5 # Principal "admin" exists, with "get", "add", "modify" and "delete"
6 # access bits and password "admin".
7 # The string "not-the-password" isn't the password of any user in the database.
8 # Database master password is "mrroot".
14 one_line_fail_test_nochk \
15 {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE "" \
16 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
20 one_line_fail_test_nochk \
21 {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE @ \
22 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
26 one_line_fail_test_nochk \
27 {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \
28 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
34 if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
35 error_and_restart "$test: couldn't create principal \"$test/a\""
38 one_line_fail_test_nochk [format {
39 ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \
40 $OVSEC_KADM_API_VERSION_1 server_handle
49 if {! ((! [principal_exists "$test/a"]) ||
50 [delete_principal "$test/a"])} {
51 error_and_restart "$test: couldn't delete principal \"$test/a\""
55 one_line_fail_test_nochk [format {
56 ovsec_kadm_init admin admin "%s/a" null \
57 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
66 one_line_fail_test_nochk {
67 ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \
68 $OVSEC_KADM_API_VERSION_1 server_handle
77 send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
82 fail "$test: eof instead of password prompt"
88 fail "$test: timeout instead of password prompt"
92 one_line_succeed_test "admin"
93 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
94 error_and_restart "$test: couldn't close database"
103 send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
106 {Enter password:} { }
109 fail "$test: eof instead of password prompt"
115 fail "$test: timeout instead of password prompt"
119 one_line_succeed_test "admin"
120 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
121 error_and_restart "$test: couldn't close database"
124 if { $RPC } { test7 }
130 if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
131 error_and_restart "$test: couldn't create principal \"$test/a\""
134 one_line_fail_test_nochk [format {
135 ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
136 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
146 one_line_fail_test_nochk {
147 ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE null \
148 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
158 # setup_xfail {*-*-*} $prms_id
159 one_line_fail_test_nochk {
160 ovsec_kadm_init null admin $OVSEC_KADM_ADMIN_SERVICE null \
161 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
172 # setup_xfail {*-*-*} $prms_id
173 # one_line_fail_test_nochk {
174 # ovsec_kadm_init "" admin $OVSEC_KADM_ADMIN_SERVICE null \
175 # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
185 one_line_fail_test_nochk [format {
186 ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
187 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
197 one_line_fail_test_nochk [format {
198 ovsec_kadm_init "%s/a@SECURE-TEST.OV.COM" admin \
199 $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
200 $OVSEC_KADM_API_VERSION_1 server_handle
209 one_line_fail_test_nochk [format {
210 ovsec_kadm_init "%s/a@BAD.REALM" admin $OVSEC_KADM_ADMIN_SERVICE null \
211 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
220 one_line_fail_test_nochk {
221 ovsec_kadm_init admin@BAD.REALM admin $OVSEC_KADM_ADMIN_SERVICE null \
222 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
231 one_line_succeed_test {
232 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
233 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
236 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
237 error_and_restart "$test: couldn't close database"
246 one_line_succeed_test {
247 ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
248 $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
249 $OVSEC_KADM_API_VERSION_1 server_handle
251 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
252 error_and_restart "$test: couldn't close database"
261 one_line_succeed_test {
262 ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
263 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
266 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
267 error_and_restart "$test: couldn't close database"
276 one_line_succeed_test {
277 ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
278 $OVSEC_KADM_ADMIN_SERVICE SECURE-TEST.OV.COM \
279 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
282 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
283 error_and_restart "$test: couldn't close database"
293 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
294 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
297 error_and_restart "$test: couldn't init database"
300 one_line_succeed_test \
301 {ovsec_kadm_get_principal $server_handle admin principal}
302 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
303 error_and_restart "$test: couldn't close database"
313 # ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
314 # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
317 # error_and_restart "$test: couldn't init database"
320 # one_line_fail_test_nochk {
321 # ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
322 # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
325 # if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
326 # error_and_restart "$test: couldn't close database"
336 ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
337 $OVSEC_KADM_API_VERSION_1 server_handle
341 -re ":$" { set prompting 1}
342 -re "\nOK .*$prompt$" { fail "$test: premature success" }
343 -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
344 timeout { fail "$test: timeout" }
345 eof { fail "$test: eof" }
348 one_line_succeed_test mrroot
350 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
351 error_and_restart "$test: couldn't close database"
354 if {! $RPC} { test22 }
361 ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
362 $OVSEC_KADM_API_VERSION_1 server_handle
366 -re ":$" { set prompting 1}
367 -re "\nOK .*$prompt$" { fail "$test: premature success" }
368 -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
369 timeout { fail "$test: timeout" }
370 eof { fail "$test: eof" }
373 one_line_succeed_test mrroot
375 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
376 error_and_restart "$test: couldn't close database"
379 if {! $RPC} { test225 }
385 one_line_succeed_test {
386 ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE \
387 null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
390 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
391 error_and_restart "$test: couldn't close database"
394 if {! $RPC} { test23 }
400 one_line_succeed_test {
401 ovsec_kadm_init admin admin null null $OVSEC_KADM_STRUCT_VERSION \
402 $OVSEC_KADM_API_VERSION_1 server_handle
404 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
405 error_and_restart "$test: couldn't close database"
408 if {! $RPC} { test24 }
414 one_line_succeed_test {
415 ovsec_kadm_init admin admin foobar null \
416 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
419 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
420 error_and_restart "$test: couldn't close database"
423 if {! $RPC} { test25 }
432 # one_line_fail_test_nochk {
433 # ovsec_kadm_get_principal $server_handle admin principal
443 # if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
444 # error_and_restart "$test: couldn't delete principal \"$test/a\""
449 # ovsec_kadm_create_principal $server_handle [simple_principal \
450 # "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
452 # fail "$test: unexpected success in add"
455 # end_dump_compare "no-diffs"
464 # if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
465 # error_and_restart "$test: couldn't create principal \"$test/a\""
470 # ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
471 # $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
473 # }] && [cmd [format {
474 # ovsec_kadm_get_principal $server_handle "%s/a" principal
476 # error_and_restart "$test: error getting principal"
479 # send "lindex \$principal 8\n"
481 # -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
483 # error_and_restart "$test: timeout getting principal kvno"
487 # error_and_restart "$test: eof getting principal kvno"
493 # set new_kvno [expr "$kvno + 1"]
495 # ovsec_kadm_modify_principal $server_handle \
496 # {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
497 # } $test $new_kvno]]} {
498 # fail "$test: unexpected success in modify"
501 # end_dump_compare "no-diffs"
510 # if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
511 # error_and_restart "$test: couldn't create principal \"$test/a\""
516 # ovsec_kadm_delete_principal $server_handle "%s/a"
518 # fail "$test: unexpected success in delete"
521 # end_dump_compare "no-diffs"
529 ovsec_kadm_init admin foobar $OVSEC_KADM_ADMIN_SERVICE null \
530 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
533 error_and_restart "$test: unexpected success"
536 one_line_succeed_test {
537 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
538 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
541 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
542 error_and_restart "$test: couldn't close database"
551 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
552 $bad_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
554 } "BAD_STRUCT_VERSION"
562 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
563 $no_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
565 } "BAD_STRUCT_VERSION"
573 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
574 $old_struct_version $OVSEC_KADM_API_VERSION_1 \
576 } "OLD_STRUCT_VERSION"
584 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
585 $new_struct_version $OVSEC_KADM_API_VERSION_1 \
587 } "NEW_STRUCT_VERSION"
595 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
596 $OVSEC_KADM_STRUCT_VERSION $bad_api_version_mask \
606 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
607 $OVSEC_KADM_STRUCT_VERSION $no_api_version_mask \
617 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
618 $OVSEC_KADM_STRUCT_VERSION $old_api_version \
620 } "OLD_LIB_API_VERSION"
628 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
629 $OVSEC_KADM_STRUCT_VERSION $old_api_version \
631 } "OLD_SERVER_API_VERSION"
639 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
640 $OVSEC_KADM_STRUCT_VERSION $new_api_version \
642 } "NEW_LIB_API_VERSION"
650 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
651 $OVSEC_KADM_STRUCT_VERSION $new_api_version \
653 } "NEW_SERVER_API_VERSION"
661 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
662 $OVSEC_KADM_API_VERSION_1 $OVSEC_KADM_STRUCT_VERSION \
671 one_line_succeed_test {
672 ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
673 $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
676 if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
677 error_and_restart "$test: couldn't close database"
683 proc test45_46 {service} {
684 global test kadmin_local env
686 spawn $kadmin_local -q "delprinc -force $service"
688 -re "Principal .* deleted." {}
690 perror "kadmin.local delprinc failed\n";
696 one_line_fail_test [concat {ovsec_kadm_init admin admin } \
698 { null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
699 server_handle}] "SECURE_PRINC_MISSING"
701 # this leaves the keytab with an incorrect entry
702 spawn $kadmin_local -q "ank -randkey $service"
706 # restart the api so it gets a new ccache
714 test45_46 ovsec_adm/admin
718 test45_46 ovsec_adm/changepw
720 # re-extract the keytab so it is right
721 exec rm $env(K5ROOT)/ovsec_adm.srvtab
722 exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
723 -princ kadmin/admin -princ kadmin/changepw \
724 $env(K5ROOT)/ovsec_adm.srvtab