delegate policy

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23486 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-08-11 09:58:24 +00:00
parent ac33d8447b
commit dfb1db9505
2 changed files with 29 additions and 1 deletions

View File

@@ -199,7 +199,7 @@ loop(gss_OID mechoid,
gss_release_buffer(&min_stat, &input_token);
gss_release_name(&min_stat, &gss_target_name);
if (deleg_flag) {
if (deleg_flag || policy_deleg_flag) {
if (server_no_deleg_flag) {
if (*deleg_cred != GSS_C_NO_CREDENTIAL)
errx(1, "got delegated cred but didn't expect one");

View File

@@ -83,6 +83,11 @@ ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
${kadmin} get host/ok-delegate.test.h5l.se@${R} || exit 1
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
@@ -256,6 +261,29 @@ ${context} \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "ok-as-delegate not used"
${context} \
--mech-type=krb5 \
--policy-delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "ok-as-delegate not used"
${context} \
--mech-type=krb5 \
--policy-delegate \
--server-no-delegate \
--name-type=hostbased-service host@lucid.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "ok-as-delegate used by policy"
${context} \
--mech-type=krb5 \
--policy-delegate \
--name-type=hostbased-service ok-delegate.test.h5l.se || \
{ exitcode=1 ; echo "test failed"; }
echo "Getting client initial tickets with --ok-as-delgate"
${kinit} --ok-as-delegate --forwardable \
--password-file=${objdir}/foopassword user1@${R} || exitcode=1