[28000] in CVS-changelog-for-Kerberos-V5
krb5 commit: Add tests for anonymous kadmin
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Oct 30 13:15:23 2013
Date: Wed, 30 Oct 2013 12:38:09 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201310301638.r9UGc9kV024144@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/7b7e72f66cda405967b2a1da0b5ff8141feb0eb1
commit 7b7e72f66cda405967b2a1da0b5ff8141feb0eb1
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Oct 28 13:34:04 2013 -0400
Add tests for anonymous kadmin
src/tests/t_pkinit.py | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py
index 7b20fa3..762e322 100644
--- a/src/tests/t_pkinit.py
+++ b/src/tests/t_pkinit.py
@@ -71,6 +71,19 @@ realm.kinit('@%s' % realm.realm, flags=['-n'])
realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
realm.run([kvno, realm.host_princ])
+# Test anonymous kadmin.
+f = open(os.path.join(realm.testdir, 'acl'), 'a')
+f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
+f.close()
+realm.start_kadmind()
+out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd'])
+if 'created.' not in out:
+ fail('Could not create principal with anonymous kadmin')
+out = realm.run([kadmin, '-n', '-q', 'getprinc testadd'])
+if "Operation requires ``get'' privilege" not in out:
+ fail('Anonymous kadmin has too much privilege')
+realm.stop_kadmind()
+
# Test with anonymous restricted; FAST should work but kvno should fail.
r_env = realm.special_env('restrict', True, kdc_conf=restrictive_kdc_conf)
realm.stop_kdc()
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
