1from k5test import * 2 3realm = K5Realm(start_kadmind=True) 4 5# Create a principal. Test -q option and keyboard entry of the admin 6# password and principal password. Verify creation with kadmin.local. 7realm.run([kadmin, '-q', 'addprinc princ/pw'], 8 input=password('admin') + '\npw1\npw1\n') 9realm.run([kadminl, 'getprinc', 'princ/pw'], 10 expected_msg='Principal: princ/pw@KRBTEST.COM') 11 12# Run the remaining tests with a cache for efficiency. 13realm.prep_kadmin() 14 15realm.run_kadmin(['addpol', 'standardpol']) 16realm.run_kadmin(['listpols'], expected_msg='standardpol') 17realm.run_kadmin(['modpol', '-minlength', '5', 'standardpol']) 18realm.run_kadmin(['getpol', 'standardpol'], 19 expected_msg='Minimum password length: 5') 20 21realm.run_kadmin(['addprinc', '-randkey', 'princ/random']) 22realm.run([kadminl, 'getprinc', 'princ/random'], 23 expected_msg='Principal: princ/random@KRBTEST.COM') 24 25realm.run_kadmin(['cpw', 'princ/pw'], input='newpw\nnewpw\n') 26realm.run_kadmin(['cpw', '-randkey', 'princ/random']) 27 28realm.run_kadmin(['modprinc', '-allow_tix', 'princ/random']) 29realm.run_kadmin(['modprinc', '+allow_tix', 'princ/random']) 30realm.run_kadmin(['modprinc', '-policy', 'standardpol', 'princ/random']) 31 32realm.run_kadmin(['listprincs'], expected_msg='princ/random@KRBTEST.COM') 33 34realm.run_kadmin(['ktadd', 'princ/pw']) 35 36realm.run_kadmin(['delprinc', 'princ/random']) 37realm.run([kadminl, 'getprinc', 'princ/random'], expected_code=1, 38 expected_msg='Principal does not exist') 39realm.run_kadmin(['delprinc', 'princ/pw']) 40realm.run([kadminl, 'getprinc', 'princ/pw'], expected_code=1, 41 expected_msg='Principal does not exist') 42 43realm.run_kadmin(['delpol', 'standardpol']) 44realm.run([kadminl, 'getpol', 'standardpol'], expected_code=1, 45 expected_msg='Policy does not exist') 46 47# Regression test for #2877 (fixed-sized GSSRPC buffers can't 48# accomodate large listprinc results). 49mark('large listprincs result') 50for i in range(200): 51 realm.run_kadmin(['addprinc', '-randkey', 'foo%d' % i]) 52realm.run_kadmin(['listprincs'], expected_msg='foo199') 53 54# Test kadmin -k with the default principal, with and without 55# fallback. This operation requires canonicalization against the 56# keytab in krb5_get_init_creds_keytab() as the 57# krb5_sname_to_principal() result won't have a realm. Try with and 58# without without fallback processing since the code paths are 59# different. 60mark('kadmin -k') 61realm.run([kadmin, '-k', 'getprinc', realm.host_princ]) 62no_canon_conf = {'libdefaults': {'dns_canonicalize_hostname': 'false'}} 63no_canon = realm.special_env('no_canon', False, krb5_conf=no_canon_conf) 64realm.run([kadmin, '-k', 'getprinc', realm.host_princ], env=no_canon) 65 66success('kadmin and kpasswd tests') 67