|
Packit |
fd8b60 |
load_lib lib.t
|
|
Packit |
fd8b60 |
api_exit
|
|
Packit |
fd8b60 |
api_start
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
test "chpass-principal 200"
|
|
Packit |
fd8b60 |
proc test200 {} {
|
|
Packit |
fd8b60 |
global test prompt
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
if {! (( ! [principal_exists "$test/a"]) ||
|
|
Packit |
fd8b60 |
[delete_principal "$test/a"])} {
|
|
Packit |
fd8b60 |
error_and_restart "$test: couldn't create principal \"$test/a\""
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
if {! [create_principal "$test/a"]} {
|
|
Packit |
fd8b60 |
error_and_restart "$test: creating principal"
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# I'd like to specify a long list of keysalt tuples and make sure
|
|
Packit |
fd8b60 |
# that chpass does the right thing, but we can only use those
|
|
Packit |
fd8b60 |
# enctypes that krbtgt has a key for: the AES enctypes, according to
|
|
Packit |
fd8b60 |
# the prototype kdc.conf.
|
|
Packit |
fd8b60 |
if {! [cmd [format {
|
|
Packit |
fd8b60 |
kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
|
|
Packit |
fd8b60 |
$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
|
|
Packit |
fd8b60 |
server_handle
|
|
Packit |
fd8b60 |
}]]} {
|
|
Packit |
fd8b60 |
perror "$test: unexpected failure in init"
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
if {! [cmd [format {
|
|
Packit |
fd8b60 |
kadm5_chpass_principal $server_handle "%s/a" newpassword
|
|
Packit |
fd8b60 |
} $test]]} {
|
|
Packit |
fd8b60 |
perror "$test: unexpected failure in chpass_principal"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
if {! [cmd [format {
|
|
Packit |
fd8b60 |
kadm5_get_principal $server_handle "%s/a" p \
|
|
Packit |
fd8b60 |
{KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}
|
|
Packit |
fd8b60 |
} $test]]} {
|
|
Packit |
fd8b60 |
perror "$test: unexpected failure in get_principal"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
send "lindex \$p 16\n"
|
|
Packit |
fd8b60 |
expect {
|
|
Packit |
fd8b60 |
-re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }
|
|
Packit |
fd8b60 |
timeout {
|
|
Packit |
fd8b60 |
error_and_restart "$test: timeout getting num_keys"
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
eof {
|
|
Packit |
fd8b60 |
error_and_restart "$test: eof getting num_keys"
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# XXX Perhaps I should actually check the key type returned.
|
|
rpm-build |
4db673 |
if {$num_keys == 4} {
|
|
Packit |
fd8b60 |
pass "$test"
|
|
Packit |
fd8b60 |
} else {
|
|
rpm-build |
4db673 |
fail "$test: $num_keys keys, should be 4"
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
if { ! [cmd {kadm5_destroy $server_handle}]} {
|
|
Packit |
fd8b60 |
perror "$test: unexpected failure in destroy"
|
|
Packit |
fd8b60 |
return
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
test200
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
return ""
|