delegate policy

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23486 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/test_context.c

@@ -199,7 +199,7 @@ loop(gss_OID mechoid,
 	gss_release_buffer(&min_stat, &input_token);
     gss_release_name(&min_stat, &gss_target_name);
 
-    if (deleg_flag) {
+    if (deleg_flag || policy_deleg_flag) {
 	if (server_no_deleg_flag) {
 	    if (*deleg_cred != GSS_C_NO_CREDENTIAL)
 		errx(1, "got delegated cred but didn't expect one");

tests/gss/check-context.in

@@ -83,6 +83,11 @@ ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
 ${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
 ${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
 
+${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
+${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
+${kadmin} get host/ok-delegate.test.h5l.se@${R} || exit 1
+
+
 ${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
 
 ${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
@@ -256,6 +261,29 @@ ${context} \
     --name-type=hostbased-service host@lucid.test.h5l.se || \
 	{ exitcode=1 ; echo "test failed"; }
 
+echo "ok-as-delegate not used"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --name-type=hostbased-service host@lucid.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+echo "ok-as-delegate not used"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --server-no-delegate \
+    --name-type=hostbased-service host@lucid.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+echo "ok-as-delegate used by policy"
+${context} \
+    --mech-type=krb5 \
+    --policy-delegate \
+    --name-type=hostbased-service ok-delegate.test.h5l.se || \
+	{ exitcode=1 ; echo "test failed"; }
+
+
 echo "Getting client initial tickets with --ok-as-delgate"
 ${kinit} --ok-as-delegate  --forwardable \
     --password-file=${objdir}/foopassword user1@${R} || exitcode=1