\numtest{22}{ +-\Reason{A null password causes master-key prompting.} +-\Conditions{local} +-\Status{Implemented} +-\Vtwonote{Obsolete.} +-} +- +-\numtest{22.5}{ +-\Reason{A empty string password causes master-key prompting.} +-\Conditions{local} +-\Status{Implemented} +-\Vtwonote{Obsolete.} +-} +- +-%\numtest{23}{ +-%\Reason{A non-null password causes reading from the kstash.} +-%\Conditions{local} +-%\Status{Implemented} +-%} +- +-\numtest{24}{ +-\Reason{Null service name is ignored in local invocation.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{25}{ +-\Reason{Non-null service name is ignored in local invocation.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-%\numtest{26}{ +-%\Reason{Can't do ``get'' operation before calling init.} +-%\Status{Implemented} +-%} +- +-%\numtest{27}{ +-%\Reason{Can't do ``add'' operation before calling init.} +-%\Status{Implemented} +-%} +- +-%\numtest{28}{ +-%\Reason{Can't do ``modify'' operation before calling init.} +-%\Status{Implemented} +-%} +- +-%\numtest{29}{ +-%\Reason{Can't do ``delete'' operation before calling init.} +-%\Status{Implemented} +-%} +- +-\numtest{30}{ +-\Reason{Can init after failed init attempt.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{31}{ +-\Priority{High} +-\Reason{Return BAD_STRUCT_VERSION when the mask bits are set to invalid values} +-\Status{Implemented} +-} +- +-\numtest{32}{ +-\Priority{High} +-\Reason{Return BAD_STRUCT_VERSION when the mask bits are not set} +-\Status{Implemented} +-} +- +-\numtest{33}{ +-\Priority{High} +-\Reason{Return OLD_STRUCT_VERSION when attempting to use an old/unsupported +- structure version} +-\Status{Implemented} +-} +- +-\numtest{34}{ +-\Priority{High} +-\Reason{Return NEW_STRUCT_VERSION when attempting to use a newer version of +- of the structure then what is supported} +-\Status{Implemented} +-} +- +-\numtest{35}{ +-\Priority{High} +-\Reason{Return BAD_API_VERSION when the mask bits are set to invalid values} +-\Status{Implemented} +-} +- +-\numtest{36}{ +-\Priority{High} +-\Reason{Return BAD_API_VERSION when the mask bits are not set} +-\Status{Implemented} +-} +- +-\numtest{37}{ +-\Priority{High} +-\Reason{Return OLD_LIB_API_VERSION when using an old/unsuppored +- api version number} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{38}{ +-\Priority{High} +-\Reason{Return OLD_SERVER_API_VERSION attempting to use an +- old/unsupported api version number} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{39}{ +-\Priority{High} +-\Reason{Return NEW_LIB_API_VERSION when using a newer api +- version number then supported} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{40}{ +-\Priority{High} +-\Reason{Return NEW_SERVER_API_VERSION when using a newer api version +- number then supported} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{41}{ +-\Priority{High} +-\Reason{Return BAD_XXX_VERSION when the API and the structure +- version numbers are reversed} +-\Status{Implemented} +-} +- +-\numtest{42}{ +-\Priority{High} +-\Reason{Succeeds when using valid api and struct version numbers and masks} +-\Status{Implemented} +-} +- +-\numtest{43}{ +-\Priority{Low} +-\Reason{Returns two different server handle when called twice with same info} +-} +- +-\numtest{44}{ +-\Priority{Low} +-\Reason{Returns two different server handles when called twice with +- different info} +-} +- +-\numtest{45}{ +-\Priority{Bug fix, secure-install/3390} +-\Reason{Returns SECURE_PRINC_MISSING when ADMIN_SERVICE does not +-exist.} +-\Status{Implemented} +-} +- +-\numtest{46}{ +-\Priority{Bug fix, secure-install/3390} +-\Reason{Returns SECURE_PRINC_MISSING when CHANGEPW_SERVICE does not +-exist.} +-\Status{Implemented} +-} +- +-\numtest{100}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the profile field of the configuration parameters, if +-set.} +-\Status{Implemented} +-} +- +-\numtest{101}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the kadmind_port field of the configuration parameters, +-if set.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{102}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the admin_server field of the configuration parameters, +-if set with only an admin server name.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{102.5}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the admin_server field of the configuration parameters, +-if set with a host name and port number.} +-\Conditions{RPC} +-} +- +-\numtest{103}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the dbname field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{104}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the admin_dbname field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{105}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the admin_lockfile field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{106}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the mkey_from_kbd field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{107}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the stash_file field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{108}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the mkey_name field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{109}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the max_life field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{110}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the max_rlife field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{111}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the expiration field of the configuration parameters, if +-set.} +-\Status{Implemented} +-\Conditions{local} +-} +- +-\numtest{112}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the flags field of the configuration parameters, if +-set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{113}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Obeys the keysalts and num_keysalts field of the configuration +-parameters, if set.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{114}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Returns KADM5_BAD_SERVER_PARAMS if any client-only parameters +-are specified to server-side init.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{115}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Returns KADM5_BAD_CLIENT_PARAMS if any client-only parameters +-are specified to server-side init.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{116}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Two calls to init with clients having different privileges +-succeeds, and both clients maintain their correct privileges.} +-\Priority{Bug fix} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{117}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{The max_life field defaults to value specified in the API +-Functional Specification when kdc.conf is unreadable.} +-\Priority{Bug fix, krb5-admin/18} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{150}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{init_with_creds works when given an open ccache with a valid +-credential for ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{151}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{init_with_creds works when given an open ccache with a valid +-credential for CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{152}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{init_with_creds fails with KRB5_FCC_NOFILE (was +- KADM5_GSS_ERROR) when given an open +-ccache with no credentials.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{153}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{init_with_creds fails with KRB5_CC_NOTFOUND (was +- KADM5_GSS_ERROR) when given an open +-ccache without credentials for ADMIN_SERVICE or CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{154}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{If the KRB5_KDC_PROFILE environment variable is set to a filename +-that does not exist, init fails with ENOENT.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\section{ovsec_kadm_destroy} +- +-\numtest{1}{ +-\Reason{Valid invocation.} +-\Status{Implemented} +-} +- +-%\numtest{2}{ +-%\Reason{Valid invocation (``get'' not allowed after destroy).} +-%\Status{Implemented} +-%} +- +-%\numtest{3}{ +-%\Reason{Valid invocation (``add'' not allowed after destroy).} +-%\Status{Implemented} +-%} +- +-%\numtest{4}{ +-%\Reason{Valid invocation (``modify'' not allowed after destroy).} +-%\Status{Implemented} +-%} +- +-%\numtest{5}{ +-%\Reason{Valid invocation (``delete'' not allowed after destroy).} +-%\Status{Implemented} +-%} +- +-%\numtest{6}{ +-%\Reason{Fails if database not initialized.} +-%\Status{Implemented} +-%} +- +-%\numtest{7}{ +-%\Reason{Fails if invoked twice in a row.} +-%\Status{Implemented} +-%} +- +-\numtest{8}{ +-\Reason{Database can be reinitialized after destroy.} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{client} +-} +- +-\section{ovsec_kadm_create_principal} +- +-%In the tests below, ``getu'' refers to a user who has only ``get'' access, +-%''addu'' refers to a user who has only ``add'' access, ``modifyu'' refers to +-%a user who has only ``modify'' access, and ``deleteu'' refers to a user +-%who has only ``delete'' access. ``amu'' refers to a user with ``add'' and +-%''modify'' access. ``new_princ'' refers to a principal entry structure +-%filled in as follows: +-% +-% krb5_parse_name("newuser", \&new_princ.principal); +-% krb5_timeofday(\&new_princ.princ_expire_time); +-% new_princ.princ_expire_time += 130; +-% krb5_timeofday(\&new_princ.last_pwd_change); +-% new_princ.last_pwd_change += 140; +-% krb5_timeofday(\&new_princ.pw_expiration); +-% new_princ.pw_expiration += 150; +-% new_princ.max_life = 160; +-% krb5_parse_name("usera", \&new_princ.mod_name); +-% krb5_timeofday(\&new_princ.mod_date); +-% new_princ.mod_date += 170; +-% new_princ.attributes = 0xabcdabcd; +-% new_princ.kvno = 180; +-% new_princ.mkvno = 190; +-% new_princ.policy = null; +-% new_princ.aux_attributes = 0xdeadbeef; +-% +-%The offsets of 130 through 190 above are used to ensure that the +-%fields are all known to be different from each other, so that +-%accidentally switched fields can be detected. Some of the fields in +-%this structure may be changed by the tests, but they should clean up +-%after themselves. +- +-%\numtest{1}{ +-%\Reason{Fails if database not initialized.} +-%\Status{Implemented} +-%} +- +-\numtest{2}{ +-\Reason{Fails on null princ argument.} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Reason{Fails on null password argument.} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Reason{Fails on empty-string password argument.} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{Fails when mask contains undefined bit.} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Reason{Fails when mask contains LAST_PWD_CHANGE bit.} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{Fails when mask contains MOD_TIME bit.} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{Fails when mask contains MOD_NAME bit.} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Reason{Fails when mask contains MKVNO bit.} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Reason{Fails when mask contains AUX_ATTRIBUTES bit.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Reason{Fails when mask contains POLICY_CLR bit.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Reason{Fails for caller with no access bits.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Reason{Fails when caller has ``get'' access and not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Reason{Fails when caller has ``modify'' access and not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Reason{Fails when caller has ``delete'' access and not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Reason{Fails when caller connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Reason{Fails on attempt to create existing principal.} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Reason{Fails when password is too short.} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Reason{Fails when password has too few classes.} +-\Status{Implemented} +-} +- +-\numtest{20}{ +-\Reason{Fails when password is in dictionary.} +-\Status{Implemented} +-} +- +-\numtest{21}{ +-\Reason{Nonexistent policy is rejected.} +-\Status{Implemented} +-} +- +-\numtest{22}{ +-\Reason{Fails on invalid principal name.} +-\Status{Implemented} +-} +- +-\numtest{23}{ +-\Reason{Valid invocation.} +-\Status{Implemented} +-} +- +-\numtest{24}{ +-\Reason{Succeeds when caller has ``add'' access and another one.} +-\Status{Implemented} +-} +- +-%\numtest{25}{ +-%\Reason{Fails when password is too short, when override_qual is true.} +-%} +- +-%\numtest{26}{ +-%\Reason{Fails when password has too few classes, when +-% override_qual is true.} +-%} +- +-%\numtest{27}{ +-%\Reason{Fails when password is in dictionary, when override_qual is +-% true.} +-%} +- +-\numtest{28}{ +-\Reason{Succeeds when assigning policy.} +-\Status{Implemented} +-} +- +-\numtest{29}{ +-\Priority{High} +-\Reason{Allows 0 (never) for princ_expire_time.} +-\Status{Implemented} +-} +- +-\numtest{30}{ +-\Reason{Allows 0 (never) for pw_expiration when there's no policy.} +-\Status{Implemented} +-} +- +-\numtest{31}{ +-\Reason{Allows 0 (never) for pw_expiration when there's a policy with +- 0 for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{32}{ +-\Reason{Accepts 0 (never) for pw_expiration when there's a policy with +- non-zero pw_max_life, and sets pw_expiration to zero.} +-\Status{Implemented} +-} +- +-\numtest{33}{ +-\Reason{Accepts and sets non-zero pw_expiration when no policy.} +-\Status{Implemented} +-} +- +-\numtest{34}{ +-\Reason{Accepts and sets non-zero pw_expiration when there's a policy +- with zero pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{35}{ +-\Reason{Accepts and sets non-zero pw_expiration when there's a policy +- with pw_max_life later than the specified pw_expiration.} +-\Status{Implemented} +-} +- +-\numtest{36}{ +-\Reason{Accepts and sets non-zero pw_expiration greater than now_pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{37}{ +-\Priority{High} +-\Reason{Sets pw_expiration to 0 (never) if there's no policy and no +- specified pw_expiration.} +-\Status{Implemented} +-} +- +-\numtest{38}{ +-\Priority{High} +-\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the +- policy has a 0 (never) pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{39}{ +-\Priority{High} +-\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified +- and the policy has a non-zero pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{40}{ +-\Priority{High} +-\Reason{Allows 0 (forever) for max_life.} +-\Status{Implemented} +-} +- +-\numtest{41}{ +-\Priority{High} +-\Reason{Doesn't modify or free mod_name on success.} +-} +- +-\numtest{42}{ +-\Priority{High} +-\Reason{Doesn't modify or free mod_name on failure.} +-} +- +-\numtest{43}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{44}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +- +-\section{ovsec_kadm_delete_principal} +- +-%\numtest{1}{ +-%\Reason{Fails if database not initialized.} +-%\Status{Implemented} +-%} +- +-\numtest{2}{ +-\Reason{Fails on null principal.} +-\Status{Implemented} +-} +- +-% Empty string principal is legal. +-%\numtest{3}{ +-%\Reason{Fails on empty-string principal.} +-%} +- +-% There is not invalid principal names +-%\numtest{4}{ +-%\Reason{Fails on invalid principal name.} +-%} +- +-\numtest{5}{ +-\Priority{High} +-\Reason{Fails on nonexistent principal.} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Priority{High} +-\Reason{Fails when caller connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Priority{High} +-\Reason{Fails if caller has ``add'' access and not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Priority{High} +-\Reason{Fails if caller has ``modify'' access and not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Fails if caller has ``get'' access and not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Priority{High} +-\Reason{Fails if caller has no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Priority{High} +-\Reason{Valid invocation.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Valid invocation (on principal with policy).} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +- +-\section{ovsec_kadm_modify_principal} +- +-%\numtest{1}{ +-%\Reason{Fails if database not initialized.} +-%\Status{Implemented} +-%} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Fails if user connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Reason{Fails on mask with undefined bit set.} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Reason{Fails on mask with PRINCIPAL set.} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Priority{High} +-\Reason{Fails on mask with LAST_PWD_CHANGE set.} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Reason{Fails on mask with MOD_TIME set.} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{Fails on mask with MOD_NAME set.} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{Fails on mask with MKVNO set.} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Fails on mask with AUX_ATTRIBUTES set.} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Reason{Fails on nonexistent principal.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Priority{High} +-\Reason{Fails for user with no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Fails for user with ``get'' access.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Fails for user with ``add'' access.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{High} +-\Reason{Fails for user with ``delete'' access.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Priority{High} +-\Reason{Succeeds for user with ``modify'' access.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Reason{Succeeds for user with ``modify'' and another access.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Priority{High} +-\Reason{Fails when nonexistent policy is specified.} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Priority{High} +-\Reason{Succeeds when existent policy is specified.} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Reason{Updates policy count when setting policy from none.} +-\Status{Implemented} +-} +- +-\numtest{20}{ +-\Reason{Updates policy count when clearing policy from set.} +-\Status{Implemented} +-} +- +-\numtest{21}{ +-\Reason{Updates policy count when setting policy from other policy.} +-\Status{Implemented} +-} +- +-\numtest{21.5}{ +-\Reason{Policy reference count remains unchanged when policy is +- changed to itself.} +-\Status{Implemented.} +-} +- +-\numtest{22}{ +-\Reason{Allows 0 (never) for pw_expiration when there's no policy.} +-\Status{Implemented} +-} +- +-\numtest{23}{ +-\Reason{Allows 0 (never) for pw_expiration when there's a policy with +- 0 for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{24}{ +-\Reason{Accepts 0 (never) for pw_expiration when there's a policy with +- non-zero pw_max_life, but actually sets pw_expiration to +- last_pwd_change + pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{25}{ +-\Reason{Accepts and sets non-zero pw_expiration when no policy.} +-\Status{Implemented} +-} +- +-\numtest{26}{ +-\Reason{Accepts and sets non-zero pw_expiration when there's a policy +- with zero pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{27}{ +-\Reason{Accepts and sets non-zero pw_expiration when there's a policy +- with pw_max_life later than the specified pw_expiration.} +-\Status{Implemented} +-} +- +-\numtest{28}{ +-\Reason{Accepts non-zero pw_expiration and limits it to last_pwd_change + +- pw_max_life when it's later than last_pwd_change + non-zero +- pw_max_life in policy.} +-\Status{Implemented} +-} +- +-\numtest{29}{ +-\Priority{High} +-\Reason{Sets pw_expiration to 0 (never) when a policy is cleared and +-no pw_expiration is specified.} +-\Status{Implemented} +-} +- +-\numtest{30}{ +-\Priority{High} +-\Reason{Sets pw_expiration to 0 (never) if it isn't specified and the +- new policy has a 0 (never) pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{31}{ +-\Priority{High} +-\Reason{Sets pw_expiration to now + pw_max_life if it isn't specified +- and the new policy has a non-zero pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{32}{ +-\Priority{High} +-\Reason{Accepts princ_expire_time change.} +-\Status{Implemented} +-} +- +- +- +-\numtest{33}{ +-\Priority{High} +-\Reason{Accepts attributes change.} +-\Status{Implemented} +-} +- +-\numtest{33.25}{ +-\Priority{High} +-\Reason{Accepts attributes change (KRB5_KDB_REQUIRES_PW_CHANGE).} +-\Status{Implemented} +-} +- +-\numtest{33.5}{ +-\Priority{High} +-\Reason{Accepts attributes change (KRB5_DISALLOW_TGT_BASE).} +-\Status{Implemented} +-} +- +-\numtest{33.75}{ +-\Priority{High} +-\Reason{Accepts attributes change (KRB5_PW_CHANGE_SERVICE).} +-\Status{Implemented} +-} +- +-\numtest{34}{ +-\Priority{High} +-\Reason{Accepts max_life change.} +-\Status{Implemented} +-} +- +-\numtest{35}{ +-\Priority{High} +-\Reason{Accepts kvno change.} +-\Status{Implemented} +-} +- +-\numtest{36}{ +-\Reason{Behaves correctly when policy is set to the same as it was +- before.} +-\Status{Implemented} +-} +- +-\numtest{37}{ +-\Reason{Behaves properly when POLICY_CLR is specified and there was no +- policy before.} +-\Status{Implemented} +-} +- +-\numtest{38}{ +-\Priority{High} +-\Reason{Accepts 0 (never) for princ_expire_time.} +-\Status{Implemented} +-} +- +-\numtest{39}{ +-\Priority{High} +-\Reason{Accepts 0 for max_life.} +-\Status{Implemented} +-} +- +-\numtest{40}{ +-\Reason{Rejects null principal argument.} +-\Status{Implemented} +-} +- +-\numtest{41}{ +-\Priority{High} +-\Reason{Doesn't modify or free mod_name on success.} +-} +- +-\numtest{42}{ +-\Priority{High} +-\Reason{Doesn't modify or free mod_name on failure.} +-} +- +-\numtest{43}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{44}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\numtest{100}{ +-\Version{KADM5_API_VERSION_2} +-\Priority{bug-fix} +-\Reason{Accepts max_rlife change.} +-\Status{Implemented} +-} +- +-\numtest{101}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Rejects last_success change.} +-\Status{Implemented} +-} +- +-\numtest{102}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Rejects last_failed change.} +-\Status{Implemented} +-} +- +-\numtest{103}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Rejects fail_auth_count change.} +-\Status{Implemented} +-} +- +-\numtest{103.5}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Rejects key_data change.} +-\Status{Implemented} +-} +- +-\numtest{104}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Accepts tl_data change when all types are greater than 256.} +-\Status{Implemented} +-} +- +-\numtest{105}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Returns KADM5_BAD_TL_TYPE when given tl_data with a type less +-than 256.} +-\Status{Implemented} +-} +- +-\section{ovsec_kadm_rename_principal} +- +-%\numtest{1}{ +-%\Reason{Fails if database not initialized.} +-%\Status{Implemented} +-%} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Fails if user connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Priority{High} +-\Reason{Fails for user with no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Reason{Fails for user with ``modify'' access and not ``add'' or +-``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{Fails for user with ``get'' access and not ``add'' or +-``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Reason{Fails for user with ``modify'' and ``add'' but not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{Fails for user with ``modify'' and ``delete'' but not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{Fails for user with ``get'' and ``add'' but not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Reason{Fails for user with ``get'' and ``delete'' but not ``add.''} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Reason{Fails for user with ``modify'', ``get'' and ``add'', but not +- ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Reason{Fails for user with ``modify'', ``get'' and ``delete'', but +- not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Fails for user with ``add'' but not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Fails for user with ``delete'' but not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{High} +-\Reason{Succeeds for user with ``add'' and ``delete'', when that user +-has non-name-based salt.} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Priority{High} +-\Reason{Fails if target principal name exists.} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\numtest{18}{ +-\Priority{bug fix} +-\Reason{Returns NO_RENAME_SALT when asked to rename a principal whose +-salt depends on the principal name.} +-\Status{Implemented} +-} +- +-\section{ovsec_kadm_chpass_principal} +-\label{ovseckadmchpassprincipal} +- +-\subsection{Quality/history enforcement tests} +- +-This section lists a series of tests which will be run a number of +-times, with various parameter settings (e.g., which access bits user +-has, whether user connected with ADMIN_SERVICE or CHANGEPW_SERVICE, +-etc.). The table following the +-list of tests gives the various parameter settings under which the +-tests should be run, as well which should succeed and which should +-fail for each choice of parameter settings. +- +-\subsubsection{List of tests} +- +-The test number of each of these tests is an offset from the base +-given in the table below. +- +-\numtest{1}{ +-\Priority{High} +-\Reason{With history setting of 1, change password to itself.} +-} +- +-\numtest{2}{ +-\Reason{With history setting of 2 but no password changes since +- principal creation, change password to itself.} +-} +- +-\numtest{3}{ +-\Reason{With history setting of 2 and one password change since +- principal creation, change password to itself +- and directly previous password.} +-} +- +-\numtest{4}{ +-\Priority{High} +-\Reason{With a history setting of 3 and no password changes, +- change password to itself.} +-} +- +-\numtest{5}{ +-\Priority{High} +-\Reason{With a history setting of 3 and 1 password change, +- change password to itself or previous password.} +-} +- +-\numtest{6}{ +-\Priority{High} +-\Reason{With a history setting of 3 and 2 password changes, +- change password to itself and the two previous passwords.} +-} +- +-\numtest{7}{ +-\Priority{High} +-\Reason{Change to previously unused password when now - +- last_pwd_change $<$ pw_min_life.} +-} +- +-\numtest{8}{ +-\Priority{High} +-\Reason{Change to previously unused password that doesn't contain enough +- character classes.} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Change to previously unused password that's too short.} +-} +- +-\numtest{10}{ +-\Priority{High} +-\Reason{Change to previously unused password that's in the dictionary.} +-} +- +-\subsubsection{List of parameter settings} +- +-In the table below, ``7 passes'' means that test 7 above passes and +-the rest of the tests fail. +- +-\begin{tabular}{llllll} +-Base & Modify access? & Own password? & Service & Pass/Fail \\ \hline +-0 & No & Yes & ADMIN & all fail \\ +-20 & No & Yes & CHANGEPW & all fail \\ +-40 & No & No & ADMIN & all fail \\ +-60 & No & No & CHANGEPW & all fail \\ +-80 & Yes & Yes & ADMIN & 7 passes \\ +-100 & Yes & Yes & CHANGEPW & all fail \\ +-120 & Yes & No & ADMIN & 7 passes \\ +-140 & Yes & No & CHANGEPW & all fail \\ +-\end{tabular} +- +-\subsection{Other quality/history tests} +- +-\numtest{161}{ +-\Priority{High} +-\Reason{With history of 1, can change password to anything other than +- itself that doesn't conflict with other quality +- rules.} +-} +- +-\numtest{162}{ +-\Reason{With history of 2 and 2 password changes, can change password +- to original password.} +-} +- +-\numtest{163}{ +-\Priority{High} +-\Reason{With history of 3 and 3 password changes, can change password +- to original password.} +-} +- +-\numtest{164}{ +-\Priority{High} +-\Reason{Can change password when now - last_pwd_change $>$ pw_min_life.} +-} +- +-\numtest{165}{ +-\Priority{High} +-\Reason{Can change password when it contains exactly the number of +- classes required by the policy.} +-} +- +-\numtest{166}{ +-\Priority{High} +-\Reason{Can change password when it is exactly the length required by +- the policy.} +-} +- +-\numtest{167}{ +-\Priority{High} +-\Reason{Can change password to a word that isn't in the dictionary.} +-} +- +- +-\subsection{Other tests} +- +-%\numtest{168}{ +-%\Reason{Fails if database not initialized.} +-%} +- +-\numtest{169}{ +-\Reason{Fails for non-existent principal.} +-} +- +-\numtest{170}{ +-\Reason{Fails for null password.} +-} +- +-\numtest{171}{ +-\Priority{High} +-\Reason{Fails for empty-string password.} +-} +- +-\numtest{172}{ +-\Priority{High} +-\Reason{Pw_expiration is set to now + max_pw_life if policy exists and +- has non-zero max_pw_life.} +-} +- +-\numtest{173}{ +-\Priority{High} +-\Reason{Pw_expiration is set to 0 if policy exists and has zero +- max_pw_life.} +-} +- +-\numtest{174}{ +-\Priority{High} +-\Reason{Pw_expiration is set to 0 if no policy.} +-} +- +-\numtest{175}{ +-\Priority{High} +-\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when password is +- successfully changed.} +-} +- +-\numtest{176}{ +-\Priority{High} +-\Reason{Fails for user with no access bits, on other's password.} +-} +- +-\numtest{177}{ +-\Priority{High} +-\Reason{Fails for user with ``get'' but not ``modify'' access, on +- other's password.} +-} +- +-\numtest{178}{ +-\Reason{Fails for user with ``delete'' but not ``modify'' access, on +- other's password.} +-} +- +-\numtest{179}{ +-\Reason{Fails for user with ``add'' but not ``modify'' access, on +- other's password.} +-} +- +-\numtest{180}{ +-\Reason{Succeeds for user with ``get'' and ``modify'' access, on +- other's password.} +-\Status{Implemented} +-} +- +-\numtest{180.5}{ +-\Priority{High} +-\Reason{Succeeds for user with ``modify'' but not ``get'' access, on +- other's password.} +-\Conditions{RPC} +-\Status{Implemented} +-} +-\numtest{180.625}{ +-\Priority{High} +-\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE on +- others password} +-\Conditions{RPC} +-\Status{Implemented} +-} +-\numtest{180.75}{ +-\Priority{High} +-\Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE +- on other's password which has expired} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-%\numtest{181}{ +-%\Reason{Password that would succeed if override_qual were false fails +-% if override_qual is true.} +-%\Expected{Returns CANNOT_OVERRIDE.} +-%} +- +-\numtest{182}{ +-\Priority{High} +-\Reason{Can not change key of ovsec_adm/history principal.} +-\Status{Implemented} +-} +- +-\numtest{183}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{184}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\numtest{200}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Creates a key for the principal for each unique encryption +-type/salt type in use.} +-\Status{Implemented} +-} +- +-\section{ovsec_kadm_chpass_principal_util} +- +-Rerun all the tests listed for ovsec_kadm_chpass_principal above in +-Section \ref{ovseckadmchpassprincipal}. Verify that they succeed +-and fail in the same circumstances. Also verify that in each failure +-case, the error message returned in msg_ret is as specified in the +-functional specification. +- +-Also, run the following additional tests. +- +-\numtest{1}{ +-\Reason{Null msg_ret is rejected.} +-} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{New password is put into pw_ret, when it's prompted for.} +-} +- +-\numtest{3}{ +-\Priority{High} +-Reason{New password is put into pw_ret, when it's supplied by the +- caller.} +-} +- +-\numtest{4}{ +-\Priority{High} +-\Reason{Successful invocation when pw_ret is null.} +-} +- +- +- +-\section{ovsec_kadm_randkey_principal} +- +-\subsection{TOOSOON enforcement tests} +- +-This test should be run a number of times, as indicated in the table +-following it. The table also indicates the expected result of each +-run of the test. +- +-\test{ +-\Reason{Change key when now - last_pwd_change $<$ pw_min_life.} +-} +- +-\subsubsection{List of parameter settings} +- +-\begin{tabular}{llllll} +-Number & Modify Access? & Own Key? & Service & Pass/Fail & Implemented? \\ \hline +-1 & No & Yes & ADMIN & fail & Yes \\ +-3 & No & Yes & CHANGEPW & fail & Yes \\ +-5 & No & No & ADMIN & fail \\ +-7 & No & No & CHANGEPW & fail \\ +-9 & Yes & Yes & ADMIN & pass \\ +-11 & Yes & Yes & CHANGEPW & fail \\ +-13 & Yes & No & ADMIN & pass & Yes \\ +-15 & Yes & No & CHANGEPW & fail & Yes \\ +-\end{tabular} +- +-\subsection{Other tests} +- +-\numtest{17}{ +-\Reason{Fails if database not initialized.} +-} +- +-\numtest{18}{ +-\Reason{Fails for non-existent principal.} +-} +- +-\numtest{19}{ +-\Reason{Fails for null keyblock pointer.} +-} +- +-\numtest{20}{ +-\Priority{High} +-\Reason{Pw_expiration is set to now + max_pw_life if policy exists and +- has non-zero max_pw_life.} +-} +- +-\numtest{21}{ +-\Priority{High} +-\Reason{Pw_expiration is set to 0 if policy exists and has zero +- max_pw_life.} +-} +- +-\numtest{22}{ +-\Priority{High} +-\Reason{Pw_expiration is set to 0 if no policy.} +-} +- +-\numtest{23}{ +-\Priority{High} +-\Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when key is +- successfully changed.} +-} +- +-\numtest{24}{ +-\Priority{High} +-\Reason{Fails for user with no access bits, on other's password.} +-} +- +-\numtest{25}{ +-\Priority{High} +-\Reason{Fails for user with ``get'' but not ``modify'' access, on +- other's password.} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{26}{ +-\Reason{Fails for user with ``delete'' but not ``modify'' access, on +- other's password.} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{27}{ +-\Reason{Fails for user with ``add'' but not ``modify'' access, on +- other's password.} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{28}{ +-\Reason{Succeeds for user with ``get'' and ``modify'' access, on +- other's password.} +-\Status{Implemented} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{28.25}{ +-\Priority{High} +-\Reason{Fails for user with get and modify access on others password +- When conneceted with CHANGEPW_SERVICE} +-\Status{Implemented} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{28.5}{ +-\Priority{High} +-\Reason{Succeeds for user with ``modify'' but not ``get'' access, on +- other's password.} +-\Status{Implemented} +-\Vtwonote{Change-password instead of modify access.} +-} +- +-\numtest{29}{ +-\Reason{The new key that's assigned is truly random. XXX not sure how +- to test this.} +-} +- +-\numtest{30}{ +-\Reason{Succeeds for own key, no other access bits when connecting with CHANGEPW service} +-\Status{Implemented} +-} +-\numtest{31}{ +-\Reason{Succeeds for own key, no other access bits when connecting with ADMIM service} +-\Status{Implemented} +-} +- +-\numtest{32}{ +-\Reason{Cannot change ovsec_adm/history key} +-\Status{Implemented} +-} +- +-\numtest{33}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{34}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\numtest{100}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{Returns a key for each unique encryption type specified in the +-keysalts.} +-} +- +-\section{ovsec_kadm_get_principal} +- +-\numtest{1}{ +-\Reason{Fails for null ent.} +-\Status{Implemented} +-} +- +-\numtest{2}{ +-\Reason{Fails for non-existent principal.} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Priority{High} +-\Reason{Fails for user with no access bits, retrieving other principal.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Priority{High} +-\Reason{Fails for user with ``add'' but not ``get'', getting principal +- other than his own, using ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{Fails for user with ``modify'' but not ``get'', getting +- principal other than his own, using ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Reason{Fails for user with ``delete'' but not ``get'', getting +- principal other than his own, using ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{Fails for user with ``delete'' but not ``get'', getting +- principal other than his own, using CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Priority{High} +-\Reason{Fails for user with ``get'', getting principal other than his +- own, using CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Succeeds for user without ``get'', retrieving self, using +- ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Reason{Succeeds for user without ``get'', retrieving self, using +- CHANGEPW_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Reason{Succeeds for user with ``get'', retrieving self, using +- ADMIN_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Reason{Succeeds for user with ``get'', retrieving self, using +- CHANGEPW_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Succeeds for user with ``get'', retrieving other user, using +- ADMIN_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Reason{Succeeds for user with ``get'' and ``modify'', retrieving +- other principal, using ADMIN_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\numtest{100}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{If KADM5_PRINCIPAL_NORMAL_MASK is specified, the key_data and +-tl_data fields are NULL/zero.} +-\Status{Implemented} +-} +- +-\numtest{101}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{If KADM5_KEY_DATA is specified, the key_data fields contain +-data but the contents are all NULL.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{102}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{If KADM5_KEY_DATA is specified, the key_data fields contain +-data and the contents are all non-NULL.} +-\Conditions{local} +-\Status{Implemented} +-} +- +-\numtest{103}{ +-\Version{KADM5_API_VERSION_2} +-\Reason{If KADM5_TL_DATA is specified, the tl_data field contains the +-correct tl_data and no entries whose type is less than 256.} +-\Status{Implemented} +-} +- +- +-\section{ovsec_kadm_create_policy} +- +-\numtest{1}{ +-\Reason{Fails for mask with undefined bit set.} +-\Status{Implemented - untested} +-} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Fails if caller connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Reason{Fails for mask without POLICY bit set.} +-\Status{Implemented - untested} +-} +- +-\numtest{4}{ +-\Reason{Fails for mask with REF_COUNT bit set.} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{Fails for invalid policy name.} +-\Status{Implemented - untested} +-} +- +-\numtest{6}{ +-\Priority{High} +-\Reason{Fails for existing policy name.} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Reason{Fails for null policy name.} +-\Status{Implemented - untested} +-} +- +-\numtest{8}{ +-\Priority{High} +-\Reason{Fails for empty-string policy name.} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Accepts 0 for pw_min_life.} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_min_life.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Priority{High} +-\Reason{Accepts 0 for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Rejects 0 for pw_min_length.} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_min_length.} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Priority{High} +-\Reason{Rejects 0 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Priority{High} +-\Reason{Accepts 1 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Priority{High} +-\Reason{Accepts 4 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Priority{High} +-\Reason{Rejects 5 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Priority{High} +-\Reason{Rejects 0 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{20}{ +-\Priority{High} +-\Reason{Accepts 1 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{21}{ +-\Priority{High} +-\Reason{Accepts 10 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{21.5}{ +-\Reason{Rejects 11 for pw_history_num.} +-\Status{Implemented - untested} +-} +- +-\numtest{22}{ +-\Priority{High} +-\Reason{Fails for user with no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{23}{ +-\Priority{High} +-\Reason{Fails for user with ``get'' but not ``add''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{24}{ +-\Reason{Fails for user with ``modify'' but not ``add.''} +-\Conditions{RPC} +-\Status{Implemented - untested} +-} +- +-\numtest{25}{ +-\Reason{Fails for user with ``delete'' but not ``add.''} +-\Conditions{RPC} +-\Status{Implemented - untested} +-} +- +-\numtest{26}{ +-\Priority{High} +-\Reason{Succeeds for user with ``add.''} +-\Status{Implemented} +-} +- +-\numtest{27}{ +-\Reason{Succeeds for user with ``get'' and ``add.''} +-\Status{Implemented - untested} +-} +- +-\numtest{28}{ +-\Reason{Rejects null policy argument.} +-\Status{Implemented - untested} +-} +- +-\numtest{29}{ +-\Reason{Rejects pw_min_life greater than pw_max_life.} +-} +- +-\numtest{30}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{31}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +- +-\section{ovsec_kadm_delete_policy} +- +-\numtest{1}{ +-\Reason{Fails for null policy name.} +-} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Fails for empty-string policy name.} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Reason{Fails for non-existent policy name.} +-} +- +-\numtest{4}{ +-\Reason{Fails for bad policy name.} +-} +- +-\numtest{5}{ +-\Priority{High} +-\Reason{Fails if caller connected with CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{6}{ +-\Priority{High} +-\Reason{Fails for user with no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Priority{High} +-\Reason{Fails for user with ``add'' but not ``delete''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{Fails for user with ``modify'' but not ``delete''.} +-\Conditions{RPC} +-} +- +-\numtest{9}{ +-\Reason{Fails for user with ``get'' but not ``delete.''} +-\Conditions{RPC} +-} +- +-\numtest{10}{ +-\Priority{High} +-\Reason{Succeeds for user with only ``delete''.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Reason{Succeeds for user with ``delete'' and ``add''.} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Fails for policy with non-zero reference count.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +- +-\section{ovsec_kadm_modify_policy} +- +-\numtest{1}{ +-\Reason{Fails for mask with undefined bit set.} +-\Conditions{RPC} +-} +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Fails if caller connected with CHANGEPW_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{3}{ +-\Reason{Fails for mask with POLICY bit set.} +-} +- +-\numtest{4}{ +-\Reason{Fails for mask with REF_COUNT bit set.} +-\Status{Implemented} +-} +- +-\numtest{5}{ +-\Reason{Fails for invalid policy name.} +-} +- +-\numtest{6}{ +-\Reason{Fails for non-existent policy name.} +-} +- +-\numtest{7}{ +-\Reason{Fails for null policy name.} +-} +- +-\numtest{8}{ +-\Priority{High} +-\Reason{Fails for empty-string policy name.} +-\Status{Implemented} +-} +- +-\numtest{9}{ +-\Priority{High} +-\Reason{Accepts 0 for pw_min_life.} +-\Status{Implemented} +-} +- +-\numtest{10}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_min_life.} +-\Status{Implemented} +-} +- +-\numtest{11}{ +-\Priority{High} +-\Reason{Accepts 0 for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_max_life.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Priority{High} +-\Reason{Accepts 0 for pw_min_length.} +-\Status{Implemented} +-} +- +-\numtest{14}{ +-\Priority{High} +-\Reason{Accepts non-zero for pw_min_length.} +-\Status{Implemented} +-} +- +-\numtest{15}{ +-\Priority{High} +-\Reason{Rejects 0 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{16}{ +-\Priority{High} +-\Reason{Accepts 1 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Priority{High} +-\Reason{Accepts 4 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Priority{High} +-\Reason{Rejects 5 for pw_min_classes.} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Priority{High} +-\Reason{Rejects 0 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{20}{ +-\Priority{High} +-\Reason{Accepts 1 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{21}{ +-\Priority{High} +-\Reason{Accepts 10 for pw_history_num.} +-\Status{Implemented} +-} +- +-\numtest{22}{ +-\Priority{High} +-\Reason{Fails for user with no access bits.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{23}{ +-\Priority{High} +-\Reason{Fails for user with ``get'' but not ``modify''.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{24}{ +-\Reason{Fails for user with ``add'' but not ``modify.''} +-\Conditions{RPC} +-} +- +-\numtest{25}{ +-\Reason{Fails for user with ``delete'' but not ``modify.''} +-\Conditions{RPC} +-} +- +-\numtest{26}{ +-\Priority{High} +-\Reason{Succeeds for user with ``modify.''} +-\Status{Implemented} +-} +- +-\numtest{27}{ +-\Reason{Succeeds for user with ``get'' and ``modify.''} +-} +- +-\numtest{28}{ +-\Reason{Rejects null policy argument.} +-} +- +-\numtest{29}{ +-\Reason{Rejects change which makes pw_min_life greater than +- pw_max_life.} +-} +- +-\numtest{30}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{31}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +-\section{ovsec_kadm_get_policy} +- +-\numtest{1}{ +-\Reason{Fails for null policy.} +-} +- +-\numtest{2}{ +-\Reason{Fails for invalid policy name.} +-} +- +-\numtest{3}{ +-\Priority{High} +-\Reason{Fails for empty-string policy name.} +-\Status{Implemented} +-} +- +-\numtest{4}{ +-\Reason{Fails for non-existent policy name.} +-} +- +-\numtest{5}{ +-\Reason{Fails for null ent.} +-} +- +-\numtest{6}{ +-\Priority{High} +-\Reason{Fails for user with no access bits trying to get other's +- policy, using ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{7}{ +-\Priority{High} +-\Reason{Fails for user with ``add'' but not ``get'' trying to get +- other's policy, using ADMIN_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{8}{ +-\Reason{Fails for user with ``modify'' but not ``get'' trying to get +- other's policy, using ADMIN_SERVICE.} +-\Conditions{RPC} +-} +- +-\numtest{9}{ +-\Reason{Fails for user with ``delete'' but not ``get'' trying to get +- other's policy, using ADMIN_SERVICE.} +-\Conditions{RPC} +-} +- +-\numtest{10}{ +-\Reason{Fails for user with ``delete'' but not ``get'' trying to get +- other's policy, using CHANGEPW_SERVICE.} +-\Conditions{RPC} +-} +- +-\numtest{11}{ +-\Priority{High} +-\Reason{Succeeds for user with only ``get'', trying to get own policy, +- using ADMIN_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{12}{ +-\Priority{High} +-\Reason{Succeeds for user with only ``get'', trying to get own policy, +- using CHANGEPW_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{13}{ +-\Reason{Succeeds for user with ``add'' and ``get'', trying to get own +- policy, using ADMIN_SERVICE.} +-} +- +-\numtest{14}{ +-\Reason{Succeeds for user with ``add'' and ``get'', trying to get own +- policy, using CHANGEPW_SERVICE.} +-} +- +-\numtest{15}{ +-\Reason{Succeeds for user without ``get'', trying to get own policy, +- using ADMIN_SERVICE.} +-} +- +-\numtest{16}{ +-\Priority{High} +-\Reason{Succeeds for user without ``get'', trying to get own policy, +- using CHANGEPW_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{17}{ +-\Priority{High} +-\Reason{Succeeds for user with ``get'', trying to get other's policy, +- using ADMIN_SERVICE.} +-\Status{Implemented} +-} +- +-\numtest{18}{ +-\Priority{High} +-\Reason{Fails for user with ``get'', trying to get other's policy, +- using CHANGEPW_SERVICE.} +-\Conditions{RPC} +-\Status{Implemented} +-} +- +-\numtest{19}{ +-\Reason{Succeeds for user with ``modify'' and ``get'', trying to get +- other's policy, using ADMIN_SERVICE.} +-} +- +-\numtest{20}{ +-\Reason{Fails for user with ``modify'' and ``get'', trying to get +- other's policy, using CHANGEPW_SERVICE.} +-} +- +-\numtest{21}{ +-\Priority{High} +-\Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in} +-\Status{Implemented} +-} +- +-\numtest{22}{ +-\Priority{Low} +-\Reason{Connects to correct server when multiple handles exist} +-\Conditions{RPC} +-} +- +- +-\section{ovsec_kadm_free_principal_ent} +- +-In addition to the tests listed here, a memory-leak detector such as +-TestCenter, Purify or dbmalloc should be used to verify that the +-memory freed by this function is really freed. +- +-\numtest{1}{ +-\Reason{Null princ succeeds.} +-} +- +-\numtest{2}{ +-\Reason{Non-null princ succeeds.} +-} +- +- +-\section{ovsec_kadm_free_policy_ent} +- +-In addition to the tests listed here, a memory-leak detector such as +-TestCenter, Purify or dbmalloc should be used to verify that the +-memory freed by this function is really freed. +- +-\numtest{1}{ +-\Reason{Null policy succeeds.} +-} +- +-\numtest{2}{ +-\Reason{Non-null policy succeeds.} +-} +- +- +- +-\section{ovsec_kadm_get_privs} +- +-\numtest{1}{ +-\Reason{Fails for null pointer argument.} +-} +- +-This test should be run with the 16 possible combinations of access +-bits (since there are 4 access bits, there are $2^4 = 16$ possible +-combinations of them): +- +-\numtest{2}{ +-\Priority{High} +-\Reason{Returns correct bit mask for access bits of user.} +-\Conditions{RPC} +-} +- +-This test should be run locally: +- +-\numtest{3}{ +-\Priority{High} +-\Reason{Returns 0x0f.} +-\Conditions{local} +-} +- +-\end{document} +diff --git a/src/config/pre.in b/src/config/pre.in +index 3752174c7..b2d17b077 100644 +--- a/src/config/pre.in ++++ b/src/config/pre.in +@@ -228,16 +228,8 @@ KRB5_INCSUBDIRS = \ + $(KRB5_INCDIR)/gssapi \ + $(KRB5_INCDIR)/gssrpc + +-# +-# Macros used by the KADM5 (OV-based) unit test system. +-# XXX check which of these are actually used! +-# + SKIPTESTS = $(BUILDTOP)/skiptests +-TESTDIR = $(BUILDTOP)/kadmin/testing +-STESTDIR = $(top_srcdir)/kadmin/testing +-ENV_SETUP = $(TESTDIR)/scripts/env-setup.sh +-CLNTTCL = $(TESTDIR)/util/kadm5_clnt_tcl +-SRVTCL = $(TESTDIR)/util/kadm5_srv_tcl ++ + # Dejagnu variables. + # We have to set the host with --host so that setup_xfail will work. + # If we don't set it, then the host type used is "native", which +@@ -249,14 +241,6 @@ RUNTEST = runtest $(DEJAFLAGS) + RUNPYTEST = PYTHONPATH=$(top_srcdir)/util VALGRIND="$(VALGRIND)" \ + $(PYTHON) + +-START_SERVERS = $(STESTDIR)/scripts/start_servers $(TEST_SERVER) $(TEST_PATH) +-START_SERVERS_LOCAL = $(STESTDIR)/scripts/start_servers_local +- +-STOP_SERVERS = $(STESTDIR)/scripts/stop_servers $(TEST_SERVER) $(TEST_PATH) +-STOP_SERVERS_LOCAL = $(STESTDIR)/scripts/stop_servers_local +-# +-# End of macros for the KADM5 unit test system. +-# + + transform = @program_transform_name@ + +diff --git a/src/configure.ac b/src/configure.ac +index 61778dcd0..4f16fee45 100644 +--- a/src/configure.ac ++++ b/src/configure.ac +@@ -991,33 +991,9 @@ ath_compat= + AC_ARG_ENABLE([athena], + [ --enable-athena build with MIT Project Athena configuration], + ath_compat=compat,) +-# The following are tests for the presence of programs required for +-# kadmin testing. +-AC_CHECK_PROG(have_RUNTEST,runtest,runtest) +-AC_CHECK_PROG(have_PERL,perl,perl) +-if test "$have_PERL" = perl -a "$have_RUNTEST" = runtest -a "$TCL_LIBS" != ""; then +- DO_TEST=ok +-fi +-AC_SUBST(DO_TEST) +- +-# The following are substituted into kadmin/testing/scripts/env-setup.sh +-RBUILD=`pwd` +-AC_SUBST(RBUILD) +-case "$srcdir" in +-/*) S_TOP=$srcdir ;; +-*) S_TOP=`pwd`/$srcdir ;; +-esac +-AC_SUBST(S_TOP) +-AC_PATH_PROG(EXPECT,expect) +-# For kadmin/testing/util/Makefile.in +-if test "$TCL_LIBS" != "" ; then +- DO_ALL=tcl +-fi +-AC_SUBST(DO_ALL) ++ + KRB5_AC_PRIOCNTL_HACK +-K5_GEN_FILE(kadmin/testing/scripts/env-setup.sh:kadmin/testing/scripts/env-setup.shin) +-# for lib/kadm5 +-AC_CHECK_PROG(RUNTEST,runtest,runtest) ++ + AC_CHECK_PROG(PERL,perl,perl) + + # lib/gssapi +@@ -1552,7 +1528,7 @@ V5_AC_OUTPUT_MAKEFILE(. + + lib/rpc lib/rpc/unit-test + +- lib/kadm5 lib/kadm5/clnt lib/kadm5/srv lib/kadm5/unit-test ++ lib/kadm5 lib/kadm5/clnt lib/kadm5/srv + lib/krad + lib/apputils + +@@ -1588,7 +1564,6 @@ V5_AC_OUTPUT_MAKEFILE(. + clients/kdestroy clients/kpasswd clients/ksu clients/kswitch + + kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server +- kadmin/testing kadmin/testing/scripts kadmin/testing/util + + appl + appl/sample appl/sample/sclient appl/sample/sserver +diff --git a/src/kadmin/Makefile.in b/src/kadmin/Makefile.in +index f4061f4f7..87cfa43fd 100644 +--- a/src/kadmin/Makefile.in ++++ b/src/kadmin/Makefile.in +@@ -1,6 +1,6 @@ + mydir=kadmin + BUILDTOP=$(REL).. +-SUBDIRS = cli dbutil ktutil server testing ++SUBDIRS = cli dbutil ktutil server + + all: + +diff --git a/src/kadmin/testing/Makefile.in b/src/kadmin/testing/Makefile.in +deleted file mode 100644 +index 5b803cb23..000000000 +--- a/src/kadmin/testing/Makefile.in ++++ /dev/null +@@ -1,8 +0,0 @@ +-mydir=kadmin$(S)testing +-BUILDTOP=$(REL)..$(S).. +-SUBDIRS = scripts util +- +-all: +- +-clean: +- -$(RM) -r krb5-test-root admin_* init-* *.rcache2 ovsec-* +diff --git a/src/kadmin/testing/deps b/src/kadmin/testing/deps +deleted file mode 100644 +index 2feac3c9d..000000000 +--- a/src/kadmin/testing/deps ++++ /dev/null +@@ -1 +0,0 @@ +-# No dependencies here. +diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto +deleted file mode 100644 +index 8a4b87de1..000000000 +--- a/src/kadmin/testing/proto/kdc.conf.proto ++++ /dev/null +@@ -1,16 +0,0 @@ +-[kdcdefaults] +- kdc_listen = 1750 +- kdc_tcp_listen = 1750 +- +-[realms] +- __REALM__ = { +- profile = __K5ROOT__/krb5.conf +- database_name = __K5ROOT__/kdb5 +- key_stash_file = __K5ROOT__/.k5.__REALM__ +- acl_file = __K5ROOT__/ovsec_adm.acl +- dict_file = __K5ROOT__/ovsec_adm.dict +- kadmind_port = 1751 +- kpasswd_port = 1752 +- master_key_type = des3-hmac-sha1 +- supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal +- } +diff --git a/src/kadmin/testing/proto/krb5.conf.proto b/src/kadmin/testing/proto/krb5.conf.proto +deleted file mode 100644 +index a1c57119c..000000000 +--- a/src/kadmin/testing/proto/krb5.conf.proto ++++ /dev/null +@@ -1,32 +0,0 @@ +-[libdefaults] +- default_realm = __REALM__ +- default_keytab_name = FILE:__K5ROOT__/keytab +- dns_fallback = no +- dns_canonicalize_hostname = fallback +- qualify_shortname = "" +- plugin_base_dir = __PLUGIN_DIR__ +- allow_weak_crypto = true +- +-[realms] +- __REALM__ = { +- kdc = __HOSTNAME__:1750 +- admin_server = __HOSTNAME__:1751 +- database_module = foobar_db2_module_blah +- } +- +-[domain_realm] +- __HOSTNAME__ = __REALM__ +- +-[logging] +- admin_server = FILE:__K5ROOT__/syslog +- kdc = FILE:__K5ROOT__/syslog +- default = FILE:__K5ROOT__/syslog +- +- +-# THIS SHOULD BE IN KDC.CONF INSTEAD! +-[dbmodules] +- db_module_dir = __MODDIR__ +- foobar_db2_module_blah = { +- db_library = db2 +- database_name = __K5ROOT__/kdb5 +- } +diff --git a/src/kadmin/testing/proto/ovsec_adm.dict b/src/kadmin/testing/proto/ovsec_adm.dict +deleted file mode 100644 +index b54e3a85e..000000000 +--- a/src/kadmin/testing/proto/ovsec_adm.dict ++++ /dev/null +@@ -1,3 +0,0 @@ +-Abyssinia +-Discordianism +-foo +diff --git a/src/kadmin/testing/scripts/Makefile.in b/src/kadmin/testing/scripts/Makefile.in +deleted file mode 100644 +index 635930511..000000000 +--- a/src/kadmin/testing/scripts/Makefile.in ++++ /dev/null +@@ -1,18 +0,0 @@ +-mydir=kadmin$(S)testing$(S)scripts +-BUILDTOP=$(REL)..$(S)..$(S).. +- +-all: env-setup.sh runenv.sh $(GEN_SCRIPTS) +- +-# Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5 +-# makefile post-processing is unconditional and would trash the makefile. +-env-setup.sh: env-setup.stamp +-env-setup.stamp: $(srcdir)/env-setup.shin $(BUILDTOP)/config.status \ +- Makefile +- (cd $(BUILDTOP) && \ +- CONFIG_FILES=$(mydir)/env-setup.sh:$(mydir)/env-setup.shin $(SHELL) \ +- config.status) +- chmod +x env-setup.sh +- touch env-setup.stamp +- +-clean: +- -rm -f env-setup.sh env-setup.stamp +diff --git a/src/kadmin/testing/scripts/deps b/src/kadmin/testing/scripts/deps +deleted file mode 100644 +index 2feac3c9d..000000000 +--- a/src/kadmin/testing/scripts/deps ++++ /dev/null +@@ -1 +0,0 @@ +-# No dependencies here. +diff --git a/src/kadmin/testing/scripts/env-setup.shin b/src/kadmin/testing/scripts/env-setup.shin +deleted file mode 100755 +index 88f8ad1aa..000000000 +--- a/src/kadmin/testing/scripts/env-setup.shin ++++ /dev/null +@@ -1,104 +0,0 @@ +-#!/bin/sh +-# +-# The KADM5 unit tests were developed to work under gmake. As a +-# result, they expect to inherit a number of environment variables. +-# Rather than rewrite the tests, we simply use this script as an +-# execution wrapper that sets all the necessary environment variables +-# before running the program specified on its command line. +-# +-# The variable settings all came from OV's config.mk. +-# +-# Usage: env-setup.sh +-# +- +-TOP=@RBUILD@/kadmin +-STOP=@S_TOP@/kadmin +-export TOP +-export STOP +-# These two may be needed in case $libdir references them. +-prefix=@prefix@ +-exec_prefix=@exec_prefix@ +-libdir=@libdir@ ; eval "libdir=$libdir"; export libdir +- +-# The shared library run time setup +-TOPLIBD=@RBUILD@/lib +-PROG_LIBPATH=-L@RBUILD@/lib +-BUILDTOP=@RBUILD@ +-# XXX kludge! +-PROG_RPATH=@RBUILD@/lib +-# This converts $(TOPLIBD) to $TOPLIBD +-cat > /tmp/env_setup$$ <<\EOF +-@KRB5_RUN_ENV@ +-EOF +- +-foo=`sed -e 's/(//g' -e 's/)//g' -e 's/\\\$\\\$/\$/g' /tmp/env_setup$$` +-eval $foo +-export @KRB5_RUN_VARS@ +- +-# This will get put in setup.csh for convenience +-KRB5_RUN_ENV_CSH=`eval echo "$foo" | \ +- sed -e 's/\([^=]*\)=\(.*\)/setenv \1 \2/g'` +-export KRB5_RUN_ENV_CSH +-rm /tmp/env_setup$$ +- +-TESTDIR=$TOP/testing; export TESTDIR +-STESTDIR=$STOP/testing; export STESTDIR +-if [ "$K5ROOT" = "" ]; then +- K5ROOT="`cd $TESTDIR; pwd`/krb5-test-root" +- export K5ROOT +-fi +- +-# If $VERBOSE_TEST is non-null, enter verbose mode. Set $VERBOSE to +-# true or false so its exit status identifies the mode. +-if test x$VERBOSE_TEST = x; then +- VERBOSE=false +-else +- VERBOSE=true +-fi +-export VERBOSE +- +-REALM=SECURE-TEST.OV.COM; export REALM +- +-if test x$EXPECT = x; then +- EXPECT=@EXPECT@; export EXPECT +-fi +- +-COMPARE_DUMP=$TESTDIR/scripts/compare_dump.pl; export COMPARE_DUMP +-INITDB=$STESTDIR/scripts/init_db; export INITDB +-SIMPLE_DUMP=$TESTDIR/scripts/simple_dump.pl; export SIMPLE_DUMP +-TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL +-BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP +-CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL +-SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL +- +-HOSTNAME=`hostname | tr '[A-Z]' '[a-z]'` +-export HOSTNAME +- +-KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG +-KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE +-KRB5_KTNAME=$K5ROOT/ovsec_adm.keytab; export KRB5_KTNAME +-KRB5_CLIENT_KTNAME=$K5ROOT/client_keytab; export KRB5_CLIENT_KTNAME +-KRB5CCNAME=$K5ROOT/krb5cc_unit-test; export KRB5CCNAME +-GSS_MECH_CONFIG=$K5ROOT/mech.conf; export GSS_MECH_CONFIG +- +-# Make sure we don't get confused by translated messages +-# or localized times. +-LC_ALL=C; export LC_ALL +- +-if [ "x$PS_ALL" = "x" ]; then +- if ps auxww >/dev/null 2>&1; then +- PS_ALL="ps auxww" +- PS_PID="ps uwwp" +- elif ps -ef >/dev/null 2>&1; then +- PS_ALL="ps -ef" +- PS_PID="ps -fp" +- else +- PS_ALL="ps auxww" +- PS_PID="ps uwwp" +- echo "WARNING! Cannot auto-detect ps type, assuming BSD." +- fi +- +- export PS_ALL PS_PID +-fi +- +-exec ${1+"$@"} +diff --git a/src/kadmin/testing/scripts/init_db b/src/kadmin/testing/scripts/init_db +deleted file mode 100755 +index 216f62793..000000000 +--- a/src/kadmin/testing/scripts/init_db ++++ /dev/null +@@ -1,229 +0,0 @@ +-#!/bin/sh +- +-if $VERBOSE; then +- REDIRECT= +-else +- REDIRECT='>/dev/null' +-fi +- +-# Requires that $K5ROOT, /etc/krb.conf, and .k5.$REALM be world-writeable. +- +-if [ "$TOP" = "" ]; then +- echo "init_db: Environment variable \$TOP must point to top of build tree" 1>&2 +- exit 1 +-fi +- +-if [ "$STOP" = "" ]; then +- echo "init_db: Environment variable \$STOP must point to top of source tree" 1>&2 +- exit 1 +-fi +- +-if [ "$libdir" = "" ]; then +- echo "init_db: Environment variable \$libdir must point to library install directory" 1>&2 +- exit 1 +-fi +- +-IROOT=$TOP/.. +-ADMIN=$TOP/dbutil +-BIN=$IROOT/bin +-ETC=$IROOT/etc +-MODDIR=$TOP/../plugins/kdb +-SBIN=$TOP/keytab:$TOP/server +-DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM +- +-. ./runenv.sh +- +-if [ ! -d $MODDIR ]; then +- echo "+++" 1>&2 +- echo "+++ Error! $MODDIR does not exist!" 1>&2 +- echo "+++ The MODDIR variable should point to the directory in which" 1>&2 +- echo "+++ database modules have been installed for testing." 1>&2 +- echo "+++" 1>&2 +- exit 1 +-fi +- +-DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR +-DUMMY=${STESTDIR=$STOP/testing} +-DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL +-DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL +- +-PATH=$ADMIN:$BIN:$ETC:$SBIN:$PATH; export PATH +- +-if [ ! -x $SRVTCL ]; then +- echo "+++" 1>&2 +- echo "+++ Error! $SRVTCL does not exist!" 1>&2 +- echo "+++ It was probably not compiled because TCL was not available. If you" 1>&2 +- echo "+++ now have TCL installed, cd into that directory, re-run configure" 1>&2 +- echo "+++ with the --with-tcl option, and then re-run make." 1>&2 +- echo "+++" 1>&2 +- +- exit 1 +-fi +- +-rm -rf $K5ROOT/* +-if [ -d $K5ROOT ]; then +- true +-else +- mkdir $K5ROOT +-fi +- +-# touch $K5ROOT/syslog +-# for pid in `$PS_ALL | awk '/syslogd/ && !/awk/ {print $2}'` ; do +-# case "$pid" in +-# xxx) ;; +-# *) +-# if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi +-# kill -1 $pid +-# ;; +-# esac +-# done +- +-sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ +- -e "s/__HOSTNAME__/$HOSTNAME/g" \ +- -e "s#__MODDIR__#$MODDIR#g" \ +- < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf +-sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ +- < $STESTDIR/proto/kdc.conf.proto > $K5ROOT/kdc.conf +- +-eval kdb5_util -r $REALM create -W -P mrroot -s $REDIRECT || exit 1 +- +-cp $STESTDIR/proto/ovsec_adm.dict $K5ROOT/ovsec_adm.dict +- +-cat - > /tmp/init_db$$ <<\EOF +-source $env(TCLUTIL) +-set r $env(REALM) +-if {[info exists env(USER)]} { +- set whoami $env(USER) +-} else { +- set whoami [exec whoami] +-} +- +-set cmds { +- {kadm5_init $env(SRVTCL) mrroot null \ +- [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle} +- +- {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0 2 90 180" \ +- {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM KADM5_PW_MAX_FAILURE KADM5_PW_FAILURE_COUNT_INTERVAL KADM5_PW_LOCKOUT_DURATION}} +- {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0 0 0 0" \ +- {KADM5_POLICY KADM5_PW_MIN_LIFE}} +- {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0 0 0 0" \ +- {KADM5_POLICY}} +- {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \ +- {KADM5_POLICY}} +- +- {kadm5_create_principal $server_handle \ +- [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena} +- {kadm5_create_principal $server_handle \ +- [simple_principal test1@$r] {KADM5_PRINCIPAL} test1} +- {kadm5_create_principal $server_handle \ +- [simple_principal test2@$r] {KADM5_PRINCIPAL} test2} +- {kadm5_create_principal $server_handle \ +- [simple_principal test3@$r] {KADM5_PRINCIPAL} test3} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \ +- admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \ +- admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin} +- {kadm5_create_principal $server_handle \ +- [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \ +- KADM5_POLICY} pol111111} +- {kadm5_create_principal $server_handle \ +- [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \ +- KADM5_POLICY} pol222222} +- {kadm5_create_principal $server_handle \ +- [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \ +- KADM5_POLICY} pol333333} +- {kadm5_create_principal $server_handle \ +- [princ_w_pol admin/get-pol@$r test-pol-nopw] \ +- {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin} +- {kadm5_create_principal $server_handle \ +- [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \ +- KADM5_POLICY} StupidAdmin} +- +- {kadm5_create_principal $server_handle \ +- [simple_principal changepw/kerberos] \ +- {KADM5_PRINCIPAL} {XXX THIS IS WRONG}} +- +- {kadm5_create_principal $server_handle \ +- [simple_principal $whoami] \ +- {KADM5_PRINCIPAL} $whoami} +- +- {kadm5_create_principal $server_handle \ +- [simple_principal testkeys@$r] {KADM5_PRINCIPAL} testkeys} +- +- {kadm5_destroy $server_handle} +-} +- +-foreach cmd $cmds { +- if {[catch $cmd output]} { +- puts stderr "Error! Command: $cmd\nError: $output" +- exit 1 +- } else { +- puts stdout $output +- } +-} +-EOF +-eval "$SRVTCL < /tmp/init_db$$ $REDIRECT" +-rm /tmp/init_db$$ +- +-if [ $? -ne 0 ]; then +- echo "Error in $SRVTCL!" 1>&2 +- exit 1 +-fi +- +-cat > $K5ROOT/ovsec_adm.acl < $K5ROOT/setup.csh <&2 +- exit 1 +- fi +- +- local=0 +- hostname=$1 +- if [ $# = 1 ]; then +- rempath=`sh -c "cd $TOP && pwd"` +- else +- rempath=$2 +- fi +-fi +- +-if [ $local = 0 ]; then +- +- # Fix up the local krb5.conf to point to the remote +- sed -e "s/__REALM__/$REALM/g" -e "s#__K5ROOT__#$K5ROOT#g" \ +- -e "s/__HOSTNAME__/$HOSTNAME/g" \ +- -e "s#__MODDIR__#$TOP/../plugins/kdb#g"\ +- -e "s#__PLUGIN_DIR__#$TOP/../plugins#g"\ +- < $STESTDIR/proto/krb5.conf.proto > $K5ROOT/krb5.conf +- +-# Using /usr/ucb/rsh and getting rid of "-k $REALM" until we get +-# around to fixing the fact that Kerberos rsh doesn't strip out "-k +-# REALM" when falling back. +- +- START_SERVERS_LOCAL=`echo $START_SERVERS_LOCAL|sed "s%$TOP%$rempath%"` +- CMD="$RSH_CMD $hostname -n \ +- \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \ +- $rempath/testing/scripts/env-setup.sh \ +- $START_SERVERS_LOCAL $rempath'\"" +- +- if $VERBOSE; then +- echo "+++" +- echo "+++ Begin execution of start_servers_local on $hostname" +- echo "+++" +- echo $CMD +- fi +- eval $CMD +- if $VERBOSE; then +- echo "+++" +- echo "+++ End execution of start_servers_local on $hostname" +- echo "+++" +- fi +-else +- $START_SERVERS_LOCAL +-fi +- +diff --git a/src/kadmin/testing/scripts/start_servers_local b/src/kadmin/testing/scripts/start_servers_local +deleted file mode 100755 +index 858e88031..000000000 +--- a/src/kadmin/testing/scripts/start_servers_local ++++ /dev/null +@@ -1,157 +0,0 @@ +-#!/bin/sh +- +-DUMMY=${TESTDIR=$TOP/testing} +-DUMMY=${STESTDIR=$STOP/testing} +-DUMMY=${INITDB=$STESTDIR/scripts/init_db} +-DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL +-DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} +-DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR +- +-. ./runenv.sh +- +-if [ -d /usr/tmp ]; then +- usrtmp=/usr/tmp +-else +- usrtmp=/var/tmp +-fi +- +-$STOP_SERVERS_LOCAL -start_servers +- +-if $VERBOSE; then +- REDIRECT= +-else +- REDIRECT='>/dev/null' +-fi +- +-while :; do +- case $1 in +- -keysalt) +- shift +- if [ $# -gt 0 ]; then +- keysalts="$keysalts $1" +- else +- break +- fi +- ;; +- -kdcport) +- shift +- if [ $# -gt 0 ]; then +- kdcport=$1 +- else +- break +- fi +- ;; +- *) +- break +- ;; +- esac +- shift +-done +- +-if [ $# -gt 1 ]; then +- echo "Usage: $0 [-kdcport port] [-keysalts tuple] ... [top]" 1>&2 +- exit 1 +-elif [ $# = 1 ]; then +- TOP=$1 +- export TOP +-fi +- +-# create a fresh db +- +-$INITDB "$keysalts" || exit 1 +- +-# Post-process the config files based on our arguments +-if [ "$keysalts" != "" ]; then +- sedcmd="s/\([ ]*supported_enctypes =\).*/\1 $keysalts/" +- sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new +- mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf +-fi +-if [ "$kdcport" != "" ] ; then +- sedcmd="s/\(kdc_ports = .*\)[ ]*/\1, $kdcport/" +- sed -e "$sedcmd" < $K5ROOT/kdc.conf > $K5ROOT/kdc.conf.new +- mv $K5ROOT/kdc.conf.new $K5ROOT/kdc.conf +-fi +- +-# allow admin to krlogin as root (for cleanup) +-DUMMY=${REALM=SECURE-TEST.OV.COM}; export REALM +- +-cat - > /tmp/start_servers_local$$ <<\EOF +-if { [catch { +- source $env(STOP)/testing/tcl/util.t +- set r $env(REALM) +- set q $env(HOSTNAME) +- puts stdout [kadm5_init $env(SRVTCL) mrroot null \ +- [config_params {KADM5_CONFIG_REALM} $r] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle] +- puts stdout [kadm5_create_principal $server_handle \ +- [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena] +- puts stdout [kadm5_destroy $server_handle] +-} err]} { +- puts stderr "initialization error: $err" +- exit 1 +-} +-exit 0 +-EOF +-eval "$SRVTCL < /tmp/start_servers_local$$ $REDIRECT" +-x=$? +-rm /tmp/start_servers_local$$ +-if test $x != 0 ; then exit 1 ; fi +- +-# run the servers (from the build tree) +- +-adm_start_file=/tmp/adm_server_start.$$ +-kdc_start_file=/tmp/kdc_server_start.$$ +- +-rm -f $kdc_start_file +- +-if test "x$USER" = x ; then +- USER=$LOGNAME ; export USER +-fi +- +-kdc_args="-R dfl:kdc_rcache.$USER" +- +-(trap "" 2; $TOP/../kdc/krb5kdc $kdc_args; touch $kdc_start_file) \ +- < /dev/null > $usrtmp/kdc-log.$USER 2>&1 & +- +-s=1 +-max_s=60 +-sofar_s=0 +-timewait_s=300 +- +-ovadm_args=-W +- +-rm -f $adm_start_file +- +-(sleep 1; $TOP/server/kadmind $ovadm_args; \ +- touch $adm_start_file) < /dev/null > $usrtmp/kadm-log.$USER 2>&1 & +- +-# wait until they start +- +-while [ $sofar_s -le $max_s ]; do +- if $VERBOSE; then +- echo "Sleeping for $s seconds to allow servers" \ +- "to start..." +- fi +- +- sofar_s=`expr $sofar_s + $s` +- +- sleep $s +- +- if [ -f $adm_start_file -a -f $kdc_start_file ]; then +- break +- fi +-done +- +-if [ $sofar_s -gt $max_s ]; then +- echo "Admin server or KDC failed to start after $sofar_s" \ +- "seconds." 1>&2 +- if [ ! -f $adm_start_file ]; then +- echo " No admin server start file $adm_start_file." 1>&2 +- fi +- if [ ! -f $kdc_start_file ]; then +- echo " No KDC start file $adm_start_file." 1>&2 +- fi +- exit 1 +-fi +- +-rm -f $kdc_start_file $adm_start_file +diff --git a/src/kadmin/testing/scripts/stop_servers b/src/kadmin/testing/scripts/stop_servers +deleted file mode 100755 +index b7f8384ca..000000000 +--- a/src/kadmin/testing/scripts/stop_servers ++++ /dev/null +@@ -1,60 +0,0 @@ +-#!/bin/sh +-# +-# Usage: stop_servers [hostname [path]] +-# +-# This script turns a host into a OpenV*Secure primary server for the +-# realm SECURE-TEST.OV.COM. If no arguments are specified, +-# the local host is affected. Otherwise, the host hostname is +-# affected; the path argument is the top of the Secure install tree on +-# that host, and if it is not specified the current canonical value of +-# TOP is used. +- +-DUMMY=${TESTDIR=$TOP/testing} +-DUMMY=${STESTDIR=$STOP/testing} +-DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local} +-# This'll be wrong sometimes +-DUMMY=${RSH_CMD=rsh} +- +-local=1 +- +-if [ $# -gt 0 ]; then +- if [ $# != 1 -a $# != 2 ]; then +- echo "Usage: $0 [hostname [path]]" 1>&2 +- exit 1 +- fi +- +- local=0 +- hostname=$1 +- if [ $# = 1 ]; then +- rempath=`sh -c "cd $TOP && pwd"` +- else +- rempath=$2 +- fi +-fi +- +-if [ $local = 0 ]; then +- if $VERBOSE; then +- echo "+++ Stopping servers on remote host $hostname..." +- fi +- +- STOP_SERVERS_LOCAL=`echo $STOP_SERVERS_LOCAL | sed "s%$TOP%$rempath%"` +- CMD="$RSH_CMD $hostname -n \ +- \"sh -c 'VERBOSE_TEST=$VERBOSE_TEST TOP=$rempath \ +- $rempath/testing/scripts/env-setup.sh \ +- $STOP_SERVERS_LOCAL $rempath'\"" +- +- if $VERBOSE; then +- echo "+++" +- echo "+++ Begin execution of stop_servers_local on $hostname" +- echo "+++" +- echo $CMD +- fi +- eval $CMD +- if $VERBOSE; then +- echo "+++" +- echo "+++ End execution of stop_servers_local on $hostname" +- echo "+++" +- fi +-else +- $STOP_SERVERS_LOCAL +-fi +diff --git a/src/kadmin/testing/scripts/stop_servers_local b/src/kadmin/testing/scripts/stop_servers_local +deleted file mode 100755 +index 24a9de7b3..000000000 +--- a/src/kadmin/testing/scripts/stop_servers_local ++++ /dev/null +@@ -1,44 +0,0 @@ +-#!/bin/sh +- +-DUMMY=${TESTDIR=$TOP/testing} +-DUMMY=${KRB5RCACHEDIR=$TESTDIR} +- +-while [ $# -gt 0 ] ; do +- case $1 in +- -start_servers) +- start_servers=$1 +- ;; +- *) +- TOP=$1 +- export TOP +- ;; +- esac +- shift +-done +- +-# kill any running servers. +- +-if $VERBOSE; then echo "Killing servers:"; fi +- +-for pid in xxx \ +- `$PS_ALL | grep krb5kdc | grep -v grep | awk '{print $2}'` \ +- `$PS_ALL | grep kadmind | grep -v grep | awk '{print $2}'` \ +- ; do +- case "$pid" in +- xxx) +- ;; +- *) +- if $VERBOSE; then $PS_PID$pid | grep -v COMMAND; fi +- kill $pid +- ;; +- esac +-done +- +-# Destroy the kdc replay cache so we don't lose if we try to run the +-# KDC as another unix user. +-if test "x$USER" = x ; then +- USER=$LOGNAME +-fi +-rm -f $KRB5RCACHEDIR/krb5kdc_rcache.$USER +- +-exit 0 +diff --git a/src/kadmin/testing/tcl/util.t b/src/kadmin/testing/tcl/util.t +deleted file mode 100644 +index 6751f89e6..000000000 +--- a/src/kadmin/testing/tcl/util.t ++++ /dev/null +@@ -1,58 +0,0 @@ +-proc simple_principal {name} { +- return "{$name} 0 0 0 0 {$name} 0 0 0 0 null 0" +-} +- +-proc princ_w_pol {name policy} { +- return "{$name} 0 0 0 0 {$name} 0 0 0 0 {$policy} 0" +-} +- +-proc simple_policy {name} { +- return "{$name} 0 0 0 0 0 0 0 0 0" +-} +- +-proc config_params {masks values} { +- if {[llength $masks] != [llength $values]} { +- error "config_params: length of mask and values differ" +- } +- +- set params [list $masks 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 {}] +- for {set i 0} {$i < [llength $masks]} {incr i} { +- set mask [lindex $masks $i] +- set value [lindex $values $i] +- switch -glob -- $mask { +- "KADM5_CONFIG_REALM" {set params [lreplace $params 1 1 $value]} +- "KADM5_CONFIG_KADMIND_PORT" { +- set params [lreplace $params 2 2 $value]} +- "KADM5_CONFIG_ADMIN_SERVER" { +- set params [lreplace $params 3 3 $value]} +- "KADM5_CONFIG_DBNAME" {set params [lreplace $params 4 4 $value]} +- "KADM5_CONFIG_ADBNAME" {set params [lreplace $params 5 5 $value]} +- "KADM5_CONFIG_ADB_LOCKFILE" { +- set params [lreplace $params 6 6 $value]} +- "KADM5_CONFIG_ACL_FILE" {set params [lreplace $params 8 8 $value]} +- "KADM5_CONFIG_DICT_FILE" { +- set params [lreplace $params 9 9 $value]} +- "KADM5_CONFIG_MKEY_FROM_KBD" { +- set params [lreplace $params 10 10 $value]} +- "KADM5_CONFIG_STASH_FILE" { +- set params [lreplace $params 11 11 $value]} +- "KADM5_CONFIG_MKEY_NAME" { +- set params [lreplace $params 12 12 $value]} +- "KADM5_CONFIG_ENCTYPE" {set params [lreplace $params 13 13 $value]} +- "KADM5_CONFIG_MAX_LIFE" { +- set params [lreplace $params 14 14 $value]} +- "KADM5_CONFIG_MAX_RLIFE" { +- set params [lreplace $params 15 15 $value]} +- "KADM5_CONFIG_EXPIRATION" { +- set params [lreplace $params 16 16 $value]} +- "KADM5_CONFIG_FLAGS" {set params [lreplace $params 17 17 $value]} +- "KADM5_CONFIG_ENCTYPES" { +- set params [lreplace $params 18 19 [llength $value] $value]} +- "*" {error "config_params: unknown mask $mask"} +- } +- } +- return $params +-} +- +- +- +diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in +deleted file mode 100644 +index 7785c742e..000000000 +--- a/src/kadmin/testing/util/Makefile.in ++++ /dev/null +@@ -1,42 +0,0 @@ +-mydir=kadmin$(S)testing$(S)util +-BUILDTOP=$(REL)..$(S)..$(S).. +-LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/ +-# Force Tcl headers to use stdarg.h, because krb5 does too, and if +-# Tcl uses varargs.h it'll just mess things up. +-DEFINES= -DHAS_STDARG +-KRB5_PTHREAD_LIB=$(THREAD_LINKOPTS) +- +-PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH) +-PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH) +- +-SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c +-OBJS = tcl_kadm5.o test.o +- +-CLNTPROG= kadm5_clnt_tcl +-SRVPROG = kadm5_srv_tcl +- +-DO_ALL=@DO_ALL@ +- +-all: all-$(DO_ALL) +- +-all-: +- @echo "+++" +- @echo "+++ WARNING: Tcl not available. The kadm5 tests will not be run." +- @echo "+++" +- @echo 'Skipped kadm5 tests: Tcl not found' >> $(SKIPTESTS) +- +-all-tcl: $(CLNTPROG) $(SRVPROG) +- +-$(SRVPROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o $(SRVPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ +- $(KADMSRV_LIBS) $(KRB5_PTHREAD_LIB) $(KRB5_BASE_LIBS) $(TCL_LIBS) +- +-$(CLNTPROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o $(CLNTPROG) $(OBJS) $(TCL_MAYBE_RPATH) \ +- $(KRB5_PTHREAD_LIB) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) $(TCL_LIBS) +- +-bsddb_dump: bsddb_dump.o +- $(CC_LINK) -o bsddb_dump bsddb_dump.o $(KADMSRV_LIBS) +- +-clean: +- $(RM) $(CLNTPROG) $(SRVPROG) +diff --git a/src/kadmin/testing/util/bsddb_dump.c b/src/kadmin/testing/util/bsddb_dump.c +deleted file mode 100644 +index 5dbe7ae9c..000000000 +--- a/src/kadmin/testing/util/bsddb_dump.c ++++ /dev/null +@@ -1,65 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * $Id$ +- */ +- +-#include +-#include +-#include +-#include +- +-main(int argc, char *argv[]) +-{ +- char *file; +- DB *db; +- DBT dbkey, dbdata; +- int code, i; +- +- HASHINFO info; +- +- info.hash = NULL; +- info.bsize = 256; +- info.ffactor = 8; +- info.nelem = 25000; +- info.lorder = 0; +- +- if (argc != 2) { +- fprintf(stderr, "usage: argv[0] dbfile\n"); +- exit(2); +- } +- +- file = argv[1]; +- +- if((db = dbopen(file, O_RDWR, 0666, DB_HASH, &info)) == NULL) { +- perror("Opening db file"); +- exit(1); +- } +- +- if ((code = (*db->seq)(db, &dbkey, &dbdata, R_FIRST)) == -1) { +- perror("starting db iteration"); +- exit(1); +- } +- +- while (code == 0) { +- for (i=0; iseq)(db, &dbkey, &dbdata, R_NEXT); +- } +- +- if (code == -1) { +- perror("during db iteration"); +- exit(1); +- } +- +- if ((*db->close)(db) == -1) { +- perror("closing db"); +- exit(1); +- } +- +- exit(0); +-} +diff --git a/src/kadmin/testing/util/deps b/src/kadmin/testing/util/deps +deleted file mode 100644 +index ca828a85c..000000000 +--- a/src/kadmin/testing/util/deps ++++ /dev/null +@@ -1,16 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ +- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ +- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h tcl_kadm5.c tcl_kadm5.h +-$(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- tcl_kadm5.h test.c +diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c +deleted file mode 100644 +index 864a929c8..000000000 +--- a/src/kadmin/testing/util/tcl_kadm5.c ++++ /dev/null +@@ -1,2566 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include "autoconf.h" +-#include +-#include +-#if HAVE_TCL_H +-#include +-#elif HAVE_TCL_TCL_H +-#include +-#endif +-#define USE_KADM5_API_VERSION 2 +-#include +-#include +-#include +-#include +-#include +-#include "tcl_kadm5.h" +- +-struct flagval { +- char *name; +- krb5_flags val; +-}; +- +-/* XXX This should probably be in the hash table like server_handle */ +-static krb5_context context; +- +-static struct flagval krb5_flags_array[] = { +- {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED}, +- {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE}, +- {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED}, +- {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE}, +- {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE}, +- {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY}, +- {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX}, +- {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH}, +- {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH}, +- {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE}, +- {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR}, +- {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE} +-}; +- +-static struct flagval aux_attributes[] = { +- {"KADM5_POLICY", KADM5_POLICY} +-}; +- +-static struct flagval principal_mask_flags[] = { +- {"KADM5_PRINCIPAL", KADM5_PRINCIPAL}, +- {"KADM5_PRINC_EXPIRE_TIME", KADM5_PRINC_EXPIRE_TIME}, +- {"KADM5_PW_EXPIRATION", KADM5_PW_EXPIRATION}, +- {"KADM5_LAST_PWD_CHANGE", KADM5_LAST_PWD_CHANGE}, +- {"KADM5_ATTRIBUTES", KADM5_ATTRIBUTES}, +- {"KADM5_MAX_LIFE", KADM5_MAX_LIFE}, +- {"KADM5_MOD_TIME", KADM5_MOD_TIME}, +- {"KADM5_MOD_NAME", KADM5_MOD_NAME}, +- {"KADM5_KVNO", KADM5_KVNO}, +- {"KADM5_MKVNO", KADM5_MKVNO}, +- {"KADM5_AUX_ATTRIBUTES", KADM5_AUX_ATTRIBUTES}, +- {"KADM5_POLICY", KADM5_POLICY}, +- {"KADM5_POLICY_CLR", KADM5_POLICY_CLR}, +- {"KADM5_MAX_RLIFE", KADM5_MAX_RLIFE}, +- {"KADM5_LAST_SUCCESS", KADM5_LAST_SUCCESS}, +- {"KADM5_LAST_FAILED", KADM5_LAST_FAILED}, +- {"KADM5_FAIL_AUTH_COUNT", KADM5_FAIL_AUTH_COUNT}, +- {"KADM5_KEY_DATA", KADM5_KEY_DATA}, +- {"KADM5_TL_DATA", KADM5_TL_DATA}, +- {"KADM5_PRINCIPAL_NORMAL_MASK", KADM5_PRINCIPAL_NORMAL_MASK} +-}; +- +-static struct flagval policy_mask_flags[] = { +- {"KADM5_POLICY", KADM5_POLICY}, +- {"KADM5_PW_MAX_LIFE", KADM5_PW_MAX_LIFE}, +- {"KADM5_PW_MIN_LIFE", KADM5_PW_MIN_LIFE}, +- {"KADM5_PW_MIN_LENGTH", KADM5_PW_MIN_LENGTH}, +- {"KADM5_PW_MIN_CLASSES", KADM5_PW_MIN_CLASSES}, +- {"KADM5_PW_HISTORY_NUM", KADM5_PW_HISTORY_NUM}, +- {"KADM5_REF_COUNT", KADM5_REF_COUNT}, +- {"KADM5_PW_MAX_FAILURE", KADM5_PW_MAX_FAILURE}, +- {"KADM5_PW_FAILURE_COUNT_INTERVAL", KADM5_PW_FAILURE_COUNT_INTERVAL}, +- {"KADM5_PW_LOCKOUT_DURATION", KADM5_PW_LOCKOUT_DURATION}, +-}; +- +-static struct flagval config_mask_flags[] = { +- {"KADM5_CONFIG_REALM", KADM5_CONFIG_REALM}, +- {"KADM5_CONFIG_DBNAME", KADM5_CONFIG_DBNAME}, +- {"KADM5_CONFIG_MKEY_NAME", KADM5_CONFIG_MKEY_NAME}, +- {"KADM5_CONFIG_MAX_LIFE", KADM5_CONFIG_MAX_LIFE}, +- {"KADM5_CONFIG_MAX_RLIFE", KADM5_CONFIG_MAX_RLIFE}, +- {"KADM5_CONFIG_EXPIRATION", KADM5_CONFIG_EXPIRATION}, +- {"KADM5_CONFIG_FLAGS", KADM5_CONFIG_FLAGS}, +- {"KADM5_CONFIG_STASH_FILE", KADM5_CONFIG_STASH_FILE}, +- {"KADM5_CONFIG_ENCTYPE", KADM5_CONFIG_ENCTYPE}, +- {"KADM5_CONFIG_ADBNAME", KADM5_CONFIG_ADBNAME}, +- {"KADM5_CONFIG_ADB_LOCKFILE", KADM5_CONFIG_ADB_LOCKFILE}, +- {"KADM5_CONFIG_ACL_FILE", KADM5_CONFIG_ACL_FILE}, +- {"KADM5_CONFIG_KADMIND_PORT", KADM5_CONFIG_KADMIND_PORT}, +- {"KADM5_CONFIG_ENCTYPES", KADM5_CONFIG_ENCTYPES}, +- {"KADM5_CONFIG_ADMIN_SERVER", KADM5_CONFIG_ADMIN_SERVER}, +- {"KADM5_CONFIG_DICT_FILE", KADM5_CONFIG_DICT_FILE}, +- {"KADM5_CONFIG_MKEY_FROM_KBD", KADM5_CONFIG_MKEY_FROM_KBD}, +-}; +- +-static struct flagval priv_flags[] = { +- {"KADM5_PRIV_GET", KADM5_PRIV_GET}, +- {"KADM5_PRIV_ADD", KADM5_PRIV_ADD}, +- {"KADM5_PRIV_MODIFY", KADM5_PRIV_MODIFY}, +- {"KADM5_PRIV_DELETE", KADM5_PRIV_DELETE} +-}; +- +- +-static char *arg_error = "wrong # args"; +- +-static Tcl_HashTable *struct_table = 0; +- +-static int put_server_handle(Tcl_Interp *interp, void *handle, char **name) +-{ +- int i = 1, newPtr = 0; +- static char buf[20]; +- Tcl_HashEntry *entry; +- +- if (! struct_table) { +- if (! (struct_table = +- malloc(sizeof(*struct_table)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); +- } +- +- do { +- sprintf(buf, "kadm5_handle%d", i); +- entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr); +- i++; +- } while (! newPtr); +- +- Tcl_SetHashValue(entry, handle); +- +- *name = buf; +- +- return TCL_OK; +-} +- +-static int get_server_handle(Tcl_Interp *interp, const char *name, +- void **handle) +-{ +- Tcl_HashEntry *entry; +- +- if(!strcasecmp(name, "null")) +- *handle = 0; +- else { +- if (! (struct_table && +- (entry = Tcl_FindHashEntry(struct_table, name)))) { +- Tcl_AppendResult(interp, "unknown server handle ", name, 0); +- return TCL_ERROR; +- } +- *handle = (void *) Tcl_GetHashValue(entry); +- } +- return TCL_OK; +-} +- +-static int remove_server_handle(Tcl_Interp *interp, const char *name) +-{ +- Tcl_HashEntry *entry; +- +- if (! (struct_table && +- (entry = Tcl_FindHashEntry(struct_table, name)))) { +- Tcl_AppendResult(interp, "unknown server handle ", name, 0); +- return TCL_ERROR; +- } +- +- Tcl_SetHashValue(entry, NULL); +- return TCL_OK; +-} +- +-#define GET_HANDLE(num_args, ignored) \ +- void *server_handle; \ +- const char *whoami = argv[0]; \ +- argv++, argc--; \ +- if (argc != num_args + 1) { \ +- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \ +- return TCL_ERROR; \ +- } \ +- { \ +- int ltcl_ret; \ +- if ((ltcl_ret = get_server_handle(interp, argv[0], &server_handle)) \ +- != TCL_OK) { \ +- return ltcl_ret; \ +- } \ +- } \ +- argv++, argc--; +- +-static Tcl_HashTable *create_flag_table(struct flagval *flags, int size) +-{ +- Tcl_HashTable *table; +- Tcl_HashEntry *entry; +- int i; +- +- if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_InitHashTable(table, TCL_STRING_KEYS); +- +- for (i = 0; i < size; i++) { +- int newPtr; +- +- if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_SetHashValue(entry, &flags[i].val); +- } +- +- return table; +-} +- +- +-static Tcl_DString *unparse_str(char *in_str) +-{ +- Tcl_DString *str; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- if (! in_str) { +- Tcl_DStringAppend(str, "null", -1); +- } +- else { +- Tcl_DStringAppend(str, in_str, -1); +- } +- +- return str; +-} +- +- +- +-static int parse_str(Tcl_Interp *interp, const char *in_str, char **out_str) +-{ +- if (! in_str) { +- *out_str = 0; +- } +- else if (! strcasecmp(in_str, "null")) { +- *out_str = 0; +- } +- else { +- *out_str = (char *) in_str; +- } +- return TCL_OK; +-} +- +- +-static void set_ok(Tcl_Interp *interp, char *string) +-{ +- Tcl_SetResult(interp, "OK", TCL_STATIC); +- Tcl_AppendElement(interp, "KADM5_OK"); +- Tcl_AppendElement(interp, string); +-} +- +- +- +-static Tcl_DString *unparse_err(kadm5_ret_t code) +-{ +- char *code_string; +- const char *error_string; +- Tcl_DString *dstring; +- +- switch (code) { +- case KADM5_FAILURE: code_string = "KADM5_FAILURE"; break; +- case KADM5_AUTH_GET: code_string = "KADM5_AUTH_GET"; break; +- case KADM5_AUTH_ADD: code_string = "KADM5_AUTH_ADD"; break; +- case KADM5_AUTH_MODIFY: +- code_string = "KADM5_AUTH_MODIFY"; break; +- case KADM5_AUTH_DELETE: +- code_string = "KADM5_AUTH_DELETE"; break; +- case KADM5_AUTH_INSUFFICIENT: +- code_string = "KADM5_AUTH_INSUFFICIENT"; break; +- case KADM5_BAD_DB: code_string = "KADM5_BAD_DB"; break; +- case KADM5_DUP: code_string = "KADM5_DUP"; break; +- case KADM5_RPC_ERROR: code_string = "KADM5_RPC_ERROR"; break; +- case KADM5_NO_SRV: code_string = "KADM5_NO_SRV"; break; +- case KADM5_BAD_HIST_KEY: +- code_string = "KADM5_BAD_HIST_KEY"; break; +- case KADM5_NOT_INIT: code_string = "KADM5_NOT_INIT"; break; +- case KADM5_INIT: code_string = "KADM5_INIT"; break; +- case KADM5_BAD_PASSWORD: +- code_string = "KADM5_BAD_PASSWORD"; break; +- case KADM5_UNK_PRINC: code_string = "KADM5_UNK_PRINC"; break; +- case KADM5_UNK_POLICY: code_string = "KADM5_UNK_POLICY"; break; +- case KADM5_BAD_MASK: code_string = "KADM5_BAD_MASK"; break; +- case KADM5_BAD_CLASS: code_string = "KADM5_BAD_CLASS"; break; +- case KADM5_BAD_LENGTH: code_string = "KADM5_BAD_LENGTH"; break; +- case KADM5_BAD_POLICY: code_string = "KADM5_BAD_POLICY"; break; +- case KADM5_BAD_HISTORY: code_string = "KADM5_BAD_HISTORY"; break; +- case KADM5_BAD_PRINCIPAL: +- code_string = "KADM5_BAD_PRINCIPAL"; break; +- case KADM5_BAD_AUX_ATTR: +- code_string = "KADM5_BAD_AUX_ATTR"; break; +- case KADM5_PASS_Q_TOOSHORT: +- code_string = "KADM5_PASS_Q_TOOSHORT"; break; +- case KADM5_PASS_Q_CLASS: +- code_string = "KADM5_PASS_Q_CLASS"; break; +- case KADM5_PASS_Q_DICT: +- code_string = "KADM5_PASS_Q_DICT"; break; +- case KADM5_PASS_REUSE: code_string = "KADM5_PASS_REUSE"; break; +- case KADM5_PASS_TOOSOON: +- code_string = "KADM5_PASS_TOOSOON"; break; +- case KADM5_POLICY_REF: +- code_string = "KADM5_POLICY_REF"; break; +- case KADM5_PROTECT_PRINCIPAL: +- code_string = "KADM5_PROTECT_PRINCIPAL"; break; +- case KADM5_BAD_SERVER_HANDLE: +- code_string = "KADM5_BAD_SERVER_HANDLE"; break; +- case KADM5_BAD_STRUCT_VERSION: +- code_string = "KADM5_BAD_STRUCT_VERSION"; break; +- case KADM5_OLD_STRUCT_VERSION: +- code_string = "KADM5_OLD_STRUCT_VERSION"; break; +- case KADM5_NEW_STRUCT_VERSION: +- code_string = "KADM5_NEW_STRUCT_VERSION"; break; +- case KADM5_BAD_API_VERSION: +- code_string = "KADM5_BAD_API_VERSION"; break; +- case KADM5_OLD_LIB_API_VERSION: +- code_string = "KADM5_OLD_LIB_API_VERSION"; break; +- case KADM5_OLD_SERVER_API_VERSION: +- code_string = "KADM5_OLD_SERVER_API_VERSION"; break; +- case KADM5_NEW_LIB_API_VERSION: +- code_string = "KADM5_NEW_LIB_API_VERSION"; break; +- case KADM5_NEW_SERVER_API_VERSION: +- code_string = "KADM5_NEW_SERVER_API_VERSION"; break; +- case KADM5_SECURE_PRINC_MISSING: +- code_string = "KADM5_SECURE_PRINC_MISSING"; break; +- case KADM5_NO_RENAME_SALT: +- code_string = "KADM5_NO_RENAME_SALT"; break; +- case KADM5_BAD_CLIENT_PARAMS: +- code_string = "KADM5_BAD_CLIENT_PARAMS"; break; +- case KADM5_BAD_SERVER_PARAMS: +- code_string = "KADM5_BAD_SERVER_PARAMS"; break; +- case KADM5_AUTH_LIST: +- code_string = "KADM5_AUTH_LIST"; break; +- case KADM5_AUTH_CHANGEPW: +- code_string = "KADM5_AUTH_CHANGEPW"; break; +- case KADM5_GSS_ERROR: code_string = "KADM5_GSS_ERROR"; break; +- case KADM5_BAD_TL_TYPE: code_string = "KADM5_BAD_TL_TYPE"; break; +- case KADM5_MISSING_CONF_PARAMS: +- code_string = "KADM5_MISSING_CONF_PARAMS"; break; +- case KADM5_BAD_SERVER_NAME: +- code_string = "KADM5_BAD_SERVER_NAME"; break; +- case KADM5_MISSING_KRB5_CONF_PARAMS: +- code_string = "KADM5_MISSING_KRB5_CONF_PARAMS"; break; +- case KADM5_XDR_FAILURE: code_string = "KADM5_XDR_FAILURE"; break; +- case KADM5_CANT_RESOLVE: code_string = "KADM5_CANT_RESOLVE"; break; +- +- +- case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break; +- case OSA_ADB_NOENT: code_string = "ENOENT"; break; +- case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break; +- case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break; +- case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break; +- case OSA_ADB_BAD_DB: code_string = "Invalid database."; break; +- case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break; +- case OSA_ADB_BADLOCKMODE: code_string = "OSA_ADB_BADLOCKMODE"; break; +- case OSA_ADB_CANTLOCK_DB: code_string = "OSA_ADB_CANTLOCK_DB"; break; +- case OSA_ADB_NOTLOCKED: code_string = "OSA_ADB_NOTLOCKED"; break; +- case OSA_ADB_NOLOCKFILE: code_string = "OSA_ADB_NOLOCKFILE"; break; +- case OSA_ADB_NOEXCL_PERM: code_string = "OSA_ADB_NOEXCL_PERM"; break; +- +- case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break; +- case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break; +- case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break; +- case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break; +- case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break; +- case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break; +- case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break; +- case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break; +- case KRB5_KDB_TRUNCATED_RECORD: +- code_string = "KRB5_KDB_TRUNCATED_RECORD"; break; +- case KRB5_KDB_RECURSIVELOCK: +- code_string = "KRB5_KDB_RECURSIVELOCK"; break; +- case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break; +- case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break; +- case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break; +- case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break; +- case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break; +- case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break; +- case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break; +- case KRB5_KDB_INVALIDKEYSIZE: +- code_string = "KRB5_KDB_INVALIDKEYSIZE"; break; +- case KRB5_KDB_CANTREAD_STORED: +- code_string = "KRB5_KDB_CANTREAD_STORED"; break; +- case KRB5_KDB_BADSTORED_MKEY: +- code_string = "KRB5_KDB_BADSTORED_MKEY"; break; +- case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break; +- case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break; +- +- case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break; +- case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break; +- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break; +- case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break; +- case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break; +- case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break; +- case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break; +- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break; +- case KRB5_CONFIG_BADFORMAT: code_string = "KRB5_CONFIG_BADFORMAT"; break; +- +- case KRB5_CC_NOTFOUND: code_string = "KRB5_CC_NOTFOUND"; break; +- case KRB5_FCC_NOFILE: code_string = "KRB5_FCC_NOFILE"; break; +- +- case EINVAL: code_string = "EINVAL"; break; +- case ENOENT: code_string = "ENOENT"; break; +- +- default: +- fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code, +- error_message (code)); +- code_string = "UNKNOWN"; +- break; +- } +- +- error_string = error_message(code); +- +- if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX Do we really want to exit? Ok if this is */ +- /* just a test program, but what about if it gets */ +- /* used for other things later? */ +- } +- +- Tcl_DStringInit(dstring); +- +- if (! (Tcl_DStringAppendElement(dstring, "ERROR") && +- Tcl_DStringAppendElement(dstring, code_string) && +- Tcl_DStringAppendElement(dstring, error_string))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- return dstring; +-} +- +- +- +-static void stash_error(Tcl_Interp *interp, krb5_error_code code) +-{ +- Tcl_DString *dstring = unparse_err(code); +- Tcl_DStringResult(interp, dstring); +- Tcl_DStringFree(dstring); +- free(dstring); +-} +- +-static Tcl_DString *unparse_key_data(krb5_key_data *key_data, int n_key_data) +-{ +- Tcl_DString *str; +- char buf[2048]; +- int i, j; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- for (i = 0; i < n_key_data; i++) { +- krb5_key_data *key = &key_data[i]; +- +- Tcl_DStringStartSublist(str); +- sprintf(buf, "%d", key->key_data_type[0]); +- Tcl_DStringAppendElement(str, buf); +- sprintf(buf, "%d", key->key_data_ver > 1 ? +- key->key_data_type[1] : -1); +- Tcl_DStringAppendElement(str, buf); +- if (key->key_data_contents[0]) { +- sprintf(buf, "0x"); +- for (j = 0; j < key->key_data_length[0]; j++) { +- sprintf(buf + 2*(j+1), "%02x", +- key->key_data_contents[0][j]); +- } +- } else *buf = '\0'; +- Tcl_DStringAppendElement(str, buf); +- Tcl_DStringEndSublist(str); +- } +- +- return str; +-} +- +-static Tcl_DString *unparse_tl_data(krb5_tl_data *tl_data, int n_tl_data) +-{ +- Tcl_DString *str; +- char buf[2048]; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- Tcl_DStringStartSublist(str); +- for (; tl_data; tl_data = tl_data->tl_data_next) { +- Tcl_DStringStartSublist(str); +- sprintf(buf, "%d", tl_data->tl_data_type); +- Tcl_DStringAppendElement(str, buf); +- sprintf(buf, "%d", tl_data->tl_data_length); +- Tcl_DStringAppendElement(str, buf); +- Tcl_DStringAppend(str, " ", 1); +- Tcl_DStringAppend(str, (char *) tl_data->tl_data_contents, +- tl_data->tl_data_length); +- Tcl_DStringEndSublist(str); +- } +- Tcl_DStringEndSublist(str); +- +- return str; +-} +- +-static Tcl_DString *unparse_flags(struct flagval *array, int size, +- krb5_int32 flags) +-{ +- int i; +- Tcl_DString *str; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- for (i = 0; i < size; i++) { +- if (flags & array[i].val) { +- Tcl_DStringAppendElement(str, array[i].name); +- } +- } +- +- return str; +-} +- +- +-static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table, +- struct flagval *array, int size, const char *str, +- krb5_flags *flags) +-{ +- int tmp, argc, i, retcode = TCL_OK; +- const char **argv; +- Tcl_HashEntry *entry; +- +- if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) { +- *flags = tmp; +- return TCL_OK; +- } +- Tcl_ResetResult(interp); +- +- if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) { +- return TCL_ERROR; +- } +- +- if (! table) { +- table = create_flag_table(array, size); +- } +- +- *flags = 0; +- +- for (i = 0; i < argc; i++) { +- if (! (entry = Tcl_FindHashEntry(table, argv[i]))) { +- Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0); +- retcode = TCL_ERROR; +- break; +- } +- *flags |= *(krb5_flags *) Tcl_GetHashValue(entry); +- } +- +- Tcl_Free((char *) argv); +- return(retcode); +-} +- +-static Tcl_DString *unparse_privs(krb5_flags flags) +-{ +- return unparse_flags(priv_flags, sizeof(priv_flags) / +- sizeof(struct flagval), flags); +-} +- +- +-static Tcl_DString *unparse_krb5_flags(krb5_flags flags) +-{ +- return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) / +- sizeof(struct flagval), flags); +-} +- +-static int parse_krb5_flags(Tcl_Interp *interp, const char *str, +- krb5_flags *flags) +-{ +- krb5_flags tmp; +- static Tcl_HashTable *table = 0; +- int tcl_ret; +- +- if ((tcl_ret = parse_flags(interp, table, krb5_flags_array, +- sizeof(krb5_flags_array) / +- sizeof(struct flagval), +- str, &tmp)) != TCL_OK) { +- return tcl_ret; +- } +- +- *flags = tmp; +- return TCL_OK; +-} +- +-static Tcl_DString *unparse_aux_attributes(krb5_int32 flags) +-{ +- return unparse_flags(aux_attributes, sizeof(aux_attributes) / +- sizeof(struct flagval), flags); +-} +- +- +-static int parse_aux_attributes(Tcl_Interp *interp, const char *str, +- long *flags) +-{ +- krb5_flags tmp; +- static Tcl_HashTable *table = 0; +- int tcl_ret; +- +- if ((tcl_ret = parse_flags(interp, table, aux_attributes, +- sizeof(aux_attributes) / +- sizeof(struct flagval), +- str, &tmp)) != TCL_OK) { +- return tcl_ret; +- } +- +- *flags = tmp; +- return TCL_OK; +-} +- +-static int parse_principal_mask(Tcl_Interp *interp, const char *str, +- krb5_int32 *flags) +-{ +- krb5_flags tmp; +- static Tcl_HashTable *table = 0; +- int tcl_ret; +- +- if ((tcl_ret = parse_flags(interp, table, principal_mask_flags, +- sizeof(principal_mask_flags) / +- sizeof(struct flagval), +- str, &tmp)) != TCL_OK) { +- return tcl_ret; +- } +- +- *flags = tmp; +- return TCL_OK; +-} +- +-static int parse_policy_mask(Tcl_Interp *interp, const char *str, +- krb5_int32 *flags) +-{ +- krb5_flags tmp; +- static Tcl_HashTable *table = 0; +- int tcl_ret; +- +- if ((tcl_ret = parse_flags(interp, table, policy_mask_flags, +- sizeof(policy_mask_flags) / +- sizeof(struct flagval), +- str, &tmp)) != TCL_OK) { +- return tcl_ret; +- } +- +- *flags = tmp; +- return TCL_OK; +-} +- +- +-static Tcl_DString *unparse_principal_ent(kadm5_principal_ent_t princ, +- krb5_int32 mask) +-{ +- Tcl_DString *str, *tmp_dstring; +- char *tmp; +- char buf[20]; +- krb5_error_code krb5_ret; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- tmp = 0; /* It looks to me from looking at the library source */ +- /* code for krb5_parse_name that the pointer passed into */ +- /* it should be initialized to 0 if I want it do be */ +- /* allocated automatically. */ +- if (mask & KADM5_PRINCIPAL) { +- krb5_ret = krb5_unparse_name(context, princ->principal, &tmp); +- if (krb5_ret) { +- /* XXX Do we want to return an error? Not sure. */ +- Tcl_DStringAppendElement(str, "[unparsable principal]"); +- } +- else { +- Tcl_DStringAppendElement(str, tmp); +- free(tmp); +- } +- } else +- Tcl_DStringAppendElement(str, "null"); +- +- sprintf(buf, "%u", (unsigned int)princ->princ_expire_time); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%u", (unsigned int)princ->last_pwd_change); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%u", (unsigned int)princ->pw_expiration); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", princ->max_life); +- Tcl_DStringAppendElement(str, buf); +- +- tmp = 0; +- if (mask & KADM5_MOD_NAME) { +- if ((krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp))) { +- /* XXX */ +- Tcl_DStringAppendElement(str, "[unparsable principal]"); +- } +- else { +- Tcl_DStringAppendElement(str, tmp); +- free(tmp); +- } +- } else +- Tcl_DStringAppendElement(str, "null"); +- +- sprintf(buf, "%u", (unsigned int)princ->mod_date); +- Tcl_DStringAppendElement(str, buf); +- +- if (mask & KADM5_ATTRIBUTES) { +- tmp_dstring = unparse_krb5_flags(princ->attributes); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- } else +- Tcl_DStringAppendElement(str, "null"); +- +- sprintf(buf, "%d", princ->kvno); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", princ->mkvno); +- Tcl_DStringAppendElement(str, buf); +- +- /* XXX This may be dangerous, because the contents of the policy */ +- /* field are undefined if the POLICY bit isn't set. However, I */ +- /* think it's a bug for the field not to be null in that case */ +- /* anyway, so we should assume that it will be null so that we'll */ +- /* catch it if it isn't. */ +- +- tmp_dstring = unparse_str(princ->policy); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- +- tmp_dstring = unparse_aux_attributes(princ->aux_attributes); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- +- sprintf(buf, "%d", princ->max_renewable_life); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%u", (unsigned int)princ->last_success); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%u", (unsigned int)princ->last_failed); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", princ->fail_auth_count); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", princ->n_key_data); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", princ->n_tl_data); +- Tcl_DStringAppendElement(str, buf); +- +- tmp_dstring = unparse_key_data(princ->key_data, princ->n_key_data); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- +- tmp_dstring = unparse_tl_data(princ->tl_data, princ->n_tl_data); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- +- return str; +-} +- +-static int parse_keysalts(Tcl_Interp *interp, const char *list, +- krb5_key_salt_tuple **keysalts, +- int num_keysalts) +-{ +- const char **argv, **argv1 = NULL; +- int i, tmp, argc, argc1, retcode; +- +- *keysalts = NULL; +- if (list == NULL) +- return TCL_OK; +- +- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return retcode; +- } +- if (argc != num_keysalts) { +- Tcl_SetResult(interp, "wrong number of keysalts", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- *keysalts = (krb5_key_salt_tuple *) +- malloc(sizeof(krb5_key_salt_tuple)*num_keysalts); +- for (i = 0; i < num_keysalts; i++) { +- if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != +- TCL_OK) { +- goto finished; +- } +- if (argc1 != 2) { +- Tcl_SetResult(interp, "wrong # of fields in keysalt", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- /* XXX this used to be argv1[1] too! */ +- if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing ks_enctype"); +- retcode = TCL_ERROR; +- goto finished; +- } +- (*keysalts)[i].ks_enctype = tmp; +- if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing ks_salttype"); +- goto finished; +- } +- (*keysalts)[i].ks_salttype = tmp; +- +- Tcl_Free((char *) argv1); +- argv1 = NULL; +- } +- +-finished: +- if (argv1) { +- Tcl_Free((char *) argv1); +- } +- Tcl_Free((char *) argv); +- return retcode; +-} +- +-static int parse_key_data(Tcl_Interp *interp, const char *list, +- krb5_key_data **key_data, +- int n_key_data) +-{ +- const char **argv = NULL; +- int argc, retcode; +- +- *key_data = NULL; +- if (list == NULL) { +- if (n_key_data != 0) { +- Tcl_SetResult(interp, "wrong number of key_datas", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } else +- return TCL_OK; +- } +- +- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return retcode; +- } +- if (argc != n_key_data) { +- Tcl_SetResult(interp, "wrong number of key_datas", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if (argc != 0) { +- Tcl_SetResult(interp, "cannot parse key_data yet", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +-finished: +- Tcl_Free((char *) argv); +- return retcode; +-} +- +-static int parse_tl_data(Tcl_Interp *interp, const char *list, +- krb5_tl_data **tlp, +- int n_tl_data) +-{ +- krb5_tl_data *tl, *tl2; +- const char **argv = NULL, **argv1 = NULL; +- int i, tmp, argc, argc1, retcode; +- +- *tlp = NULL; +- if (list == NULL) { +- if (n_tl_data != 0) { +- Tcl_SetResult(interp, "wrong number of tl_datas", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } else +- return TCL_OK; +- } +- +- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return retcode; +- } +- if (argc != n_tl_data) { +- Tcl_SetResult(interp, "wrong number of tl_datas", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- tl = tl2 = NULL; +- for (i = 0; i < n_tl_data; i++) { +- tl2 = (krb5_tl_data *) malloc(sizeof(krb5_tl_data)); +- memset(tl2, 0, sizeof(krb5_tl_data)); +- tl2->tl_data_next = tl; +- tl = tl2; +- } +- tl2 = tl; +- +- for (i = 0; i < n_tl_data; i++) { +- if ((retcode = Tcl_SplitList(interp, argv[i], &argc1, &argv1)) != +- TCL_OK) { +- goto finished; +- } +- if (argc1 != 3) { +- Tcl_SetResult(interp, "wrong # of fields in tl_data", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = Tcl_GetInt(interp, argv1[0], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing tl_data_type"); +- retcode = TCL_ERROR; +- goto finished; +- } +- tl->tl_data_type = tmp; +- if ((retcode = Tcl_GetInt(interp, argv1[1], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing tl_data_length"); +- retcode = TCL_ERROR; +- goto finished; +- } +- tl->tl_data_length = tmp; +- if (tl->tl_data_length != strlen(argv1[2])) { +- Tcl_SetResult(interp, "length != string length", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- tl->tl_data_contents = (krb5_octet *) strdup(argv1[2]); +- +- Tcl_Free((char *) argv1); +- argv1 = NULL; +- tl = tl->tl_data_next; +- } +- if (tl != NULL) { +- Tcl_SetResult(interp, "tl is not NULL!", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- *tlp = tl2; +- +-finished: +- if (argv1) { +- Tcl_Free((char *) argv1); +- } +- Tcl_Free((char *) argv); +- return retcode; +-} +- +-static int parse_config_params(Tcl_Interp *interp, char *list, +- kadm5_config_params *params) +-{ +- static Tcl_HashTable *table = 0; +- const char **argv = NULL; +- int tmp, argc, retcode; +- +- memset(params, 0, sizeof(kadm5_config_params)); +- if (list == NULL) +- return TCL_OK; +- +- if ((retcode = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return retcode; +- } +- +- if (argc != 20) { +- Tcl_SetResult(interp, "wrong # args in config params structure", +- TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if ((retcode = parse_flags(interp, table, config_mask_flags, +- sizeof(config_mask_flags) / +- sizeof(struct flagval), +- argv[0], &tmp)) != TCL_OK) { +- goto finished; +- } +- params->mask = tmp; +- +- if ((retcode = parse_str(interp, argv[1], ¶ms->realm)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing realm name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = Tcl_GetInt(interp, argv[2], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing kadmind_port"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->kadmind_port = tmp; +- if ((retcode = parse_str(interp, argv[3], ¶ms->admin_server)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing profile name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = parse_str(interp, argv[4], ¶ms->dbname)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing profile name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- /* Ignore argv[5], which used to set the admin_dbname field. */ +- /* Ignore argv[6], which used to set the admin_lockfile field. */ +- /* Ignore argv[7], which used to set the admin_keytab field. */ +- if ((retcode = parse_str(interp, argv[8], ¶ms->acl_file)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing acl_file name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = parse_str(interp, argv[9], ¶ms->dict_file)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing dict_file name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = Tcl_GetInt(interp, argv[10], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing mkey_from_kbd"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->mkey_from_kbd = tmp; +- if ((retcode = parse_str(interp, argv[11], ¶ms->stash_file)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing stash_file name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = parse_str(interp, argv[12], ¶ms->mkey_name)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing mkey_name name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((retcode = Tcl_GetInt(interp, argv[13], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing enctype"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->enctype = tmp; +- if ((retcode = Tcl_GetInt(interp, argv[14], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing max_life"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->max_life = tmp; +- if ((retcode = Tcl_GetInt(interp, argv[15], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing max_rlife"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->max_rlife = tmp; +- if ((retcode = Tcl_GetInt(interp, argv[16], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing expiration"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->expiration = tmp; +- if ((retcode = parse_krb5_flags(interp, argv[17], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing flags"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->flags = tmp; +- if ((retcode = Tcl_GetInt(interp, argv[18], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing num_keysalts"); +- retcode = TCL_ERROR; +- goto finished; +- } +- params->num_keysalts = tmp; +- if ((retcode = parse_keysalts(interp, argv[19], ¶ms->keysalts, +- params->num_keysalts)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing keysalts"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +-finished: +- return retcode; +-} +- +-static int parse_principal_ent(Tcl_Interp *interp, char *list, +- kadm5_principal_ent_t *out_princ) +-{ +- kadm5_principal_ent_t princ = 0; +- krb5_error_code krb5_ret; +- int tcl_ret; +- int argc; +- const char **argv; +- int tmp; +- int retcode = TCL_OK; +- +- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return tcl_ret; +- } +- +- if (argc != 12 && argc != 20) { +- Tcl_SetResult(interp, "wrong # args in principal structure", +- TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if (! (princ = malloc(sizeof *princ))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- memset(princ, 0, sizeof(*princ)); +- +- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- /* +- * All of the numerical values parsed here are parsed into an +- * "int" and then assigned into the structure in case the actual +- * width of the field in the Kerberos structure is different from +- * the width of an integer. +- */ +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing princ_expire_time"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->princ_expire_time = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing last_pwd_change"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->last_pwd_change = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_expiration"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->pw_expiration = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing max_life"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->max_life = tmp; +- +- if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing mod_name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing mod_date"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->mod_date = tmp; +- +- if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing attributes"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing kvno"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->kvno = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing mkvno"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->mkvno = tmp; +- +- if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if(princ->policy != NULL) { +- if(!(princ->policy = strdup(princ->policy))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); +- } +- } +- +- if ((tcl_ret = parse_aux_attributes(interp, argv[11], +- &princ->aux_attributes)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing aux_attributes"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if (argc == 12) goto finished; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[12], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing max_renewable_life"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->max_renewable_life = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[13], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing last_success"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->last_success = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[14], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing last_failed"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->last_failed = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[15], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing fail_auth_count"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->fail_auth_count = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[16], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing n_key_data"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->n_key_data = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[17], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing n_tl_data"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->n_tl_data = tmp; +- +- if ((tcl_ret = parse_key_data(interp, argv[18], +- &princ->key_data, +- princ->n_key_data)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing key_data"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if ((tcl_ret = parse_tl_data(interp, argv[19], +- &princ->tl_data, +- princ->n_tl_data)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing tl_data"); +- retcode = TCL_ERROR; +- goto finished; +- } +- princ->n_tl_data = tmp; +- +-finished: +- Tcl_Free((char *) argv); +- *out_princ = princ; +- return retcode; +-} +- +- +-static void free_principal_ent(kadm5_principal_ent_t *princ) +-{ +- krb5_free_principal(context, (*princ)->principal); +- krb5_free_principal(context, (*princ)->mod_name); +- free((*princ)->policy); +- free(*princ); +- *princ = 0; +-} +- +-static Tcl_DString *unparse_policy_ent(kadm5_policy_ent_t policy) +-{ +- Tcl_DString *str, *tmp_dstring; +- char buf[20]; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- tmp_dstring = unparse_str(policy->policy); +- Tcl_DStringAppendElement(str, tmp_dstring->string); +- Tcl_DStringFree(tmp_dstring); +- free(tmp_dstring); +- +- sprintf(buf, "%ld", policy->pw_min_life); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%ld", policy->pw_max_life); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%ld", policy->pw_min_length); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%ld", policy->pw_min_classes); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%ld", policy->pw_history_num); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%ld", policy->policy_refcnt); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", policy->pw_max_fail); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", policy->pw_failcnt_interval); +- Tcl_DStringAppendElement(str, buf); +- +- sprintf(buf, "%d", policy->pw_lockout_duration); +- Tcl_DStringAppendElement(str, buf); +- +- return str; +-} +- +- +- +-static int parse_policy_ent(Tcl_Interp *interp, char *list, +- kadm5_policy_ent_t *out_policy) +-{ +- kadm5_policy_ent_t policy = 0; +- int tcl_ret; +- int argc; +- const char **argv; +- int tmp; +- int retcode = TCL_OK; +- +- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) { +- return tcl_ret; +- } +- +- if (argc != 7 && argc != 10) { +- Tcl_SetResult(interp, "wrong # args in policy structure", TCL_STATIC); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if (! (policy = malloc(sizeof *policy))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if(policy->policy != NULL) { +- if (! (policy->policy = strdup(policy->policy))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- } +- +- /* +- * All of the numerical values parsed here are parsed into an +- * "int" and then assigned into the structure in case the actual +- * width of the field in the Kerberos structure is different from +- * the width of an integer. +- */ +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_min_life"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_min_life = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_max_life"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_max_life = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_min_length"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_min_length = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_min_classes"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_min_classes = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_history_num"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_history_num = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy_refcnt"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->policy_refcnt = tmp; +- +- if (argc == 7) goto finished; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[7], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_max_fail"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_max_fail = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_failcnt_interval"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_failcnt_interval = tmp; +- +- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp)) +- != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_lockout_duration"); +- retcode = TCL_ERROR; +- goto finished; +- } +- policy->pw_lockout_duration = tmp; +- +-finished: +- Tcl_Free((char *) argv); +- *out_policy = policy; +- return retcode; +-} +- +- +-static void free_policy_ent(kadm5_policy_ent_t *policy) +-{ +- free((*policy)->policy); +- free(*policy); +- *policy = 0; +-} +- +-static Tcl_DString *unparse_keytype(krb5_enctype enctype) +-{ +- Tcl_DString *str; +- char buf[50]; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- switch (enctype) { +- /* XXX is this right? */ +- case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break; +- default: +- sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype); +- Tcl_DStringAppend(str, buf, -1); +- break; +- } +- +- return str; +-} +- +- +-static Tcl_DString *unparse_keyblocks(krb5_keyblock *keyblocks, int num_keys) +-{ +- Tcl_DString *str; +- Tcl_DString *keytype; +- unsigned int i; +- int j; +- +- if (! (str = malloc(sizeof(*str)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- +- Tcl_DStringInit(str); +- +- for (j = 0; j < num_keys; j++) { +- krb5_keyblock *keyblock = &keyblocks[j]; +- +- Tcl_DStringStartSublist(str); +- +- keytype = unparse_keytype(keyblock->enctype); +- Tcl_DStringAppendElement(str, keytype->string); +- Tcl_DStringFree(keytype); +- free(keytype); +- if (keyblock->length == 0) { +- Tcl_DStringAppendElement(str, "0x00"); +- } +- else { +- Tcl_DStringAppendElement(str, "0x"); +- for (i = 0; i < keyblock->length; i++) { +- char buf[3]; +- sprintf(buf, "%02x", (int) keyblock->contents[i]); +- Tcl_DStringAppend(str, buf, -1); +- } +- } +- +- Tcl_DStringEndSublist(str); +- } +- +- +- return str; +-} +- +-enum init_type { INIT_NONE, INIT_PASS, INIT_CREDS }; +- +-static int _tcl_kadm5_init_any(enum init_type init_type, ClientData clientData, +- Tcl_Interp *interp, int argc, const char *argv[]) +-{ +- kadm5_ret_t ret; +- char *client_name, *pass, *service_name; +- int tcl_ret; +- krb5_ui_4 struct_version, api_version; +- const char *handle_var; +- void *server_handle; +- char *handle_name, *params_str; +- const char *whoami = argv[0]; +- kadm5_config_params params; +- +- argv++, argc--; +- +- kadm5_init_krb5_context(&context); +- +- if (argc != 7) { +- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); +- return TCL_ERROR; +- } +- +- if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) || +- ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) || +- ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) || +- ((tcl_ret = parse_str(interp, argv[3], ¶ms_str)) != TCL_OK) || +- ((tcl_ret = parse_config_params(interp, params_str, ¶ms)) +- != TCL_OK) || +- ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) != +- TCL_OK) || +- ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) != +- TCL_OK)) { +- return tcl_ret; +- } +- +- handle_var = argv[6]; +- +- if (! (handle_var && *handle_var)) { +- Tcl_SetResult(interp, "must specify server handle variable name", +- TCL_STATIC); +- return TCL_ERROR; +- } +- +- if (init_type == INIT_CREDS) { +- krb5_ccache cc; +- +- if (pass == NULL) { +- if ((ret = krb5_cc_default(context, &cc))) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- } else { +- if ((ret = krb5_cc_resolve(context, pass, &cc))) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- } +- +- ret = kadm5_init_with_creds(context, client_name, cc, service_name, +- ¶ms, struct_version, +- api_version, NULL, &server_handle); +- +- (void) krb5_cc_close(context, cc); +- } else +- ret = kadm5_init(context, client_name, pass, service_name, ¶ms, +- struct_version, api_version, NULL, &server_handle); +- +- /* The string fields of params are aliases into argv[3], but +- * params.keysalts is allocated, so clean it up. */ +- free(params.keysalts); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- +- if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name)) +- != TCL_OK) { +- return tcl_ret; +- } +- +- if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) { +- return TCL_ERROR; +- } +- +- set_ok(interp, "KADM5 API initialized."); +- return TCL_OK; +-} +- +-static int tcl_kadm5_init(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- return _tcl_kadm5_init_any(INIT_PASS, clientData, interp, argc, argv); +-} +- +-static int tcl_kadm5_init_with_creds(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- return _tcl_kadm5_init_any(INIT_CREDS, clientData, interp, argc, argv); +-} +- +-static int tcl_kadm5_destroy(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- kadm5_ret_t ret; +- int tcl_ret; +- +- GET_HANDLE(0, 0); +- +- ret = kadm5_destroy(server_handle); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- +- if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) { +- return tcl_ret; +- } +- +- set_ok(interp, "KADM5 API deinitialized."); +- return TCL_OK; +-} +- +-static int tcl_kadm5_create_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- int tcl_ret; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- char *princ_string; +- kadm5_principal_ent_t princ = 0; +- krb5_int32 mask; +- char *pw; +-#ifdef OVERRIDE +- int override_qual; +-#endif +- +- GET_HANDLE(3, 0); +- +- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing principal"); +- return tcl_ret; +- } +- +- if (princ_string && +- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) +- != TCL_OK)) { +- return tcl_ret; +- } +- +- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { +- retcode = tcl_ret; +- goto finished; +- } +- +- if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) { +- retcode = tcl_ret; +- goto finished; +- } +-#ifdef OVERRIDE +- if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) != +- TCL_OK) { +- retcode = tcl_ret; +- goto finished; +- } +-#endif +- +-#ifdef OVERRIDE +- ret = kadm5_create_principal(server_handle, princ, mask, pw, +- override_qual); +-#else +- ret = kadm5_create_principal(server_handle, princ, mask, pw); +-#endif +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- goto finished; +- } +- else { +- set_ok(interp, "Principal created."); +- } +- +-finished: +- if (princ) { +- free_principal_ent(&princ); +- } +- return retcode; +-} +- +- +- +-static int tcl_kadm5_delete_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal princ; +- krb5_error_code krb5_ret; +- kadm5_ret_t ret; +- int tcl_ret; +- char *name; +- +- GET_HANDLE(1, 0); +- +- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) +- return tcl_ret; +- if(name != NULL) { +- if ((krb5_ret = krb5_parse_name(context, name, &princ))) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal"); +- return TCL_ERROR; +- } +- } else princ = NULL; +- ret = kadm5_delete_principal(server_handle, princ); +- +- if(princ != NULL) +- krb5_free_principal(context, princ); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- else { +- set_ok(interp, "Principal deleted."); +- return TCL_OK; +- } +-} +- +- +- +-static int tcl_kadm5_modify_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- char *princ_string; +- kadm5_principal_ent_t princ = 0; +- int tcl_ret; +- krb5_int32 mask; +- int retcode = TCL_OK; +- kadm5_ret_t ret; +- +- GET_HANDLE(2, 0); +- +- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing principal"); +- return tcl_ret; +- } +- +- if (princ_string && +- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ)) +- != TCL_OK)) { +- return tcl_ret; +- } +- +- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) { +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_modify_principal(server_handle, princ, mask); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- else { +- set_ok(interp, "Principal modified."); +- } +- +-finished: +- if (princ) { +- free_principal_ent(&princ); +- } +- return retcode; +-} +- +- +-static int tcl_kadm5_rename_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal source, target; +- krb5_error_code krb5_ret; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- +- GET_HANDLE(2, 0); +- +- if ((krb5_ret = krb5_parse_name(context, argv[0], &source)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing source"); +- return TCL_ERROR; +- } +- +- if ((krb5_ret = krb5_parse_name(context, argv[1], &target)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing target"); +- krb5_free_principal(context, source); +- return TCL_ERROR; +- } +- +- ret = kadm5_rename_principal(server_handle, source, target); +- +- if (ret == KADM5_OK) { +- set_ok(interp, "Principal renamed."); +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +- krb5_free_principal(context, source); +- krb5_free_principal(context, target); +- return retcode; +-} +- +- +- +-static int tcl_kadm5_chpass_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal princ; +- char *pw; +-#ifdef OVERRIDE +- int override_qual; +-#endif +- krb5_error_code krb5_ret; +- int retcode = TCL_OK; +- kadm5_ret_t ret; +- +- GET_HANDLE(2, 0); +- +- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal name"); +- return TCL_ERROR; +- } +- +- if (parse_str(interp, argv[1], &pw) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing password"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +-#ifdef OVERRIDE +- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing override_qual"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_chpass_principal(server_handle, +- princ, pw, override_qual); +-#else +- ret = kadm5_chpass_principal(server_handle, princ, pw); +-#endif +- +- if (ret == KADM5_OK) { +- set_ok(interp, "Password changed."); +- goto finished; +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +-finished: +- krb5_free_principal(context, princ); +- return retcode; +-} +- +- +- +-static int tcl_kadm5_chpass_principal_util(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal princ; +- char *new_pw; +-#ifdef OVERRIDE +- int override_qual; +-#endif +- char *pw_ret, *pw_ret_var; +- char msg_ret[1024], *msg_ret_var; +- krb5_error_code krb5_ret; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- +- GET_HANDLE(4, 0); +- +- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal name"); +- return TCL_ERROR; +- } +- +- if (parse_str(interp, argv[1], &new_pw) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing new password"); +- retcode = TCL_ERROR; +- goto finished; +- } +-#ifdef OVERRIDE +- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing override_qual"); +- retcode = TCL_ERROR; +- goto finished; +- } +-#endif +- if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing pw_ret variable name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing msg_ret variable name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_chpass_principal_util(server_handle, princ, new_pw, +-#ifdef OVERRIDE +- override_qual, +-#endif +- pw_ret_var ? &pw_ret : 0, +- msg_ret_var ? msg_ret : 0, +- msg_ret_var ? sizeof(msg_ret) : 0); +- +- if (ret == KADM5_OK) { +- if (pw_ret_var && +- (! Tcl_SetVar(interp, pw_ret_var, pw_ret, +- TCL_LEAVE_ERR_MSG))) { +- Tcl_AppendElement(interp, "while setting pw_ret variable"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if (msg_ret_var && +- (! Tcl_SetVar(interp, msg_ret_var, msg_ret, +- TCL_LEAVE_ERR_MSG))) { +- Tcl_AppendElement(interp, +- "while setting msg_ret variable"); +- retcode = TCL_ERROR; +- goto finished; +- } +- set_ok(interp, "Password changed."); +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +-finished: +- krb5_free_principal(context, princ); +- return retcode; +-} +- +- +- +-static int tcl_kadm5_randkey_principal(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal princ; +- krb5_keyblock *keyblocks; +- int num_keys; +- char *keyblock_var, *num_var, buf[50]; +- Tcl_DString *keyblock_dstring = 0; +- krb5_error_code krb5_ret; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- +- GET_HANDLE(3, 0); +- +- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal name"); +- return TCL_ERROR; +- } +- +- if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing keyblock variable name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if (parse_str(interp, argv[2], &num_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing keyblock variable name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_randkey_principal(server_handle, +- princ, keyblock_var ? &keyblocks : 0, +- &num_keys); +- +- if (ret == KADM5_OK) { +- if (keyblock_var) { +- keyblock_dstring = unparse_keyblocks(keyblocks, num_keys); +- if (! Tcl_SetVar(interp, keyblock_var, +- keyblock_dstring->string, +- TCL_LEAVE_ERR_MSG)) { +- Tcl_AppendElement(interp, +- "while setting keyblock variable"); +- retcode = TCL_ERROR; +- goto finished; +- } +- } +- if (num_var) { +- sprintf(buf, "%d", num_keys); +- if (! Tcl_SetVar(interp, num_var, buf, +- TCL_LEAVE_ERR_MSG)) { +- Tcl_AppendElement(interp, +- "while setting num_keys variable"); +- } +- } +- set_ok(interp, "Key randomized."); +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +-finished: +- krb5_free_principal(context, princ); +- if (keyblock_dstring) { +- Tcl_DStringFree(keyblock_dstring); +- free(keyblock_dstring); +- } +- return retcode; +-} +- +- +- +-static int tcl_kadm5_get_principal(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- krb5_principal princ; +- kadm5_principal_ent_rec ent; +- Tcl_DString *ent_dstring = 0; +- char *ent_var; +- char *name; +- krb5_error_code krb5_ret; +- int tcl_ret; +- kadm5_ret_t ret = -1; +- krb5_int32 mask; +- int retcode = TCL_OK; +- +- GET_HANDLE(3, 1); +- +- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK) +- return tcl_ret; +- if(name != NULL) { +- if ((krb5_ret = krb5_parse_name(context, name, &princ)) != 0) { +- stash_error(interp, krb5_ret); +- Tcl_AppendElement(interp, "while parsing principal name"); +- return TCL_ERROR; +- } +- } else princ = NULL; +- +- if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing entry variable name"); +- retcode = TCL_ERROR; +- goto finished; +- } +- if ((tcl_ret = parse_principal_mask(interp, argv[2], &mask)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing principal mask"); +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_get_principal(server_handle, princ, ent_var ? &ent : 0, +- mask); +- +- if (ret == KADM5_OK) { +- if (ent_var) { +- ent_dstring = unparse_principal_ent(&ent, mask); +- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, +- TCL_LEAVE_ERR_MSG)) { +- Tcl_AppendElement(interp, +- "while setting entry variable"); +- retcode = TCL_ERROR; +- goto finished; +- } +- set_ok(interp, "Principal retrieved."); +- } +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +-finished: +- if (ent_dstring) { +- Tcl_DStringFree(ent_dstring); +- free(ent_dstring); +- } +- if(princ != NULL) +- krb5_free_principal(context, princ); +- if (ret == KADM5_OK && ent_var && +- (ret = kadm5_free_principal_ent(server_handle, &ent)) && +- (retcode == TCL_OK)) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- return retcode; +-} +- +-static int tcl_kadm5_create_policy(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- int tcl_ret; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- char *policy_string; +- kadm5_policy_ent_t policy = 0; +- krb5_int32 mask; +- +- GET_HANDLE(2, 0); +- +- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy"); +- return tcl_ret; +- } +- +- if (policy_string && +- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) +- != TCL_OK)) { +- return tcl_ret; +- } +- +- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { +- retcode = tcl_ret; +- goto finished; +- } +- +- ret = kadm5_create_policy(server_handle, policy, mask); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- goto finished; +- } +- else { +- set_ok(interp, "Policy created."); +- } +- +-finished: +- if (policy) { +- free_policy_ent(&policy); +- } +- return retcode; +-} +- +- +- +-static int tcl_kadm5_delete_policy(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- kadm5_ret_t ret; +- char *policy; +- +- GET_HANDLE(1, 0); +- +- if (parse_str(interp, argv[0], &policy) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy name"); +- return TCL_ERROR; +- } +- +- ret = kadm5_delete_policy(server_handle, policy); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- else { +- set_ok(interp, "Policy deleted."); +- return TCL_OK; +- } +-} +- +- +- +-static int tcl_kadm5_modify_policy(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- char *policy_string; +- kadm5_policy_ent_t policy = 0; +- int tcl_ret; +- krb5_int32 mask; +- int retcode = TCL_OK; +- kadm5_ret_t ret; +- +- GET_HANDLE(2, 0); +- +- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy"); +- return tcl_ret; +- } +- +- if (policy_string && +- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy)) +- != TCL_OK)) { +- return tcl_ret; +- } +- +- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) { +- retcode = TCL_ERROR; +- goto finished; +- } +- +- ret = kadm5_modify_policy(server_handle, policy, mask); +- +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- else { +- set_ok(interp, "Policy modified."); +- } +- +-finished: +- if (policy) { +- free_policy_ent(&policy); +- } +- return retcode; +-} +- +- +-static int tcl_kadm5_get_policy(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- kadm5_policy_ent_rec ent; +- Tcl_DString *ent_dstring = 0; +- char *policy; +- char *ent_var; +- kadm5_ret_t ret; +- int retcode = TCL_OK; +- +- GET_HANDLE(2, 1); +- +- if (parse_str(interp, argv[0], &policy) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing policy name"); +- return TCL_ERROR; +- } +- +- if (parse_str(interp, argv[1], &ent_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing entry variable name"); +- return TCL_ERROR; +- } +- +- ret = kadm5_get_policy(server_handle, policy, ent_var ? &ent : 0); +- +- if (ret == KADM5_OK) { +- if (ent_var) { +- ent_dstring = unparse_policy_ent(&ent); +- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string, +- TCL_LEAVE_ERR_MSG)) { +- Tcl_AppendElement(interp, +- "while setting entry variable"); +- retcode = TCL_ERROR; +- goto finished; +- } +- set_ok(interp, "Policy retrieved."); +- } +- } +- else { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- +-finished: +- if (ent_dstring) { +- Tcl_DStringFree(ent_dstring); +- free(ent_dstring); +- } +- if (ent_var && ret == KADM5_OK && +- (ret = kadm5_free_policy_ent(server_handle, &ent)) && +- (retcode == TCL_OK)) { +- stash_error(interp, ret); +- retcode = TCL_ERROR; +- } +- return retcode; +-} +- +- +- +-static int tcl_kadm5_free_principal_ent(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- char *ent_name; +- kadm5_principal_ent_t ent; +- kadm5_ret_t ret; +- +- GET_HANDLE(1, 0); +- +- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing entry name"); +- return TCL_ERROR; +- } +- +- if ((! ent_name) && +- (ret = kadm5_free_principal_ent(server_handle, 0))) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- else { +- Tcl_HashEntry *entry; +- +- if (strncmp(ent_name, "principal", sizeof("principal")-1)) { +- Tcl_AppendResult(interp, "invalid principal handle \"", +- ent_name, "\"", 0); +- return TCL_ERROR; +- } +- if (! struct_table) { +- if (! (struct_table = malloc(sizeof(*struct_table)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); +- } +- +- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { +- Tcl_AppendResult(interp, "principal handle \"", ent_name, +- "\" not found", 0); +- return TCL_ERROR; +- } +- +- ent = (kadm5_principal_ent_t) Tcl_GetHashValue(entry); +- +- ret = kadm5_free_principal_ent(server_handle, ent); +- if (ret != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- Tcl_DeleteHashEntry(entry); +- } +- set_ok(interp, "Principal freed."); +- return TCL_OK; +-} +- +- +-static int tcl_kadm5_free_policy_ent(ClientData clientData, +- Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- char *ent_name; +- kadm5_policy_ent_t ent; +- kadm5_ret_t ret; +- +- GET_HANDLE(1, 0); +- +- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing entry name"); +- return TCL_ERROR; +- } +- +- if ((! ent_name) && +- (ret = kadm5_free_policy_ent(server_handle, 0))) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- else { +- Tcl_HashEntry *entry; +- +- if (strncmp(ent_name, "policy", sizeof("policy")-1)) { +- Tcl_AppendResult(interp, "invalid principal handle \"", +- ent_name, "\"", 0); +- return TCL_ERROR; +- } +- if (! struct_table) { +- if (! (struct_table = malloc(sizeof(*struct_table)))) { +- fprintf(stderr, "Out of memory!\n"); +- exit(1); /* XXX */ +- } +- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS); +- } +- +- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) { +- Tcl_AppendResult(interp, "policy handle \"", ent_name, +- "\" not found", 0); +- return TCL_ERROR; +- } +- +- ent = (kadm5_policy_ent_t) Tcl_GetHashValue(entry); +- +- if ((ret = kadm5_free_policy_ent(server_handle, ent)) != KADM5_OK) { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +- Tcl_DeleteHashEntry(entry); +- } +- set_ok(interp, "Policy freed."); +- return TCL_OK; +-} +- +- +-static int tcl_kadm5_get_privs(ClientData clientData, Tcl_Interp *interp, +- int argc, const char *argv[]) +-{ +- const char *set_ret; +- kadm5_ret_t ret; +- char *priv_var; +- long privs; +- +- GET_HANDLE(1, 0); +- +- if (parse_str(interp, argv[0], &priv_var) != TCL_OK) { +- Tcl_AppendElement(interp, "while parsing privs variable name"); +- return TCL_ERROR; +- } +- +- ret = kadm5_get_privs(server_handle, priv_var ? &privs : 0); +- +- if (ret == KADM5_OK) { +- if (priv_var) { +- Tcl_DString *str = unparse_privs(privs); +- set_ret = Tcl_SetVar(interp, priv_var, str->string, +- TCL_LEAVE_ERR_MSG); +- Tcl_DStringFree(str); +- free(str); +- if (! set_ret) { +- Tcl_AppendElement(interp, "while setting priv variable"); +- return TCL_ERROR; +- } +- } +- set_ok(interp, "Privileges retrieved."); +- return TCL_OK; +- } +- else { +- stash_error(interp, ret); +- return TCL_ERROR; +- } +-} +- +- +-void Tcl_kadm5_init(Tcl_Interp *interp) +-{ +- char buf[20]; +- +- Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE", +- KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY); +- Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE", +- KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION); +- Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_API_VERSION_2); +- Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_API_VERSION_3); +- Tcl_SetVar(interp, "KADM5_API_VERSION_3", buf, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_API_VERSION_4); +- Tcl_SetVar(interp, "KADM5_API_VERSION_4", buf, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_API_VERSION_MASK); +- Tcl_SetVar(interp, "KADM5_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY); +- (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION_MASK); +- Tcl_SetVar(interp, "KADM5_STRUCT_VERSION_MASK", buf, +- TCL_GLOBAL_ONLY); +- +- Tcl_CreateCommand(interp, "kadm5_init", tcl_kadm5_init, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_init_with_creds", +- tcl_kadm5_init_with_creds, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_destroy", tcl_kadm5_destroy, 0, +- 0); +- Tcl_CreateCommand(interp, "kadm5_create_principal", +- tcl_kadm5_create_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_delete_principal", +- tcl_kadm5_delete_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_modify_principal", +- tcl_kadm5_modify_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_rename_principal", +- tcl_kadm5_rename_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_chpass_principal", +- tcl_kadm5_chpass_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_chpass_principal_util", +- tcl_kadm5_chpass_principal_util, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_randkey_principal", +- tcl_kadm5_randkey_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_get_principal", +- tcl_kadm5_get_principal, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_create_policy", +- tcl_kadm5_create_policy, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_delete_policy", +- tcl_kadm5_delete_policy, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_modify_policy", +- tcl_kadm5_modify_policy, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_get_policy", +- tcl_kadm5_get_policy, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_free_principal_ent", +- tcl_kadm5_free_principal_ent, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_free_policy_ent", +- tcl_kadm5_free_policy_ent, 0, 0); +- Tcl_CreateCommand(interp, "kadm5_get_privs", +- tcl_kadm5_get_privs, 0, 0); +-} +diff --git a/src/kadmin/testing/util/tcl_kadm5.h b/src/kadmin/testing/util/tcl_kadm5.h +deleted file mode 100644 +index 1f91a11a1..000000000 +--- a/src/kadmin/testing/util/tcl_kadm5.h ++++ /dev/null +@@ -1,3 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +- +-void Tcl_kadm5_init(Tcl_Interp *interp); +diff --git a/src/kadmin/testing/util/tcl_kadm5_syntax b/src/kadmin/testing/util/tcl_kadm5_syntax +deleted file mode 100644 +index 5f16e58e0..000000000 +--- a/src/kadmin/testing/util/tcl_kadm5_syntax ++++ /dev/null +@@ -1,57 +0,0 @@ +-Here's a brief summary of the syntax of the tcl versions of the +-kadm5 functions: +- +-string Can be a string or "null" which will turn into a null pointer +-principal_ent A 12-field list in the order of the principal_ent +- structure: {string number number number number string +- number mask number number string mask} +- It can also be "null", like a string, to indicate that +- a null structure pointer should be used. +-mask Either a number, representing the actual value of the +- mask, or a sequence of symbols in a list. Example: +- {PRINCIPAL ATTRIBUTES} is a valid principal mask. +-boolean "1", "0", "true", "false", etc. +-varname The name of a Tcl variable, or "null" to not assign. +-policy_ent Similar to principal_ent, but with seven fields, +- instead of 12. The first is a string, and the rest +- are numbers. +- +-init +- client_name:string pass:string service_name:string +- realm:string struct_version:int api_version:int +- server_handle_ret:varname +-destroy +- server_handle:string +-create_principal +- server_handle:string principal:principal_ent +- mask:principal_mask password:string +-delete_principal +- server_handle:string name:string +-modify_principal +- server_handle:string principal_principal_ent +- mask:principal_mask +-rename_principal +- server_handle:string source:string target:string +-chpass_principal +- server_handle:string name:string password:string +-chpass_principal_util +- server_handle:string name:string password:string +- pw_ret:varname msg_ret:varname +-randkey_principal +- server_handle:string name:string keyblock_var:varname +-get_principal [-struct] +- server_handle:string name:string princ_var:varname +-create_policy +- server_handle:string policy:policy_ent mask:policy_mask +-delete_policy +- server_handle:string name:string +-modify_policy +- server_handle:string policy:policy_ent mask:policy_mask +-get_policy [-struct] +- server_handle:string name:string policy_var:varname +-free_principal_ent +- server_handle:string handle:string +-free_policy_ent +- server_handle:string handle:string +-get_privs +- server_handle:string privs:priv_var +diff --git a/src/kadmin/testing/util/tcl_krb5_hash.c b/src/kadmin/testing/util/tcl_krb5_hash.c +deleted file mode 100644 +index 35c6bb0b3..000000000 +--- a/src/kadmin/testing/util/tcl_krb5_hash.c ++++ /dev/null +@@ -1,167 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-/* +- * All of the TCL krb5 functions which return (or place into output +- * variables) structures or pointers to structures that can't be +- * represented as tcl native types, do so by returning a handle for +- * the appropriate structure. The handle is a string of the form +- * "type$id", where "type" is the type of datum represented by the +- * handle and "id" is a unique identifier for it. This handle can +- * then be used later by the caller to refer to the object, and +- * internally to retrieve the actually datum from the appropriate hash +- * table. +- * +- * The functions in this file do four things: +- * +- * 1) Given a pointer to a datum and a string representing the type of +- * datum to which the pointer refers, create a new handle for the +- * datum, store the datum in the hash table using the new handle as +- * its key, and return the new handle. +- * +- * 2) Given a handle, locate and return the appropriate hash table +- * datum. +- * +- * 3) Given a handle, look through a table of types and unparse +- * functions to figure out what function to call to get a string +- * representation of the datum, call it with the appropriate pointer +- * (obtained from the hash table) as an argument, and return the +- * resulting string as the unparsed form of the datum. +- * +- * 4) Given a handle, remove that handle and its associated datum from +- * the hash table (but don't free it -- it's assumed to have already +- * been freed by the caller). +- */ +- +-#if HAVE_TCL_H +-#include +-#elif HAVE_TCL_TCL_H +-#include +-#endif +-#include +- +-#define SEP_STR "$" +- +-static char *memory_error = "out of memory"; +- +-/* +- * Right now, we're only using one hash table. However, at some point +- * in the future, we might decide to use a separate hash table for +- * every type. Therefore, I'm putting this function in as an +- * abstraction so it's the only thing we'll have to change if we +- * decide to do that. +- * +- * Also, this function allows us to put in just one place the code for +- * checking to make sure that the hash table exists and initializing +- * it if it doesn't. +- */ +- +-static TclHashTable *get_hash_table(Tcl_Interp *interp, +- char *type) +-{ +- static Tcl_HashTable *hash_table = 0; +- +- if (! hash_table) { +- if (! (hash_table = malloc(sizeof(*hash_table)))) { +- Tcl_SetResult(interp, memory_error, TCL_STATIC); +- return 0; +- } +- Tcl_InitHashTable(hash_table, TCL_STRING_KEYS); +- } +- return hash_table; +-} +- +-#define MAX_ID 999999999 +-#define ID_BUF_SIZE 10 +- +-static Tcl_HashEntry *get_new_handle(Tcl_Interp *interp, +- char *type) +-{ +- static unsigned long int id_counter = 0; +- Tcl_DString *handle; +- char int_buf[ID_BUF_SIZE]; +- +- if (! (handle = malloc(sizeof(*handle)))) { +- Tcl_SetResult(interp, memory_error, TCL_STATIC); +- return 0; +- } +- Tcl_DStringInit(handle); +- +- assert(id_counter <= MAX_ID); +- +- sprintf(int_buf, "%d", id_counter++); +- +- Tcl_DStringAppend(handle, type, -1); +- Tcl_DStringAppend(handle, SEP_STR, -1); +- Tcl_DStringAppend(handle, int_buf, -1); +- +- return handle; +-} +- +- +-Tcl_DString *tcl_krb5_create_object(Tcl_Interp *interp, +- char *type, +- ClientData datum) +-{ +- Tcl_HashTable *table; +- Tcl_DString *handle; +- Tcl_HashEntry *entry; +- int entry_created = 0; +- +- if (! (table = get_hash_table(interp, type))) { +- return 0; +- } +- +- if (! (handle = get_new_handle(interp, type))) { +- return 0; +- } +- +- if (! (entry = Tcl_CreateHashEntry(table, handle, &entry_created))) { +- Tcl_SetResult(interp, "error creating hash entry", TCL_STATIC); +- Tcl_DStringFree(handle); +- return TCL_ERROR; +- } +- +- assert(entry_created); +- +- Tcl_SetHashValue(entry, datum); +- +- return handle; +-} +- +-ClientData tcl_krb5_get_object(Tcl_Interp *interp, +- char *handle) +-{ +- char *myhandle, *id_ptr; +- Tcl_HashTable *table; +- Tcl_HashEntry *entry; +- +- if (! (myhandle = strdup(handle))) { +- Tcl_SetResult(interp, memory_error, TCL_STATIC); +- return 0; +- } +- +- if (! (id_ptr = index(myhandle, *SEP_STR))) { +- free(myhandle); +- Tcl_ResetResult(interp); +- Tcl_AppendResult(interp, "malformatted handle \"", handle, +- "\"", 0); +- return 0; +- } +- +- *id_ptr = '\0'; +- +- if (! (table = get_hash_table(interp, myhandle))) { +- free(myhandle); +- return 0; +- } +- +- free(myhandle); +- +- if (! (entry = Tcl_FindHashEntry(table, handle))) { +- Tcl_ResetResult(interp); +- Tcl_AppendResult(interp, "no object corresponding to handle \"", +- handle, "\"", 0); +- return 0; +- } +- +- return(Tcl_GetHashValue(entry)); +-} +diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c +deleted file mode 100644 +index 37e49d680..000000000 +--- a/src/kadmin/testing/util/test.c ++++ /dev/null +@@ -1,38 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include "autoconf.h" +-#if HAVE_TCL_H +-#include +-#elif HAVE_TCL_TCL_H +-#include +-#endif +-#include "tcl_kadm5.h" +- +-#define _TCL_MAIN ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 704) +- +-#if _TCL_MAIN +-int +-main(argc, argv) +- int argc; /* Number of command-line arguments. */ +- char **argv; /* Values of command-line arguments. */ +-{ +- Tcl_Main(argc, argv, Tcl_AppInit); +- return 0; /* Needed only to prevent compiler warning. */ +-} +-#else +-/* +- * The following variable is a special hack that allows applications +- * to be linked using the procedure "main" from the Tcl library. The +- * variable generates a reference to "main", which causes main to +- * be brought in from the library (and all of Tcl with it). +- */ +- +-extern int main(); +-int *tclDummyMainPtr = (int *) main; +-#endif +- +-int Tcl_AppInit(Tcl_Interp *interp) +-{ +- Tcl_kadm5_init(interp); +- +- return(TCL_OK); +-} +diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in +index f94c0a7da..3ff71c42b 100644 +--- a/src/lib/kadm5/Makefile.in ++++ b/src/lib/kadm5/Makefile.in +@@ -1,6 +1,6 @@ + mydir=lib$(S)kadm5 + BUILDTOP=$(REL)..$(S).. +-SUBDIRS = clnt srv unit-test ++SUBDIRS = clnt srv + + ##DOSBUILDTOP = ..\.. + +@@ -98,6 +98,7 @@ generate-files-mac-prerecurse: includes + check-windows: + + clean-unix:: clean-libobjs ++ $(RM) t_kadm5clnt t_kadm5srv t_kadm5.o + + clean-windows:: + +diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in +deleted file mode 100644 +index 68fa097ff..000000000 +--- a/src/lib/kadm5/unit-test/Makefile.in ++++ /dev/null +@@ -1,143 +0,0 @@ +-mydir=lib$(S)kadm5$(S)unit-test +-BUILDTOP=$(REL)..$(S)..$(S).. +-KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS) +- +-SRCS= init-test.c destroy-test.c handle-test.c iter-test.c setkey-test.c \ +- randkey-test.c lock-test.c +- +-# +-# The client-side test programs. +-# +- +-init-test: init-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o init-test init-test.o \ +- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +- +-destroy-test: destroy-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o destroy-test destroy-test.o \ +- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +- +-client-handle-test: client-handle-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o client-handle-test client-handle-test.o \ +- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +- +-client-handle-test.o: handle-test.c +- $(CC) $(ALL_CFLAGS) -DCLIENT_TEST -o client-handle-test.o -c $(srcdir)/handle-test.c +- +-client-iter-test: iter-test.o $(KADMLCNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o client-iter-test iter-test.o \ +- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +- +-client-setkey-test: setkey-test.o $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o client-setkey-test setkey-test.o \ +- $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS) +- +-# +-# The server-side test programs. +-# +- +-randkey-test: randkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o randkey-test randkey-test.o \ +- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) +- +-server-handle-test: handle-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o server-handle-test handle-test.o \ +- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) +- +-lock-test: lock-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o lock-test lock-test.o \ +- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) +- +-server-iter-test: iter-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o server-iter-test iter-test.o \ +- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) +- +-server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o server-setkey-test setkey-test.o \ +- $(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS) +- +-runenv.exp: Makefile +- $(RUN_SETUP); for i in $(RUN_VARS); do \ +- eval echo "set env\($$i\) \$$$$i"; done > runenv.exp +- +-# +-# The unit-test targets +-# +- +-check: check-@DO_TEST@ +- +-check-: +- @echo "+++" +- @echo "+++ WARNING: lib/kadm5 unit tests not run." +- @echo "+++ Either tcl, runtest, or Perl is unavailable." +- @echo "+++" +- +-check-ok unit-test: unit-test-client unit-test-server +- +-unit-test-client: unit-test-client-setup unit-test-client-body \ +- unit-test-client-cleanup +- +-unit-test-server: unit-test-server-setup unit-test-server-body \ +- unit-test-server-cleanup +- +-test-randkey: randkey-test +- $(ENV_SETUP) $(VALGRIND) ./randkey-test +- +-test-handle-server: server-handle-test +- $(ENV_SETUP) $(VALGRIND) ./server-handle-test +- +-test-handle-client: client-handle-test +- $(ENV_SETUP) $(VALGRIND) ./client-handle-test +- +-test-noauth: init-test +- $(ENV_SETUP) $(VALGRIND) ./init-test +- +-test-destroy: destroy-test +- $(ENV_SETUP) $(VALGRIND) ./destroy-test +- +-test-setkey-client: client-setkey-test +- $(ENV_SETUP) $(VALGRIND) ./client-setkey-test testkeys admin admin +- +-unit-test-client-setup: runenv.sh +- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS) +- +-unit-test-client-cleanup: +- $(ENV_SETUP) $(STOP_SERVERS) +- +-unit-test-server-setup: runenv.sh +- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS_LOCAL) +- +-unit-test-server-cleanup: +- $(ENV_SETUP) $(STOP_SERVERS_LOCAL) +- +-unit-test-client-body: site.exp test-noauth test-destroy test-handle-client \ +- test-setkey-client runenv.exp +- $(ENV_SETUP) $(RUNTEST) --tool api RPC=1 API=$(CLNTTCL) \ +- KINIT=$(BUILDTOP)/clients/kinit/kinit \ +- KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \ +- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \ +- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \ +- $(RUNTESTFLAGS) +- -mv api.log capi.log +- -mv api.sum capi.sum +- +-unit-test-server-body: site.exp test-handle-server lock-test +- $(ENV_SETUP) $(RUNTEST) --tool api RPC=0 API=$(SRVTCL) \ +- LOCKTEST=./lock-test \ +- KADMIN_LOCAL=$(BUILDTOP)/kadmin/cli/kadmin.local \ +- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)" \ +- $(RUNTESTFLAGS) +- -mv api.log sapi.log +- -mv api.sum sapi.sum +- +-clean: +- $(RM) init-test client_init.o init-test.o +- $(RM) destroy-test destroy-test.o +- $(RM) client-handle-test handle-test.o client-handle-test.o +- $(RM) client-iter-test iter-test.o +- $(RM) randkey-test randkey-test.o +- $(RM) server-handle-test handle-test.o +- $(RM) lock-test lock-test.o +- $(RM) server-iter-test iter-test.o +- $(RM) server-setkey-test client-setkey-test setkey-test.o +- $(RM) *.log *.plog *.sum *.psum unit-test-log.* runenv.exp +diff --git a/src/lib/kadm5/unit-test/api.2/crte-policy.exp b/src/lib/kadm5/unit-test/api.2/crte-policy.exp +deleted file mode 100644 +index 4902ea59f..000000000 +--- a/src/lib/kadm5/unit-test/api.2/crte-policy.exp ++++ /dev/null +@@ -1,927 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-# Description: (1) Fails for mask with undefined bit set. +-# 01/24/94: pshuang: untried. +-test "create-policy 1" +-proc test1 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- 0xF01000 +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test1 +- +-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE. +-test "create-policy 2" +-proc test2 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy"; +- return +- } +-} +-if {$RPC} { test2 } +- +-# Description: (3) Fails for mask without POLICY bit set. +-# 01/24/94: pshuang: untried. +-test "create-policy 3" +-proc test3 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- 0x000000 +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test3 +- +-# Description: (5) Fails for invalid policy name. +-# 01/24/94: pshuang: untried. +-test "create-policy 5" +-proc test5 {} { +- global test +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/"] \ +- {KADM5_POLICY} +- } $test] "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test5 +- +-# Description: (6) Fails for existing policy name. +-test "create-policy 6" +-proc test6 {} { +- global test +-# set prms_id 777 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy test-pol] \ +- {KADM5_POLICY} +- } "DUP" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test6 +- +-# Description: (7) Fails for null policy name. +-# 01/24/94: pshuang: untried. +-test "create-policy 7" +-proc test7 {} { +- global test +-# set prms_id 1977 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy null] \ +- {KADM5_POLICY} +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test7 +- +-# Description: (8) Fails for empty-string policy name. +-test "create-policy 8" +-proc test8 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy ""] \ +- {KADM5_POLICY} +- } "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test8 +- +-# Description: (9) Accepts 0 for pw_min_life. +-test "create-policy 9" +-proc test9 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail "$test: create failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-# Description: (10) Accepts non-zero for pw_min_life. +-test "create-policy 10" +-proc test10 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +-# Description: (11) Accepts 0 for pw_max_life. +-test "create-policy 11" +-proc test11 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-# Description: (12) Accepts non-zero for pw_max_life. +-test "create-policy 12" +-proc test12 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-# Description: (13) Rejects 0 for pw_min_length. +-test "create-policy 13" +-proc test13 {} { +- global test +- global prompt +- +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_LENGTH} +- } $test] "BAD_LENGTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-# Description: (14) Accepts non-zero for pw_min_length. +-test "create-policy 14" +-proc test14 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_LENGTH} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 3\n" +- expect { +- -re "8\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test14 +- +-# Description: (15) Rejects 0 for pw_min_classes. +-test "create-policy 15" +-proc test15 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-# Description: (16) Accepts 1 for pw_min_classes. +-test "create-policy 16" +-proc test16 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-# Description: (17) Accepts 4 for pw_min_classes. +-test "create-policy 17" +-proc test17 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "5\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-# Description: (18) Rejects 5 for pw_min_classes. +-test "create-policy 18" +-proc test18 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test18 +- +-# Description: (19) Rejects 0 for pw_history_num. +-test "create-policy 19" +-proc test19 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test] "BAD_HISTORY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test19 +- +-# Description: (20) Accepts 1 for pw_history_num. +-test "create-policy 20" +-proc test20 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test20 +- +-# Description: (21) Accepts 10 for pw_history_num. +-test "create-policy 21" +-proc test21 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "10\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test21 +- +-# Description: (22) Fails for user with no access bits. +-test "create-policy 22" +-proc test22 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test22 +- +-# Description: (23) Fails for user with "get" but not "add". +-test "create-policy 23" +-proc test23 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test23 +- +-# Description: (24) Fails for user with "modify" but not "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 24" +-proc test24 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test24 +- +-# Description: (25) Fails for user with "delete" but not "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 25" +-proc test25 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test25 +- +-# Description: Succeeds for user with "add". +-test "create-policy 26" +-proc test26 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test26 +- +-# Description: Succeeds for user with "get" and "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 27" +-proc test27 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test27 +- +-# Description: (28) Rejects null policy argument. +-# 01/24/94: pshuang: untried. +-test "create-policy 28" +-proc test28 {} { +- global test +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle null {KADM5_POLICY} +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test28 +- +-test "create-policy 30" +-proc test30 {} { +- global test +- one_line_fail_test [format { +- kadm5_create_policy null [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "BAD_SERVER_HANDLE" +-} +-test30 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.2/get-policy.exp b/src/lib/kadm5/unit-test/api.2/get-policy.exp +deleted file mode 100644 +index 83aef80e8..000000000 +--- a/src/lib/kadm5/unit-test/api.2/get-policy.exp ++++ /dev/null +@@ -1,199 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "get-policy 3" +-proc test3 {} { +- global test +-# set prms_id 744 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test3 +- +-test "get-policy 6" +-proc test6 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test6 +- +-test "get-policy 7" +-proc test7 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test7 +- +-test "get-policy 11" +-proc test11 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-test "get-policy 12" +-proc test12 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get-pol StupidAdmin \ +- $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_2 server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "get-policy 15" +-proc test15 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-test "get-policy 16" +-proc test16 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-test "get-policy 17" +-proc test17 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-test "get-policy 18" +-proc test18 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test18 +- +-test "get-policy 21" +-proc test21 {} { +- global test +- +- one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE" +-} +-test21 +diff --git a/src/lib/kadm5/unit-test/api.2/mod-policy.exp b/src/lib/kadm5/unit-test/api.2/mod-policy.exp +deleted file mode 100644 +index 904edca8a..000000000 +--- a/src/lib/kadm5/unit-test/api.2/mod-policy.exp ++++ /dev/null +@@ -1,675 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "modify-policy 2" +-proc test2 {} { +- global test +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test2 } +- +-test "modify-policy 8" +-proc test8 {} { +- global test +-# set prms_id 744 +-# setup_xfail {*-*-*} $prms_id +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_modify_policy $server_handle [simple_policy ""] \ +- {KADM5_PW_MAX_LIFE} +- } "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test8 +- +-test "modify-policy 9" +-proc test9 {} { +- global test +- global prompt +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-test "modify-policy 10" +-proc test10 {} { +- global test +- global prompt +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0} \ +- {KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +- +-test "modify-policy 11" +-proc test11 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-test "modify-policy 12" +-proc test12 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0} \ +- {KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "modify-policy 13" +-proc test13 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_LENGTH} +- } $test] "BAD_LENGTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-test "modify-policy 14" +-proc test14 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0} \ +- {KADM5_PW_MIN_LENGTH} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 3\n" +- expect { +- -re "8\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test14 +- +-test "modify-policy 15" +-proc test15 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-test "modify-policy 16" +-proc test16 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-test "modify-policy 17" +-proc test17 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "5\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-test "modify-policy 18" +-proc test18 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test18 +- +-test "modify-policy 19" +-proc test19 {} { +- global test +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_HISTORY_NUM} +- } $test] "BAD_HISTORY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test19 +- +-test "modify-policy 20" +-proc test20 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0} \ +- {KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test20 +- +-test "modify-policy 21" +-proc test21 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0} \ +- {KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "10\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test21 +- +-test "modify-policy 22" +-proc test22 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test22 +- +-test "modify-policy 23" +-proc test23 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test23 +- +-test "modify-policy 26" +-proc test26 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test26 +- +-test "modify-policy 30" +-proc test30 {} { +- global test +- +- one_line_fail_test [format { +- kadm5_modify_policy null [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "BAD_SERVER_HANDLE" +-} +-test30 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp +deleted file mode 100644 +index 740425c69..000000000 +--- a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp ++++ /dev/null +@@ -1,68 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "chpass-principal 200" +-proc test200 {} { +- global test prompt +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal "$test/a"]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- # I'd like to specify a long list of keysalt tuples and make sure +- # that chpass does the right thing, but we can only use those +- # enctypes that krbtgt has a key for: the AES enctypes, according to +- # the prototype kdc.conf. +- if {! [cmd [format { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_chpass_principal $server_handle "%s/a" newpassword +- } $test]]} { +- perror "$test: unexpected failure in chpass_principal" +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" p \ +- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} +- } $test]]} { +- perror "$test: unexpected failure in get_principal" +- } +- send "lindex \$p 16\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_keys" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_keys" +- return +- } +- } +- +- # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { +- pass "$test" +- } else { +- fail "$test: $num_keys keys, should be 5" +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test200 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal.exp +deleted file mode 100644 +index 47a19dc20..000000000 +--- a/src/lib/kadm5/unit-test/api.current/chpass-principal.exp ++++ /dev/null +@@ -1,176 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "chpass-principal 180" +-proc test180 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_chpass_principal $server_handle "%s/a" FoobarBax +- } $test] +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test180 } +- +-test "chpass-principal 180.5" +-proc test1805 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_chpass_principal $server_handle "%s/a" FoobarBax +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test1805 } +- +-# +-# admin with changepw service tickets try to change other principals +-# password, fails with AUTH error +-test "chpass-principal 180.625" +-proc test180625 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_chpass_principal $server_handle "%s/a" password +- } $test] "AUTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test180625 } +- +-test "chpass-principal 180.75" +-proc test18075 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_chpass_principal $server_handle "%s/a" Foobar +- } $test] "AUTH_CHANGEPW" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test18075 } +- +-test "chpass-principal 182" +-proc test182 {} { +- global test +- +- if { ! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_chpass_principal $server_handle kadmin/history password +- } "PROTECT" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test182 +- +-test "chpass-principal 183" +-proc test183 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if { ! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_chpass_principal null "%s/a" password +- } $test] "BAD_SERVER_HANDLE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test183 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/crte-policy.exp b/src/lib/kadm5/unit-test/api.current/crte-policy.exp +deleted file mode 100644 +index 7e1eda63f..000000000 +--- a/src/lib/kadm5/unit-test/api.current/crte-policy.exp ++++ /dev/null +@@ -1,927 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-# Description: (1) Fails for mask with undefined bit set. +-# 01/24/94: pshuang: untried. +-test "create-policy 1" +-proc test1 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- 0xF01000 +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test1 +- +-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE. +-test "create-policy 2" +-proc test2 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy"; +- return +- } +-} +-if {$RPC} { test2 } +- +-# Description: (3) Fails for mask without POLICY bit set. +-# 01/24/94: pshuang: untried. +-test "create-policy 3" +-proc test3 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- 0x000000 +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test3 +- +-# Description: (5) Fails for invalid policy name. +-# 01/24/94: pshuang: untried. +-test "create-policy 5" +-proc test5 {} { +- global test +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/"] \ +- {KADM5_POLICY} +- } $test] "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test5 +- +-# Description: (6) Fails for existing policy name. +-test "create-policy 6" +-proc test6 {} { +- global test +-# set prms_id 777 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy test-pol] \ +- {KADM5_POLICY} +- } "DUP" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test6 +- +-# Description: (7) Fails for null policy name. +-# 01/24/94: pshuang: untried. +-test "create-policy 7" +-proc test7 {} { +- global test +-# set prms_id 1977 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy null] \ +- {KADM5_POLICY} +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test7 +- +-# Description: (8) Fails for empty-string policy name. +-test "create-policy 8" +-proc test8 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle [simple_policy ""] \ +- {KADM5_POLICY} +- } "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test8 +- +-# Description: (9) Accepts 0 for pw_min_life. +-test "create-policy 9" +-proc test9 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail "$test: create failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-# Description: (10) Accepts non-zero for pw_min_life. +-test "create-policy 10" +-proc test10 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +-# Description: (11) Accepts 0 for pw_max_life. +-test "create-policy 11" +-proc test11 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-# Description: (12) Accepts non-zero for pw_max_life. +-test "create-policy 12" +-proc test12 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail "$test" +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-# Description: (13) Rejects 0 for pw_min_length. +-test "create-policy 13" +-proc test13 {} { +- global test +- global prompt +- +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_LENGTH} +- } $test] "BAD_LENGTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-# Description: (14) Accepts non-zero for pw_min_length. +-test "create-policy 14" +-proc test14 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_LENGTH} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 3\n" +- expect { +- -re "8\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test14 +- +-# Description: (15) Rejects 0 for pw_min_classes. +-test "create-policy 15" +-proc test15 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-# Description: (16) Accepts 1 for pw_min_classes. +-test "create-policy 16" +-proc test16 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-# Description: (17) Accepts 4 for pw_min_classes. +-test "create-policy 17" +-proc test17 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "5\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-# Description: (18) Rejects 5 for pw_min_classes. +-test "create-policy 18" +-proc test18 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \ +- {KADM5_POLICY KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test18 +- +-# Description: (19) Rejects 0 for pw_history_num. +-test "create-policy 19" +-proc test19 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test] "BAD_HISTORY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test19 +- +-# Description: (20) Accepts 1 for pw_history_num. +-test "create-policy 20" +-proc test20 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retreuve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test20 +- +-# Description: (21) Accepts 10 for pw_history_num. +-test "create-policy 21" +-proc test21 {} { +- global test +- global prompt +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \ +- {KADM5_POLICY KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "10\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test21 +- +-# Description: (22) Fails for user with no access bits. +-test "create-policy 22" +-proc test22 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test22 +- +-# Description: (23) Fails for user with "get" but not "add". +-test "create-policy 23" +-proc test23 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test23 +- +-# Description: (24) Fails for user with "modify" but not "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 24" +-proc test24 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test24 +- +-# Description: (25) Fails for user with "delete" but not "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 25" +-proc test25 {} { +- global test +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test25 +- +-# Description: Succeeds for user with "add". +-test "create-policy 26" +-proc test26 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test26 +- +-# Description: Succeeds for user with "get" and "add". +-# 01/24/94: pshuang: untried. +-test "create-policy 27" +-proc test27 {} { +- global test +- +- if {! (( ! [policy_exists "$test/a"]) || +- [delete_policy "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test27 +- +-# Description: (28) Rejects null policy argument. +-# 01/24/94: pshuang: untried. +-test "create-policy 28" +-proc test28 {} { +- global test +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_policy $server_handle null {KADM5_POLICY} +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test28 +- +-test "create-policy 30" +-proc test30 {} { +- global test +- one_line_fail_test [format { +- kadm5_create_policy null [simple_policy "%s/a"] \ +- {KADM5_POLICY} +- } $test] "BAD_SERVER_HANDLE" +-} +-test30 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/crte-principal.exp b/src/lib/kadm5/unit-test/api.current/crte-principal.exp +deleted file mode 100644 +index d6d6809ec..000000000 +--- a/src/lib/kadm5/unit-test/api.current/crte-principal.exp ++++ /dev/null +@@ -1,1336 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-#test "create-principal 1" +-# +-#proc test1 {} { +-# global test +-# begin_dump +-# one_line_fail_test [format { +-# kadm5_create_principal $server_handle \ +-# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" +-# } $test $test] "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test1 +- +-# v2 create-principal 3 test, to avoid name conflict +-test "create-principal 1" +-proc test1 {} { +- global test +-# set prms_id 777 +-# setup_xfail {*-*-*} $prms_id +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} null +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test1 +- +-test "create-principal 2" +- +-proc test2 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_create_principal $server_handle null \ +- {KADM5_PRINCIPAL} testpass +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test2 +- +-test "create-principal 4" +-proc test4 {} { +- global test +- +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} "" +- } $test] "_Q_TOOSHORT" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test4 +- +-test "create-principal 5" +-proc test5 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle \ +- [simple_principal "%s/a"] {0x100001} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test5 +- +-test "create-principal 6" +-proc test6 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_LAST_PWD_CHANGE} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test6 +- +-test "create-principal 7" +-proc test7 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MOD_TIME} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test7 +- +-test "create-principal 8" +-proc test8 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MOD_NAME} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test8 +- +-test "create-principal 9" +-proc test9 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MKVNO} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test9 +- +-test "create-principal 10" +-proc test10 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_AUX_ATTRIBUTES} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test10 +- +-test "create-principal 11" +-proc test11 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_POLICY_CLR} "%s/a" +- } $test $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test11 +- +-test "create-principal 12" +-proc test12 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +- +-} +-if {$RPC} { test12 } +- +-test "create-principal 13" +-proc test13 {} { +- global test +- begin_dump +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-if {$RPC} { test13 } +- +-test "create-principal 14" +-proc test14 {} { +- global test +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-if {$RPC} { test14 } +- +-test "create-principal 15" +-proc test15 {} { +- global test +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-if {$RPC} { test15 } +- +-test "create-principal 16" +-proc test16 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-if {$RPC} { test16 } +- +-test "create-principal 17" +-proc test17 {} { +- global test +- +- begin_dump +- if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "DUP" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test17 +- +-test "create-principal 18" +-proc test18 {} { +- global test +- +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY} tP +- } $test] "_Q_TOOSHORT" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test18 +- +-test "create-principal 19" +-proc test19 {} { +- global test +- +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY} testpassword +- } $test] "_Q_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test19 +- +-test "create-principal 20" +-proc test20 {} { +- global test +- +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY} Abyssinia +- } $test] "_Q_DICT" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test20 +- +-test "create-principal 21" +-proc test21 {} { +- global test +- +- begin_dump +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" non-existant-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- end_dump_compare "no-diffs" +-} +-test21 +- +-test "create-principal 23" +-proc test23 {} { +- global test +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- one_line_succeed_test \ +- [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test23 +- +-test "create-principal 24" +-proc test24 {} { +- global test +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/rename admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- one_line_succeed_test \ +- [format {kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK} $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test24 } +- +- +-test "create-principal 28" +-proc test28 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return +- } +- send "lindex \$principal 10\n" +- expect { +- -re "test-pol.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test28 +- +-test "create-principal 29" +-proc test29 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL KADM5_PRINC_EXPIRE_TIME} \ +- inTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 1\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test29 +- +-test "create-principal 30" +-proc test30 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ +- NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test30 +- +-test "create-principal 31" +-proc test31 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol-nopw] \ +- {KADM5_PRINCIPAL KADM5_POLICY \ +- KADM5_PW_EXPIRATION} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test31 +- +-test "create-principal 32" +-proc test32 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- [princ_w_pol "%s/a" test-pol] \ +- {KADM5_PRINCIPAL KADM5_POLICY \ +- KADM5_PW_EXPIRATION} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- +- send "lindex \$principal 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { $pw_expire != 0 } { +- fail "$test: pw_expire $pw_expire should be 0" +- return +- } else { +- pass "$test" +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test32 +- +-test "create-principal 33" +-proc test33 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \ +- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ +- NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test33 +- +-test "create-principal 34" +-proc test34 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \ +- {KADM5_PRINCIPAL KADM5_POLICY \ +- KADM5_PW_EXPIRATION} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test34 +- +-test "create-principal 35" +-proc test35 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \ +- {KADM5_PRINCIPAL KADM5_POLICY \ +- KADM5_PW_EXPIRATION} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test35 +- +-test "create-principal 36" +-proc test36 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle \ +- {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \ +- {KADM5_PRINCIPAL KADM5_POLICY \ +- KADM5_PW_EXPIRATION} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy} ]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- +- send "lindex \$principal 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { $pw_expire != 999999999 } { +- fail "$test: pw_expire is wrong" +- return +- } else { +- pass "$test" +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test36 +- +-test "create-principal 37" +-proc test37 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test37 +- +-test "create-principal 38" +-proc test38 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol-nopw] {KADM5_PRINCIPAL KADM5_POLICY} \ +- NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test38 +- +-test "create-principal 39" +-proc test39 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol] {KADM5_PRINCIPAL KADM5_POLICY} \ +- NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if { ! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: cannot not retrieve principal" +- return +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- send "lindex \$principal 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } { +- fail "$test: pw_expire is wrong" +- return +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test39 +- +-test "create-principal 40" +-proc test40 {} { +- global test +- global prompt +- +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL KADM5_PW_EXPIRATION} \ +- NotinTheDictionary +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- fail "$test: can not retrieve principal" +- return; +- } +- send "lindex \$principal 4\n" +- expect { +- -re "0.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test40 +- +-test "create-principal 43" +-proc test43 {} { +- global test +- one_line_fail_test [format { +- kadm5_create_principal null \ +- [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" +- } $test $test] "BAD_SERVER_HANDLE" +-} +-test43 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/destroy.exp b/src/lib/kadm5/unit-test/api.current/destroy.exp +deleted file mode 100644 +index a3e2bfc59..000000000 +--- a/src/lib/kadm5/unit-test/api.current/destroy.exp ++++ /dev/null +@@ -1,203 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "destroy 1" +- +-proc test1 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_destroy $server_handle} +- end_dump_compare "no-diffs" +-} +-test1 +- +-#test "destroy 2" +-# +-#proc test2 {} { +-# global test +-# begin_dump +-# if {! [cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }]} { +-# perror "$test: unexpected failure on init" +-# return +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# return +-# } +-# one_line_fail_test \ +-# {kadm5_get_principal $server_handle admin principal} \ +-# "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test2 +- +-#test "destroy 3" +-#proc test3 {} { +-# global test +-# +-# begin_dump +-# if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { +-# error_and_restart "$test couldn't delete principal \"$test/a\"" +-# return +-# } +-# if {! [cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }]} { +-# perror "$test: unexpected failure on init" +-# return +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# return +-# } +-# one_line_fail_test [format { +-# kadm5_create_principal $server_handle \ +-# [simple_principal "%s/a"] {KADM5_PRINCIPAL} "%s/a" +-# } $test $test] "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test3 +- +-#test "destroy 4" +-#proc test4 {} { +-# global test prompt +-# +-# if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} { +-# error_and_restart "$test: couldn't create principal \"$test/a\"" +-# return +-# } +-# begin_dump +-# if {! ([cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }] && +-# [cmd [format { +-# kadm5_get_principal $server_handle "%s/a" principal +-# } $test]])} { +-# error_and_restart "$test: error getting principal" +-# return; +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# return +-# } +-# one_line_fail_test [format { +-# kadm5_modify_principal $server_handle \ +-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO} +-# } $test "77"] "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test4 +- +-#test "destroy 5" +-# +-#proc test5 {} { +-# global test +-# +-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +-# error_and_restart "$test: couldn't create principal \"$test/a\"" +-# return +-# } +-# begin_dump +-# if {! [cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }]} { +-# perror "$test: unexpected failure on init" +-# return +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# return +-# } +-# one_line_fail_test [format { +-# kadm5_delete_principal $server_handle "%s/a" +-# } $test] "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test5 +- +-#test "destroy 6" +-# +-#proc test6 {} { +-# global test +-# begin_dump +-# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test6 +- +- +-#test "destroy 7" +-# +-#proc test7 {} { +-# global test +-# begin_dump +-# if {! [cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }]} { +-# perror "$test: unexpected failure in init" +-# return +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# } +-# one_line_fail_test {kadm5_destroy $server_handle} "NOT_INIT" +-# end_dump_compare "no-diffs" +-#} +-#test7 +- +-test "destroy 8" +-proc test8 {} { +- global test +- begin_dump +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +- end_dump_compare "no-diffs" +-} +-test8 +- +-test "destroy 9" +-proc test9 {} { +- global test +- one_line_fail_test {kadm5_destroy null} "BAD_SERVER_HANDLE" +-} +-test9 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/dlte-policy.exp b/src/lib/kadm5/unit-test/api.current/dlte-policy.exp +deleted file mode 100644 +index ad2863d0f..000000000 +--- a/src/lib/kadm5/unit-test/api.current/dlte-policy.exp ++++ /dev/null +@@ -1,208 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "delete-policy 2" +-proc test2 {} { +- global test +-# set prms_id 744 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test \ +- {kadm5_delete_policy $server_handle ""} "BAD_POL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test2 +- +-test "delete-policy 5" +-proc test5 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_policy $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if ${RPC} test5 +- +-test "delete-policy 6" +-proc test6 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_policy $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if ${RPC} test6 +- +-test "delete-policy 7" +-proc test7 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_policy $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test7 +- +-test "delete-policy 10" +-proc test10 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_delete_policy $server_handle "%s/a" +- } $test]]} { +- fail "$test" +- return +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- if { [policy_exists "$test/a"]} { +- fail "$test" +- return +- } +-} +-test10 +- +-test "delete-policy 12" +-proc test12 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [princ_w_pol "%s/a" \ +- "%s/a"] {KADM5_PRINCIPAL KADM5_POLICY} \ +- NotinTheDictionary +- } $test $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_delete_policy $server_handle "%s/a" +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "delete-policy 13" +-proc test13 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_policy null "%s/a" +- } $test] "BAD_SERVER_HANDLE" +-} +-test13 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/dlte-principal.exp b/src/lib/kadm5/unit-test/api.current/dlte-principal.exp +deleted file mode 100644 +index 660468534..000000000 +--- a/src/lib/kadm5/unit-test/api.current/dlte-principal.exp ++++ /dev/null +@@ -1,253 +0,0 @@ +-load_lib lib.t +- +-api_exit +-api_start +- +-#test "delete-principal 1" +-#proc test1 {} { +-# global test +-# one_line_fail_test [format { +-# kadm5_delete_principal $server_handle "%s/a" +-# } $test] "NOT_INIT" +-#} +-#test1 +- +-test "delete-principal 2" +-proc test2 {} { +- global test +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test \ +- {kadm5_delete_principal $server_handle null} "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: unexpected failure in destroy" +- return +- } +-} +-test2 +- +-test "delete-principal 5" +-proc test5 {} { +- global test +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "UNK_PRINC" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test5 +- +-test "delete-principal 6" +-proc test6 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" test-pol])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test6 } +- +- +-test "delete-principal 7" +-proc test7 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test7 } +- +- +-test "delete-principal 8" +-proc test8 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test8 } +- +-test "delete-principal 9" +-proc test9 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test9 } +- +-test "delete-principal 10" +-proc test10 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test] "AUTH_DELETE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test10 } +- +-test "delete-principal 11" +-proc test11 {} { +- global test +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_delete_principal $server_handle "%s/a" +- } $test]]} { +- fail "$test: delete failed" +- return; +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- if { [principal_exists "$test/a"] } { +- fail "$test" +- return +- } +-} +-test11 +- +-test "delete-principal 13" +-proc test13 {} { +- global test +- one_line_fail_test [format { +- kadm5_delete_principal null "%s/a" +- } $test] "BAD_SERVER_HANDLE" +-} +-test13 +- +-return "" +- +- +- +- +- +diff --git a/src/lib/kadm5/unit-test/api.current/get-policy.exp b/src/lib/kadm5/unit-test/api.current/get-policy.exp +deleted file mode 100644 +index c15ef0ca2..000000000 +--- a/src/lib/kadm5/unit-test/api.current/get-policy.exp ++++ /dev/null +@@ -1,199 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "get-policy 3" +-proc test3 {} { +- global test +-# set prms_id 744 +-# setup_xfail {*-*-*} $prms_id +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle "" p} "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test3 +- +-test "get-policy 6" +-proc test6 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test6 +- +-test "get-policy 7" +-proc test7 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test7 +- +-test "get-policy 11" +-proc test11 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get-pol StupidAdmin $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-test "get-policy 12" +-proc test12 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get-pol StupidAdmin \ +- $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "get-policy 15" +-proc test15 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/pol StupidAdmin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-test "get-policy 16" +-proc test16 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_policy $server_handle test-pol-nopw p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-test "get-policy 17" +-proc test17 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_policy $server_handle test-pol p} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-test "get-policy 18" +-proc test18 {} { +- global test +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +- "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } test18 +- +-test "get-policy 21" +-proc test21 {} { +- global test +- +- one_line_fail_test {kadm5_get_policy null "pol1" p} "BAD_SERVER_HANDLE" +-} +-test21 +diff --git a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp +deleted file mode 100644 +index 3ea1ba29b..000000000 +--- a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp ++++ /dev/null +@@ -1,250 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "get-principal 100" +-proc test100 {} { +- global test prompt +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd { +- kadm5_get_principal $server_handle testuser p \ +- {KADM5_PRINCIPAL_NORMAL_MASK} +- }]} { +- perror "$test: unexpected failure in get_principal" +- } +- send "lindex \$p 16\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_keys" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_keys" +- return +- } +- } +- send "lindex \$p 17\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_tl" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_tl" +- return +- } +- } +- send "lindex \$p 18\n" +- expect { +- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } +- -re "\n$prompt" { set key_data {} } +- timeout { +- error_and_restart "$test: timeout getting key_data" +- return +- } +- eof { +- error_and_restart "$test: eof getting key_data" +- return +- } +- } +- send "lindex \$p 19\n" +- expect { +- -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) } +- -re "\n$prompt" { set tl_data {} } +- timeout { +- error_and_restart "$test: timeout getting tl_data" +- return +- } +- eof { +- error_and_restart "$test: eof getting tl_data" +- return +- } +- } +- +- set failed 0 +- if {$num_keys != 0} { +- fail "$test: num_keys $num_keys should be 0" +- set failed 1 +- } +- if {$num_tl != 0} { +- fail "$test: num_tl $num_tl should be 0" +- set failed 1 +- } +- if {$key_data != {}} { +- fail "$test: key_data $key_data should be {}" +- set failed 1 +- } +- if {$tl_data != "{}"} { +- fail "$test: tl_data $tl_data should be empty" +- set failed 1 +- } +- if {$failed == 0} { +- pass "$test" +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test100 +- +-proc test101_102 {rpc} { +- global test prompt +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd { +- kadm5_get_principal $server_handle testuser p \ +- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} +- }]} { +- perror "$test: unexpected failure in get_principal" +- } +- send "lindex \$p 16\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_keys" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_keys" +- return +- } +- } +- send "lindex \$p 18\n" +- expect { +- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } +- -re "\n$prompt" { set key_data {} } +- timeout { +- error_and_restart "$test: timeout getting key_data" +- return +- } +- eof { +- error_and_restart "$test: eof getting key_data" +- return +- } +- } +- +- set failed 0 +- if {$num_keys != 5} { +- fail "$test: num_keys $num_keys should be 5" +- set failed 1 +- } +- for {set i 0} {$i < $num_keys} {incr i} { +- set key "[lindex [lindex $key_data $i] 2]" +- if {($rpc && [string compare $key ""] != 0) || +- ((! $rpc) && [string compare $key ""] == 0)} { +- fail "$test: key_data $key is wrong" +- set failed 1 +- +- } +- } +- if {$failed == 0} { pass "$test" } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test "get-principal 101" +-if {$RPC} {test101_102 $RPC} +-test "get-principal 102" +-if {! $RPC} {test101_102 $RPC} +- +-test "get-principal 103" +-proc test103 {} { +- global test prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{999 6 foobar}}" \ +- {KADM5_TL_DATA} +- } $test $test]]} { +- fail "$test: cannot set TL_DATA" +- return +- } +- +- if {! [cmd [format { +- kadm5_get_principal $server_handle {%s/a} p \ +- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA} +- } $test]]} { +- perror "$test: unexpected failure in get_principal" +- } +- send "lindex \$p 17\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_tl $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_tl" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_tl" +- return +- } +- } +- send "lindex \$p 19\n" +- expect { +- -re "({.*})\n$prompt" {set tl_data $expect_out(1,string) } +- -re "\n$prompt" { set tl_data {} } +- timeout { +- error_and_restart "$test: timeout getting tl_data" +- return +- } +- eof { +- error_and_restart "$test: eof getting tl_data" +- return +- } +- } +- +- if {$num_tl == 0} { +- fail "$test: num_tl $num_tl should not be 0" +- } elseif {$tl_data == "{{999 6 foobar}}"} { +- pass "$test" +- } else { +- fail "$test: tl_data $tl_data should be {{999 6 foobar}}" +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test103 +- +-return "" +- +- +- +- +diff --git a/src/lib/kadm5/unit-test/api.current/get-principal.exp b/src/lib/kadm5/unit-test/api.current/get-principal.exp +deleted file mode 100644 +index a33fdfe8c..000000000 +--- a/src/lib/kadm5/unit-test/api.current/get-principal.exp ++++ /dev/null +@@ -1,346 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "get-principal 1" +-proc test1 {} { +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test \ +- {kadm5_get_principal $server_handle null p KADM5_PRINCIPAL_NORMAL_MASK} "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test1 +- +-test "get-principal 2" +-proc test2 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "UNK_PRINC" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test2 +- +-test "get-principal 3" +-proc test3 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test3 } +- +-test "get-principal 4" +-proc test4 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test4 } +- +-test "get-principal 5" +-proc test5 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test5 } +- +-test "get-principal 6" +-proc test6 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test6 } +- +-test "get-principal 7" +-proc test7 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test7 } +- +- +-test "get-principal 8" +-proc test8 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +- } $test] "AUTH_GET" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test8 } +- +- +-test "get-principal 9" +-proc test9 {} { +- global test +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-test "get-principal 10" +-proc test10 {} { +- global test +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +-test "get-principal 11" +-proc test11 {} { +- global test +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-test "get-principal 12" +-proc test12 {} { +- global test +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "get-principal 13" +-proc test13 {} { +- global test +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-test "get-principal 14" +-proc test14 {} { +- global test +- if {! [cmd { +- kadm5_init admin/get-mod admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test {kadm5_get_principal $server_handle admin/add p KADM5_PRINCIPAL_NORMAL_MASK} +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test14 +- +-test "get-principal 15" +-proc test15 {} { +- one_line_fail_test \ +- {kadm5_get_principal null "admin" p KADM5_PRINCIPAL_NORMAL_MASK} "BAD_SERVER_HANDLE" +-} +-test15 +- +-return "" +- +- +- +- +diff --git a/src/lib/kadm5/unit-test/api.current/init-v2.exp b/src/lib/kadm5/unit-test/api.current/init-v2.exp +deleted file mode 100644 +index 47764c212..000000000 +--- a/src/lib/kadm5/unit-test/api.current/init-v2.exp ++++ /dev/null +@@ -1,506 +0,0 @@ +-load_lib lib.t +- +-api_exit +-api_start +- +-proc get_hostname { } { +- global hostname +- +- if {[info exists hostname]} { +- return 1 +- } +- +- catch "exec hostname >myname" exec_output +- if ![string match "" $exec_output] { +- send_log "$exec_output\n" +- verbose $exec_output +- send_error "ERROR: can't get hostname\n" +- return 0 +- } +- set file [open myname r] +- if { [ gets $file hostname ] == -1 } { +- send_error "ERROR: no output from hostname\n" +- return 0 +- } +- close $file +- catch "exec rm -f myname" exec_output +- +- set hostname [string tolower $hostname] +- verbose "hostname: $hostname" +- +- return 1 +-} +- +- +-test "init 101" +-proc test101 {} { +- global test +- global hostname +- +- get_hostname +- tcl_cmd "set hostname $hostname" +- +- # XXX Fix to work with a remote TEST_SERVER. For now, make sure +- # it fails in that case. +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 1751]] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_ADMIN_SERVER KADM5_CONFIG_KADMIND_PORT} [list $hostname 4]] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "RPC_ERROR" +-} +-if {$RPC} test101 +- +-test "init 102" +-proc test102 {} { +- global test +- +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_ADMIN_SERVER} does.not.exist] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "CANT_RESOLVE" +-} +-if {$RPC} test102 +- +-test "init 103" +-proc test103 {} { +- global test +- +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_DBNAME} /does-not-exist] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "ENOENT" +-} +-#if {! $RPC} test103 +-if {! $RPC} { +- send_user "UNTESTED: test103: test needs updating for DAL changes (see MIT RT ticket 3202)\n" +- untested "test103: test needs updating for DAL changes (see MIT RT ticket 3202)" +-} +- +- +-test "init 106" +-proc test106 {} { +- global test prompt +- +- set prompting 0 +- send [string trim { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_MKEY_FROM_KBD} 1] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }] +- send "\n" +- expect { +- -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1} +- -re "\nOK .*$prompt$" { fail "$test: premature success" } +- -re "\nERROR .*$prompt$" { fail "$test: premature failure" } +- timeout { fail "$test: timeout" } +- eof { fail "$test: eof" } +- } +- if {$prompting} { +- one_line_succeed_test mrroot +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if {! $RPC} test106 +- +-test "init 107" +-proc test107 {} { +- global test +- +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_STASH_FILE} /does-not-exist] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "KDB_CANTREAD_STORED" +-} +-if {! $RPC} test107 +- +-test "init 108" +-proc test108 {} { +- global test +- +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_MKEY_NAME} does/not/exist] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "KRB5_KDB_CANTREAD_STORED" +-} +-if {! $RPC} test108 +- +-test "init 109-113" +-proc test109 {} { +- global test prompt +- +- delete_principal "$test/a" +- +- # I'd like to specify flags explicitly and check them, as in the +- # following config_params, but tcl gets mighty confused if I do and +- # I have no idea why. +-# [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_FLAGS KADM5_CONFIG_ENCTYPES} {10 20 30 KRB5_KDB_DISALLOW_TGT_BASED {}} ] +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_MAX_LIFE KADM5_CONFIG_MAX_RLIFE KADM5_CONFIG_EXPIRATION KADM5_CONFIG_ENCTYPES} {10 20 30 {}} ] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- fail "$test: cannot init with max_life" +- return +- } +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test]]} { +- fail "$test: can not create principal" +- return; +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" p \ +- {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} +- } $test]]} { +- fail "$test: can not get principal" +- return; +- } +- send "puts \$p\n" +- expect { +- -re "$prompt" { } +- timeout { +- error_and_restart "$test: timeout getting prompt" +- return +- } +- eof { +- error_and_restart "$test: eof getting prompt" +- return +- } +- } +- send "lindex \$p 4\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting max_life" +- return +- } +- } +- send "lindex \$p 12\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set max_rlife $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting max_rlife" +- return +- } +- eof { +- error_and_restart "$test: eof getting max_rlife" +- return +- } +- } +- send "lindex \$p 1\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set expiration $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting expiration" +- return +- } +- eof { +- error_and_restart "$test: eof getting expiration" +- return +- } +- } +- send "lindex \$p 7\n" +- expect { +- -re "(\[A-Z_\]*)\n$prompt" {set flags $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting flags" +- return +- } +- eof { +- error_and_restart "$test: eof getting flags" +- return +- } +- } +- # This sorta worries me. Since the test is setting ENCTYPES to +- # nothing, the principal has no keys. That means that nothing is +- # printed for the keys in the correct case; but it feels too +- # likely that nothing will be printed in the case of some problem. +- send "lindex \$p 18\n" +- expect { +- -re "({.*})\n$prompt" {set key_data $expect_out(1,string) } +- -re "\n$prompt" { set key_data {} } +- timeout { +- error_and_restart "$test: timeout getting flags" +- return +- } +- eof { +- error_and_restart "$test: eof getting flags" +- return +- } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +- if {$max_life == 10} { +- pass "$test" +- } else { +- fail "$test: $max_life is not 10" +- } +- if {$max_rlife == 20} { +- pass "$test" +- } else { +- fail "$test: $max_rlife is not 20" +- } +- if {$expiration == 30} { +- pass "$test" +- } else { +- fail "$test: $expiration is not 30" +- } +- if {$flags == ""} { +- pass "$test" +- } else { +- fail "$test: flags $flags are wrong" +- } +- if {$key_data == {}} { +- pass "$test" +- } else { +- fail "$test: key_data $key_data is wrong" +- } +-} +-if {! $RPC} test109 +- +-test "init 116" +-proc test116 {} { +- global test +- +- delete_principal "$test/a" +- +- if {! [cmd {kadm5_init admin/get-add admin $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- get_add_handle}]} { +- error_and_restart "$test: couldn't init with admin/get-add" +- } +- +- if {! [cmd {kadm5_init admin/mod-delete admin $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- mod_delete_handle}]} { +- error_and_restart "$test: couldn't init with admin/get-add" +- } +- +- one_line_succeed_test { +- kadm5_get_principal $get_add_handle testuser p \ +- KADM5_PRINCIPAL_NORMAL_MASK +- } +- one_line_succeed_test [format { +- kadm5_create_principal $get_add_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] +- one_line_fail_test { +- kadm5_modify_principal $get_add_handle [simple_principal testuser] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } "AUTH_MODIFY" +- one_line_fail_test { +- kadm5_delete_principal $get_add_handle testuser +- } "AUTH_DELETE" +- +- one_line_fail_test { +- kadm5_get_principal $mod_delete_handle testuser p \ +- KADM5_PRINCIPAL_NORMAL_MASK +- } "AUTH_GET" +- one_line_fail_test [format { +- kadm5_create_principal $mod_delete_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} testpass +- } $test] "AUTH_ADD" +- one_line_succeed_test { +- kadm5_modify_principal $mod_delete_handle [simple_principal testuser] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } +- one_line_succeed_test [format { +- kadm5_delete_principal $mod_delete_handle "%s/a" +- } $test] +- +- if {! [cmd {kadm5_destroy $get_add_handle}]} { +- error_and_restart "$test: couldn't close get_add_handle" +- } +- if {! [cmd {kadm5_destroy $mod_delete_handle}]} { +- error_and_restart "$test: couldn't close mod_delete_handle" +- } +-} +-if {$RPC} test116 +- +-test "init 117" +-proc test117 {} { +- global test env prompt +- +- if {[catch "exec grep max_life $env(KRB5_KDC_PROFILE)"] != 1} { +- warning \ +- "$test: max_life in $env(KRB5_KDC_PROFILE), cannot perform test" +- return +- } +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- fail "$test: unexpected failure in init" +- return +- } +- +- if {! [cmd [format { +- kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} "%s/a" +- } $test $test]]} { +- perror "$test: unexpected failure creating principal" +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_MAX_LIFE +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 4\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting max_life" +- return +- } +- } +- +- if {$max_life == 86400} { +- pass "$test" +- } else { +- fail "$test: max_life $max_life should be 86400" +- } +- +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close server_handle" +- } +-} +-test117 +- +-send "puts \$KADM5_ADMIN_SERVICE\n" +-expect { +- -re "(\[a-zA-Z/@\]+)\n$prompt" { +- set KADM5_ADMIN_SERVICE $expect_out(1,string) +- } +- default { +- error_and_restart "$test: timeout/eof getting admin_service" +- return +- } +-} +- +-send "puts \$KADM5_CHANGEPW_SERVICE\n" +-expect { +- -re "(\[a-zA-Z/@\]+)\n$prompt" { +- set KADM5_CHANGEPW_SERVICE $expect_out(1,string) +- } +- default { +- error_and_restart "$test: timeout/eof getting changepw_service" +- return +- } +-} +- +-test "init 150" +-proc test150 {} { +- global test KADM5_ADMIN_SERVICE +- +- kdestroy +- kinit testuser notathena "-S $KADM5_ADMIN_SERVICE" +- one_line_succeed_test { +- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- kdestroy +-} +-if {$RPC} test150 +- +-test "init 151" +-proc test151 {} { +- global test KADM5_CHANGEPW_SERVICE +- +- kdestroy +- kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE" +- one_line_succeed_test { +- kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- kdestroy +-} +-if {$RPC} test151 +- +-test "init 152" +-proc test152 {} { +- global test KADM5_ADMIN_SERVICE +- +- kdestroy +- one_line_fail_test { +- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "KRB5_FCC_NOFILE" +-} +-if {$RPC} test152 +- +-test "init 153" +-proc test153 {} { +- global test KADM5_ADMIN_SERVICE +- +- kinit testuser notathena +- one_line_fail_test { +- kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "KRB5_CC_NOTFOUND" +-} +-if {$RPC} test153 +- +-test "init 154" +-proc test154 {} { +- global test env +- +- set orig $env(KRB5_KDC_PROFILE) +- set env(KRB5_KDC_PROFILE) /does-not-exist +- api_exit; api_start +- set env(KRB5_KDC_PROFILE) $orig +- +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } "ENOENT" +- +- api_exit; lib_start_api +-} +-if {0 && ! $RPC} test154 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/init.exp b/src/lib/kadm5/unit-test/api.current/init.exp +deleted file mode 100644 +index 8390b9cfa..000000000 +--- a/src/lib/kadm5/unit-test/api.current/init.exp ++++ /dev/null +@@ -1,699 +0,0 @@ +-load_lib lib.t +- +-# Assumptions: +-# +-# Principal "admin" exists, with "get", "add", "modify" and "delete" +-# access bits and password "admin". +-# The string "not-the-password" isn't the password of any user in the database. +-# Database master password is "mrroot". +- +-api_exit +-api_start +-test "init 1" +- +-one_line_fail_test_nochk \ +- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_REALM} {""}] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} +- +-test "init 2" +- +-one_line_fail_test_nochk \ +- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_REALM} {@}] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} +- +-test "init 2.5" +- +-one_line_fail_test_nochk \ +- {kadm5_init admin admin $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_REALM} {BAD.REALM}] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 server_handle} +- +-test "init 3" +- +-proc test3 {} { +- global test +- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- one_line_fail_test_nochk [format { +- kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- } $test] +-} +-if {$RPC} { test3 } +- +-test "init 4" +- +-proc test4 {} { +- global test +- if {! ((! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- +- one_line_fail_test_nochk [format { +- kadm5_init admin admin "%s/a" null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test] +-} +-if {$RPC} { test4 } +- +-test "init 5" +- +-if {$RPC} { +- one_line_fail_test_nochk { +- kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- } +-} +- +-test "init 6" +- +-proc test6 {} { +- global test +- +- send "kadm5_init admin null \$KADM5_ADMIN_SERVICE null \$KADM5_STRUCT_VERSION \$KADM5_API_VERSION_3 server_handle\n" +- +- expect { +- -re "assword\[^\r\n\]*:" { } +- eof { +- fail "$test: eof instead of password prompt" +- api_exit +- api_start +- return +- } +- timeout { +- fail "$test: timeout instead of password prompt" +- return +- } +- } +- one_line_succeed_test "admin" +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if { $RPC } { test6 } +- +-test "init 8" +- +-proc test8 {} { +- global test +- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- one_line_fail_test_nochk [format { +- kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test] +-} +-if {$RPC} { test8 } +- +-test "init 9" +- +-if {$RPC} { +- global test +- one_line_fail_test_nochk { +- kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +-} +- +-test "init 10" +- +-proc test10 {} { +- global test +-# set prms_id 562 +-# setup_xfail {*-*-*} $prms_id +- one_line_fail_test_nochk { +- kadm5_init null admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +-} +-test10 +- +-#test "init 11" +-# +-#proc test11 {} { +-# global test +-# set prms_id 563 +-# setup_xfail {*-*-*} $prms_id +-# one_line_fail_test_nochk { +-# kadm5_init "" admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# } +-#} +-#test11 +- +-test "init 12" +- +-proc test12 {} { +- global test +- one_line_fail_test_nochk [format { +- kadm5_init "%s/a" admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test] +-} +-if {$RPC} { test12 } +- +-test "init 13" +- +-proc test13 {} { +- global test +- one_line_fail_test_nochk [format { +- kadm5_init "%s/a@SECURE-TEST.OV.COM" admin \ +- $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- } $test] +-} +-if {$RPC} { test13 } +- +-test "init 14" +- +-proc test14 {} { +- global test +- one_line_fail_test_nochk [format { +- kadm5_init "%s/a@BAD.REALM" admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test] +-} +-if {$RPC} { test14 } +- +-test "init 15" +- +-if {$RPC} { +- one_line_fail_test_nochk { +- kadm5_init admin@BAD.REALM admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +-} +- +-test "init 16" +- +-proc test16 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test16 +- +-test "init 17" +- +-proc test17 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin@SECURE-TEST.OV.COM admin \ +- $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test17 +- +-test "init 18" +- +-proc test18 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test18 +- +-test "init 19" +- +-proc test19 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin@SECURE-TEST.OV.COM admin \ +- $KADM5_ADMIN_SERVICE \ +- [config_params {KADM5_CONFIG_REALM} {SECURE-TEST.OV.COM}] \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test19 +- +-test "init 20" +- +-proc test20 {} { +- global test +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- error_and_restart "$test: couldn't init database" +- return +- } +- one_line_succeed_test \ +- {kadm5_get_principal $server_handle admin principal KADM5_PRINCIPAL_NORMAL_MASK} +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test20 +- +-#test "init 21" +-# +-#proc test21 {} { +-# global test +-# if {! [cmd { +-# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }]} { +-# error_and_restart "$test: couldn't init database" +-# return +-# } +-# one_line_fail_test_nochk { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# } +-#} +-#test21 +- +- +-# proc test22 {} { +-# global test prompt +-# set prompting 0 +-# send [string trim { +-# kadm5_init admin null null null $KADM5_STRUCT_VERSION \ +-# $KADM5_API_VERSION_3 server_handle +-# }] +-# send "\n" +-# expect { +-# -re ":$" { set prompting 1} +-# -re "\nOK .*$prompt$" { fail "$test: premature success" } +-# -re "\nERROR .*$prompt$" { fail "$test: premature failure" } +-# timeout { fail "$test: timeout" } +-# eof { fail "$test: eof" } +-# } +-# if {$prompting} { +-# one_line_succeed_test mrroot +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# } +-# } +-# if {! $RPC} { test22 } +-# +-# test "init 22.5" +-# proc test225 {} { +-# global test prompt +-# set prompting 0 +-# send [string trim { +-# kadm5_init admin null null null $KADM5_STRUCT_VERSION \ +-# $KADM5_API_VERSION_3 server_handle +-# }] +-# send "\n" +-# expect { +-# -re ":$" { set prompting 1} +-# -re "\nOK .*$prompt$" { fail "$test: premature success" } +-# -re "\nERROR .*$prompt$" { fail "$test: premature failure" } +-# timeout { fail "$test: timeout" } +-# eof { fail "$test: eof" } +-# } +-# if {$prompting} { +-# one_line_succeed_test mrroot +-# } +-# if {! [cmd {kadm5_destroy $server_handle}]} { +-# error_and_restart "$test: couldn't close database" +-# } +-# } +-# if {! $RPC} { test225 } +- +-test "init 23" +- +-proc test23 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin not-the-password $KADM5_ADMIN_SERVICE \ +- null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if {! $RPC} { test23 } +- +-test "init 24" +- +-proc test24 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin admin null null $KADM5_STRUCT_VERSION \ +- $KADM5_API_VERSION_3 server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if {! $RPC} { test24 } +- +-test "init 25" +- +-proc test25 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin admin foobar null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if {! $RPC} { test25 } +- +-test "init 26" +- +-#proc test26 {} { +-# global test +-# +-# api_exit +-# api_start +-# one_line_fail_test_nochk { +-# kadm5_get_principal $server_handle admin principal +-# } +-#} +-#test26 +- +-#test "init 27" +-# +-#proc test27 {} { +-# global test +-# +-# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} { +-# error_and_restart "$test: couldn't delete principal \"$test/a\"" +-# return +-# } +-# begin_dump +-# if {[cmd [format { +-# kadm5_create_principal $server_handle [simple_principal \ +-# "%s/a"] {KADM5_PRINCIPAL} "%s/a" +-# } $test $test]]} { +-# fail "$test: unexpected success in add" +-# return +-# } +-# end_dump_compare "no-diffs" +-#} +-#test27 +- +-#test "init 28" +-# +-#proc test28 {} { +-# global test prompt +-# +-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +-# error_and_restart "$test: couldn't create principal \"$test/a\"" +-# return +-# } +-# begin_dump +-# if {! ([cmd { +-# kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +-# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +-# server_handle +-# }] && [cmd [format { +-# kadm5_get_principal $server_handle "%s/a" principal +-# } $test]])} { +-# error_and_restart "$test: error getting principal" +-# return; +-# } +-# send "lindex \$principal 8\n" +-# expect { +-# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) } +-# timeout { +-# error_and_restart "$test: timeout getting principal kvno" +-# return +-# } +-# eof { +-# error_and_restart "$test: eof getting principal kvno" +-# return +-# } +-# } +-# api_exit +-# api_start +-# set new_kvno [expr "$kvno + 1"] +-# if {[cmd [format { +-# kadm5_modify_principal $server_handle \ +-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {KADM5_KVNO} +-# } $test $new_kvno]]} { +-# fail "$test: unexpected success in modify" +-# return; +-# } +-# end_dump_compare "no-diffs" +-#} +-#test28 +- +-#test "init 29" +-# +-#proc test29 {} { +-# global test +-# +-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +-# error_and_restart "$test: couldn't create principal \"$test/a\"" +-# return +-# } +-# begin_dump +-# if {[cmd [format { +-# kadm5_delete_principal $server_handle "%s/a" +-# } $test]]} { +-# fail "$test: unexpected success in delete" +-# return +-# } +-# end_dump_compare "no-diffs" +-#} +-#test29 +- +-test "init 30" +-proc test30 {} { +- global test +- if {[cmd { +- kadm5_init admin foobar $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- error_and_restart "$test: unexpected success" +- return +- } +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-if ${RPC} { test30 } +- +-test "init 31" +-proc test31 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $bad_struct_version_mask $KADM5_API_VERSION_3 \ +- server_handle +- } "BAD_STRUCT_VERSION" +-} +-test31 +- +-test "init 32" +-proc test32 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $no_struct_version_mask $KADM5_API_VERSION_3 \ +- server_handle +- } "BAD_STRUCT_VERSION" +-} +-test32 +- +-test "init 33" +-proc test33 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $old_struct_version $KADM5_API_VERSION_3 \ +- server_handle +- } "OLD_STRUCT_VERSION" +-} +-test33 +- +-test "init 34" +-proc test34 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $new_struct_version $KADM5_API_VERSION_3 \ +- server_handle +- } "NEW_STRUCT_VERSION" +-} +-test34 +- +-test "init 35" +-proc test35 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $bad_api_version_mask \ +- server_handle +- } "BAD_API_VERSION" +-} +-test35 +- +-test "init 36" +-proc test36 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $no_api_version_mask \ +- server_handle +- } "BAD_API_VERSION" +-} +-test36 +- +-test "init 37" +-proc test37 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $old_api_version \ +- server_handle +- } "OLD_LIB_API_VERSION" +-} +-if { $RPC } test37 +- +-test "init 38" +-proc test38 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $old_api_version \ +- server_handle +- } "OLD_SERVER_API_VERSION" +-} +-if { ! $RPC } test38 +- +-test "init 39" +-proc test39 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $new_api_version \ +- server_handle +- } "NEW_LIB_API_VERSION" +-} +-if { $RPC } test39 +- +-test "init 40" +-proc test40 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $new_api_version \ +- server_handle +- } "NEW_SERVER_API_VERSION" +-} +-if { ! $RPC } test40 +- +-test "init 41" +-proc test41 {} { +- global test +- one_line_fail_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_API_VERSION_3 $KADM5_STRUCT_VERSION \ +- server_handle +- } "BAD_" +-} +-test41 +- +-test "init 42" +-proc test42 {} { +- global test +- one_line_succeed_test { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } +- if {! [cmd {kadm5_destroy $server_handle}]} { +- error_and_restart "$test: couldn't close database" +- } +-} +-test42 +- +- +-proc test45_46 {service} { +- global test kadmin_local env +- +- spawn $kadmin_local -q "delprinc -force $service" +- expect { +- -re "Principal .* deleted." {} +- default { +- perror "kadmin.local delprinc failed\n"; +- } +- } +- expect eof +- wait +- +- one_line_fail_test [concat {kadm5_init admin admin } \ +- $service \ +- { null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle}] "SECURE_PRINC_MISSING" +- +- # this leaves the keytab with an incorrect entry +- spawn $kadmin_local -q "ank -randkey $service" +- expect eof +- wait +- +- # restart the api so it gets a new ccache +- api_exit +- api_start +-} +- +-if {$RPC} { +- test "init 45" +- +- test45_46 kadmin/admin +- +- test "init 46" +- +- test45_46 kadmin/changepw +-} +- +-return "" +- +diff --git a/src/lib/kadm5/unit-test/api.current/mod-policy.exp b/src/lib/kadm5/unit-test/api.current/mod-policy.exp +deleted file mode 100644 +index 1bf00b524..000000000 +--- a/src/lib/kadm5/unit-test/api.current/mod-policy.exp ++++ /dev/null +@@ -1,711 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "modify-policy 2" +-proc test2 {} { +- global test +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test2 } +- +-test "modify-policy 8" +-proc test8 {} { +- global test +-# set prms_id 744 +-# setup_xfail {*-*-*} $prms_id +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_modify_policy $server_handle [simple_policy ""] \ +- {KADM5_PW_MAX_LIFE} +- } "BAD_POLICY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test8 +- +-test "modify-policy 9" +-proc test9 {} { +- global test +- global prompt +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-test "modify-policy 10" +-proc test10 {} { +- global test +- global prompt +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0 0 0 0} \ +- {KADM5_PW_MIN_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 1\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +- +-test "modify-policy 11" +-proc test11 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test11 +- +-test "modify-policy 12" +-proc test12 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0 0 0 0} \ +- {KADM5_PW_MAX_LIFE} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 2\n" +- expect { +- -re "32\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test12 +- +-test "modify-policy 13" +-proc test13 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_LENGTH} +- } $test] "BAD_LENGTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-test "modify-policy 14" +-proc test14 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0 0 0 0} \ +- {KADM5_PW_MIN_LENGTH} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 3\n" +- expect { +- -re "8\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test14 +- +-test "modify-policy 15" +-proc test15 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-test "modify-policy 16" +-proc test16 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test16 +- +-test "modify-policy 17" +-proc test17 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a"])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0 0 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 4\n" +- expect { +- -re "5\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-test "modify-policy 18" +-proc test18 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0 0 0 0} \ +- {KADM5_PW_MIN_CLASSES} +- } $test] "BAD_CLASS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test18 +- +-test "modify-policy 19" +-proc test19 {} { +- global test +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_HISTORY_NUM} +- } $test] "BAD_HISTORY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test19 +- +-test "modify-policy 20" +-proc test20 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0 0 0 0} \ +- {KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "1\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test20 +- +-test "modify-policy 21" +-proc test21 {} { +- global test +- global prompt +- +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0 0 0 0} \ +- {KADM5_PW_HISTORY_NUM} +- } $test]]} { +- fail $test +- return +- } +- if {! [cmd [format { +- kadm5_get_policy $server_handle "%s/a" policy +- } $test]]} { +- fail "$test: can not retrieve policy" +- return +- } +- send "lindex \$policy 5\n" +- expect { +- -re "10\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test21 +- +-test "modify-policy 22" +-proc test22 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test22 +- +-test "modify-policy 23" +-proc test23 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} test23 +- +-test "modify-policy 26" +-proc test26 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test26 +- +-test "modify-policy 30" +-proc test30 {} { +- global test +- +- one_line_fail_test [format { +- kadm5_modify_policy null [simple_policy "%s/a"] \ +- {KADM5_PW_MAX_LIFE} +- } $test] "BAD_SERVER_HANDLE" +-} +-test30 +- +-test "modify-policy 31" +-proc test31 {} { +- global test +- if {! (( [policy_exists "$test/a"]) || +- [create_policy "$test/a" ])} { +- error_and_restart "$test: couldn't create policy \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 0 0 0 2 0 0} \ +- {KADM5_PW_MAX_FAILURE} +- } $test] +- one_line_succeed_test [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 90 0} \ +- {KADM5_PW_FAILURE_COUNT_INTERVAL} +- } $test] +- one_line_succeed_test [format { +- kadm5_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0 0 0 180} \ +- {KADM5_PW_LOCKOUT_DURATION} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test31 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/mod-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/mod-principal-v2.exp +deleted file mode 100644 +index 4abbeb52d..000000000 +--- a/src/lib/kadm5/unit-test/api.current/mod-principal-v2.exp ++++ /dev/null +@@ -1,115 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "modify-principal 100-105" +-proc test100_104 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- +- set origtest "$test" +- +- test "modify-principal 100" +- one_line_succeed_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MAX_RLIFE} +- } $origtest] +- +- test "modify-principal 101" +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_LAST_SUCCESS} +- } $origtest] "BAD_MASK" +- +- test "modify-principal 102" +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_LAST_FAILED} +- } $origtest] "BAD_MASK" +- +-# This is now permitted to reset lockout count +-# test "modify-principal 103" +-# one_line_fail_test [format { +-# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +-# {KADM5_FAIL_AUTH_COUNT} +-# } $origtest] "BAD_MASK" +- +- test "modify-principal 103.5" +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_KEY_DATA} +- } $origtest] "BAD_MASK" +- +- test "modify-principal 105" +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle \ +- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 0 0 0 0 0 1 {} {{1 1 x}}" \ +- {KADM5_TL_DATA} +- } $origtest $origtest] "BAD_TL_TYPE" +- +- test "modify-principal 100,104" +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- "{%s/a} 0 0 0 0 {%s/a} 0 0 0 0 null 0 88 0 0 0 0 1 {} {{990 6 foobar}}" \ +- {KADM5_MAX_RLIFE KADM5_TL_DATA} +- } $origtest $origtest]]} { +- fail "$test: cannot set MAX_RLIFE or TL_DATA" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal {KADM5_PRINCIPAL_NORMAL_MASK KADM5_TL_DATA} +- } $origtest]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 12\n" +- expect { +- -re "(\[0-9\]+)\n$prompt$" {set rlife $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting rlife" +- return +- } +- eof { +- error_and_restart "$test: eof getting rlife" +- return +- } +- } +- send "lindex \$principal 19\n" +- expect { +- -re "\(\{.*\}\)\n$prompt$" {set tl $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting tl_data" +- return +- } +- eof { +- error_and_restart "$test: eof getting tl_data" +- return +- } +- } +- if {($rlife == 88) && ($tl == "{{990 6 foobar}}")} { +- pass "$test" +- } else { +- fail "$test: $rlife should be 88, $tl should be {{990 6 foobar}}" +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test100_104 +diff --git a/src/lib/kadm5/unit-test/api.current/mod-principal.exp b/src/lib/kadm5/unit-test/api.current/mod-principal.exp +deleted file mode 100644 +index ac9f96845..000000000 +--- a/src/lib/kadm5/unit-test/api.current/mod-principal.exp ++++ /dev/null +@@ -1,1606 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-#test "modify-principal 1" +-#proc test1 {} { +-# global test +-# one_line_fail_test [format { +-# kadm5_modify_principal $server_handle [simple_principal \ +-# "%s/a"] {KADM5_PW_EXPIRATION} +-# } $test] "NOT_INIT" +-#} +-#test1 +- +-test "modify-principal 2" +-proc test2 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "AUTH_MODIFY" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test2 } +- +-test "modify-principal 4" +-proc test4 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINCIPAL} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test4 +- +- +-test "modify-principal 5" +-proc test5 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_LAST_PWD_CHANGE} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test5 +- +-test "modify-principal 6" +-proc test6 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MOD_TIME} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test6 +- +-test "modify-principal 7" +-proc test7 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MOD_NAME} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test7 +- +-test "modify-principal 8" +-proc test8 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MKVNO} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test8 +- +-test "modify-principal 9" +-proc test9 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_AUX_ATTRIBUTES} +- } $test] "BAD_MASK" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test9 +- +-test "modify-principal 10" +-proc test10 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "UNK_PRINC" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test10 +- +-test "modify-principal 11" +-proc test11 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "AUTH_MOD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test11 } +- +-test "modify-principal 12" +-proc test12 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "AUTH_MOD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test12 } +- +-test "modify-principal 13" +-proc test13 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "AUTH_MOD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test13 } +- +-test "modify-principal 14" +-proc test14 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] "AUTH_MOD" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test14 } +- +-test "modify-principal 15" +-proc test15 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test15 +- +-test "modify-principal 17" +-proc test17 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- no-policy] {KADM5_POLICY} +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test17 +- +-test "modify-principal 21.5" +-proc test21.5 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if { !( [create_principal_pol "$test/a" "test-pol"])} { +- error_and_restart "$test: could not create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]} { +- perror "$test: unexpected failure on get policy" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol] {KADM5_POLICY} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$old_p1 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting principal kvno (second time)" +- return +- } +- eof { +- error_and_restart "$test: eof getting principal kvno (second time)" +- return +- } +- } +- +- if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} { +- perror "$test: unexpected failure on get policy" +- return +- } +- +- send "lindex \$new_p1 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting principal kvno (second time)" +- return +- } +- eof { +- error_and_restart "$test: eof getting principal kvno (second time)" +- return +- } +- } +- +- if {$old_p1_ref != $new_p1_ref} { +- fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)" +- return +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test21.5 +- +-test "modify-principal 22" +-proc test22 {} { +- global test +- global prompt +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test22 +- +-test "modify-principal 23" +-proc test23 {} { +- global test +- global prompt +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" test-pol-nopw])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test23 +- +-test "modify-principal 24" +-proc test24 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" "test-pol" ])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- error_and_restart "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: could not modify principal" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- if { ! [cmd [format { +- kadm5_get_policy $server_handle %s policy +- } test-pol]]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- send "lindex \$principal 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { $pw_expire != 0 } { +- fail "$test: pw_expire $pw_expire should be 0" +- return +- } else { +- pass "$test" +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test24 +- +-test "modify-principal 25" +-proc test25 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test25 +- +-test "modify-principal 26" +-proc test26 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" "test-pol-nopw" ])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test26 +- +-test "modify-principal 27" +-proc test27 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" "test-pol" ])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "1234\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test27 +- +-test "modify-principal 28" +-proc test28 {} { +- global test +- global prompt +-# set prms_id 1358 +-# setup_xfail {*-*-*} $prms_id +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal_pol "$test/a" "test-pol" ])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- send "lindex \$principal 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { $pw_expire != 999999999 } { +- fail "$test: pw_expire $pw_expire should be 999999999" +- return +- } +- pass "$test" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test28 +- +-test "modify-principal 29" +-proc test29 {} { +- global test +- global prompt +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if { ! ([create_principal_pol "$test/a" test-pol])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_POLICY_CLR} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test29 +- +-test "modify-principal 30" +-proc test30 {} { +- global test +- global prompt +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal_pol "$test/a" test-pol])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol-nopw] {KADM5_POLICY} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 3\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test30 +- +-test "modify-principal 31" +-proc test31 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol] {KADM5_POLICY} +- } $test]]} { +- fail "modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} { +- error_and_restart "$test: cannot retrieve policy" +- return +- } +- send "lindex \$principal 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_mod_date" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_mod_date" +- return +- } +- } +- +- send "lindex \$principal 3\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_expire" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_expire" +- return +- } +- } +- +- send "lindex \$policy 2\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting pw_max_life" +- return +- } +- eof { +- error_and_restart "$test: eof getting pw_max_life" +- return +- } +- } +- if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } { +- fail "$test: pw_expire is wrong" +- return +- } +- +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test31 +- +-test "modify-principal 32" +-proc test32 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 1\n" +- expect { +- -re "1234\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test32 +- +-test "modify-principal 33" +-proc test33 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \ +- {KADM5_ATTRIBUTES} +- } $test]]} { +- fail "$test: modified fail" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 7\n" +- expect { +- -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test33 +- +-test "modify-principal 33.25" +-proc test3325 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \ +- {KADM5_ATTRIBUTES} +- } $test]]} { +- fail "$test: modified fail" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 7\n" +- expect { +- -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test3325 +- +-test "modify-principal 33.5" +-proc test335 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \ +- {KADM5_ATTRIBUTES} +- } $test]]} { +- fail "$test: modified fail" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 7\n" +- expect { +- -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test335 +- +- +-test "modify-principal 34" +-proc test34 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {KADM5_MAX_LIFE} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 4\n" +- expect { +- -re "3456\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test34 +- +-test "modify-principal 35" +-proc test35 {} { +- global prompt +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {KADM5_KVNO} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 8\n" +- expect { +- -re "7\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test35 +- +-test "modify-principal 36" +-proc test36 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if { !( [create_principal_pol "$test/a" "test-pol"])} { +- error_and_restart "$test: could not create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol pol}]} { +- perror "$test: unexpected failure on get policy" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- test-pol] {KADM5_POLICY} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 10\n" +- expect { +- -re "test-pol\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- send "lindex \$pol 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting principal kvno (second time)" +- return +- } +- eof { +- error_and_restart "$test: eof getting principal kvno (second time)" +- return +- } +- } +- if { ! [cmd {kadm5_get_policy $server_handle test-pol pol2}]} { +- perror "$test: unexpected failure on get policy" +- return +- } +- send "lindex \$pol2 6\n" +- expect { +- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting principal kvno (second time)" +- return +- } +- eof { +- error_and_restart "$test: eof getting principal kvno (second time)" +- return +- } +- } +- if { $oldref != $newref } { +- fail "$test: policy reference count is wrong" +- return; +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test36 +- +-test "modify-principal 37" +-proc test37 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if { !( [create_principal "$test/a"])} { +- error_and_restart "$test: could not create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_POLICY_CLR} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test37 +- +-test "modify-principal 38" +-proc test38 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_PRINC_EXPIRE_TIME} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 1\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test38 +- +-test "modify-principal 39" +-proc test39 {} { +- global test +- global prompt +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! ([create_principal "$test/a"])} { +- perror "$test: unexpected failure in creating principal" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +- {KADM5_MAX_LIFE} +- } $test]]} { +- fail "$test: modify failed" +- return +- } +- if {! [cmd [format { +- kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK +- } $test]]} { +- error_and_restart "$test: could not retrieve principal" +- return +- } +- send "lindex \$principal 4\n" +- expect { +- -re "0\n$prompt$" { pass "$test" } +- timeout { fail "$test" } +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test39 +- +-test "modify-principal 40" +-proc test40 {} { +- global test +- global prompt +- +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test { +- kadm5_modify_principal $server_handle null \ +- {KADM5_PRINC_EXPIRE_TIME} +- } "EINVAL" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test40 +- +-test "modify-principal 43" +-proc test43 {} { +- global test +- one_line_fail_test [format { +- kadm5_modify_principal null [simple_principal \ +- "%s/a"] {KADM5_PW_EXPIRATION} +- } $test] "BAD_SERVER_HANDLE" +-} +-test43 +- +-test "modify-principal 44" +-proc test44 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- # setting fail auth count to a non-zero value must fail +- one_line_fail_test [format { +- kadm5_modify_principal $server_handle \ +- {"%s/a" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1234 0 0 {} {}} {KADM5_FAIL_AUTH_COUNT} +- } $test] "BAD_SERVER_PARAMS" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test44 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp +deleted file mode 100644 +index 2925c1c43..000000000 +--- a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp ++++ /dev/null +@@ -1,61 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "randkey-principal 100" +-proc test100 {} { +- global test prompt +- +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal "$test/a"]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- # I'd like to specify a long list of keysalt tuples and make sure that +- # randkey does the right thing, but we can only use those enctypes that +- # krbtgt has a key for: 3DES and AES, according to the prototype kdc.conf. +- if {! [cmd [format { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test]]} { +- perror "$test: unexpected failure in randkey_principal" +- } +- send "puts \$num_keys\n" +- expect { +- -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } +- timeout { +- error_and_restart "$test: timeout getting num_keys" +- return +- } +- eof { +- error_and_restart "$test: eof getting num_keys" +- return +- } +- } +- +- # XXX Perhaps I should actually check the key type returned. +- if {$num_keys == 5} { +- pass "$test" +- } else { +- fail "$test: $num_keys keys, should be 5" +- } +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test100 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal.exp +deleted file mode 100644 +index 1484901fa..000000000 +--- a/src/lib/kadm5/unit-test/api.current/randkey-principal.exp ++++ /dev/null +@@ -1,297 +0,0 @@ +-load_lib lib.t +-api_exit +-api_start +- +-test "randkey-principal 1" +-proc test1 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd [format { +- kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test $test]]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] "PASS_TOOSOON" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test1 } +- +-test "randkey-principal 3" +-proc test3 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd [format { +- kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test $test]]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] "PASS_TOOSOON" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if ${RPC} { test3 } +- +-test "randkey-principal 13" +-proc test13 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- if {! [cmd [format { +- kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \ +- once-a-min] KADM5_POLICY +- } $test]]} { +- perror "$test: failed modify" +- return +- } +- one_line_succeed_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test13 +- +-test "randkey-principal 15" +-proc test15 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal_pol "$test/a" once-a-min]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] "AUTH_CHANGEPW" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if { $RPC } { test15 } +- +-test "randkey-principal 28" +-proc test28 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test28 +- +-test "randkey-principal 28.25" +-proc test2825 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] "AUTH" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-if {$RPC} { test2825 } +- +-test "randkey-principal 28.5" +-proc test285 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [cmd { +- kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test285 +- +-test "randkey-principal 30" +-proc test30 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't delete principal \"$test/a\"" +- return +- } +- if {! [create_principal "$test/a"]} { +- error_and_restart "$test: creating principal" +- return +- } +- if {! [cmd [format { +- kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test $test]]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test30 +- +-test "randkey-principal 31" +-proc test31 {} { +- global test +- if {! (( ! [principal_exists "$test/a"]) || +- [delete_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if {! [create_principal "$test/a"]} { +- error_and_restart "$test: creating principal" +- return +- } +- +- if {! [cmd [format { +- kadm5_init "%s/a" "%s/a" $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- } $test $test]]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_succeed_test [format { +- kadm5_randkey_principal $server_handle "%s/a" keys num_keys +- } $test] +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +-test31 +- +-test "randkey-principal 33" +-proc test33 {} { +- global test +- if {! (( [principal_exists "$test/a"]) || +- [create_principal "$test/a"])} { +- error_and_restart "$test: couldn't create principal \"$test/a\"" +- return +- } +- if { ! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- server_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- one_line_fail_test [format { +- kadm5_randkey_principal null "%s/a" keys num_keys +- } $test] "BAD_SERVER_HANDLE" +- if { ! [cmd {kadm5_destroy $server_handle}]} { +- perror "$test: unexpected failure in destroy" +- return +- } +-} +- +-test33 +- +-return "" +diff --git a/src/lib/kadm5/unit-test/config/unix.exp b/src/lib/kadm5/unit-test/config/unix.exp +deleted file mode 100644 +index d7706ec53..000000000 +--- a/src/lib/kadm5/unit-test/config/unix.exp ++++ /dev/null +@@ -1,222 +0,0 @@ +-source runenv.exp +- +-set prompt "% " +-set stty_init {-onlcr -opost intr \^C kill \^U} +-set kadmin_local $KADMIN_LOCAL +- +-# Backward compatibility until we're using expect 5 everywhere +-if {[info exists exp_version_4]} { +- global wait_error_index wait_errno_index wait_status_index +- set wait_error_index 0 +- set wait_errno_index 1 +- set wait_status_index 1 +-} else { +- set wait_error_index 2 +- set wait_errno_index 3 +- set wait_status_index 3 +-} +- +-if { [string length $VALGRIND] } { +- rename spawn valgrind_aux_spawn +- proc spawn { args } { +- global VALGRIND +- upvar 1 spawn_id spawn_id +- set newargs {} +- set inflags 1 +- set eatnext 0 +- foreach arg $args { +- if { $arg == "-ignore" \ +- || $arg == "-open" \ +- || $arg == "-leaveopen" } { +- lappend newargs $arg +- set eatnext 1 +- continue +- } +- if [string match "-*" $arg] { +- lappend newargs $arg +- continue +- } +- if { $eatnext } { +- set eatnext 0 +- lappend newargs $arg +- continue +- } +- if { $inflags } { +- set inflags 0 +- # Only run valgrind for local programs, not +- # system ones. +-#&&![string match "/bin/sh" $arg] sh is used to start kadmind! +- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] { +- set newargs [concat $newargs $VALGRIND] +- } +- } +- lappend newargs $arg +- } +- set pid [eval valgrind_aux_spawn $newargs] +- return $pid +- } +-} +- +-# Hack around Solaris 9 kernel race condition that causes last output +-# from a pty to get dropped. +-if { $PRIOCNTL_HACK } { +- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]} +- rename spawn oldspawn +- proc spawn { args } { +- upvar 1 spawn_id spawn_id +- set newargs {} +- set inflags 1 +- set eatnext 0 +- foreach arg $args { +- if { $arg == "-ignore" \ +- || $arg == "-open" \ +- || $arg == "-leaveopen" } { +- lappend newargs $arg +- set eatnext 1 +- continue +- } +- if [string match "-*" $arg] { +- lappend newargs $arg +- continue +- } +- if { $eatnext } { +- set eatnext 0 +- lappend newargs $arg +- continue +- } +- if { $inflags } { +- set inflags 0 +- set newargs [concat $newargs {priocntl -e -c FX -p 0}] +- } +- lappend newargs $arg +- } +- set pid [eval oldspawn $newargs] +- return $pid +- } +-} +- +-# Variables for keeping track of api process state +-set api_pid "0" +- +-proc api_exit {} { +- global spawn_id +- global api_pid +- +-# puts stdout "Starting api_exit (spawn_id $spawn_id)." +- catch {close} errMsg +- catch {wait} errMsg +-# puts stdout "Finishing api_exit for $api_pid." +- set api_pid "0" +-} +- +-proc api_isrunning {pid} { +- global api_pid +- +-# puts stdout "testing $pid, api_pid is $api_pid" +- if {$pid == $api_pid} { +- return 1; +- } else { +- return 0; +- } +-} +- +-proc api_version {} { +-} +- +-proc api_start {} { +- global API +- global env +- global spawn_id +- global prompt +- global api_pid +- +- set pid [spawn $API] +- expect { +- -re "$prompt$" {} +- eof { perror "EOF starting API" } +- timeout { perror "Timeout starting API" } +- } +- if {! [info exists env(TCLUTIL)]} { +- perror "TCLUTIL environment variable isn't set" +- } +- # tcl 8.4 for some reason screws up autodetection of output +- # EOL translation. Work around it for now. +- send "if { \[info commands fconfigure\] ne \"\" } { fconfigure stdout -translation lf }\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF starting API" } +- timeout { perror "Timeout starting API" } +- } +- send "source $env(TCLUTIL)\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF starting API" } +- timeout { perror "Timeout starting API" } +- } +- send "set current_struct_version \[expr \$KADM5_STRUCT_VERSION &~ \$KADM5_STRUCT_VERSION_MASK\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set current_api_version \[expr \$KADM5_API_VERSION_3 &~ \$KADM5_API_VERSION_MASK\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set bad_struct_version_mask \[expr 0x65432100 | \$current_struct_version\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set bad_api_version_mask \[expr 0x65432100 | \$current_api_version\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set no_api_version_mask \$current_api_version\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set no_struct_version_mask \$current_struct_version\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set old_api_version \[expr \$KADM5_API_VERSION_MASK | 0x00\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set old_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0x00\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set new_api_version \[expr \$KADM5_API_VERSION_MASK | 0xca\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- send "set new_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0xca\]\n" +- expect { +- -re "$prompt$" {} +- eof { perror "EOF setting API variables"} +- timeout { perror "timeout setting API variables"} +- } +- +- set api_pid $pid +-# puts stdout "Finishing api_start (spawn_id $spawn_id, pid $api_pid)." +- return $pid +-} +-api_start +- +diff --git a/src/lib/kadm5/unit-test/deps b/src/lib/kadm5/unit-test/deps +deleted file mode 100644 +index cf54f475b..000000000 +--- a/src/lib/kadm5/unit-test/deps ++++ /dev/null +@@ -1,86 +0,0 @@ +-# +-# Generated makefile dependencies follow. +-# +-$(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ +- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h init-test.c +-$(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ +- $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ +- $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h destroy-test.c +-$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ +- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \ +- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/plugin.h \ +- handle-test.c +-$(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ +- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h iter-test.c +-$(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ +- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ +- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ +- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ +- $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ +- $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \ +- $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \ +- $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \ +- $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \ +- $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-trace.h \ +- $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \ +- $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/plugin.h \ +- $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \ +- setkey-test.c +-$(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ +- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h randkey-test.c +-$(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \ +- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \ +- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \ +- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \ +- $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \ +- $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \ +- $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \ +- $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \ +- $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \ +- $(top_srcdir)/include/krb5.h lock-test.c +diff --git a/src/lib/kadm5/unit-test/destroy-test.c b/src/lib/kadm5/unit-test/destroy-test.c +deleted file mode 100644 +index 738cfeb86..000000000 +--- a/src/lib/kadm5/unit-test/destroy-test.c ++++ /dev/null +@@ -1,48 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define TEST_NUM 25 +- +-int main() +-{ +- kadm5_ret_t ret; +- char *cp; +- int x; +- void *server_handle; +- kadm5_server_handle_t handle; +- krb5_context context; +- +- ret = kadm5_init_krb5_context(&context); +- if (ret != 0) { +- com_err("test", ret, "context init"); +- exit(2); +- } +- for(x = 0; x < TEST_NUM; x++) { +- ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, 0, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &server_handle); +- if(ret != KADM5_OK) { +- com_err("test", ret, "init"); +- exit(2); +- } +- handle = (kadm5_server_handle_t) server_handle; +- cp = strdup(strchr(handle->cache_name, ':') + 1); +- kadm5_destroy(server_handle); +- if(access(cp, F_OK) == 0) { +- puts("ticket cache not destroyed"); +- exit(2); +- } +- free(cp); +- } +- krb5_free_context(context); +- exit(0); +-} +diff --git a/src/lib/kadm5/unit-test/diff-files/destroy-1 b/src/lib/kadm5/unit-test/diff-files/destroy-1 +deleted file mode 100644 +index 593d67320..000000000 +--- a/src/lib/kadm5/unit-test/diff-files/destroy-1 ++++ /dev/null +@@ -1,2 +0,0 @@ +-##! nochanges +- +diff --git a/src/lib/kadm5/unit-test/diff-files/no-diffs b/src/lib/kadm5/unit-test/diff-files/no-diffs +deleted file mode 100644 +index 593d67320..000000000 +--- a/src/lib/kadm5/unit-test/diff-files/no-diffs ++++ /dev/null +@@ -1,2 +0,0 @@ +-##! nochanges +- +diff --git a/src/lib/kadm5/unit-test/handle-test.c b/src/lib/kadm5/unit-test/handle-test.c +deleted file mode 100644 +index 29bd2c9a1..000000000 +--- a/src/lib/kadm5/unit-test/handle-test.c ++++ /dev/null +@@ -1,140 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#ifdef CLIENT_TEST +-#include +-#else +-#include +-#include +-#endif +- +-int main(int argc, char *argv[]) +-{ +- kadm5_ret_t ret; +- void *server_handle; +- kadm5_server_handle_t handle; +- kadm5_server_handle_rec orig_handle; +- kadm5_policy_ent_rec pol; +- kadm5_principal_ent_t princ; +- kadm5_principal_ent_rec kprinc; +- krb5_keyblock *key; +- krb5_principal tprinc; +- krb5_context context; +- +- +- kadm5_init_krb5_context(&context); +- +- ret = kadm5_init(context, "admin/none", "admin", KADM5_ADMIN_SERVICE, NULL, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &server_handle); +- if(ret != KADM5_OK) { +- com_err("test", ret, "init"); +- exit(2); +- } +- handle = (kadm5_server_handle_t) server_handle; +- orig_handle = *handle; +- handle->magic_number = KADM5_STRUCT_VERSION; +- krb5_parse_name(context, "testuser", &tprinc); +- ret = kadm5_get_principal(server_handle, tprinc, &kprinc, +- KADM5_PRINCIPAL_NORMAL_MASK); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "get-principal", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_get_policy(server_handle, "pol1", &pol); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "get-policy", +- error_message(ret)); +- exit(1); +- } +- +- princ = &kprinc; +- ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass"); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "create-principal", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "create-policy", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "modify-principal", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "modify-policy", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_delete_principal(server_handle, tprinc); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "delete-principal", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_delete_policy(server_handle, "pol1"); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "delete-policy", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar"); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "chpass", +- error_message(ret)); +- exit(1); +- } +- ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "randkey", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_rename_principal(server_handle, tprinc, tprinc); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "rename", +- error_message(ret)); +- exit(1); +- } +- +- ret = kadm5_destroy(server_handle); +- if(ret != KADM5_BAD_SERVER_HANDLE) { +- fprintf(stderr, "%s -- returned -- %s\n", "destroy", +- error_message(ret)); +- exit(1); +- } +- +- *handle = orig_handle; +- ret = kadm5_destroy(server_handle); +- if (ret != KADM5_OK) { +- fprintf(stderr, "valid %s -- returned -- %s\n", "destroy", +- error_message(ret)); +- exit(1); +- } +- +- krb5_free_principal(context, tprinc); +- krb5_free_context(context); +- exit(0); +-} +diff --git a/src/lib/kadm5/unit-test/init-test.c b/src/lib/kadm5/unit-test/init-test.c +deleted file mode 100644 +index 9f06621e8..000000000 +--- a/src/lib/kadm5/unit-test/init-test.c ++++ /dev/null +@@ -1,39 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +-#include +-#include +-#include +- +-int main() +-{ +- kadm5_ret_t ret; +- void *server_handle; +- kadm5_config_params params; +- krb5_context context; +- +- memset(¶ms, 0, sizeof(params)); +- params.mask |= KADM5_CONFIG_NO_AUTH; +- ret = kadm5_init_krb5_context(&context); +- if (ret != 0) { +- com_err("init-test", ret, "while initializing krb5 context"); +- exit(1); +- } +- ret = kadm5_init(context, "admin", "admin", NULL, ¶ms, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &server_handle); +- if (!ret) +- (void)kadm5_destroy(server_handle); +- krb5_free_context(context); +- if (ret == KADM5_RPC_ERROR) { +- exit(0); +- } +- else if (ret != 0) { +- com_err("init-test", ret, "while initializing without auth"); +- exit(1); +- } else { +- fprintf(stderr, "Unexpected success while initializing without auth!\n"); +- exit(1); +- } +-} +diff --git a/src/lib/kadm5/unit-test/iter-test.c b/src/lib/kadm5/unit-test/iter-test.c +deleted file mode 100644 +index cd85ebe4d..000000000 +--- a/src/lib/kadm5/unit-test/iter-test.c ++++ /dev/null +@@ -1,51 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +- +-int main(int argc, char **argv) +-{ +- kadm5_ret_t ret; +- void *server_handle; +- char **names; +- int count, princ, i; +- krb5_context context; +- +- if (argc != 3) { +- fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]); +- exit(1); +- } +- princ = (strcmp(argv[1], "-princ") == 0); +- +- ret = kadm5_init_krb5_context(&context); +- if (ret != KADM5_OK) { +- com_err("iter-test", ret, "while initializing context"); +- exit(1); +- } +- ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &server_handle); +- if (ret != KADM5_OK) { +- com_err("iter-test", ret, "while initializing"); +- exit(1); +- } +- +- if (princ) +- ret = kadm5_get_principals(server_handle, argv[2], &names, &count); +- else +- ret = kadm5_get_policies(server_handle, argv[2], &names, &count); +- +- if (ret != KADM5_OK) { +- com_err("iter-test", ret, "while retrieving list"); +- exit(1); +- } +- +- for (i = 0; i < count; i++) +- printf("%d: %s\n", i, names[i]); +- +- kadm5_free_name_list(server_handle, names, count); +- +- (void) kadm5_destroy(server_handle); +- +- return 0; +-} +diff --git a/src/lib/kadm5/unit-test/lib/lib.t b/src/lib/kadm5/unit-test/lib/lib.t +deleted file mode 100644 +index 3444775cf..000000000 +--- a/src/lib/kadm5/unit-test/lib/lib.t ++++ /dev/null +@@ -1,306 +0,0 @@ +-global timeout +-set timeout 60 +- +-set lib_pid 0 +- +-# +-# The functions in this library used to be responsible for bazillions +-# of wasted api_starts. Now, they all just use their own library +-# handle so they are not interrupted when the main tests call init or +-# destroy. They have to keep track of when the api exists and +-# restarts, though, since the lib_handle needs to be re-opened in that +-# case. +-# +-proc lib_start_api {} { +- global spawn_id lib_pid test +- +- if {! [api_isrunning $lib_pid]} { +- api_exit +- set lib_pid [api_start] +- if {! [cmd { +- kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ +- $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ +- lib_handle +- }]} { +- perror "$test: unexpected failure in init" +- return +- } +- verbose "+++ restarted api ($lib_pid) for lib" +- } else { +- verbose "+++ api $lib_pid already running for lib" +- } +-} +- +-proc cmd {command} { +- global prompt +- global spawn_id +- global test +- +- send "[string trim $command]\n" +- expect { +- -re "OK .*$prompt$" { return 1 } +- -re "ERROR .*$prompt$" { return 0 } +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- timeout { fail "$test: timeout"; return 0 } +- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 } +- } +-} +- +-proc tcl_cmd {command} { +- global prompt spawn_id test +- +- send "[string trim $command]\n" +- expect { +- -re "$prompt$" { return 1} +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- timeout { error_and_restart "timeout" } +- eof { api_exit; lib_start_api; return 0 } +- } +-} +- +-proc one_line_succeed_test {command} { +- global prompt +- global spawn_id +- global test +- +- send "[string trim $command]\n" +- expect { +- -re "OK .*$prompt$" { pass "$test"; return 1 } +- -re "ERROR .*$prompt$" { +- fail "$test: $expect_out(buffer)"; return 0 +- } +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- timeout { fail "$test: timeout"; return 0 } +- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 } +- } +-} +- +-proc one_line_fail_test {command code} { +- global prompt +- global spawn_id +- global test +- +- send "[string trim $command]\n" +- expect { +- -re "ERROR .*$code.*$prompt$" { pass "$test"; return 1 } +- -re "ERROR .*$prompt$" { fail "$test: bad failure"; return 0 } +- -re "OK .*$prompt$" { fail "$test: bad success"; return 0 } +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- timeout { fail "$test: timeout"; return 0 } +- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 } +- } +-} +- +-proc one_line_fail_test_nochk {command} { +- global prompt +- global spawn_id +- global test +- +- send "[string trim $command]\n" +- expect { +- -re "ERROR .*$prompt$" { pass "$test:"; return 1 } +- -re "OK .*$prompt$" { fail "$test: bad success"; return 0 } +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- timeout { fail "$test: timeout"; return 0 } +- eof { fail "$test: eof"; api_exit; lib_start_api; return 0 } +- } +-} +- +-proc resync {} { +- global prompt spawn_id test +- +- expect { +- -re "$prompt$" {} +- "wrong # args" { perror "$test: wrong number args"; return 0 } +- eof { api_exit; lib_start_api } +- } +-} +- +-proc create_principal {name} { +- lib_start_api +- +- set ret [cmd [format { +- kadm5_create_principal $lib_handle [simple_principal \ +- "%s"] {KADM5_PRINCIPAL} "%s" +- } $name $name]] +- +- return $ret +-} +- +-proc create_policy {name} { +- lib_start_api +- +- set ret [cmd [format { +- kadm5_create_policy $lib_handle [simple_policy "%s"] \ +- {KADM5_POLICY} +- } $name $name]] +- +- return $ret +-} +- +-proc create_principal_pol {name policy} { +- lib_start_api +- +- set ret [cmd [format { +- kadm5_create_principal $lib_handle [princ_w_pol "%s" \ +- "%s"] {KADM5_PRINCIPAL KADM5_POLICY} "%s" +- } $name $policy $name]] +- +- return $ret +-} +- +-proc delete_principal {name} { +- lib_start_api +- +- set ret [cmd [format { +- kadm5_delete_principal $lib_handle "%s" +- } $name]] +- +- return $ret +-} +- +-proc delete_policy {name} { +- lib_start_api +- +- set ret [cmd [format {kadm5_delete_policy $lib_handle "%s"} $name]] +- +- return $ret +-} +- +-proc principal_exists {name} { +-# puts stdout "Starting principal_exists." +- +- lib_start_api +- +- set ret [cmd [format { +- kadm5_get_principal $lib_handle "%s" principal \ +- KADM5_PRINCIPAL_NORMAL_MASK +- } $name]] +- +-# puts stdout "Finishing principal_exists." +- +- return $ret +-} +- +-proc policy_exists {name} { +- lib_start_api +- +-# puts stdout "Starting policy_exists." +- +- set ret [cmd [format { +- kadm5_get_policy $lib_handle "%s" policy +- } $name]] +- +-# puts stdout "Finishing policy_exists." +- +- return $ret +-} +- +-proc error_and_restart {error} { +- api_exit +- api_start +- perror $error +-} +- +-proc test {name} { +- global test verbose +- +- set test $name +- if {$verbose >= 1} { +- puts stdout "At $test" +- } +-} +- +-proc begin_dump {} { +- global TOP +- global RPC +- +- if { ! $RPC } { +-# exec $env(SIMPLE_DUMP) > /tmp/dump.before +- } +-} +- +-proc end_dump_compare {name} { +- global file +- global TOP +- global RPC +- +- if { ! $RPC } { +-# set file $TOP/admin/lib/unit-test/diff-files/$name +-# exec $env(SIMPLE_DUMP) > /tmp/dump.after +-# exec $env(COMPARE_DUMP) /tmp/dump.before /tmp/dump.after $file +- } +-} +- +-proc kinit { princ pass {opts ""} } { +- global env; +- global KINIT +- +- eval spawn $KINIT -5 $opts $princ +- expect { +- -re {Password for .*: $} +- {send "$pass\n"} +- timeout {puts "Timeout waiting for prompt" ; close } +- } +- +- # this necessary so close(1) in the child will not sleep waiting for +- # the parent, which is us, to read pending data. +- +- expect { +- "when initializing cache" { perror "kinit failed: $expect_out(buffer)" } +- eof {} +- } +- wait +-} +- +-proc kdestroy {} { +- global KDESTROY +- global errorCode errorInfo +- global env +- +- if {[info exists errorCode]} { +- set saveErrorCode $errorCode +- } +- if {[info exists errorInfo]} { +- set saveErrorInfo $errorInfo +- } +- catch "exec $KDESTROY -5 2>/dev/null" +- if {[info exists saveErrorCode]} { +- set errorCode $saveErrorCode +- } elseif {[info exists errorCode]} { +- unset errorCode +- } +- if {[info exists saveErrorInfo]} { +- set errorInfo $saveErrorInfo +- } elseif {[info exists errorInfo]} { +- unset errorInfo +- } +-} +- +-proc create_principal_with_keysalts {name keysalts} { +- global kadmin_local +- +- spawn $kadmin_local -e "$keysalts" +- expect { +- "kadmin.local:" {} +- default { perror "waiting for kadmin.local prompt"; return 1} +- } +- send "ank -pw \"$name\" \"$name\"\n" +- expect { +- -re "Principal \"$name.*\" created." {} +- "kadmin.local:" { +- perror "expecting principal created message"; +- return 1 +- } +- default { perror "waiting for principal created message"; return 1 } +- } +- expect { +- "kadmin.local:" {} +- default { perror "waiting for kadmin.local prompt"; return 1 } +- } +- close +- wait +- return 0 +-} +- +- +diff --git a/src/lib/kadm5/unit-test/lock-test.c b/src/lib/kadm5/unit-test/lock-test.c +deleted file mode 100644 +index 59f9d2609..000000000 +--- a/src/lib/kadm5/unit-test/lock-test.c ++++ /dev/null +@@ -1,105 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +-#include +-#include +- +-char *whoami; +- +-static void usage() +-{ +- fprintf(stderr, +- "Usage: %s {shared|exclusive|permanent|release|" +- "get name|wait} ...\n", whoami); +- exit(1); +-} +- +-int main(int argc, char **argv) +-{ +- krb5_error_code ret; +- osa_policy_ent_t entry; +- krb5_context context; +- kadm5_config_params params; +- krb5_error_code kret; +- +- whoami = argv[0]; +- +- kret = kadm5_init_krb5_context(&context); +- if (kret) { +- com_err(whoami, kret, "while initializing krb5"); +- exit(1); +- } +- +- params.mask = 0; +- ret = kadm5_get_config_params(context, 1, ¶ms, ¶ms); +- if (ret) { +- com_err(whoami, ret, "while retrieving configuration parameters"); +- exit(1); +- } +- if (! (params.mask & KADM5_CONFIG_ADBNAME)) { +- com_err(whoami, KADM5_BAD_SERVER_PARAMS, +- "while retrieving configuration parameters"); +- exit(1); +- } +- +- ret = krb5_db_open( context, NULL, KRB5_KDB_OPEN_RW); +- if (ret) { +- com_err(whoami, ret, "while opening database"); +- exit(1); +- } +- +- argc--; argv++; +- while (argc) { +- if (strcmp(*argv, "shared") == 0) { +- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_SHARED); +- if (ret) +- com_err(whoami, ret, "while getting shared lock"); +- else +- printf("shared\n"); +- } else if (strcmp(*argv, "exclusive") == 0) { +- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); +- if (ret) +- com_err(whoami, ret, "while getting exclusive lock"); +- else +- printf("exclusive\n"); +- } else if (strcmp(*argv, "permanent") == 0) { +- ret = krb5_db_lock(context, KRB5_DB_LOCKMODE_EXCLUSIVE ); +- if (ret) +- com_err(whoami, ret, "while getting permanent lock"); +- else +- printf("permanent\n"); +- } else if (strcmp(*argv, "release") == 0) { +- ret = krb5_db_unlock(context); +- if (ret) +- com_err(whoami, ret, "while releasing lock"); +- else +- printf("released\n"); +- } else if (strcmp(*argv, "get") == 0) { +- argc--; argv++; +- if (!argc) usage(); +- if ((ret = krb5_db_get_policy(context, *argv, &entry))) { +- com_err(whoami, ret, "while getting policy"); +- } else { +- printf("retrieved\n"); +- krb5_db_free_policy(context, entry); +- } +- } else if (strcmp(*argv, "wait") == 0) { +- getchar(); +- } else { +- fprintf(stderr, "%s: Invalid argument \"%s\"\n", +- whoami, *argv); +- usage(); +- } +- +- argc--; argv++; +- } +- +- ret = krb5_db_fini(context); +- if (ret) { +- com_err(whoami, ret, "while closing database"); +- exit(1); +- } +- +- return 0; +-} +diff --git a/src/lib/kadm5/unit-test/randkey-test.c b/src/lib/kadm5/unit-test/randkey-test.c +deleted file mode 100644 +index dbef88ac8..000000000 +--- a/src/lib/kadm5/unit-test/randkey-test.c ++++ /dev/null +@@ -1,42 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#define TEST_NUM 1000 +- +-int main() +-{ +- kadm5_ret_t ret; +- krb5_keyblock *keys[TEST_NUM]; +- krb5_principal tprinc; +- krb5_keyblock *newkey; +- krb5_context context; +- void *server_handle; +- +- int x, i; +- +- kadm5_init_krb5_context(&context); +- +- krb5_parse_name(context, "testuser", &tprinc); +- ret = kadm5_init(context, "admin", "admin", KADM5_ADMIN_SERVICE, NULL, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &server_handle); +- if(ret != KADM5_OK) { +- com_err("test", ret, "init"); +- exit(2); +- } +- for(x = 0; x < TEST_NUM; x++) { +- kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL); +- for(i = 0; i < x; i++) { +- if (!memcmp(newkey->contents, keys[i]->contents, newkey->length)) +- puts("match found"); +- } +- } +- kadm5_destroy(server_handle); +- exit(0); +-} +diff --git a/src/lib/kadm5/unit-test/setkey-test.c b/src/lib/kadm5/unit-test/setkey-test.c +deleted file mode 100644 +index 8e7df96e9..000000000 +--- a/src/lib/kadm5/unit-test/setkey-test.c ++++ /dev/null +@@ -1,246 +0,0 @@ +-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ +-#include +-#include +- +-#if HAVE_SRAND48 +-#define RAND() lrand48() +-#define SRAND(a) srand48(a) +-#define RAND_TYPE long +-#elif HAVE_SRAND +-#define RAND() rand() +-#define SRAND(a) srand(a) +-#define RAND_TYPE int +-#elif HAVE_SRANDOM +-#define RAND() random() +-#define SRAND(a) srandom(a) +-#define RAND_TYPE long +-#else /* no random */ +-need a random number generator +-#endif /* no random */ +- +-krb5_keyblock test1[] = { +- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0}, +- {-1}, +-}; +-krb5_keyblock test2[] = { +- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0}, +- {-1}, +-}; +-krb5_keyblock test3[] = { +- {0, ENCTYPE_AES128_CTS_HMAC_SHA1_96, 0, 0}, +- {-1}, +-}; +- +-krb5_keyblock *tests[] = { +- test1, test2, test3, NULL +-}; +- +-krb5_data tgtname = { +- 0, +- KRB5_TGS_NAME_SIZE, +- KRB5_TGS_NAME +-}; +- +-krb5_enctype ktypes[] = { 0, 0 }; +- +-extern krb5_kt_ops krb5_ktf_writable_ops; +- +-int +-main(int argc, char **argv) +-{ +- krb5_context context; +- krb5_keytab kt; +- krb5_keytab_entry ktent; +- krb5_encrypt_block eblock; +- krb5_creds my_creds; +- krb5_get_init_creds_opt *opt; +- kadm5_principal_ent_rec princ_ent; +- krb5_principal princ, server; +- char pw[16]; +- char *whoami, *principal, *authprinc, *authpwd; +- krb5_data pwdata; +- void *handle; +- int ret, test, encnum; +- unsigned int i; +- +- whoami = argv[0]; +- +- if (argc < 2 || argc > 4) { +- fprintf(stderr, "Usage: %s principal [authuser] [authpwd]\n", whoami); +- exit(1); +- } +- principal = argv[1]; +- authprinc = (argc > 2) ? argv[2] : argv[0]; +- authpwd = (argc > 3) ? argv[3] : NULL; +- +- /* +- * Setup. Initialize data structures, open keytab, open connection +- * to kadm5 server. +- */ +- +- memset(&context, 0, sizeof(context)); +- kadm5_init_krb5_context(&context); +- +- ret = krb5_parse_name(context, principal, &princ); +- if (ret) { +- com_err(whoami, ret, "while parsing principal name %s", principal); +- exit(1); +- } +- +- if((ret = krb5_build_principal_ext(context, &server, +- krb5_princ_realm(kcontext, princ)->length, +- krb5_princ_realm(kcontext, princ)->data, +- tgtname.length, tgtname.data, +- krb5_princ_realm(kcontext, princ)->length, +- krb5_princ_realm(kcontext, princ)->data, +- 0))) { +- com_err(whoami, ret, "while building server name"); +- exit(1); +- } +- +- ret = krb5_kt_default(context, &kt); +- if (ret) { +- com_err(whoami, ret, "while opening keytab"); +- exit(1); +- } +- +- ret = kadm5_init(context, authprinc, authpwd, KADM5_ADMIN_SERVICE, NULL, +- KADM5_STRUCT_VERSION, KADM5_API_VERSION_4, NULL, +- &handle); +- if (ret) { +- com_err(whoami, ret, "while initializing connection"); +- exit(1); +- } +- +- /* these pw's don't need to be secure, just different every time */ +- SRAND((RAND_TYPE)time((void *) NULL)); +- pwdata.data = pw; +- pwdata.length = sizeof(pw); +- +- /* +- * For each test: +- * +- * For each enctype in the test, construct a random password/key. +- * Assign all keys to principal with kadm5_setkey_principal. Add +- * each key to the keytab, and acquire an initial ticket with the +- * keytab (XXX can I specify the kvno explicitly?). If +- * krb5_get_init_creds_keytab succeeds, then the keys were set +- * successfully. +- */ +- for (test = 0; tests[test] != NULL; test++) { +- krb5_keyblock *testp = tests[test]; +- kadm5_key_data *extracted; +- int n_extracted, match; +- printf("+ Test %d:\n", test); +- +- for (encnum = 0; testp[encnum].magic != -1; encnum++) { +- for (i = 0; i < sizeof(pw); i++) +- pw[i] = (RAND() % 26) + '0'; /* XXX */ +- +- krb5_use_enctype(context, &eblock, testp[encnum].enctype); +- ret = krb5_string_to_key(context, &eblock, &testp[encnum], +- &pwdata, NULL); +- if (ret) { +- com_err(whoami, ret, "while converting string to key"); +- exit(1); +- } +- } +- +- /* now, encnum == # of keyblocks in testp */ +- ret = kadm5_setkey_principal(handle, princ, testp, encnum); +- if (ret) { +- com_err(whoami, ret, "while setting keys"); +- exit(1); +- } +- +- ret = kadm5_get_principal(handle, princ, &princ_ent, KADM5_KVNO); +- if (ret) { +- com_err(whoami, ret, "while retrieving principal"); +- exit(1); +- } +- +- ret = kadm5_get_principal_keys(handle, princ, 0, &extracted, +- &n_extracted); +- if (ret) { +- com_err(whoami, ret, "while extracting keys"); +- exit(1); +- } +- +- for (encnum = 0; testp[encnum].magic != -1; encnum++) { +- printf("+ enctype %d\n", testp[encnum].enctype); +- +- for (match = 0; match < n_extracted; match++) { +- if (extracted[match].key.enctype == testp[encnum].enctype) +- break; +- } +- if (match >= n_extracted) { +- com_err(whoami, KRB5_WRONG_ETYPE, "while matching enctypes"); +- exit(1); +- } +- if (extracted[match].key.length != testp[encnum].length || +- memcmp(extracted[match].key.contents, testp[encnum].contents, +- testp[encnum].length) != 0) { +- com_err(whoami, KRB5_KDB_NO_MATCHING_KEY, "verifying keys"); +- exit(1); +- } +- +- memset(&ktent, 0, sizeof(ktent)); +- ktent.principal = princ; +- ktent.key = testp[encnum]; +- ktent.vno = princ_ent.kvno; +- +- ret = krb5_kt_add_entry(context, kt, &ktent); +- if (ret) { +- com_err(whoami, ret, "while adding keytab entry"); +- exit(1); +- } +- +- memset(&my_creds, 0, sizeof(my_creds)); +- my_creds.client = princ; +- my_creds.server = server; +- +- ktypes[0] = testp[encnum].enctype; +- ret = krb5_get_init_creds_opt_alloc(context, &opt); +- if (ret) { +- com_err(whoami, ret, "while allocating gic opts"); +- exit(1); +- } +- krb5_get_init_creds_opt_set_etype_list(opt, ktypes, 1); +- ret = krb5_get_init_creds_keytab(context, &my_creds, princ, +- kt, 0, NULL /* in_tkt_service */, +- opt); +- krb5_get_init_creds_opt_free(context, opt); +- if (ret) { +- com_err(whoami, ret, "while acquiring initial ticket"); +- exit(1); +- } +- krb5_free_cred_contents(context, &my_creds); +- +- /* since I can't specify enctype explicitly ... */ +- ret = krb5_kt_remove_entry(context, kt, &ktent); +- if (ret) { +- com_err(whoami, ret, "while removing keytab entry"); +- exit(1); +- } +- } +- +- (void)kadm5_free_kadm5_key_data(context, n_extracted, extracted); +- } +- +- ret = krb5_kt_close(context, kt); +- if (ret) { +- com_err(whoami, ret, "while closing keytab"); +- exit(1); +- } +- +- ret = kadm5_destroy(handle); +- if (ret) { +- com_err(whoami, ret, "while closing kadmin connection"); +- exit(1); +- } +- +- krb5_free_principal(context, princ); +- krb5_free_principal(context, server); +- krb5_free_context(context); +- return 0; +-} +diff --git a/src/lib/kadm5/unit-test/site.exp b/src/lib/kadm5/unit-test/site.exp +deleted file mode 100644 +index 7fe397463..000000000 +--- a/src/lib/kadm5/unit-test/site.exp ++++ /dev/null +@@ -1,2 +0,0 @@ +-set tool kadm5_srv_tcl +-set prompt "% " +-- +2.31.1 + diff --git a/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch b/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch index 429cf4d..3c90b97 100644 --- a/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch +++ b/Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch @@ -1,4 +1,4 @@ -From 0a2778833d2f04a29fe9d7122913abe42299044a Mon Sep 17 00:00:00 2001 +From c99ecf1bb49e2fbd0bf30a7b357cf06407b9588a Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Sat, 15 May 2021 18:04:58 -0400 Subject: [PATCH] Remove deprecated OpenSSL calls from softpkcs11 @@ -7,16 +7,17 @@ Rewrite add_pubkey_info() in terms of the EVP_PKEY interface. In this process, fix its unchecked allocations and fail fast for non-RSA keys. (cherry picked from commit d6bf42279675100e3e4fe7c6e08eef74d49624cb) +(cherry picked from commit 5072bfdfaddae762680d0f9d97afa6dbf8274760) --- src/configure.ac | 1 + src/tests/softpkcs11/main.c | 106 ++++++++++++++++++++++++------------ 2 files changed, 72 insertions(+), 35 deletions(-) diff --git a/src/configure.ac b/src/configure.ac -index ea708491b..477819091 100644 +index 3e1052db7..eb6307468 100644 --- a/src/configure.ac +++ b/src/configure.ac -@@ -1118,6 +1118,7 @@ int i = 1; +@@ -1114,6 +1114,7 @@ int i = 1; ])], k5_cv_openssl_version_okay=yes, k5_cv_openssl_version_okay=no)]) old_LIBS="$LIBS" AC_CHECK_LIB(crypto, PKCS7_get_signer_info) diff --git a/Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch b/Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch new file mode 100644 index 0000000..927b506 --- /dev/null +++ b/Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch @@ -0,0 +1,482 @@ +From 21e3b9a4463f1d1aeb71de8a27c298f1307d186b Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 4 Oct 2019 14:49:29 -0400 +Subject: [PATCH] Use OpenSSL's KBKDF and KRB5KDF for deriving long-term keys + +If supported, use OpenSSL-provided KBKDF (aes-sha2 and camellia) and +KRB5KDF (3des and aes-sha1). We already use OpenSSL's PBKDF2 where +appropriate. OpenSSL added support for these KDFs in 3.0. + +(cherry picked from commit ef8d11f6fb1232201c9efd2ae2ed567023fb85d2) +[rharwood@redhat.com: 3des removal] +--- + src/lib/crypto/krb/derive.c | 409 ++++++++++++++++++++++++++++-------- + 1 file changed, 324 insertions(+), 85 deletions(-) + +diff --git a/src/lib/crypto/krb/derive.c b/src/lib/crypto/krb/derive.c +index 6707a7308..8e474b38e 100644 +--- a/src/lib/crypto/krb/derive.c ++++ b/src/lib/crypto/krb/derive.c +@@ -27,6 +27,12 @@ + + #include "crypto_int.h" + ++#ifdef HAVE_EVP_KDF_FETCH ++#include ++#include ++#include ++#endif ++ + static krb5_key + find_cached_dkey(struct derived_key *list, const krb5_data *constant) + { +@@ -77,55 +83,251 @@ cleanup: + return ENOMEM; + } + ++#ifdef HAVE_EVP_KDF_FETCH + static krb5_error_code +-derive_random_rfc3961(const struct krb5_enc_provider *enc, +- krb5_key inkey, krb5_data *outrnd, +- const krb5_data *in_constant) ++openssl_kbdkf_counter_hmac(const struct krb5_hash_provider *hash, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *label, const krb5_data *context) + { +- size_t blocksize, keybytes, n; + krb5_error_code ret; +- krb5_data block = empty_data(); ++ EVP_KDF *kdf = NULL; ++ EVP_KDF_CTX *kctx = NULL; ++ OSSL_PARAM params[6]; ++ size_t i = 0; ++ char *digest; + +- blocksize = enc->block_size; +- keybytes = enc->keybytes; ++ /* On NULL hash, preserve default behavior for pbkdf2_string_to_key(). */ ++ if (hash == NULL || !strcmp(hash->hash_name, "SHA1")) { ++ digest = "SHA1"; ++ } else if (!strcmp(hash->hash_name, "SHA-256")) { ++ digest = "SHA256"; ++ } else if (!strcmp(hash->hash_name, "SHA-384")) { ++ digest = "SHA384"; ++ } else { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } + +- if (blocksize == 1) +- return KRB5_BAD_ENCTYPE; +- if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) ++ kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); ++ if (!kdf) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ kctx = EVP_KDF_CTX_new(kdf); ++ if (!kctx) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, ++ digest, 0); ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, ++ "HMAC", 0); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, ++ inkey->keyblock.contents, ++ inkey->keyblock.length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, ++ context->data, ++ context->length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, ++ label->data, ++ label->length); ++ params[i] = OSSL_PARAM_construct_end(); ++ if (EVP_KDF_derive(kctx, (unsigned char *)outrnd->data, outrnd->length, ++ params) <= 0) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_free(kdf); ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++static krb5_error_code ++openssl_kbkdf_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++ krb5_error_code ret; ++ EVP_KDF *kdf = NULL; ++ EVP_KDF_CTX *kctx = NULL; ++ OSSL_PARAM params[7]; ++ size_t i = 0; ++ char *cipher; ++ static unsigned char zeroes[16]; ++ ++ memset(zeroes, 0, sizeof(zeroes)); ++ ++ if (!memcmp(enc, &krb5int_enc_camellia128, sizeof(*enc))) { ++ cipher = "CAMELLIA-128-CBC"; ++ } else if (!memcmp(enc, &krb5int_enc_camellia256, sizeof(*enc))) { ++ cipher = "CAMELLIA-256-CBC"; ++ } else { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); ++ if (!kdf) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ kctx = EVP_KDF_CTX_new(kdf); ++ if (!kctx) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, ++ "FEEDBACK", 0); ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, ++ "CMAC", 0); ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, ++ cipher, 0); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, ++ inkey->keyblock.contents, ++ inkey->keyblock.length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, ++ in_constant->data, ++ in_constant->length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, ++ zeroes, sizeof(zeroes)); ++ params[i] = OSSL_PARAM_construct_end(); ++ if (EVP_KDF_derive(kctx, (unsigned char *)outrnd->data, outrnd->length, ++ params) <= 0) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_free(kdf); ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++static krb5_error_code ++openssl_krb5kdf(const struct krb5_enc_provider *enc, krb5_key inkey, ++ krb5_data *outrnd, const krb5_data *in_constant) ++{ ++ krb5_error_code ret; ++ EVP_KDF *kdf = NULL; ++ EVP_KDF_CTX *kctx = NULL; ++ OSSL_PARAM params[4]; ++ size_t i = 0; ++ char *cipher; ++ ++ if (inkey->keyblock.length != enc->keylength || ++ outrnd->length != enc->keybytes) { ++ return KRB5_CRYPTO_INTERNAL; ++ } ++ ++ if (!memcmp(enc, &krb5int_enc_aes128, sizeof(*enc))) { ++ cipher = "AES-128-CBC"; ++ } else if (!memcmp(enc, &krb5int_enc_aes256, sizeof(*enc))) { ++ cipher = "AES-256-CBC"; ++ } else { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); ++ if (kdf == NULL) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ kctx = EVP_KDF_CTX_new(kdf); ++ if (kctx == NULL) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, ++ cipher, 0); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, ++ inkey->keyblock.contents, ++ inkey->keyblock.length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, ++ in_constant->data, ++ in_constant->length); ++ params[i] = OSSL_PARAM_construct_end(); ++ if (EVP_KDF_derive(kctx, (unsigned char *)outrnd->data, outrnd->length, ++ params) <= 0) { ++ ret = KRB5_CRYPTO_INTERNAL; ++ goto done; ++ } ++ ++ ret = 0; ++done: ++ if (ret) ++ zap(outrnd->data, outrnd->length); ++ EVP_KDF_free(kdf); ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++ ++#else /* HAVE_EVP_KDF_FETCH */ ++ ++/* ++ * NIST SP800-108 KDF in counter mode (section 5.1). ++ * Parameters: ++ * - HMAC (with hash as the hash provider) is the PRF. ++ * - A block counter of four bytes is used. ++ * - Four bytes are used to encode the output length in the PRF input. ++ * ++ * There are no uses requiring more than a single PRF invocation. ++ */ ++static krb5_error_code ++builtin_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *label, ++ const krb5_data *context) ++{ ++ krb5_crypto_iov iov[5]; ++ krb5_error_code ret; ++ krb5_data prf; ++ unsigned char ibuf[4], lbuf[4]; ++ ++ if (hash == NULL || outrnd->length > hash->hashsize) + return KRB5_CRYPTO_INTERNAL; + + /* Allocate encryption data buffer. */ +- ret = alloc_data(&block, blocksize); ++ ret = alloc_data(&prf, hash->hashsize); + if (ret) + return ret; + +- /* Initialize the input block. */ +- if (in_constant->length == blocksize) { +- memcpy(block.data, in_constant->data, blocksize); +- } else { +- krb5int_nfold(in_constant->length * 8, +- (unsigned char *) in_constant->data, +- blocksize * 8, (unsigned char *) block.data); +- } ++ /* [i]2: four-byte big-endian binary string giving the block counter (1) */ ++ iov[0].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[0].data = make_data(ibuf, sizeof(ibuf)); ++ store_32_be(1, ibuf); ++ /* Label */ ++ iov[1].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[1].data = *label; ++ /* 0x00: separator byte */ ++ iov[2].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[2].data = make_data("", 1); ++ /* Context */ ++ iov[3].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[3].data = *context; ++ /* [L]2: four-byte big-endian binary string giving the output length */ ++ iov[4].flags = KRB5_CRYPTO_TYPE_DATA; ++ iov[4].data = make_data(lbuf, sizeof(lbuf)); ++ store_32_be(outrnd->length * 8, lbuf); + +- /* Loop encrypting the blocks until enough key bytes are generated. */ +- n = 0; +- while (n < keybytes) { +- ret = encrypt_block(enc, inkey, &block); +- if (ret) +- goto cleanup; +- +- if ((keybytes - n) <= blocksize) { +- memcpy(outrnd->data + n, block.data, (keybytes - n)); +- break; +- } +- +- memcpy(outrnd->data + n, block.data, blocksize); +- n += blocksize; +- } +- +-cleanup: +- zapfree(block.data, blocksize); ++ ret = krb5int_hmac(hash, inkey, iov, 5, &prf); ++ if (!ret) ++ memcpy(outrnd->data, prf.data, outrnd->length); ++ zapfree(prf.data, prf.length); + return ret; + } + +@@ -139,9 +341,9 @@ cleanup: + * - Four bytes are used to encode the output length in the PRF input. + */ + static krb5_error_code +-derive_random_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, +- krb5_key inkey, krb5_data *outrnd, +- const krb5_data *in_constant) ++builtin_sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) + { + size_t blocksize, keybytes, n; + krb5_crypto_iov iov[6]; +@@ -204,56 +406,94 @@ cleanup: + return ret; + } + +-/* +- * NIST SP800-108 KDF in counter mode (section 5.1). +- * Parameters: +- * - HMAC (with hash as the hash provider) is the PRF. +- * - A block counter of four bytes is used. +- * - Four bytes are used to encode the output length in the PRF input. +- * +- * There are no uses requiring more than a single PRF invocation. +- */ ++static krb5_error_code ++builtin_derive_random_rfc3961(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++ size_t blocksize, keybytes, n; ++ krb5_error_code ret; ++ krb5_data block = empty_data(); ++ ++ blocksize = enc->block_size; ++ keybytes = enc->keybytes; ++ ++ if (blocksize == 1) ++ return KRB5_BAD_ENCTYPE; ++ if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes) ++ return KRB5_CRYPTO_INTERNAL; ++ ++ /* Allocate encryption data buffer. */ ++ ret = alloc_data(&block, blocksize); ++ if (ret) ++ return ret; ++ ++ /* Initialize the input block. */ ++ if (in_constant->length == blocksize) { ++ memcpy(block.data, in_constant->data, blocksize); ++ } else { ++ krb5int_nfold(in_constant->length * 8, ++ (unsigned char *) in_constant->data, ++ blocksize * 8, (unsigned char *) block.data); ++ } ++ ++ /* Loop encrypting the blocks until enough key bytes are generated. */ ++ n = 0; ++ while (n < keybytes) { ++ ret = encrypt_block(enc, inkey, &block); ++ if (ret) ++ goto cleanup; ++ ++ if ((keybytes - n) <= blocksize) { ++ memcpy(outrnd->data + n, block.data, (keybytes - n)); ++ break; ++ } ++ ++ memcpy(outrnd->data + n, block.data, blocksize); ++ n += blocksize; ++ } ++ ++cleanup: ++ zapfree(block.data, blocksize); ++ return ret; ++} ++#endif /* HAVE_EVP_KDF_FETCH */ ++ + krb5_error_code + k5_sp800_108_counter_hmac(const struct krb5_hash_provider *hash, + krb5_key inkey, krb5_data *outrnd, + const krb5_data *label, const krb5_data *context) + { +- krb5_crypto_iov iov[5]; +- krb5_error_code ret; +- krb5_data prf; +- unsigned char ibuf[4], lbuf[4]; ++#ifdef HAVE_EVP_KDF_FETCH ++ return openssl_kbdkf_counter_hmac(hash, inkey, outrnd, label, context); ++#else ++ return builtin_sp800_108_counter_hmac(hash, inkey, outrnd, label, ++ context); ++#endif ++} + +- if (hash == NULL || outrnd->length > hash->hashsize) +- return KRB5_CRYPTO_INTERNAL; ++static krb5_error_code ++sp800_108_feedback_cmac(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++#ifdef HAVE_EVP_KDF_FETCH ++ return openssl_kbkdf_feedback_cmac(enc, inkey, outrnd, in_constant); ++#else ++ return builtin_sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); ++#endif ++} + +- /* Allocate encryption data buffer. */ +- ret = alloc_data(&prf, hash->hashsize); +- if (ret) +- return ret; +- +- /* [i]2: four-byte big-endian binary string giving the block counter (1) */ +- iov[0].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[0].data = make_data(ibuf, sizeof(ibuf)); +- store_32_be(1, ibuf); +- /* Label */ +- iov[1].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[1].data = *label; +- /* 0x00: separator byte */ +- iov[2].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[2].data = make_data("", 1); +- /* Context */ +- iov[3].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[3].data = *context; +- /* [L]2: four-byte big-endian binary string giving the output length */ +- iov[4].flags = KRB5_CRYPTO_TYPE_DATA; +- iov[4].data = make_data(lbuf, sizeof(lbuf)); +- store_32_be(outrnd->length * 8, lbuf); +- +- ret = krb5int_hmac(hash, inkey, iov, 5, &prf); +- if (!ret) +- memcpy(outrnd->data, prf.data, outrnd->length); +- zapfree(prf.data, prf.length); +- return ret; ++static krb5_error_code ++derive_random_rfc3961(const struct krb5_enc_provider *enc, ++ krb5_key inkey, krb5_data *outrnd, ++ const krb5_data *in_constant) ++{ ++#ifdef HAVE_EVP_KDF_FETCH ++ return openssl_krb5kdf(enc, inkey, outrnd, in_constant); ++#else ++ return builtin_derive_random_rfc3961(enc, inkey, outrnd, in_constant); ++#endif + } + + krb5_error_code +@@ -268,8 +508,7 @@ krb5int_derive_random(const struct krb5_enc_provider *enc, + case DERIVE_RFC3961: + return derive_random_rfc3961(enc, inkey, outrnd, in_constant); + case DERIVE_SP800_108_CMAC: +- return derive_random_sp800_108_feedback_cmac(enc, inkey, outrnd, +- in_constant); ++ return sp800_108_feedback_cmac(enc, inkey, outrnd, in_constant); + case DERIVE_SP800_108_HMAC: + return k5_sp800_108_counter_hmac(hash, inkey, outrnd, in_constant, + &empty); diff --git a/Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch b/Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch new file mode 100644 index 0000000..0a9cde1 --- /dev/null +++ b/Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch @@ -0,0 +1,408 @@ +From 8bbb492f2be1418e1e4bb2cf197414810dac9589 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood +Date: Fri, 20 Sep 2019 17:20:59 -0400 +Subject: [PATCH] Use OpenSSL's SSKDF in PKINIT when available + +Starting in 3.0, OpenSSL implements SSKDF, which is the basis of our +id-pkinit-kdf (RFC 8636). Factor out common setup code around +other_info. Adjust code to comply to existing style. + +(cherry picked from commit 4376a22e41fb639be31daf81275a332d3f930996) +--- + .../preauth/pkinit/pkinit_crypto_openssl.c | 294 +++++++++++------- + 1 file changed, 181 insertions(+), 113 deletions(-) + +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index e1153344e..350c2118a 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -38,6 +38,12 @@ + #include + #include + ++#ifdef HAVE_EVP_KDF_FETCH ++#include ++#include ++#include ++#endif ++ + static krb5_error_code pkinit_init_pkinit_oids(pkinit_plg_crypto_context ); + static void pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ); + +@@ -2294,15 +2300,16 @@ cleanup: + } + + +-/** ++/* + * Given an algorithm_identifier, this function returns the hash length + * and EVP function associated with that algorithm. ++ * ++ * RFC 8636 defines a SHA384 variant, but we don't use it. + */ + static krb5_error_code +-pkinit_alg_values(krb5_context context, +- const krb5_data *alg_id, +- size_t *hash_bytes, +- const EVP_MD *(**func)(void)) ++pkinit_alg_values(krb5_context context, const krb5_data *alg_id, ++ size_t *hash_bytes, const EVP_MD *(**func)(void), ++ char **hash_name) + { + *hash_bytes = 0; + *func = NULL; +@@ -2311,18 +2318,21 @@ pkinit_alg_values(krb5_context context, + krb5_pkinit_sha1_oid_len))) { + *hash_bytes = 20; + *func = &EVP_sha1; ++ *hash_name = strdup("SHA1"); + return 0; + } else if ((alg_id->length == krb5_pkinit_sha256_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha256_oid, + krb5_pkinit_sha256_oid_len))) { + *hash_bytes = 32; + *func = &EVP_sha256; ++ *hash_name = strdup("SHA256"); + return 0; + } else if ((alg_id->length == krb5_pkinit_sha512_oid_len) && + (0 == memcmp(alg_id->data, krb5_pkinit_sha512_oid, + krb5_pkinit_sha512_oid_len))) { + *hash_bytes = 64; + *func = &EVP_sha512; ++ *hash_name = strdup("SHA512"); + return 0; + } else { + krb5_set_error_message(context, KRB5_ERR_BAD_S2K_PARAMS, +@@ -2331,11 +2341,60 @@ pkinit_alg_values(krb5_context context, + } + } /* pkinit_alg_values() */ + ++#ifdef HAVE_EVP_KDF_FETCH ++static krb5_error_code ++openssl_sskdf(krb5_context context, size_t hash_bytes, krb5_data *key, ++ krb5_data *info, char *out, size_t out_len, char *digest) ++{ ++ krb5_error_code ret; ++ EVP_KDF *kdf = NULL; ++ EVP_KDF_CTX *kctx = NULL; ++ OSSL_PARAM params[4]; ++ size_t i = 0; + +-/* pkinit_alg_agility_kdf() -- +- * This function generates a key using the KDF described in +- * draft_ietf_krb_wg_pkinit_alg_agility-04.txt. The algorithm is +- * described as follows: ++ if (digest == NULL) { ++ ret = oerr(context, ENOMEM, ++ _("Failed to allocate space for digest algorithm name")); ++ goto done; ++ } ++ ++ kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); ++ if (kdf == NULL) { ++ ret = oerr(context, KRB5_CRYPTO_INTERNAL, _("Failed to fetch SSKDF")); ++ goto done; ++ } ++ ++ kctx = EVP_KDF_CTX_new(kdf); ++ if (!kctx) { ++ ret = oerr(context, KRB5_CRYPTO_INTERNAL, ++ _("Failed to instantiate SSKDF")); ++ goto done; ++ } ++ ++ params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, ++ digest, 0); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, ++ key->data, key->length); ++ params[i++] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, ++ info->data, info->length); ++ params[i] = OSSL_PARAM_construct_end(); ++ if (EVP_KDF_derive(kctx, (unsigned char *)out, out_len, params) <= 0) { ++ ret = oerr(context, KRB5_CRYPTO_INTERNAL, ++ _("Failed to derive key using SSKDF")); ++ goto done; ++ } ++ ++ ret = 0; ++done: ++ EVP_KDF_free(kdf); ++ EVP_KDF_CTX_free(kctx); ++ return ret; ++} ++#else ++/* ++ * Generate a key using the KDF described in RFC 8636, also known as SSKDF ++ * (single-step kdf). Our caller precomputes `reps`, but otherwise the ++ * algorithm is as follows: + * + * 1. reps = keydatalen (K) / hash length (H) + * +@@ -2349,95 +2408,16 @@ pkinit_alg_values(krb5_context context, + * + * 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. + */ +-krb5_error_code +-pkinit_alg_agility_kdf(krb5_context context, +- krb5_data *secret, +- krb5_data *alg_oid, +- krb5_const_principal party_u_info, +- krb5_const_principal party_v_info, +- krb5_enctype enctype, +- krb5_data *as_req, +- krb5_data *pk_as_rep, +- krb5_keyblock *key_block) ++static krb5_error_code ++builtin_sskdf(krb5_context context, unsigned int reps, size_t hash_len, ++ const EVP_MD *(*EVP_func)(void), krb5_data *secret, ++ krb5_data *other_info, char *out, size_t out_len) + { +- krb5_error_code retval = 0; ++ krb5_error_code ret = 0; + +- unsigned int reps = 0; +- uint32_t counter = 1; /* Does this type work on Windows? */ ++ uint32_t counter = 1; + size_t offset = 0; +- size_t hash_len = 0; +- size_t rand_len = 0; +- size_t key_len = 0; +- krb5_data random_data; +- krb5_sp80056a_other_info other_info_fields; +- krb5_pkinit_supp_pub_info supp_pub_info_fields; +- krb5_data *other_info = NULL; +- krb5_data *supp_pub_info = NULL; +- krb5_algorithm_identifier alg_id; + EVP_MD_CTX *ctx = NULL; +- const EVP_MD *(*EVP_func)(void); +- +- /* initialize random_data here to make clean-up safe */ +- random_data.length = 0; +- random_data.data = NULL; +- +- /* allocate and initialize the key block */ +- key_block->magic = 0; +- key_block->enctype = enctype; +- if (0 != (retval = krb5_c_keylengths(context, enctype, &rand_len, +- &key_len))) +- goto cleanup; +- +- random_data.length = rand_len; +- key_block->length = key_len; +- +- if (NULL == (key_block->contents = malloc(key_block->length))) { +- retval = ENOMEM; +- goto cleanup; +- } +- +- memset (key_block->contents, 0, key_block->length); +- +- /* If this is anonymous pkinit, use the anonymous principle for party_u_info */ +- if (party_u_info && krb5_principal_compare_any_realm(context, party_u_info, +- krb5_anonymous_principal())) +- party_u_info = (krb5_principal)krb5_anonymous_principal(); +- +- if (0 != (retval = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func))) +- goto cleanup; +- +- /* 1. reps = keydatalen (K) / hash length (H) */ +- reps = key_block->length/hash_len; +- +- /* ... and round up, if necessary */ +- if (key_block->length > (reps * hash_len)) +- reps++; +- +- /* Allocate enough space in the random data buffer to hash directly into +- * it, even if the last hash will make it bigger than the key length. */ +- if (NULL == (random_data.data = malloc(reps * hash_len))) { +- retval = ENOMEM; +- goto cleanup; +- } +- +- /* Encode the ASN.1 octet string for "SuppPubInfo" */ +- supp_pub_info_fields.enctype = enctype; +- supp_pub_info_fields.as_req = *as_req; +- supp_pub_info_fields.pk_as_rep = *pk_as_rep; +- if (0 != ((retval = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, +- &supp_pub_info)))) +- goto cleanup; +- +- /* Now encode the ASN.1 octet string for "OtherInfo" */ +- memset(&alg_id, 0, sizeof alg_id); +- alg_id.algorithm = *alg_oid; /*alias*/ +- +- other_info_fields.algorithm_identifier = alg_id; +- other_info_fields.party_u_info = (krb5_principal) party_u_info; +- other_info_fields.party_v_info = (krb5_principal) party_v_info; +- other_info_fields.supp_pub_info = *supp_pub_info; +- if (0 != (retval = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info))) +- goto cleanup; + + /* 2. Initialize a 32-bit, big-endian bit string counter as 1. + * 3. For i = 1 to reps by 1, do the following: +@@ -2450,7 +2430,7 @@ pkinit_alg_agility_kdf(krb5_context context, + + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { +- retval = KRB5_CRYPTO_INTERNAL; ++ ret = KRB5_CRYPTO_INTERNAL; + goto cleanup; + } + +@@ -2458,7 +2438,7 @@ pkinit_alg_agility_kdf(krb5_context context, + if (!EVP_DigestInit(ctx, EVP_func())) { + krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, + "Call to OpenSSL EVP_DigestInit() returned an error."); +- retval = KRB5_CRYPTO_INTERNAL; ++ ret = KRB5_CRYPTO_INTERNAL; + goto cleanup; + } + +@@ -2467,15 +2447,16 @@ pkinit_alg_agility_kdf(krb5_context context, + !EVP_DigestUpdate(ctx, other_info->data, other_info->length)) { + krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, + "Call to OpenSSL EVP_DigestUpdate() returned an error."); +- retval = KRB5_CRYPTO_INTERNAL; ++ ret = KRB5_CRYPTO_INTERNAL; + goto cleanup; + } + +- /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K bytes. */ +- if (!EVP_DigestFinal(ctx, (uint8_t *)random_data.data + offset, &s)) { ++ /* 4. Set key = Hash1 || Hash2 || ... so that length of key is K ++ * bytes. */ ++ if (!EVP_DigestFinal(ctx, (unsigned char *)out + offset, &s)) { + krb5_set_error_message(context, KRB5_CRYPTO_INTERNAL, + "Call to OpenSSL EVP_DigestUpdate() returned an error."); +- retval = KRB5_CRYPTO_INTERNAL; ++ ret = KRB5_CRYPTO_INTERNAL; + goto cleanup; + } + offset += s; +@@ -2484,26 +2465,113 @@ pkinit_alg_agility_kdf(krb5_context context, + EVP_MD_CTX_free(ctx); + ctx = NULL; + } +- +- retval = krb5_c_random_to_key(context, enctype, &random_data, +- key_block); +- + cleanup: + EVP_MD_CTX_free(ctx); ++ return ret; ++} /* builtin_sskdf() */ ++#endif /* HAVE_EVP_KDF_FETCH */ + +- /* If this has been an error, free the allocated key_block, if any */ +- if (retval) { +- krb5_free_keyblock_contents(context, key_block); ++/* id-pkinit-kdf family, as specified by RFC 8636. */ ++krb5_error_code ++pkinit_alg_agility_kdf(krb5_context context, krb5_data *secret, ++ krb5_data *alg_oid, krb5_const_principal party_u_info, ++ krb5_const_principal party_v_info, ++ krb5_enctype enctype, krb5_data *as_req, ++ krb5_data *pk_as_rep, krb5_keyblock *key_block) ++{ ++ krb5_error_code ret; ++ size_t hash_len = 0, rand_len = 0, key_len = 0; ++ const EVP_MD *(*EVP_func)(void); ++ krb5_sp80056a_other_info other_info_fields; ++ krb5_pkinit_supp_pub_info supp_pub_info_fields; ++ krb5_data *other_info = NULL, *supp_pub_info = NULL; ++ krb5_data random_data = empty_data(); ++ krb5_algorithm_identifier alg_id; ++ unsigned int reps; ++ char *hash_name = NULL; ++ ++ /* Allocate and initialize the key block. */ ++ key_block->magic = 0; ++ key_block->enctype = enctype; ++ ++ /* Use separate variables to avoid alignment restriction problems. */ ++ ret = krb5_c_keylengths(context, enctype, &rand_len, &key_len); ++ if (ret) ++ goto cleanup; ++ random_data.length = rand_len; ++ key_block->length = key_len; ++ ++ key_block->contents = k5calloc(key_block->length, 1, &ret); ++ if (key_block->contents == NULL) ++ goto cleanup; ++ ++ /* If this is anonymous pkinit, use the anonymous principle for ++ * party_u_info. */ ++ if (party_u_info && ++ krb5_principal_compare_any_realm(context, party_u_info, ++ krb5_anonymous_principal())) { ++ party_u_info = (krb5_principal)krb5_anonymous_principal(); + } + +- /* free other allocated resources, either way */ +- if (random_data.data) +- free(random_data.data); ++ ret = pkinit_alg_values(context, alg_oid, &hash_len, &EVP_func, ++ &hash_name); ++ if (ret) ++ goto cleanup; ++ ++ /* 1. reps = keydatalen (K) / hash length (H) */ ++ reps = key_block->length / hash_len; ++ ++ /* ... and round up, if necessary. */ ++ if (key_block->length > (reps * hash_len)) ++ reps++; ++ ++ /* Allocate enough space in the random data buffer to hash directly into ++ * it, even if the last hash will make it bigger than the key length. */ ++ random_data.data = k5alloc(reps * hash_len, &ret); ++ if (random_data.data == NULL) ++ goto cleanup; ++ ++ /* Encode the ASN.1 octet string for "SuppPubInfo". */ ++ supp_pub_info_fields.enctype = enctype; ++ supp_pub_info_fields.as_req = *as_req; ++ supp_pub_info_fields.pk_as_rep = *pk_as_rep; ++ ret = encode_krb5_pkinit_supp_pub_info(&supp_pub_info_fields, ++ &supp_pub_info); ++ if (ret) ++ goto cleanup; ++ ++ /* Now encode the ASN.1 octet string for "OtherInfo". */ ++ memset(&alg_id, 0, sizeof(alg_id)); ++ alg_id.algorithm = *alg_oid; ++ other_info_fields.algorithm_identifier = alg_id; ++ other_info_fields.party_u_info = (krb5_principal)party_u_info; ++ other_info_fields.party_v_info = (krb5_principal)party_v_info; ++ other_info_fields.supp_pub_info = *supp_pub_info; ++ ret = encode_krb5_sp80056a_other_info(&other_info_fields, &other_info); ++ if (ret) ++ goto cleanup; ++ ++#ifdef HAVE_EVP_KDF_FETCH ++ ret = openssl_sskdf(context, hash_len, secret, other_info, ++ random_data.data, key_block->length, hash_name); ++#else ++ ret = builtin_sskdf(context, reps, hash_len, EVP_func, secret, ++ other_info, random_data.data, key_block->length); ++#endif ++ if (ret) ++ goto cleanup; ++ ++ ret = krb5_c_random_to_key(context, enctype, &random_data, key_block); ++cleanup: ++ if (ret) ++ krb5_free_keyblock_contents(context, key_block); ++ ++ free(hash_name); ++ zapfree(random_data.data, random_data.length); + krb5_free_data(context, other_info); + krb5_free_data(context, supp_pub_info); +- +- return retval; +-} /*pkinit_alg_agility_kdf() */ ++ return ret; ++} + + /* Call DH_compute_key() and ensure that we left-pad short results instead of + * leaving junk bytes at the end of the buffer. */ diff --git a/downstream-Remove-3des-support.patch b/downstream-Remove-3des-support.patch index 9c29cdd..3d351eb 100644 --- a/downstream-Remove-3des-support.patch +++ b/downstream-Remove-3des-support.patch @@ -9,6 +9,12 @@ to user other enctypes. Mark the 3DES enctypes UNSUPPORTED and retain their constants. Last-updated: 1.19-beta1 +[antorres@redhat.com: remove diffs for: + - src/kdamin/testing/proto/kdc.conf.proto + - src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp + - src/lib/kadm5/unit-test/api.current/get-principal-v2.exp + - src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp + since they were removed by Remove-TCL-based-libkadm5-API-tests.patch] --- doc/admin/advanced/retiring-des.rst | 11 + doc/admin/conf_files/kdc_conf.rst | 7 +- @@ -350,19 +356,6 @@ index db80063eb..63e67a2ba 100644 #define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f /**< RFC 3962. Used with ENCTYPE_AES128_CTS_HMAC_SHA1_96 */ #define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010 /**< RFC 3962. Used with -diff --git a/src/kadmin/testing/proto/kdc.conf.proto b/src/kadmin/testing/proto/kdc.conf.proto -index 8a4b87de1..d7f1d076b 100644 ---- a/src/kadmin/testing/proto/kdc.conf.proto -+++ b/src/kadmin/testing/proto/kdc.conf.proto -@@ -11,6 +11,6 @@ - dict_file = __K5ROOT__/ovsec_adm.dict - kadmind_port = 1751 - kpasswd_port = 1752 -- master_key_type = des3-hmac-sha1 -- supported_enctypes = des3-hmac-sha1:normal aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal -+ master_key_type = aes256-cts -+ supported_enctypes = aes256-cts:normal aes128-cts:normal aes256-sha2:normal aes128-sha2:normal - } diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 60f30c4f4..c65375aef 100644 --- a/src/kdc/kdc_util.c @@ -5575,55 +5568,6 @@ index 84f194988..32150f5e3 100644 case ENCTYPE_ARCFOUR_HMAC: case ENCTYPE_ARCFOUR_HMAC_EXP: /* RFC 4121 accidentally omits RC4-HMAC-EXP as a "not-newer" enctype, -diff --git a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp -index 740425c69..6b45f5f72 100644 ---- a/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp -+++ b/src/lib/kadm5/unit-test/api.current/chpass-principal-v2.exp -@@ -53,10 +53,10 @@ proc test200 {} { - } - - # XXX Perhaps I should actually check the key type returned. -- if {$num_keys == 5} { -+ if {$num_keys == 4} { - pass "$test" - } else { -- fail "$test: $num_keys keys, should be 5" -+ fail "$test: $num_keys keys, should be 4" - } - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" -diff --git a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp -index 3ea1ba29b..d2c6d1afa 100644 ---- a/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp -+++ b/src/lib/kadm5/unit-test/api.current/get-principal-v2.exp -@@ -143,8 +143,8 @@ proc test101_102 {rpc} { - } - - set failed 0 -- if {$num_keys != 5} { -- fail "$test: num_keys $num_keys should be 5" -+ if {$num_keys != 4} { -+ fail "$test: num_keys $num_keys should be 4" - set failed 1 - } - for {set i 0} {$i < $num_keys} {incr i} { -diff --git a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp -index 2925c1c43..2f76c8b43 100644 ---- a/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp -+++ b/src/lib/kadm5/unit-test/api.current/randkey-principal-v2.exp -@@ -46,10 +46,10 @@ proc test100 {} { - } - - # XXX Perhaps I should actually check the key type returned. -- if {$num_keys == 5} { -+ if {$num_keys == 4} { - pass "$test" - } else { -- fail "$test: $num_keys keys, should be 5" -+ fail "$test: $num_keys keys, should be 4" - } - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index aa35baa3c..bfa99d9eb 100644 --- a/src/lib/krb5/krb/init_ctx.c diff --git a/krb5.spec b/krb5.spec index 82c7d8a..41b4341 100644 --- a/krb5.spec +++ b/krb5.spec @@ -42,7 +42,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.19.2 -Release: %{?zdpd}3%{?dist}.1 +Release: %{?zdpd}4%{?dist} # rharwood has trust path to signing key and verifies on check-in Source0: https://web.mit.edu/kerberos/dist/krb5/%{version}/krb5-%{version}%{?dashpre}.tar.gz @@ -68,7 +68,6 @@ Patch1: downstream-SELinux-integration.patch Patch3: downstream-netlib-and-dns.patch Patch4: downstream-fix-debuginfo-with-y.tab.c.patch Patch5: downstream-Remove-3des-support.patch -Patch6: downstream-Use-backported-version-of-OpenSSL-3-KDF-i.patch Patch7: downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch Patch8: Add-APIs-for-marshalling-credentials.patch Patch9: Add-hostname-canonicalization-helper-to-k5test.py.patch @@ -90,6 +89,11 @@ Patch25: Clean-up-context-after-failed-open-in-libkdb5.patch Patch26: Use-asan-in-one-of-the-CI-builds.patch Patch29: Clean-up-gssapi_krb5-ccache-name-functions.patch Patch30: Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch +Patch32: Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch +Patch33: Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch +Patch34: Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch +Patch35: Handle-OpenSSL-3-s-providers.patch +Patch36: Remove-TCL-based-libkadm5-API-tests.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -118,11 +122,11 @@ BuildRequires: net-tools, rpcbind BuildRequires: hostname BuildRequires: iproute BuildRequires: python3-pyrad +BuildRequires: procps-ng %endif -# Need KDFs. This is the backported version -BuildRequires: openssl-devel >= 1:1.1.1d-4 -BuildRequires: openssl-devel < 1:3.0.0 +# Need KDFs. This is the "real" version +BuildRequires: openssl-devel => 1:3.0.0 %description Kerberos V5 is a trusted-third-party network authentication system, @@ -148,7 +152,7 @@ to install this package. %package libs Summary: The non-admin shared libraries used by Kerberos 5 -Requires: openssl-libs >= 1:1.1.1d-4 +Requires: openssl-libs >= 1:3.0.0 Requires: coreutils, gawk, grep, sed Requires: keyutils-libs >= 1.5.8 Requires: /etc/crypto-policies/back-ends/krb5.config @@ -248,10 +252,7 @@ popd # Mess with some of the default ports that we use for testing, so that multiple # builds going on the same host don't step on each other. -cfg="src/kadmin/testing/proto/kdc.conf.proto \ - src/kadmin/testing/proto/krb5.conf.proto \ - src/lib/kadm5/unit-test/api.current/init-v2.exp \ - src/util/k5test.py" +cfg="src/util/k5test.py" LONG_BIT=`getconf LONG_BIT` PORT=`expr 61000 + $LONG_BIT - 48` sed -i -e s,61000,`expr "$PORT" + 0`,g $cfg @@ -647,6 +648,10 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog +* Fri Dec 3 2021 Antonio Torres - 1.19.2-4 +- Add patches to support OpenSLL 3.0.0 +- Remove TCL-based libkadm5 API tests + * Tue Sep 14 2021 Sahana Prasad - 1.19.2-3.1 - Rebuilt with OpenSSL 3.0.0