Add another kadmin ACL test for backreferences

Add a test using backreferences which don't correspond directly to principal components, to verify that *N refers to the Nth wildcard and not the Nth component.
krb5 · Nov 21, 2013 · 1192811 · 1192811
1 parent 8eb9e6f
commit 1192811
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/tests/t_kadmin_acl.py b/src/tests/t_kadmin_acl.py
@@ -40,6 +40,7 @@ def delprinc(name):
 admin = make_client('user/admin')
 none = make_client('none')
 restrictions = make_client('restrictions')
+onetwothreefour = make_client('one/two/three/four')
 
 realm.run_kadminl('addpol -minlife "1 day" minlife')
 
@@ -64,6 +65,7 @@ def delprinc(name):
 restricted_rename  ad  *         +preauth
 
 */*                d   *2/*1
+*/two/*/*          d   *3/*1/*2
 */admin            a
 wctarget           a   wild/*
 restrictions       a   type1     -policy minlife
@@ -328,6 +330,10 @@ def delprinc(name):
 out = kadmin_as(admin, 'delprinc -force none')
 if 'Operation requires' not in out:
     fail('delprinc failure (wildcard backreferences not matched)')
+realm.addprinc('four/one/three', 'pw')
+out = kadmin_as(onetwothreefour, 'delprinc -force four/one/three')
+if 'Principal "four/one/three@KRBTEST.COM" deleted.' not in out:
+    fail('delprinc success (wildcard backreferences 2)')
 
 kadmin_as(restrictions, 'addprinc -pw pw type1')
 out = realm.run_kadminl('getprinc type1')