Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/krb5/patches/029-kadmin_disable_anonymity.patch
changeset 5969 96bac9fbcfbd
parent 5490 9bf0bc57423a
child 5986 bab15c34f645 
--- a/components/krb5/patches/029-kadmin_disable_anonymity.patch	Tue May 10 22:37:01 2016 -0700
+++ b/components/krb5/patches/029-kadmin_disable_anonymity.patch	Wed May 11 20:33:52 2016 -0700
@@ -24,8 +24,8 @@
      }
  
      while ((optchar = getopt(argc, argv,
--                             "x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) {
-+                             "x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
+-                             "+x:r:p:knq:w:d:s:mc:t:e:ON")) != EOF) {
++                             "+x:r:p:kq:w:d:s:mc:t:e:ON")) != EOF) {
          switch (optchar) {
          case 'x':
              db_args_size++;
@@ -64,35 +64,31 @@
  Use \fIcredentials_cache\fP as the credentials cache.  The
  cache should contain a service ticket for the \fBkadmin/ADMINHOST\fP
 diff -pur old/src/tests/t_pkinit.py new/src/tests/t_pkinit.py
---- old/src/tests/t_pkinit.py	2015-02-11 19:16:43.000000000 -0800
-+++ new/src/tests/t_pkinit.py	2015-03-05 09:09:09.690228292 -0800
-@@ -72,17 +72,18 @@ realm.klist('WELLKNOWN/ANONYMOUS@WELLKNO
- realm.run([kvno, realm.host_princ])
+--- new/src/tests/t_pkinit.py   2016-02-29 11:50:13.000000000 -0800
++++ patched.1/src/tests/t_pkinit.py     2016-03-19 08:15:59.287791038 -0700
+@@ -73,15 +73,16 @@ if '97:' in out:
+     fail('auth indicators seen in anonymous PKINIT ticket')
  
  # Test anonymous kadmin.
 -f = open(os.path.join(realm.testdir, 'acl'), 'a')
 -f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
 -f.close()
 -realm.start_kadmind()
--out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd'])
--if 'created.' not in out:
--    fail('Could not create principal with anonymous kadmin')
--out = realm.run([kadmin, '-n', '-q', 'getprinc testadd'])
+-realm.run([kadmin, '-n', 'addprinc', '-pw', 'test', 'testadd'])
+-out = realm.run([kadmin, '-n', 'getprinc', 'testadd'], expected_code=1)
 -if "Operation requires ``get'' privilege" not in out:
 -    fail('Anonymous kadmin has too much privilege')
 -realm.stop_kadmind()
-+sys.stderr.write("Anonymous pkinit support in kadmin disabled, skipping...\n");
 +#f = open(os.path.join(realm.testdir, 'acl'), 'a')
 +#f.write('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS a *')
 +#f.close()
 +#realm.start_kadmind()
-+#out = realm.run([kadmin, '-n', '-q', 'addprinc -pw test testadd'])
-+#if 'created.' not in out:
-+#    fail('Could not create principal with anonymous kadmin')
-+#out = realm.run([kadmin, '-n', '-q', 'getprinc testadd'])
++#realm.run([kadmin, '-n', 'addprinc', '-pw', 'test', 'testadd'])
++#out = realm.run([kadmin, '-n', 'getprinc', 'testadd'], expected_code=1)
 +#if "Operation requires ``get'' privilege" not in out:
 +#    fail('Anonymous kadmin has too much privilege')
 +#realm.stop_kadmind()
++sys.stderr.write("Anonymous pkinit support in kadmin disabled, skipping...\n");
  
  # Test with anonymous restricted; FAST should work but kvno should fail.
  r_env = realm.special_env('restrict', True, kdc_conf=restrictive_kdc_conf)
upstream/oracle/userland-gate