1load_lib lib.t
2api_exit
3api_start
4
5#test "modify-principal 1"
6#proc test1 {} {
7#	global test
8#	one_line_fail_test [format {
9#	    kadm5_modify_principal $server_handle [simple_principal \
10#		    "%s/a"] {KADM5_PW_EXPIRATION}
11#	} $test] "NOT_INIT"
12#}
13#test1
14
15test "modify-principal 2"
16proc test2 {} {
17    global test
18    if {! ((  [principal_exists "$test/a"]) ||
19	   [create_principal "$test/a"])} {
20	    error_and_restart "$test: couldn't create principal \"$test/a\""
21	    return
22    }
23    if {! [cmd {
24	kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
25		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
26		server_handle
27    }]} {
28	perror "$test: unexpected failure in init"
29	return
30    }
31    one_line_fail_test [format {
32	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
33		{KADM5_PRINC_EXPIRE_TIME}
34    } $test] "AUTH_MODIFY"
35    if { ! [cmd {kadm5_destroy $server_handle}]} {
36	perror "$test: unexpected failure in destroy"
37	return
38    }
39}
40if {$RPC} { test2 }
41
42test "modify-principal 4"
43proc test4 {} {
44    global test
45    if {! ((  [principal_exists "$test/a"]) ||
46	   [create_principal "$test/a"])} {
47	    error_and_restart "$test: couldn't create principal \"$test/a\""
48	    return
49    }
50    if {! [cmd {
51	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
52		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
53		server_handle
54    }]} {
55	perror "$test: unexpected failure in init"
56	return
57    }
58    one_line_fail_test [format {
59	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
60		{KADM5_PRINCIPAL}
61    } $test] "BAD_MASK"
62    if { ! [cmd {kadm5_destroy $server_handle}]} {
63	perror "$test: unexpected failure in destroy"
64	return
65    }
66}
67test4
68
69
70test "modify-principal 5"
71proc test5 {} {
72    global test
73    if {! ((  [principal_exists "$test/a"]) ||
74	   [create_principal "$test/a"])} {
75	    error_and_restart "$test: couldn't create principal \"$test/a\""
76	    return
77    }
78    if {! [cmd {
79	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
80		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
81		server_handle
82    }]} {
83	perror "$test: unexpected failure in init"
84	return
85    }
86    one_line_fail_test [format {
87	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
88		{KADM5_LAST_PWD_CHANGE}
89    } $test] "BAD_MASK"
90    if { ! [cmd {kadm5_destroy $server_handle}]} {
91	perror "$test: unexpected failure in destroy"
92	return
93    }
94}
95test5
96
97test "modify-principal 6"
98proc test6 {} {
99    global test
100    if {! ((  [principal_exists "$test/a"]) ||
101	   [create_principal "$test/a"])} {
102	    error_and_restart "$test: couldn't create principal \"$test/a\""
103	    return
104    }
105    if {! [cmd {
106	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
107		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
108		server_handle
109    }]} {
110	perror "$test: unexpected failure in init"
111	return
112    }
113    one_line_fail_test [format {
114	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
115		{KADM5_MOD_TIME}
116    } $test] "BAD_MASK"
117    if { ! [cmd {kadm5_destroy $server_handle}]} {
118	perror "$test: unexpected failure in destroy"
119	return
120    }
121}
122test6
123
124test "modify-principal 7"
125proc test7 {} {
126    global test
127    if {! ((  [principal_exists "$test/a"]) ||
128	   [create_principal "$test/a"])} {
129	    error_and_restart "$test: couldn't create principal \"$test/a\""
130	    return
131    }
132    if {! [cmd {
133	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
134		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
135		server_handle
136    }]} {
137	perror "$test: unexpected failure in init"
138	return
139    }
140    one_line_fail_test [format {
141	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
142		{KADM5_MOD_NAME}
143    } $test] "BAD_MASK"
144    if { ! [cmd {kadm5_destroy $server_handle}]} {
145	perror "$test: unexpected failure in destroy"
146	return
147    }
148}
149test7
150
151test "modify-principal 8"
152proc test8 {} {
153    global test
154    if {! ((  [principal_exists "$test/a"]) ||
155	   [create_principal "$test/a"])} {
156	    error_and_restart "$test: couldn't create principal \"$test/a\""
157	    return
158    }
159    if {! [cmd {
160	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
161		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
162		server_handle
163    }]} {
164	perror "$test: unexpected failure in init"
165	return
166    }
167    one_line_fail_test [format {
168	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
169		{KADM5_MKVNO}
170    } $test] "BAD_MASK"
171    if { ! [cmd {kadm5_destroy $server_handle}]} {
172	perror "$test: unexpected failure in destroy"
173	return
174    }
175}
176test8
177
178test "modify-principal 9"
179proc test9 {} {
180    global test
181    if {! ((  [principal_exists "$test/a"]) ||
182	   [create_principal "$test/a"])} {
183	    error_and_restart "$test: couldn't create principal \"$test/a\""
184	    return
185    }
186    if {! [cmd {
187	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
188		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
189		server_handle
190    }]} {
191	perror "$test: unexpected failure in init"
192	return
193    }
194    one_line_fail_test [format {
195	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
196		{KADM5_AUX_ATTRIBUTES}
197    } $test] "BAD_MASK"
198    if { ! [cmd {kadm5_destroy $server_handle}]} {
199	perror "$test: unexpected failure in destroy"
200	return
201    }
202}
203test9
204
205test "modify-principal 10"
206proc test10 {} {
207    global test
208    if {! (( ! [principal_exists "$test/a"]) ||
209	   [delete_principal "$test/a"])} {
210	    error_and_restart "$test: couldn't delete principal \"$test/a\""
211	    return
212    }
213    if {! [cmd {
214	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
215		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
216		server_handle
217    }]} {
218	perror "$test: unexpected failure in init"
219	return
220    }
221    one_line_fail_test [format {
222	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
223		{KADM5_PRINC_EXPIRE_TIME}
224    } $test] "UNK_PRINC"
225    if { ! [cmd {kadm5_destroy $server_handle}]} {
226	perror "$test: unexpected failure in destroy"
227	return
228    }
229}
230test10
231
232test "modify-principal 11"
233proc test11 {} {
234    global test
235    if {! (( [principal_exists "$test/a"]) ||
236	   [create_principal "$test/a"])} {
237	    error_and_restart "$test: couldn't delete principal \"$test/a\""
238	    return
239    }
240    if {! [cmd {
241	kadm5_init admin/none admin $KADM5_ADMIN_SERVICE null \
242		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
243		server_handle
244    }]} {
245	perror "$test: unexpected failure in init"
246	return
247    }
248    one_line_fail_test [format {
249	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
250		{KADM5_PRINC_EXPIRE_TIME}
251    } $test] "AUTH_MOD"
252    if { ! [cmd {kadm5_destroy $server_handle}]} {
253	perror "$test: unexpected failure in destroy"
254	return
255    }
256}
257if { $RPC } { test11 }
258
259test "modify-principal 12"
260proc test12 {} {
261    global test
262    if {! ((  [principal_exists "$test/a"]) ||
263	   [create_principal "$test/a"])} {
264	    error_and_restart "$test: couldn't delete principal \"$test/a\""
265	    return
266    }
267    if {! [cmd {
268	kadm5_init admin/get admin $KADM5_ADMIN_SERVICE null \
269		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
270		server_handle
271    }]} {
272	perror "$test: unexpected failure in init"
273	return
274    }
275    one_line_fail_test [format {
276	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
277		{KADM5_PRINC_EXPIRE_TIME}
278    } $test] "AUTH_MOD"
279    if { ! [cmd {kadm5_destroy $server_handle}]} {
280	perror "$test: unexpected failure in destroy"
281	return
282    }
283}
284if { $RPC } { test12 }
285
286test "modify-principal 13"
287proc test13 {} {
288    global test
289    if {! (( [principal_exists "$test/a"]) ||
290	   [create_principal "$test/a"])} {
291	    error_and_restart "$test: couldn't delete principal \"$test/a\""
292	    return
293    }
294    if {! [cmd {
295	kadm5_init admin/add admin $KADM5_ADMIN_SERVICE null \
296		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
297		server_handle
298    }]} {
299	perror "$test: unexpected failure in init"
300	return
301    }
302    one_line_fail_test [format {
303	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
304		{KADM5_PRINC_EXPIRE_TIME}
305    } $test] "AUTH_MOD"
306    if { ! [cmd {kadm5_destroy $server_handle}]} {
307	perror "$test: unexpected failure in destroy"
308	return
309    }
310}
311if { $RPC } { test13 }
312
313test "modify-principal 14"
314proc test14 {} {
315    global test
316    if {! (( [principal_exists "$test/a"]) ||
317	   [create_principal "$test/a"])} {
318	    error_and_restart "$test: couldn't delete principal \"$test/a\""
319	    return
320    }
321    if {! [cmd {
322	kadm5_init admin/delete admin $KADM5_ADMIN_SERVICE null \
323		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
324		server_handle
325    }]} {
326	perror "$test: unexpected failure in init"
327	return
328    }
329    one_line_fail_test [format {
330	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
331		{KADM5_PRINC_EXPIRE_TIME}
332    } $test] "AUTH_MOD"
333    if { ! [cmd {kadm5_destroy $server_handle}]} {
334	perror "$test: unexpected failure in destroy"
335	return
336    }
337}
338if { $RPC } { test14 }
339
340test "modify-principal 15"
341proc test15 {} {
342    global test
343    if {! (( [principal_exists "$test/a"]) ||
344	   [create_principal "$test/a"])} {
345	    error_and_restart "$test: couldn't delete principal \"$test/a\""
346	    return
347    }
348    if {! [cmd {
349	kadm5_init admin/modify admin $KADM5_ADMIN_SERVICE null \
350		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
351		server_handle
352    }]} {
353	perror "$test: unexpected failure in init"
354	return
355    }
356    one_line_succeed_test [format {
357	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
358		{KADM5_PRINC_EXPIRE_TIME}
359    } $test]
360    if { ! [cmd {kadm5_destroy $server_handle}]} {
361	perror "$test: unexpected failure in destroy"
362	return
363    }
364}
365test15
366
367test "modify-principal 17"
368proc test17 {} {
369    global test
370    if {! (( [principal_exists "$test/a"]) ||
371	   [create_principal "$test/a"])} {
372	    error_and_restart "$test: couldn't delete principal \"$test/a\""
373	    return
374    }
375    if {! [cmd {
376	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
377		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
378		server_handle
379    }]} {
380	perror "$test: unexpected failure in init"
381	return
382    }
383    one_line_succeed_test [format {
384	kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
385		no-policy] {KADM5_POLICY}
386    } $test]
387    if { ! [cmd {kadm5_destroy $server_handle}]} {
388	perror "$test: unexpected failure in destroy"
389	return
390    }
391}
392test17
393
394test "modify-principal 21.5"
395proc test21.5 {} {
396    global test
397    global prompt
398    if {! (( ! [principal_exists "$test/a"]) ||
399	   [delete_principal "$test/a"])} {
400	    error_and_restart "$test: couldn't delete principal \"$test/a\""
401	    return
402    }
403    if { !( [create_principal_pol "$test/a" "test-pol"])} {
404	error_and_restart "$test: could not create principal \"$test/a\""
405	return
406    }
407    if {! [cmd {
408	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
409		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
410		server_handle
411    }]} {
412	perror "$test: unexpected failure in init"
413	return
414    }
415    if { ! [cmd {kadm5_get_policy $server_handle test-pol old_p1}]}  {
416	perror "$test: unexpected failure on get policy"
417	return
418    }
419    if {! [cmd [format {
420	kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
421		test-pol] {KADM5_POLICY}
422    } $test]]} {
423	fail "$test: modify failed"
424	return
425    }
426    if {! [cmd [format {
427	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
428    } $test]]} {
429	error_and_restart "$test: could not retrieve principal"
430	return
431    }
432    send "lindex \$old_p1 6\n"
433    expect {
434	-re "(\[0-9\]+)\n$prompt$" {set old_p1_ref $expect_out(1,string) }
435	timeout {
436	    error_and_restart "$test: timeout getting principal kvno (second time)"
437	    return
438	}
439	eof {
440	    error_and_restart "$test: eof getting principal kvno (second time)"
441	    return
442	}
443    }
444
445    if { ! [cmd {kadm5_get_policy $server_handle test-pol new_p1}]} {
446	perror "$test: unexpected failure on get policy"
447	return
448    }
449
450    send "lindex \$new_p1 6\n"
451    expect {
452	-re "(\[0-9\]+)\n$prompt$" {set new_p1_ref $expect_out(1,string) }
453	timeout {
454	    error_and_restart "$test: timeout getting principal kvno (second time)"
455	    return
456	}
457	eof {
458	    error_and_restart "$test: eof getting principal kvno (second time)"
459	    return
460	}
461    }
462
463    if {$old_p1_ref != $new_p1_ref} {
464	fail "$test: policy reference count changed ($old_p1_ref to $new_p1_ref)"
465	return
466    }
467
468    if { ! [cmd {kadm5_destroy $server_handle}]} {
469	perror "$test: unexpected failure in destroy"
470	return
471    }
472}
473test21.5
474
475test "modify-principal 22"
476proc test22 {} {
477    global test
478    global prompt
479    if {! ((  [principal_exists "$test/a"]) ||
480	   [create_principal "$test/a"])} {
481	    error_and_restart "$test: couldn't create principal \"$test/a\""
482	    return
483    }
484    if {! [cmd {
485	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
486		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
487		server_handle
488    }]} {
489	perror "$test: unexpected failure in init"
490	return
491    }
492    if { ! [cmd [format {
493	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
494		{KADM5_PW_EXPIRATION}
495    } $test]]} {
496	fail "$test: modify failed"
497	return
498    }
499    if {! [cmd [format {
500	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
501    } $test]]} {
502	error_and_restart "$test: could not retrieve principal"
503	return
504    }
505    send "lindex \$principal 3\n"
506    expect {
507	-re "0\n$prompt$"		{ pass "$test" }
508	timeout				{ fail "$test" }
509    }
510    if { ! [cmd {kadm5_destroy $server_handle}]} {
511	perror "$test: unexpected failure in destroy"
512	return
513    }
514}
515test22
516
517test "modify-principal 23"
518proc test23 {} {
519    global test
520    global prompt
521    if {! ((  [principal_exists "$test/a"]) ||
522	   [create_principal_pol "$test/a" test-pol-nopw])} {
523	    error_and_restart "$test: couldn't create principal \"$test/a\""
524	    return
525    }
526    if {! [cmd {
527	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
528		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
529		server_handle
530    }]} {
531	perror "$test: unexpected failure in init"
532	return
533    }
534    if { ! [cmd [format {
535	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
536		{KADM5_PW_EXPIRATION}
537    } $test]]} {
538	fail "$test: modify failed"
539	return
540    }
541    if {! [cmd [format {
542	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
543    } $test]]} {
544	error_and_restart "$test: could not retrieve principal"
545	return
546    }
547    send "lindex \$principal 3\n"
548    expect {
549	-re "0\n$prompt$"		{ pass "$test" }
550	timeout				{ fail "$test" }
551    }
552    if { ! [cmd {kadm5_destroy $server_handle}]} {
553	perror "$test: unexpected failure in destroy"
554	return
555    }
556}
557test23
558
559test "modify-principal 24"
560proc test24 {} {
561    global test
562    global prompt
563
564    if {! ((  [principal_exists "$test/a"]) ||
565	   [create_principal_pol "$test/a" "test-pol" ])} {
566	    error_and_restart "$test: couldn't create principal \"$test/a\""
567	    return
568    }
569    if {! [cmd {
570	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
571		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
572		server_handle
573    }]} {
574	error_and_restart "$test: unexpected failure in init"
575	return
576    }
577    if { ! [cmd [format {
578	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
579		{KADM5_PW_EXPIRATION}
580    } $test]]} {
581    	fail "$test: could not modify principal"
582	return
583    }
584    if {! [cmd [format {
585	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
586    } $test]]} {
587	error_and_restart "$test: could not retrieve principal"
588	return
589    }
590    if { ! [cmd [format {
591	kadm5_get_policy $server_handle %s policy
592    } test-pol]]} {
593	error_and_restart "$test: cannot retrieve policy"
594	return
595    }
596    send "lindex \$principal 2\n"
597    expect {
598	-re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
599	timeout {
600	    error_and_restart "$test: timeout getting mod_date"
601	    return
602	}
603	eof {
604	    error_and_restart "$test: eof getting pw_mod_date"
605	    return
606	}
607    }
608
609    send "lindex \$principal 3\n"
610    expect {
611	-re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
612	timeout {
613	    error_and_restart "$test: timeout getting pw_expire"
614	    return
615	}
616	eof {
617	    error_and_restart "$test: eof getting pw_expire"
618	    return
619	}
620    }
621
622    send "lindex \$policy 2\n"
623    expect {
624	-re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
625	timeout {
626	    error_and_restart "$test: timeout getting pw_max_life"
627	    return
628	}
629	eof {
630	    error_and_restart "$test: eof getting pw_max_life"
631	    return
632	}
633    }
634    if { $pw_expire != 0 } {
635	fail "$test: pw_expire $pw_expire should be 0"
636	return
637    } else {
638	pass "$test"
639    }
640    if { ! [cmd {kadm5_destroy $server_handle}]} {
641	perror "$test: unexpected failure in destroy"
642	return
643    }
644}
645test24
646
647test "modify-principal 25"
648proc test25 {} {
649    global test
650    global prompt
651
652    if {! ((  [principal_exists "$test/a"]) ||
653	   [create_principal "$test/a"])} {
654	    error_and_restart "$test: couldn't create principal \"$test/a\""
655	    return
656    }
657    if {! [cmd {
658	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
659		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
660		server_handle
661    }]} {
662	perror "$test: unexpected failure in init"
663	return
664    }
665    if { ! [cmd [format {
666	kadm5_modify_principal $server_handle \
667		{"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
668    } $test]]} {
669	fail "$test: modify failed"
670	return
671    }
672    if {! [cmd [format {
673	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
674    } $test]]} {
675	error_and_restart "$test: could not retrieve principal"
676	return
677    }
678    send "lindex \$principal 3\n"
679    expect {
680	-re "1234\n$prompt$"		{ pass "$test" }
681	timeout				{ fail "$test" }
682    }
683    if { ! [cmd {kadm5_destroy $server_handle}]} {
684	perror "$test: unexpected failure in destroy"
685	return
686    }
687}
688test25
689
690test "modify-principal 26"
691proc test26 {} {
692    global test
693    global prompt
694
695    if {! ((  [principal_exists "$test/a"]) ||
696	   [create_principal_pol "$test/a" "test-pol-nopw" ])} {
697	    error_and_restart "$test: couldn't create principal \"$test/a\""
698	    return
699    }
700    if {! [cmd {
701	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
702		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
703		server_handle
704    }]} {
705	perror "$test: unexpected failure in init"
706	return
707    }
708    if { ! [cmd [format {
709	kadm5_modify_principal $server_handle \
710		{"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
711    } $test]]} {
712	fail "$test: modify failed"
713	return
714    }
715    if {! [cmd [format {
716	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
717    } $test]]} {
718	error_and_restart "$test: could not retrieve principal"
719	return
720    }
721    send "lindex \$principal 3\n"
722    expect {
723	-re "1234\n$prompt$"		{ pass "$test" }
724	timeout				{ fail "$test" }
725    }
726    if { ! [cmd {kadm5_destroy $server_handle}]} {
727	perror "$test: unexpected failure in destroy"
728	return
729    }
730}
731test26
732
733test "modify-principal 27"
734proc test27 {} {
735    global test
736    global prompt
737
738    if {! ((  [principal_exists "$test/a"]) ||
739	   [create_principal_pol "$test/a" "test-pol" ])} {
740	    error_and_restart "$test: couldn't create principal \"$test/a\""
741	    return
742    }
743    if {! [cmd {
744	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
745		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
746		server_handle
747    }]} {
748	perror "$test: unexpected failure in init"
749	return
750    }
751    if { ! [cmd [format {
752	kadm5_modify_principal $server_handle \
753		{"%s/a" 0 0 1234 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
754    } $test]]} {
755	fail "$test: modify failed"
756	return
757    }
758    if {! [cmd [format {
759	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
760    } $test]]} {
761	error_and_restart "$test: could not retrieve principal"
762	return
763    }
764    send "lindex \$principal 3\n"
765    expect {
766	-re "1234\n$prompt$"		{ pass "$test" }
767	timeout				{ fail "$test" }
768    }
769    if { ! [cmd {kadm5_destroy $server_handle}]} {
770	perror "$test: unexpected failure in destroy"
771	return
772    }
773}
774test27
775
776test "modify-principal 28"
777proc test28 {} {
778    global test
779    global prompt
780#    set prms_id 1358
781#    setup_xfail {*-*-*} $prms_id
782
783    if {! ((  [principal_exists "$test/a"]) ||
784	   [create_principal_pol "$test/a" "test-pol" ])} {
785	    error_and_restart "$test: couldn't create principal \"$test/a\""
786	    return
787    }
788    if {! [cmd {
789	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
790		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
791		server_handle
792    }]} {
793	perror "$test: unexpected failure in init"
794	return
795    }
796    if { ! [cmd [format {
797	kadm5_modify_principal $server_handle \
798		{"%s/a" 0 0 999999999 0 0 0 0 0 0 0 0} {KADM5_PW_EXPIRATION}
799    } $test]]} {
800	fail "$test: modify failed"
801	return
802    }
803    if {! [cmd [format {
804	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
805    } $test]]} {
806	error_and_restart "$test: could not retrieve principal"
807	return
808    }
809    if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
810	error_and_restart "$test: cannot retrieve policy"
811	return
812    }
813    send "lindex \$principal 2\n"
814    expect {
815	-re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
816	timeout {
817	    error_and_restart "$test: timeout getting pw_mod_date"
818	    return
819	}
820	eof {
821	    error_and_restart "$test: eof getting pw_mod_date"
822	    return
823	}
824    }
825
826    send "lindex \$principal 3\n"
827    expect {
828	-re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
829	timeout {
830	    error_and_restart "$test: timeout getting pw_expire"
831	    return
832	}
833	eof {
834	    error_and_restart "$test: eof getting pw_expire"
835	    return
836	}
837    }
838    send "lindex \$policy 2\n"
839    expect {
840	-re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
841	timeout {
842	    error_and_restart "$test: timeout getting pw_max_life"
843	    return
844	}
845	eof {
846	    error_and_restart "$test: eof getting pw_max_life"
847	    return
848	}
849    }
850    if { $pw_expire != 999999999 } {
851	fail "$test: pw_expire $pw_expire should be 999999999"
852	return
853    }
854    pass "$test"
855    if { ! [cmd {kadm5_destroy $server_handle}]} {
856	perror "$test: unexpected failure in destroy"
857	return
858    }
859}
860test28
861
862test "modify-principal 29"
863proc test29 {} {
864    global test
865    global prompt
866
867    if {! (( ! [principal_exists "$test/a"]) ||
868	   [delete_principal "$test/a"])} {
869	    error_and_restart "$test: couldn't delete principal \"$test/a\""
870	    return
871    }
872    if { ! ([create_principal_pol "$test/a" test-pol])} {
873	perror "$test: unexpected failure in creating principal"
874	return
875    }
876    if {! [cmd {
877	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
878		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
879		server_handle
880    }]} {
881	perror "$test: unexpected failure in init"
882	return
883    }
884    if { ! [cmd [format {
885	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
886		{KADM5_POLICY_CLR}
887    } $test]]} {
888	fail "$test: modify failed"
889	return
890    }
891    if {! [cmd [format {
892	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
893    } $test]]} {
894	error_and_restart "$test: could not retrieve principal"
895	return
896    }
897    send "lindex \$principal 3\n"
898    expect {
899	-re "0\n$prompt$"		{ pass "$test" }
900	timeout				{ fail "$test" }
901    }
902    if { ! [cmd {kadm5_destroy $server_handle}]} {
903	perror "$test: unexpected failure in destroy"
904	return
905    }
906}
907test29
908
909test "modify-principal 30"
910proc test30 {} {
911    global test
912    global prompt
913
914    if {! (( ! [principal_exists "$test/a"]) ||
915	   [delete_principal "$test/a"])} {
916	    error_and_restart "$test: couldn't delete principal \"$test/a\""
917	    return
918    }
919    if {! ([create_principal_pol "$test/a" test-pol])} {
920	perror "$test: unexpected failure in creating principal"
921	return
922    }
923    if {! [cmd {
924	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
925		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
926		server_handle
927    }]} {
928	perror "$test: unexpected failure in init"
929	return
930    }
931    if { ! [cmd [format {
932	kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
933		test-pol-nopw] {KADM5_POLICY}
934    } $test]]} {
935	fail "$test: modify failed"
936	return
937    }
938    if {! [cmd [format {
939	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
940    } $test]]} {
941	error_and_restart "$test: could not retrieve principal"
942	return
943    }
944    send "lindex \$principal 3\n"
945    expect {
946	-re "0\n$prompt$"		{ pass "$test" }
947	timeout				{ fail "$test" }
948    }
949    if { ! [cmd {kadm5_destroy $server_handle}]} {
950	perror "$test: unexpected failure in destroy"
951	return
952    }
953}
954test30
955
956test "modify-principal 31"
957proc test31 {} {
958    global test
959    global prompt
960    if {! (( ! [principal_exists "$test/a"]) ||
961	   [delete_principal "$test/a"])} {
962	    error_and_restart "$test: couldn't delete principal \"$test/a\""
963	    return
964    }
965    if {! ([create_principal "$test/a"])} {
966	perror "$test: unexpected failure in creating principal"
967	return
968    }
969    if {! [cmd {
970	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
971		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
972		server_handle
973    }]} {
974	perror "$test: unexpected failure in init"
975	return
976    }
977    if { ! [cmd [format {
978	kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
979		test-pol] {KADM5_POLICY}
980    } $test]]} {
981	fail "modify failed"
982	return
983    }
984    if {! [cmd [format {
985	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
986    } $test]]} {
987	error_and_restart "$test: could not retrieve principal"
988	return
989    }
990    if { ! [cmd {kadm5_get_policy $server_handle test-pol policy}]} {
991	error_and_restart "$test: cannot retrieve policy"
992	return
993    }
994    send "lindex \$principal 2\n"
995    expect {
996	-re "(\[0-9\]+)\n$prompt" {set pw_mod_date $expect_out(1,string) }
997	timeout {
998	    error_and_restart "$test: timeout getting pw_mod_date"
999	    return
1000	}
1001	eof {
1002	    error_and_restart "$test: eof getting pw_mod_date"
1003	    return
1004	}
1005    }
1006
1007    send "lindex \$principal 3\n"
1008    expect {
1009	-re "(\[0-9\]+)\n$prompt" {set pw_expire $expect_out(1,string) }
1010	timeout {
1011	    error_and_restart "$test: timeout getting pw_expire"
1012	    return
1013	}
1014	eof {
1015	    error_and_restart "$test: eof getting pw_expire"
1016	    return
1017	}
1018    }
1019
1020    send "lindex \$policy 2\n"
1021    expect {
1022	-re "(\[0-9\]+)\n$prompt" {set pw_max_life $expect_out(1,string) }
1023	timeout {
1024	    error_and_restart "$test: timeout getting pw_max_life"
1025	    return
1026	}
1027	eof {
1028	    error_and_restart "$test: eof getting pw_max_life"
1029	    return
1030	}
1031    }
1032    if { [expr "$pw_mod_date + $pw_max_life"] != $pw_expire } {
1033	fail "$test: pw_expire is wrong"
1034	return
1035    }
1036
1037    if { ! [cmd {kadm5_destroy $server_handle}]} {
1038	perror "$test: unexpected failure in destroy"
1039	return
1040    }
1041}
1042test31
1043
1044test "modify-principal 32"
1045proc test32 {} {
1046    global test
1047    global prompt
1048    if {! (( ! [principal_exists "$test/a"]) ||
1049	   [delete_principal "$test/a"])} {
1050	error_and_restart "$test: couldn't delete principal \"$test/a\""
1051	return
1052    }
1053    if {! ([create_principal "$test/a"])} {
1054	perror "$test: unexpected failure in creating principal"
1055	return
1056    }
1057    if {! [cmd {
1058	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1059		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1060		server_handle
1061    }]} {
1062	perror "$test: unexpected failure in init"
1063	return
1064    }
1065    if {! [cmd [format {
1066	kadm5_modify_principal $server_handle \
1067		{"%s/a" 1234 0 0 0 0 0 0 0 0 0 0} \
1068		{KADM5_PRINC_EXPIRE_TIME}
1069    } $test]]} {
1070	fail "$test: modify failed"
1071	return
1072    }
1073    if {! [cmd [format {
1074	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1075    } $test]]} {
1076	error_and_restart "$test: could not retrieve principal"
1077	return
1078    }
1079    send "lindex \$principal 1\n"
1080    expect {
1081	-re "1234\n$prompt$"		{ pass "$test" }
1082	timeout				{ fail "$test" }
1083    }
1084    if { ! [cmd {kadm5_destroy $server_handle}]} {
1085	perror "$test: unexpected failure in destroy"
1086	return
1087    }
1088}
1089test32
1090
1091test "modify-principal 33"
1092proc test33 {} {
1093    global test
1094    global prompt
1095    if {! (( ! [principal_exists "$test/a"]) ||
1096	   [delete_principal "$test/a"])} {
1097	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1098	    return
1099    }
1100    if {! ([create_principal "$test/a"])} {
1101	perror "$test: unexpected failure in creating principal"
1102	return
1103    }
1104
1105    if {! [cmd {
1106	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1107		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1108		server_handle
1109    }]} {
1110	perror "$test: unexpected failure in init"
1111	return
1112    }
1113    if {! [cmd [format {
1114	kadm5_modify_principal $server_handle \
1115		{"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_ALL_TIX 0 0 0 0} \
1116		{KADM5_ATTRIBUTES}
1117    } $test]]} {
1118	fail "$test: modified fail"
1119	return
1120    }
1121    if {! [cmd [format {
1122	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1123    } $test]]} {
1124	error_and_restart "$test: could not retrieve principal"
1125	return
1126    }
1127    send "lindex \$principal 7\n"
1128    expect {
1129	-re "KRB5_KDB_DISALLOW_ALL_TIX.*$prompt$"		{ pass "$test" }
1130	timeout							{ fail "$test" }
1131    }
1132    if { ! [cmd {kadm5_destroy $server_handle}]} {
1133	perror "$test: unexpected failure in destroy"
1134	return
1135    }
1136}
1137test33
1138
1139test "modify-principal 33.25"
1140proc test3325 {} {
1141    global test
1142    global prompt
1143    if {! (( ! [principal_exists "$test/a"]) ||
1144	   [delete_principal "$test/a"])} {
1145	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1146	    return
1147    }
1148    if {! ([create_principal "$test/a"])} {
1149	perror "$test: unexpected failure in creating principal"
1150	return
1151    }
1152
1153    if {! [cmd {
1154	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1155		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1156		server_handle
1157    }]} {
1158	perror "$test: unexpected failure in init"
1159	return
1160    }
1161    if {! [cmd [format {
1162	kadm5_modify_principal $server_handle \
1163		{"%s/a" 0 0 0 0 0 0 KRB5_KDB_REQUIRES_PWCHANGE 0 0 0 0} \
1164		{KADM5_ATTRIBUTES}
1165    } $test]]} {
1166	fail "$test: modified fail"
1167	return
1168    }
1169    if {! [cmd [format {
1170	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1171    } $test]]} {
1172	error_and_restart "$test: could not retrieve principal"
1173	return
1174    }
1175    send "lindex \$principal 7\n"
1176    expect {
1177	-re "KRB5_KDB_REQUIRES_PWCHANGE.*$prompt$"		{ pass "$test" }
1178	timeout							{ fail "$test" }
1179    }
1180    if { ! [cmd {kadm5_destroy $server_handle}]} {
1181	perror "$test: unexpected failure in destroy"
1182	return
1183    }
1184}
1185test3325
1186
1187test "modify-principal 33.5"
1188proc test335 {} {
1189    global test
1190    global prompt
1191    if {! (( ! [principal_exists "$test/a"]) ||
1192	   [delete_principal "$test/a"])} {
1193	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1194	    return
1195    }
1196    if {! ([create_principal "$test/a"])} {
1197	perror "$test: unexpected failure in creating principal"
1198	return
1199    }
1200
1201    if {! [cmd {
1202	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1203		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1204		server_handle
1205    }]} {
1206	perror "$test: unexpected failure in init"
1207	return
1208    }
1209    if {! [cmd [format {
1210	kadm5_modify_principal $server_handle \
1211		{"%s/a" 0 0 0 0 0 0 KRB5_KDB_DISALLOW_TGT_BASED 0 0 0 0} \
1212		{KADM5_ATTRIBUTES}
1213    } $test]]} {
1214	fail "$test: modified fail"
1215	return
1216    }
1217    if {! [cmd [format {
1218	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1219    } $test]]} {
1220	error_and_restart "$test: could not retrieve principal"
1221	return
1222    }
1223    send "lindex \$principal 7\n"
1224    expect {
1225	-re "KRB5_KDB_DISALLOW_TGT_BASED.*$prompt$"		{ pass "$test" }
1226	timeout							{ fail "$test" }
1227    }
1228    if { ! [cmd {kadm5_destroy $server_handle}]} {
1229	perror "$test: unexpected failure in destroy"
1230	return
1231    }
1232}
1233test335
1234
1235
1236test "modify-principal 34"
1237proc test34 {} {
1238    global test
1239    global prompt
1240    if {! (( ! [principal_exists "$test/a"]) ||
1241	   [delete_principal "$test/a"])} {
1242	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1243	    return
1244    }
1245    if {! ([create_principal "$test/a"])} {
1246	perror "$test: unexpected failure in creating principal"
1247	return
1248    }
1249
1250    if {! [cmd {
1251	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1252		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1253		server_handle
1254    }]} {
1255	perror "$test: unexpected failure in init"
1256	return
1257    }
1258    if { ! [cmd [format {
1259	kadm5_modify_principal $server_handle \
1260		{"%s/a" 0 0 0 3456 0 0 0 0 0 0 0} {KADM5_MAX_LIFE}
1261    } $test]]} {
1262	fail "$test: modify failed"
1263	return
1264    }
1265
1266    if {! [cmd [format {
1267	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1268    } $test]]} {
1269	error_and_restart "$test: could not retrieve principal"
1270	return
1271    }
1272    send "lindex \$principal 4\n"
1273    expect {
1274	-re "3456\n$prompt$"		{ pass "$test" }
1275	timeout				{ fail "$test" }
1276    }
1277    if { ! [cmd {kadm5_destroy $server_handle}]} {
1278	perror "$test: unexpected failure in destroy"
1279	return
1280    }
1281}
1282test34
1283
1284test "modify-principal 35"
1285proc test35 {} {
1286    global prompt
1287    global test
1288    if {! (( ! [principal_exists "$test/a"]) ||
1289	   [delete_principal "$test/a"])} {
1290	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1291	    return
1292    }
1293    if {! ([create_principal "$test/a"])} {
1294	perror "$test: unexpected failure in creating principal"
1295	return
1296    }
1297    if {! [cmd {
1298	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1299		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1300		server_handle
1301    }]} {
1302	perror "$test: unexpected failure in init"
1303	return
1304    }
1305    if { ! [cmd [format {
1306	kadm5_modify_principal $server_handle \
1307		{"%s/a" 0 0 0 0 0 0 0 7 0 0 0} {KADM5_KVNO}
1308    } $test]]} {
1309	fail "$test: modify failed"
1310	return
1311    }
1312    if {! [cmd [format {
1313	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1314    } $test]]} {
1315	error_and_restart "$test: could not retrieve principal"
1316	return
1317    }
1318    send "lindex \$principal 8\n"
1319    expect {
1320	-re "7\n$prompt$"		{ pass "$test" }
1321	timeout				{ fail "$test" }
1322    }
1323    if { ! [cmd {kadm5_destroy $server_handle}]} {
1324	perror "$test: unexpected failure in destroy"
1325	return
1326    }
1327}
1328test35
1329
1330test "modify-principal 36"
1331proc test36 {} {
1332    global test
1333    global prompt
1334    if {! (( ! [principal_exists "$test/a"]) ||
1335	   [delete_principal "$test/a"])} {
1336	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1337	    return
1338    }
1339    if { !( [create_principal_pol "$test/a" "test-pol"])} {
1340	error_and_restart "$test: could not create principal \"$test/a\""
1341	return
1342    }
1343    if {! [cmd {
1344	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1345		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1346		server_handle
1347    }]} {
1348	perror "$test: unexpected failure in init"
1349	return
1350    }
1351    if { ! [cmd {kadm5_get_policy $server_handle test-pol pol}]}  {
1352	perror "$test: unexpected failure on get policy"
1353	return
1354    }
1355    if {! [cmd [format {
1356	kadm5_modify_principal $server_handle [princ_w_pol "%s/a" \
1357		test-pol] {KADM5_POLICY}
1358    } $test]]} {
1359	fail "$test: modify failed"
1360	return
1361    }
1362    if {! [cmd [format {
1363	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1364    } $test]]} {
1365	error_and_restart "$test: could not retrieve principal"
1366	return
1367    }
1368    send "lindex \$principal 10\n"
1369    expect {
1370	-re "test-pol\n$prompt$"	{ pass "$test" }
1371	timeout				{ fail "$test" }
1372    }
1373    send "lindex \$pol 6\n"
1374    expect {
1375	-re "(\[0-9\]+)\n$prompt$" {set oldref $expect_out(1,string) }
1376	timeout {
1377	    error_and_restart "$test: timeout getting principal kvno (second time)"
1378	    return
1379	}
1380	eof {
1381	    error_and_restart "$test: eof getting principal kvno (second time)"
1382	    return
1383	}
1384    }
1385    if { ! [cmd {kadm5_get_policy $server_handle test-pol pol2}]} {
1386	perror "$test: unexpected failure on get policy"
1387	return
1388    }
1389    send "lindex \$pol2 6\n"
1390    expect {
1391	-re "(\[0-9\]+)\n$prompt$" {set newref $expect_out(1,string) }
1392	timeout {
1393	    error_and_restart "$test: timeout getting principal kvno (second time)"
1394	    return
1395	}
1396	eof {
1397	    error_and_restart "$test: eof getting principal kvno (second time)"
1398	    return
1399	}
1400    }
1401    if { $oldref != $newref } {
1402	fail "$test: policy reference count is wrong"
1403	return;
1404    }
1405    if { ! [cmd {kadm5_destroy $server_handle}]} {
1406	perror "$test: unexpected failure in destroy"
1407	return
1408    }
1409}
1410test36
1411
1412test "modify-principal 37"
1413proc test37 {} {
1414    global test
1415    global prompt
1416    if {! (( ! [principal_exists "$test/a"]) ||
1417	   [delete_principal "$test/a"])} {
1418	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1419	    return
1420    }
1421    if { !( [create_principal "$test/a"])} {
1422	error_and_restart "$test: could not create principal \"$test/a\""
1423	return
1424    }
1425    if {! [cmd {
1426	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1427		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1428		server_handle
1429    }]} {
1430	perror "$test: unexpected failure in init"
1431	return
1432    }
1433    if {! [cmd [format {
1434	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
1435		{KADM5_POLICY_CLR}
1436    } $test]]} {
1437	fail "$test: modify failed"
1438	return
1439    }
1440    if { ! [cmd {kadm5_destroy $server_handle}]} {
1441	perror "$test: unexpected failure in destroy"
1442	return
1443    }
1444}
1445test37
1446
1447test "modify-principal 38"
1448proc test38 {} {
1449    global test
1450    global prompt
1451    if {! (( ! [principal_exists "$test/a"]) ||
1452	   [delete_principal "$test/a"])} {
1453	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1454	    return
1455    }
1456    if {! ([create_principal "$test/a"])} {
1457	perror "$test: unexpected failure in creating principal"
1458	return
1459    }
1460    if {! [cmd {
1461	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1462		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1463		server_handle
1464    }]} {
1465	perror "$test: unexpected failure in init"
1466	return
1467    }
1468    if {! [cmd [format {
1469	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
1470		{KADM5_PRINC_EXPIRE_TIME}
1471    } $test]]} {
1472	fail "$test: modify failed"
1473	return
1474    }
1475    if {! [cmd [format {
1476	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1477    } $test]]} {
1478	error_and_restart "$test: could not retrieve principal"
1479	return
1480    }
1481    send "lindex \$principal 1\n"
1482    expect {
1483	-re "0\n$prompt$"		{ pass "$test" }
1484	timeout				{ fail "$test" }
1485    }
1486    if { ! [cmd {kadm5_destroy $server_handle}]} {
1487	perror "$test: unexpected failure in destroy"
1488	return
1489    }
1490}
1491test38
1492
1493test "modify-principal 39"
1494proc test39 {} {
1495    global test
1496    global prompt
1497    if {! (( ! [principal_exists "$test/a"]) ||
1498	   [delete_principal "$test/a"])} {
1499	    error_and_restart "$test: couldn't delete principal \"$test/a\""
1500	    return
1501    }
1502    if {! ([create_principal "$test/a"])} {
1503	perror "$test: unexpected failure in creating principal"
1504	return
1505    }
1506    if {! [cmd {
1507	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1508		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1509		server_handle
1510    }]} {
1511	perror "$test: unexpected failure in init"
1512	return
1513    }
1514    if {! [cmd [format {
1515	kadm5_modify_principal $server_handle [simple_principal "%s/a"] \
1516		{KADM5_MAX_LIFE}
1517    } $test]]} {
1518	fail "$test: modify failed"
1519	return
1520    }
1521    if {! [cmd [format {
1522	kadm5_get_principal $server_handle "%s/a" principal KADM5_PRINCIPAL_NORMAL_MASK
1523    } $test]]} {
1524	error_and_restart "$test: could not retrieve principal"
1525	return
1526    }
1527    send "lindex \$principal 4\n"
1528    expect {
1529	-re "0\n$prompt$"		{ pass "$test" }
1530	timeout				{ fail "$test" }
1531    }
1532    if { ! [cmd {kadm5_destroy $server_handle}]} {
1533	perror "$test: unexpected failure in destroy"
1534	return
1535    }
1536}
1537test39
1538
1539test "modify-principal 40"
1540proc test40 {} {
1541    global test
1542    global prompt
1543
1544    if {! ((  [principal_exists "$test/a"]) ||
1545	   [create_principal "$test/a"])} {
1546	    error_and_restart "$test: couldn't create principal \"$test/a\""
1547	    return
1548    }
1549    if {! [cmd {
1550	kadm5_init admin admin $KADM5_CHANGEPW_SERVICE null \
1551		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1552		server_handle
1553    }]} {
1554	perror "$test: unexpected failure in init"
1555	return
1556    }
1557    one_line_fail_test {
1558	kadm5_modify_principal $server_handle null \
1559		{KADM5_PRINC_EXPIRE_TIME}
1560    } "EINVAL"
1561    if { ! [cmd {kadm5_destroy $server_handle}]} {
1562	perror "$test: unexpected failure in destroy"
1563	return
1564    }
1565}
1566test40
1567
1568test "modify-principal 43"
1569proc test43 {} {
1570	global test
1571	one_line_fail_test [format {
1572	    kadm5_modify_principal null [simple_principal \
1573		    "%s/a"] {KADM5_PW_EXPIRATION}
1574	} $test] "BAD_SERVER_HANDLE"
1575}
1576test43
1577
1578test "modify-principal 44"
1579proc test44 {} {
1580    global test
1581    if {! ((  [principal_exists "$test/a"]) ||
1582	   [create_principal "$test/a"])} {
1583	    error_and_restart "$test: couldn't create principal \"$test/a\""
1584	    return
1585    }
1586    if {! [cmd {
1587	kadm5_init admin admin $KADM5_ADMIN_SERVICE null \
1588		$KADM5_STRUCT_VERSION $KADM5_API_VERSION_3 \
1589		server_handle
1590    }]} {
1591	perror "$test: unexpected failure in init"
1592	return
1593    }
1594    # setting fail auth count to a non-zero value must fail
1595    one_line_fail_test [format {
1596	kadm5_modify_principal $server_handle \
1597		{"%s/a" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1234 0 0 {} {}} {KADM5_FAIL_AUTH_COUNT}
1598    } $test] "BAD_SERVER_PARAMS"
1599    if { ! [cmd {kadm5_destroy $server_handle}]} {
1600	perror "$test: unexpected failure in destroy"
1601	return
1602    }
1603}
1604test44
1605
1606return ""
1607