1load_lib lib.t 2api_exit 3api_start 4 5test "chpass-principal 200" 6proc test200 {} { 7 global test prompt 8 9 if {! (( ! [principal_exists "$test/a"]) || 10 [delete_principal "$test/a"])} { 11 error_and_restart "$test: couldn't create principal \"$test/a\"" 12 return 13 } 14 if {! [create_principal "$test/a"]} { 15 error_and_restart "$test: creating principal" 16 return 17 } 18 19 # I'd like to specify a long list of keysalt tuples and make sure 20 # that chpass does the right thing, but we can only use those 21 # enctypes that krbtgt has a key for: the AES enctypes, according to 22 # the prototype kdc.conf. 23 if {! [cmd [format { 24 kadm5_init admin admin $KADM5_ADMIN_SERVICE null \ 25 $KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \ 26 server_handle 27 }]]} { 28 perror "$test: unexpected failure in init" 29 return 30 } 31 if {! [cmd [format { 32 kadm5_chpass_principal $server_handle "%s/a" newpassword 33 } $test]]} { 34 perror "$test: unexpected failure in chpass_principal" 35 } 36 if {! [cmd [format { 37 kadm5_get_principal $server_handle "%s/a" p \ 38 {KADM5_PRINCIPAL_NORMAL_MASK KADM5_KEY_DATA} 39 } $test]]} { 40 perror "$test: unexpected failure in get_principal" 41 } 42 send "lindex \$p 16\n" 43 expect { 44 -re "(\[0-9\]+)\n$prompt" { set num_keys $expect_out(1,string) } 45 timeout { 46 error_and_restart "$test: timeout getting num_keys" 47 return 48 } 49 eof { 50 error_and_restart "$test: eof getting num_keys" 51 return 52 } 53 } 54 55 # XXX Perhaps I should actually check the key type returned. 56 if {$num_keys == 5} { 57 pass "$test" 58 } else { 59 fail "$test: $num_keys keys, should be 5" 60 } 61 if { ! [cmd {kadm5_destroy $server_handle}]} { 62 perror "$test: unexpected failure in destroy" 63 return 64 } 65} 66test200 67 68return "" 69