MAKE_KEYTAB = $(TESTDIR)/scripts/make-host-keytab.pl
LOCAL_MAKE_KEYTAB= $(TESTDIR)/scripts/make-host-keytab.pl
ENV_SETUP = $(TESTDIR)/scripts/env-setup.sh
-CLNTTCL = $(TESTDIR)/util/ovsec_kadm_clnt_tcl
-SRVTCL = $(TESTDIR)/util/ovsec_kadm_srv_tcl
+CLNTTCL = $(TESTDIR)/util/kadm5_clnt_tcl
+SRVTCL = $(TESTDIR)/util/kadm5_srv_tcl
# Dejagnu variables.
# We have to set the host with --host so that setup_xfail will work.
# If we don't set it, then the host type used is "native", which
clients clients/klist clients/kinit clients/kvno
clients/kdestroy clients/kpasswd clients/ksu
- kadmin kadmin/cli kadmin/dbutil kadmin/passwd
- kadmin/passwd/unit-test kadmin/ktutil kadmin/server
+ kadmin kadmin/cli kadmin/dbutil kadmin/ktutil kadmin/server
kadmin/testing kadmin/testing/scripts kadmin/testing/util
appl
myfulldir=kadmin
mydir=kadmin
BUILDTOP=$(REL)..
-SUBDIRS = cli dbutil passwd ktutil server testing
+SUBDIRS = cli dbutil ktutil server testing
all::
+++ /dev/null
-*xm_ovpasswd.title: PW-CHG-GUI
-*form.shadowThickness: 2
-
-*foreground: black
-*background: grey80
-*topShadowColor: grey95
-*bottomShadowColor: grey20
-*fontList: -*-helvetica-medium-r-*-*-14-*
-*main_lbl.fontList: -*-helvetica-bold-r-*-*-14-*
-*XmForm.Spacing: 5
-
-*main_lbl.labelString: Changing password.
-*old_lbl.labelString: Old password:
-*new_lbl.labelString: New password:
-*again_lbl.labelString: New password (again):
-*sep.leftOffset: 0
-*sep.rightOffset: 0
-*Quit.labelString: Quit
-*Help.labelString: Help
-
-*main_lbl.alignment: ALIGNMENT_CENTER
-*lbl_form*alignment: ALIGNMENT_END
-*scroll_win.shadowThickness: 0
-
-*scroll_text.value: \
-Enter your old password below, and press return. You will not be able to see what you\n\
-are typing. After correctly entering your old password, you will be prompted twice for\n\
-your new password. Other messages and directions will appear in this space as necessary.
-*scroll_text.rows: 5
-*scroll_text.columns: 66
-*scroll_text.scrollHorizontal: FALSE
-*scroll_text.cursorPositionVisible: FALSE
-
-*help_dlg_popup.title: PW-CHG-GUI Help
-*help_dlg.messageString: \
-Welcome to the Kerberos password changing GUI.\n\
-\n\
-In the main window, enter your old password when prompted. After verifying\n\
-your old password, the policy governing your password will be displayed, and\n\
-you will be prompted for a new password. You will then be asked to enter it\n\
-a second time, to make sure you have not made any typos. Assuming that\n\
-your new password complies with your password policy, you should receive\n\
-an acknowledgement that your password has been changed.\n\
-\n\
-If an error occurs, the process will start over from the beginning. You may\n\
-exit the application at any time by pressing the "Quit" button.
+++ /dev/null
-thisconfigdir=../..
-myfulldir=kadmin/passwd
-mydir=kadmin/passwd
-BUILDTOP=$(REL)..$(S)..
-LOCALINCLUDES = -I.
-DEFINES = -DUSE_KADM5_API_VERSION=1
-DEFS=
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-SUBDIRS = unit-test
-
-PROG = kpasswd
-OBJS = tty_kpasswd.o kpasswd.o kpasswd_strings.o
-SRCS = tty_kpasswd.c kpasswd.c kpasswd_strings.c
-
-all:: $(PROG)
-
-kpasswd_strings.c kpasswd_strings.h: $(srcdir)/kpasswd_strings.et
-
-$(OBJS): kpasswd_strings.h
-
-$(PROG): $(OBJS) $(KADMCLNT_DEPLIBS) $(KRB5_BASE_DEPLIBS)
- $(CC_LINK) -o $(PROG) $(OBJS) $(KADMCLNT_LIBS) $(KRB5_BASE_LIBS)
-
-clean::
- $(RM) kpasswd_strings.c kpasswd_strings.h $(PROG) $(OBJS)
-
-depend:: kpasswd_strings.h
+++ /dev/null
-#
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)tty_kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
- $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
- $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
- $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
- $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/krb5.h kpasswd.h kpasswd_strings.h \
- tty_kpasswd.c
-$(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
- $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
- $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
- $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
- $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
- $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
- $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
- $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/krb5.h kpasswd.c kpasswd.h kpasswd_strings.h
-$(OUTPRE)kpasswd_strings.$(OBJEXT): $(COM_ERR_DEPS) \
- kpasswd_strings.c
+++ /dev/null
-.\" kadmin/kpasswd/kpasswd.M
-.\"
-.\" Copyright 1995 by the Massachusetts Institute of Technology.
-.\"
-.\" Export of this software from the United States of America may
-.\" require a specific license from the United States Government.
-.\" It is the responsibility of any person or organization contemplating
-.\" export to obtain such a license before exporting.
-.\"
-.\" WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-.\" distribute this software and its documentation for any purpose and
-.\" without fee is hereby granted, provided that the above copyright
-.\" notice appear in all copies and that both that copyright notice and
-.\" this permission notice appear in supporting documentation, and that
-.\" the name of M.I.T. not be used in advertising or publicity pertaining
-.\" to distribution of the software without specific, written prior
-.\" permission. Furthermore if you modify this software you must label
-.\" your software as modified software and not distribute it in such a
-.\" fashion that it might be confused with the original M.I.T. software.
-.\" M.I.T. makes no representations about the suitability of
-.\" this software for any purpose. It is provided "as is" without express
-.\" or implied warranty.
-.\" "
-.TH KPASSWD 1
-.SH NAME
-kpasswd \- change a user's Kerberos password
-.SH SYNOPSIS
-.B kpasswd
-[\fIprincipal\fP]
-.SH DESCRIPTION
-.PP
-The
-.I kpasswd
-command is used to change a Kerberos principal's password.
-.I Kpasswd
-prompts for the current Kerberos password, which is used to obtain a
-.B changepw
-ticket from the
-.SM KDC
-for the user's Kerberos realm. If
-.B kpasswd
-successfully obtains the
-.B changepw
-ticket, the user is prompted twice for the new password, and the
-password is changed.
-.PP
-If the principal is governed by a policy that specifies the length and/or
-number of character classes required in the new password, the new
-password must conform to the policy. (The five character classes are
-lower case, upper case, numbers, punctuation, and all other characters.)
-.SH OPTIONS
-.TP
-.I principal
-change the password for the Kerberos principal
-.IR principal .
-Otherwise, the principal is derived from the identity of the user
-invoking the
-.I kpasswd
-command.
-.SH FILES
-.TP "\w'/tmp/tkt_kadm_[pid]'u"
-/tmp/tkt_kadm_[pid]
-temporary credentials cache for the lifetime of the password changing
-operation. ([pid] is the process-ID of the kpasswd process.)
-.SH SEE ALSO
-kadmin(8), kadmind(8)
-.SH BUGS
-If
-.B kpasswd
-is suspended, the changepw tickets may not be destroyed.
+++ /dev/null
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header$
- *
- *
- */
-
-static char rcsid[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-
-#include "kpasswd.h"
-
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-extern char *whoami;
-
-
-#define MISC_EXIT_STATUS 6
-
-/*
- * Function: kpasswd
- *
- * Purpose: Initialize and call lower level routines to change a password
- *
- * Arguments:
- *
- * context (r) krb5_context to use
- * argc/argv (r) principal name to use, optional
- * read_old_password (f) function to read old password
- * read_new_password (f) function to read new and change password
- * display_intro_message (f) function to display intro message
- * whoami (extern) argv[0]
- *
- * Returns:
- * exit status of 0 for success
- * 1 principal unknown
- * 2 old password wrong
- * 3 cannot initialize admin server session
- * 4 new passwd mismatch or error trying to change pw
- * 5 password not typed
- * 6 misc error
- * 7 incorrect usage
- *
- * Requires:
- * Passwords cannot be more than 255 characters long.
- *
- * Effects:
- *
- * If argc is 2, the password for the principal specified in argv[1]
- * is changed; otherwise, the principal of the default credential
- * cache or username is used. display_intro_message is called with
- * the arguments KPW_STR_CHANGING_PW_FOR and the principal name.
- * read_old_password is then called to prompt for the old password.
- * The admin system is then initialized, the principal's policy
- * retrieved and explained, if appropriate, and finally
- * read_new_password is called to read the new password and change the
- * principal's password (presumably ovsec_kadm_chpass_principal).
- * admin system is de-initialized before the function returns.
- *
- * Modifies:
- *
- * Changes the principal's password.
- *
- */
-int
-kpasswd(context, argc, argv)
- krb5_context context;
- int argc;
- char *argv[];
-{
- int code;
- krb5_ccache ccache = NULL;
- krb5_principal princ = 0;
- char *princ_str;
- struct passwd *pw = 0;
- unsigned int pwsize;
- char password[255]; /* I don't really like 255 but that's what kinit uses */
- char msg_ret[1024], admin_realm[1024];
- ovsec_kadm_principal_ent_t principal_entry = NULL;
- ovsec_kadm_policy_ent_t policy_entry = NULL;
- void *server_handle;
-
- if (argc > 2) {
- com_err(whoami, KPW_STR_USAGE, 0);
- return(7);
- /*NOTREACHED*/
- }
-
- /************************************
- * Get principal name to change *
- ************************************/
-
- /* Look on the command line first, followed by the default credential
- cache, followed by defaulting to the Unix user name */
-
- if (argc == 2)
- princ_str = strdup(argv[1]);
- else {
- code = krb5_cc_default(context, &ccache);
- /* If we succeed, find who is in the credential cache */
- if (code == 0) {
- /* Get default principal from cache if one exists */
- code = krb5_cc_get_principal(context, ccache, &princ);
- /* if we got a principal, unparse it, otherwise get out of the if
- with an error code */
- (void) krb5_cc_close(context, ccache);
- if (code == 0) {
- code = krb5_unparse_name(context, princ, &princ_str);
- if (code != 0) {
- com_err(whoami, code, string_text(KPW_STR_UNPARSE_NAME));
- return(MISC_EXIT_STATUS);
- }
- }
- }
-
- /* this is a crock.. we want to compare against */
- /* "KRB5_CC_DOESNOTEXIST" but there is no such error code, and */
- /* both the file and stdio types return FCC_NOFILE. If there is */
- /* ever another ccache type (or if the error codes are ever */
- /* fixed), this code will have to be updated. */
- if (code && code != KRB5_FCC_NOFILE) {
- com_err(whoami, code, string_text(KPW_STR_WHILE_LOOKING_AT_CC));
- return(MISC_EXIT_STATUS);
- }
-
- /* if either krb5_cc failed check the passwd file */
- if (code != 0) {
- pw = getpwuid( getuid());
- if (pw == NULL) {
- com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE));
- return(MISC_EXIT_STATUS);
- }
- princ_str = strdup(pw->pw_name);
- }
- }
-
- display_intro_message(string_text(KPW_STR_CHANGING_PW_FOR), princ_str);
-
- /* Need to get a krb5_principal, unless we started from with one from
- the credential cache */
-
- if (! princ) {
- code = krb5_parse_name (context, princ_str, &princ);
- if (code != 0) {
- com_err(whoami, code, string_text(KPW_STR_PARSE_NAME), princ_str);
- free(princ_str);
- return(MISC_EXIT_STATUS);
- }
- }
-
- pwsize = sizeof(password);
- code = read_old_password(context, password, &pwsize);
-
- if (code != 0) {
- memset(password, 0, sizeof(password));
- com_err(whoami, code, string_text(KPW_STR_WHILE_READING_PASSWORD));
- krb5_free_principal(context, princ);
- free(princ_str);
- return(MISC_EXIT_STATUS);
- }
- if (pwsize == 0) {
- memset(password, 0, sizeof(password));
- com_err(whoami, 0, string_text(KPW_STR_NO_PASSWORD_READ));
- krb5_free_principal(context, princ);
- free(princ_str);
- return(5);
- }
-
- admin_realm[0] = '\0';
- strncat(admin_realm, krb5_princ_realm(context, princ)->data,
- krb5_princ_realm(context, princ)->length);
-
- code = ovsec_kadm_init(princ_str, password, KADM5_CHANGEPW_SERVICE,
- admin_realm /* we probably should take a -r */
- /* someday */,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1,
- NULL,
- &server_handle);
- if (code != 0) {
- if (code == OVSEC_KADM_BAD_PASSWORD)
- com_err(whoami, 0, string_text(KPW_STR_OLD_PASSWORD_INCORRECT));
- else
- com_err(whoami, 0, string_text(KPW_STR_CANT_OPEN_ADMIN_SERVER), admin_realm,
- error_message(code));
- krb5_free_principal(context, princ);
- free(princ_str);
- return((code == OVSEC_KADM_BAD_PASSWORD)?2:3);
- }
-
- /* Explain policy restrictions on new password if any. */
- /* Note: copy of this exists in login (kverify.c/get_verified_in_tkt). */
-
- code = ovsec_kadm_get_principal(server_handle, princ, &principal_entry);
- if (code != 0) {
- com_err(whoami, 0,
- string_text((code == OVSEC_KADM_UNK_PRINC)
- ? KPW_STR_PRIN_UNKNOWN : KPW_STR_CANT_GET_POLICY_INFO),
- princ_str);
- krb5_free_principal(context, princ);
- free(princ_str);
- (void) ovsec_kadm_destroy(server_handle);
- return((code == OVSEC_KADM_UNK_PRINC) ? 1 : MISC_EXIT_STATUS);
- }
- if ((principal_entry->aux_attributes & OVSEC_KADM_POLICY) != 0) {
- code = ovsec_kadm_get_policy(server_handle,
- principal_entry->policy, &policy_entry);
- if (code != 0) {
- /* doesn't matter which error comes back, there's no nice recovery
- or need to differentiate to the user */
- com_err(whoami, 0,
- string_text(KPW_STR_CANT_GET_POLICY_INFO), princ_str);
- (void) ovsec_kadm_free_principal_ent(server_handle, principal_entry);
- krb5_free_principal(context, princ);
- free(princ_str);
- (void) ovsec_kadm_destroy(server_handle);
- return(MISC_EXIT_STATUS);
- }
- com_err(whoami, 0, string_text(KPW_STR_POLICY_EXPLANATION),
- princ_str, principal_entry->policy,
- policy_entry->pw_min_length, policy_entry->pw_min_classes);
-
- code = ovsec_kadm_free_principal_ent(server_handle, principal_entry);
- if (code) {
- (void) ovsec_kadm_free_policy_ent(server_handle, policy_entry);
- krb5_free_principal(context, princ);
- free(princ_str);
- com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL));
- (void) ovsec_kadm_destroy(server_handle);
- return(MISC_EXIT_STATUS);
- }
-
- code = ovsec_kadm_free_policy_ent(server_handle, policy_entry);
- if (code) {
- krb5_free_principal(context, princ);
- free(princ_str);
- com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_POLICY));
- (void) ovsec_kadm_destroy(server_handle);
- return(MISC_EXIT_STATUS);
- }
- }
- else {
- /* kpasswd *COULD* output something here to encourage the choice
- of good passwords, in the absence of an enforced policy. */
- code = ovsec_kadm_free_principal_ent(server_handle, principal_entry);
- if (code) {
- krb5_free_principal(context, princ);
- free(princ_str);
- com_err(whoami, code, string_text(KPW_STR_WHILE_FREEING_PRINCIPAL));
- (void) ovsec_kadm_destroy(server_handle);
- return(MISC_EXIT_STATUS);
- }
- }
-
- pwsize = sizeof(password);
- code = read_new_password(server_handle, password, &pwsize, msg_ret, princ);
- memset(password, 0, sizeof(password));
-
- if (code)
- com_err(whoami, 0, msg_ret);
-
- krb5_free_principal(context, princ);
- free(princ_str);
-
- (void) ovsec_kadm_destroy(server_handle);
-
- if (code == KRB5_LIBOS_CANTREADPWD)
- return(5);
- else if (code)
- return(4);
- else
- return(0);
-}
+++ /dev/null
-/*
- * kadmin/passwd/kpasswd.h
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Prototypes for the kpasswd program callback functions.
- */
-
-#ifndef __KPASSWD_H__
-#define __KPASSWD_H__
-
-int kpasswd(krb5_context context, int argc, char *argv[]);
-
-long read_old_password(krb5_context context, char *password,
- unsigned int *pwsize);
-
-long read_new_password(void *server_handle, char *password,
- unsigned int *pwsize, char *msg_ret,
- krb5_principal princ);
-
-void display_intro_message(const char *fmt_string, const char *arg_string);
-
-#endif /* __KPASSWD_H__ */
-
-
+++ /dev/null
-#
-# Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
-#
-# String table of messages for kpasswd
-
-
-error_table kpws
-
-# /* M1 */
-error_code KPW_STR_USAGE, "Usage: kpasswd [principal_name]."
-
-error_code KPW_STR_PRIN_UNKNOWN,
- "Kerberos principal name %s is not recognized."
-# /* <name> */
-
-# /* M2 */
-error_code KPW_STR_WHILE_LOOKING_AT_CC,
- "while reading principal name from credential cache."
-
-# /* M4 */
-error_code KPW_STR_OLD_PASSWORD_INCORRECT,
- "Old Kerberos password is incorrect. Please try again."
-
-# /* M5 */
-error_code KPW_STR_CANT_OPEN_ADMIN_SERVER,
-"Cannot establish a session with the Kerberos administrative server for\n\
-realm %s. %s."
-# /* <realm-name>, <Specific error message from admin server library>. */
-
-# /* M6 */
-error_code KPW_STR_NEW_PASSWORD_MISMATCH,
- "New passwords do not match - password not changed.\n"
-
-# /* M7 */
-error_code KPW_STR_PASSWORD_CHANGED, "Kerberos password changed.\n"
-
-# /* M13 */
-error_code KPW_STR_PASSWORD_NOT_CHANGED, "Password not changed."
-
-error_code KPW_STR_PARSE_NAME, "when parsing name %s."
-error_code KPW_STR_UNPARSE_NAME, "when unparsing name."
-error_code KPW_STR_NOT_IN_PASSWD_FILE, "Unable to identify user from password file."
-
-# /* M3 */
-error_code KPW_STR_CHANGING_PW_FOR, "Changing password for %s."
-# /* principal@realm */
-
-error_code KPW_STR_OLD_PASSWORD_PROMPT, "Old password"
-error_code KPW_STR_WHILE_READING_PASSWORD, "while reading new password."
-
-# /* M4 */
-error_code KPW_STR_NO_PASSWORD_READ,
-"You must type a password. Passwords must be at least one character long."
-
-# /* M14 */
-error_code KPW_STR_WHILE_TRYING_TO_CHANGE, "while trying to change password."
-
-error_code KPW_STR_WHILE_DESTROYING_ADMIN_SESSION,
-"while closing session with admin server and destroying tickets."
-
-error_code KPW_STR_WHILE_FREEING_PRINCIPAL,
-"while freeing admin principal entry"
-
-error_code KPW_STR_WHILE_FREEING_POLICY,
-"while freeing admin policy entry"
-
-error_code KPW_STR_CANT_GET_POLICY_INFO,
-"Could not get password policy information for principal %s."
-# /* principal@realm */
-
-error_code KPW_STR_POLICY_EXPLANATION,
-"%s's password is controlled by the policy %s, which\nrequires a minimum of %u characters from at least %u classes (the five classes\nare lowercase, uppercase, numbers, punctuation, and all other characters)."
-# /* principal_name policy_name min_length min_classes */
-
-end
-
+++ /dev/null
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header$
- *
- *
- */
-
-static char rcsid[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-
-#include "kpasswd.h"
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-char *whoami;
-
-void display_intro_message(fmt_string, arg_string)
- const char *fmt_string;
- const char *arg_string;
-{
- com_err(whoami, 0, fmt_string, arg_string);
-}
-
-long read_old_password(context, password, pwsize)
- krb5_context context;
- char *password;
- unsigned int *pwsize;
-{
- long code = krb5_read_password(context,
- string_text(KPW_STR_OLD_PASSWORD_PROMPT),
- 0, password, pwsize);
- return code;
-}
-
-long read_new_password(server_handle, password, pwsize, msg_ret, princ)
- void *server_handle;
- char *password;
- unsigned int *pwsize;
- char *msg_ret;
- krb5_principal princ;
-{
- return (ovsec_kadm_chpass_principal_util(server_handle, princ, NULL,
- NULL /* don't need new pw back */,
- msg_ret));
-}
-
-
-/*
- * main() for tty version of kpasswd.c
- */
-int
-main(argc, argv)
- int argc;
- char *argv[];
-{
- krb5_context context;
- int retval;
-
- whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
-
- retval = krb5_init_context(&context);
- if (retval) {
- com_err(whoami, retval, "initializing krb5 context");
- exit(retval);
- }
- initialize_kpws_error_table();
-
- retval = kpasswd(context, argc, argv);
-
- if (!retval)
- printf(string_text(KPW_STR_PASSWORD_CHANGED));
-
- exit(retval);
-}
+++ /dev/null
-thisconfigdir=../../..
-myfulldir=kadmin/passwd/unit-test
-mydir=kadmin/passwd/unit-test
-BUILDTOP=$(REL)..$(S)..$(S)..
-check unit-test:: unit-test-@DO_TEST@
-
-unit-test-:
- @echo "+++"
- @echo "+++ WARNING: kpasswd unit tests not run."
- @echo "+++ Either tcl, runtest, or Perl is unavailable."
- @echo "+++"
-
-unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup
-
-unit-test-body::
- $(ENV_SETUP) $(RUNTEST) --tool kpasswd KPASSWD=../kpasswd \
- KINIT=$(BUILDTOP)/clients/kinit/kinit \
- KDESTROY=$(BUILDTOP)/clients/kdestroy/kdestroy \
- PRIOCNTL_HACK=@PRIOCNTL_HACK@ VALGRIND="$(VALGRIND)"
-
-unit-test-setup::
- $(ENV_SETUP) $(VALGRIND) $(START_SERVERS)
-
-unit-test-cleanup::
- $(ENV_SETUP) $(STOP_SERVERS)
-clean::
- $(RM) dbg.log kpasswd.sum kpasswd.log
+++ /dev/null
-if { [string length $VALGRIND] } {
- rename spawn valgrind_aux_spawn
- proc spawn { args } {
- global VALGRIND
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- # Only run valgrind for local programs, not
- # system ones.
-#&&![string match "/bin/sh" $arg] sh is used to start kadmind!
- if [string match "/" [string index $arg 0]]&&![string match "/bin/ls" $arg]&&![regexp {/kshd$} $arg] {
- set newargs [concat $newargs $VALGRIND]
- }
- }
- lappend newargs $arg
- }
- set pid [eval valgrind_aux_spawn $newargs]
- return $pid
- }
-}
-
-# Hack around Solaris 9 kernel race condition that causes last output
-# from a pty to get dropped.
-if { $PRIOCNTL_HACK } {
- catch {exec priocntl -s -c FX -m 30 -p 30 -i pid [getpid]}
- rename spawn oldspawn
- proc spawn { args } {
- upvar 1 spawn_id spawn_id
- set newargs {}
- set inflags 1
- set eatnext 0
- foreach arg $args {
- if { $arg == "-ignore" \
- || $arg == "-open" \
- || $arg == "-leaveopen" } {
- lappend newargs $arg
- set eatnext 1
- continue
- }
- if [string match "-*" $arg] {
- lappend newargs $arg
- continue
- }
- if { $eatnext } {
- set eatnext 0
- lappend newargs $arg
- continue
- }
- if { $inflags } {
- set inflags 0
- set newargs [concat $newargs {priocntl -e -c FX -p 0}]
- }
- lappend newargs $arg
- }
- set pid [eval oldspawn $newargs]
- return $pid
- }
-}
-
-#
-# kpasswd_version -- extract and print the version number of kpasswd
-#
-
-proc kpasswd_version {} {
- global KPASSWD
- catch "exec ident $KPASSWD" tmp
- if [regexp {Id: kpasswd.c,v ([0-9]+\.[0-9]+)} $tmp \
- dummy version] then {
- clone_output "$KPASSWD version $version\n"
- } else {
- clone_output "$KPASSWD version <unknown>\n"
- }
-}
-#
-# kpasswd_load -- loads the program
-#
-proc kpasswd_load {} {
- #
-}
-
-# kpasswd_exit -- clean up and exit
-proc kpasswd_exit {} {
- #
-}
-
-#
-# kpasswd_start -- start kpasswd running
-#
-proc kpasswd_start { args } {
- global KPASSWD
- global spawn_id
-
- verbose "% $KPASSWD $args" 1
- eval spawn $KPASSWD $args
-}
+++ /dev/null
-# No dependencies here.
+++ /dev/null
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-set pol2_time [timestamp]
-
-test_3pass {test2} {D.5: different new passwords} test2 test2 test2 foobar \
- 4 {New passwords do not match - password not changed.}
-
-test_3pass {test2} {D.7.5: empty/empty} test2 test2 {} {} \
- 5 {You must type a password. Passwords must be at least one character long.}
-
-test_3pass {test2} {D.6: empty/non-empty} test2 test2 {} test2 \
- 4 {New passwords do not match - password not changed.}
-
-test_3pass {test2} {D.7: non-empty/empty} test2 test2 test2 {} \
- 4 {New passwords do not match - password not changed.}
-
-
-test_win {test1} {D.8: change password} test1 test1 newpass
-
-test_win {test1} {D.9: test changed password} test1 newpass test1
-
-mytest "D.22: No policy description was shown" test1 4 {
- -re "Changing password for test1.*\\.$s+Old password:\[^\n\]*$"
- { send "test1\n" }
-} {
- -re "$s+.*$s+.*$s+.*char.*classes.*"
- { myfail "policy description displayed" }
- timeout { mypass }
-} {
- -re "^$s+New password:\[^\n\]*$"
- { send "newpass\n" }
-} {
- -re "^$s+New password \\(again\\):\[^\n\]*\$"
- { send "ssapwen\n" }
-} {
- -re "$s+New passwords do not match - password not changed."
- { mypass }
-}
-
-test_3pass {pol1} {D.10: new password too short} pol1 pol111111 que que \
- 4 {New password is too short. Please choose a password which is at least [0-9]+ characters long.}
-
-test_3pass {pol1} {D.13: too few char classes in new password} pol1 \
- pol111111 123456789 123456789 \
- 4 {New password does not have enough character classes. The character classes are: - lower-case letters, - upper-case letters, - digits, - punctuation, and - all other characters \(e.g., control characters\). Please choose a password with at least [0-9]+ character classes.}
-
-test_3pass {pol1} {D.14: new password in dictionary} pol1 \
- pol111111 Discordianism Discordianism \
- 4 {New password was found in a dictionary of possible passwords and therefore may be easily guessed. Please choose another password. See the kpasswd man page for help in choosing a good password.}
-
-test_win {pol1} {successful change} pol1 pol111111 polAAAAAA
-# fail "successful change: XXXX password history is majorly broken"
-
-test_3pass {pol1} {D.11: new password same as old} pol1 \
- polAAAAAA polAAAAAA polAAAAAA \
- 4 {New password was used previously. Please choose a different password.}
-
-test_3pass {pol1} {D.12: new password in history} pol1 \
- polAAAAAA pol111111 pol111111 \
- 4 {New password was used previously. Please choose a different password.}
-
-mytest "D.18: Policy description was shown" pol1 4 {
- -re "Changing password for pol1.*\\.$s+Old password:\[^\n\]*$"
- { send "polAAAAAA\n" }
-} {
- -re "$s+.*$s+.*$s+.*8 char.*2 classes.*$s+New password:\[^\n\]*$"
- { send "newpass1234\n" }
-} {
- -re "^$s+New password \\(again\\):\[^\n\]*$"
- { send "newpass4321\n" }
-} {
- -re "$s+New passwords do not match - password not changed."
- { mypass }
-}
-
-# restore pol1's password to its initial value; see discussion in
-# secure-kpasswd/2204 about secure-releng/2191 if you are confused
-test_win {pol1} {successful change} pol1 polAAAAAA polBBBBBB
-test_win {pol1} {successful change} pol1 polBBBBBB polCCCCCC
-test_win {pol1} {successful change} pol1 polCCCCCC pol111111
-
-# Under "make check", init_db will just have been run and we could
-# jump right into the too-soon test. But if someone is working with
-# the test suite manually, init_db may have been run a while ago.
-# So, force some known state, first.
-set delay [expr $pol2_time + 11 - [timestamp]]
-verbose "(sleeping $delay seconds so pol2 password can be changed)"
-sleep $delay
-
-test_win {pol2} {successful change} pol2 pol222222 polbbbbbb
-
-test_3pass {pol2} {D.15: too soon to change password} pol2 \
- polbbbbbb pol222222 pol222222 \
- 4 {Password cannot be changed because it was changed too recently. Please wait until .*[12][0-9][0-9][0-9] before you change it. If you need to change your password before then, contact your system security administrator.}
-
-# Now delay a little longer (if needed) and try changing pol2's
-# password again.
-verbose "(sleeping 10 seconds)"
-sleep 10
-
-test_win {pol2} {password min life passed} pol2 polbbbbbb pol222222
+++ /dev/null
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-test_initerr {test2} {C.4: empty old password (XXXX)} test2 {} \
- 5 {You must type a password. Passwords must be at least one character long.}
-
-test_initerr {test2} {C.5: incorrect old password} test2 foobar \
- 2 "Old Kerberos password is incorrect. Please try again."
-
-# set timeout 60
-#
-#test_initerr {test2@SECURE-TEST-DEAD.OV.COM} {C.8: server up, daemon down} \
-# test2 test2 \
-# 3 ""
-#
-#test_initerr {test2@SECURE-TEST-DOWN.OV.COM} {C.8.5: server down} \
-# test2 test2 \
-# 3 "${initerr_str}Cannot contact any KDC for requested realm"
+++ /dev/null
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-if [info exist env(DEBUG)] { debug 1 }
-
-#
-# Here are the tests
-#
-
-if {[info exists env(KRB5CCNAME)]} {
- unset env(KRB5CCNAME)
-}
-
-# Apple (in Mac OS X 10.5.4) is shipping a tcl in which
-# unsetting env-array values seems not to work!
-if {[info exists env(KRB5CCNAME)]} {
- untested {B.7: default nonexisting ccache(1) (unset failed, tcl defective!)}
- untested {B.7: default nonexisting ccache(2)}
- untested {B.4: default existing cache containing existing principal}
- set test2pass test2
-
-} else {
-
-
-kdestroy
-
-
-#### no principal specified
-
-if {[info exists env(USER)]} {
- set whoami $env(USER)
-} else {
- set whoami [exec whoami]
-}
-
- test_win {} {B.7: default nonexisting ccache(1)} $whoami $whoami newpass
- test_win {} {B.7: default nonexisting ccache(2)} $whoami newpass $whoami
-
- kinit test2 test2
- test_win {} {B.4: default existing cache containing existing principal} \
- test2 test2 newpass
- kdestroy
- set test2pass newpass
-}
-
-set env(KRB5CCNAME) FILE:/tmp/ovsec_adm_test_ccache
-kinit test2 $test2pass
-test_win {} {B.3: specified existing cache containing existing principal} \
- test2 $test2pass test2
-kdestroy
-unset env(KRB5CCNAME)
-
-# Apple (in Mac OS X 10.5.4) is shipping a tcl in which
-# unsetting env-array values seems not to work!
-if {[info exists env(KRB5CCNAME)]} {
- untested {B.14: existing principal, no realm}
- untested {B.15, C.6: non-existent principal, no realm}
- untested {B.16: existing principal, with realm}
- untested {B.17: non-existent principal, with realm}
-
-} else {
-
-#### principal on command line
-
-#
-test_win {test2} {B.14: existing principal, no realm} test2 test2 newpass
-
-#
-test_initerr {bogus} {B.15, C.6: non-existent principal, no realm} bogus bogus \
- 3 "${initerr_str}Client not found in Kerberos database"
-
-#
-test_win {test2@SECURE-TEST.OV.COM} {B.16: existing principal, with realm} \
- test2 newpass test2
-
-#
-test_initerr {bogus@SECURE-TEST.OV.COM} \
- {B.17: non-existent principal, with realm} \
- bogus bogus \
- 3 "${initerr_str}Client not found in Kerberos database"
-
-}
+++ /dev/null
-#
-# $Id$
-#
-
-set timeout 15
-
-load_lib "helpers.exp"
-
-#
-# Here are the tests
-#
-
-mytest {A.1: two args} {foo bar} 7 {
- -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass }
-}
-
-mytest {A.2: three args} {foo bar baz} 7 {
- -re {[a-z./]+passwd: Usage: [a-z./]+passwd \[principal_name\]} { mypass }
-}
-
-set env(KRB5CCNAME) bogus_type:bogus_ccname
-mytest {B.5: malformed ccache name} {} 6 {
- -re {[a-z./]+passwd: Unknown credential cache type while reading principal name from credential cache} { mypass }
-}
-unset env(KRB5CCNAME)
-
+++ /dev/null
-#
-# $Id$
-#
-
-global s
-set s "\[\r\n\t\ \]"
-
-if {[info commands exp_version] != {}} {
- set exp_version_4 [regexp {^4} [exp_version]]
-} else {
- set exp_version_4 [regexp {^4} [expect_version]]
-}
-
-# Backward compatibility until we're using expect 5 everywhere
-if {$exp_version_4} {
- global wait_error_index wait_errno_index wait_status_index
- set wait_error_index 0
- set wait_errno_index 1
- set wait_status_index 1
-} else {
- set wait_error_index 2
- set wait_errno_index 3
- set wait_status_index 3
-}
-
-proc myfail { comment } {
- global mytest_name
- global mytest_status
- wait
- fail "$mytest_name: $comment"
- set mytest_status 1
-}
-
-proc mypass {} {
-}
-
-##
-## When you expect on an id, and eof is detected, the spawn_id is closed.
-## It may be waited for, but calling expect or close on this id is an ERROR!
-##
-
-proc mytest { name kpargs status args } {
- global spawn_id
- global timeout
- global mytest_name
- global mytest_status
- global wait_error_index wait_errno_index wait_status_index
-
- verbose "starting test: $name"
-
- set mytest_name "$name"
-
- eval kpasswd_start $kpargs
-
- # at the end, eof is success
-
- lappend args { eof { if {[regexp "\[\r\n\]$" $expect_out(buffer)] == 0} { myfail "final status message not newline-terminated" } } }
-
- # for each test argument....
- # rep invariant: when this foreach ends, the id is close'd, but
- # not wait'ed.
-
- foreach test $args {
- set mytest_status 0
-
- # treat the arg as an expect parameter
- # if failure, the process will be closed and waited.
-
- uplevel 1 "expect {
- $test
- timeout { close; myfail \"timeout\"}
- eof { myfail \"eof read before expected message string\" }
- }"
-
- if {$mytest_status == 1} { return }
- }
-
- # at this point, the id is closed and we can wait on it.
-
- set ret [wait]
- verbose "% Exit $ret" 1
- if {[lindex $ret $wait_error_index] == -1} {
- fail "$name: wait returned error [lindex $ret $wait_errno_index]"
- } else {
- if { [lindex $ret $wait_status_index] == $status ||
- (($status<0) && ([lindex $ret $wait_status_index] == ($status+256))) } {
- pass "$name"
- } else {
- fail "$name: unexpected return status [lindex $ret $wait_status_index], should be $status"
- }
- }
-}
-
-proc kinit { princ pass } {
- global env;
- global KINIT
- spawn -noecho $KINIT -5 $princ;
-
- expect {
- -re "Password for .*:\[^\n\]*$"
- {send "$pass\n"}
- timeout {puts "Timeout waiting for prompt" ; close }
- }
-
- # this necessary so close(1) in the child will not sleep waiting for
- # the parent, which is us, to read pending data.
-
- expect {
- eof {}
- }
- wait
-}
-
-proc kdestroy {} {
- global KDESTROY
- global errorCode errorInfo
- global env
-
- if {[info exists errorCode]} {
- set saveErrorCode $errorCode
- }
- if {[info exists errorInfo]} {
- set saveErrorInfo $errorInfo
- }
- catch "system $KDESTROY -5 2>/dev/null"
- if {[info exists saveErrorCode]} {
- set errorCode $saveErrorCode
- } elseif {[info exists errorCode]} {
- unset errorCode
- }
- if {[info exists saveErrorInfo]} {
- set errorInfo $saveErrorInfo
- } elseif {[info exists errorInfo]} {
- unset errorInfo
- }
-}
-
-global initerr_str
-global initerr_regexp
-set initerr_str "Cannot establish a session with the Kerberos administrative server for realm \[^\r\n\]*\\. "
-set initerr_regexp "Cannot establish a session with the Kerberos administrative server for$s+realm \[^\r\n\]*\\.$s+"
-
-proc test_win { args name princ pass1 { pass2 "\001\001" } } {
- global s
- global initerr_regexp
-
- if { $pass2 == "\001\001" } { set pass2 "$pass1" }
-
- mytest "$name" $args 0 {
- -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
- { send "$pass1\n" }
- } {
- -re "Old Kerberos password is incorrect. Please try again."
- { close; myfail "Old password incorrect" }
- -re "${initerr_regexp}(.+\[^\r\n\t\ \])\r\n"
- { close; myfail "init error: $expect_out(1,string)" }
- -re "$s+New password:\[^\n\]*$"
- { send "$pass2\n" }
- -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$"
- { send "$pass2\n" }
- } {
- -re "$s+New password \\(again\\):\[^\n\]*$"
- { send "$pass2\n" }
- } {
- -re "$s+Kerberos password changed."
- { mypass }
- -re "$s+Password changed."
- { close; myfail "Wrong message on success." }
- }
-}
-
-proc test_initerr { args name princ pass status err } {
- global s
- global initerr_regexp
-
- regsub -all "$s+" $err "$s+" err2
-
- mytest "$name" $args $status {
- -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
- { send "$pass\n" }
- } {
- -re "$err2"
- { mypass }
- -re "Old Kerberos password is incorrect. Please try again."
- { close; myfail "Old password incorrect" }
- -re "${initerr_regexp}(.+)\r\n"
- { close; myfail "init error: $expect_out(1,string)" }
- }
-}
-
-proc test_3pass { args name princ pass1 pass2 pass3 status err } {
- global s
- global initerr_regexp
-
- regsub -all "$s+" $err "$s+" err2
-
- mytest "$name" $args $status {
- -re "Changing password for $princ.*\\.$s+Old password:\[^\n\]*$"
- { send "$pass1\n" }
- } {
- -re "Old Kerberos password is incorrect. Please try again."
- { close; myfail "Old password incorrect" }
- -re "${initerr_regexp}(.+)\r\n"
- { close; myfail "init error: $expect_out(1,string)" }
- -re "$s+New password:\[^\n\]*$"
- { send "$pass2\n" }
- -re "$s+.*$s+.*$s+.*$s+New password:\[^\n\]*$"
- { send "$pass2\n" }
- } {
- -re "$s+New password \\(again\\):\[^\n\]*$"
- { send "$pass3\n" }
- } {
- -re "$s+$err2"
- { mypass }
- }
-}
-
+++ /dev/null
-/*
- * Copyright 1993-1994 OpenVision Technologies, Inc., All Rights Reserved.
- *
- * $Header$
- *
- *
- */
-
-static char rcsid_2[] = "$Id$";
-
-#include <kadm5/admin.h>
-#include <krb5.h>
-
-#include "kpasswd_strings.h"
-#define string_text error_message
-#define initialize_kpasswd_strings initialize_kpws_error_table
-
-#include <stdio.h>
-#include <pwd.h>
-#include <string.h>
-
-char *whoami;
-
-#include <Xm/Xm.h>
-#include <Xm/MessageB.h>
-#include <Xm/ScrolledW.h>
-#include <Xm/Form.h>
-#include <Xm/Text.h>
-#include <Xm/PushB.h>
-#include <Xm/Label.h>
-#include <Xm/Separator.h>
-#include <X11/cursorfont.h>
-#include <X11/Shell.h>
-
-Widget toplevel, scroll_text, prompt_text;
-Widget quit_btn, help_btn, old_lbl, new_lbl, again_lbl, main_lbl;
-XtAppContext app_con;
-int looping;
-int retval=0;
-
-
-/***************************************************************************
- *
- * A few utility functions for setting/unsetting the busy cursor
- * (i.e. the watch cursor).
- */
-static void
-SetCursor(w,c)
- Widget w;
- Cursor c;
-{
- while (XtIsSubclass(w, shellWidgetClass) != True)
- w = XtParent(w);
-
- XDefineCursor(XtDisplay(w), XtWindow(w), c);
- XFlush(XtDisplay(w));
-}
-
-
-static void
-SetStandardCursor()
-{
- static Cursor ArrowCursor = (Cursor)NULL;
-
- if (ArrowCursor == (Cursor)NULL)
- ArrowCursor = XCreateFontCursor(XtDisplay(toplevel), XC_top_left_arrow);
- SetCursor(toplevel, ArrowCursor);
-}
-
-
-static void
-SetWatchCursor()
-{
- static Cursor WatchCursor = (Cursor)NULL;
-
- if (WatchCursor == (Cursor)NULL)
- WatchCursor = XCreateFontCursor(XtDisplay(toplevel), XC_watch);
- SetCursor(toplevel, WatchCursor);
-}
-
-
-/***************************************************************************
- *
- * Set up a com_err hook, for displaying to a motif scrolling widget.
- */
-
-#include <stdarg.h>
-
-static void
-#ifdef __STDC__
-motif_com_err (const char *whoami, long code, const char *fmt, va_list args)
-#else
-motif_com_err (whoami, code, fmt, args)
- const char *whoami;
- long code;
- const char *fmt;
- va_list args;
-#endif
-{
- XEvent event;
- char buf[2048];
-
- buf[0] = '\0';
-
- if (whoami)
- {
- strncpy(buf, whoami, sizeof(buf) - 1);
- buf[sizeof(buf) - 1] = '\0';
- strncat(buf, ": ", sizeof(buf) - 1 - strlen(buf));
- }
- if (code)
- {
- buf[sizeof(buf) - 1] = '\0';
- strncat(buf, error_message(code), sizeof(buf) - 1 - strlen(buf));
- strncat(buf, " ", sizeof(buf) - 1 - strlen(buf));
- }
- if (fmt)
- {
- vsnprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), fmt, args);
- }
-
- XtVaSetValues(scroll_text, XmNvalue, buf, NULL);
-
- for (; XtAppPending(app_con); )
- {
- XtAppNextEvent(app_con, &event);
- XtDispatchEvent(&event);
- }
-}
-
-
-/***************************************************************************
- *
- * Function to display help widget.
- */
-static void
-help()
-{
- static Widget help_dlg = NULL;
-
- if (!help_dlg)
- {
- help_dlg = XmCreateInformationDialog(toplevel, "help_dlg", NULL,
- 0);
- XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_CANCEL_BUTTON));
- XtUnmanageChild(XmMessageBoxGetChild(help_dlg, XmDIALOG_HELP_BUTTON));
- }
- XtManageChild(help_dlg);
-}
-
-
-/***************************************************************************
- *
- * Unset the global "looping" when we want to get out of reading a
- * password.
- */
-static void
-unset_looping()
-{
- looping = 0;
-}
-
-
-/***************************************************************************
- *
- * Function to exit the gui. Callback on the "Exit" button.
- */
-static void
-quit()
-{
- exit(retval);
-}
-
-
-/***************************************************************************
- *
- * Set up motif widgets, callbacks, etc.
- */
-static void
-create_widgets(argc, argv)
- int *argc;
- char *argv[];
-{
- Widget form, lbl_form,
- sep,
- scroll_win;
- Pixel bg;
-
- toplevel = XtAppInitialize(&app_con, "Kpasswd", NULL, 0, argc, argv,
- NULL, NULL, 0);
- form = XtCreateManagedWidget("form", xmFormWidgetClass, toplevel, NULL, 0);
- quit_btn = XtVaCreateManagedWidget("Quit", xmPushButtonWidgetClass,
- form,
- XmNleftAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_FORM,
- NULL);
- XtAddCallback(quit_btn, XmNactivateCallback, quit, 0);
- help_btn = XtVaCreateManagedWidget("Help", xmPushButtonWidgetClass,
- form,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_FORM,
- /* XmNshowAsDefault, TRUE, */
- NULL);
- XtAddCallback(help_btn, XmNactivateCallback, help, 0);
- sep = XtVaCreateManagedWidget("sep", xmSeparatorWidgetClass,
- form,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_WIDGET,
- XmNbottomWidget, quit_btn,
- NULL);
- lbl_form = XtVaCreateManagedWidget("lbl_form", xmFormWidgetClass,
- form,
- XmNspacing, 0,
- XmNleftAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_WIDGET,
- XmNbottomWidget, sep,
- NULL);
- old_lbl = XtVaCreateManagedWidget("old_lbl", xmLabelWidgetClass,
- lbl_form,
- XmNtopAttachment, XmATTACH_FORM,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_FORM,
- NULL);
- new_lbl = XtVaCreateManagedWidget("new_lbl", xmLabelWidgetClass,
- lbl_form,
- XmNtopAttachment, XmATTACH_FORM,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_FORM,
- NULL);
- again_lbl = XtVaCreateManagedWidget("again_lbl", xmLabelWidgetClass,
- lbl_form,
- XmNtopAttachment, XmATTACH_FORM,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_FORM,
- NULL);
- prompt_text = XtVaCreateManagedWidget("prompt_text", xmTextWidgetClass,
- form,
- XmNeditMode, XmSINGLE_LINE_EDIT,
- XmNleftAttachment, XmATTACH_WIDGET,
- XmNleftWidget, lbl_form,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_WIDGET,
- XmNbottomWidget, sep,
- NULL);
- XtAddCallback(prompt_text, XmNactivateCallback, unset_looping, 0);
- XtVaGetValues(prompt_text, XmNbackground, &bg, NULL);
- XtVaSetValues(prompt_text, XmNforeground, bg, NULL);
-
- main_lbl = XtVaCreateWidget("main_lbl", xmLabelWidgetClass,
- form,
- XmNtopAttachment, XmATTACH_FORM,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- NULL);
- scroll_win = XtVaCreateManagedWidget("scroll_win",
- xmScrolledWindowWidgetClass,
- form,
- XmNscrollingPolicy, XmAPPLICATION_DEFINED,
- XmNscrollBarDisplayPolicy, XmSTATIC,
- XmNtopAttachment, XmATTACH_WIDGET,
- XmNtopWidget, main_lbl,
- XmNleftAttachment, XmATTACH_FORM,
- XmNrightAttachment, XmATTACH_FORM,
- XmNbottomAttachment, XmATTACH_WIDGET,
- XmNbottomWidget, prompt_text,
- NULL);
- scroll_text = XtVaCreateManagedWidget("scroll_text", xmTextWidgetClass,
- scroll_win,
- XmNeditMode, XmMULTI_LINE_EDIT,
- XmNeditable, FALSE,
- NULL);
- XtRealizeWidget(toplevel);
-}
-
-
-/***************************************************************************
- *
- *
- */
-static long
-read_password(password, pwsize)
- char *password;
- int *pwsize;
-{
- XEvent event;
- char *text_val;
-
- /* OK, this next part is gross... but this is due to the fact that */
- /* this is not your traditional X program, which would be event */
- /* driven. Instead, this program is more 'CLI' in nature, so we */
- /* handle the dialogs synchronously... */
-
- XtVaSetValues(prompt_text, XmNmaxLength, *pwsize, XmNvalue, "", NULL);
- for (looping=1; looping; )
- {
- XtAppNextEvent(app_con, &event);
- XtDispatchEvent(&event);
- }
- XtVaGetValues(prompt_text, XmNvalue, &text_val, NULL);
- *pwsize = strlen(text_val);
- strcpy(password, text_val);
- memset(text_val, 0, *pwsize);
- XtVaSetValues(prompt_text, XmNvalue, text_val, NULL);
- return(0);
-}
-
-
-/***************************************************************************
- *
- *
- */
-void
-display_intro_message(fmt_string, arg_string)
- const char *fmt_string;
- const char *arg_string;
-{
- XmString xmstr;
- char buf[1024];
-
- snprintf(buf, sizeof(buf), fmt_string, arg_string);
-
- xmstr = XmStringCreateLtoR(buf, XmSTRING_DEFAULT_CHARSET);
- XtVaSetValues(main_lbl, XmNlabelString, xmstr, NULL);
- XmStringFree(xmstr);
- XtManageChild(main_lbl);
-}
-
-
-long
-read_old_password(context, password, pwsize)
- krb5_context context;
- char *password;
- unsigned int *pwsize;
-{
- long code;
-
- XtManageChild(old_lbl);
- code = read_password(password, pwsize);
- SetWatchCursor();
- return code;
-}
-
-long
-read_new_password(server_handle, password, pwsize, msg_ret, princ)
- void *server_handle;
- char *password;
- unsigned int *pwsize;
- char *msg_ret;
- krb5_principal princ;
-{
- char *password2 = (char *) malloc(*pwsize * sizeof(char));
- int pwsize2 = *pwsize;
-
- SetStandardCursor();
-
- if (password2 == NULL)
- {
- strcpy(msg_ret, error_message(ENOMEM));
- SetWatchCursor();
- return(ENOMEM);
- }
-
- XtManageChild(new_lbl); XtUnmanageChild(old_lbl);
- read_password(password, pwsize);
- XtManageChild(again_lbl); XtUnmanageChild(new_lbl);
- read_password(password2, &pwsize2);
-
- if (strcmp(password, password2))
- {
- memset(password, 0, *pwsize);
-
- memset(password2, 0, pwsize2);
- free(password2);
-
- strcpy(msg_ret, string_text(CHPASS_UTIL_NEW_PASSWORD_MISMATCH));
- SetWatchCursor();
- return(KRB5_LIBOS_BADPWDMATCH);
- }
-
- memset(password2, 0, pwsize2);
- free(password2);
-
- SetWatchCursor();
- return (ovsec_kadm_chpass_principal_util(server_handle, princ, password,
- NULL /* don't need new pw back */,
- msg_ret));
-}
-
-
-/***************************************************************************
- *
- *
- */
-void
-main(argc, argv)
- int argc;
- char *argv[];
-{
- krb5_context context;
- int code;
-
- initialize_kpasswd_strings();
-
- whoami = (whoami = strrchr(argv[0], '/')) ? whoami + 1 : argv[0];
-
- (void) set_com_err_hook(motif_com_err);
-
- create_widgets(&argc, argv);
- XmProcessTraversal(prompt_text, XmTRAVERSE_CURRENT);
-
- if (retval = krb5_init_context(&context)) {
- com_err(whoami, retval, "initializing krb5 context");
- exit(retval);
- }
-
- while (1)
- {
- retval = kpasswd(context, argc, argv);
- SetStandardCursor();
-
- if (!retval)
- com_err(0, 0, string_text(KPW_STR_PASSWORD_CHANGED));
-
- if (retval == 0) /* 0 is success, so presumably the user */
- /* is done. */
- XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT);
-
- if ((retval == 1) || /* the rest are "fatal", so we should */
- (retval == 3) || /* "force" the user to quit... */
- (retval == 6) ||
- (retval == 7))
- {
- XtSetSensitive(prompt_text, FALSE);
- XmProcessTraversal(quit_btn, XmTRAVERSE_CURRENT);
- XtAppMainLoop(app_con);
- }
- }
-
- /* NOTREACHED */
- exit(retval);
-}
PROG_RPATH=$(KRB5_LIBDIR)
PROG = kadmind
-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o
-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c
+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o
+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c
all:: $(PROG)
kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
char *msg_ret, unsigned int msg_len);
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 *ent);
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t *ent);
-
-
krb5_error_code process_chpw_request(krb5_context context,
void *server_handle,
char *realm,
gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
-/*
- * This is a kludge, but the server needs these constants to be
- * compatible with old clients. They are defined in <kadm5/admin.h>,
- * but only if USE_KADM5_API_VERSION == 1.
- */
-#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
-
extern krb5_keyblock master_keyblock;
extern krb5_keylist_node *master_keylist;
{
extern char *optarg;
extern int optind, opterr;
- int ret, oldnames = 0;
+ int ret;
OM_uint32 OMret, major_status, minor_status;
char *whoami;
gss_buffer_desc in_buf;
names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
- names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm);
- names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE,
- params.realm);
- if (names[0].name == NULL || names[1].name == NULL ||
- names[2].name == NULL || names[3].name == NULL) {
+ if (names[0].name == NULL || names[1].name == NULL) {
krb5_klog_syslog(LOG_ERR,
"Cannot build GSS-API authentication names, "
"failing.");
exit(1);
}
- /*
- * Try to acquire creds for the old OV services as well as the
- * new names, but if that fails just fall back on the new names.
- */
- if (svcauth_gssapi_set_names(names, 4) == TRUE)
- oldnames++;
- if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
+ if (svcauth_gssapi_set_names(names, 2) == FALSE) {
krb5_klog_syslog(LOG_ERR,
"Cannot set GSS-API authentication names (keytab not present?), "
"failing.");
in_buf.length = strlen(names[1].name) + 1;
(void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
&gss_changepw_name);
- if (oldnames) {
- in_buf.value = names[3].name;
- in_buf.length = strlen(names[3].name) + 1;
- (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
- &gss_oldchangepw_name);
- }
svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
+++ /dev/null
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include "misc.h"
-
-/*
- * In server_stubs.c, kadmind has to be able to call kadm5 functions
- * with the arguments appropriate for any api version. Because of the
- * prototypes in admin.h, however, the compiler will only allow one
- * set of arguments to be passed. This file exports the old api
- * definitions with a different name, so they can be called from
- * server_stubs.c, and just passes on the call to the real api
- * function; it uses the old api version, however, so it can actually
- * call the real api functions whereas server_stubs.c cannot.
- *
- * This is most useful for functions like kadm5_get_principal that
- * take a different number of arguments based on API version. For
- * kadm5_get_policy, the same thing could be accomplished with
- * typecasts instead.
- */
-
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 *ent)
-{
- return kadm5_get_principal(server_handle, principal, ent);
-}
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t *ent)
-{
- return kadm5_get_policy(server_handle, name, ent);
-}
get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
- kadm5_principal_ent_t_v1 e;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_principal (V1)" : "kadm5_get_principal";
+ funcname = "kadm5_get_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
} else {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_principal_v1((void *)handle,
- arg->princ, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
- free(e);
- }
- } else {
- ret.code = kadm5_get_principal((void *)handle,
- arg->princ, &ret.rec,
- arg->mask);
- }
+ ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+ arg->mask);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_policy (V1)" : "kadm5_get_policy";
+ funcname = "kadm5_get_policy";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
}
if (ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_policy_v1((void *)handle, arg->name, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
- free(e);
- }
- } else {
- ret.code = kadm5_get_policy((void *)handle, arg->name,
- &ret.rec);
- }
+ ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
slen = service_name.length;
trunc_name(&slen, &sdots);
/* okay to cast lengths to int because trunc_name limits max value */
- krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+ krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
- (ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
(int)clen, (char *)client_name.value, cdots,
errmsg ? errmsg : "success",
(int)clen, (char *)client_name.value, cdots,
QUALNAME=$TESTDIR/scripts/qualname.pl; export QUALNAME
TCLUTIL=$STESTDIR/tcl/util.t; export TCLUTIL
BSDDB_DUMP=$TESTDIR/util/bsddb_dump; export BSDDB_DUMP
-CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl; export CLNTTCL
-SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl; export SRVTCL
+CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl; export CLNTTCL
+SRVTCL=$TESTDIR/util/kadm5_srv_tcl; export SRVTCL
KRB5_CONFIG=$K5ROOT/krb5.conf; export KRB5_CONFIG
KRB5_KDC_PROFILE=$K5ROOT/kdc.conf; export KRB5_KDC_PROFILE
DUMMY=${TESTDIR=$TOP/testing}; export TESTDIR
DUMMY=${STESTDIR=$STOP/testing}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${TCLUTIL=$STESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
}
set cmds {
- {ovsec_kadm_init $env(SRVTCL) mrroot null $r $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle}
-
- {ovsec_kadm_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH OVSEC_KADM_PW_MIN_CLASSES OVSEC_KADM_PW_MAX_LIFE OVSEC_KADM_PW_HISTORY_NUM}}
- {ovsec_kadm_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}}
- {ovsec_kadm_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
- {OVSEC_KADM_POLICY}}
- {ovsec_kadm_create_policy $server_handle [simple_policy test-pol-nopw] \
- {OVSEC_KADM_POLICY}}
-
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal testuser@$r] {OVSEC_KADM_PRINCIPAL} notathena}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test1@$r] {OVSEC_KADM_PRINCIPAL} test1}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test2@$r] {OVSEC_KADM_PRINCIPAL} test2}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal test3@$r] {OVSEC_KADM_PRINCIPAL} test3}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/modify@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/none@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/rename@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/mod-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/mod-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+ {kadm5_init $env(SRVTCL) mrroot null \
+ [config_params {KADM5_CONFIG_REALM} $r] $KADM5_STRUCT_VERSION \
+ $KADM5_API_VERSION_2 server_handle}
+
+ {kadm5_create_policy $server_handle "test-pol 0 10000 8 2 3 0" \
+ {KADM5_POLICY KADM5_PW_MIN_LENGTH KADM5_PW_MIN_CLASSES KADM5_PW_MAX_LIFE KADM5_PW_HISTORY_NUM}}
+ {kadm5_create_policy $server_handle "once-a-min 10 0 0 0 0 0" \
+ {KADM5_POLICY KADM5_PW_MIN_LIFE}}
+ {kadm5_create_policy $server_handle "dict-only 0 0 0 0 0 0" \
+ {KADM5_POLICY}}
+ {kadm5_create_policy $server_handle [simple_policy test-pol-nopw] \
+ {KADM5_POLICY}}
+
+ {kadm5_create_principal $server_handle \
+ [simple_principal testuser@$r] {KADM5_PRINCIPAL} notathena}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test1@$r] {KADM5_PRINCIPAL} test1}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test2@$r] {KADM5_PRINCIPAL} test2}
+ {kadm5_create_principal $server_handle \
+ [simple_principal test3@$r] {KADM5_PRINCIPAL} test3}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/modify@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/delete@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/none@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/rename@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/mod-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/mod-delete@$r] {KADM5_PRINCIPAL} \
admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-delete@$r] {OVSEC_KADM_PRINCIPAL} \
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-delete@$r] {KADM5_PRINCIPAL} \
admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/get-mod@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/no-add@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [simple_principal admin/no-delete@$r] {OVSEC_KADM_PRINCIPAL} admin}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol1@$r test-pol] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol111111}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol2@$r once-a-min] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol222222}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol pol3@$r dict-only] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} pol333333}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/get-mod@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/no-add@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [simple_principal admin/no-delete@$r] {KADM5_PRINCIPAL} admin}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol1@$r test-pol] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol111111}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol2@$r once-a-min] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol222222}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol pol3@$r dict-only] {KADM5_PRINCIPAL \
+ KADM5_POLICY} pol333333}
+ {kadm5_create_principal $server_handle \
[princ_w_pol admin/get-pol@$r test-pol-nopw] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} StupidAdmin}
- {ovsec_kadm_create_principal $server_handle \
- [princ_w_pol admin/pol@$r test-pol-nopw] {OVSEC_KADM_PRINCIPAL \
- OVSEC_KADM_POLICY} StupidAdmin}
+ {KADM5_PRINCIPAL KADM5_POLICY} StupidAdmin}
+ {kadm5_create_principal $server_handle \
+ [princ_w_pol admin/pol@$r test-pol-nopw] {KADM5_PRINCIPAL \
+ KADM5_POLICY} StupidAdmin}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
[simple_principal changepw/kerberos] \
- {OVSEC_KADM_PRINCIPAL} {XXX THIS IS WRONG}}
+ {KADM5_PRINCIPAL} {XXX THIS IS WRONG}}
- {ovsec_kadm_create_principal $server_handle \
+ {kadm5_create_principal $server_handle \
[simple_principal $whoami] \
- {OVSEC_KADM_PRINCIPAL} $whoami}
+ {KADM5_PRINCIPAL} $whoami}
- {ovsec_kadm_destroy $server_handle}
+ {kadm5_destroy $server_handle}
}
foreach cmd $cmds {
$top = $ENV{'TOP'} if (! $top);
$TESTDIR = ($ENV{'TESTDIR'} || "$top/testing");
$MAKE_KEYTAB = ($ENV{'MAKE_KEYTAB'} || "$TESTDIR/scripts/$whoami");
-$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/ovsec_kadm_srv_tcl");
+$SRVTCL = ($ENV{'SRVTCL'} || "$TESTDIR/util/kadm5_srv_tcl");
$TCLUTIL = ($ENV{'TCLUTIL'} || "$TESTDIR/tcl/util.t");
# This'll be wrong sometimes
$RSH_CMD = ($ENV{'RSH_CMD'} || '/usr/ucb/rsh');
DUMMY=${TESTDIR=$TOP/testing}
DUMMY=${STESTDIR=$STOP/testing}
DUMMY=${INITDB=$STESTDIR/scripts/init_db}
-DUMMY=${SRVTCL=$TESTDIR/util/ovsec_kadm_srv_tcl}; export SRVTCL
+DUMMY=${SRVTCL=$TESTDIR/util/kadm5_srv_tcl}; export SRVTCL
DUMMY=${LOCAL_MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
DUMMY=${STOP_SERVERS_LOCAL=$STESTDIR/scripts/stop_servers_local}
DUMMY=${KRB5RCACHEDIR=$TESTDIR} ; export KRB5RCACHEDIR
source $env(STOP)/testing/tcl/util.t
set r $env(REALM)
set q $env(QUALNAME)
- puts stdout [ovsec_kadm_init $env(SRVTCL) mrroot null $r \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
- puts stdout [ovsec_kadm_create_principal $server_handle \
- [simple_principal host/$q@$r] {OVSEC_KADM_PRINCIPAL} notathena]
- puts stdout [ovsec_kadm_destroy $server_handle]
+ puts stdout [kadm5_init $env(SRVTCL) mrroot null \
+ [config_params {KADM5_CONFIG_REALM} $r] \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
+ puts stdout [kadm5_create_principal $server_handle \
+ [simple_principal host/$q@$r] {KADM5_PRINCIPAL} notathena]
+ puts stdout [kadm5_destroy $server_handle]
} err]} {
puts stderr "initialization error: $err"
exit 1
PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)$(TCL_RPATH)
-SRCS = $(srcdir)/tcl_ovsec_kadm.c $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
-OBJS = tcl_ovsec_kadm.o tcl_kadm5.o test.o
+SRCS = $(srcdir)/tcl_kadm5.c $(srcdir)/test.c
+OBJS = tcl_kadm5.o test.o
-CLNTPROG= ovsec_kadm_clnt_tcl
-SRVPROG = ovsec_kadm_srv_tcl
+CLNTPROG= kadm5_clnt_tcl
+SRVPROG = kadm5_srv_tcl
DO_ALL=@DO_ALL@
#
# Generated makefile dependencies follow.
#
-$(OUTPRE)tcl_ovsec_kadm.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
- $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
- $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
- $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
- $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
- $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
- $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
- $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
- $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
- $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
- $(SRCTOP)/include/krb5.h tcl_kadm5.h tcl_ovsec_kadm.c
$(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
$(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
$(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
}
do {
- /*
- * Handles from ovsec_kadm_init() and kadm5_init() should not
- * be mixed during unit tests, but the API would happily
- * accept them. Making the hash entry names different in
- * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
- * will fail if presented a handle from the other API.
- */
sprintf(buf, "kadm5_handle%d", i);
entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
i++;
else {
if (! (struct_table &&
(entry = Tcl_FindHashEntry(struct_table, name)))) {
- if (strncmp(name, "ovsec_kadm_handle", 17) == 0)
- Tcl_AppendResult(interp, "ovsec_kadm handle "
- "specified for kadm5 api: ", name, 0);
- else
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
+ Tcl_AppendResult(interp, "unknown server handle ", name, 0);
return TCL_ERROR;
}
*handle = (void *) Tcl_GetHashValue(entry);
KADM5_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_STRUCT_VERSION);
Tcl_SetVar(interp, "KADM5_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", KADM5_API_VERSION_1);
- Tcl_SetVar(interp, "KADM5_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_2);
Tcl_SetVar(interp, "KADM5_API_VERSION_2", buf, TCL_GLOBAL_ONLY);
(void) sprintf(buf, "%d", KADM5_API_VERSION_MASK);
void Tcl_kadm5_init(Tcl_Interp *interp);
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp);
Here's a brief summary of the syntax of the tcl versions of the
-ovsec_kadm commands:
+kadm5 functions:
string Can be a string or "null" which will turn into a null pointer
principal_ent A 12-field list in the order of the principal_ent
+++ /dev/null
-#include "autoconf.h"
-#include <stdio.h>
-#include <string.h>
-#if HAVE_TCL_H
-#include <tcl.h>
-#elif HAVE_TCL_TCL_H
-#include <tcl/tcl.h>
-#endif
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include <com_err.h>
-#include <errno.h>
-#include <stdlib.h>
-#include "tcl_kadm5.h"
-#include <adb_err.h>
-
-struct flagval {
- char *name;
- krb5_flags val;
-};
-
-/* XXX This should probably be in the hash table like server_handle */
-static krb5_context context;
-
-struct flagval krb5_flags_array[] = {
- {"KRB5_KDB_DISALLOW_POSTDATED", KRB5_KDB_DISALLOW_POSTDATED},
- {"KRB5_KDB_DISALLOW_FORWARDABLE", KRB5_KDB_DISALLOW_FORWARDABLE},
- {"KRB5_KDB_DISALLOW_TGT_BASED", KRB5_KDB_DISALLOW_TGT_BASED},
- {"KRB5_KDB_DISALLOW_RENEWABLE", KRB5_KDB_DISALLOW_RENEWABLE},
- {"KRB5_KDB_DISALLOW_PROXIABLE", KRB5_KDB_DISALLOW_PROXIABLE},
- {"KRB5_KDB_DISALLOW_DUP_SKEY", KRB5_KDB_DISALLOW_DUP_SKEY},
- {"KRB5_KDB_DISALLOW_ALL_TIX", KRB5_KDB_DISALLOW_ALL_TIX},
- {"KRB5_KDB_REQUIRES_PRE_AUTH", KRB5_KDB_REQUIRES_PRE_AUTH},
- {"KRB5_KDB_REQUIRES_HW_AUTH", KRB5_KDB_REQUIRES_HW_AUTH},
- {"KRB5_KDB_REQUIRES_PWCHANGE", KRB5_KDB_REQUIRES_PWCHANGE},
- {"KRB5_KDB_DISALLOW_SVR", KRB5_KDB_DISALLOW_SVR},
- {"KRB5_KDB_PWCHANGE_SERVICE", KRB5_KDB_PWCHANGE_SERVICE}
-};
-
-struct flagval aux_attributes[] = {
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY}
-};
-
-struct flagval principal_mask_flags[] = {
- {"OVSEC_KADM_PRINCIPAL", OVSEC_KADM_PRINCIPAL},
- {"OVSEC_KADM_PRINC_EXPIRE_TIME", OVSEC_KADM_PRINC_EXPIRE_TIME},
- {"OVSEC_KADM_PW_EXPIRATION", OVSEC_KADM_PW_EXPIRATION},
- {"OVSEC_KADM_LAST_PWD_CHANGE", OVSEC_KADM_LAST_PWD_CHANGE},
- {"OVSEC_KADM_ATTRIBUTES", OVSEC_KADM_ATTRIBUTES},
- {"OVSEC_KADM_MAX_LIFE", OVSEC_KADM_MAX_LIFE},
- {"OVSEC_KADM_MOD_TIME", OVSEC_KADM_MOD_TIME},
- {"OVSEC_KADM_MOD_NAME", OVSEC_KADM_MOD_NAME},
- {"OVSEC_KADM_KVNO", OVSEC_KADM_KVNO},
- {"OVSEC_KADM_MKVNO", OVSEC_KADM_MKVNO},
- {"OVSEC_KADM_AUX_ATTRIBUTES", OVSEC_KADM_AUX_ATTRIBUTES},
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
- {"OVSEC_KADM_POLICY_CLR", OVSEC_KADM_POLICY_CLR}
-};
-
-struct flagval policy_mask_flags[] = {
- {"OVSEC_KADM_POLICY", OVSEC_KADM_POLICY},
- {"OVSEC_KADM_PW_MAX_LIFE", OVSEC_KADM_PW_MAX_LIFE},
- {"OVSEC_KADM_PW_MIN_LIFE", OVSEC_KADM_PW_MIN_LIFE},
- {"OVSEC_KADM_PW_MIN_LENGTH", OVSEC_KADM_PW_MIN_LENGTH},
- {"OVSEC_KADM_PW_MIN_CLASSES", OVSEC_KADM_PW_MIN_CLASSES},
- {"OVSEC_KADM_PW_HISTORY_NUM", OVSEC_KADM_PW_HISTORY_NUM},
- {"OVSEC_KADM_REF_COUNT", OVSEC_KADM_REF_COUNT}
-};
-
-struct flagval priv_flags[] = {
- {"OVSEC_KADM_PRIV_GET", OVSEC_KADM_PRIV_GET},
- {"OVSEC_KADM_PRIV_ADD", OVSEC_KADM_PRIV_ADD},
- {"OVSEC_KADM_PRIV_MODIFY", OVSEC_KADM_PRIV_MODIFY},
- {"OVSEC_KADM_PRIV_DELETE", OVSEC_KADM_PRIV_DELETE}
-};
-
-
-static char *arg_error = "wrong # args";
-
-static Tcl_HashTable *struct_table = 0;
-
-static int put_server_handle(Tcl_Interp *interp, void *handle, char **name)
-{
- int i = 1, newPtr = 0;
- static char buf[20];
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- /*
- * Handles from ovsec_kadm_init() and kadm5_init() should not
- * be mixed during unit tests, but the API would happily
- * accept them. Making the hash entry names different in
- * tcl_kadm.c and tcl_ovsec_kadm.c ensures that GET_HANDLE
- * will fail if presented a handle from the other API.
- */
- sprintf(buf, "ovsec_kadm_handle%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf, &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, handle);
-
- *name = buf;
-
- return TCL_OK;
-}
-
-static int get_server_handle(Tcl_Interp *interp, const char *name,
- void **handle)
-{
- Tcl_HashEntry *entry;
-
- if(!strcasecmp(name, "null"))
- *handle = 0;
- else {
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- if (strncmp(name, "kadm5_handle", 12) == 0)
- Tcl_AppendResult(interp, "kadm5 handle specified "
- "for ovsec_kadm api: ", name, 0);
- else
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
- *handle = (void *) Tcl_GetHashValue(entry);
- }
- return TCL_OK;
-}
-
-static int remove_server_handle(Tcl_Interp *interp, const char *name)
-{
- Tcl_HashEntry *entry;
-
- if (! (struct_table &&
- (entry = Tcl_FindHashEntry(struct_table, name)))) {
- Tcl_AppendResult(interp, "unknown server handle ", name, 0);
- return TCL_ERROR;
- }
-
- Tcl_DeleteHashEntry(entry);
- return TCL_OK;
-}
-
-#define GET_HANDLE(num_args, do_dostruct) \
- void *server_handle; \
- int dostruct = 0; \
- const char *whoami = argv[0]; \
- argv++, argc--; \
- if ((argc > 0) && (! strcmp(argv[0], "-struct"))) { \
- if (! do_dostruct) { \
- Tcl_AppendResult(interp, "-struct isn't a valid option for ", \
- whoami, 0); \
- return TCL_ERROR; \
- } \
- dostruct++; \
- argv++, argc--; \
- } \
- if (argc != num_args + 1) { \
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0); \
- return TCL_ERROR; \
- } \
- { \
- int htcl_ret; \
- if ((htcl_ret = get_server_handle(interp, argv[0], &server_handle)) \
- != TCL_OK) { \
- return htcl_ret; \
- } \
- } \
- argv++, argc--;
-
-static Tcl_HashTable *create_flag_table(struct flagval *flags, int size)
-{
- Tcl_HashTable *table;
- Tcl_HashEntry *entry;
- int i;
-
- if (! (table = (Tcl_HashTable *) malloc(sizeof(Tcl_HashTable)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_InitHashTable(table, TCL_STRING_KEYS);
-
- for (i = 0; i < size; i++) {
- int newPtr;
-
- if (! (entry = Tcl_CreateHashEntry(table, flags[i].name, &newPtr))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_SetHashValue(entry, &flags[i].val);
- }
-
- return table;
-}
-
-
-static Tcl_DString *unparse_str(char *in_str)
-{
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- if (! in_str) {
- Tcl_DStringAppend(str, "null", -1);
- }
- else {
- Tcl_DStringAppend(str, in_str, -1);
- }
-
- return str;
-}
-
-
-
-static int parse_str(Tcl_Interp *interp, const char *in_str,
- char **out_str)
-{
- if (! in_str) {
- *out_str = 0;
- }
- else if (! strcasecmp(in_str, "null")) {
- *out_str = 0;
- }
- else {
- *out_str = (char *) in_str;
- }
- return TCL_OK;
-}
-
-
-static void set_ok(Tcl_Interp *interp, char *string)
-{
- Tcl_SetResult(interp, "OK", TCL_STATIC);
- Tcl_AppendElement(interp, "OVSEC_KADM_OK");
- Tcl_AppendElement(interp, string);
-}
-
-
-
-static Tcl_DString *unparse_err(ovsec_kadm_ret_t code)
-{
- char *code_string;
- const char *error_string;
- Tcl_DString *dstring;
-
- switch (code) {
- case OVSEC_KADM_FAILURE: code_string = "OVSEC_KADM_FAILURE"; break;
- case OVSEC_KADM_AUTH_GET: code_string = "OVSEC_KADM_AUTH_GET"; break;
- case OVSEC_KADM_AUTH_ADD: code_string = "OVSEC_KADM_AUTH_ADD"; break;
- case OVSEC_KADM_AUTH_MODIFY:
- code_string = "OVSEC_KADM_AUTH_MODIFY"; break;
- case OVSEC_KADM_AUTH_DELETE:
- code_string = "OVSEC_KADM_AUTH_DELETE"; break;
- case OVSEC_KADM_AUTH_INSUFFICIENT:
- code_string = "OVSEC_KADM_AUTH_INSUFFICIENT"; break;
- case OVSEC_KADM_BAD_DB: code_string = "OVSEC_KADM_BAD_DB"; break;
- case OVSEC_KADM_DUP: code_string = "OVSEC_KADM_DUP"; break;
- case OVSEC_KADM_RPC_ERROR: code_string = "OVSEC_KADM_RPC_ERROR"; break;
- case OVSEC_KADM_NO_SRV: code_string = "OVSEC_KADM_NO_SRV"; break;
- case OVSEC_KADM_BAD_HIST_KEY:
- code_string = "OVSEC_KADM_BAD_HIST_KEY"; break;
- case OVSEC_KADM_NOT_INIT: code_string = "OVSEC_KADM_NOT_INIT"; break;
- case OVSEC_KADM_INIT: code_string = "OVSEC_KADM_INIT"; break;
- case OVSEC_KADM_BAD_PASSWORD:
- code_string = "OVSEC_KADM_BAD_PASSWORD"; break;
- case OVSEC_KADM_UNK_PRINC: code_string = "OVSEC_KADM_UNK_PRINC"; break;
- case OVSEC_KADM_UNK_POLICY: code_string = "OVSEC_KADM_UNK_POLICY"; break;
- case OVSEC_KADM_BAD_MASK: code_string = "OVSEC_KADM_BAD_MASK"; break;
- case OVSEC_KADM_BAD_CLASS: code_string = "OVSEC_KADM_BAD_CLASS"; break;
- case OVSEC_KADM_BAD_LENGTH: code_string = "OVSEC_KADM_BAD_LENGTH"; break;
- case OVSEC_KADM_BAD_POLICY: code_string = "OVSEC_KADM_BAD_POLICY"; break;
- case OVSEC_KADM_BAD_HISTORY: code_string = "OVSEC_KADM_BAD_HISTORY"; break;
- case OVSEC_KADM_BAD_PRINCIPAL:
- code_string = "OVSEC_KADM_BAD_PRINCIPAL"; break;
- case OVSEC_KADM_BAD_AUX_ATTR:
- code_string = "OVSEC_KADM_BAD_AUX_ATTR"; break;
- case OVSEC_KADM_PASS_Q_TOOSHORT:
- code_string = "OVSEC_KADM_PASS_Q_TOOSHORT"; break;
- case OVSEC_KADM_PASS_Q_CLASS:
- code_string = "OVSEC_KADM_PASS_Q_CLASS"; break;
- case OVSEC_KADM_PASS_Q_DICT:
- code_string = "OVSEC_KADM_PASS_Q_DICT"; break;
- case OVSEC_KADM_PASS_REUSE: code_string = "OVSEC_KADM_PASS_REUSE"; break;
- case OVSEC_KADM_PASS_TOOSOON:
- code_string = "OVSEC_KADM_PASS_TOOSOON"; break;
- case OVSEC_KADM_POLICY_REF:
- code_string = "OVSEC_KADM_POLICY_REF"; break;
- case OVSEC_KADM_PROTECT_PRINCIPAL:
- code_string = "OVSEC_KADM_PROTECT_PRINCIPAL"; break;
- case OVSEC_KADM_BAD_SERVER_HANDLE:
- code_string = "OVSEC_KADM_BAD_SERVER_HANDLE"; break;
- case OVSEC_KADM_BAD_STRUCT_VERSION:
- code_string = "OVSEC_KADM_BAD_STRUCT_VERSION"; break;
- case OVSEC_KADM_OLD_STRUCT_VERSION:
- code_string = "OVSEC_KADM_OLD_STRUCT_VERSION"; break;
- case OVSEC_KADM_NEW_STRUCT_VERSION:
- code_string = "OVSEC_KADM_NEW_STRUCT_VERSION"; break;
- case OVSEC_KADM_BAD_API_VERSION:
- code_string = "OVSEC_KADM_BAD_API_VERSION"; break;
- case OVSEC_KADM_OLD_LIB_API_VERSION:
- code_string = "OVSEC_KADM_OLD_LIB_API_VERSION"; break;
- case OVSEC_KADM_OLD_SERVER_API_VERSION:
- code_string = "OVSEC_KADM_OLD_SERVER_API_VERSION"; break;
- case OVSEC_KADM_NEW_LIB_API_VERSION:
- code_string = "OVSEC_KADM_NEW_LIB_API_VERSION"; break;
- case OVSEC_KADM_NEW_SERVER_API_VERSION:
- code_string = "OVSEC_KADM_NEW_SERVER_API_VERSION"; break;
- case OVSEC_KADM_SECURE_PRINC_MISSING:
- code_string = "OVSEC_KADM_SECURE_PRINC_MISSING"; break;
- case KADM5_NO_RENAME_SALT:
- code_string = "KADM5_NO_RENAME_SALT"; break;
- case KADM5_BAD_CLIENT_PARAMS:
- code_string = "KADM5_BAD_CLIENT_PARAMS"; break;
- case KADM5_BAD_SERVER_PARAMS:
- code_string = "KADM5_BAD_SERVER_PARAMS"; break;
- case KADM5_AUTH_LIST:
- code_string = "KADM5_AUTH_LIST"; break;
- case KADM5_AUTH_CHANGEPW:
- code_string = "KADM5_AUTH_CHANGEPW"; break;
- case OSA_ADB_DUP: code_string = "OSA_ADB_DUP"; break;
- case OSA_ADB_NOENT: code_string = "ENOENT"; break;
- case OSA_ADB_DBINIT: code_string = "OSA_ADB_DBINIT"; break;
- case OSA_ADB_BAD_POLICY: code_string = "Bad policy name"; break;
- case OSA_ADB_BAD_PRINC: code_string = "Bad principal name"; break;
- case OSA_ADB_BAD_DB: code_string = "Invalid database."; break;
- case OSA_ADB_XDR_FAILURE: code_string = "OSA_ADB_XDR_FAILURE"; break;
- case KRB5_KDB_INUSE: code_string = "KRB5_KDB_INUSE"; break;
- case KRB5_KDB_UK_SERROR: code_string = "KRB5_KDB_UK_SERROR"; break;
- case KRB5_KDB_UK_RERROR: code_string = "KRB5_KDB_UK_RERROR"; break;
- case KRB5_KDB_UNAUTH: code_string = "KRB5_KDB_UNAUTH"; break;
- case KRB5_KDB_NOENTRY: code_string = "KRB5_KDB_NOENTRY"; break;
- case KRB5_KDB_ILL_WILDCARD: code_string = "KRB5_KDB_ILL_WILDCARD"; break;
- case KRB5_KDB_DB_INUSE: code_string = "KRB5_KDB_DB_INUSE"; break;
- case KRB5_KDB_DB_CHANGED: code_string = "KRB5_KDB_DB_CHANGED"; break;
- case KRB5_KDB_TRUNCATED_RECORD:
- code_string = "KRB5_KDB_TRUNCATED_RECORD"; break;
- case KRB5_KDB_RECURSIVELOCK:
- code_string = "KRB5_KDB_RECURSIVELOCK"; break;
- case KRB5_KDB_NOTLOCKED: code_string = "KRB5_KDB_NOTLOCKED"; break;
- case KRB5_KDB_BADLOCKMODE: code_string = "KRB5_KDB_BADLOCKMODE"; break;
- case KRB5_KDB_DBNOTINITED: code_string = "KRB5_KDB_DBNOTINITED"; break;
- case KRB5_KDB_DBINITED: code_string = "KRB5_KDB_DBINITED"; break;
- case KRB5_KDB_ILLDIRECTION: code_string = "KRB5_KDB_ILLDIRECTION"; break;
- case KRB5_KDB_NOMASTERKEY: code_string = "KRB5_KDB_NOMASTERKEY"; break;
- case KRB5_KDB_BADMASTERKEY: code_string = "KRB5_KDB_BADMASTERKEY"; break;
- case KRB5_KDB_INVALIDKEYSIZE:
- code_string = "KRB5_KDB_INVALIDKEYSIZE"; break;
- case KRB5_KDB_CANTREAD_STORED:
- code_string = "KRB5_KDB_CANTREAD_STORED"; break;
- case KRB5_KDB_BADSTORED_MKEY:
- code_string = "KRB5_KDB_BADSTORED_MKEY"; break;
- case KRB5_KDB_CANTLOCK_DB: code_string = "KRB5_KDB_CANTLOCK_DB"; break;
- case KRB5_KDB_DB_CORRUPT: code_string = "KRB5_KDB_DB_CORRUPT"; break;
- case KRB5_PARSE_ILLCHAR: code_string = "KRB5_PARSE_ILLCHAR"; break;
- case KRB5_PARSE_MALFORMED: code_string = "KRB5_PARSE_MALFORMED"; break;
- case KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN"; break;
- case KRB5_REALM_UNKNOWN: code_string = "KRB5_REALM_UNKNOWN"; break;
- case KRB5_KDC_UNREACH: code_string = "KRB5_KDC_UNREACH"; break;
- case KRB5_KDCREP_MODIFIED: code_string = "KRB5_KDCREP_MODIFIED"; break;
- case KRB5KRB_AP_ERR_BAD_INTEGRITY: code_string = "KRB5KRB_AP_ERR_BAD_INTEGRITY"; break;
- case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: code_string = "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN"; break;
- case EINVAL: code_string = "EINVAL"; break;
- case ENOENT: code_string = "ENOENT"; break;
- default:
- fprintf(stderr, "**** CODE %ld (%s) ***\n", (long) code,
- error_message (code));
- code_string = "UNKNOWN";
- break;
- }
-
- error_string = error_message(code);
-
- if (! (dstring = (Tcl_DString *) malloc(sizeof(Tcl_DString)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX Do we really want to exit? Ok if this is */
- /* just a test program, but what about if it gets */
- /* used for other things later? */
- }
-
- Tcl_DStringInit(dstring);
-
- if (! (Tcl_DStringAppendElement(dstring, "ERROR") &&
- Tcl_DStringAppendElement(dstring, code_string) &&
- Tcl_DStringAppendElement(dstring, error_string))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- return dstring;
-}
-
-
-
-static void stash_error(Tcl_Interp *interp, krb5_error_code code)
-{
- Tcl_DString *dstring = unparse_err(code);
- Tcl_DStringResult(interp, dstring);
- Tcl_DStringFree(dstring);
- free(dstring);
-}
-
-
-
-static Tcl_DString *unparse_flags(struct flagval *array, int size,
- krb5_int32 flags)
-{
- int i;
- Tcl_DString *str;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- for (i = 0; i < size; i++) {
- if (flags & array[i].val) {
- Tcl_DStringAppendElement(str, array[i].name);
- }
- }
-
- return str;
-}
-
-
-static int parse_flags(Tcl_Interp *interp, Tcl_HashTable *table,
- struct flagval *array, int size, const char *str,
- krb5_flags *flags)
-{
- int tmp, argc, i, retcode = TCL_OK;
- const char **argv;
- Tcl_HashEntry *entry;
-
- if (Tcl_GetInt(interp, str, &tmp) == TCL_OK) {
- *flags = tmp;
- return TCL_OK;
- }
- Tcl_ResetResult(interp);
-
- if (Tcl_SplitList(interp, str, &argc, &argv) != TCL_OK) {
- return TCL_ERROR;
- }
-
- if (! table) {
- table = create_flag_table(array, size);
- }
-
- *flags = 0;
-
- for (i = 0; i < argc; i++) {
- if (! (entry = Tcl_FindHashEntry(table, argv[i]))) {
- Tcl_AppendResult(interp, "unknown krb5 flag ", argv[i], 0);
- retcode = TCL_ERROR;
- break;
- }
- *flags |= *(krb5_flags *) Tcl_GetHashValue(entry);
- }
-
- Tcl_Free((char *) argv);
- return(retcode);
-}
-
-static Tcl_DString *unparse_privs(krb5_flags flags)
-{
- return unparse_flags(priv_flags, sizeof(priv_flags) /
- sizeof(struct flagval), flags);
-}
-
-
-static Tcl_DString *unparse_krb5_flags(krb5_flags flags)
-{
- return unparse_flags(krb5_flags_array, sizeof(krb5_flags_array) /
- sizeof(struct flagval), flags);
-}
-
-static int parse_krb5_flags(Tcl_Interp *interp, const char *str,
- krb5_flags *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, krb5_flags_array,
- sizeof(krb5_flags_array) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static Tcl_DString *unparse_aux_attributes(krb5_int32 flags)
-{
- return unparse_flags(aux_attributes, sizeof(aux_attributes) /
- sizeof(struct flagval), flags);
-}
-
-
-static int parse_aux_attributes(Tcl_Interp *interp, const char *str,
- long *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, aux_attributes,
- sizeof(aux_attributes) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-static int parse_principal_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, principal_mask_flags,
- sizeof(principal_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-
-static int parse_policy_mask(Tcl_Interp *interp, const char *str,
- krb5_int32 *flags)
-{
- krb5_flags tmp;
- static Tcl_HashTable *table = 0;
- int tcl_ret;
-
- if ((tcl_ret = parse_flags(interp, table, policy_mask_flags,
- sizeof(policy_mask_flags) /
- sizeof(struct flagval),
- str, &tmp)) != TCL_OK) {
- return tcl_ret;
- }
-
- *flags = tmp;
- return TCL_OK;
-}
-
-
-static Tcl_DString *unparse_principal_ent(ovsec_kadm_principal_ent_t princ)
-{
- Tcl_DString *str, *tmp_dstring;
- char *tmp;
- char buf[20];
- krb5_error_code krb5_ret;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp = 0; /* It looks to me from looking at the library source */
- /* code for krb5_parse_name that the pointer passed into */
- /* it should be initialized to 0 if I want it do be */
- /* allocated automatically. */
- krb5_ret = krb5_unparse_name(context, princ->principal, &tmp);
- if (krb5_ret) {
- /* XXX Do we want to return an error? Not sure. */
- Tcl_DStringAppendElement(str, "[unparseable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
-
- sprintf(buf, "%d", princ->princ_expire_time);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->last_pwd_change);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->pw_expiration);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->max_life);
- Tcl_DStringAppendElement(str, buf);
-
- tmp = 0;
- krb5_ret = krb5_unparse_name(context, princ->mod_name, &tmp);
- if (krb5_ret) {
- /* XXX */
- Tcl_DStringAppendElement(str, "[unparseable principal]");
- }
- else {
- Tcl_DStringAppendElement(str, tmp);
- free(tmp);
- }
-
- sprintf(buf, "%d", princ->mod_date);
- Tcl_DStringAppendElement(str, buf);
-
- tmp_dstring = unparse_krb5_flags(princ->attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%d", princ->kvno);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%d", princ->mkvno);
- Tcl_DStringAppendElement(str, buf);
-
- /* XXX This may be dangerous, because the contents of the policy */
- /* field are undefined if the POLICY bit isn't set. However, I */
- /* think it's a bug for the field not to be null in that case */
- /* anyway, so we should assume that it will be null so that we'll */
- /* catch it if it isn't. */
-
- tmp_dstring = unparse_str(princ->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- tmp_dstring = unparse_aux_attributes(princ->aux_attributes);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- return str;
-}
-
-
-
-static int parse_principal_ent(Tcl_Interp *interp, const char *list,
- ovsec_kadm_principal_ent_t *out_princ)
-{
- ovsec_kadm_principal_ent_t princ = 0;
- krb5_error_code krb5_ret;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 12) {
- sprintf(interp->result, "wrong # args in principal structure (%d should be 12)",
- argc);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (princ = malloc(sizeof *princ))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ->principal)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing princ_expire_time");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->princ_expire_time = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing last_pwd_change");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->last_pwd_change = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_expiration");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->pw_expiration = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->max_life = tmp;
-
- if ((krb5_ret = krb5_parse_name(context, argv[5], &princ->mod_name)) != 0) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing mod_name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mod_date");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mod_date = tmp;
-
- if ((tcl_ret = parse_krb5_flags(interp, argv[7], &princ->attributes))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[8], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing kvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->kvno = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[9], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing mkvno");
- retcode = TCL_ERROR;
- goto finished;
- }
- princ->mkvno = tmp;
-
- if ((tcl_ret = parse_str(interp, argv[10], &princ->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- retcode = TCL_ERROR;
- goto finished;
- }
- if(princ->policy != NULL) {
- if(!(princ->policy = strdup(princ->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1);
- }
- }
-
- if ((tcl_ret = parse_aux_attributes(interp, argv[11],
- &princ->aux_attributes)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing aux_attributes");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-finished:
- Tcl_Free((char *) argv);
- *out_princ = princ;
- return retcode;
-}
-
-
-static void free_principal_ent(ovsec_kadm_principal_ent_t *princ)
-{
- krb5_free_principal(context, (*princ)->principal);
- krb5_free_principal(context, (*princ)->mod_name);
- free(*princ);
- *princ = 0;
-}
-
-static Tcl_DString *unparse_policy_ent(ovsec_kadm_policy_ent_t policy)
-{
- Tcl_DString *str, *tmp_dstring;
- char buf[20];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- tmp_dstring = unparse_str(policy->policy);
- Tcl_DStringAppendElement(str, tmp_dstring->string);
- Tcl_DStringFree(tmp_dstring);
- free(tmp_dstring);
-
- sprintf(buf, "%ld", policy->pw_min_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_max_life);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_length);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_min_classes);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->pw_history_num);
- Tcl_DStringAppendElement(str, buf);
-
- sprintf(buf, "%ld", policy->policy_refcnt);
- Tcl_DStringAppendElement(str, buf);
-
- return str;
-}
-
-
-
-static int parse_policy_ent(Tcl_Interp *interp, char *list,
- ovsec_kadm_policy_ent_t *out_policy)
-{
- ovsec_kadm_policy_ent_t policy = 0;
- int tcl_ret;
- int argc;
- const char **argv;
- int tmp;
- int retcode = TCL_OK;
-
- if ((tcl_ret = Tcl_SplitList(interp, list, &argc, &argv)) != TCL_OK) {
- return tcl_ret;
- }
-
- if (argc != 7) {
- sprintf(interp->result, "wrong # args in policy structure (%d should be 7)",
- argc);
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (! (policy = malloc(sizeof *policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy->policy)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if(policy->policy != NULL) {
- if (! (policy->policy = strdup(policy->policy))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- }
-
- /*
- * All of the numerical values parsed here are parsed into an
- * "int" and then assigned into the structure in case the actual
- * width of the field in the Kerberos structure is different from
- * the width of an integer.
- */
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[1], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[2], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_max_life");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_max_life = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[3], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_length");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_length = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[4], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_min_classes");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_min_classes = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[5], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_history_num");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->pw_history_num = tmp;
-
- if ((tcl_ret = Tcl_GetInt(interp, argv[6], &tmp))
- != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy_refcnt");
- retcode = TCL_ERROR;
- goto finished;
- }
- policy->policy_refcnt = tmp;
-
-finished:
- Tcl_Free((char *) argv);
- *out_policy = policy;
- return retcode;
-}
-
-
-static void free_policy_ent(ovsec_kadm_policy_ent_t *policy)
-{
- free(*policy);
- *policy = 0;
-}
-
-static Tcl_DString *unparse_keytype(krb5_enctype enctype)
-{
- Tcl_DString *str;
- char buf[50];
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- switch (enctype) {
- /* XXX is this right? */
- case ENCTYPE_NULL: Tcl_DStringAppend(str, "ENCTYPE_NULL", -1); break;
- case ENCTYPE_DES_CBC_CRC:
- Tcl_DStringAppend(str, "ENCTYPE_DES_CBC_CRC", -1); break;
- default:
- sprintf(buf, "UNKNOWN KEYTYPE (0x%x)", enctype);
- Tcl_DStringAppend(str, buf, -1);
- break;
- }
-
- return str;
-}
-
-
-static Tcl_DString *unparse_keyblock(krb5_keyblock *keyblock)
-{
- Tcl_DString *str;
- Tcl_DString *keytype;
- int i;
-
- if (! (str = malloc(sizeof(*str)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
-
- Tcl_DStringInit(str);
-
- keytype = unparse_keytype(keyblock->enctype);
- Tcl_DStringAppendElement(str, keytype->string);
- Tcl_DStringFree(keytype);
- free(keytype);
- if (keyblock->length == 0) {
- Tcl_DStringAppendElement(str, "0x00");
- }
- else {
- Tcl_DStringAppendElement(str, "0x");
- for (i = 0; i < keyblock->length; i++) {
- char buf[3];
- sprintf(buf, "%02x", (int) keyblock->contents[i]);
- Tcl_DStringAppend(str, buf, -1);
- }
- }
-
- return str;
-}
-
-
-
-static int tcl_ovsec_kadm_init(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- char *client_name, *pass, *service_name, *realm;
- int tcl_ret;
- krb5_ui_4 struct_version, api_version;
- const char *handle_var;
- void *server_handle;
- char *handle_name;
- const char *whoami = argv[0];
-
- argv++, argc--;
-
- kadm5_init_krb5_context(&context);
-
- if (argc != 7) {
- Tcl_AppendResult(interp, whoami, ": ", arg_error, 0);
- return TCL_ERROR;
- }
-
- if (((tcl_ret = parse_str(interp, argv[0], &client_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[1], &pass)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[2], &service_name)) != TCL_OK) ||
- ((tcl_ret = parse_str(interp, argv[3], &realm)) != TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[4], (int *) &struct_version)) !=
- TCL_OK) ||
- ((tcl_ret = Tcl_GetInt(interp, argv[5], (int *) &api_version)) !=
- TCL_OK)) {
- return tcl_ret;
- }
-
- handle_var = argv[6];
-
- if (! (handle_var && *handle_var)) {
- Tcl_SetResult(interp, "must specify server handle variable name",
- TCL_STATIC);
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_init(client_name, pass, service_name, realm,
- struct_version, api_version, NULL, &server_handle);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = put_server_handle(interp, server_handle, &handle_name))
- != TCL_OK) {
- return tcl_ret;
- }
-
- if (! Tcl_SetVar(interp, handle_var, handle_name, TCL_LEAVE_ERR_MSG)) {
- return TCL_ERROR;
- }
-
- set_ok(interp, "OV Admin system initialized.");
- return TCL_OK;
-}
-
-
-
-static int tcl_ovsec_kadm_destroy(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- int tcl_ret;
-
- GET_HANDLE(0, 0);
-
- ret = ovsec_kadm_destroy(server_handle);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-
- if ((tcl_ret = remove_server_handle(interp, argv[-1])) != TCL_OK) {
- return tcl_ret;
- }
-
- set_ok(interp, "OV Admin system deinitialized.");
- return TCL_OK;
-}
-
-static int tcl_ovsec_kadm_create_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
- char *princ_string;
- ovsec_kadm_principal_ent_t princ = 0;
- krb5_int32 mask;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
-
- GET_HANDLE(3, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- if ((tcl_ret = parse_str(interp, argv[2], &pw)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#ifdef OVERRIDE
- if ((tcl_ret = Tcl_GetBoolean(interp, argv[3], &override_qual)) !=
- TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-#endif
-
-#ifdef OVERRIDE
- ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw,
- override_qual);
-#else
- ret = ovsec_kadm_create_principal(server_handle, princ, mask, pw);
-#endif
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Principal created.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int tcl_ret;
- char *name;
-
- GET_HANDLE(1, 0);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- krb5_ret = krb5_parse_name(context, name, &princ);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal");
- return TCL_ERROR;
- }
- } else princ = NULL;
- ret = ovsec_kadm_delete_principal(server_handle, princ);
-
- if(princ != NULL)
- krb5_free_principal(context, princ);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *princ_string;
- ovsec_kadm_principal_ent_t princ = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &princ_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing principal");
- return tcl_ret;
- }
-
- if (princ_string &&
- ((tcl_ret = parse_principal_ent(interp, princ_string, &princ))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_principal_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_modify_principal(server_handle, princ, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Principal modified.");
- }
-
-finished:
- if (princ) {
- free_principal_ent(&princ);
- }
- return retcode;
-}
-
-
-static int tcl_ovsec_kadm_rename_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal source, target;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 0);
-
- krb5_ret = krb5_parse_name(context, argv[0], &source);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing source");
- return TCL_ERROR;
- }
-
- krb5_ret = krb5_parse_name(context, argv[1], &target);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing target");
- krb5_free_principal(context, source);
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_rename_principal(server_handle, source, target);
-
- if (ret == OVSEC_KADM_OK) {
- set_ok(interp, "Principal renamed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
- krb5_free_principal(context, source);
- krb5_free_principal(context, target);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_chpass_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- krb5_error_code krb5_ret;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- krb5_ret = krb5_parse_name(context, argv[0], &princ);
- if (krb5_ret) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing password");
- retcode = TCL_ERROR;
- goto finished;
- }
-
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_chpass_principal(server_handle,
- princ, pw, override_qual);
-#else
- ret = ovsec_kadm_chpass_principal(server_handle, princ, pw);
-#endif
-
- if (ret == OVSEC_KADM_OK) {
- set_ok(interp, "Password changed.");
- goto finished;
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_chpass_principal_util(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- char *new_pw;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- char *pw_ret, *pw_ret_var;
- char msg_ret[1024], *msg_ret_var;
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(4, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &new_pw) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing new password");
- retcode = TCL_ERROR;
- goto finished;
- }
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-#endif
- if (parse_str(interp, argv[3], &pw_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing pw_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- if (parse_str(interp, argv[4], &msg_ret_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing msg_ret variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_chpass_principal_util(server_handle, princ, new_pw,
-#ifdef OVERRIDE
- override_qual,
-#endif
- pw_ret_var ? &pw_ret : 0,
- msg_ret_var ? msg_ret : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (pw_ret_var &&
- (! Tcl_SetVar(interp, pw_ret_var, pw_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp, "while setting pw_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- if (msg_ret_var &&
- (! Tcl_SetVar(interp, msg_ret_var, msg_ret,
- TCL_LEAVE_ERR_MSG))) {
- Tcl_AppendElement(interp,
- "while setting msg_ret variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Password changed.");
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_randkey_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- krb5_keyblock *keyblock;
- char *keyblock_var;
- Tcl_DString *keyblock_dstring = 0;
-#ifdef OVERRIDE
- int override_qual;
-#endif
- krb5_error_code krb5_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 0);
-
- if ((krb5_ret = krb5_parse_name(context, argv[0], &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &keyblock_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing keyblock variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-#ifdef OVERRIDE
- if (Tcl_GetBoolean(interp, argv[2], &override_qual) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing override_qual");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_randkey_principal(server_handle,
- princ, keyblock_var ? &keyblock : 0,
- override_qual);
-#else
- ret = ovsec_kadm_randkey_principal(server_handle,
- princ, keyblock_var ? &keyblock : 0);
-#endif
-
- if (ret == OVSEC_KADM_OK) {
- if (keyblock_var) {
- keyblock_dstring = unparse_keyblock(keyblock);
- if (! Tcl_SetVar(interp, keyblock_var,
- keyblock_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting keyblock variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- }
- set_ok(interp, "Key randomized.");
-
- }
- else {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- krb5_free_principal(context, princ);
- if (keyblock_dstring) {
- Tcl_DStringFree(keyblock_dstring);
- free(keyblock_dstring);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_get_principal(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- krb5_principal princ;
- ovsec_kadm_principal_ent_t ent;
- Tcl_DString *ent_dstring = 0;
- char *ent_var;
- char *name;
- krb5_error_code krb5_ret;
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 1);
-
- if((tcl_ret = parse_str(interp, argv[0], &name)) != TCL_OK)
- return tcl_ret;
- if(name != NULL) {
- if ((krb5_ret = krb5_parse_name(context, name, &princ))) {
- stash_error(interp, krb5_ret);
- Tcl_AppendElement(interp, "while parsing principal name");
- return TCL_ERROR;
- }
- } else princ = NULL;
-
- if ((tcl_ret = parse_str(interp, argv[1], &ent_var)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_get_principal(server_handle, princ, ent_var ? &ent : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (ent_var) {
- if (dostruct) {
- char buf[20];
- int i = 1, newPtr = 0;
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- sprintf(buf, "principal%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf,
- &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, ent);
- if (! Tcl_SetVar(interp, ent_var, buf,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- Tcl_DeleteHashEntry(entry);
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Principal structure retrieved.");
- }
- else {
- ent_dstring = unparse_principal_ent(ent);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Principal retrieved.");
- }
- }
- }
- else {
- ent = 0;
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if(princ != NULL)
- krb5_free_principal(context, princ);
- if (ent && ((! dostruct) || (retcode != TCL_OK))) {
- if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- }
- return retcode;
-}
-
-static int tcl_ovsec_kadm_create_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- int tcl_ret;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
- char *policy_string;
- ovsec_kadm_policy_ent_t policy = 0;
- krb5_int32 mask;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = tcl_ret;
- goto finished;
- }
-
- ret = ovsec_kadm_create_policy(server_handle, policy, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- goto finished;
- }
- else {
- set_ok(interp, "Policy created.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_delete_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_ret_t ret;
- char *policy;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_delete_policy(server_handle, policy);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy deleted.");
- return TCL_OK;
- }
-}
-
-
-
-static int tcl_ovsec_kadm_modify_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *policy_string;
- ovsec_kadm_policy_ent_t policy = 0;
- int tcl_ret;
- krb5_int32 mask;
- int retcode = TCL_OK;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(2, 0);
-
- if ((tcl_ret = parse_str(interp, argv[0], &policy_string)) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy");
- return tcl_ret;
- }
-
- if (policy_string &&
- ((tcl_ret = parse_policy_ent(interp, policy_string, &policy))
- != TCL_OK)) {
- return tcl_ret;
- }
-
- if ((tcl_ret = parse_policy_mask(interp, argv[1], &mask)) != TCL_OK) {
- retcode = TCL_ERROR;
- goto finished;
- }
-
- ret = ovsec_kadm_modify_policy(server_handle, policy, mask);
-
- if (ret != OVSEC_KADM_OK) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- else {
- set_ok(interp, "Policy modified.");
- }
-
-finished:
- if (policy) {
- free_policy_ent(&policy);
- }
- return retcode;
-}
-
-
-static int tcl_ovsec_kadm_get_policy(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- ovsec_kadm_policy_ent_t ent = NULL;
- Tcl_DString *ent_dstring = 0;
- char *policy;
- char *ent_var;
- ovsec_kadm_ret_t ret;
- int retcode = TCL_OK;
-
- GET_HANDLE(2, 1);
-
- if (parse_str(interp, argv[0], &policy) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing policy name");
- return TCL_ERROR;
- }
-
- if (parse_str(interp, argv[1], &ent_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry variable name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_get_policy(server_handle, policy, ent_var ? &ent : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (ent_var) {
- if (dostruct) {
- char buf[20];
- int i = 1, newPtr = 0;
- Tcl_HashEntry *entry;
-
- if (! struct_table) {
- if (! (struct_table =
- malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- do {
- sprintf(buf, "policy%d", i);
- entry = Tcl_CreateHashEntry(struct_table, buf,
- &newPtr);
- i++;
- } while (! newPtr);
-
- Tcl_SetHashValue(entry, ent);
- if (! Tcl_SetVar(interp, ent_var, buf,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- Tcl_DeleteHashEntry(entry);
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Policy structure retrieved.");
- }
- else {
- ent_dstring = unparse_policy_ent(ent);
- if (! Tcl_SetVar(interp, ent_var, ent_dstring->string,
- TCL_LEAVE_ERR_MSG)) {
- Tcl_AppendElement(interp,
- "while setting entry variable");
- retcode = TCL_ERROR;
- goto finished;
- }
- set_ok(interp, "Policy retrieved.");
- }
- }
- }
- else {
- ent = 0;
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
-
-finished:
- if (ent_dstring) {
- Tcl_DStringFree(ent_dstring);
- free(ent_dstring);
- }
- if (ent && ((! dostruct) || (retcode != TCL_OK))) {
- if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent)) &&
- (retcode == TCL_OK)) {
- stash_error(interp, ret);
- retcode = TCL_ERROR;
- }
- }
- return retcode;
-}
-
-
-
-static int tcl_ovsec_kadm_free_principal_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- ovsec_kadm_principal_ent_t ent;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = ovsec_kadm_free_principal_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "principal", sizeof("principal")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "principal handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (ovsec_kadm_principal_ent_t) Tcl_GetHashValue(entry);
-
- if ((ret = ovsec_kadm_free_principal_ent(server_handle, ent))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Principal freed.");
- return TCL_OK;
-}
-
-
-static int tcl_ovsec_kadm_free_policy_ent(ClientData clientData,
- Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- char *ent_name;
- ovsec_kadm_policy_ent_t ent;
- ovsec_kadm_ret_t ret;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &ent_name) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing entry name");
- return TCL_ERROR;
- }
-
- if ((! ent_name) &&
- (ret = ovsec_kadm_free_policy_ent(server_handle, 0))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- else {
- Tcl_HashEntry *entry;
-
- if (strncmp(ent_name, "policy", sizeof("policy")-1)) {
- Tcl_AppendResult(interp, "invalid principal handle \"",
- ent_name, "\"", 0);
- return TCL_ERROR;
- }
- if (! struct_table) {
- if (! (struct_table = malloc(sizeof(*struct_table)))) {
- fprintf(stderr, "Out of memory!\n");
- exit(1); /* XXX */
- }
- Tcl_InitHashTable(struct_table, TCL_STRING_KEYS);
- }
-
- if (! (entry = Tcl_FindHashEntry(struct_table, ent_name))) {
- Tcl_AppendResult(interp, "policy handle \"", ent_name,
- "\" not found", 0);
- return TCL_ERROR;
- }
-
- ent = (ovsec_kadm_policy_ent_t) Tcl_GetHashValue(entry);
-
- if ((ret = ovsec_kadm_free_policy_ent(server_handle, ent))) {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
- Tcl_DeleteHashEntry(entry);
- }
- set_ok(interp, "Policy freed.");
- return TCL_OK;
-}
-
-
-static int tcl_ovsec_kadm_get_privs(ClientData clientData, Tcl_Interp *interp,
- int argc, const char *argv[])
-{
- const char *set_ret;
- ovsec_kadm_ret_t ret;
- char *priv_var;
- long privs;
-
- GET_HANDLE(1, 0);
-
- if (parse_str(interp, argv[0], &priv_var) != TCL_OK) {
- Tcl_AppendElement(interp, "while parsing privs variable name");
- return TCL_ERROR;
- }
-
- ret = ovsec_kadm_get_privs(server_handle, priv_var ? &privs : 0);
-
- if (ret == OVSEC_KADM_OK) {
- if (priv_var) {
- Tcl_DString *str = unparse_privs(privs);
- set_ret = Tcl_SetVar(interp, priv_var, str->string,
- TCL_LEAVE_ERR_MSG);
- Tcl_DStringFree(str);
- free(str);
- if (! set_ret) {
- Tcl_AppendElement(interp, "while setting priv variable");
- return TCL_ERROR;
- }
- }
- set_ok(interp, "Privileges retrieved.");
- return TCL_OK;
- }
- else {
- stash_error(interp, ret);
- return TCL_ERROR;
- }
-}
-
-
-void Tcl_ovsec_kadm_init(Tcl_Interp *interp)
-{
- char buf[20];
-
- Tcl_SetVar(interp, "OVSEC_KADM_ADMIN_SERVICE",
- OVSEC_KADM_ADMIN_SERVICE, TCL_GLOBAL_ONLY);
- Tcl_SetVar(interp, "OVSEC_KADM_CHANGEPW_SERVICE",
- OVSEC_KADM_CHANGEPW_SERVICE, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION);
- Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_1);
- Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_1", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_API_VERSION_MASK);
- Tcl_SetVar(interp, "OVSEC_KADM_API_VERSION_MASK", buf, TCL_GLOBAL_ONLY);
- (void) sprintf(buf, "%d", OVSEC_KADM_STRUCT_VERSION_MASK);
- Tcl_SetVar(interp, "OVSEC_KADM_STRUCT_VERSION_MASK", buf,
- TCL_GLOBAL_ONLY);
-
- Tcl_CreateCommand(interp, "ovsec_kadm_init", tcl_ovsec_kadm_init, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_destroy", tcl_ovsec_kadm_destroy, 0,
- 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_create_principal",
- tcl_ovsec_kadm_create_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_delete_principal",
- tcl_ovsec_kadm_delete_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_modify_principal",
- tcl_ovsec_kadm_modify_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_rename_principal",
- tcl_ovsec_kadm_rename_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal",
- tcl_ovsec_kadm_chpass_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_chpass_principal_util",
- tcl_ovsec_kadm_chpass_principal_util, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_randkey_principal",
- tcl_ovsec_kadm_randkey_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_principal",
- tcl_ovsec_kadm_get_principal, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_create_policy",
- tcl_ovsec_kadm_create_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_delete_policy",
- tcl_ovsec_kadm_delete_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_modify_policy",
- tcl_ovsec_kadm_modify_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_policy",
- tcl_ovsec_kadm_get_policy, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_free_principal_ent",
- tcl_ovsec_kadm_free_principal_ent, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_free_policy_ent",
- tcl_ovsec_kadm_free_policy_ent, 0, 0);
- Tcl_CreateCommand(interp, "ovsec_kadm_get_privs",
- tcl_ovsec_kadm_get_privs, 0, 0);
-}
int Tcl_AppInit(Tcl_Interp *interp)
{
- Tcl_ovsec_kadm_init(interp);
Tcl_kadm5_init(interp);
return(TCL_OK);
SRCS = kadm_err.c \
chpass_util_strings.c \
- $(srcdir)/ovsec_glue.c \
$(srcdir)/misc_free.c \
$(srcdir)/kadm_rpc_xdr.c \
$(srcdir)/chpass_util.c \
OBJS = kadm_err.$(OBJEXT) \
chpass_util_strings.$(OBJEXT) \
- ovsec_glue.$(OBJEXT) \
misc_free.$(OBJEXT) \
kadm_rpc_xdr.$(OBJEXT) \
chpass_util.$(OBJEXT) \
STLIBOBJS = \
kadm_err.o \
chpass_util_strings.o \
- ovsec_glue.o \
misc_free.o \
kadm_rpc_xdr.o \
chpass_util.o \
* releases (e.g. from 1.7 to 1.8).
* - We will make some effort to avoid making incompatible changes for
* bugfix releases, but will make them if necessary.
- * - We make no commitments at all regarding the v1 API (obtained by
- * defining USE_KADM5_API_VERSION to 1) and expect to remove it.
*/
#ifndef __KADM5_ADMIN_H__
#define __KADM5_ADMIN_H__
-#if !defined(USE_KADM5_API_VERSION)
-#define USE_KADM5_API_VERSION 2
-#endif
-
#include <sys/types.h>
#include <gssrpc/rpc.h>
#include <krb5.h>
#define KADM5_STRUCT_VERSION KADM5_STRUCT_VERSION_1
#define KADM5_API_VERSION_MASK 0x12345700
-#define KADM5_API_VERSION_1 (KADM5_API_VERSION_MASK|0x01)
#define KADM5_API_VERSION_2 (KADM5_API_VERSION_MASK|0x02)
-typedef struct _kadm5_principal_ent_t_v2 {
+typedef struct _kadm5_principal_ent_t {
krb5_principal principal;
krb5_timestamp princ_expire_time;
krb5_timestamp last_pwd_change;
krb5_int16 n_tl_data;
krb5_tl_data *tl_data;
krb5_key_data *key_data;
-} kadm5_principal_ent_rec_v2, *kadm5_principal_ent_t_v2;
-
-typedef struct _kadm5_principal_ent_t_v1 {
- krb5_principal principal;
- krb5_timestamp princ_expire_time;
- krb5_timestamp last_pwd_change;
- krb5_timestamp pw_expiration;
- krb5_deltat max_life;
- krb5_principal mod_name;
- krb5_timestamp mod_date;
- krb5_flags attributes;
- krb5_kvno kvno;
- krb5_kvno mkvno;
- char *policy;
- long aux_attributes;
-} kadm5_principal_ent_rec_v1, *kadm5_principal_ent_t_v1;
-
-#if USE_KADM5_API_VERSION == 1
-typedef struct _kadm5_principal_ent_t_v1
- kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#else
-typedef struct _kadm5_principal_ent_t_v2
- kadm5_principal_ent_rec, *kadm5_principal_ent_t;
-#endif
+} kadm5_principal_ent_rec, *kadm5_principal_ent_t;
typedef struct _kadm5_policy_ent_t {
char *policy;
* functions
*/
-#if USE_KADM5_API_VERSION > 1
krb5_error_code kadm5_get_config_params(krb5_context context,
int use_kdc_config,
kadm5_config_params *params_in,
krb5_error_code kadm5_get_admin_service_name(krb5_context, char *,
char *, size_t);
-#endif
kadm5_ret_t kadm5_init(char *client_name, char *pass,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
kadm5_ret_t kadm5_init_with_password(char *client_name,
char *pass,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
kadm5_ret_t kadm5_init_with_skey(char *client_name,
char *keytab,
char *service_name,
-#if USE_KADM5_API_VERSION == 1
- char *realm,
-#else
kadm5_config_params *params,
-#endif
krb5_ui_4 struct_version,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_init_with_creds(char *client_name,
krb5_ccache cc,
char *service_name,
krb5_ui_4 api_version,
char **db_args,
void **server_handle);
-#endif
kadm5_ret_t kadm5_lock(void *server_handle);
kadm5_ret_t kadm5_unlock(void *server_handle);
kadm5_ret_t kadm5_flush(void *server_handle);
long mask);
kadm5_ret_t kadm5_rename_principal(void *server_handle,
krb5_principal,krb5_principal);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t kadm5_get_principal(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t *ent);
-#else
kadm5_ret_t kadm5_get_principal(void *server_handle,
krb5_principal principal,
kadm5_principal_ent_t ent,
long mask);
-#endif
kadm5_ret_t kadm5_chpass_principal(void *server_handle,
krb5_principal principal,
char *pass);
int n_ks_tuple,
krb5_key_salt_tuple *ks_tuple,
char *pass);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t kadm5_randkey_principal(void *server_handle,
- krb5_principal principal,
- krb5_keyblock **keyblock);
-#else
kadm5_ret_t kadm5_randkey_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock **keyblocks,
krb5_key_salt_tuple *ks_tuple,
krb5_keyblock **keyblocks,
int *n_keys);
-#endif
kadm5_ret_t kadm5_setv4key_principal(void *server_handle,
krb5_principal principal,
krb5_keyblock *keyblock);
kadm5_ret_t kadm5_modify_policy_internal(void *server_handle,
kadm5_policy_ent_t
entry, long mask);
-#if USE_KADM5_API_VERSION == 1
-kadm5_ret_t kadm5_get_policy(void *server_handle,
- kadm5_policy_t policy,
- kadm5_policy_ent_t *ent);
-#else
kadm5_ret_t kadm5_get_policy(void *server_handle,
kadm5_policy_t policy,
kadm5_policy_ent_t ent);
-#endif
kadm5_ret_t kadm5_get_privs(void *server_handle,
long *privs);
char *exp, char ***pols,
int *count);
-#if USE_KADM5_API_VERSION > 1
kadm5_ret_t kadm5_free_key_data(void *server_handle,
krb5_int16 *n_key_data,
krb5_key_data *key_data);
-#endif
kadm5_ret_t kadm5_free_name_list(void *server_handle, char **names,
int count);
krb5_keyblock **keyblocks,
int *n_keys);
-#if USE_KADM5_API_VERSION == 1
-/*
- * OVSEC_KADM_API_VERSION_1 should be, if possible, compile-time
- * compatible with KADM5_API_VERSION_2. Basically, this means we have
- * to continue to provide all the old ovsec_kadm function and symbol
- * names.
- */
-
-#define OVSEC_KADM_ACLFILE "/krb5/ovsec_adm.acl"
-#define OVSEC_KADM_WORDFILE "/krb5/ovsec_adm.dict"
-
-#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
-#define OVSEC_KADM_HIST_PRINCIPAL "ovsec_adm/history"
-
-typedef krb5_principal ovsec_kadm_princ_t;
-typedef krb5_keyblock ovsec_kadm_keyblock;
-typedef char *ovsec_kadm_policy_t;
-typedef long ovsec_kadm_ret_t;
-
-enum ovsec_kadm_salttype { OVSEC_KADM_SALT_V4, OVSEC_KADM_SALT_NORMAL };
-enum ovsec_kadm_saltmod { OVSEC_KADM_MOD_KEEP, OVSEC_KADM_MOD_V4, OVSEC_KADM_MOD_NORMAL };
-
-#define OVSEC_KADM_PW_FIRST_PROMPT \
- ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_PROMPT))
-#define OVSEC_KADM_PW_SECOND_PROMPT \
- ((char *) error_message(CHPASS_UTIL_NEW_PASSWORD_AGAIN_PROMPT))
-
-/*
- * Successful return code
- */
-#define OVSEC_KADM_OK 0
-
-/*
- * Create/Modify masks
- */
-/* principal */
-#define OVSEC_KADM_PRINCIPAL 0x000001
-#define OVSEC_KADM_PRINC_EXPIRE_TIME 0x000002
-#define OVSEC_KADM_PW_EXPIRATION 0x000004
-#define OVSEC_KADM_LAST_PWD_CHANGE 0x000008
-#define OVSEC_KADM_ATTRIBUTES 0x000010
-#define OVSEC_KADM_MAX_LIFE 0x000020
-#define OVSEC_KADM_MOD_TIME 0x000040
-#define OVSEC_KADM_MOD_NAME 0x000080
-#define OVSEC_KADM_KVNO 0x000100
-#define OVSEC_KADM_MKVNO 0x000200
-#define OVSEC_KADM_AUX_ATTRIBUTES 0x000400
-#define OVSEC_KADM_POLICY 0x000800
-#define OVSEC_KADM_POLICY_CLR 0x001000
-/* policy */
-#define OVSEC_KADM_PW_MAX_LIFE 0x004000
-#define OVSEC_KADM_PW_MIN_LIFE 0x008000
-#define OVSEC_KADM_PW_MIN_LENGTH 0x010000
-#define OVSEC_KADM_PW_MIN_CLASSES 0x020000
-#define OVSEC_KADM_PW_HISTORY_NUM 0x040000
-#define OVSEC_KADM_REF_COUNT 0x080000
-
-/*
- * permission bits
- */
-#define OVSEC_KADM_PRIV_GET 0x01
-#define OVSEC_KADM_PRIV_ADD 0x02
-#define OVSEC_KADM_PRIV_MODIFY 0x04
-#define OVSEC_KADM_PRIV_DELETE 0x08
-
-/*
- * API versioning constants
- */
-#define OVSEC_KADM_MASK_BITS 0xffffff00
-
-#define OVSEC_KADM_STRUCT_VERSION_MASK 0x12345600
-#define OVSEC_KADM_STRUCT_VERSION_1 (OVSEC_KADM_STRUCT_VERSION_MASK|0x01)
-#define OVSEC_KADM_STRUCT_VERSION OVSEC_KADM_STRUCT_VERSION_1
-
-#define OVSEC_KADM_API_VERSION_MASK 0x12345700
-#define OVSEC_KADM_API_VERSION_1 (OVSEC_KADM_API_VERSION_MASK|0x01)
-
-
-typedef struct _ovsec_kadm_principal_ent_t {
- krb5_principal principal;
- krb5_timestamp princ_expire_time;
- krb5_timestamp last_pwd_change;
- krb5_timestamp pw_expiration;
- krb5_deltat max_life;
- krb5_principal mod_name;
- krb5_timestamp mod_date;
- krb5_flags attributes;
- krb5_kvno kvno;
- krb5_kvno mkvno;
- char *policy;
- long aux_attributes;
-} ovsec_kadm_principal_ent_rec, *ovsec_kadm_principal_ent_t;
-
-typedef struct _ovsec_kadm_policy_ent_t {
- char *policy;
- long pw_min_life;
- long pw_max_life;
- long pw_min_length;
- long pw_min_classes;
- long pw_history_num;
- long policy_refcnt;
-} ovsec_kadm_policy_ent_rec, *ovsec_kadm_policy_ent_t;
-
-/*
- * functions
- */
-ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *pass,
- char *service_name, char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name,
- char *pass,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char ** db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name,
- char *keytab,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle);
-ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle);
-ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle);
-ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
- ovsec_kadm_principal_ent_t ent,
- long mask, char *pass);
-ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
- krb5_principal principal);
-ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
- ovsec_kadm_principal_ent_t ent,
- long mask);
-ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
- krb5_principal,krb5_principal);
-ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
- krb5_principal principal,
- ovsec_kadm_principal_ent_t *ent);
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
- krb5_principal principal,
- char *pass);
-ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
- krb5_principal principal,
- krb5_keyblock **keyblock);
-ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
- ovsec_kadm_policy_ent_t ent,
- long mask);
-/*
- * ovsec_kadm_create_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_create_policy.
- */
-ovsec_kadm_ret_t ovsec_kadm_create_policy_internal(void *server_handle,
- ovsec_kadm_policy_ent_t
- entry, long mask);
-ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
- ovsec_kadm_policy_t policy);
-ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
- ovsec_kadm_policy_ent_t ent,
- long mask);
-/*
- * ovsec_kadm_modify_policy_internal is not part of the supported,
- * exposed API. It is available only in the server library, and you
- * shouldn't use it unless you know why it's there and how it's
- * different from ovsec_kadm_modify_policy.
- */
-ovsec_kadm_ret_t ovsec_kadm_modify_policy_internal(void *server_handle,
- ovsec_kadm_policy_ent_t
- entry, long mask);
-ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
- ovsec_kadm_policy_t policy,
- ovsec_kadm_policy_ent_t *ent);
-ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle,
- long *privs);
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
- krb5_principal princ,
- char *new_pw,
- char **ret_pw,
- char *msg_ret);
-
-ovsec_kadm_ret_t ovsec_kadm_free_principal_ent(void *server_handle,
- ovsec_kadm_principal_ent_t
- ent);
-ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
- ovsec_kadm_policy_ent_t ent);
-
-ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
- char **names, int count);
-
-ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
- char *exp, char ***princs,
- int *count);
-
-ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
- char *exp, char ***pols,
- int *count);
-
-#define OVSEC_KADM_FAILURE KADM5_FAILURE
-#define OVSEC_KADM_AUTH_GET KADM5_AUTH_GET
-#define OVSEC_KADM_AUTH_ADD KADM5_AUTH_ADD
-#define OVSEC_KADM_AUTH_MODIFY KADM5_AUTH_MODIFY
-#define OVSEC_KADM_AUTH_DELETE KADM5_AUTH_DELETE
-#define OVSEC_KADM_AUTH_INSUFFICIENT KADM5_AUTH_INSUFFICIENT
-#define OVSEC_KADM_BAD_DB KADM5_BAD_DB
-#define OVSEC_KADM_DUP KADM5_DUP
-#define OVSEC_KADM_RPC_ERROR KADM5_RPC_ERROR
-#define OVSEC_KADM_NO_SRV KADM5_NO_SRV
-#define OVSEC_KADM_BAD_HIST_KEY KADM5_BAD_HIST_KEY
-#define OVSEC_KADM_NOT_INIT KADM5_NOT_INIT
-#define OVSEC_KADM_UNK_PRINC KADM5_UNK_PRINC
-#define OVSEC_KADM_UNK_POLICY KADM5_UNK_POLICY
-#define OVSEC_KADM_BAD_MASK KADM5_BAD_MASK
-#define OVSEC_KADM_BAD_CLASS KADM5_BAD_CLASS
-#define OVSEC_KADM_BAD_LENGTH KADM5_BAD_LENGTH
-#define OVSEC_KADM_BAD_POLICY KADM5_BAD_POLICY
-#define OVSEC_KADM_BAD_PRINCIPAL KADM5_BAD_PRINCIPAL
-#define OVSEC_KADM_BAD_AUX_ATTR KADM5_BAD_AUX_ATTR
-#define OVSEC_KADM_BAD_HISTORY KADM5_BAD_HISTORY
-#define OVSEC_KADM_BAD_MIN_PASS_LIFE KADM5_BAD_MIN_PASS_LIFE
-#define OVSEC_KADM_PASS_Q_TOOSHORT KADM5_PASS_Q_TOOSHORT
-#define OVSEC_KADM_PASS_Q_CLASS KADM5_PASS_Q_CLASS
-#define OVSEC_KADM_PASS_Q_DICT KADM5_PASS_Q_DICT
-#define OVSEC_KADM_PASS_REUSE KADM5_PASS_REUSE
-#define OVSEC_KADM_PASS_TOOSOON KADM5_PASS_TOOSOON
-#define OVSEC_KADM_POLICY_REF KADM5_POLICY_REF
-#define OVSEC_KADM_INIT KADM5_INIT
-#define OVSEC_KADM_BAD_PASSWORD KADM5_BAD_PASSWORD
-#define OVSEC_KADM_PROTECT_PRINCIPAL KADM5_PROTECT_PRINCIPAL
-#define OVSEC_KADM_BAD_SERVER_HANDLE KADM5_BAD_SERVER_HANDLE
-#define OVSEC_KADM_BAD_STRUCT_VERSION KADM5_BAD_STRUCT_VERSION
-#define OVSEC_KADM_OLD_STRUCT_VERSION KADM5_OLD_STRUCT_VERSION
-#define OVSEC_KADM_NEW_STRUCT_VERSION KADM5_NEW_STRUCT_VERSION
-#define OVSEC_KADM_BAD_API_VERSION KADM5_BAD_API_VERSION
-#define OVSEC_KADM_OLD_LIB_API_VERSION KADM5_OLD_LIB_API_VERSION
-#define OVSEC_KADM_OLD_SERVER_API_VERSION KADM5_OLD_SERVER_API_VERSION
-#define OVSEC_KADM_NEW_LIB_API_VERSION KADM5_NEW_LIB_API_VERSION
-#define OVSEC_KADM_NEW_SERVER_API_VERSION KADM5_NEW_SERVER_API_VERSION
-#define OVSEC_KADM_SECURE_PRINC_MISSING KADM5_SECURE_PRINC_MISSING
-#define OVSEC_KADM_NO_RENAME_SALT KADM5_NO_RENAME_SALT
-
-#endif /* USE_KADM5_API_VERSION == 1 */
-
KADM5INT_END_DECLS
#endif /* __KADM5_ADMIN_H__ */
if ((srvr->api_version & KADM5_MASK_BITS) != \
KADM5_API_VERSION_MASK) \
return KADM5_BAD_API_VERSION; \
- if (srvr->api_version < KADM5_API_VERSION_1) \
+ if (srvr->api_version < KADM5_API_VERSION_2) \
return old_api_version; \
if (srvr->api_version > KADM5_API_VERSION_2) \
return new_api_version; \
-# this is really a string table for ovsec_kadm_chpass_principal_util
+# this is really a string table for chpass_principal_util
error_table ovku
* empty mask, and behave like version 2.
*/
memset(¶ms_local, 0, sizeof(params_local));
- if (api_version == KADM5_API_VERSION_1) {
- realm = params_local.realm = (char *) params_in;
- if (params_in)
- params_local.mask = KADM5_CONFIG_REALM;
-
- /* Use old AUTH_GSSAPI for version 1 protocol. */
- params_local.mask |= KADM5_CONFIG_OLD_AUTH_GSSAPI;
- params_in = ¶ms_local;
- } else {
- if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
- realm = params_in->realm;
- else
- realm = NULL;
- }
+ if (params_in && (params_in->mask & KADM5_CONFIG_REALM))
+ realm = params_in->realm;
+ else
+ realm = NULL;
#if 0 /* Since KDC config params can now be put in krb5.conf, these
could show up even when you're just using the remote kadmin
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * hack hack cough cough.
- * krb5_unparse name dumps core if we pass it in garbage
- * or null. So, since the client is not allowed to set mod_name
- * anyway, we just fill it in with a dummy principal. The server of
- * course ignores this.
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+ arg.rec.mod_name = NULL;
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
r = create_principal_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * hack hack cough cough.
- * krb5_unparse name dumps core if we pass it in garbage
- * or null. So, since the client is not allowed to set mod_name
- * anyway, we just fill it in with a dummy principal. The server of
- * course ignores this.
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
+ arg.rec.mod_name = NULL;
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
r = create_principal3_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
memset(&arg, 0, sizeof(arg));
arg.mask = mask;
arg.api_version = handle->api_version;
- /*
- * cough cough gag gag
- * see comment in create_principal.
- */
if(princ == NULL)
return EINVAL;
- if (handle->api_version == KADM5_API_VERSION_1) {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec_v1));
- } else {
- memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
- }
+ memcpy(&arg.rec, princ, sizeof(kadm5_principal_ent_rec));
if(!(mask & KADM5_POLICY))
arg.rec.policy = NULL;
if (! (mask & KADM5_KEY_DATA)) {
arg.rec.tl_data = NULL;
}
- if (handle->api_version == KADM5_API_VERSION_1) {
- /*
- * See comment in create_principal
- */
- krb5_parse_name(handle->context, "bogus/bogus", &arg.rec.mod_name);
- } else
- arg.rec.mod_name = NULL;
+ arg.rec.mod_name = NULL;
r = modify_principal_2(&arg, handle->clnt);
- if (handle->api_version == KADM5_API_VERSION_1)
- krb5_free_principal(handle->context, arg.rec.mod_name);
-
if(r == NULL)
eret();
return r->code;
if(princ == NULL)
return EINVAL;
arg.princ = princ;
- if (handle->api_version == KADM5_API_VERSION_1)
- arg.mask = KADM5_PRINCIPAL_NORMAL_MASK;
- else
- arg.mask = mask;
+ arg.mask = mask;
arg.api_version = handle->api_version;
r = get_principal_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_principal_ent_t_v1 *entp;
-
- entp = (kadm5_principal_ent_t_v1 *) ent;
- if (r->code == 0) {
- if (!(*entp = (kadm5_principal_ent_t_v1)
- malloc(sizeof(kadm5_principal_ent_rec_v1))))
- return ENOMEM;
- /* this memcpy works because the v1 structure is an initial
- subset of the v2 struct. C guarantees that this will
- result in the same layout in memory */
- memcpy(*entp, &r->rec, sizeof(**entp));
- } else {
- *entp = NULL;
- }
- } else {
- if (r->code == 0)
- memcpy(ent, &r->rec, sizeof(r->rec));
- }
+ if (r->code == 0)
+ memcpy(ent, &r->rec, sizeof(r->rec));
return r->code;
}
r = chrand_principal3_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- if (key)
- krb5_copy_keyblock(handle->context, &r->key, key);
- } else {
- if (n_keys)
- *n_keys = r->n_keys;
- if (key) {
- if(r->n_keys) {
- *key = (krb5_keyblock *)
- malloc(r->n_keys*sizeof(krb5_keyblock));
- if (*key == NULL)
- return ENOMEM;
- for (i = 0; i < r->n_keys; i++) {
- ret = krb5_copy_keyblock_contents(handle->context,
- &r->keys[i],
- &(*key)[i]);
- if (ret) {
- free(*key);
- return ENOMEM;
- }
- }
- } else *key = NULL;
- }
+ if (n_keys)
+ *n_keys = r->n_keys;
+ if (key) {
+ if(r->n_keys) {
+ *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+ if (*key == NULL)
+ return ENOMEM;
+ for (i = 0; i < r->n_keys; i++) {
+ ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+ &(*key)[i]);
+ if (ret) {
+ free(*key);
+ return ENOMEM;
+ }
+ }
+ } else
+ *key = NULL;
}
return r->code;
r = chrand_principal_2(&arg, handle->clnt);
if(r == NULL)
eret();
- if (handle->api_version == KADM5_API_VERSION_1) {
- if (key)
- krb5_copy_keyblock(handle->context, &r->key, key);
- } else {
- if (n_keys)
- *n_keys = r->n_keys;
- if (key) {
- if(r->n_keys) {
- *key = (krb5_keyblock *)
- malloc(r->n_keys*sizeof(krb5_keyblock));
- if (*key == NULL)
- return ENOMEM;
- for (i = 0; i < r->n_keys; i++) {
- ret = krb5_copy_keyblock_contents(handle->context,
- &r->keys[i],
- &(*key)[i]);
- if (ret) {
- free(*key);
- return ENOMEM;
- }
- }
- } else *key = NULL;
- }
+ if (n_keys)
+ *n_keys = r->n_keys;
+ if (key) {
+ if(r->n_keys) {
+ *key = malloc(r->n_keys * sizeof(krb5_keyblock));
+ if (*key == NULL)
+ return ENOMEM;
+ for (i = 0; i < r->n_keys; i++) {
+ ret = krb5_copy_keyblock_contents(handle->context, &r->keys[i],
+ &(*key)[i]);
+ if (ret) {
+ free(*key);
+ return ENOMEM;
+ }
+ }
+ } else
+ *key = NULL;
}
return r->code;
r = get_policy_2(&arg, handle->clnt);
if(r == NULL)
return KADM5_RPC_ERROR;
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_policy_ent_t *entp;
-
- entp = (kadm5_policy_ent_t *) ent;
- if(r->code == 0) {
- if (!(*entp = (kadm5_policy_ent_t)
- malloc(sizeof(kadm5_policy_ent_rec))))
- return ENOMEM;
- memcpy(*entp, &r->rec, sizeof(**entp));
- } else {
- *entp = NULL;
- }
- } else {
- if (r->code == 0)
- memcpy(ent, &r->rec, sizeof(r->rec));
- }
+ if (r->code == 0)
+ memcpy(ent, &r->rec, sizeof(r->rec));
return r->code;
}
krb5_read_realm_params
krb5_string_to_flags
krb5_string_to_keysalts
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
xdr_chpass3_arg
xdr_chpass_arg
xdr_chrand3_arg
xdr_gprincs_ret
xdr_kadm5_policy_ent_rec
xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
xdr_kadm5_ret_t
xdr_krb5_deltat
xdr_krb5_enctype
return (TRUE);
}
-bool_t xdr_kadm5_principal_ent_rec_v1(XDR *xdrs,
- kadm5_principal_ent_rec *objp)
-{
- return _xdr_kadm5_principal_ent_rec(xdrs, objp, KADM5_API_VERSION_1);
-}
-
bool_t xdr_kadm5_principal_ent_rec(XDR *xdrs,
kadm5_principal_ent_rec *objp)
{
if (!xdr_krb5_deltat(xdrs, &objp->max_life)) {
return (FALSE);
}
- if (v == KADM5_API_VERSION_1) {
- if (!xdr_krb5_principal(xdrs, &objp->mod_name)) {
- return (FALSE);
- }
- } else {
- if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
- xdr_krb5_principal)) {
- return (FALSE);
- }
+ if (!xdr_nulltype(xdrs, (void **) &objp->mod_name,
+ xdr_krb5_principal)) {
+ return (FALSE);
}
if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) {
return (FALSE);
if (!xdr_long(xdrs, &objp->aux_attributes)) {
return (FALSE);
}
- if (v != KADM5_API_VERSION_1) {
- if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
- return (FALSE);
- }
- if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
- return (FALSE);
- }
- if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
- return (FALSE);
- }
- if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
- return (FALSE);
- }
- if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
- return (FALSE);
- }
- if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
- return (FALSE);
- }
- if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
- xdr_krb5_tl_data)) {
- return FALSE;
- }
- n = objp->n_key_data;
- if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
- &n, ~0, sizeof(krb5_key_data),
- xdr_krb5_key_data_nocontents)) {
- return (FALSE);
- }
+ if (!xdr_krb5_deltat(xdrs, &objp->max_renewable_life)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_timestamp(xdrs, &objp->last_success)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_timestamp(xdrs, &objp->last_failed)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_kvno(xdrs, &objp->fail_auth_count)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_int16(xdrs, &objp->n_key_data)) {
+ return (FALSE);
+ }
+ if (!xdr_krb5_int16(xdrs, &objp->n_tl_data)) {
+ return (FALSE);
+ }
+ if (!xdr_nulltype(xdrs, (void **) &objp->tl_data,
+ xdr_krb5_tl_data)) {
+ return FALSE;
+ }
+ n = objp->n_key_data;
+ if (!xdr_array(xdrs, (caddr_t *) &objp->key_data,
+ &n, ~0, sizeof(krb5_key_data),
+ xdr_krb5_key_data_nocontents)) {
+ return (FALSE);
}
return (TRUE);
}
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
if (!xdr_ui_4(xdrs, &objp->api_version)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
}
if (!xdr_long(xdrs, &objp->mask)) {
return (FALSE);
if (!xdr_kadm5_ret_t(xdrs, &objp->code)) {
return (FALSE);
}
- if (objp->api_version == KADM5_API_VERSION_1) {
- if(objp->code == KADM5_OK) {
- if (!xdr_krb5_keyblock(xdrs, &objp->key)) {
- return (FALSE);
- }
- }
- } else {
- if (objp->code == KADM5_OK) {
- if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
- sizeof(krb5_keyblock),
- xdr_krb5_keyblock))
- return FALSE;
- }
+ if (objp->code == KADM5_OK) {
+ if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
+ sizeof(krb5_keyblock), xdr_krb5_keyblock))
+ return FALSE;
}
return (TRUE);
if (!xdr_krb5_principal(xdrs, &objp->princ)) {
return (FALSE);
}
- if ((objp->api_version > KADM5_API_VERSION_1) &&
- !xdr_long(xdrs, &objp->mask)) {
+ if (!xdr_long(xdrs, &objp->mask)) {
return FALSE;
}
return (FALSE);
}
if(objp->code == KADM5_OK) {
- if (objp->api_version == KADM5_API_VERSION_1) {
- if (!xdr_kadm5_principal_ent_rec_v1(xdrs, &objp->rec)) {
- return (FALSE);
- }
- } else {
- if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
- return (FALSE);
- }
- }
+ if (!xdr_kadm5_principal_ent_rec(xdrs, &objp->rec)) {
+ return (FALSE);
+ }
}
return (TRUE);
_KADM5_CHECK_HANDLE(server_handle);
- if(val) {
- if (val->policy)
- free(val->policy);
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
- }
+ if (val)
+ free(val->policy);
return KADM5_OK;
}
}
kadm5_ret_t
-kadm5_free_principal_ent(void *server_handle,
- kadm5_principal_ent_t val)
+kadm5_free_principal_ent(void *server_handle, kadm5_principal_ent_t val)
{
- kadm5_server_handle_t handle = server_handle;
+ kadm5_server_handle_t handle = server_handle;
+ krb5_tl_data *tl;
int i;
_KADM5_CHECK_HANDLE(server_handle);
- if(val) {
- if(val->principal)
- krb5_free_principal(handle->context, val->principal);
- if(val->mod_name)
- krb5_free_principal(handle->context, val->mod_name);
- if(val->policy)
- free(val->policy);
- if (handle->api_version > KADM5_API_VERSION_1) {
- if (val->n_key_data) {
- for (i = 0; i < val->n_key_data; i++)
- krb5_free_key_data_contents(handle->context,
- &val->key_data[i]);
- free(val->key_data);
- }
- if (val->tl_data) {
- krb5_tl_data *tl;
-
- while (val->tl_data) {
- tl = val->tl_data->tl_data_next;
- free(val->tl_data->tl_data_contents);
- free(val->tl_data);
- val->tl_data = tl;
- }
- }
- }
-
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
+ if (!val)
+ return KADM5_OK;
+
+ krb5_free_principal(handle->context, val->principal);
+ krb5_free_principal(handle->context, val->mod_name);
+ free(val->policy);
+ if (val->n_key_data) {
+ for (i = 0; i < val->n_key_data; i++)
+ krb5_free_key_data_contents(handle->context, &val->key_data[i]);
+ free(val->key_data);
+ }
+
+ while (val->tl_data) {
+ tl = val->tl_data->tl_data_next;
+ free(val->tl_data->tl_data_contents);
+ free(val->tl_data);
+ val->tl_data = tl;
}
return KADM5_OK;
}
+++ /dev/null
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include <string.h>
-
-ovsec_kadm_ret_t ovsec_kadm_init_with_password(char *client_name, char *pass,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle)
-{
- return kadm5_init_with_password(client_name, pass, service_name,
- realm, struct_version, api_version, db_args,
- server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_init_with_skey(char *client_name, char *keytab,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle)
-{
- return kadm5_init_with_skey(client_name, keytab, service_name, realm,
- struct_version, api_version, db_args,
- server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_init(char *client_name, char *from_stash,
- char *service_name,
- char *realm,
- krb5_ui_4 struct_version,
- krb5_ui_4 api_version,
- char **db_args,
- void **server_handle)
-{
- return kadm5_init(client_name, from_stash, service_name,
- realm, struct_version, api_version, db_args,
- server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_destroy(void *server_handle)
-{
- return kadm5_destroy(server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_flush(void *server_handle)
-{
- return kadm5_flush(server_handle);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_create_principal(void *server_handle,
- ovsec_kadm_principal_ent_t entry,
- long mask,
- char *password)
-{
- return kadm5_create_principal(server_handle,
- (kadm5_principal_ent_t)
- entry, mask, password);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_delete_principal(void *server_handle,
- krb5_principal principal)
-{
- return kadm5_delete_principal(server_handle, principal);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_modify_principal(void *server_handle,
- ovsec_kadm_principal_ent_t entry,
- long mask)
-{
- return kadm5_modify_principal(server_handle,
- (kadm5_principal_ent_t) entry, mask);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_rename_principal(void *server_handle,
- krb5_principal source,
- krb5_principal target)
-{
- return kadm5_rename_principal(server_handle, source, target);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_principal(void *server_handle,
- krb5_principal principal,
- ovsec_kadm_principal_ent_t *entry)
-{
- return kadm5_get_principal(server_handle, principal,
- (kadm5_principal_ent_t *) entry);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal(void *server_handle,
- krb5_principal principal,
- char *password)
-{
- return kadm5_chpass_principal(server_handle, principal, password);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_chpass_principal_util(void *server_handle,
- krb5_principal princ,
- char *new_pw,
- char **ret_pw,
- char *msg_ret)
-{
- /* Oh crap. Can't change the API without bumping the API version... */
- memset(msg_ret, '\0', 1024);
- return kadm5_chpass_principal_util(server_handle, princ, new_pw,
- ret_pw, msg_ret, 1024);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_randkey_principal(void *server_handle,
- krb5_principal principal,
- krb5_keyblock **key)
-{
- return kadm5_randkey_principal(server_handle, principal, key);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_create_policy(void *server_handle,
- ovsec_kadm_policy_ent_t entry,
- long mask)
-{
- return kadm5_create_policy(server_handle,
- (kadm5_policy_ent_t) entry, mask);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_delete_policy(void *server_handle,
- ovsec_kadm_policy_t name)
-{
- return kadm5_delete_policy(server_handle, (kadm5_policy_t) name);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_modify_policy(void *server_handle,
- ovsec_kadm_policy_ent_t entry,
- long mask)
-{
- return kadm5_modify_policy(server_handle,
- (kadm5_policy_ent_t) entry, mask);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_get_policy(void *server_handle,
- ovsec_kadm_policy_t name,
- ovsec_kadm_policy_ent_t *entry)
-{
- return kadm5_get_policy(server_handle, (kadm5_policy_t) name,
- (kadm5_policy_ent_t *) entry);
-}
-
-
-ovsec_kadm_ret_t ovsec_kadm_free_policy_ent(void *server_handle,
- ovsec_kadm_policy_ent_t val)
-{
- return kadm5_free_policy_ent(server_handle, (kadm5_policy_ent_t) val);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_free_name_list(void *server_handle,
- char **names, int count)
-{
- return kadm5_free_name_list(server_handle, names, count);
-}
-
-ovsec_kadm_ret_t
-ovsec_kadm_free_principal_ent(void *server_handle,
- ovsec_kadm_principal_ent_t val)
-{
- return kadm5_free_principal_ent(server_handle,
- (kadm5_principal_ent_t) val);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_privs(void *server_handle, long *privs)
-{
- return kadm5_get_privs(server_handle, privs);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_principals(void *server_handle,
- char *exp,
- char ***princs,
- int *count)
-{
- return kadm5_get_principals(server_handle, exp, princs, count);
-}
-
-ovsec_kadm_ret_t ovsec_kadm_get_policies(void *server_handle,
- char *exp,
- char ***pols,
- int *count)
-{
- return kadm5_get_policies(server_handle, exp, pols, count);
-}
-
master_keylist
master_princ
osa_free_princ_ent
-ovsec_kadm_chpass_principal
-ovsec_kadm_chpass_principal_util
-ovsec_kadm_create_policy
-ovsec_kadm_create_principal
-ovsec_kadm_delete_policy
-ovsec_kadm_delete_principal
-ovsec_kadm_destroy
-ovsec_kadm_flush
-ovsec_kadm_free_name_list
-ovsec_kadm_free_policy_ent
-ovsec_kadm_free_principal_ent
-ovsec_kadm_get_policies
-ovsec_kadm_get_policy
-ovsec_kadm_get_principal
-ovsec_kadm_get_principals
-ovsec_kadm_get_privs
-ovsec_kadm_init
-ovsec_kadm_init_with_password
-ovsec_kadm_init_with_skey
-ovsec_kadm_modify_policy
-ovsec_kadm_modify_principal
-ovsec_kadm_randkey_principal
-ovsec_kadm_rename_principal
passwd_check
xdr_chpass3_arg
xdr_chpass_arg
xdr_gprincs_ret
xdr_kadm5_policy_ent_rec
xdr_kadm5_principal_ent_rec
-xdr_kadm5_principal_ent_rec_v1
xdr_kadm5_ret_t
xdr_krb5_deltat
xdr_krb5_enctype
void **server_handle)
{
/*
- * A program calling init_with_creds *never* expects to prompt the
- * user. Therefore, always pass a dummy password in case this is
- * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
- * MKEY_FROM_KBD is non-zero, return an error.
+ * A program calling init_with_creds *never* expects to prompt
+ * the user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+ * non-zero, return an error.
*/
- if (api_version == KADM5_API_VERSION_2 && params &&
- (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+ if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
return kadm5_init(client_name, NULL, service_name, params,
{
/*
* A program calling init_with_skey *never* expects to prompt the
- * user. Therefore, always pass a dummy password in case this is
- * KADM5_API_VERSION_1. If this is KADM5_API_VERSION_2 and
- * MKEY_FROM_KBD is non-zero, return an error.
+ * user. If this is KADM5_API_VERSION_2 and MKEY_FROM_KBD is
+ * non-zero, return an error.
*/
- if (api_version == KADM5_API_VERSION_2 && params &&
- (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
+ if (params && (params->mask & KADM5_CONFIG_MKEY_FROM_KBD) &&
params->mkey_from_kbd)
return KADM5_BAD_SERVER_PARAMS;
return kadm5_init(client_name, NULL, service_name, params,
KADM5_NEW_SERVER_API_VERSION);
/*
- * Acquire relevant profile entries. In version 2, merge values
+ * Acquire relevant profile entries. Merge values
* in params_in with values from profile, based on
* params_in->mask.
- *
- * In version 1, we've given a realm (which may be NULL) instead
- * of params_in. So use that realm, make params_in contain an
- * empty mask, and behave like version 2.
*/
memset(¶ms_local, 0, sizeof(params_local));
- if (api_version == KADM5_API_VERSION_1) {
- params_local.realm = (char *) params_in;
- if (params_in)
- params_local.mask = KADM5_CONFIG_REALM;
- params_in = ¶ms_local;
- }
#if 0 /* Now that we look at krb5.conf as well as kdc.conf, we can
expect to see admin_server being set sometimes. */
return ret;
}
- /*
- * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL
- * or an empty string, reads the master password from [the stash
- * file]. Otherwise, the non-NULL password is ignored and the
- * user is prompted for it via the tty." However, the code was
- * implemented the other way: when a non-NULL password was
- * provided, the stash file was used. This is somewhat more
- * sensible, as then a local or remote client that provides a
- * password does not prompt the user. This code maintains the
- * previous actual behavior, and not the old spec behavior,
- * because that is how the unit tests are written.
- *
- * In KADM5_API_VERSION_2, this decision is controlled by
- * params.
- *
- * kdb_init_master's third argument is "from_keyboard".
- */
ret = kdb_init_master(handle, handle->params.realm,
- (handle->api_version == KADM5_API_VERSION_1 ?
- ((pass == NULL) || !(strlen(pass))) :
- ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
- && handle->params.mkey_from_kbd)
- ));
+ (handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD)
+ && handle->params.mkey_from_kbd);
if (ret) {
krb5_db_fini(handle->context);
krb5_free_context(handle->context);
free(val->policy);
/* XXX free key_data and tl_data */
-
- if (handle->api_version == KADM5_API_VERSION_1)
- free(val);
}
return KADM5_OK;
}
kadm5_policy_ent_t entry)
{
osa_policy_ent_t t;
- kadm5_policy_ent_rec entry_local, **entry_orig, *new;
int ret;
kadm5_server_handle_t handle = server_handle;
int cnt=1;
krb5_clear_error_message(handle->context);
- /*
- * In version 1, entry is a pointer to a kadm5_policy_ent_t that
- * should be filled with allocated memory.
- */
- if (handle->api_version == KADM5_API_VERSION_1) {
- entry_orig = (kadm5_policy_ent_rec **) entry;
- *entry_orig = NULL;
- entry = &entry_local;
- }
-
if (name == (kadm5_policy_t) NULL)
return EINVAL;
if(strlen(name) == 0)
entry->policy_refcnt = t->policy_refcnt;
krb5_db_free_policy(handle->context, t);
- if (handle->api_version == KADM5_API_VERSION_1) {
- new = (kadm5_policy_ent_t) malloc(sizeof(kadm5_policy_ent_rec));
- if (new == NULL) {
- free(entry->policy);
- krb5_db_free_policy(handle->context, t);
- return ENOMEM;
- }
- *new = *entry;
- *entry_orig = new;
- }
-
return KADM5_OK;
}
long mask;
int i;
kadm5_server_handle_t handle = server_handle;
- kadm5_principal_ent_rec entry_local, *entry_orig;
CHECK_HANDLE(server_handle);
* entry is a pointer to a kadm5_principal_ent_t_v1 that should be
* filled with allocated memory.
*/
- if (handle->api_version == KADM5_API_VERSION_1) {
- mask = KADM5_PRINCIPAL_NORMAL_MASK;
- entry_orig = entry;
- entry = &entry_local;
- } else {
- mask = in_mask;
- }
+ mask = in_mask;
memset(entry, 0, sizeof(*entry));
if (ret)
goto done;
- /*
- * It's my understanding that KADM5_API_VERSION_1 is for OpenVision admin
- * system compatiblity and is not required to maintain at this point so I'm
- * commenting out this code.
- * -- Will Fiveash
- */
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
- if (handle->api_version == KADM5_API_VERSION_2)
- entry->mkvno = 0;
- else {
- /* XXX I'll be damned if I know how to deal with this one --marc */
- entry->mkvno = 1;
- }
-#endif /**************** END IFDEF'ed OUT *******************************/
-
- /*
- * The new fields that only exist in version 2 start here
- */
- if (handle->api_version == KADM5_API_VERSION_2) {
- if (mask & KADM5_MAX_RLIFE)
- entry->max_renewable_life = kdb.max_renewable_life;
- if (mask & KADM5_LAST_SUCCESS)
- entry->last_success = kdb.last_success;
- if (mask & KADM5_LAST_FAILED)
- entry->last_failed = kdb.last_failed;
- if (mask & KADM5_FAIL_AUTH_COUNT)
- entry->fail_auth_count = kdb.fail_auth_count;
- if (mask & KADM5_TL_DATA) {
- krb5_tl_data *tl, *tl2;
-
- entry->tl_data = NULL;
-
- tl = kdb.tl_data;
- while (tl) {
- if (tl->tl_data_type > 255) {
- if ((tl2 = dup_tl_data(tl)) == NULL) {
- ret = ENOMEM;
- goto done;
- }
- tl2->tl_data_next = entry->tl_data;
- entry->tl_data = tl2;
- entry->n_tl_data++;
- }
+ if (mask & KADM5_MAX_RLIFE)
+ entry->max_renewable_life = kdb.max_renewable_life;
+ if (mask & KADM5_LAST_SUCCESS)
+ entry->last_success = kdb.last_success;
+ if (mask & KADM5_LAST_FAILED)
+ entry->last_failed = kdb.last_failed;
+ if (mask & KADM5_FAIL_AUTH_COUNT)
+ entry->fail_auth_count = kdb.fail_auth_count;
+ if (mask & KADM5_TL_DATA) {
+ krb5_tl_data *tl, *tl2;
- tl = tl->tl_data_next;
- }
- }
- if (mask & KADM5_KEY_DATA) {
- entry->n_key_data = kdb.n_key_data;
- if(entry->n_key_data) {
- entry->key_data = (krb5_key_data *)
- malloc(entry->n_key_data*sizeof(krb5_key_data));
- if (entry->key_data == NULL) {
- ret = ENOMEM;
- goto done;
- }
- } else
- entry->key_data = NULL;
-
- for (i = 0; i < entry->n_key_data; i++)
- ret = krb5_copy_key_data_contents(handle->context,
- &kdb.key_data[i],
- &entry->key_data[i]);
- if (ret)
- goto done;
- }
- }
+ entry->tl_data = NULL;
- /*
- * If KADM5_API_VERSION_1, we return an allocated structure, and
- * we need to convert the new structure back into the format the
- * caller is expecting.
- */
- if (handle->api_version == KADM5_API_VERSION_1) {
- kadm5_principal_ent_t_v1 newv1;
+ tl = kdb.tl_data;
+ while (tl) {
+ if (tl->tl_data_type > 255) {
+ if ((tl2 = dup_tl_data(tl)) == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ tl2->tl_data_next = entry->tl_data;
+ entry->tl_data = tl2;
+ entry->n_tl_data++;
+ }
- newv1 = ((kadm5_principal_ent_t_v1) calloc(1, sizeof(*newv1)));
- if (newv1 == NULL) {
- ret = ENOMEM;
- goto done;
- }
+ tl = tl->tl_data_next;
+ }
+ }
+ if (mask & KADM5_KEY_DATA) {
+ entry->n_key_data = kdb.n_key_data;
+ if(entry->n_key_data) {
+ entry->key_data = malloc(entry->n_key_data*sizeof(krb5_key_data));
+ if (entry->key_data == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ } else
+ entry->key_data = NULL;
- newv1->principal = entry->principal;
- newv1->princ_expire_time = entry->princ_expire_time;
- newv1->last_pwd_change = entry->last_pwd_change;
- newv1->pw_expiration = entry->pw_expiration;
- newv1->max_life = entry->max_life;
- newv1->mod_name = entry->mod_name;
- newv1->mod_date = entry->mod_date;
- newv1->attributes = entry->attributes;
- newv1->kvno = entry->kvno;
- newv1->mkvno = entry->mkvno;
- newv1->policy = entry->policy;
- newv1->aux_attributes = entry->aux_attributes;
-
- *((kadm5_principal_ent_t_v1 *) entry_orig) = newv1;
+ for (i = 0; i < entry->n_key_data; i++)
+ ret = krb5_copy_key_data_contents(handle->context,
+ &kdb.key_data[i],
+ &entry->key_data[i]);
+ if (ret)
+ goto done;
}
ret = KADM5_OK;
goto done;
if (keyblocks) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- /* Version 1 clients will expect to see a DES_CRC enctype. */
- ret = krb5_dbe_find_enctype(handle->context, &kdb,
- ENCTYPE_DES_CBC_CRC,
- -1, -1, &key_data);
- if (ret)
- goto done;
-
- ret = decrypt_key_data(handle->context, act_mkey, 1, key_data,
- keyblocks, NULL);
- if (ret)
- goto done;
- } else {
- ret = decrypt_key_data(handle->context, act_mkey,
- kdb.n_key_data, kdb.key_data,
- keyblocks, n_keys);
- if (ret)
- goto done;
- }
+ ret = decrypt_key_data(handle->context, act_mkey,
+ kdb.n_key_data, kdb.key_data,
+ keyblocks, n_keys);
+ if (ret)
+ goto done;
}
/* key data changed, let the database provider know */
}
}
- if (handle->api_version == KADM5_API_VERSION_1) {
- /* Version 1 clients will expect to see a DES_CRC enctype. */
- if ((ret = krb5_dbe_find_enctype(handle->context, &kdb,
- ENCTYPE_DES_CBC_CRC,
- -1, -1, &key_data)))
- goto done;
-
- if ((ret = decrypt_key_data(handle->context, mkey_ptr, 1, key_data,
- keyblocks, NULL)))
- goto done;
- } else {
- ret = decrypt_key_data(handle->context, mkey_ptr,
- kdb.n_key_data, kdb.key_data,
- keyblocks, n_keys);
- if (ret)
- goto done;
- }
+ ret = decrypt_key_data(handle->context, mkey_ptr,
+ kdb.n_key_data, kdb.key_data,
+ keyblocks, n_keys);
+ if (ret)
+ goto done;
}
ret = KADM5_OK;
myfulldir=lib/kadm5/unit-test
mydir=lib/kadm5/unit-test
BUILDTOP=$(REL)..$(S)..$(S)..
-DEFINES = -DUSE_KADM5_API_VERSION=1
+DEFINES =
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
$(CC_LINK) -o server-iter-test iter-test.o \
$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
-setkey-test.o: $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
- $(CC) $(ALL_CFLAGS) -UUSE_KADM5_API_VERSION -DUSE_KADM5_API_VERSION=2 -c $(SRCTOP)/lib/kadm5/unit-test/setkey-test.c
-
server-setkey-test: setkey-test.o $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIBS)
$(CC_LINK) -o server-setkey-test setkey-test.o \
$(KADMSRV_LIBS) $(KDB_DEP_LIB) $(KRB5_BASE_LIBS)
+++ /dev/null
-The deja-gnu unit tests in this directory are arranged as follows:
-
-api.0: original unit tests for the ovsec_kadm_api
-
-api.1: additional tests for ovsec_kadm_api that run after api.0
-
-api.2: Each file whose name is the same as a file in api.0 contains
-all of the same tests, but using the kadm5 with KADM5_API_VERSION_1.
-Each file with a -v2 suffix tests KADM5_API_VERSION_2-specific
-functionality. New tests should be added to the files in this
-directory, not api.0. Tests should be added to the lowest-numbered
-version file they apply to.
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "chpass-principal 180"
-proc test180 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_chpass_principal $server_handle "%s/a" FoobarBax
- } $test]
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test180 }
-
-test "chpass-principal 180.5"
-proc test1805 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_chpass_principal $server_handle "%s/a" FoobarBax
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test1805 }
-
-#
-# admin with changepw service tickets try to change other principals
-# password, failes with AUTH error
-test "chpass-principal 180.625"
-proc test180625 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_chpass_principal $server_handle "%s/a" password
- } $test] "AUTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test180625 }
-
-test "chpass-principal 180.75"
-proc test18075 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_chpass_principal $server_handle "%s/a" Foobar
- } $test] "AUTH_CHANGEPW"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test18075 }
-
-test "chpass-principal 182"
-proc test182 {} {
- global test
-
- if { ! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_chpass_principal $server_handle kadmin/history password
- } "PROTECT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test182
-
-test "chpass-principal 183"
-proc test183 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if { ! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_chpass_principal null "%s/a" password
- } $test] "BAD_SERVER_HANDLE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test183
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-# Description: (1) Fails for mask with undefined bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 1"
-proc test1 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- 0xF01000
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test1
-
-# Description: (2) Fails if caller connected with CHANGEPW_SERVICE.
-test "create-policy 2"
-proc test2 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy";
- return
- }
-}
-if {$RPC} { test2 }
-
-# Description: (3) Fails for mask without POLICY bit set.
-# 01/24/94: pshuang: untried.
-test "create-policy 3"
-proc test3 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- 0x000000
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-# Description: (4) Fails for mask with REF_COUNT bit set.
-test "create-policy 4"
-proc test4 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete policy \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
-# Description: (5) Fails for invalid policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 5"
-proc test5 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/\a"] \
- {OVSEC_KADM_POLICY}
- } $test] "BAD_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-# Description: (6) Fails for existing policy name.
-test "create-policy 6"
-proc test6 {} {
- global test
-# set prms_id 777
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_create_policy $server_handle [simple_policy test-pol] \
- {OVSEC_KADM_POLICY}
- } "DUP"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test6
-
-# Description: (7) Fails for null policy name.
-# 01/24/94: pshuang: untried.
-test "create-policy 7"
-proc test7 {} {
- global test
-# set prms_id 1977
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_create_policy $server_handle [simple_policy null] \
- {OVSEC_KADM_POLICY}
- } "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test7
-
-# Description: (8) Fails for empty-string policy name.
-test "create-policy 8"
-proc test8 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_create_policy $server_handle [simple_policy ""] \
- {OVSEC_KADM_POLICY}
- } "BAD_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-# Description: (9) Accepts 0 for pw_min_life.
-test "create-policy 9"
-proc test9 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}
- } $test]]} {
- fail "$test: create failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-# Description: (10) Accepts non-zero for pw_min_life.
-test "create-policy 10"
-proc test10 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 32 0 0 0 0 0 } \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-# Description: (11) Accepts 0 for pw_max_life.
-test "create-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-# Description: (12) Accepts non-zero for pw_max_life.
-test "create-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 32 0 0 0 0 } \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MAX_LIFE}
- } $test]]} {
- fail "$test"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-# Description: (13) Rejects 0 for pw_min_length.
-test "create-policy 13"
-proc test13 {} {
- global test
- global prompt
-
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-# Description: (14) Accepts non-zero for pw_min_length.
-test "create-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 8 0 0 0 } \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-# Description: (15) Rejects 0 for pw_min_classes.
-test "create-policy 15"
-proc test15 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-# Description: (16) Accepts 1 for pw_min_classes.
-test "create-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 1 0 0 } \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-# Description: (17) Accepts 4 for pw_min_classes.
-test "create-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-# Description: (18) Rejects 5 for pw_min_classes.
-test "create-policy 18"
-proc test18 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-# Description: (19) Rejects 0 for pw_history_num.
-test "create-policy 19"
-proc test19 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-# Description: (20) Accepts 1 for pw_history_num.
-test "create-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retreuve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-# Description: (21) Accepts 10 for pw_history_num.
-test "create-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
- {OVSEC_KADM_POLICY OVSEC_KADM_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-# Description: (22) Fails for user with no access bits.
-test "create-policy 22"
-proc test22 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-# Description: (23) Fails for user with "get" but not "add".
-test "create-policy 23"
-proc test23 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-# Description: (24) Fails for user with "modify" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 24"
-proc test24 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test24
-
-# Description: (25) Fails for user with "delete" but not "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 25"
-proc test25 {} {
- global test
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test25
-
-# Description: Succeeds for user with "add".
-test "create-policy 26"
-proc test26 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-# Description: Succeeds for user with "get" and "add".
-# 01/24/94: pshuang: untried.
-test "create-policy 27"
-proc test27 {} {
- global test
-
- if {! (( ! [policy_exists "$test/a"]) ||
- [delete_policy "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get-add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_create_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test27
-
-# Description: (28) Rejects null policy argument.
-# 01/24/94: pshuang: untried.
-test "create-policy 28"
-proc test28 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_create_policy $server_handle null {OVSEC_KADM_POLICY}
- } "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "create-policy 30"
-proc test30 {} {
- global test
- one_line_fail_test [format {
- ovsec_kadm_create_policy null [simple_policy "%s/a"] \
- {OVSEC_KADM_POLICY}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-#test "create-principal 1"
-#
-#proc test1 {} {
-# global test
-# begin_dump
-# one_line_fail_test [format {
-# ovsec_kadm_create_principal $server_handle \
-# [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-# } $test $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test1
-
-test "create-principal 2"
-
-proc test2 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_create_principal $server_handle null \
- {OVSEC_KADM_PRINCIPAL} testpass
- } "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test2
-
-test "create-principal 3"
-proc test3 {} {
- global test
-# set prms_id 777
-# setup_xfail {*-*-*} $prms_id
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} null
- } $test] "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test3
-
-test "create-principal 4"
-proc test4 {} {
- global test
-
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} ""
- } $test] "_Q_TOOSHORT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test4
-
-test "create-principal 5"
-proc test5 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle \
- [simple_principal "%s/a"] {0x100001} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test5
-
-test "create-principal 6"
-proc test6 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_LAST_PWD_CHANGE} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test6
-
-test "create-principal 7"
-proc test7 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MOD_TIME} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test7
-
-test "create-principal 8"
-proc test8 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MOD_NAME} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test8
-
-test "create-principal 9"
-proc test9 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MKVNO} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test9
-
-test "create-principal 10"
-proc test10 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_AUX_ATTRIBUTES} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test10
-
-test "create-principal 11"
-proc test11 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_POLICY_CLR} "%s/a"
- } $test $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test11
-
-test "create-principal 12"
-proc test12 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-
-}
-if {$RPC} { test12 }
-
-test "create-principal 13"
-proc test13 {} {
- global test
- begin_dump
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test13 }
-
-test "create-principal 14"
-proc test14 {} {
- global test
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test14 }
-
-test "create-principal 15"
-proc test15 {} {
- global test
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test15 }
-
-test "create-principal 16"
-proc test16 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-if {$RPC} { test16 }
-
-test "create-principal 17"
-proc test17 {} {
- global test
-
- begin_dump
- if {! (( [principal_exists "$test/a"]) || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} testpass
- } $test] "DUP"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test17
-
-test "create-principal 18"
-proc test18 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} tP
- } $test] "_Q_TOOSHORT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test18
-
-test "create-principal 19"
-proc test19 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} testpassword
- } $test] "_Q_CLASS"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test19
-
-test "create-principal 20"
-proc test20 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} Abyssinia
- } $test] "_Q_DICT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test20
-
-test "create-principal 21"
-proc test21 {} {
- global test
-
- begin_dump
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" non-existant-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} NotinTheDictionary
- } $test] "UNK_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- end_dump_compare "no-diffs"
-}
-test21
-
-test "create-principal 23"
-proc test23 {} {
- global test
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- one_line_succeed_test \
- [format {ovsec_kadm_get_principal $server_handle "%s/a" p} $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test23
-
-test "create-principal 24"
-proc test24 {} {
- global test
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- one_line_succeed_test \
- [format {ovsec_kadm_get_principal $server_handle "%s/a" p} $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test24 }
-
-
-test "create-principal 28"
-proc test28 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
-
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "create-principal 29"
-proc test29 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PRINC_EXPIRE_TIME} \
- inTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 1\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test29
-
-test "create-principal 30"
-proc test30 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "create-principal 31"
-proc test31 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol-nopw] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
- OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "create-principal 32"
-proc test32 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- [princ_w_pol "%s/a" test-pol] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
- OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
-
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 0 } {
- fail "$test: pw_expire $pw_expire should be 0"
- return
- } else {
- pass "$test"
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
- return
- }
-}
-test32
-
-test "create-principal 33"
-proc test33 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
-perror"$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- {"%s/a" 0 0 1234 0 null 0 0 0 0 null 0} \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test33
-
-test "create-principal 34"
-proc test34 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- { "%s/a" 0 0 1234 0 null 0 0 0 0 test-pol-nopw 0} \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
- OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test34
-
-test "create-principal 35"
-proc test35 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- {"%s/a" 0 0 1234 0 null 0 0 0 0 test-pol 0} \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
- OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test35
-
-test "create-principal 36"
-proc test36 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle \
- {"%s/a" 0 0 999999999 0 null 0 0 0 0 test-pol 0} \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY \
- OVSEC_KADM_PW_EXPIRATION} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy} ]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
-
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 999999999 } {
- fail "$test: pw_expire $pw_expire should be 999999999"
- return
- } else {
- pass "$test"
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
- return
- }
-}
-test36
-
-test "create-principal 37"
-proc test37 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL} NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test37
-
-test "create-principal 38"
-proc test38 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
- test-pol-nopw] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test38
-
-test "create-principal 39"
-proc test39 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if { ! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: cannot not retrieve principal"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { [expr "$mod_date + $pw_max_life - $pw_expire"] > 5 } {
- fail "$test: pw_expire is wrong"
- return
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-perror"$test: unexpected failure in destroy"
- return
- }
-}
-test39
-
-test "create-principal 40"
-proc test40 {} {
- global test
- global prompt
-
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
-perror"$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL OVSEC_KADM_PW_EXPIRATION} \
- NotinTheDictionary
- } $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- fail "$test: can not retreive principal"
- return;
- }
- send "lindex \$principal 4\n"
- expect {
- -re "0.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test40
-
-test "create-principal 43"
-proc test43 {} {
- global test
- one_line_fail_test [format {
- ovsec_kadm_create_principal null \
- [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
- } $test $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "destroy 1"
-
-proc test1 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_destroy $server_handle}
- end_dump_compare "no-diffs"
-}
-test1
-
-#test "destroy 2"
-#
-#proc test2 {} {
-# global test
-# begin_dump
-# if {! [cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test \
-# {ovsec_kadm_get_principal $server_handle admin principal} \
-# "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test2
-
-#test "destroy 3"
-#proc test3 {} {
-# global test
-#
-# begin_dump
-# if {! (( ! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-# error_and_restart "$test couldn't delete principal \"$test/a\""
-# return
-# }
-# if {! [cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# ovsec_kadm_create_principal $server_handle \
-# [simple_principal "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-# } $test $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test3
-
-#test "destroy 4"
-#proc test4 {} {
-# global test prompt
-#
-# if {! (([principal_exists "$test/a"]) || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! ([cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }] &&
-# [cmd [format {
-# ovsec_kadm_get_principal $server_handle "%s/a" principal
-# } $test]])} {
-# error_and_restart "$test: error getting principal"
-# return;
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# ovsec_kadm_modify_principal $server_handle \
-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
-# } $test "77"] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test4
-
-#test "destroy 5"
-#
-#proc test5 {} {
-# global test
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! [cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure on init"
-# return
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# return
-# }
-# one_line_fail_test [format {
-# ovsec_kadm_delete_principal $server_handle "%s/a"
-# } $test] "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test5
-
-#test "destroy 6"
-#
-#proc test6 {} {
-# global test
-# begin_dump
-# one_line_fail_test {ovsec_kadm_destroy $server_handle} "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test6
-
-
-#test "destroy 7"
-#
-#proc test7 {} {
-# global test
-# begin_dump
-# if {! [cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }]} {
-# perror "$test: unexpected failure in init"
-# return
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-# one_line_fail_test {ovsec_kadm_destroy $server_handle} "NOT_INIT"
-# end_dump_compare "no-diffs"
-#}
-#test7
-
-test "destroy 8"
-proc test8 {} {
- global test
- begin_dump
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
- one_line_succeed_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
- end_dump_compare "no-diffs"
-}
-test8
-
-test "destroy 9"
-proc test9 {} {
- global test
- one_line_fail_test {ovsec_kadm_destroy null} "BAD_SERVER_HANDLE"
-}
-test9
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "delete-policy 2"
-proc test2 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {ovsec_kadm_delete_policy $server_handle ""} "BAD_POL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "delete-policy 5"
-proc test5 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} test5
-
-test "delete-policy 6"
-proc test6 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} test6
-
-test "delete-policy 7"
-proc test7 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_policy $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test7
-
-test "delete-policy 10"
-proc test10 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_delete_policy $server_handle "%s/a"
- } $test]]} {
- fail "$test"
- return
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if { [policy_exists "$test/a"]} {
- fail "$test"
- return
- }
-}
-test10
-
-test "delete-policy 12"
-proc test12 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test unexecpted failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_create_principal $server_handle [princ_w_pol "%s/a" \
- "%s/a"] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} \
- NotinTheDictionary
- } $test $test]]} {
- fail "$test: can not create principal"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {ovsec_kadm_delete_policy $server_handle test-pol} "POLICY_REF"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "delete-policy 13"
-proc test13 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_policy null "%s/a"
- } $test] "BAD_SERVER_HANDLE"
-}
-test13
-
-return ""
+++ /dev/null
-load_lib lib.t
-
-api_exit
-api_start
-
-#test "delete-principal 1"
-#proc test1 {} {
-# global test
-# one_line_fail_test [format {
-# ovsec_kadm_delete_principal $server_handle "%s/a"
-# } $test] "NOT_INIT"
-#}
-#test1
-
-test "delete-principal 2"
-proc test2 {} {
- global test
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {ovsec_kadm_delete_principal $server_handle null} "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "delete-principal 5"
-proc test5 {} {
- global test
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "UNK_PRINC"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-test "delete-principal 6"
-proc test6 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" test-pol])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test6 }
-
-
-test "delete-principal 7"
-proc test7 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test7 }
-
-
-test "delete-principal 8"
-proc test8 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test8 }
-
-test "delete-principal 9"
-proc test9 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test9 }
-
-test "delete-principal 10"
-proc test10 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test10 }
-
-test "delete-principal 11"
-proc test11 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test]]} {
- fail "$test: delete failed"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
- if { [principal_exists "$test/a"] } {
- fail "$test"
- return
- }
-}
-test11
-
-test "delete-principal 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" test-pol])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_delete_principal $server_handle "%s/a"
- } $test]]} {
- fail "$test: delete failed"
- return
- }
- if { [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test]]} {
- fail "$test: principal still exists"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- send "lindex \$p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- send "lindex \$p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { [expr "$oldref - 1"] != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- pass "$test"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-
-test12
-
-test "delete-principal 13"
-proc test13 {} {
- global test
- one_line_fail_test [format {
- ovsec_kadm_delete_principal null "%s/a"
- } $test] "BAD_SERVER_HANDLE"
-}
-test13
-
-return ""
-
-
-
-
-
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-policy 3"
-proc test3 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {ovsec_kadm_get_policy $server_handle "" p} "BAD_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3
-
-test "get-policy 6"
-proc test6 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test6
-
-test "get-policy 7"
-proc test7 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test7
-
-test "get-policy 11"
-proc test11 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/get-pol StupidAdmin $OVSEC_KADM_ADMIN_SERVICE \
- null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_policy $server_handle test-pol p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "get-policy 12"
-proc test12 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/get-pol StupidAdmin \
- $OVSEC_KADM_CHANGEPW_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "get-policy 15"
-proc test15 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "get-policy 16"
-proc test16 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/pol StupidAdmin $OVSEC_KADM_CHANGEPW_SERVICE \
- null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_policy $server_handle test-pol-nopw p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "get-policy 17"
-proc test17 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_policy $server_handle test-pol p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "get-policy 18"
-proc test18 {} {
- global test
-
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {ovsec_kadm_get_policy $server_handle test-pol p} \
- "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } test18
-
-test "get-policy 21"
-proc test21 {} {
- global test
-
- one_line_fail_test {ovsec_kadm_get_policy null "pol1" p} "BAD_SERVER_HANDLE"
-}
-test21
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "get-principal 1"
-proc test1 {} {
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test \
- {ovsec_kadm_get_principal $server_handle null p} "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test1
-
-test "get-principal 2"
-proc test2 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "UNK_PRINC"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test2
-
-test "get-principal 3"
-proc test3 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test3 }
-
-test "get-principal 4"
-proc test4 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test4 }
-
-test "get-principal 5"
-proc test5 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test5 }
-
-test "get-principal 6"
-proc test6 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test6 }
-
-test "get-principal 7"
-proc test7 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
-
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test7 }
-
-
-test "get-principal 8"
-proc test8 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_get_principal $server_handle "%s/a" p
- } $test] "AUTH_GET"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test8 }
-
-
-test "get-principal 9"
-proc test9 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_principal $server_handle admin/none p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "get-principal 10"
-proc test10 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_principal $server_handle admin/none p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-test "get-principal 11"
-proc test11 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "get-principal 12"
-proc test12 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/get p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "get-principal 13"
-proc test13 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/add p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "get-principal 14"
-proc test14 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin/get-mod admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test {ovsec_kadm_get_principal $server_handle admin/add p}
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "get-principal 15"
-proc test15 {} {
- one_line_fail_test \
- {ovsec_kadm_get_principal null "admin" p} "BAD_SERVER_HANDLE"
-}
-test15
-
-return ""
-
-
-
-
+++ /dev/null
-load_lib lib.t
-
-# Assumptions:
-#
-# Principal "admin" exists, with "get", "add", "modify" and "delete"
-# access bits and password "admin".
-# The string "not-the-password" isn't the password of any user in the database.
-# Database master password is "mrroot".
-
-api_exit
-api_start
-test "init 1"
-
-one_line_fail_test_nochk \
- {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE "" \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 2"
-
-one_line_fail_test_nochk \
- {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE @ \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 2.5"
-
-one_line_fail_test_nochk \
- {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE BAD.REALM \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
-
-test "init 3"
-
-proc test3 {} {
- global test
- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- one_line_fail_test_nochk [format {
- ovsec_kadm_init admin admin "%s/a" null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- } $test]
-}
-if {$RPC} { test3 }
-
-test "init 4"
-
-proc test4 {} {
- global test
- if {! ((! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
-
- one_line_fail_test_nochk [format {
- ovsec_kadm_init admin admin "%s/a" null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test]
-}
-if {$RPC} { test4 }
-
-test "init 5"
-
-if {$RPC} {
- one_line_fail_test_nochk {
- ovsec_kadm_init admin admin admin null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }
-}
-
-test "init 6"
-
-proc test6 {} {
- global test
-
- send "ovsec_kadm_init admin null \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
-
- expect {
- -re "assword\[^\r\n\]*: *" { }
- eof {
- fail "$test: eof instead of password prompt"
- api_exit
- api_start
- return
- }
- timeout {
- fail "$test: timeout instead of password prompt"
- return
- }
- }
- one_line_succeed_test "admin"
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if { $RPC } { test6 }
-
-test "init 7"
-proc test7 {} {
- global test
-
- send "ovsec_kadm_init admin \"\" \$OVSEC_KADM_ADMIN_SERVICE null \$OVSEC_KADM_STRUCT_VERSION \$OVSEC_KADM_API_VERSION_1 server_handle\n"
-
- expect {
- -re "assword\[^\r\n\]*: *" { }
- -re "\n\[^\n\]+key:\[^\n\]*$" { }
- eof {
- fail "$test: eof instead of password prompt"
- api_exit
- api_start
- return
- }
- timeout {
- fail "$test: timeout instead of password prompt"
- return
- }
- }
- one_line_succeed_test "admin"
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if { $RPC } { test7 }
-
-test "init 8"
-
-proc test8 {} {
- global test
- if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- one_line_fail_test_nochk [format {
- ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test]
-}
-if {$RPC} { test8 }
-
-test "init 9"
-
-if {$RPC} {
- global test
- one_line_fail_test_nochk {
- ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
-}
-
-test "init 10"
-
-proc test10 {} {
- global test
-# set prms_id 562
-# setup_xfail {*-*-*} $prms_id
- one_line_fail_test_nochk {
- ovsec_kadm_init null admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
-}
-test10
-
-#test "init 11"
-#
-#proc test11 {} {
-# global test
-# set prms_id 563
-# setup_xfail {*-*-*} $prms_id
-# one_line_fail_test_nochk {
-# ovsec_kadm_init "" admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }
-#}
-#test11
-
-test "init 12"
-
-proc test12 {} {
- global test
- one_line_fail_test_nochk [format {
- ovsec_kadm_init "%s/a" admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test]
-}
-if {$RPC} { test12 }
-
-test "init 13"
-
-proc test13 {} {
- global test
- one_line_fail_test_nochk [format {
- ovsec_kadm_init "%s/a@SECURE-TEST.OV.COM" admin \
- $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- } $test]
-}
-if {$RPC} { test13 }
-
-test "init 14"
-
-proc test14 {} {
- global test
- one_line_fail_test_nochk [format {
- ovsec_kadm_init "%s/a@BAD.REALM" admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test]
-}
-if {$RPC} { test14 }
-
-test "init 15"
-
-if {$RPC} {
- one_line_fail_test_nochk {
- ovsec_kadm_init admin@BAD.REALM admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
-}
-
-test "init 16"
-
-proc test16 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test16
-
-test "init 17"
-
-proc test17 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
- $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test17
-
-test "init 18"
-
-proc test18 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test18
-
-test "init 19"
-
-proc test19 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin@SECURE-TEST.OV.COM admin \
- $OVSEC_KADM_ADMIN_SERVICE SECURE-TEST.OV.COM \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test19
-
-test "init 20"
-
-proc test20 {} {
- global test
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- error_and_restart "$test: couldn't init database"
- return
- }
- one_line_succeed_test \
- {ovsec_kadm_get_principal $server_handle admin principal}
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test20
-
-#test "init 21"
-#
-#proc test21 {} {
-# global test
-# if {! [cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }]} {
-# error_and_restart "$test: couldn't init database"
-# return
-# }
-# one_line_fail_test_nochk {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }
-# if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
-# error_and_restart "$test: couldn't close database"
-# }
-#}
-#test21
-
-
-proc test22 {} {
- global test prompt
- set prompting 0
- send [string trim {
- ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }]
- send "\n"
- expect {
- -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
- -re "\nOK .*$prompt$" { fail "$test: premature success" }
- -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
- timeout { fail "$test: timeout" }
- eof { fail "$test: eof" }
- }
- if {$prompting} {
- one_line_succeed_test mrroot
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test22 }
-
-test "init 22.5"
-proc test225 {} {
- global test prompt
- set prompting 0
- send [string trim {
- ovsec_kadm_init admin null null null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }]
- send "\n"
- expect {
- -re "\n\[^\n\]+:\[^\n\]*$" { set prompting 1}
- -re "\nOK .*$prompt$" { fail "$test: premature success" }
- -re "\nERROR .*$prompt$" { fail "$test: premature failure" }
- timeout { fail "$test: timeout" }
- eof { fail "$test: eof" }
- }
- if {$prompting} {
- one_line_succeed_test mrroot
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test225 }
-
-test "init 23"
-
-proc test23 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin not-the-password $OVSEC_KADM_ADMIN_SERVICE \
- null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test23 }
-
-test "init 24"
-
-proc test24 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin admin null null $OVSEC_KADM_STRUCT_VERSION \
- $OVSEC_KADM_API_VERSION_1 server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test24 }
-
-test "init 25"
-
-proc test25 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin admin foobar null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if {! $RPC} { test25 }
-
-test "init 26"
-
-#proc test26 {} {
-# global test
-#
-# api_exit
-# api_start
-# one_line_fail_test_nochk {
-# ovsec_kadm_get_principal $server_handle admin principal
-# }
-#}
-#test26
-
-#test "init 27"
-#
-#proc test27 {} {
-# global test
-#
-# if {! ((! [principal_exists "$test/a"]) || [delete_principal "$test/a"])} {
-# error_and_restart "$test: couldn't delete principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {[cmd [format {
-# ovsec_kadm_create_principal $server_handle [simple_principal \
-# "%s/a"] {OVSEC_KADM_PRINCIPAL} "%s/a"
-# } $test $test]]} {
-# fail "$test: unexpected success in add"
-# return
-# }
-# end_dump_compare "no-diffs"
-#}
-#test27
-
-#test "init 28"
-#
-#proc test28 {} {
-# global test prompt
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {! ([cmd {
-# ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
-# $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
-# server_handle
-# }] && [cmd [format {
-# ovsec_kadm_get_principal $server_handle "%s/a" principal
-# } $test]])} {
-# error_and_restart "$test: error getting principal"
-# return;
-# }
-# send "lindex \$principal 8\n"
-# expect {
-# -re "\n(\[0-9\]+).*$prompt$" {set kvno $expect_out(1,string) }
-# timeout {
-# error_and_restart "$test: timeout getting principal kvno"
-# return
-# }
-# eof {
-# error_and_restart "$test: eof getting principal kvno"
-# return
-# }
-# }
-# api_exit
-# api_start
-# set new_kvno [expr "$kvno + 1"]
-# if {[cmd [format {
-# ovsec_kadm_modify_principal $server_handle \
-# {"%s/a" 0 0 0 0 0 0 0 %d 0 0 0} {OVSEC_KADM_KVNO}
-# } $test $new_kvno]]} {
-# fail "$test: unexpected success in modify"
-# return;
-# }
-# end_dump_compare "no-diffs"
-#}
-#test28
-
-#test "init 29"
-#
-#proc test29 {} {
-# global test
-#
-# if {! ([principal_exists "$test/a"] || [create_principal "$test/a"])} {
-# error_and_restart "$test: couldn't create principal \"$test/a\""
-# return
-# }
-# begin_dump
-# if {[cmd [format {
-# ovsec_kadm_delete_principal $server_handle "%s/a"
-# } $test]]} {
-# fail "$test: unexpected success in delete"
-# return
-# }
-# end_dump_compare "no-diffs"
-#}
-#test29
-
-test "init 30"
-proc test30 {} {
- global test
- if {[cmd {
- ovsec_kadm_init admin foobar $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- error_and_restart "$test: unexpected success"
- return
- }
- one_line_succeed_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-if ${RPC} { test30 }
-
-test "init 31"
-proc test31 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $bad_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } "BAD_STRUCT_VERSION"
-}
-test31
-
-test "init 32"
-proc test32 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $no_struct_version_mask $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } "BAD_STRUCT_VERSION"
-}
-test32
-
-test "init 33"
-proc test33 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $old_struct_version $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } "OLD_STRUCT_VERSION"
-}
-test33
-
-test "init 34"
-proc test34 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $new_struct_version $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } "NEW_STRUCT_VERSION"
-}
-test34
-
-test "init 35"
-proc test35 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $bad_api_version_mask \
- server_handle
- } "BAD_API_VERSION"
-}
-test35
-
-test "init 36"
-proc test36 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $no_api_version_mask \
- server_handle
- } "BAD_API_VERSION"
-}
-test36
-
-test "init 37"
-proc test37 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $old_api_version \
- server_handle
- } "OLD_LIB_API_VERSION"
-}
-if { $RPC } test37
-
-test "init 38"
-proc test38 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $old_api_version \
- server_handle
- } "OLD_SERVER_API_VERSION"
-}
-if { ! $RPC } test38
-
-test "init 39"
-proc test39 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $new_api_version \
- server_handle
- } "NEW_LIB_API_VERSION"
-}
-if { $RPC } test39
-
-test "init 40"
-proc test40 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $new_api_version \
- server_handle
- } "NEW_SERVER_API_VERSION"
-}
-if { ! $RPC } test40
-
-test "init 41"
-proc test41 {} {
- global test
- one_line_fail_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_API_VERSION_1 $OVSEC_KADM_STRUCT_VERSION \
- server_handle
- } "BAD_"
-}
-test41
-
-test "init 42"
-proc test42 {} {
- global test
- one_line_succeed_test {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }
- if {! [cmd {ovsec_kadm_destroy $server_handle}]} {
- error_and_restart "$test: couldn't close database"
- }
-}
-test42
-
-
-proc test45_46 {service} {
- global test kadmin_local env
-
- spawn $kadmin_local -q "delprinc -force $service"
- expect {
- -re "Principal .* deleted." {}
- default {
- perror "kadmin.local delprinc failed\n";
- }
- }
- expect eof
- wait
-
- one_line_fail_test [concat {ovsec_kadm_init admin admin } \
- $service \
- { null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle}] "SECURE_PRINC_MISSING"
-
- # this leaves the keytab with an incorrect entry
- spawn $kadmin_local -q "ank -randkey $service"
- expect eof
- wait
-
- # restart the api so it gets a new ccache
- api_exit
- api_start
-}
-
-if {$RPC} {
- test "init 45"
-
- test45_46 ovsec_adm/admin
-
- test "init 46"
-
- test45_46 ovsec_adm/changepw
-
- # re-extract the keytab so it is right
- exec rm $env(K5ROOT)/ovsec_adm.srvtab
- exec $env(MAKE_KEYTAB) -princ ovsec_adm/admin -princ ovsec_adm/changepw \
- -princ kadmin/admin -princ kadmin/changepw \
- $env(K5ROOT)/ovsec_adm.srvtab
-}
-
-return ""
-
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "modify-policy 2"
-proc test2 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2 }
-
-test "modify-policy 4"
-proc test4 {} {
- global test
-
- if {! ([policy_exists "$test/a"] ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_REF_COUNT}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
-test "modify-policy 8"
-proc test8 {} {
- global test
-# set prms_id 744
-# setup_xfail {*-*-*} $prms_id
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_modify_policy $server_handle [simple_policy ""] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } "BAD_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-test "modify-policy 9"
-proc test9 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "modify-policy 10"
-proc test10 {} {
- global test
- global prompt
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 32 0 0 0 0 0} \
- {OVSEC_KADM_PW_MIN_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 1\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-
-test "modify-policy 11"
-proc test11 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test11
-
-test "modify-policy 12"
-proc test12 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 32 0 0 0 0} \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 2\n"
- expect {
- -re "32\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test12
-
-test "modify-policy 13"
-proc test13 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MIN_LENGTH}
- } $test] "BAD_LENGTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "modify-policy 14"
-proc test14 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 8 0 0 0} \
- {OVSEC_KADM_PW_MIN_LENGTH}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 3\n"
- expect {
- -re "8\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "modify-policy 15"
-proc test15 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "modify-policy 16"
-proc test16 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 1 0 0} \
- {OVSEC_KADM_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test16
-
-test "modify-policy 17"
-proc test17 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a"])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 5 0 0} \
- {OVSEC_KADM_PW_MIN_CLASSES}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 4\n"
- expect {
- -re "5\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "modify-policy 18"
-proc test18 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 6 0 0} \
- {OVSEC_KADM_PW_MIN_CLASSES}
- } $test] "BAD_CLASS"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-test "modify-policy 19"
-proc test19 {} {
- global test
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_HISTORY_NUM}
- } $test] "BAD_HISTORY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-test "modify-policy 20"
-proc test20 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 0 1 0} \
- {OVSEC_KADM_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "1\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-test "modify-policy 21"
-proc test21 {} {
- global test
- global prompt
-
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_policy $server_handle {"%s/a" 0 0 0 0 10 0} \
- {OVSEC_KADM_PW_HISTORY_NUM}
- } $test]]} {
- fail $test
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_policy $server_handle "%s/a" policy
- } $test]]} {
- fail "$test: can not retrieve policy"
- return
- }
- send "lindex \$policy 5\n"
- expect {
- -re "10\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-test "modify-policy 22"
-proc test22 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test22
-
-test "modify-policy 23"
-proc test23 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} test23
-
-test "modify-policy 26"
-proc test26 {} {
- global test
- if {! (( [policy_exists "$test/a"]) ||
- [create_policy "$test/a" ])} {
- error_and_restart "$test: couldn't create policy \"$test/a\""
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_modify_policy $server_handle [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-test "modify-policy 30"
-proc test30 {} {
- global test
-
- one_line_fail_test [format {
- ovsec_kadm_modify_policy null [simple_policy "%s/a"] \
- {OVSEC_KADM_PW_MAX_LIFE}
- } $test] "BAD_SERVER_HANDLE"
-}
-test30
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-#test "modify-principal 1"
-#proc test1 {} {
-# global test
-# one_line_fail_test [format {
-# ovsec_kadm_modify_principal $server_handle [simple_principal \
-# "%s/a"] {OVSEC_KADM_PW_EXPIRATION}
-# } $test] "NOT_INIT"
-#}
-#test1
-
-test "modify-principal 2"
-proc test2 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MODIFY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2 }
-
-test "modify-principal 4"
-proc test4 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINCIPAL}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test4
-
-
-test "modify-principal 5"
-proc test5 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_LAST_PWD_CHANGE}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test5
-
-test "modify-principal 6"
-proc test6 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MOD_TIME}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test6
-
-test "modify-principal 7"
-proc test7 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MOD_NAME}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test7
-
-test "modify-principal 8"
-proc test8 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MKVNO}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test8
-
-test "modify-principal 9"
-proc test9 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_AUX_ATTRIBUTES}
- } $test] "BAD_MASK"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test9
-
-test "modify-principal 10"
-proc test10 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "UNK_PRINC"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test10
-
-test "modify-principal 11"
-proc test11 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test11 }
-
-test "modify-principal 12"
-proc test12 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test12 }
-
-test "modify-principal 13"
-proc test13 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test13 }
-
-test "modify-principal 14"
-proc test14 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test] "AUTH_MOD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test14 }
-
-test "modify-principal 15"
-proc test15 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "modify-principal 17"
-proc test17 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- no-policy] {OVSEC_KADM_POLICY}
- } $test] "UNK_POLICY"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test17
-
-test "modify-principal 18"
-proc test18 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal "$test/a"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- send "lindex \$p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { [expr "$oldref + 1"] != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-test "modify-principal 19"
-proc test19 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal "$test/a"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- send "lindex \$p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { [expr "$oldref + 1"] != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test19
-
-test "modify-principal 20"
-proc test20 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_POLICY_CLR}
- } $test]]} {
- perror "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol\n$prompt$" { fail "$test" }
- -re "null\n$prompt$" { pass "$test" }
- timeout { pass "$test" }
- }
- send "lindex \$p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { [expr "$oldref - 1"] != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test20
-
-test "modify-principal 21"
-proc test21 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol old_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol-nopw old_p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol-nopw] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$old_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- send "lindex \$old_p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set old_p2_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol new_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol-nopw new_p2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$new_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- send "lindex \$new_p2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set new_p2_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { [expr "$old_p1_ref - 1"] != $new_p1_ref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { [expr "$old_p2_ref + 1"] != $new_p2_ref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21
-
-test "modify-principal 21.5"
-proc test21.5 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol old_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$old_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol new_p1}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
-
- send "lindex \$new_p1 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
-
- if {$old_p1_ref != $new_p1_ref} {
- fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)"
- return
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test21.5
-
-test "modify-principal 22"
-proc test22 {} {
- global test
- global prompt
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modifiy failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test22
-
-test "modify-principal 23"
-proc test23 {} {
- global test
- global prompt
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" test-pol-nopw])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modifiy failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test23
-
-test "modify-principal 24"
-proc test24 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- error_and_restart "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: could not modify principal"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_get_policy $server_handle %s policy
- } test-pol]]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 0 } {
- fail "$test: pw_expire $pw_expire should be 0"
- return
- } else {
- pass "$test"
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test24
-
-test "modify-principal 25"
-proc test25 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test25
-
-test "modify-principal 26"
-proc test26 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol-nopw" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test26
-
-test "modify-principal 27"
-proc test27 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test27
-
-test "modify-principal 28"
-proc test28 {} {
- global test
- global prompt
-# set prms_id 1358
-# setup_xfail {*-*-*} $prms_id
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal_pol "$test/a" "test-pol" ])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {OVSEC_KADM_PW_EXPIRATION}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { $pw_expire != 999999999 } {
- fail "$test: pw_expire $pw_expire should be 999999999"
- return
- }
- pass "$test"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "modify-principal 29"
-proc test29 {} {
- global test
- global prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { ! ([create_principal_pol "$test/a" test-pol])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_POLICY_CLR}
- } $test]]} {
- fail "$test: modifiy failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test29
-
-test "modify-principal 30"
-proc test30 {} {
- global test
- global prompt
-
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal_pol "$test/a" test-pol])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol-nopw] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 3\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "modify-principal 31"
-proc test31 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol policy}]} {
- error_and_restart "$test: cannot retrieve policy"
- return
- }
- send "lindex \$principal 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_mod_date"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_mod_date"
- return
- }
- }
-
- send "lindex \$principal 3\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_expire"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_expire"
- return
- }
- }
-
- send "lindex \$policy 2\n"
- expect {
- -re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting pw_max_life"
- return
- }
- eof {
- error_and_restart "$test: eof getting pw_max_life"
- return
- }
- }
- if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } {
- fail "$test: pw_expire is wrong"
- return
- }
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "modify-principal 32"
-proc test32 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 1\n"
- expect {
- -re "1234\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test32
-
-test "modify-principal 33"
-proc test33 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \
- {OVSEC_KADM_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test33
-
-test "modify-principal 33.25"
-proc test3325 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \
- {OVSEC_KADM_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test3325
-
-test "modify-principal 33.5"
-proc test335 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \
- {OVSEC_KADM_ATTRIBUTES}
- } $test]]} {
- fail "$test: modified fail"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 7\n"
- expect {
- -re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test335
-
-
-test "modify-principal 34"
-proc test34 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {OVSEC_KADM_MAX_LIFE}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
-
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 4\n"
- expect {
- -re "3456\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test34
-
-test "modify-principal 35"
-proc test35 {} {
- global prompt
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd [format {
- ovsec_kadm_modify_principal $server_handle \
- {"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {OVSEC_KADM_KVNO}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 8\n"
- expect {
- -re "7\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test35
-
-test "modify-principal 36"
-proc test36 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal_pol "$test/a" "test-pol"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol pol}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- test-pol] {OVSEC_KADM_POLICY}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 10\n"
- expect {
- -re "test-pol\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- send "lindex \$pol 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { ! [cmd {ovsec_kadm_get_policy $server_handle test-pol pol2}]} {
- perror "$test: unexpected failure on get policy"
- return
- }
- send "lindex \$pol2 6\n"
- expect {
- -re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
- timeout {
- error_and_restart "$test: timeout getting principal kvno (second time)"
- return
- }
- eof {
- error_and_restart "$test: eof getting principal kvno (second time)"
- return
- }
- }
- if { $oldref != $newref } {
- fail "$test: policy reference count is wrong"
- return;
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test36
-
-test "modify-principal 37"
-proc test37 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if { !( [create_principal "$test/a"])} {
- error_and_restart "$test: could not create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_POLICY_CLR}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test37
-
-test "modify-principal 38"
-proc test38 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 1\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test38
-
-test "modify-principal 39"
-proc test39 {} {
- global test
- global prompt
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! ([create_principal "$test/a"])} {
- perror "$test: unexpected failure in creating principal"
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [simple_principal "%s/a"] \
- {OVSEC_KADM_MAX_LIFE}
- } $test]]} {
- fail "$test: modify failed"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_get_principal $server_handle "%s/a" principal
- } $test]]} {
- error_and_restart "$test: could not retrieve principal"
- return
- }
- send "lindex \$principal 4\n"
- expect {
- -re "0\n$prompt$" { pass "$test" }
- timeout { fail "$test" }
- }
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test39
-
-test "modify-principal 40"
-proc test40 {} {
- global test
- global prompt
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_modify_principal $server_handle null \
- {OVSEC_KADM_PRINC_EXPIRE_TIME}
- } "EINVAL"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test40
-
-test "modify-principal 43"
-proc test43 {} {
- global test
- one_line_fail_test [format {
- ovsec_kadm_modify_principal null [simple_principal \
- "%s/a"] {OVSEC_KADM_PW_EXPIRATION}
- } $test] "BAD_SERVER_HANDLE"
-}
-test43
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-test "randkey-principal 1"
-proc test1 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test] "PASS_TOOSOON"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test1 }
-
-test "randkey-principal 3"
-proc test3 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test] "PASS_TOOSOON"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if ${RPC} { test3 }
-
-test "randkey-principal 13"
-proc test13 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_modify_principal $server_handle [princ_w_pol "%s/a" \
- once-a-min] OVSEC_KADM_POLICY
- } $test]]} {
- perror "$test: failed modify"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test13
-
-test "randkey-principal 15"
-proc test15 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal_pol "$test/a" once-a-min]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test] "AUTH_CHANGEPW"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if { $RPC } { test15 }
-
-test "randkey-principal 28"
-proc test28 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test28
-
-test "randkey-principal 28.25"
-proc test2825 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test] "AUTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test2825 }
-
-test "randkey-principal 28.5"
-proc test285 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test285
-
-test "randkey-principal 30"
-proc test30 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
- if {! [cmd [format {
- ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test30
-
-test "randkey-principal 31"
-proc test31 {} {
- global test
- if {! (( ! [principal_exists "$test/a"]) ||
- [delete_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! [create_principal "$test/a"]} {
- error_and_restart "$test: creating principal"
- return
- }
-
- if {! [cmd [format {
- ovsec_kadm_init "%s/a" "%s/a" $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- } $test $test]]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_randkey_principal $server_handle "%s/a" key
- } $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test31
-
-test "randkey-principal 32"
-proc test32 {} {
- global test
-
- if { ! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test {
- ovsec_kadm_randkey_principal $server_handle kadmin/history key
- } "PROTECT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test32
-
-test "randkey-principal 33"
-proc test33 {} {
- global test
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if { ! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_randkey_principal null "%s/a" key
- } $test] "BAD_SERVER_HANDLE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-
-test33
-
-return ""
+++ /dev/null
-load_lib lib.t
-api_exit
-api_start
-
-#test "rename-principal 1"
-#proc test1 {} {
-# global test
-# one_line_fail_test [format {
-# ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
-# } $test $test] "NOT_INIT"
-#}
-#test1
-
-test "rename-principal 2"
-proc test2 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_CHANGEPW_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "INSUFFICIENT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-
-}
-if {$RPC} { test2 }
-
-test "rename-principal 3"
-proc test3 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/none admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_INSUFFICIENT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test3 }
-
-test "rename-principal 4"
-proc test4 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/modify admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_INSUFFICIENT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test4 }
-
-test "rename-principal 5"
-proc test5 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_INSUFFICIENT"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test5 }
-
-test "rename-principal 6"
-proc test6 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/mod-add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test6 }
-
-test "rename-principal 7"
-proc test7 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/mod-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test7 }
-
-test "rename-principal 8"
-proc test8 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get-add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test8 }
-
-test "rename-principal 9"
-proc test9 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/get-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test9 }
-
-test "rename-principal 10"
-proc test10 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/no-delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_DELETE"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test10 }
-
-test "rename-principal 11"
-proc test11 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/no-add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH_ADD"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test11 }
-
-test "rename-principal 12"
-proc test12 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/add admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test12 }
-
-
-test "rename-principal 13"
-proc test13 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/delete admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "AUTH"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-if {$RPC} { test13 }
-
-test "rename-principal 14"
-proc test14 {} {
- global test
-
- if {[principal_exists "$test/a"]} {
- delete_principal "$test/a"
- }
-
- if {[create_principal_with_keysalts "$test/a" "des-cbc-crc:v4"]} {
- error_and_restart "$test: couldn't create no-salt principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_succeed_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test]
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test14
-
-test "rename-principal 15"
-proc test15 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( [principal_exists "$test/b"]) ||
- [create_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "DUP"
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test15
-
-test "rename-principal 16"
-proc test16 {} {
- global test
- one_line_fail_test [format {
- ovsec_kadm_rename_principal null "%s/a" "%s/b"
- } $test $test] "BAD_SERVER_HANDLE"
-}
-test16
-
-test "rename-principal 18"
-proc test18 {} {
- global test
-
- if {! (( [principal_exists "$test/a"]) ||
- [create_principal "$test/a"])} {
- error_and_restart "$test: couldn't create principal \"$test/a\""
- return
- }
- if {! (( ! [principal_exists "$test/b"]) ||
- [delete_principal "$test/b"])} {
- error_and_restart "$test: couldn't delete principal \"$test/a\""
- return
- }
- if {! [cmd {
- ovsec_kadm_init admin/rename admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
- server_handle
- }]} {
- perror "$test: unexpected failure in init"
- return
- }
- one_line_fail_test [format {
- ovsec_kadm_rename_principal $server_handle "%s/a" "%s/b"
- } $test $test] "NO_RENAME_SALT"
-
- if { ! [cmd {ovsec_kadm_destroy $server_handle}]} {
- perror "$test: unexpected failure in destroy"
- return
- }
-}
-test18
-
-return ""
+++ /dev/null
-# This is in api.1 so that it happens after all the tests in api.0.
-# If some API function does not unlock the database then the server
-# (whichs runs through all api tests) will still have it locked, and
-# these tests will fail.
-
-load_lib lib.t
-
-api_exit
-
-if { $RPC } {
- return
-}
-
-send_user "UNTESTED: lock: DAL changes broke locking code (see MIT RT ticket 3201)\n"
-untested "lock: DAL changes broke locking code (see MIT RT ticket 3201)"
-return
-
-set locktest $LOCKTEST
-set lockfile $env(K5ROOT)/kdb5.kadm5.lock
-
-# The lock tests use the program lock-test in the unit test
-# directory. The basic idea is that lock-test can be told to acquire
-# various kinds of locks and then wait for input before proceeding;
-# this is necessary because otherwise we'd have no way to test locking
-# interactions without a race condition.
-#
-# lock_test_start and lock_test_continue work together to give a crude
-# form of continuations. lock_test_continue expects a list of
-# commands for lock-test (passed on the command line) and responses
-# (read from stdout). When it gets to a command of "wait",
-# lock_test_continue returns, and its return value is a list of the
-# arguments that it should be passed to continue processing that
-# particular list of commands for that particular lock-test after
-# whatever that requried lock-test to wait has been completed.
-#
-# lock_test is simply a wrapper for tests that do not involve wait.
-
-proc lock_test_setup {test cmds} {
- global locktest spawn_id
-
- verbose "test $test"
-
- set cmdline ""
- foreach cmdpair $cmds {
- if {[lindex $cmdpair 0] == "eof"} {
- break
- }
- set cmdline "$cmdline [lindex $cmdpair 0]"
- }
-
- verbose "spawning $locktest $cmdline"
- eval "spawn $locktest $cmdline"
-}
-
-proc lock_test {test cmds} {
- global spawn_id
-
- lock_test_setup $test $cmds
- set lockany [lock_test_continue $test $spawn_id 0 "" 0 $cmds]
- while {$lockany != {}} {
- set lockany [eval lock_test_continue $lockany]
- }
-}
-
-proc lock_test_start {test cmds} {
- global spawn_id
-
- lock_test_setup $test $cmds
- return [lock_test_continue $test $spawn_id 0 "" 0 $cmds]
-}
-
-proc lock_test_continue {test my_spawn_id test_failed fail_output cont cmds} {
- global wait_error_index wait_errno_index wait_status_index
- global spawn_id
-
- set spawn_id $my_spawn_id
-
- if {$cont == 1} {
- send -i $spawn_id "\n"
- }
-
- while {[llength $cmds] > 0} {
- set cmdpair [lindex $cmds 0]
- set cmds [lrange $cmds 1 end]
- set cmd [lindex $cmdpair 0]
- set output [lindex $cmdpair 1]
-
- verbose "test $test: command: $cmd"
-
- if {$cmd == "wait"} {
- # ah, for continuations...
- return [list $test $spawn_id $test_failed $fail_output 1 $cmds]
- }
- if {$cmd == "eof"} {
- set status $output
- set output "doesnotmatchanything"
- }
-
- expect {
- -i $spawn_id
- -re "$output" { verbose "test $test: read: $output" }
- timeout {
- set test_failed 1
- set fail_output "timeout while waiting for $output"
- }
- eof {
- if {$cmd != "eof"} {
- set test_failed 1
- set fail_output "eof while waiting for $output"
- }
- }
- }
-
- if {$test_failed == 1} { break }
- }
-
- # In timeout cases, the process may not be dead yet.
- catch { exec kill -9 [exp_pid -i $spawn_id] } x
- set ret [wait -i $spawn_id]
- verbose "% Exit $ret" 2
-
- if {$test_failed == 0} {
- if {[lindex $ret $wait_error_index] == -1} {
- set test_failed 1
- set fail_output "wait returned error [lindex $ret $wait_errno_index]"
- } else {
- if { [lindex $ret $wait_status_index] == $status ||
- (($status<0) && ([lindex $ret $wait_status_index] == ($status+256))) } {
- verbose "test $test: status $status"
- } else {
- set test_failed 1
- set fail_output "unexpected return status [lindex $ret $wait_status_index], should be $status"
- }
- }
- }
-
- if {$test_failed == 0} {
- pass $test
- } else {
- fail "$test: $fail_output"
- }
-
- return {}
-}
-
-set lock1 [lock_test_start 1 [list \
- [list shared "shared"] \
- [list release "released"] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock1
-
-set lock2 [lock_test_start 2 [list \
- [list exclusive exclusive] \
- [list release released] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock2
-
-set lock3 [lock_test_start 5 [list \
- [list permanent permanent] \
- [list release released] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock3
-
-set lock4 [lock_test_start 4 [list \
- [list release "Database not locked"] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock4
-
-set lock5 [lock_test_start 5 [list \
- [list shared shared] \
- [list wait ""] \
- [list eof 0]]]
-set lock5_1 [lock_test_start 5.1 [list \
- [list shared shared] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock5_1
-eval lock_test_continue $lock5
-
-set lock6 [lock_test_start 6 [list \
- [list exclusive exclusive] \
- [list wait ""] \
- [list eof 0]]]
-set lock6_1 [lock_test_start 6.1 [list \
- [list shared "Cannot lock database"] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock6_1
-eval lock_test_continue $lock6
-
-set lock7 [lock_test_start 7 [list \
- [list shared shared] \
- [list wait ""] \
- [list eof 0]]]
-set lock7_1 [lock_test_start 7.1 [list \
- [list exclusive "Cannot lock database"] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock7_1
-eval lock_test_continue $lock7
-
-set lock8 [lock_test_start 8 [list \
- [list permanent permanent] \
- [list wait ""] \
- [list release "released" ] \
- [list wait ""] \
- [list eof 0]]]
-set lock8_1 [lock_test_start 8.1 [list \
- [list "" "administration database lock file missing while opening database" ] \
- [list wait ""] \
- [list eof 1]]]
-eval lock_test_continue $lock8_1
-eval set lock8 \[lock_test_continue $lock8\]
-eval lock_test_continue $lock8
-
-set lock9 [lock_test_start 9 [list \
- [list exclusive exclusive] \
- [list release released] \
- [list wait ""] \
- [list exclusive "database lock file missing while getting exclusive"] \
- [list wait ""] \
- [list eof 0]]]
-set lock9_1 [lock_test_start 9.1 [list \
- [list permanent permanent] \
- [list wait ""] \
- [list release released] \
- [list wait ""] \
- [list eof 0]]]
-eval set lock9 \[lock_test_continue $lock9\]
-eval lock_test_continue $lock9
-eval set lock9_1 \[lock_test_continue $lock9_1\]
-eval lock_test_continue $lock9_1
-
-if {! [file exists $lockfile]} {
- perror "lock file missing before test 10"
-}
-set lock10 [lock_test_start 10 [list \
- [list permanent permanent] \
- [list wait ""] \
- [list release released] \
- [list wait ""] \
- [list eof 0]]]
-if {[file exists $lockfile]} {
- fail "test 10: lock file exists"
-}
-eval set lock10 \[lock_test_continue $lock10\]
-eval lock_test_continue $lock10
-if {[file exists $lockfile]} {
- pass "test 11: lock file exists"
-} else {
- fail "test 11: lock file does not exist"
-}
-
-set lock12 [lock_test_start 12 [list \
- [list shared shared] \
- [list wait ""] \
- [list eof 0]]]
-set lock12_1 [lock_test_start 12.1 [list \
- [list "get test-pol" retrieved] \
- [list wait ""] \
- [list eof 0]]]
-eval lock_test_continue $lock12_1
-eval lock_test_continue $lock12
-
-set lock13 [lock_test_start 13 [list \
- [list "get lock13" "Principal or policy does not exist"] \
- [list wait ""] \
- [list "get lock13" retrieved] \
- [list wait ""] \
- [list eof 0]]]
-set test13_spawn_id $spawn_id
-# create_policy could call api_exit immediately when it starts up.
-# If it does, and the spawn ID in $spawn_id is ours rather than its,
-# it'll close our spawn ID. So, we call api_start to give it something
-# to close.
-api_start
-create_policy lock13
-set api_spawn_id $spawn_id
-set spawn_id $test13_spawn_id
-eval set lock13 \[lock_test_continue $lock13\]
-eval lock_test_continue $lock13
-set spawn_id $api_spawn_id
-delete_policy lock13
eof { error "EOF starting API" }
timeout { error "Timeout starting API" }
}
- send "set current_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION &~ \$OVSEC_KADM_STRUCT_VERSION_MASK\]\n"
+ send "set current_struct_version \[expr \$KADM5_STRUCT_VERSION &~ \$KADM5_STRUCT_VERSION_MASK\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set current_api_version \[expr \$OVSEC_KADM_API_VERSION_1 &~ \$OVSEC_KADM_API_VERSION_MASK\]\n"
+ send "set current_api_version \[expr \$KADM5_API_VERSION_2 &~ \$KADM5_API_VERSION_MASK\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set old_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0x00\]\n"
+ send "set old_api_version \[expr \$KADM5_API_VERSION_MASK | 0x00\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set old_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0x00\]\n"
+ send "set old_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0x00\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set new_api_version \[expr \$OVSEC_KADM_API_VERSION_MASK | 0xca\]\n"
+ send "set new_api_version \[expr \$KADM5_API_VERSION_MASK | 0xca\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
timeout { error "timeout setting API varibles"}
}
- send "set new_struct_version \[expr \$OVSEC_KADM_STRUCT_VERSION_MASK | 0xca\]\n"
+ send "set new_struct_version \[expr \$KADM5_STRUCT_VERSION_MASK | 0xca\]\n"
expect {
-re "$prompt$" {}
eof { error "EOF setting API varibles"}
int main()
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
char *cp;
int x;
void *server_handle;
kadm5_server_handle_t handle;
for(x = 0; x < TEST_NUM; x++) {
- ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
handle = (kadm5_server_handle_t) server_handle;
- cp = (char *) strdup(((char *) (strchr(handle->cache_name, ':')) + 1));
- ovsec_kadm_destroy(server_handle);
+ cp = strdup(strchr(handle->cache_name, ':') + 1);
+ kadm5_destroy(server_handle);
if(access(cp, F_OK) == 0) {
puts("ticket cache not destroyed");
exit(2);
int main(int argc, char *argv[])
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
void *server_handle;
kadm5_server_handle_t handle;
kadm5_server_handle_rec orig_handle;
- ovsec_kadm_policy_ent_t pol;
- ovsec_kadm_principal_ent_t princ;
+ kadm5_policy_ent_rec pol;
+ kadm5_principal_ent_t princ;
krb5_keyblock *key;
krb5_principal tprinc;
krb5_context context;
kadm5_init_krb5_context(&context);
- ret = ovsec_kadm_init("admin/none", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION, OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin/none", "admin", KADM5_ADMIN_SERVICE, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
handle = (kadm5_server_handle_t) server_handle;
orig_handle = *handle;
- handle->magic_number = OVSEC_KADM_STRUCT_VERSION;
+ handle->magic_number = KADM5_STRUCT_VERSION;
krb5_parse_name(context, "testuser", &tprinc);
- ret = ovsec_kadm_get_principal(server_handle, tprinc, &princ);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_get_principal(server_handle, tprinc, &princ,
+ KADM5_PRINCIPAL_NORMAL_MASK);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "get-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_get_policy(server_handle, "pol1", &pol);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_get_policy(server_handle, "pol1", &pol);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "get-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_create_principal(server_handle, princ, OVSEC_KADM_PRINCIPAL, "pass");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_create_principal(server_handle, princ, KADM5_PRINCIPAL, "pass");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "create-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_create_policy(server_handle, pol, OVSEC_KADM_POLICY);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_create_policy(server_handle, &pol, KADM5_POLICY);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "create-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_modify_principal(server_handle, princ, OVSEC_KADM_PW_EXPIRATION);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_modify_principal(server_handle, princ, KADM5_PW_EXPIRATION);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "modify-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_modify_policy(server_handle, pol, OVSEC_KADM_PW_MAX_LIFE);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_modify_policy(server_handle, &pol, KADM5_PW_MAX_LIFE);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "modify-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_delete_principal(server_handle, tprinc);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_delete_principal(server_handle, tprinc);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "delete-principal",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_delete_policy(server_handle, "pol1");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_delete_policy(server_handle, "pol1");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "delete-policy",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_chpass_principal(server_handle, tprinc, "FooBar");
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_chpass_principal(server_handle, tprinc, "FooBar");
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "chpass",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_randkey_principal(server_handle, tprinc, &key);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_randkey_principal(server_handle, tprinc, &key, NULL);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "randkey",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_rename_principal(server_handle, tprinc, tprinc);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_rename_principal(server_handle, tprinc, tprinc);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "rename",
error_message(ret));
exit(1);
}
- ret = ovsec_kadm_destroy(server_handle);
- if(ret != OVSEC_KADM_BAD_SERVER_HANDLE) {
+ ret = kadm5_destroy(server_handle);
+ if(ret != KADM5_BAD_SERVER_HANDLE) {
fprintf(stderr, "%s -- returned -- %s\n", "destroy",
error_message(ret));
exit(1);
}
*handle = orig_handle;
- ret = ovsec_kadm_destroy(server_handle);
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_destroy(server_handle);
+ if (ret != KADM5_OK) {
fprintf(stderr, "valid %s -- returned -- %s\n", "destroy",
error_message(ret));
exit(1);
-#undef USE_KADM5_API_VERSION
#include <kadm5/admin.h>
#include <com_err.h>
#include <stdio.h>
int main(int argc, char **argv)
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
void *server_handle;
char **names;
int count, princ, i;
}
princ = (strcmp(argv[1], "-princ") == 0);
- ret = ovsec_kadm_init("admin", "admin", OVSEC_KADM_ADMIN_SERVICE, 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, 0,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if (ret != KADM5_OK) {
com_err("iter-test", ret, "while initializing");
exit(1);
}
if (princ)
- ret = ovsec_kadm_get_principals(server_handle, argv[2], &names,
- &count);
+ ret = kadm5_get_principals(server_handle, argv[2], &names, &count);
else
- ret = ovsec_kadm_get_policies(server_handle, argv[2],
- &names, &count);
-
- if (ret != OVSEC_KADM_OK) {
+ ret = kadm5_get_policies(server_handle, argv[2], &names, &count);
+
+ if (ret != KADM5_OK) {
com_err("iter-test", ret, "while retrieving list");
exit(1);
}
for (i = 0; i < count; i++)
printf("%d: %s\n", i, names[i]);
- ovsec_kadm_free_name_list(server_handle, names, count);
+ kadm5_free_name_list(server_handle, names, count);
- (void) ovsec_kadm_destroy(server_handle);
+ (void) kadm5_destroy(server_handle);
return 0;
}
api_exit
set lib_pid [api_start]
if {! [cmd {
- ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null \
- $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 \
+ kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
+ $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 \
lib_handle
}]} {
error "$test: unexpected failure in init"
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_principal $lib_handle [simple_principal \
- "%s"] {OVSEC_KADM_PRINCIPAL} "%s"
+ kadm5_create_principal $lib_handle [simple_principal \
+ "%s"] {KADM5_PRINCIPAL} "%s"
} $name $name]]
return $ret
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_policy $lib_handle [simple_policy "%s"] \
- {OVSEC_KADM_POLICY}
+ kadm5_create_policy $lib_handle [simple_policy "%s"] \
+ {KADM5_POLICY}
} $name $name]]
return $ret
lib_start_api
set ret [cmd [format {
- ovsec_kadm_create_principal $lib_handle [princ_w_pol "%s" \
- "%s"] {OVSEC_KADM_PRINCIPAL OVSEC_KADM_POLICY} "%s"
+ kadm5_create_principal $lib_handle [princ_w_pol "%s" \
+ "%s"] {KADM5_PRINCIPAL KADM5_POLICY} "%s"
} $name $policy $name]]
return $ret
lib_start_api
set ret [cmd [format {
- ovsec_kadm_delete_principal $lib_handle "%s"
+ kadm5_delete_principal $lib_handle "%s"
} $name]]
return $ret
proc delete_policy {name} {
lib_start_api
- set ret [cmd [format {ovsec_kadm_delete_policy $lib_handle "%s"} $name]]
+ set ret [cmd [format {kadm5_delete_policy $lib_handle "%s"} $name]]
return $ret
}
lib_start_api
set ret [cmd [format {
- ovsec_kadm_get_principal $lib_handle "%s" principal
+ kadm5_get_principal $lib_handle "%s" principal
} $name]]
# puts stdout "Finishing principal_exists."
# puts stdout "Starting policy_exists."
set ret [cmd [format {
- ovsec_kadm_get_policy $lib_handle "%s" policy
+ kadm5_get_policy $lib_handle "%s" policy
} $name]]
# puts stdout "Finishing policy_exists."
-#if USE_KADM5_API_VERSION == 1
-#undef USE_KADM5_API_VERSION
-#define USE_KADM5_API_VERSION 2
-#endif
-
#include <stdio.h>
#include <krb5.h>
#include <kadm5/admin.h>
int main()
{
- ovsec_kadm_ret_t ret;
+ kadm5_ret_t ret;
krb5_keyblock *keys[TEST_NUM];
krb5_principal tprinc;
krb5_keyblock *newkey;
kadm5_init_krb5_context(&context);
krb5_parse_name(context, "testuser", &tprinc);
- ret = ovsec_kadm_init("admin", "admin", "ovsec_adm/admin", 0,
- OVSEC_KADM_STRUCT_VERSION,
- OVSEC_KADM_API_VERSION_1, NULL,
- &server_handle);
- if(ret != OVSEC_KADM_OK) {
+ ret = kadm5_init("admin", "admin", KADM5_ADMIN_SERVICE, NULL,
+ KADM5_STRUCT_VERSION, KADM5_API_VERSION_2, NULL,
+ &server_handle);
+ if(ret != KADM5_OK) {
com_err("test", ret, "init");
exit(2);
}
for(x = 0; x < TEST_NUM; x++) {
- ovsec_kadm_randkey_principal(server_handle, tprinc, &newkey);
+ kadm5_randkey_principal(server_handle, tprinc, &keys[x], NULL);
for(i = 0; i < x; i++) {
if (!memcmp(newkey->contents, keys[i]->contents, newkey->length))
puts("match found");
}
- krb5_copy_keyblock(context, newkey, &keys[x]);
- krb5_free_keyblock(context, newkey);
}
- ovsec_kadm_destroy(server_handle);
+ kadm5_destroy(server_handle);
exit(0);
}
-set tool ovsec_kadm_srv_tcl
+set tool kadm5_srv_tcl
set prompt "% "
global kadmin_tcl_spawn_id
expect {
-i $kadmin_tcl_spawn_id
- -re "^OK OVSEC_KADM_OK \[^\n\]*\n" {}
+ -re "^OK KADM5_OK \[^\n\]*\n" {}
-re "^ERROR \[^\n\]*\n" { perror "kadmin tcl subprocess reported unexpected error" }
-re "^marshall_new_creds: \[^\n\]*\n" { exp_continue }
-re "^gssapi_\[^\n\]*\n" { exp_continue }
send_user "TOP=$TOP\n"
set_from_env TESTDIR $env(TOP)/testing
- set_from_env CLNTTCL $TESTDIR/util/ovsec_kadm_clnt_tcl
+ set_from_env CLNTTCL $TESTDIR/util/kadm5_clnt_tcl
set_from_env TCLUTIL $TESTDIR/tcl/util.t
set env(TCLUTIL) $TCLUTIL
set_from_env MAKE_KEYTAB $TESTDIR/scripts/make-host-keytab.pl
}
expect_tcl_prompt
- send_tcl_cmd_await_echo {ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle}
+ send_tcl_cmd_await_echo {kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin}
+ send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle server/$h key}
+ send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle server/$h key null}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin}
+ send_tcl_cmd_await_echo {kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_randkey_principal $server_handle notserver/$h key}
+ send_tcl_cmd_await_echo {kadm5_randkey_principal $server_handle notserver/$h key null}
expect_kadm_ok
expect "^% "
- send_tcl_cmd_await_echo {ovsec_kadm_destroy $server_handle}
+ send_tcl_cmd_await_echo {kadm5_destroy $server_handle}
expect_kadm_ok
expect "^% "
wait -nowait -i $spawn_id
# $Source$
DUMMY=${TESTDIR=$TOP/testing}
-DUMMY=${CLNTTCL=$TESTDIR/util/ovsec_kadm_clnt_tcl}
+DUMMY=${CLNTTCL=$TESTDIR/util/kadm5_clnt_tcl}
DUMMY=${TCLUTIL=$TESTDIR/tcl/util.t}; export TCLUTIL
DUMMY=${MAKE_KEYTAB=$TESTDIR/scripts/make-host-keytab.pl}
cat - > /tmp/rpc_test_setup$$ <<\EOF
source $env(TCLUTIL)
set h $env(CANON_HOST)
-puts stdout [ovsec_kadm_init admin admin $OVSEC_KADM_ADMIN_SERVICE null $OVSEC_KADM_STRUCT_VERSION $OVSEC_KADM_API_VERSION_1 server_handle]
+puts stdout [kadm5_init admin admin $KADM5_ADMIN_SERVICE null $KADM5_STRUCT_VERSION $KADM5_API_VERSION_2 server_handle]
if ![info exists server_handle] { exit 1 }
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal server/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle server/$h key]
-puts stdout [ovsec_kadm_create_principal $server_handle [simple_principal notserver/$h] {OVSEC_KADM_PRINCIPAL} admin]
-puts stdout [ovsec_kadm_randkey_principal $server_handle notserver/$h key]
-puts stdout [ovsec_kadm_destroy $server_handle]
+puts stdout [kadm5_create_principal $server_handle [simple_principal server/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle server/$h key null]
+puts stdout [kadm5_create_principal $server_handle [simple_principal notserver/$h] {KADM5_PRINCIPAL} admin]
+puts stdout [kadm5_randkey_principal $server_handle notserver/$h key null]
+puts stdout [kadm5_destroy $server_handle]
EOF
eval "$CLNTTCL $REDIRECT < /tmp/rpc_test_setup$$"
if test $? != 0 ; then