load_lib lib.t

api_exit

api_start

test "chpass-principal 200"

proc test200 {} {

    global test prompt

    if {! (( ! [principal_exists "$test/a"]) ||

	   [delete_principal "$test/a"])} {

	    error_and_restart "$test: couldn't create principal \"$test/a\""

	    return

    }

    if {! [create_principal "$test/a"]} {

	error_and_restart "$test: creating principal"

	return

    }

    # I'd like to specify a long list of keysalt tuples and make sure

    # that chpass does the right thing, but we can only use those

    # enctypes that krbtgt has a key for: the AES enctypes, according to

    # the prototype kdc.conf.

    if {! [cmd [format {

	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \

		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \

		server_handle

    }]]} {

	perror "$test: unexpected failure in init"

	return

    }

    if {! [cmd [format {

	kadm5_chpass_principal $server_handle "%s/a" newpassword

    } $test]]} {

	perror "$test: unexpected failure in chpass_principal"

    }

    if {! [cmd [format {

	kadm5_get_principal $server_handle  "%s/a" p \

		{KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA}

    } $test]]} {

	perror "$test: unexpected failure in get_principal"

    }

    send "lindex \$p 16\n"

    expect {

	-re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) }

	timeout {

	    error_and_restart "$test: timeout getting num_keys"

	    return

	}

	eof {

	    error_and_restart "$test: eof getting num_keys"

	    return

	}

    }

    # XXX Perhaps I should actually check the key type returned.

    if {$num_keys == 4} {

	pass "$test"

    } else {

	fail "$test: $num_keys keys, should be 4"

    }

    if { ! [cmd {kadm5_destroy $server_handle}]} {

	perror "$test: unexpected failure in destroy"

	return

    }

}

test200

return ""