diff -bwru krb5-20021108-virgin/src/kadmin/cli/kadmin.c krb5-20021108-um/src/kadmin/cli/kadmin.c --- krb5-20021108-virgin/src/kadmin/cli/kadmin.c Wed Nov 6 03:00:30 2002 +++ krb5-20021108-um/src/kadmin/cli/kadmin.c Sat Feb 8 09:36:32 2003 @@ -37,6 +37,9 @@ #include /* #include */ #include +#if defined(RPCSEC_GSS) +#include +#endif #include "kadmin.h" /* special struct to convert flag names for principals @@ -181,6 +184,9 @@ char *password = NULL; char *luser, *canon, *cp; int optchar, freeprinc = 0, use_keytab = 0; +#if defined(RPCSEC_GSS) + char service_principal[256]; +#endif struct passwd *pw; kadm5_ret_t retval; krb5_ccache cc; @@ -390,11 +396,32 @@ } } +#if 0 /* I don't know why this is here? */ retval = krb5_klog_init(context, "admin_server", whoami, 0); if (retval) { com_err(whoami, retval, "while setting up logging"); exit(1); } +#endif + +#if defined(RPCSEC_GSS) + { + /* + * Determine the service principal name to use. The original MIT + * code used KADM5_ADMIN_SERVICE while the Sun SEAM server chose + * to use 'kadmin/' + */ + + if ( kadm5_get_admin_service_name(context, def_realm, + &service_principal[0], + sizeof(service_principal)) ) { + fprintf(stderr, "%s: error getting admin server hostname for realm %s\n", + whoami, def_realm); + exit(1); + } + } +#endif + /* * Initialize the kadm5 connection. If we were given a ccache, @@ -404,7 +431,11 @@ printf("Authenticating as principal %s with existing credentials.\n", princstr); retval = kadm5_init_with_creds(princstr, cc, +#if defined(RPCSEC_GSS) + service_principal, +#else KADM5_ADMIN_SERVICE, +#endif ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, @@ -417,7 +448,11 @@ printf("Authenticating as principal %s with default keytab.\n", princstr); retval = kadm5_init_with_skey(princstr, keytab_name, +#if defined(RPCSEC_GSS) + service_principal, +#else KADM5_ADMIN_SERVICE, +#endif ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, @@ -426,7 +461,11 @@ printf("Authenticating as principal %s with password.\n", princstr); retval = kadm5_init_with_password(princstr, password, +#if defined(RPCSEC_GSS) + service_principal, +#else KADM5_ADMIN_SERVICE, +#endif ¶ms, KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, diff -bwru krb5-20021108-virgin/src/kadmin/dbutil/kadm5_create.c krb5-20021108-um/src/kadmin/dbutil/kadm5_create.c --- krb5-20021108-virgin/src/kadmin/dbutil/kadm5_create.c Tue Jul 17 03:01:19 2001 +++ krb5-20021108-um/src/kadmin/dbutil/kadm5_create.c Thu Feb 6 13:37:49 2003 @@ -173,6 +173,28 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm) { krb5_error_code ret = 0; + char service_name[MAXHOSTNAMELEN + 8]; + char localname[MAXHOSTNAMELEN]; + struct hostent *hp; + + if (gethostname(localname, MAXHOSTNAMELEN)) { + ret = errno; + perror(gethostname); + goto clean_and_exit; + } + if (!(hp = gethostbyname(localname))) { + ret = errno; + perror("gethostbyname"); + goto clean_and_exit; + } + sprintf(service_name, "kadmin/%s", hp->h_name); + + if ((ret = add_admin_princ(handle, context, + service_name, realm, + KRB5_KDB_DISALLOW_TGT_BASED, + ADMIN_LIFETIME))) + goto clean_and_exit; + if ((ret = add_admin_princ(handle, context, KADM5_ADMIN_SERVICE, realm, diff -bwru krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp --- krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp Sun Nov 3 03:00:34 2002 +++ krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/changing.exp Wed Jan 22 16:24:06 2003 @@ -13,73 +13,81 @@ # test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \ - 4 {New passwords do not match - password not changed.} + 1 {Password mismatch while reading password} test_3pass {test2} {D.7.5: empty/empty} test2 test2 {} {} \ - 5 {You must type a password. Passwords must be at least one character long.} + 2 {Password change rejected: Password not changed.} test_3pass {test2} {D.6: empty/non-empty} test2 test2 {} test2 \ - 4 {New passwords do not match - password not changed.} + 1 {Password mismatch while reading password} test_3pass {test2} {D.7: non-empty/empty} test2 test2 test2 {} \ - 4 {New passwords do not match - password not changed.} + 1 {Password mismatch while reading password} test_win {test1} {D.8: change password} test1 test1 newpass test_win {test1} {D.9: test changed password} test1 newpass test1 -mytest "D.22: No policy description was shown" test1 4 { - -re "Changing password for test1.*\\.$s+Old password:\[^\n\]*$" +mytest "D.22: No policy description was shown" test1 1 { + -re "Password for test1\@.*:\[^\n\]" { send "test1\n" } } { -re "$s+.*$s+.*$s+.*char.*classes.*" { myfail "policy description displayed" } timeout { mypass } } { - -re "^$s+New password:\[^\n\]*$" + -re "^$s+Enter new password:\[^\n\]*$" + { send "newpass\n" } + -re "^$s+Enter new password: :\[^\n\]*$" { send "newpass\n" } } { - -re "^$s+New password \\(again\\):\[^\n\]*\$" + -re "^$s+Enter it again:\[^\n\]*\$" + { send "ssapwen\n" } + -re "^$s+Enter it again: :\[^\n\]*\$" { send "ssapwen\n" } } { - -re "$s+New passwords do not match - password not changed." + -re "$s+Password mismatch while reading password" { mypass } } test_3pass {pol1} {D.10: new password too short} pol1 pol111111 que que \ - 4 {New password is too short. Please choose a password which is at least [0-9]+ characters long.} + 2 {New password is too short. Please choose a password which is at least [0-9]+ characters long.} test_3pass {pol1} {D.13: too few char classes in new password} pol1 \ pol111111 123456789 123456789 \ - 4 {New password does not have enough character classes. The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters \(e.g., control characters\). Please choose a password with at least [0-9]+ character classes.} + 2 {New password does not have enough character classes. The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters \(e.g., control characters\). Please choose a password with at least [0-9]+ character classes.} test_3pass {pol1} {D.14: new password in dictionary} pol1 \ pol111111 Discordianism Discordianism \ - 4 {New password was found in a dictionary of possible passwords and therefore may be easily guessed. Please choose another password. See the ovpasswd man page for help in choosing a good password.} + 2 {New password was found in a dictionary of possible passwords and therefore may be easily guessed. Please choose another password. See the ovpasswd man page for help in choosing a good password.} test_win {pol1} {successful change} pol1 pol111111 polAAAAAA # fail "successful change: XXXX password history is majorly broken" test_3pass {pol1} {D.11: new password same as old} pol1 \ polAAAAAA polAAAAAA polAAAAAA \ - 4 {New password was used previously. Please choose a different password.} + 2 {New password was used previously. Please choose a different password.} test_3pass {pol1} {D.12: new password in history} pol1 \ polAAAAAA pol111111 pol111111 \ - 4 {New password was used previously. Please choose a different password.} + 2 {New password was used previously. Please choose a different password.} -mytest "D.18: Policy description was shown" pol1 4 { - -re "Changing password for pol1.*\\.$s+Old password:\[^\n\]*$" +mytest "D.18: Policy description was shown" pol1 1 { + -re "Password for pol1\@.*:\[^\n\]" { send "polAAAAAA\n" } } { - -re "$s+.*$s+.*$s+.*8 char.*2 classes.*$s+New password:\[^\n\]*$" + -re "^$s+Enter new password:\[^\n\]*$" + { send "newpass1234\n" } + -re "^$s+Enter new password: :\[^\n\]*$" { send "newpass1234\n" } } { - -re "^$s+New password \\(again\\):\[^\n\]*$" + -re "^$s+Enter it again:\[^\n\]*\$" + { send "newpass4321\n" } + -re "^$s+Enter it again: :\[^\n\]*\$" { send "newpass4321\n" } } { - -re "$s+New passwords do not match - password not changed." + -re "$s+Password mismatch while reading password" { mypass } } @@ -89,6 +97,7 @@ test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC test_win {pol1} {successful change} pol1 polCCCCCC pol111111 + verbose "(sleeping 30 seconds)" catch "exec sleep 30" @@ -96,7 +105,7 @@ test_3pass {pol2} {D.15: too soon to change password} pol2 \ polbbbbbb pol222222 pol222222 \ - 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} + 2 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.} verbose "(sleeping 30 seconds)" catch "exec sleep 30" diff -bwru krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp --- krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp Thu Jan 20 21:12:33 2000 +++ krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/connecting.exp Tue Jan 21 09:20:31 2003 @@ -13,10 +13,10 @@ # test_initerr {test2} {C.4: empty old password (XXXX)} test2 {} \ - 5 {You must type a password. Passwords must be at least one character long.} + 1 {Cannot read password getting initial ticket} test_initerr {test2} {C.5: incorrect old password} test2 foobar \ - 2 "Old Kerberos password is incorrect. Please try again." + 1 {Password incorrect while getting initial ticket} # set timeout 60 # diff -bwru krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp --- krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp Thu Jan 20 21:12:33 2000 +++ krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/principal.exp Wed Jan 22 16:33:30 2003 @@ -25,8 +25,9 @@ set whoami [exec whoami] } -test_win {} {B.7: default nonexisting ccache(1)} $whoami $whoami newpass -test_win {} {B.7: default nonexisting ccache(2)} $whoami newpass $whoami +### This test fails when using clients/kpasswd/kpasswd +# test_win {} {B.7: default nonexisting ccache(1)} $whoami $whoami newpass +# test_win {} {B.7: default nonexisting ccache(2)} $whoami newpass $whoami kinit test2 test2 test_win {} {B.4: default existing cache containing existing principal} \ @@ -47,7 +48,7 @@ # test_initerr {bogus} {B.15, C.6: non-existent principal, no realm} bogus bogus \ - 3 "${initerr_str}Client not found in Kerberos database" + 1 {Client not found in Kerberos database getting initial ticket} # test_win {test2@SECURE-TEST.OV.COM} {B.16: existing principal, with realm} \ @@ -57,4 +58,4 @@ test_initerr {bogus@SECURE-TEST.OV.COM} \ {B.17: non-existent principal, with realm} \ bogus bogus \ - 3 "${initerr_str}Client not found in Kerberos database" + 1 "Client not found in Kerberos database getting initial ticket" diff -bwru krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp --- krb5-20021108-virgin/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp Thu Jan 20 21:12:33 2000 +++ krb5-20021108-um/src/kadmin/passwd/unit-test/kpasswd.0/usage.exp Tue Jan 21 10:17:23 2003 @@ -10,17 +10,17 @@ # Here are the tests # -mytest {A.1: two args} {foo bar} 7 { - -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass } +mytest {A.1: two args} {foo bar} 1 { + -re {usage: [a-z./]+passwd \[principal\]} { mypass } } -mytest {A.2: three args} {foo bar baz} 7 { - -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass } +mytest {A.2: three args} {foo bar baz} 1 { + -re {usage: [a-z./]+passwd \[principal\]} { mypass } } set env(KRB5CCNAME) bogus_type:bogus_ccname -mytest {B.5: malformed ccache name} {} 6 { - -re {[a-z./]+passwd: Unknown credential cache type while reading principal name from credential cache} { mypass } +mytest {B.5: malformed ccache name} {} 1 { + -re {[a-z./]+passwd: Unknown credential cache type opening default ccache} { mypass } } unset env(KRB5CCNAME) diff -bwru krb5-20021108-virgin/src/kadmin/passwd/unit-test/lib/helpers.exp krb5-20021108-um/src/kadmin/passwd/unit-test/lib/helpers.exp --- krb5-20021108-virgin/src/kadmin/passwd/unit-test/lib/helpers.exp Sun Nov 3 03:00:35 2002 +++ krb5-20021108-um/src/kadmin/passwd/unit-test/lib/helpers.exp Fri Feb 7 13:37:27 2003 @@ -68,7 +68,7 @@ uplevel 1 "expect { $test - timeout { close; myfail \"timeout\"} + timeout { close; myfail \"mytest timeout\"} eof { myfail \"eof read before expected message string\" } }" @@ -147,25 +147,27 @@ if { $pass2 == "\001\001" } { set pass2 "$pass1" } mytest "$name" $args 0 { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" + -re "Password for $princ\@.*:\[^\n\]" { send "$pass1\n" } } { - -re "Old Kerberos password is incorrect. Please try again." + -re "Password incorrect while getting initial ticket" { close; myfail "Old password incorrect" } -re "${initerr_regexp}(.+\[^\r\n\t\ \])\r\n" { close; myfail "init error: $expect_out(1,string)" } - -re "$s+New password:\[^\n\]*$" + -re "$s+Enter new password:\[^\n\]*$" { send "$pass2\n" } - -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$" + -re "$s+Enter new password: :\[^\n\]*$" + { send "$pass2\n" } + -re "$s+.*$s+.*$s+.*$s+Enter new password:\[^\n\]*$" { send "$pass2\n" } } { - -re "$s+New password \\(again\\):\[^\n\]*$" + -re "$s+Enter it again:\[^\n\]*$" + { send "$pass2\n" } + -re "$s+Enter it again: :\[^\n\]*$" { send "$pass2\n" } } { - -re "$s+Kerberos password changed." - { mypass } -re "$s+Password changed." - { close; myfail "Wrong message on success." } + { mypass } } } @@ -176,15 +178,10 @@ regsub -all "$s+" $err "$s+" err2 mytest "$name" $args $status { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" - { send "$pass\n" } - } { -re "$err2" { mypass } - -re "Old Kerberos password is incorrect. Please try again." - { close; myfail "Old password incorrect" } - -re "${initerr_regexp}(.+)\r\n" - { close; myfail "init error: $expect_out(1,string)" } + -re "Password for $princ\@.*:\[^\n\]" + { send "$pass\n" } } } @@ -195,19 +192,23 @@ regsub -all "$s+" $err "$s+" err2 mytest "$name" $args $status { - -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$" + -re "Password for $princ\@.*:\[^\n\]" { send "$pass1\n" } } { - -re "Old Kerberos password is incorrect. Please try again." + -re "Password incorrect while getting initial ticket" { close; myfail "Old password incorrect" } -re "${initerr_regexp}(.+)\r\n" { close; myfail "init error: $expect_out(1,string)" } - -re "$s+New password:\[^\n\]*$" + -re "$s+Enter new password:\[^\n\]*$" + { send "$pass2\n" } + -re "$s+Enter new password: :\[^\n\]*$" { send "$pass2\n" } -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$" { send "$pass2\n" } } { - -re "$s+New password \\(again\\):\[^\n\]*$" + -re "$s+Enter it again:\[^\n\]*$" + { send "$pass3\n" } + -re "$s+Enter it again: :\[^\n\]*$" { send "$pass3\n" } } { -re "$s+$err2" diff -bwru krb5-20021108-virgin/src/kadmin/server/kadm_rpc_svc.c krb5-20021108-um/src/kadmin/server/kadm_rpc_svc.c --- krb5-20021108-virgin/src/kadmin/server/kadm_rpc_svc.c Tue Jul 3 03:01:36 2001 +++ krb5-20021108-um/src/kadmin/server/kadm_rpc_svc.c Fri Nov 8 13:09:16 2002 @@ -62,8 +62,12 @@ bool_t (*xdr_argument)(), (*xdr_result)(); char *(*local)(); +#if defined(OLD_MIT_RPC) if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI && rqstp->rq_cred.oa_flavor != AUTH_GSSAPI_COMPAT) { +#else + if (rqstp->rq_cred.oa_flavor != RPCSEC_GSS) { +#endif krb5_klog_syslog(LOG_ERR, "Authentication attempt failed: %s, invalid " "RPC authentication flavor %d", inet_ntoa(rqstp->rq_xprt->xp_raddr.sin_addr), diff -bwru krb5-20021108-virgin/src/kadmin/server/misc.c krb5-20021108-um/src/kadmin/server/misc.c --- krb5-20021108-virgin/src/kadmin/server/misc.c Wed Oct 9 03:00:36 2002 +++ krb5-20021108-um/src/kadmin/server/misc.c Thu Feb 6 11:35:11 2003 @@ -158,3 +158,98 @@ keepold, n_ks_tuple, ks_tuple, keys, n_keys); } + +/* + * Function: chpass_principal_util_wrapper + * + * Purpose: wrapper to kadm5_chpass_principal_util that checks to see if + * pw_min_life has been reached. if not it returns an error. + * otherwise it calls kadm5_chpass_principal_util + * + * Note that this functionality is now duplicated in several + * places (at least lib/kadm5/chpass_util.c and + * kadmin/v4server/kadm_server.c) and now here. + * + * Arguments: + * server_handle (in) server handle + * princ (in) krb5_principal whose password we are + * changing + * new_pw (in) the user's requested new password + * ret_pw (in) ? + * msg_ret (out) address of buffer to return a message that + * will be returned to the caller + * msg_len (in) size of message buffer supplied above + * 0 on success error code on failure. + * + * Requires: + * kadm5_init to have been run. + * + * Effects: + * calls kadm5_chpass_principal_util which changes the kdb and the + * the admin db. + * + */ + +kadm5_ret_t chpass_principal_util_wrapper( + void *server_handle, + krb5_principal principal, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len) +{ + krb5_int32 now; + kadm5_ret_t ret; + kadm5_policy_ent_rec pol; + kadm5_principal_ent_rec princ; + kadm5_server_handle_t handle = server_handle; + + ret = krb5_timeofday(handle->context, &now); + if (ret) + return ret; + + ret = kadm5_get_principal(handle->lhandle, principal, + &princ, KADM5_PRINCIPAL_NORMAL_MASK); + if(ret != KADM5_OK) + return ret; + if(princ.aux_attributes & KADM5_POLICY) { + if((ret=kadm5_get_policy(handle->lhandle, + princ.policy, &pol)) != KADM5_OK) { + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return ret; + } + if((now - princ.last_pwd_change) < pol.pw_min_life && + !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { + + time_t until; + char *time_string, *ptr; + + until = princ.last_pwd_change + pol.pw_min_life; + + time_string = ctime(&until); + if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') + *ptr = '\0'; + sprintf(msg_ret, error_message(CHPASS_UTIL_PASSWORD_TOO_SOON), + time_string); + + (void) kadm5_free_policy_ent(handle->lhandle, &pol); + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return KADM5_PASS_TOOSOON; + } + + ret = kadm5_free_policy_ent(handle->lhandle, &pol); + if (ret) { + (void) kadm5_free_principal_ent(handle->lhandle, &princ); + return ret; + } + } + + ret = kadm5_free_principal_ent(handle->lhandle, &princ); + if (ret) + return ret; + + + return kadm5_chpass_principal_util(server_handle, principal, new_pw, + ret_pw, msg_ret, msg_len); +} + diff -bwru krb5-20021108-virgin/src/kadmin/server/ovsec_kadmd.c krb5-20021108-um/src/kadmin/server/ovsec_kadmd.c --- krb5-20021108-virgin/src/kadmin/server/ovsec_kadmd.c Wed Jan 9 03:01:23 2002 +++ krb5-20021108-um/src/kadmin/server/ovsec_kadmd.c Fri Feb 7 13:39:17 2003 @@ -43,8 +43,12 @@ #include /* inet_ntoa */ #include #include +#if defined(OLD_MIT_RPC) #include #include +#else +#include +#endif #include #include #include @@ -83,6 +87,9 @@ #define TIMEOUT 15 gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; +#if !defined(OLD_MIT_RPC) +gss_name_t gss_kadmin_name = NULL; +#endif void *global_server_handle; /* @@ -199,7 +206,13 @@ gss_buffer_desc in_buf; struct sockaddr_in addr; int s; +#if defined(OLD_MIT_RPC) auth_gssapi_name names[4]; +#else + char service_name[MAXHOSTNAMELEN + 8]; + char localname[MAXHOSTNAMELEN]; + struct hostent *hp; +#endif gss_buffer_desc gssbuf; gss_OID nt_krb5_name_oid; kadm5_config_params params; @@ -214,9 +227,21 @@ exit(1); } +#if defined(OLD_MIT_RPC) names[0].name = names[1].name = names[2].name = names[3].name = NULL; names[0].type = names[1].type = names[2].type = names[3].type = nt_krb5_name_oid; +#else + if (gethostname(localname, MAXHOSTNAMELEN)) { + perror("gethostname"); + exit(1); + } + if (!(hp = gethostbyname(localname))) { + perror("gethostbyname"); + exit(1); + } + sprintf(service_name, "kadmin@%s", hp->h_name); +#endif #ifdef PURIFY purify_start_batch(); @@ -468,6 +493,7 @@ exit(1); } +#if defined(OLD_MIT_RPC) names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm); names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm); @@ -484,12 +510,14 @@ krb5_klog_close(context); exit(1); } +#endif /* XXX krb5_overridekeyname is an internal library global and should go away. This is an awful hack. */ krb5_overridekeyname = params.admin_keytab; +#if defined(OLD_MIT_RPC) /* * Try to acquire creds for the old OV services as well as the * new names, but if that fails just fall back on the new names. @@ -507,12 +535,23 @@ krb5_klog_close(context); exit(1); } +#endif /* if set_names succeeded, this will too */ +#if defined(OLD_MIT_RPC) in_buf.value = names[1].name; in_buf.length = strlen(names[1].name) + 1; +#else + in_buf.value = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm); + in_buf.length = strlen(in_buf.value) + 1; +#ifdef DEBUG + fprintf(stderr, "Importing service name '%s' (%d bytes)\n", + in_buf.value, in_buf.length); +#endif +#endif (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid, &gss_changepw_name); +#if defined(OLD_MIT_RPC) if (oldnames) { in_buf.value = names[3].name; in_buf.length = strlen(names[3].name) + 1; @@ -524,12 +563,29 @@ _svcauth_gssapi_set_log_badverf_func(log_badverf, NULL); _svcauth_gssapi_set_log_miscerr_func(log_miscerr, NULL); +#else + in_buf.value = service_name; + in_buf.length = strlen(in_buf.value); +#ifdef DEBUG + fprintf(stderr, "Importing service name <%s>' (%d bytes)\n", + in_buf.value, in_buf.length); +#endif + (void) gss_import_name(&OMret, &in_buf, gss_nt_service_name, + &gss_kadmin_name); + if (svcauth_gss_set_svc_name(gss_kadmin_name) != TRUE) { + fprintf(stderr, "%s: Cannot initialize service name\n", + whoami); + exit(1); + } +#endif if ((ret = acl_init(context, 0, params.acl_file))) { krb5_klog_syslog(LOG_ERR, "Cannot initialize acl file: %s", error_message(ret)); fprintf(stderr, "%s: Cannot initialize acl file: %s\n", whoami, error_message(ret)); +#if defined(OLD_MIT_RPC) _svcauth_gssapi_unset_names(); +#endif kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -540,7 +596,9 @@ krb5_klog_syslog(LOG_ERR, "Cannot detach from tty: %s", error_message(ret)); fprintf(stderr, "%s: Cannot detach from tty: %s\n", whoami, error_message(ret)); +#if defined(OLD_MIT_RPC) _svcauth_gssapi_unset_names(); +#endif kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); @@ -552,7 +610,9 @@ krb5_klog_syslog(LOG_INFO, "finished, exiting"); /* Clean up memory, etc */ +#if defined(OLD_MIT_RPC) _svcauth_gssapi_unset_names(); +#endif kadm5_destroy(global_server_handle); close(s); acl_finish(context, 0); @@ -562,11 +622,13 @@ if(gss_oldchangepw_name) { (void) gss_release_name(&OMret, &gss_oldchangepw_name); } +#if defined(OLD_MIT_RPC) for(s = 0 ; s < 4; s++) { if (names[s].name) { free(names[s].name); } } +#endif krb5_klog_close(context); krb5_free_context(context); @@ -663,13 +725,17 @@ reset_db(); break; default: - if (FD_ISSET(schpw, &rfd)) + if (FD_ISSET(schpw, &rfd)) { + krb5_klog_syslog(LOG_NOTICE, "Calling do_schpw"); do_schpw(schpw, params); - else + } + else { + krb5_klog_syslog(LOG_NOTICE, "Calling svc_getreqset"); svc_getreqset(&rfd); } } } +} #ifdef PURIFY /* @@ -1070,7 +1136,9 @@ error_message(errno)); fprintf(stderr, "Cannot create connecting socket: %s", error_message(errno)); +#if defined(OLD_MIT_RPC) _svcauth_gssapi_unset_names(); +#endif kadm5_destroy(global_server_handle); krb5_klog_close(context); exit(1); diff -bwru krb5-20021108-virgin/src/kadmin/server/schpw.c krb5-20021108-um/src/kadmin/server/schpw.c --- krb5-20021108-virgin/src/kadmin/server/schpw.c Sat Oct 27 03:01:23 2001 +++ krb5-20021108-um/src/kadmin/server/schpw.c Thu Feb 6 12:07:18 2003 @@ -11,6 +11,15 @@ #define GETSOCKNAME_ARG3_TYPE int #endif +kadm5_ret_t chpass_principal_util_wrapper( + void *server_handle, + krb5_principal principal, + char *new_pw, + char **ret_pw, + char *msg_ret, + unsigned int msg_len); + + krb5_error_code process_chpw_request(context, server_handle, realm, s, keytab, sockin, req, rep) @@ -241,7 +250,7 @@ memcpy(ptr, clear.data, clear.length); ptr[clear.length] = '\0'; - ret = kadm5_chpass_principal_util(server_handle, ticket->enc_part2->client, + ret = chpass_principal_util_wrapper(server_handle, ticket->enc_part2->client, ptr, NULL, strresult, sizeof(strresult)); /* zap the password */ @@ -392,3 +401,4 @@ return(ret); } + diff -bwru krb5-20021108-virgin/src/kadmin/server/server_stubs.c krb5-20021108-um/src/kadmin/server/server_stubs.c --- krb5-20021108-virgin/src/kadmin/server/server_stubs.c Wed Oct 9 03:00:36 2002 +++ krb5-20021108-um/src/kadmin/server/server_stubs.c Fri Feb 7 13:41:31 2003 @@ -17,6 +17,12 @@ #define xdr_free gssrpc_xdr_free /* XXX kludge */ +#if !defined(OLD_MIT_RPC) +/* This is a kludge, should change all the uses instead? */ +#define rq_clntcred rq_clntname +#define rq_svccred rq_svcname +#endif + #define LOG_UNAUTH "Unauthorized request: %s, %s, client=%s, service=%s, addr=%s" #define LOG_DONE "Request: %s, %s, %s, client=%s, service=%s, addr=%s" diff -bwru krb5-20021108-virgin/src/kadmin/testing/proto/krb5.conf.proto krb5-20021108-um/src/kadmin/testing/proto/krb5.conf.proto --- krb5-20021108-virgin/src/kadmin/testing/proto/krb5.conf.proto Sat Jul 1 03:01:34 2000 +++ krb5-20021108-um/src/kadmin/testing/proto/krb5.conf.proto Wed Jan 22 15:39:48 2003 @@ -7,6 +7,7 @@ __REALM__ = { kdc = __KDCHOST__:1750 admin_server = __KDCHOST__:1751 + kpasswd_server = __KDCHOST__:1752 } [domain_realm] @@ -14,6 +15,6 @@ __KDCHOST__ = __REALM__ [logging] - admin_server = FILE:__K5ROOT__/syslog - kdc = FILE:__K5ROOT__/syslog + admin_server = FILE:__K5ROOT__/kadmin_log + kdc = FILE:__K5ROOT__/kdc_log default = FILE:__K5ROOT__/syslog diff -bwru krb5-20021108-virgin/src/kadmin/testing/scripts/init_db krb5-20021108-um/src/kadmin/testing/scripts/init_db --- krb5-20021108-virgin/src/kadmin/testing/scripts/init_db Thu Jan 20 21:12:37 2000 +++ krb5-20021108-um/src/kadmin/testing/scripts/init_db Thu Feb 6 13:40:17 2003 @@ -78,6 +78,7 @@ cat - > /tmp/init_db$$ <<\EOF source $env(TCLUTIL) set r $env(REALM) +set h [exec hostname] if {[info exists env(USER)]} { set whoami $env(USER) } else { @@ -198,7 +199,7 @@ EOF -eval $LOCAL_MAKE_KEYTAB -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT +eval $LOCAL_MAKE_KEYTAB -princ kadmin/$qualname -princ kadmin/admin -princ kadmin/changepw -princ ovsec_adm/admin -princ ovsec_adm/changepw $K5ROOT/ovsec_adm.srvtab $REDIRECT # Create $K5ROOT/setup.csh to make it easy to run other programs against # the test db diff -bwru krb5-20021108-virgin/src/kadmin/testing/util/tcl_kadm5.c krb5-20021108-um/src/kadmin/testing/util/tcl_kadm5.c --- krb5-20021108-virgin/src/kadmin/testing/util/tcl_kadm5.c Thu Aug 8 03:01:00 2002 +++ krb5-20021108-um/src/kadmin/testing/util/tcl_kadm5.c Wed Jan 15 14:28:43 2003 @@ -2494,9 +2494,21 @@ void Tcl_kadm5_init(Tcl_Interp *interp) { char buf[20]; + char hostname[MAXHOSTNAMELEN]; + char service_name[MAXHOSTNAMELEN + 10]; + struct hostent *hp; + + if (gethostname(hostname, sizeof(hostname)) == -1 ) { + perror ("calling gethostname"); + } + hp = gethostbyname(hostname); + if (hp == NULL) { + perror ("calling gethostbyname"); + } + sprintf(service_name, "kadmin/%s", hp->h_name); Tcl_SetVar(interp, "KADM5_ADMIN_SERVICE", - KADM5_ADMIN_SERVICE, TCL_GLOBAL_ONLY); + service_name, TCL_GLOBAL_ONLY); Tcl_SetVar(interp, "KADM5_CHANGEPW_SERVICE", KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", KADM5_STRUCT_VERSION); diff -bwru krb5-20021108-virgin/src/kadmin/testing/util/tcl_ovsec_kadm.c krb5-20021108-um/src/kadmin/testing/util/tcl_ovsec_kadm.c --- krb5-20021108-virgin/src/kadmin/testing/util/tcl_ovsec_kadm.c Tue Jul 16 03:01:00 2002 +++ krb5-20021108-um/src/kadmin/testing/util/tcl_ovsec_kadm.c Wed Jan 15 14:28:19 2003 @@ -1978,11 +1978,24 @@ void Tcl_ovsec_kadm_init(Tcl_Interp *interp) { char buf[20]; + char hostname[MAXHOSTNAMELEN]; + char service_name[MAXHOSTNAMELEN + 10]; + struct hostent *hp; + + if (gethostname(hostname, sizeof(hostname)) == -1 ) { + perror ("calling gethostname"); + } + hp = gethostbyname(hostname); + if (hp == NULL) { + perror ("calling gethostbyname"); + } + sprintf(service_name, "kadmin/%s", hp->h_name); + Tcl_SetVar(interp, "OVSEC_KADM_ADMIN_SERVICE", - OVSEC_KADM_ADMIN_SERVICE, TCL_GLOBAL_ONLY); + service_name, TCL_GLOBAL_ONLY); Tcl_SetVar(interp, "OVSEC_KADM_CHANGEPW_SERVICE", - OVSEC_KADM_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); + KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION); Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY); (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_1); diff -bwru krb5-20021108-virgin/src/lib/kadm5/admin.h krb5-20021108-um/src/lib/kadm5/admin.h --- krb5-20021108-virgin/src/lib/kadm5/admin.h Wed Oct 9 03:00:57 2002 +++ krb5-20021108-um/src/lib/kadm5/admin.h Sat Feb 8 09:34:00 2003 @@ -289,6 +289,11 @@ kadm5_config_params *params); #endif +int kadm5_get_admin_service_name(krb5_context context, + char *realm_in, + char *admin_name, + int maxlength); + kadm5_ret_t kadm5_init(char *client_name, char *pass, char *service_name, #if USE_KADM5_API_VERSION == 1 diff -bwru krb5-20021108-virgin/src/lib/kadm5/clnt/client_init.c krb5-20021108-um/src/lib/kadm5/clnt/client_init.c --- krb5-20021108-virgin/src/lib/kadm5/clnt/client_init.c Wed Oct 9 03:00:58 2002 +++ krb5-20021108-um/src/lib/kadm5/clnt/client_init.c Sat Feb 8 09:32:10 2003 @@ -493,6 +493,7 @@ } #ifndef INIT_TEST +#if defined(OLD_MIT_RPC) handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, &gssstat, &minor_stat, @@ -505,6 +506,19 @@ NULL, NULL, NULL); +#else + { + + struct rpc_gss_sec sec; + sec.mech = gss_mech_krb5; + sec.qop = GSS_C_QOP_DEFAULT; + sec.svc = RPCSEC_GSS_SVC_PRIVACY; + handle->clnt->cl_auth = authgss_create(handle->clnt, + gss_target, + &sec); + } + +#endif /* OLD_MIT_RPC */ (void) gss_release_name(&minor_stat, &gss_target); #endif /* ! INIT_TEST */ @@ -627,3 +641,78 @@ CHECK_HANDLE(handle); return 0; } + +/* + * Determine the kadmind service principal name. + */ +int kadm5_get_admin_service_name( + krb5_context context, /*in*/ + char *realm_in, /*in*/ + char *admin_name, /*out*/ + int maxlength) /*in*/ +{ + char **hostlist = NULL; + const char *realm_admin_names[4]; + char *cp, *cport; + struct hostent *hp; + krb5_error_code retval; + char *realm_name; + + if (NULL == admin_name) + return EINVAL; + + if (NULL == realm_in) { + if (krb5_get_default_realm(context, &realm_name)) + return 1; + } + else + realm_name = realm_in; + + realm_admin_names[0] = "realms"; + realm_admin_names[1] = realm_name; + realm_admin_names[2] = "admin_server"; + realm_admin_names[3] = (char *) NULL; + if (retval = profile_get_values(context->profile, + realm_admin_names, + &hostlist) != 0) { + fprintf(stderr, "%s while locating master KDC.\n", + error_message(retval)); + return retval; + } + + /* + * This knows a little too much about the format of profile + * entries. Shouldn't it just be some sort of tuple? + * + * The form is assumed to be: + * admin_server = [:[]] + * + * We just need the host name. + * Ignore port number (and whitespace) if there. + */ + + cp = strchr(hostlist[0], ' '); + if (cp) + *cp = '\0'; + cp = strchr(hostlist[0], '\t'); + if (cp) + *cp = '\0'; + cport = strchr(hostlist[0], ':'); + if (cport) + *cport = '\0'; + + hp = gethostbyname(hostlist[0]); + if (hp == NULL) { + fprintf(stderr, "could not determine full admin hostname for '%s'\n", + hostlist[0]); + return errno; + } + + if (strlen(hp->h_name) + 8 > maxlength) + return ENOMEM; + + sprintf(admin_name, "kadmin/%s", hp->h_name); + + return 0; +} + diff -bwru krb5-20021108-virgin/src/lib/kadm5/srv/server_misc.c krb5-20021108-um/src/lib/kadm5/srv/server_misc.c --- krb5-20021108-virgin/src/lib/kadm5/srv/server_misc.c Tue Jun 19 03:02:14 2001 +++ krb5-20021108-um/src/lib/kadm5/srv/server_misc.c Sat Feb 8 09:33:20 2003 @@ -185,3 +185,78 @@ } return KADM5_OK; } + +/* + * Determine the kadmind service principal name. + */ +int kadm5_get_admin_service_name( + krb5_context context, /*in*/ + char *realm_in, /*in*/ + char *admin_name, /*out*/ + int maxlength) /*in*/ +{ + char **hostlist = NULL; + const char *realm_admin_names[4]; + char *cp, *cport; + struct hostent *hp; + krb5_error_code retval; + char *realm_name; + + if (NULL == admin_name) + return EINVAL; + + if (NULL == realm_in) { + if (krb5_get_default_realm(context, &realm_name)) + return 1; + } + else + realm_name = realm_in; + + realm_admin_names[0] = "realms"; + realm_admin_names[1] = realm_name; + realm_admin_names[2] = "admin_server"; + realm_admin_names[3] = (char *) NULL; + if (retval = profile_get_values(context->profile, + realm_admin_names, + &hostlist) != 0) { + fprintf(stderr, "%s while locating master KDC.\n", + error_message(retval)); + return retval; + } + + /* + * This knows a little too much about the format of profile + * entries. Shouldn't it just be some sort of tuple? + * + * The form is assumed to be: + * admin_server = [:[]] + * + * We just need the host name. + * Ignore port number (and whitespace) if there. + */ + + cp = strchr(hostlist[0], ' '); + if (cp) + *cp = '\0'; + cp = strchr(hostlist[0], '\t'); + if (cp) + *cp = '\0'; + cport = strchr(hostlist[0], ':'); + if (cport) + *cport = '\0'; + + hp = gethostbyname(hostlist[0]); + if (hp == NULL) { + fprintf(stderr, "could not determine full admin hostname for '%s'\n", + hostlist[0]); + return errno; + } + + if (strlen(hp->h_name) + 8 > maxlength) + return ENOMEM; + + sprintf(admin_name, "kadmin/%s", hp->h_name); + + return 0; +} + diff -bwru krb5-20021108-virgin/src/lib/kadm5/srv/svr_principal.c krb5-20021108-um/src/lib/kadm5/srv/svr_principal.c --- krb5-20021108-virgin/src/lib/kadm5/srv/svr_principal.c Fri Nov 8 03:00:58 2002 +++ krb5-20021108-um/src/lib/kadm5/srv/svr_principal.c Fri Feb 7 13:45:56 2003 @@ -1147,6 +1147,10 @@ * modify privilege. The admin server therefore makes this * check itself (in chpass_principal_wrapper, misc.c). A * local caller implicitly has all authorization bits. + * + * Note, there is another wrapper, chpass_principal_util_wrapper, + * for kadm5_chpass_principal_util in misc.c for the simple + * change passwd interface. */ if ((now - last_pwd) < pol.pw_min_life && !(kdb.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/chpass-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/chpass-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/chpass-principal.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/chpass-principal.exp Wed Feb 5 14:12:17 2003 @@ -65,65 +65,66 @@ } if { $RPC } { test1805 } -# -# admin with changepw service tickets try to change other principals -# password, failes with AUTH error -test "chpass-principal 180.625" -proc test180625 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_chpass_principal $server_handle "%s/a" password - } $test] "AUTH" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test180625 } - -test "chpass-principal 180.75" -proc test18075 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# # +# # admin with changepw service tickets try to change other principals +# # password, failes with AUTH error +# test "chpass-principal 180.625" +# proc test180625 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_chpass_principal $server_handle "%s/a" password +# } $test] "AUTH" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test180625 } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_chpass_principal $server_handle "%s/a" Foobar - } $test] "AUTH_CHANGEPW" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } { test18075 } +# test "chpass-principal 180.75" +# proc test18075 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_chpass_principal $server_handle "%s/a" Foobar +# } $test] "AUTH_CHANGEPW" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } { test18075 } test "chpass-principal 182" proc test182 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/crte-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/crte-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/crte-policy.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/crte-policy.exp Mon Jan 13 16:01:58 2003 @@ -31,33 +31,34 @@ } test1 -# Description: (2) Fails if caller connected with CHANGEPW_SERVICE. -test "create-policy 2" -proc test2 {} { - global test - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \ - {OVSEC_KADM_POLICY} - } $test] "AUTH_ADD" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy"; - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# # Description: (2) Fails if caller connected with CHANGEPW_SERVICE. +# test "create-policy 2" +# proc test2 {} { +# global test +# if {! (( ! [policy_exists "$test/a"]) || +# [delete_policy "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \ +# {OVSEC_KADM_POLICY} +# } $test] "AUTH_ADD" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy"; +# return +# } +# } +# if {$RPC} { test2 } # Description: (3) Fails for mask without POLICY bit set. # 01/24/94: pshuang: untried. diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/crte-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/crte-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/crte-principal.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/crte-principal.exp Mon Jan 13 16:02:09 2003 @@ -371,29 +371,30 @@ } if {$RPC} { test15 } -test "create-principal 16" -proc test16 {} { - global test - begin_dump - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \ - {OVSEC_KADM_PRINCIPAL} testpass - } $test] "AUTH_ADD" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } - end_dump_compare "no-diffs" -} -if {$RPC} { test16 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "create-principal 16" +# proc test16 {} { +# global test +# begin_dump +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \ +# {OVSEC_KADM_PRINCIPAL} testpass +# } $test] "AUTH_ADD" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# end_dump_compare "no-diffs" +# } +# if {$RPC} { test16 } test "create-principal 17" proc test17 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/dlte-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/dlte-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/dlte-policy.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/dlte-policy.exp Mon Jan 13 16:02:22 2003 @@ -25,32 +25,33 @@ } test2 -test "delete-policy 5" -proc test5 {} { - global test - if {! (( [policy_exists "$test/a"]) || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_delete_policy $server_handle "%s/a" - } $test] "AUTH_DELETE" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if ${RPC} test5 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "delete-policy 5" +# proc test5 {} { +# global test +# if {! (( [policy_exists "$test/a"]) || +# [create_policy "$test/a"])} { +# error_and_restart "$test: couldn't create policy \"$test/a\"" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_delete_policy $server_handle "%s/a" +# } $test] "AUTH_DELETE" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if ${RPC} test5 test "delete-policy 6" proc test6 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/dlte-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/dlte-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/dlte-principal.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/dlte-principal.exp Mon Jan 13 16:02:37 2003 @@ -65,32 +65,33 @@ } test5 -test "delete-principal 6" -proc test6 {} { - global test - - if {! (( [principal_exists "$test/a"]) || - [create_principal_pol "$test/a" test-pol])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_delete_principal $server_handle "%s/a" - } $test] "AUTH_DELETE" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test6 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "delete-principal 6" +# proc test6 {} { +# global test +# +# if {! (( [principal_exists "$test/a"]) || +# [create_principal_pol "$test/a" test-pol])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_delete_principal $server_handle "%s/a" +# } $test] "AUTH_DELETE" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test6 } test "delete-principal 7" diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/get-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/get-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/get-policy.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/get-policy.exp Mon Jan 13 16:03:10 2003 @@ -86,26 +86,27 @@ } test11 -test "get-policy 12" -proc test12 {} { - global test - - if {! [cmd { - ovsec_kadm_init admin/get-pol StupidAdmin \ - $OVSEC_KADM_CHANGEPW_SERVICE null $OVSEC_KADM_STRUCT_VERSION \ - $OVSEC_KADM_API_VERSION_1 server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {ovsec_kadm_get_policy $server_handle test-pol-nopw p} - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test12 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 12" +# proc test12 {} { +# global test +# +# if {! [cmd { +# ovsec_kadm_init admin/get-pol StupidAdmin \ +# $OVSEC_KADM_CHANGEPW_SERVICE null $OVSEC_KADM_STRUCT_VERSION \ +# $OVSEC_KADM_API_VERSION_1 server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {ovsec_kadm_get_policy $server_handle test-pol-nopw p} +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test12 test "get-policy 15" proc test15 {} { @@ -128,26 +129,27 @@ } test15 -test "get-policy 16" -proc test16 {} { - global test - - if {! [cmd { - ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_CHANGEPW_SERVICE \ - null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {ovsec_kadm_get_policy $server_handle test-pol-nopw p} - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test16 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 16" +# proc test16 {} { +# global test +# +# if {! [cmd { +# ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_CHANGEPW_SERVICE \ +# null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {ovsec_kadm_get_policy $server_handle test-pol-nopw p} +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test16 test "get-policy 17" proc test17 {} { @@ -169,26 +171,27 @@ } test17 -test "get-policy 18" -proc test18 {} { - global test - - if {! [cmd { - ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \ - "AUTH_GET" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } test18 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 18" +# proc test18 {} { +# global test +# +# if {! [cmd { +# ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \ +# "AUTH_GET" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } test18 test "get-policy 21" proc test21 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/get-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/get-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/get-principal.exp Tue Sep 17 03:00:50 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/get-principal.exp Mon Jan 13 16:03:19 2003 @@ -159,61 +159,62 @@ } if {$RPC} { test6 } -test "get-principal 7" -proc test7 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - - if {! [cmd { - ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_get_principal $server_handle "%s/a" p - } $test] "AUTH_GET" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test7 } - - -test "get-principal 8" -proc test8 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - - if {! [cmd { - ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_get_principal $server_handle "%s/a" p - } $test] "AUTH_GET" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test8 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-principal 7" +# proc test7 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_get_principal $server_handle "%s/a" p +# } $test] "AUTH_GET" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test7 } + + +# test "get-principal 8" +# proc test8 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_get_principal $server_handle "%s/a" p +# } $test] "AUTH_GET" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test8 } test "get-principal 9" @@ -236,25 +237,25 @@ } test9 -test "get-principal 10" -proc test10 {} { - global test - if {! [cmd { - ovsec_kadm_init admin/none admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {ovsec_kadm_get_principal $server_handle admin/none p} - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test10 +# test "get-principal 10" +# proc test10 {} { +# global test +# if {! [cmd { +# ovsec_kadm_init admin/none admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {ovsec_kadm_get_principal $server_handle admin/none p} +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test10 test "get-principal 11" proc test11 {} { @@ -275,24 +276,24 @@ } test11 -test "get-principal 12" -proc test12 {} { - global test - if {! [cmd { - ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p} - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test12 +# test "get-principal 12" +# proc test12 {} { +# global test +# if {! [cmd { +# ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p} +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test12 test "get-principal 13" proc test13 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/init.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/init.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/init.exp Sat Oct 19 03:00:58 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/init.exp Mon Jan 13 16:04:43 2003 @@ -27,20 +27,21 @@ {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \ $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle} -test "init 3" - -proc test3 {} { - global test - if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - one_line_fail_test_nochk [format { - ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \ - $OVSEC_KADM_API_VERSION_1 server_handle - } $test] -} -if {$RPC} { test3 } +### Can no longer connect with any service other than kadmin/ via RPC ### +# test "init 3" +# +# proc test3 {} { +# global test +# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# one_line_fail_test_nochk [format { +# ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \ +# $OVSEC_KADM_API_VERSION_1 server_handle +# } $test] +# } +# if {$RPC} { test3 } test "init 4" @@ -60,14 +61,15 @@ } if {$RPC} { test4 } -test "init 5" - -if {$RPC} { - one_line_fail_test_nochk { - ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \ - $OVSEC_KADM_API_VERSION_1 server_handle - } -} +### Can no longer connect with any service other than kadmin/ via RPC ### +# test "init 5" +# +# if {$RPC} { +# one_line_fail_test_nochk { +# ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \ +# $OVSEC_KADM_API_VERSION_1 server_handle +# } +# } test "init 6" @@ -254,20 +256,21 @@ } test17 -test "init 18" - -proc test18 {} { - global test - one_line_succeed_test { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - } - if {! [cmd {ovsec_kadm_destroy $server_handle}]} { - error_and_restart "$test: couldn't close database" - } -} -test18 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "init 18" +# +# proc test18 {} { +# global test +# one_line_succeed_test { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# } +# if {! [cmd {ovsec_kadm_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +# } +# test18 test "init 19" @@ -708,6 +711,7 @@ api_start } +### Need to re-create keytab with the kadmin/ principal as well if {$RPC} { test "init 45" @@ -720,7 +724,7 @@ # re-extract the keytab so it is right exec rm $env(K5ROOT)/ovsec_adm.srvtab exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \ - -princ kadmin/admin -princ kadmin/changepw \ + -princ kadmin/admin -princ kadmin/changepw -princ kadmin/$env(HOST) \ $env(K5ROOT)/ovsec_adm.srvtab } diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/mod-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/mod-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/mod-policy.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/mod-policy.exp Mon Jan 13 16:04:55 2003 @@ -2,40 +2,41 @@ api_exit api_start -test "modify-policy 2" -proc test2 {} { - global test - - if {! (( [policy_exists "$test/a"]) || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \ - {OVSEC_KADM_PW_MAX_LIFE} - } $test] "AUTH_MODIFY" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-policy 2" +# proc test2 {} { +# global test +# +# if {! (( [policy_exists "$test/a"]) || +# [create_policy "$test/a"])} { +# error_and_restart "$test: couldn't create policy \"$test/a\"" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \ +# {OVSEC_KADM_PW_MAX_LIFE} +# } $test] "AUTH_MODIFY" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2 } test "modify-policy 4" proc test4 {} { global test - if {! ([policy_exists "$test/a"] || + if {! (( [policy_exists "$test/a"]) || [create_policy "$test/a"])} { error_and_restart "$test: couldn't create policy \"$test/a\"" return diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/mod-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/mod-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/mod-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/mod-principal.exp Mon Jan 13 16:05:12 2003 @@ -12,32 +12,33 @@ #} #test1 -test "modify-principal 2" -proc test2 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \ - {OVSEC_KADM_PRINC_EXPIRE_TIME} - } $test] "AUTH_MODIFY" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-principal 2" +# proc test2 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \ +# {OVSEC_KADM_PRINC_EXPIRE_TIME} +# } $test] "AUTH_MODIFY" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2 } test "modify-principal 4" proc test4 {} { @@ -1900,34 +1901,35 @@ } test39 -test "modify-principal 40" -proc test40 {} { - global test - global prompt - - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test { - ovsec_kadm_modify_principal $server_handle null \ - {OVSEC_KADM_PRINC_EXPIRE_TIME} - } "EINVAL" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test40 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-principal 40" +# proc test40 {} { +# global test +# global prompt +# +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test { +# ovsec_kadm_modify_principal $server_handle null \ +# {OVSEC_KADM_PRINC_EXPIRE_TIME} +# } "EINVAL" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test40 test "modify-principal 43" proc test43 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/randkey-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/randkey-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/randkey-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/randkey-principal.exp Mon Jan 13 16:05:44 2003 @@ -33,36 +33,37 @@ } if {$RPC} { test1 } -test "randkey-principal 3" -proc test3 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } - - if {! [cmd [format { - ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - } $test $test]]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_randkey_principal $server_handle "%s/a" key - } $test] "PASS_TOOSOON" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if ${RPC} { test3 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 3" +# proc test3 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd [format { +# ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# } $test $test]]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_randkey_principal $server_handle "%s/a" key +# } $test] "PASS_TOOSOON" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if ${RPC} { test3 } test "randkey-principal 13" proc test13 {} { @@ -97,36 +98,37 @@ } test13 -test "randkey-principal 15" -proc test15 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } - - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_randkey_principal $server_handle "%s/a" key - } $test] "AUTH_CHANGEPW" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } { test15 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 15" +# proc test15 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_randkey_principal $server_handle "%s/a" key +# } $test] "AUTH_CHANGEPW" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } { test15 } test "randkey-principal 28" proc test28 {} { @@ -154,31 +156,32 @@ } test28 -test "randkey-principal 28.25" -proc test2825 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_randkey_principal $server_handle "%s/a" key - } $test] "AUTH" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2825 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 28.25" +# proc test2825 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_randkey_principal $server_handle "%s/a" key +# } $test] "AUTH" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2825 } test "randkey-principal 28.5" proc test285 {} { @@ -206,35 +209,36 @@ } test285 -test "randkey-principal 30" -proc test30 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [create_principal "$test/a"]} { - error_and_restart "$test: creating principal" - return - } - if {! [cmd [format { - ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - } $test $test]]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test [format { - ovsec_kadm_randkey_principal $server_handle "%s/a" key - } $test] - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test30 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 30" +# proc test30 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [create_principal "$test/a"]} { +# error_and_restart "$test: creating principal" +# return +# } +# if {! [cmd [format { +# ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# } $test $test]]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test [format { +# ovsec_kadm_randkey_principal $server_handle "%s/a" key +# } $test] +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test30 test "randkey-principal 31" proc test31 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/rename-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.0/rename-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.0/rename-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.0/rename-principal.exp Mon Jan 13 16:05:51 2003 @@ -11,38 +11,39 @@ #} #test1 -test "rename-principal 2" -proc test2 {} { - global test - - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! (( ! [principal_exists "$test/b"]) || - [delete_principal "$test/b"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [cmd { - ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ - $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b" - } $test $test] "INSUFFICIENT" - if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } - -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "rename-principal 2" +# proc test2 {} { +# global test +# +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! (( ! [principal_exists "$test/b"]) || +# [delete_principal "$test/b"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \ +# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b" +# } $test $test] "INSUFFICIENT" +# if { ! [cmd {ovsec_kadm_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# +# } +# if {$RPC} { test2 } test "rename-principal 3" proc test3 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/chpass-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/chpass-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/chpass-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/chpass-principal.exp Mon Jan 13 16:00:26 2003 @@ -65,65 +65,67 @@ } if { $RPC } { test1805 } -# -# admin with changepw service tickets try to change other principals -# password, failes with AUTH error -test "chpass-principal 180.625" -proc test180625 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_chpass_principal $server_handle "%s/a" password - } $test] "AUTH" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test180625 } - -test "chpass-principal 180.75" -proc test18075 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# # +# # admin with changepw service tickets try to change other principals +# # password, failes with AUTH error +# test "chpass-principal 180.625" +# proc test180625 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_chpass_principal $server_handle "%s/a" password +# } $test] "AUTH" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test180625 } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_chpass_principal $server_handle "%s/a" Foobar - } $test] "AUTH_CHANGEPW" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } { test18075 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "chpass-principal 180.75" +# proc test18075 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_chpass_principal $server_handle "%s/a" Foobar +# } $test] "AUTH_CHANGEPW" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } { test18075 } test "chpass-principal 182" proc test182 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/crte-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/crte-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/crte-policy.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/crte-policy.exp Thu Jan 9 15:54:44 2003 @@ -31,33 +31,34 @@ } test1 -# Description: (2) Fails if caller connected with CHANGEPW_SERVICE. -test "create-policy 2" -proc test2 {} { - global test - if {! (( ! [policy_exists "$test/a"]) || - [delete_policy "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_create_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_POLICY} - } $test] "AUTH_ADD" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy"; - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# # Description: (2) Fails if caller connected with CHANGEPW_SERVICE. +# test "create-policy 2" +# proc test2 {} { +# global test +# if {! (( ! [policy_exists "$test/a"]) || +# [delete_policy "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_create_policy $server_handle [simple_policy "%s/a"] \ +# {KADM5_POLICY} +# } $test] "AUTH_ADD" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy"; +# return +# } +# } +# if {$RPC} { test2 } # Description: (3) Fails for mask without POLICY bit set. # 01/24/94: pshuang: untried. diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/crte-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/crte-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/crte-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/crte-principal.exp Thu Jan 9 15:55:10 2003 @@ -371,29 +371,30 @@ } if {$RPC} { test15 } -test "create-principal 16" -proc test16 {} { - global test - begin_dump - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_create_principal $server_handle [simple_principal "%s/a"] \ - {KADM5_PRINCIPAL} testpass - } $test] "AUTH_ADD" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } - end_dump_compare "no-diffs" -} -if {$RPC} { test16 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "create-principal 16" +# proc test16 {} { +# global test +# begin_dump +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_create_principal $server_handle [simple_principal "%s/a"] \ +# {KADM5_PRINCIPAL} testpass +# } $test] "AUTH_ADD" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# end_dump_compare "no-diffs" +# } +# if {$RPC} { test16 } test "create-principal 17" proc test17 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/dlte-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/dlte-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/dlte-policy.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/dlte-policy.exp Thu Jan 9 15:56:01 2003 @@ -25,32 +25,33 @@ } test2 -test "delete-policy 5" -proc test5 {} { - global test - if {! (( [policy_exists "$test/a"]) || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_delete_policy $server_handle "%s/a" - } $test] "AUTH_DELETE" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if ${RPC} test5 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "delete-policy 5" +# proc test5 {} { +# global test +# if {! (( [policy_exists "$test/a"]) || +# [create_policy "$test/a"])} { +# error_and_restart "$test: couldn't create policy \"$test/a\"" +# return +# } +# +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_delete_policy $server_handle "%s/a" +# } $test] "AUTH_DELETE" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if ${RPC} test5 test "delete-policy 6" proc test6 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/dlte-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/dlte-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/dlte-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/dlte-principal.exp Thu Jan 9 15:56:32 2003 @@ -65,32 +65,33 @@ } test5 -test "delete-principal 6" -proc test6 {} { - global test - - if {! (( [principal_exists "$test/a"]) || - [create_principal_pol "$test/a" test-pol])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_delete_principal $server_handle "%s/a" - } $test] "AUTH_DELETE" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test6 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "delete-principal 6" +# proc test6 {} { +# global test +# +# if {! (( [principal_exists "$test/a"]) || +# [create_principal_pol "$test/a" test-pol])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_delete_principal $server_handle "%s/a" +# } $test] "AUTH_DELETE" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test6 } test "delete-principal 7" diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/get-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/get-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/get-policy.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/get-policy.exp Thu Jan 9 15:57:38 2003 @@ -86,26 +86,27 @@ } test11 -test "get-policy 12" -proc test12 {} { - global test - - if {! [cmd { - kadm5_init admin/get-pol StupidAdmin \ - $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \ - $KADM5_API_VERSION_2 server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {kadm5_get_policy $server_handle test-pol-nopw p} - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test12 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 12" +# proc test12 {} { +# global test +# +# if {! [cmd { +# kadm5_init admin/get-pol StupidAdmin \ +# $KADM5_CHANGEPW_SERVICE null $KADM5_STRUCT_VERSION \ +# $KADM5_API_VERSION_2 server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {kadm5_get_policy $server_handle test-pol-nopw p} +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test12 test "get-policy 15" proc test15 {} { @@ -128,26 +129,27 @@ } test15 -test "get-policy 16" -proc test16 {} { - global test - - if {! [cmd { - kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \ - null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {kadm5_get_policy $server_handle test-pol-nopw p} - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test16 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 16" +# proc test16 {} { +# global test +# +# if {! [cmd { +# kadm5_init admin/pol StupidAdmin $KADM5_CHANGEPW_SERVICE \ +# null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {kadm5_get_policy $server_handle test-pol-nopw p} +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test16 test "get-policy 17" proc test17 {} { @@ -169,26 +171,27 @@ } test17 -test "get-policy 18" -proc test18 {} { - global test - - if {! [cmd { - kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ - "AUTH_GET" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } test18 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-policy 18" +# proc test18 {} { +# global test +# +# if {! [cmd { +# kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test {kadm5_get_policy $server_handle test-pol p} \ +# "AUTH_GET" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } test18 test "get-policy 21" proc test21 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/get-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/get-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/get-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/get-principal.exp Thu Jan 9 15:59:09 2003 @@ -159,61 +159,63 @@ } if {$RPC} { test6 } -test "get-principal 7" -proc test7 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - - if {! [cmd { - kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK - } $test] "AUTH_GET" - if { ! [cmd {kadm5_destroy $server_handle}]} { - - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test7 } - - -test "get-principal 8" -proc test8 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - - if {! [cmd { - kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK - } $test] "AUTH_GET" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test8 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-principal 7" +# proc test7 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# +# if {! [cmd { +# kadm5_init admin/delete admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +# } $test] "AUTH_GET" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test7 } + + +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-principal 8" +# proc test8 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# +# if {! [cmd { +# kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_get_principal $server_handle "%s/a" p KADM5_PRINCIPAL_NORMAL_MASK +# } $test] "AUTH_GET" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test8 } test "get-principal 9" @@ -236,25 +238,26 @@ } test9 -test "get-principal 10" -proc test10 {} { - global test - if {! [cmd { - kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test \ - {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test10 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-principal 10" +# proc test10 {} { +# global test +# if {! [cmd { +# kadm5_init admin/none admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test \ +# {kadm5_get_principal $server_handle admin/none p KADM5_PRINCIPAL_NORMAL_MASK} +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test10 test "get-principal 11" proc test11 {} { @@ -275,24 +278,25 @@ } test11 -test "get-principal 12" -proc test12 {} { - global test - if {! [cmd { - kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test12 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "get-principal 12" +# proc test12 {} { +# global test +# if {! [cmd { +# kadm5_init admin/get admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test {kadm5_get_principal $server_handle admin/get p KADM5_PRINCIPAL_NORMAL_MASK} +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test12 test "get-principal 13" proc test13 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/init-v2.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/init-v2.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/init-v2.exp Sat Oct 19 03:01:00 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/init-v2.exp Fri Feb 7 14:11:08 2003 @@ -544,9 +544,11 @@ } test117 +### Add more characters to regular expresion string ### +### below for matching new style kadmin service name ### send "puts \$KADM5_ADMIN_SERVICE\n" expect { - -re "(\[a-zA-Z/@\]+)\n$prompt" { + -re "(\[0-9a-zA-Z/@\.\-_\]+)\n$prompt" { set KADM5_ADMIN_SERVICE $expect_out(1,string) } default { @@ -582,21 +584,22 @@ } if {$RPC} test150 -test "init 151" -proc test151 {} { - global test KADM5_CHANGEPW_SERVICE - - set env(KRB5CCNAME) /tmp/krb5cc_kadm5_init_v2 - kdestroy - kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE" - one_line_succeed_test { - kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \ - null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - } - kdestroy -} -if {$RPC} test151 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "init 151" +# proc test151 {} { +# global test KADM5_CHANGEPW_SERVICE +# +# set env(KRB5CCNAME) /tmp/krb5cc_kadm5_init_v2 +# kdestroy +# kinit testuser notathena "-S $KADM5_CHANGEPW_SERVICE" +# one_line_succeed_test { +# kadm5_init_with_creds testuser null $KADM5_CHANGEPW_SERVICE \ +# null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# } +# kdestroy +# } +# if {$RPC} test151 test "init 152" proc test152 {} { @@ -618,7 +621,7 @@ set env(KRB5CCNAME) /tmp/krb5cc_kadm5_init_v2 kinit testuser notathena one_line_fail_test { - kadm5_init_with_creds testuser null $KADM5_ADMIN_SERVICE \ + kadm5_init_with_creds testuser notused $KADM5_ADMIN_SERVICE \ null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ server_handle } "GSS_ERROR" diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/init.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/init.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/init.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/init.exp Mon Jan 13 15:48:14 2003 @@ -30,49 +30,52 @@ [config_params {KADM5_CONFIG_REALM} {BAD.REALM}] \ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle} -test "init 3" - -proc test3 {} { - global test - if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - one_line_fail_test_nochk [format { - kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \ - $KADM5_API_VERSION_2 server_handle - } $test] -} -if {$RPC} { test3 } - -test "init 4" - -proc test4 {} { - global test - if {! ((! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - - one_line_fail_test_nochk [format { - kadm5_init admin admin "%s/a" null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - } $test] -} -if {$RPC} { test4 } +### Can no longer connect with any service other than kadmin/ via RPC ### +# test "init 3" +# +# proc test3 {} { +# global test +# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# one_line_fail_test_nochk [format { +# kadm5_init admin admin "%s/a" null $KADM5_STRUCT_VERSION \ +# $KADM5_API_VERSION_2 server_handle +# } $test] +# } +# if {$RPC} { test3 } -test "init 5" +### Can no longer connect with any service other than kadmin/ via RPC ### +# test "init 4" +# +# proc test4 {} { +# global test +# if {! ((! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# +# one_line_fail_test_nochk [format { +# kadm5_init admin admin "%s/a" null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# } $test] +# } +# if {$RPC} { test4 } -if {$RPC} { - one_line_fail_test_nochk { - kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \ - $KADM5_API_VERSION_2 server_handle - } -} +### Can no longer connect with any service other than kadmin/ via RPC ### +# test "init 5" +# +# if {$RPC} { +# one_line_fail_test_nochk { +# kadm5_init admin admin admin null $KADM5_STRUCT_VERSION \ +# $KADM5_API_VERSION_2 server_handle +# } +# } -test "init 6" +# test "init 6" proc test6 {} { global test @@ -257,20 +260,21 @@ } test17 -test "init 18" - -proc test18 {} { - global test - one_line_succeed_test { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - } - if {! [cmd {kadm5_destroy $server_handle}]} { - error_and_restart "$test: couldn't close database" - } -} -test18 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "init 18" +# +# proc test18 {} { +# global test +# one_line_succeed_test { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# } +# if {! [cmd {kadm5_destroy $server_handle}]} { +# error_and_restart "$test: couldn't close database" +# } +# } +# test18 test "init 19" @@ -712,6 +716,7 @@ api_start } +### Must add principal kadmin/ back to keytab as well if {$RPC} { test "init 45" @@ -724,7 +729,7 @@ # re-extract the keytab so it is right exec rm $env(K5ROOT)/ovsec_adm.srvtab exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \ - -princ kadmin/admin -princ kadmin/changepw \ + -princ kadmin/admin -princ kadmin/changepw -princ kadmin/$env(HOST) \ $env(K5ROOT)/ovsec_adm.srvtab } diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/mod-policy.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/mod-policy.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/mod-policy.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/mod-policy.exp Thu Jan 9 16:01:25 2003 @@ -2,34 +2,35 @@ api_exit api_start -test "modify-policy 2" -proc test2 {} { - global test - - if {! (( [policy_exists "$test/a"]) || - [create_policy "$test/a"])} { - error_and_restart "$test: couldn't create policy \"$test/a\"" - return - } - - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ - {KADM5_PW_MAX_LIFE} - } $test] "AUTH_MODIFY" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-policy 2" +# proc test2 {} { +# global test +# +# if {! (( [policy_exists "$test/a"]) || +# [create_policy "$test/a"])} { +# error_and_restart "$test: couldn't create policy \"$test/a\"" +# return +# } +# +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_modify_policy $server_handle [simple_policy "%s/a"] \ +# {KADM5_PW_MAX_LIFE} +# } $test] "AUTH_MODIFY" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2 } test "modify-policy 4" proc test4 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/mod-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/mod-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/mod-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/mod-principal.exp Thu Jan 9 16:02:09 2003 @@ -12,32 +12,33 @@ #} #test1 -test "modify-principal 2" -proc test2 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ - {KADM5_PRINC_EXPIRE_TIME} - } $test] "AUTH_MODIFY" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-principal 2" +# proc test2 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_modify_principal $server_handle [simple_principal "%s/a"] \ +# {KADM5_PRINC_EXPIRE_TIME} +# } $test] "AUTH_MODIFY" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2 } test "modify-principal 4" proc test4 {} { @@ -1900,34 +1901,35 @@ } test39 -test "modify-principal 40" -proc test40 {} { - global test - global prompt - - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test { - kadm5_modify_principal $server_handle null \ - {KADM5_PRINC_EXPIRE_TIME} - } "EINVAL" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test40 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "modify-principal 40" +# proc test40 {} { +# global test +# global prompt +# +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test { +# kadm5_modify_principal $server_handle null \ +# {KADM5_PRINC_EXPIRE_TIME} +# } "EINVAL" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test40 test "modify-principal 43" proc test43 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/randkey-principal.exp krb5-20021108-um/src/lib/kadm5/unit-test/api.2/randkey-principal.exp --- krb5-20021108-virgin/src/lib/kadm5/unit-test/api.2/randkey-principal.exp Tue Sep 17 03:00:51 2002 +++ krb5-20021108-um/src/lib/kadm5/unit-test/api.2/randkey-principal.exp Mon Jan 13 16:31:09 2003 @@ -33,36 +33,37 @@ } if {$RPC} { test1 } -test "randkey-principal 3" -proc test3 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } - - if {! [cmd [format { - kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - } $test $test]]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_randkey_principal $server_handle "%s/a" keys num_keys - } $test] "PASS_TOOSOON" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if ${RPC} { test3 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 3" +# proc test3 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd [format { +# kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# } $test $test]]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_randkey_principal $server_handle "%s/a" keys num_keys +# } $test] "PASS_TOOSOON" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if ${RPC} { test3 } test "randkey-principal 13" proc test13 {} { @@ -97,36 +98,37 @@ } test13 -test "randkey-principal 15" -proc test15 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [create_principal_pol "$test/a" once-a-min]} { - error_and_restart "$test: creating principal" - return - } - - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_randkey_principal $server_handle "%s/a" keys num_keys - } $test] "AUTH_CHANGEPW" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if { $RPC } { test15 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 15" +# proc test15 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [create_principal_pol "$test/a" once-a-min]} { +# error_and_restart "$test: creating principal" +# return +# } +# +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_randkey_principal $server_handle "%s/a" keys num_keys +# } $test] "AUTH_CHANGEPW" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if { $RPC } { test15 } test "randkey-principal 28" proc test28 {} { @@ -154,31 +156,32 @@ } test28 -test "randkey-principal 28.25" -proc test2825 {} { - global test - if {! (( [principal_exists "$test/a"]) || - [create_principal "$test/a"])} { - error_and_restart "$test: couldn't create principal \"$test/a\"" - return - } - if {! [cmd { - kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - }]} { - perror "$test: unexpected failure in init" - return - } - one_line_fail_test [format { - kadm5_randkey_principal $server_handle "%s/a" keys num_keys - } $test] "AUTH" - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -if {$RPC} { test2825 } +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 28.25" +# proc test2825 {} { +# global test +# if {! (( [principal_exists "$test/a"]) || +# [create_principal "$test/a"])} { +# error_and_restart "$test: couldn't create principal \"$test/a\"" +# return +# } +# if {! [cmd { +# kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# }]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_fail_test [format { +# kadm5_randkey_principal $server_handle "%s/a" keys num_keys +# } $test] "AUTH" +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# if {$RPC} { test2825 } test "randkey-principal 28.5" proc test285 {} { @@ -206,35 +209,36 @@ } test285 -test "randkey-principal 30" -proc test30 {} { - global test - if {! (( ! [principal_exists "$test/a"]) || - [delete_principal "$test/a"])} { - error_and_restart "$test: couldn't delete principal \"$test/a\"" - return - } - if {! [create_principal "$test/a"]} { - error_and_restart "$test: creating principal" - return - } - if {! [cmd [format { - kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ - $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ - server_handle - } $test $test]]} { - perror "$test: unexpected failure in init" - return - } - one_line_succeed_test [format { - kadm5_randkey_principal $server_handle "%s/a" keys num_keys - } $test] - if { ! [cmd {kadm5_destroy $server_handle}]} { - perror "$test: unexpected failure in destroy" - return - } -} -test30 +### Can no longer connect with CHANGEPW_SERVICE via RPC ### +# test "randkey-principal 30" +# proc test30 {} { +# global test +# if {! (( ! [principal_exists "$test/a"]) || +# [delete_principal "$test/a"])} { +# error_and_restart "$test: couldn't delete principal \"$test/a\"" +# return +# } +# if {! [create_principal "$test/a"]} { +# error_and_restart "$test: creating principal" +# return +# } +# if {! [cmd [format { +# kadm5_init "%s/a" "%s/a" $KADM5_CHANGEPW_SERVICE null \ +# $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \ +# server_handle +# } $test $test]]} { +# perror "$test: unexpected failure in init" +# return +# } +# one_line_succeed_test [format { +# kadm5_randkey_principal $server_handle "%s/a" keys num_keys +# } $test] +# if { ! [cmd {kadm5_destroy $server_handle}]} { +# perror "$test: unexpected failure in destroy" +# return +# } +# } +# test30 test "randkey-principal 31" proc test31 {} { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/destroy-test.c krb5-20021108-um/src/lib/kadm5/unit-test/destroy-test.c --- krb5-20021108-virgin/src/lib/kadm5/unit-test/destroy-test.c Fri Oct 13 03:01:41 2000 +++ krb5-20021108-um/src/lib/kadm5/unit-test/destroy-test.c Sat Feb 8 09:59:04 2003 @@ -18,9 +18,20 @@ int x; void *server_handle; kadm5_server_handle_t handle; + char service_name[256]; + krb5_context context; + + krb5_init_context(&context); + + ret = kadm5_get_admin_service_name(context, NULL, + &service_name[0], sizeof(service_name)); + if (ret != OVSEC_KADM_OK) { + com_err("test", ret, "getting admin principal"); + exit(2); + } for(x = 0; x < TEST_NUM; x++) { - ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, + ret = ovsec_kadm_init("admin", "admin", service_name, 0, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, &server_handle); diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/handle-test.c krb5-20021108-um/src/lib/kadm5/unit-test/handle-test.c --- krb5-20021108-virgin/src/lib/kadm5/unit-test/handle-test.c Fri Oct 13 03:01:41 2000 +++ krb5-20021108-um/src/lib/kadm5/unit-test/handle-test.c Sat Feb 8 09:44:13 2003 @@ -20,11 +20,19 @@ krb5_keyblock *key; krb5_principal tprinc; krb5_context context; + char service_name[256]; krb5_init_context(&context); - ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0, + ret = kadm5_get_admin_service_name(context, NULL, + &service_name[0], sizeof(service_name)); + if (ret != OVSEC_KADM_OK) { + com_err("test", ret, "getting admin principal"); + exit(2); + } + + ret = ovsec_kadm_init("admin/none", "admin", service_name, 0, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, &server_handle); if(ret != OVSEC_KADM_OK) { diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/init-test.c krb5-20021108-um/src/lib/kadm5/unit-test/init-test.c --- krb5-20021108-virgin/src/lib/kadm5/unit-test/init-test.c Fri Oct 13 03:01:41 2000 +++ krb5-20021108-um/src/lib/kadm5/unit-test/init-test.c Sat Feb 8 09:57:27 2003 @@ -7,8 +7,19 @@ { ovsec_kadm_ret_t ret; void *server_handle; + char service_name[256]; + krb5_context context; - ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0, + krb5_init_context(&context); + + ret = kadm5_get_admin_service_name(context, NULL, + &service_name[0], sizeof(service_name)); + if (ret != OVSEC_KADM_OK) { + com_err("test", ret, "getting admin principal"); + exit(2); + } + + ret = ovsec_kadm_init("admin", "admin", service_name, 0, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, &server_handle); diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/iter-test.c krb5-20021108-um/src/lib/kadm5/unit-test/iter-test.c --- krb5-20021108-virgin/src/lib/kadm5/unit-test/iter-test.c Fri Oct 13 03:01:41 2000 +++ krb5-20021108-um/src/lib/kadm5/unit-test/iter-test.c Sat Feb 8 10:00:22 2003 @@ -7,6 +7,8 @@ void *server_handle; char **names; int count, princ, i; + char service_name[256]; + krb5_context context; if (argc != 3) { fprintf(stderr, "Usage: %s [-princ|-pol] exp\n", argv[0]); @@ -14,7 +16,16 @@ } princ = (strcmp(argv[1], "-princ") == 0); - ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0, + krb5_init_context(&context); + + ret = kadm5_get_admin_service_name(context, NULL, + &service_name[0], sizeof(service_name)); + if (ret != OVSEC_KADM_OK) { + com_err("test", ret, "getting admin principal"); + exit(2); + } + + ret = ovsec_kadm_init("admin", "admin", service_name, 0, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, &server_handle); diff -bwru krb5-20021108-virgin/src/lib/kadm5/unit-test/randkey-test.c krb5-20021108-um/src/lib/kadm5/unit-test/randkey-test.c --- krb5-20021108-virgin/src/lib/kadm5/unit-test/randkey-test.c Fri Oct 13 03:01:42 2000 +++ krb5-20021108-um/src/lib/kadm5/unit-test/randkey-test.c Sat Feb 8 09:53:42 2003 @@ -15,13 +15,21 @@ krb5_keyblock *newkey; krb5_context context; void *server_handle; + char service_name[256]; int x, i; krb5_init_context(&context); + ret = kadm5_get_admin_service_name(context, NULL, + &service_name[0], sizeof(service_name)); + if (ret != OVSEC_KADM_OK) { + com_err("test", ret, "getting admin principal"); + exit(2); + } + krb5_parse_name(context, "testuser", &tprinc); - ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0, + ret = ovsec_kadm_init("admin", "admin", service_name, 0, OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, &server_handle); diff -bwru krb5-20021108-virgin/src/tests/dejagnu/config/default.exp krb5-20021108-um/src/tests/dejagnu/config/default.exp --- krb5-20021108-virgin/src/tests/dejagnu/config/default.exp Tue Oct 8 03:01:32 2002 +++ krb5-20021108-um/src/tests/dejagnu/config/default.exp Fri Feb 7 14:08:50 2003 @@ -927,6 +927,11 @@ global KADMIN_LOCAL global KEY global tmppwd + global hostname + + if ![get_hostname] { + return 0 + } catch "exec rm -f $tmppwd/admin-keytab" envstack_push @@ -960,6 +965,11 @@ expect -re ".*Entry for principal kadmin/admin.* added to keytab WRFILE:admin-new-srvtab." expect "kadmin.local: " + send "xst -k admin-new-srvtab kadmin/$hostname\r" + expect "xst -k admin-new-srvtab kadmin/$hostname\r\n" + expect -re ".*Entry for principal kadmin/$hostname.* added to keytab WRFILE:admin-new-srvtab." + expect "kadmin.local: " + catch "exec mv -f admin-new-srvtab changepw-new-srvtab" exec_output if ![string match "" $exec_output] { verbose -log "$exec_output"