|
Packit |
fd8b60 |
from k5test import *
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# This file is intended to cover any password-changing mechanism. For
|
|
Packit |
fd8b60 |
# now it only contains a regression test for #7868.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Mark a principal as expired and change its password through kinit.
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', '-pwexpire', '1 day ago', 'user'])
|
|
Packit |
fd8b60 |
pwinput = password('user') + '\nabcd\nabcd\n'
|
|
Packit |
fd8b60 |
realm.run([kinit, realm.user_princ], input=pwinput)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Do the same thing with FAST, with tracing turned on.
|
|
Packit |
fd8b60 |
realm.run([kadminl, 'modprinc', '-pwexpire', '1 day ago', 'user'])
|
|
Packit |
fd8b60 |
pwinput = 'abcd\nefgh\nefgh\n'
|
|
Packit |
fd8b60 |
out, trace = realm.run([kinit, '-T', realm.ccache, realm.user_princ],
|
|
Packit |
fd8b60 |
input=pwinput, return_trace=True)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
# Read the trace and check that FAST was used when getting the
|
|
Packit |
fd8b60 |
# kadmin/changepw ticket.
|
|
Packit |
fd8b60 |
getting_changepw = fast_used_for_changepw = False
|
|
Packit |
fd8b60 |
for line in trace.splitlines():
|
|
Packit |
fd8b60 |
if 'Getting initial credentials for user@' in line:
|
|
Packit |
fd8b60 |
getting_changepw_ticket = False
|
|
Packit |
fd8b60 |
if 'Setting initial creds service to kadmin/changepw' in line:
|
|
Packit |
fd8b60 |
getting_changepw_ticket = True
|
|
Packit |
fd8b60 |
if getting_changepw_ticket and 'Using FAST' in line:
|
|
Packit |
fd8b60 |
fast_used_for_changepw = True
|
|
Packit |
fd8b60 |
if not fast_used_for_changepw:
|
|
Packit |
fd8b60 |
fail('FAST was not used to get kadmin/changepw ticket')
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
success('Password change tests')
|