krb5 commit [krb5-1.12]: Add another kadmin ACL test for backreferences
Tom Yu
tlyu at mit.edu
Tue May 12 15:46:02 EDT 2015
https://github.com/krb5/krb5/commit/c1f3e9f768fee1366a16e93c82ad3746540a23b9
commit c1f3e9f768fee1366a16e93c82ad3746540a23b9
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Nov 21 16:18:27 2013 -0500
Add another kadmin ACL test for backreferences
Add a test using backreferences which don't correspond directly to
principal components, to verify that *N refers to the Nth wildcard and
not the Nth component.
(cherry picked from commit 119281156097a9da659ce5a7c06f0d517994781c)
ticket: 8183 (new)
version_fixed: 1.12.4
src/tests/t_kadmin_acl.py | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/tests/t_kadmin_acl.py b/src/tests/t_kadmin_acl.py
index 32e57b8..c4b8465 100644
--- a/src/tests/t_kadmin_acl.py
+++ b/src/tests/t_kadmin_acl.py
@@ -40,6 +40,7 @@ wctarget = make_client('wctarget')
admin = make_client('user/admin')
none = make_client('none')
restrictions = make_client('restrictions')
+onetwothreefour = make_client('one/two/three/four')
realm.run_kadminl('addpol -minlife "1 day" minlife')
@@ -64,6 +65,7 @@ restricted_modify im * +preauth
restricted_rename ad * +preauth
*/* d *2/*1
+*/two/*/* d *3/*1/*2
*/admin a
wctarget a wild/*
restrictions a type1 -policy minlife
@@ -328,6 +330,10 @@ if 'Principal "admin/user at KRBTEST.COM" deleted.' not in out:
out = kadmin_as(admin, 'delprinc -force none')
if 'Operation requires' not in out:
fail('delprinc failure (wildcard backreferences not matched)')
+realm.addprinc('four/one/three', 'pw')
+out = kadmin_as(onetwothreefour, 'delprinc -force four/one/three')
+if 'Principal "four/one/three at KRBTEST.COM" deleted.' not in out:
+ fail('delprinc success (wildcard backreferences 2)')
kadmin_as(restrictions, 'addprinc -pw pw type1')
out = realm.run_kadminl('getprinc type1')
More information about the cvs-krb5
mailing list