--- a/components/krb5/patches/028-rpc-gss.patch Wed Oct 12 11:24:25 2016 -0700
+++ b/components/krb5/patches/028-rpc-gss.patch Wed Oct 12 15:52:56 2016 -0700
@@ -17,6 +17,9 @@
# - modifies net-server code to support TI-RPC (transport independent, XTI)
# - implement kadmin protocol and incr. prop. using Solaris RPCSEC_GSS
# - reverts MIT modification to iprop, that were needed for RPC differences
+# - hierarchical incremental propagation tests are removed from t_iprop.py,
+# because the Solaris RPC implementation precludes running this scenario on
+# a single host
# - server side support for RPCSEC_GSS base changepw protocol
# - recognize sunw_dbprop_* config options for backward compatibility
# - defines several functions to locate servers (admin, cpw, kiprop,...)
@@ -2995,138 +2998,21 @@
realm.run([klist, '-s'], expected_code=1)
--- a/src/tests/t_iprop.py
+++ b/src/tests/t_iprop.py
-@@ -1,44 +1,35 @@
- #!/usr/bin/python
-
- import os
--import re
-
- from k5test import *
-
- # Read lines from kpropd output until we are synchronized. Error if
- # full_expected is true and we didn't see a full propagation or vice
- # versa.
--def wait_for_prop(kpropd, full_expected, expected_old, expected_new):
-+def wait_for_prop(kpropd, full_expected):
- output('*** Waiting for sync from kpropd\n')
-- full_seen = sleep_seen = False
-- old_sno = new_sno = -1
-+ full_seen = False
- while True:
- line = kpropd.stdout.readline()
- if line == '':
- fail('kpropd process exited unexpectedly')
- output('kpropd: ' + line)
-
-- m = re.match(r'Calling iprop_get_updates_1 \(sno=(\d+) ', line)
-- if m:
-- if not full_seen:
-- old_sno = int(m.group(1))
-- # Also record this as the new sno, in case we get back
-- # UPDATE_NIL.
-- new_sno = int(m.group(1))
--
-- m = re.match(r'Got incremental updates \(sno=(\d+) ', line)
-- if m:
-- new_sno = int(m.group(1))
--
- if 'KDC is synchronized' in line or 'Incremental updates:' in line:
-- break
-+ output('*** Sync complete\n')
-+ if full_expected and not full_seen:
-+ fail('Expected full dump but saw only incremental')
-+ if full_seen and not full_expected:
-+ fail('Expected incremental prop but saw full dump')
-+ return
-
-- # After a full resync request, these lines could appear in
-- # either order.
-- if 'Waiting for' in line:
-- sleep_seen = True
- if 'load process for full propagation completed' in line:
- full_seen = True
-+ # kpropd's child process has finished a DB load; make the parent
-+ # do another iprop request. This will be unnecessary if kpropd
-+ # is simplified to use a single process.
-+ kpropd.send_signal(signal.SIGUSR1)
-
- # Detect some failure conditions.
- if 'Still waiting for full resync' in line:
-@@ -54,98 +45,28 @@ def wait_for_prop(kpropd, full_expected, expected_old, expected_new):
- if 'invalid return' in line:
- fail('kadmind returned invalid result')
-
-- if full_expected and not full_seen:
-- fail('Expected full dump but saw only incremental')
-- if full_seen and not full_expected:
-- fail('Expected incremental prop but saw full dump')
-- if old_sno != expected_old:
-- fail('Expected old serial %d from kpropd sync' % expected_old)
-- if new_sno != expected_new:
-- fail('Expected new serial %d from kpropd sync' % expected_new)
-
-- # Wait until kpropd is sleeping before continuing, to avoid races.
-- # (This is imperfect since there's there is a short window between
-- # the fprintf and the sleep; kpropd will need design changes to
-- # fix that.)
-- while True:
-- line = kpropd.stdout.readline()
-- output('kpropd: ' + line)
-- if 'Waiting for' in line:
-- break
-- output('*** Sync complete\n')
-+# Verify the iprop log last serial number against an expected value,
-+# on either the master or slave.
-+def check_serial(realm, expected, env=None):
-+ out = realm.run([kproplog, '-h'], env=env)
-+ if 'Last serial # : ' not in out:
-+ fail('Unexpected serial number')
-
--# Verify the output of kproplog against the expected number of
--# entries, first and last serial number, and a list of principal names
--# for the update entrires.
--def check_ulog(num, first, last, entries, env=None):
-- out = realm.run([kproplog], env=env)
-- if 'Number of entries : ' + str(num) + '\n' not in out:
-- fail('Expected %d entries' % num)
-- if last:
-- firststr = first and str(first) or 'None'
-- if 'First serial # : ' + firststr + '\n' not in out:
-- fail('Expected first serial number %d' % first)
-- laststr = last and str(last) or 'None'
-- if 'Last serial # : ' + laststr + '\n' not in out:
-- fail('Expected last serial number %d' % last)
-- assert(len(entries) == num)
-- ser = first - 1
-- entindex = 0
-- for line in out.splitlines():
-- m = re.match(r'\tUpdate serial # : (\d+)$', line)
-- if m:
-- ser = ser + 1
-- if m.group(1) != str(ser):
-- fail('Expected serial number %d in update entry' % ser)
-- m = re.match(r'\tUpdate principal : (.*)$', line)
-- if m:
-- eprinc = entries[ser - first]
-- if eprinc == None:
-- fail('Expected dummy update entry %d' % ser)
-- elif m.group(1) != eprinc:
-- fail('Expected princ %s in update entry %d' % (eprinc, ser))
-- if line == '\tDummy entry':
-- eprinc = entries[ser - first]
-- if eprinc != None:
-- fail('Expected princ %s in update entry %d' % (eprinc, ser))
+@@ -109,8 +109,8 @@ def check_ulog(num, first, last, entries
+ if eprinc != None:
+ fail('Expected princ %s in update entry %d' % (eprinc, ser))
-# slave1 will receive updates from master, and slave2 will receive
-# updates from slave1. Because of the awkward way iprop and kprop
--# port configuration currently works, we need separate config files
--# for the slave and master sides of slave1, but they use the same DB
--# and ulog file.
--conf = {'realms': {'$realm': {'iprop_enable': 'true',
-- 'iprop_logfile': '$testdir/db.ulog'}}}
--conf_slave1 = {'realms': {'$realm': {'iprop_slave_poll': '600',
-- 'iprop_logfile': '$testdir/ulog.slave1'}},
-- 'dbmodules': {'db': {'database_name': '$testdir/db.slave1'}}}
++# slave1 will receive updates from master.
++# Because of the awkward way iprop and kprop
+ # port configuration currently works, we need separate config files
+ # for the slave and master sides of slave1, but they use the same DB
+ # and ulog file.
+@@ -119,18 +119,9 @@ conf = {'realms': {'$realm': {'iprop_ena
+ conf_slave1 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+ 'iprop_logfile': '$testdir/ulog.slave1'}},
+ 'dbmodules': {'db': {'database_name': '$testdir/db.slave1'}}}
-conf_slave1m = {'realms': {'$realm': {'iprop_logfile': '$testdir/ulog.slave1',
- 'iprop_port': '$port8'}},
- 'dbmodules': {'db': {'database_name': '$testdir/db.slave1'}}}
@@ -3134,118 +3020,35 @@
- 'iprop_logfile': '$testdir/ulog.slave2',
- 'iprop_port': '$port8'}},
- 'dbmodules': {'db': {'database_name': '$testdir/db.slave2'}}}
-+conf = {
-+ 'realms': {'$realm': {
-+ 'iprop_enable': 'true',
-+ 'iprop_logfile' : '$testdir/db.ulog'}}}
-+
-+conf_slave = {
-+ 'realms': {'$realm': {
-+ 'iprop_slave_poll': '600',
-+ 'iprop_logfile' : '$testdir/db.slave.ulog'}},
-+ 'dbmodules': {'db': {'database_name': '$testdir/db.slave'}}}
realm = K5Realm(kdc_conf=conf, create_user=False, start_kadmind=True)
--slave1 = realm.special_env('slave1', True, kdc_conf=conf_slave1)
+ slave1 = realm.special_env('slave1', True, kdc_conf=conf_slave1)
-slave1m = realm.special_env('slave1m', True, kdc_conf=conf_slave1m)
-slave2 = realm.special_env('slave2', True, kdc_conf=conf_slave2)
--
--# Define some principal names. pr3 is long enough to cause internal
--# reallocs, but not long enough to grow the basic ulog entry size.
--pr1 = 'wakawaka@' + realm.realm
--pr2 = 'w@' + realm.realm
--c = 'chocolate-flavored-school-bus'
--cs = c + '/'
--pr3 = (cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + c +
-- '@' + realm.realm)
--
--# Create the kpropd ACL file.
--acl_file = os.path.join(realm.testdir, 'kpropd-acl')
--acl = open(acl_file, 'w')
--acl.write(realm.host_princ + '\n')
--acl.close()
-+slave = realm.special_env('slave', True, kdc_conf=conf_slave)
- ulog = os.path.join(realm.testdir, 'db.ulog')
- if not os.path.exists(ulog):
-@@ -155,234 +76,114 @@ if not os.path.exists(ulog):
+ # Define some principal names. pr3 is long enough to cause internal
+ # reallocs, but not long enough to grow the basic ulog entry size.
+@@ -155,11 +146,10 @@ if not os.path.exists(ulog):
kiprop_princ = 'kiprop/' + hostname
realm.extract_keytab(kiprop_princ, realm.keytab)
-# Create the initial slave1 and slave2 databases.
-+# Create the slave db.
++# Create the initial slave1 databases.
dumpfile = os.path.join(realm.testdir, 'dump')
realm.run([kdb5_util, 'dump', dumpfile])
--realm.run([kdb5_util, 'load', dumpfile], slave1)
+ realm.run([kdb5_util, 'load', dumpfile], slave1)
-realm.run([kdb5_util, 'load', dumpfile], slave2)
-+realm.run([kdb5_util, 'load', dumpfile], slave)
-+realm.run([kdb5_util, 'stash', '-P', 'master'], slave)
-
--# Reinitialize the master ulog so we know exactly what to expect in
--# it.
--realm.run([kproplog, '-R'])
--check_ulog(1, 1, 1, [None])
-+# Make some changes to the master db.
-+realm.addprinc('wakawaka')
-+# Add a principal enough to make realloc likely, but not enough to grow
-+# basic ulog entry size.
-+c = 'chocolate-flavored-school-bus'
-+cs = c + '/'
-+longname = cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + cs + c
-+realm.addprinc(longname)
-+realm.addprinc('w')
-+realm.run([kadminl, 'modprinc', '-allow_tix', 'w'])
-+realm.run([kadminl, 'modprinc', '+allow_tix', 'w'])
-
--# Make some changes to the master DB.
--realm.addprinc(pr1)
--realm.addprinc(pr3)
--realm.addprinc(pr2)
--realm.run([kadminl, 'modprinc', '-allow_tix', pr2])
--realm.run([kadminl, 'modprinc', '+allow_tix', pr2])
--check_ulog(6, 1, 6, [None, pr1, pr3, pr2, pr2, pr2])
-+check_serial(realm, '7')
--# Start kpropd for slave1 and get a full dump from master.
--kpropd1 = realm.start_kpropd(slave1, ['-d'])
--wait_for_prop(kpropd1, True, 1, 6)
--out = realm.run([kadminl, 'listprincs'], env=slave1)
--if pr1 not in out or pr2 not in out or pr3 not in out:
-- fail('slave1 does not have all principals from master')
--check_ulog(1, 6, 6, [None], slave1)
-+# Set up the kpropd acl file.
-+acl_file = os.path.join(realm.testdir, 'kpropd-acl')
-+acl = open(acl_file, 'w')
-+acl.write(realm.host_princ + '\n')
-+acl.close()
-+
-+# Start kpropd and get a full dump from master.
-+kpropd = realm.start_kpropd(slave, ['-d'])
-+wait_for_prop(kpropd, True)
-+out = realm.run([kadminl, 'listprincs'], env=slave)
-+if longname not in out or 'wakawaka' not in out or 'w@' not in out:
-+ fail('Slave does not have all principals from master')
-
- # Make a change and check that it propagates incrementally.
--realm.run([kadminl, 'modprinc', '-allow_tix', pr2])
--check_ulog(7, 1, 7, [None, pr1, pr3, pr2, pr2, pr2, pr2])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, False, 6, 7)
--check_ulog(2, 6, 7, [None, pr2], slave1)
--out = realm.run([kadminl, 'getprinc', pr2], env=slave1)
-+realm.run([kadminl, 'modprinc', '-allow_tix', 'w'])
-+check_serial(realm, '8')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, False)
-+check_serial(realm, '8', slave)
-+out = realm.run([kadminl, 'getprinc', 'w'], env=slave)
+ # Reinitialize the master ulog so we know exactly what to expect in
+ # it.
+@@ -192,31 +182,10 @@ out = realm.run([kadminl, 'getprinc', pr
if 'Attributes: DISALLOW_ALL_TIX' not in out:
-- fail('slave1 does not have modification from master')
-+ fail('Slave does not have modification from master')
+ fail('slave1 does not have modification from master')
-# Start kadmind -proponly for slave1. (Use the slave1m environment
-# which defines iprop_port to $port8.)
--slave1_out_dump_path = os.path.join(realm.testdir, 'dump.slave1.out')
++# Start kadmind -proponly for slave1.
+ slave1_out_dump_path = os.path.join(realm.testdir, 'dump.slave1.out')
-slave2_in_dump_path = os.path.join(realm.testdir, 'dump.slave2.in')
-slave2_kprop_port = str(realm.portbase + 9)
-slave1m['KPROP_PORT'] = slave2_kprop_port
@@ -3265,227 +3068,136 @@
-out = realm.run([kadminl, 'listprincs'], env=slave1)
-if pr1 not in out or pr2 not in out or pr3 not in out:
- fail('slave2 does not have all principals from slave1')
--
+
-# Make another change and check that it propagates incrementally to
-# both slaves.
--realm.run([kadminl, 'modprinc', '-maxrenewlife', '22 hours', pr1])
--check_ulog(8, 1, 8, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, False, 7, 8)
--check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
--out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
--if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
-- fail('slave1 does not have modification from master')
++# Make another change and check that it propagates incrementally to slave1.
+ realm.run([kadminl, 'modprinc', '-maxrenewlife', '22 hours', pr1])
+ check_ulog(8, 1, 8, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1])
+ kpropd1.send_signal(signal.SIGUSR1)
+@@ -225,28 +194,16 @@ check_ulog(3, 6, 8, [None, pr2, pr1], sl
+ out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
+ if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
+ fail('slave1 does not have modification from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, False, 7, 8)
-check_ulog(2, 7, 8, [None, pr1], slave2)
-out = realm.run([kadminl, 'getprinc', pr1], env=slave2)
-if 'Maximum renewable life: 0 days 22:00:00\n' not in out:
- fail('slave2 does not have modification from slave1')
-+# Make another change and check that it propagates incrementally.
-+realm.run([kadminl, 'modprinc', '+allow_tix', 'w'])
-+check_serial(realm, '9')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, False)
-+check_serial(realm, '9', slave)
-+out = realm.run([kadminl, 'getprinc', 'w'], env=slave)
-+if 'Attributes:\n' not in out:
-+ fail('Slave does not have modification from master')
--# Reset the ulog on slave1 to force a full resync from master. The
--# resync will use the old dump file and then propagate changes.
+ # Reset the ulog on slave1 to force a full resync from master. The
+ # resync will use the old dump file and then propagate changes.
-# slave2 should still be in sync with slave1 after the resync, so make
-# sure it doesn't take a full resync.
--realm.run([kproplog, '-R'], slave1)
--check_ulog(1, 1, 1, [None], slave1)
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, True, 1, 8)
--check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
+ realm.run([kproplog, '-R'], slave1)
+ check_ulog(1, 1, 1, [None], slave1)
+ kpropd1.send_signal(signal.SIGUSR1)
+ wait_for_prop(kpropd1, True, 1, 8)
+ check_ulog(3, 6, 8, [None, pr2, pr1], slave1)
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, False, 8, 8)
-check_ulog(2, 7, 8, [None, pr1], slave2)
-+# Reset the ulog on the slave side to force a full resync to the slave.
-+realm.run([kproplog, '-R'], slave)
-+check_serial(realm, 'None', slave)
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, True)
-+check_serial(realm, '9', slave)
-# Make another change and check that it propagates incrementally to
-# both slaves.
-+# Make another change and check that it propagates incrementally.
++# Make another change and check that it propagates incrementally to slave1.
realm.run([kadminl, 'modprinc', '+allow_tix', 'w'])
--check_ulog(9, 1, 9, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr2])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, False, 8, 9)
--check_ulog(4, 6, 9, [None, pr2, pr1, pr2], slave1)
--out = realm.run([kadminl, 'getprinc', pr2], env=slave1)
--if 'Attributes:\n' not in out:
-- fail('slave1 does not have modification from master')
+ check_ulog(9, 1, 9, [None, pr1, pr3, pr2, pr2, pr2, pr2, pr1, pr2])
+ kpropd1.send_signal(signal.SIGUSR1)
+@@ -255,12 +212,6 @@ check_ulog(4, 6, 9, [None, pr2, pr1, pr2
+ out = realm.run([kadminl, 'getprinc', pr2], env=slave1)
+ if 'Attributes:\n' not in out:
+ fail('slave1 does not have modification from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, False, 8, 9)
-check_ulog(3, 7, 9, [None, pr1, pr2], slave2)
-out = realm.run([kadminl, 'getprinc', pr2], env=slave2)
-+check_serial(realm, '10')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, False)
-+check_serial(realm, '10', slave)
-+out = realm.run([kadminl, 'getprinc', 'w'], env=slave)
- if 'Attributes:\n' not in out:
+-if 'Attributes:\n' not in out:
- fail('slave2 does not have modification from slave1')
-+ fail('Slave has different state from master')
# Create a policy and check that it propagates via full resync.
realm.run([kadminl, 'addpol', '-minclasses', '2', 'testpol'])
--check_ulog(1, 1, 1, [None])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, True, 9, 1)
--check_ulog(1, 1, 1, [None], slave1)
--out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
-+check_serial(realm, 'None')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, True)
-+check_serial(realm, 'None', slave)
-+out = realm.run([kadminl, 'getpol', 'testpol'], env=slave)
+@@ -271,12 +222,6 @@ check_ulog(1, 1, 1, [None], slave1)
+ out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
if 'Minimum number of password character classes: 2' not in out:
-- fail('slave1 does not have policy from master')
+ fail('slave1 does not have policy from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, True, 9, 1)
-check_ulog(1, 1, 1, [None], slave2)
-out = realm.run([kadminl, 'getpol', 'testpol'], env=slave2)
-if 'Minimum number of password character classes: 2' not in out:
- fail('slave2 does not have policy from slave1')
-+ fail('Slave does not have policy from master')
# Modify the policy and test that it also propagates via full resync.
realm.run([kadminl, 'modpol', '-minlength', '17', 'testpol'])
--check_ulog(1, 1, 1, [None])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, True, 1, 1)
--check_ulog(1, 1, 1, [None], slave1)
--out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
-+check_serial(realm, 'None')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, True)
-+check_serial(realm, 'None', slave)
-+out = realm.run([kadminl, 'getpol', 'testpol'], env=slave)
+@@ -287,12 +232,6 @@ check_ulog(1, 1, 1, [None], slave1)
+ out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
if 'Minimum password length: 17' not in out:
-- fail('slave1 does not have policy change from master')
+ fail('slave1 does not have policy change from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, True, 1, 1)
-check_ulog(1, 1, 1, [None], slave2)
-out = realm.run([kadminl, 'getpol', 'testpol'], env=slave2)
-if 'Minimum password length: 17' not in out:
- fail('slave2 does not have policy change from slave1')
-+ fail('Slave does not have policy change from master')
# Delete the policy and test that it propagates via full resync.
--realm.run([kadminl, 'delpol', 'testpol'])
--check_ulog(1, 1, 1, [None])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, True, 1, 1)
--check_ulog(1, 1, 1, [None], slave1)
--out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1, expected_code=1)
-+realm.run([kadminl, 'delpol', '-force', 'testpol'])
-+check_serial(realm, 'None')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, True)
-+check_serial(realm, 'None', slave)
-+out = realm.run([kadminl, 'getpol', 'testpol'], env=slave, expected_code=1)
+ realm.run([kadminl, 'delpol', 'testpol'])
+@@ -303,12 +242,6 @@ check_ulog(1, 1, 1, [None], slave1)
+ out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1, expected_code=1)
if 'Policy does not exist' not in out:
-- fail('slave1 did not get policy deletion from master')
+ fail('slave1 did not get policy deletion from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, True, 1, 1)
-check_ulog(1, 1, 1, [None], slave2)
-out = realm.run([kadminl, 'getpol', 'testpol'], env=slave2, expected_code=1)
-if 'Policy does not exist' not in out:
- fail('slave2 did not get policy deletion from slave1')
--
--# Modify a principal on the master and test that it propagates incrementally.
--realm.run([kadminl, 'modprinc', '-maxlife', '10 minutes', pr1])
--check_ulog(2, 1, 2, [None, pr1])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, False, 1, 2)
--check_ulog(2, 1, 2, [None, pr1], slave1)
--out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
--if 'Maximum ticket life: 0 days 00:10:00' not in out:
-- fail('slave1 does not have modification from master')
+
+ # Modify a principal on the master and test that it propagates incrementally.
+ realm.run([kadminl, 'modprinc', '-maxlife', '10 minutes', pr1])
+@@ -319,12 +252,6 @@ check_ulog(2, 1, 2, [None, pr1], slave1)
+ out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
+ if 'Maximum ticket life: 0 days 00:10:00' not in out:
+ fail('slave1 does not have modification from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, False, 1, 2)
-check_ulog(2, 1, 2, [None, pr1], slave2)
-out = realm.run([kadminl, 'getprinc', pr1], env=slave2)
-if 'Maximum ticket life: 0 days 00:10:00' not in out:
- fail('slave2 does not have modification from slave1')
--
--# Delete a principal and test that it propagates incrementally.
--realm.run([kadminl, 'delprinc', pr3])
--check_ulog(3, 1, 3, [None, pr1, pr3])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, False, 2, 3)
--check_ulog(3, 1, 3, [None, pr1, pr3], slave1)
--out = realm.run([kadminl, 'getprinc', pr3], env=slave1, expected_code=1)
--if 'Principal does not exist' not in out:
-- fail('slave1 does not have principal deletion from master')
+
+ # Delete a principal and test that it propagates incrementally.
+ realm.run([kadminl, 'delprinc', pr3])
+@@ -335,12 +262,6 @@ check_ulog(3, 1, 3, [None, pr1, pr3], sl
+ out = realm.run([kadminl, 'getprinc', pr3], env=slave1, expected_code=1)
+ if 'Principal does not exist' not in out:
+ fail('slave1 does not have principal deletion from master')
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, False, 2, 3)
-check_ulog(3, 1, 3, [None, pr1, pr3], slave2)
-out = realm.run([kadminl, 'getprinc', pr3], env=slave2, expected_code=1)
-if 'Principal does not exist' not in out:
- fail('slave2 does not have principal deletion from slave1')
-+ fail('Slave did not get policy deletion from master')
--# Reset the ulog on the master to force a full resync.
-+# Reset the ulog on the master side to force a full resync to all slaves.
-+# XXX Note that we only have one slave in this test, so we can't really
-+# test this.
+ # Reset the ulog on the master to force a full resync.
realm.run([kproplog, '-R'])
--check_ulog(1, 1, 1, [None])
--kpropd1.send_signal(signal.SIGUSR1)
--wait_for_prop(kpropd1, True, 3, 1)
--check_ulog(1, 1, 1, [None], slave1)
+@@ -348,13 +269,9 @@ check_ulog(1, 1, 1, [None])
+ kpropd1.send_signal(signal.SIGUSR1)
+ wait_for_prop(kpropd1, True, 3, 1)
+ check_ulog(1, 1, 1, [None], slave1)
-kpropd2.send_signal(signal.SIGUSR1)
-wait_for_prop(kpropd2, True, 3, 1)
-check_ulog(1, 1, 1, [None], slave2)
--
+
-# Stop the kprop daemons so we can test kpropd -t.
--stop_daemon(kpropd1)
++# Stop the kprop daemon so we can test kpropd -t.
+ stop_daemon(kpropd1)
-stop_daemon(kpropd2)
--
--# Test the case where no updates are needed.
--out = realm.run_kpropd_once(slave1, ['-d'])
--if 'KDC is synchronized' not in out:
-- fail('Expected synchronized from kpropd -t')
--check_ulog(1, 1, 1, [None], slave1)
--
--# Make a change on the master and fetch it incrementally.
--realm.run([kadminl, 'modprinc', '-maxlife', '5 minutes', pr1])
--check_ulog(2, 1, 2, [None, pr1])
--out = realm.run_kpropd_once(slave1, ['-d'])
--if 'Got incremental updates (sno=2 ' not in out:
-- fail('Expected full dump and synchronized from kpropd -t')
--check_ulog(2, 1, 2, [None, pr1], slave1)
--out = realm.run([kadminl, 'getprinc', pr1], env=slave1)
--if 'Maximum ticket life: 0 days 00:05:00' not in out:
-- fail('slave1 does not have modification from master after kpropd -t')
--
--# Propagate a policy change via full resync.
--realm.run([kadminl, 'addpol', '-minclasses', '3', 'testpol'])
--check_ulog(1, 1, 1, [None])
--out = realm.run_kpropd_once(slave1, ['-d'])
--if ('Full propagation transfer finished' not in out or
-- 'KDC is synchronized' not in out):
-- fail('Expected full dump and synchronized from kpropd -t')
--check_ulog(1, 1, 1, [None], slave1)
--out = realm.run([kadminl, 'getpol', 'testpol'], env=slave1)
--if 'Minimum number of password character classes: 3' not in out:
-- fail('slave1 does not have policy from master after kpropd -t')
-+check_serial(realm, 'None')
-+kpropd.send_signal(signal.SIGUSR1)
-+wait_for_prop(kpropd, True)
-+check_serial(realm, 'None', slave)
- success('iprop tests')
-+
+ # Test the case where no updates are needed.
+ out = realm.run_kpropd_once(slave1, ['-d'])
--- a/src/tests/t_kadmin_acl.py
+++ b/src/tests/t_kadmin_acl.py
@@ -9,7 +9,7 @@ def make_client(name):