krb5 commit: Add tests for gic_pwd password change

Greg Hudson ghudson at MIT.EDU
Mon Mar 3 12:04:59 EST 2014 

https://github.com/krb5/krb5/commit/06817686bfdef99523f300464bcbb0c8b037a27d
commit 06817686bfdef99523f300464bcbb0c8b037a27d
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Feb 28 20:41:20 2014 -0500

    Add tests for gic_pwd password change
    
    ticket: 7868

 src/tests/Makefile.in   |    1 +
 src/tests/t_changepw.py |   37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 2bd7a5c..958b8a9 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -97,6 +97,7 @@ check-pytests:: t_init_creds t_localauth
 	$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+	$(RUNPYTEST) $(srcdir)/t_changepw.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
 	$(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
diff --git a/src/tests/t_changepw.py b/src/tests/t_changepw.py
new file mode 100644
index 0000000..0b98326
--- /dev/null
+++ b/src/tests/t_changepw.py
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+from k5test import *
+
+# This file is intended to cover any password-changing mechanism.  For
+# now it only contains a regression test for #7868.
+
+realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True)
+
+# Mark a principal as expired and change its password through kinit.
+realm.run_kadminl('modprinc -pwexpire "1 day ago" user')
+pwinput = password('user') + '\nabcd\nabcd\n'
+realm.run([kinit, realm.user_princ], input=pwinput)
+
+# Do the same thing with FAST, with tracing turned on.
+realm.run_kadminl('modprinc -pwexpire "1 day ago" user')
+pwinput = 'abcd\nefgh\nefgh\n'
+tracefile = os.path.join(realm.testdir, 'trace')
+realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache,
+           realm.user_princ], input=pwinput)
+
+# Read the trace and check that FAST was used when getting the
+# kadmin/changepw ticket.
+f = open(tracefile, 'r')
+trace = f.read()
+f.close()
+getting_changepw = fast_used_for_changepw = False
+for line in trace.splitlines():
+    if 'Getting initial credentials for user@' in line:
+        getting_changepw_ticket = False
+    if 'Setting initial creds service to kadmin/changepw' in line:
+        getting_changepw_ticket = True
+    if getting_changepw_ticket and 'Using FAST' in line:
+        fast_used_for_changepw = True
+if not fast_used_for_changepw:
+    fail('FAST was not used to get kadmin/changepw ticket')
+
+success('Password change tests')

More information about the cvs-krb5 mailing list