From ca4cd801f82358e4491a138042ef0f0da8f26eb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 7 Jun 2006 06:02:54 +0000
Subject: [PATCH] Test delegation

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17633 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 tests/kdc/check-kdc.in | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tests/kdc/check-kdc.in b/tests/kdc/check-kdc.in
index e61c1f49d..28125fe06 100644
--- a/tests/kdc/check-kdc.in
+++ b/tests/kdc/check-kdc.in
@@ -49,6 +49,7 @@ server=host/datan.example.org
 server2=host/computer.example.com
 cache="FILE:${objdir}/cache.krb5"
 ocache="FILE:${objdir}/ocache.krb5"
+o2cache="FILE:${objdir}/o2cache.krb5"
 keytabfile=${objdir}/server.keytab
 keytab="FILE:${keytabfile}"
 ps="proxy-service@${R}"
@@ -87,6 +88,8 @@ ${kadmin} add -p bar --use-defaults bar@${R} || exit 1
 ${kadmin} add -p foo --use-defaults remove@${R} || exit 1
 ${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
 ${kadmin} add -p foo --use-defaults ${ps} || exit 1
+${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
+${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
 ${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
 ${kadmin} ext -k ${keytab} ${ps} || exit 1
 
@@ -231,13 +234,16 @@ else
 fi
 
 echo "tickets for impersonate test case"
-${kinit} --password-file=${objdir}/foopassword ${ps} || exitcode=1
+${kinit} --forwardable --password-file=${objdir}/foopassword ${ps} || exitcode=1
 ${kgetcred_imp} --impersonate=bar@${R} ${ps} || exitcode=1
 ./ap-req ${ps} ${keytab} ${ocache} || exitcode=1
 ${kgetcred_imp} --impersonate=bar@${R} foo@${R} 2>/dev/null && exitcode=1
+echo test constrained delegation
+${kgetcred_imp} --forward --impersonate=bar@${R} ${ps} || exitcode=1
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} ${server}@${R} || exitcode=1
+${kgetcred} --out-cache=${o2cache} --delegation-credential-cache=${ocache} bar@${R} 2>/dev/null && exitcode=1
 ${kdestroy}
 
-
 echo "killing kdc (${kdcpid})"
 kill $kdcpid || exit 1