"Fossies" - the Fresh Open Source Software Archive

Member "krb5-1.18/doc/kadm5/api-unit-test.tex" (12 Feb 2020, 56764 Bytes) of package /linux/misc/krb5-1.18.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) TeX and LaTeX source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 % This document is included for historical purposes only, and does not
    2 % apply to krb5 today.
    3 
    4 \documentstyle[times,fullpage]{article}
    5 
    6 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
    7 %% Make _ actually generate an _, and allow line-breaking after it.
    8 \let\underscore=\_
    9 \catcode`_=13
   10 \def_{\underscore\penalty75\relax}
   11 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
   12 
   13 \newcommand{\test}[1]{\begin{description}
   14 \setlength{\itemsep}{0pt}
   15 #1
   16 \end{description}
   17 
   18 }
   19 
   20 \newcommand{\numtest}[2]{\begin{description}
   21 \setlength{\itemsep}{0pt}
   22 \Number{#1}
   23 #2
   24 \end{description}
   25 
   26 }
   27 
   28 \newcommand{\Number}[1]{\item[Number:] #1}
   29 \newcommand{\Reason}[1]{\item[Reason:] #1}
   30 \newcommand{\Expected}[1]{\item[Expected:] #1}
   31 \newcommand{\Conditions}[1]{\item[Conditions:] #1}
   32 \newcommand{\Priority}[1]{\item[Priority:] #1}
   33 \newcommand{\Status}[1]{\item[Status:] #1}
   34 \newcommand{\Vtwonote}[1]{\item[V2 note:] #1}
   35 \newcommand{\Version}[1]{\item[Version:] #1}
   36 \newcommand{\Call}[1]{}
   37 %\newcommand{\Call}[1]{\item[Call:] #1}
   38 %\newcommand{\Number}[1]{}
   39 %\newcommand{\Reason}[1]{}
   40 %\newcommand{\Expected}[1]{}
   41 %\newcommand{\Conditions}[1]{}
   42 %\newcommand{\Priority}[1]{}
   43 
   44 \title{KADM5 Admin API\\
   45 Unit Test Description}
   46 \author{Jonathan I. Kamens}
   47 
   48 \begin{document}
   49 
   50 \maketitle
   51 
   52 %\tableofcontents
   53 
   54 \section{Introduction}
   55 
   56 The following is a description of a black-box unit test of the KADM5
   57 API.  Each API function is listed, followed by the tests that shoud be
   58 performed on it.
   59 
   60 The tests described here are based on the ``Kerberos Administration
   61 System KADM5 API Functional Specifications'', revision 1.68.  This
   62 document was originally written based on the OpenVision API functional
   63 specifications, version 1.41, dated August 18, 1994, and many
   64 indications of the original version remain.
   65 
   66 All tests which test for success should verify, using some means other
   67 than the return value of the function being tested, that the requested
   68 operation was successfully performed.  For example: for init, test
   69 that other operations can be performed after init; for destroy, test
   70 that other operations can't be performed after destroy; for modify
   71 functions, verify that all modifications to the database which should
   72 have taken place did, and that the new, modified data is in effect;
   73 for get operations, verify that the data retrieved is the data that
   74 should actually be in the database.
   75 
   76 The tests would be better if they compared the actual contents of the
   77 database before and after each test, rather than relying on the KADM5
   78 API to report the results of changes.
   79 
   80 Similarly, all tests which test for failure should verify that the
   81 no component of the requested operation took place.  For example: if
   82 init fails, other operations should not work.  If a modify fails, all
   83 data in the database should be the same as it was before the attempt
   84 to modify, and the old data should still be what is enforced.
   85 Furthermore, tests which test for failure should verify that the
   86 failure code returned is correct for the specific failure condition
   87 tested.
   88 
   89 Most of the tests listed below should be run twice -- once locally on
   90 the server after linking against the server API library, and once
   91 talking to the server via authenticated Sun RPC after linking against
   92 the client API library.  Tests which should only be run locally or via
   93 RPC are labelled with a ``local'' or ``RPC''.
   94 
   95 Furthermore, in addition to the tests labelled below, a test should be
   96 implemented to verify that a client can't perform operations on the
   97 server through the client API library when it's linked against
   98 standard Sun RPC instead of OpenV*Secure's authenticated Sun RPC.
   99 This will require a client with a modified version of ovsec_kadm_init
  100 which doesn't call auth_gssapi_create.  This client should call this
  101 modified ovsec_kadm_init and then call some other admin API function,
  102 specifying arguments to both functions that would work if the
  103 authenticated Sun RPC had been used, but shouldn't if authentication
  104 wasn't used.  The test should verify that the API function call after
  105 the init doesn't succeed.
  106 
  107 There is also another test to see if all the API functions handle getting an
  108 invalid server handle correctly. This is not done as part of the tests that
  109 are run through the TCL program cause the TCL program has no way of
  110 invalidating a server handle.  So there is a program that calls init and
  111 changes the handle magic number, and then attempts to call each API function
  112 with the corrupted server handle.
  113 
  114 A number of tests have been added or changed to correspond with KADM5
  115 API version 2.  Tests which are only performed against the newer
  116 version specify the version number in the test description.
  117 
  118 \section{ovsec_kadm_init}
  119 
  120 \numtest{1}{
  121 \Reason{An empty string realm is rejected.}
  122 \Status{Implemented}
  123 \Vtwonote{The empty string is now passed as the realm field of the
  124 parameters structure.}
  125 }
  126 
  127 \numtest{2}{
  128 \Reason{A realm containing invalid characters is rejected.}
  129 \Status{Implemented}
  130 \Vtwonote{The invalid character is now passed as the realm field of the
  131 parameters structure.}
  132 }
  133 
  134 \numtest{2.5}{
  135 \Reason{A non-existent realm is rejected.}
  136 \Status{Implemented}
  137 \Vtwonote{The non-existent realm is now passed as the realm field of the
  138 parameters structure.}
  139 }
  140 
  141 \numtest{3}{
  142 \Reason{A bad service name representing an existing principal
  143     (different from the client principal) is rejected.}
  144 \Conditions{RPC}
  145 \Status{Implemented}
  146 }
  147 
  148 \numtest{4}{
  149 \Reason{A bad service name representing a non-existent
  150         principal is rejected.}
  151 \Conditions{RPC}
  152 \Status{Implemented}
  153 }
  154 
  155 \numtest{5}{
  156 \Reason{A bad service name identical to the (existing) client
  157         name is rejected.}
  158 \Conditions{RPC}
  159 \Status{Implemented}
  160 }
  161 
  162 \numtest{6}{
  163 \Reason{A null password causes password prompting.}
  164 \Status{Implemented}
  165 }
  166 
  167 \numtest{7}{
  168 \Reason{An empty-string causes password prompting}
  169 \Status{Implemented}
  170 }
  171 
  172 \numtest{8}{
  173 \Reason{An incorrect password which is the password of another
  174         user is rejected.}
  175 \Conditions{RPC}
  176 \Status{Implemented}
  177 }
  178 
  179 \numtest{9}{
  180 \Reason{An incorrect password which isn't the password of any
  181         user is rejected.}
  182 \Conditions{RPC}
  183 \Status{Implemented}
  184 }
  185 
  186 \numtest{10}{
  187 \Reason{A null client_name is rejected.}
  188 \Status{Implemented}
  189 }
  190 
  191 % Empty string client name is legal.
  192 %\numtest{11}{
  193 %\Reason{An empty-string client_name is rejected.}
  194 %}
  195 
  196 \numtest{12}{
  197 \Reason{A client_name referring to a non-existent principal in
  198         the default realm is rejected.}
  199 \Conditions{RPC}
  200 \Status{Implemented}
  201 }
  202 
  203 \numtest{13}{
  204 \Reason{A client_name referring to a non-existent principal
  205         with the local realm specified explicitly is rejected.}
  206 \Conditions{RPC}
  207 \Status{Implemented}
  208 }
  209 
  210 \numtest{14}{
  211 \Reason{A client_name referring to a non-existent principal in
  212     a nonexistent realm is rejected.}
  213 \Conditions{RPC}
  214 \Status{Implemented}
  215 }
  216 
  217 \numtest{15}{
  218 \Reason{A client_name referring to an existing principal in a
  219     nonexistent realm is rejected.}
  220 \Conditions{RPC}
  221 \Status{Implemented}
  222 }
  223 
  224 \numtest{16}{
  225 \Reason{Valid invocation.}
  226 \Status{Implemented}
  227 }
  228 
  229 \numtest{17}{
  230 \Reason{Valid invocation (explicit client realm).}
  231 \Status{Implemented}
  232 }
  233 
  234 \numtest{18}{
  235 \Reason{Valid invocation (CHANGEPW_SERVICE).}
  236 \Status{Implemented}
  237 }
  238 
  239 \numtest{19}{
  240 \Reason{Valid invocation (explicit service realm).}
  241 \Status{Implemented}
  242 \Vtwonote{The explicit realm is now passed as the realm field of the
  243 configuration parameters.}
  244 }
  245 
  246 \numtest{20}{
  247 \Reason{Valid invocation (database access allowed after init).}
  248 \Status{Implemented}
  249 }
  250 
  251 %\numtest{21}{
  252 %\Reason{Init fails when called twice in a row.}
  253 %\Status{Implemented}
  254 %}
  255 
  256 \numtest{22}{
  257 \Reason{A null password causes master-key prompting.}
  258 \Conditions{local}
  259 \Status{Implemented}
  260 \Vtwonote{Obsolete.}
  261 }
  262 
  263 \numtest{22.5}{
  264 \Reason{A empty string password causes master-key prompting.}
  265 \Conditions{local}
  266 \Status{Implemented}
  267 \Vtwonote{Obsolete.}
  268 }
  269 
  270 %\numtest{23}{
  271 %\Reason{A non-null password causes reading from the kstash.}
  272 %\Conditions{local}
  273 %\Status{Implemented}
  274 %}
  275 
  276 \numtest{24}{
  277 \Reason{Null service name is ignored in local invocation.}
  278 \Conditions{local}
  279 \Status{Implemented}
  280 }
  281 
  282 \numtest{25}{
  283 \Reason{Non-null service name is ignored in local invocation.}
  284 \Conditions{local}
  285 \Status{Implemented}
  286 }
  287 
  288 %\numtest{26}{
  289 %\Reason{Can't do ``get'' operation before calling init.}
  290 %\Status{Implemented}
  291 %}
  292 
  293 %\numtest{27}{
  294 %\Reason{Can't do ``add'' operation before calling init.}
  295 %\Status{Implemented}
  296 %}
  297 
  298 %\numtest{28}{
  299 %\Reason{Can't do ``modify'' operation before calling init.}
  300 %\Status{Implemented}
  301 %}
  302 
  303 %\numtest{29}{
  304 %\Reason{Can't do ``delete'' operation before calling init.}
  305 %\Status{Implemented}
  306 %}
  307 
  308 \numtest{30}{
  309 \Reason{Can init after failed init attempt.}
  310 \Conditions{local}
  311 \Status{Implemented}
  312 }
  313 
  314 \numtest{31}{
  315 \Priority{High}
  316 \Reason{Return BAD_STRUCT_VERSION when the mask bits are set to invalid values}
  317 \Status{Implemented}
  318 }
  319 
  320 \numtest{32}{
  321 \Priority{High}
  322 \Reason{Return BAD_STRUCT_VERSION when the mask bits are not set}
  323 \Status{Implemented}
  324 }
  325 
  326 \numtest{33}{
  327 \Priority{High}
  328 \Reason{Return OLD_STRUCT_VERSION when attempting to use an old/unsupported
  329     structure version}
  330 \Status{Implemented}
  331 }
  332 
  333 \numtest{34}{
  334 \Priority{High}
  335 \Reason{Return NEW_STRUCT_VERSION when attempting to use a newer version of
  336     of the structure then what is supported}
  337 \Status{Implemented}
  338 }
  339 
  340 \numtest{35}{
  341 \Priority{High}
  342 \Reason{Return BAD_API_VERSION when the mask bits are set to invalid values}
  343 \Status{Implemented}
  344 }
  345 
  346 \numtest{36}{
  347 \Priority{High}
  348 \Reason{Return BAD_API_VERSION when the mask bits are not set}
  349 \Status{Implemented}
  350 }
  351 
  352 \numtest{37}{
  353 \Priority{High}
  354 \Reason{Return OLD_LIB_API_VERSION when using an old/unsuppored
  355     api version number}
  356 \Conditions{RPC}    
  357 \Status{Implemented}
  358 }
  359 
  360 \numtest{38}{
  361 \Priority{High}
  362 \Reason{Return OLD_SERVER_API_VERSION attempting to use an
  363     old/unsupported api version number}
  364 \Conditions{local}  
  365 \Status{Implemented}
  366 }
  367 
  368 \numtest{39}{
  369 \Priority{High}
  370 \Reason{Return NEW_LIB_API_VERSION when using a newer api
  371     version number then supported}
  372 \Conditions{RPC}
  373 \Status{Implemented}
  374 }
  375 
  376 \numtest{40}{
  377 \Priority{High}
  378 \Reason{Return NEW_SERVER_API_VERSION when using a newer api version
  379     number then supported}
  380 \Conditions{local}
  381 \Status{Implemented}
  382 }
  383 
  384 \numtest{41}{
  385 \Priority{High}
  386 \Reason{Return BAD_XXX_VERSION when the API and the structure
  387     version numbers are reversed}
  388 \Status{Implemented}
  389 }
  390 
  391 \numtest{42}{
  392 \Priority{High}
  393 \Reason{Succeeds when using valid api and struct version numbers and masks}
  394 \Status{Implemented}
  395 }
  396 
  397 \numtest{43}{
  398 \Priority{Low}
  399 \Reason{Returns two different server handle when called twice with same info}
  400 }
  401 
  402 \numtest{44}{
  403 \Priority{Low}
  404 \Reason{Returns two different server handles when called twice with
  405     different  info}
  406 }
  407 
  408 \numtest{45}{
  409 \Priority{Bug fix, secure-install/3390}
  410 \Reason{Returns SECURE_PRINC_MISSING when ADMIN_SERVICE does not
  411 exist.}
  412 \Status{Implemented}
  413 }
  414 
  415 \numtest{46}{
  416 \Priority{Bug fix, secure-install/3390}
  417 \Reason{Returns SECURE_PRINC_MISSING when CHANGEPW_SERVICE does not
  418 exist.}
  419 \Status{Implemented}
  420 }
  421 
  422 \numtest{100}{
  423 \Version{KADM5_API_VERSION_2}
  424 \Reason{Obeys the profile field of the configuration parameters, if
  425 set.}
  426 \Status{Implemented}
  427 }
  428 
  429 \numtest{101}{
  430 \Version{KADM5_API_VERSION_2}
  431 \Reason{Obeys the kadmind_port field of the configuration parameters,
  432 if set.}
  433 \Conditions{RPC}
  434 \Status{Implemented}
  435 }
  436 
  437 \numtest{102}{
  438 \Version{KADM5_API_VERSION_2}
  439 \Reason{Obeys the admin_server field of the configuration parameters,
  440 if set with only an admin server name.}
  441 \Conditions{RPC}
  442 \Status{Implemented}
  443 }
  444 
  445 \numtest{102.5}{
  446 \Version{KADM5_API_VERSION_2}
  447 \Reason{Obeys the admin_server field of the configuratin parameters,
  448 if set with a host name and port number.}
  449 \Conditions{RPC}
  450 }
  451 
  452 \numtest{103}{
  453 \Version{KADM5_API_VERSION_2}
  454 \Reason{Obeys the dbname field of the configuration parameters, if
  455 set.}
  456 \Conditions{local}
  457 \Status{Implemented}
  458 }
  459 
  460 \numtest{104}{
  461 \Version{KADM5_API_VERSION_2}
  462 \Reason{Obeys the admin_dbname field of the configuration parameters, if
  463 set.}
  464 \Conditions{local}
  465 \Status{Implemented}
  466 }
  467 
  468 \numtest{105}{
  469 \Version{KADM5_API_VERSION_2}
  470 \Reason{Obeys the admin_lockfile field of the configuration parameters, if
  471 set.}
  472 \Conditions{local}
  473 \Status{Implemented}
  474 }
  475 
  476 \numtest{106}{
  477 \Version{KADM5_API_VERSION_2}
  478 \Reason{Obeys the mkey_from_kbd field of the configuration parameters, if
  479 set.}
  480 \Conditions{local}
  481 \Status{Implemented}
  482 }
  483 
  484 \numtest{107}{
  485 \Version{KADM5_API_VERSION_2}
  486 \Reason{Obeys the stash_file field of the configuration parameters, if
  487 set.}
  488 \Conditions{local}
  489 \Status{Implemented}
  490 }
  491 
  492 \numtest{108}{
  493 \Version{KADM5_API_VERSION_2}
  494 \Reason{Obeys the mkey_name field of the configuration parameters, if
  495 set.}
  496 \Conditions{local}
  497 \Status{Implemented}
  498 }
  499 
  500 \numtest{109}{
  501 \Version{KADM5_API_VERSION_2}
  502 \Reason{Obeys the max_life field of the configuration parameters, if
  503 set.}
  504 \Conditions{local}
  505 \Status{Implemented}
  506 }
  507 
  508 \numtest{110}{
  509 \Version{KADM5_API_VERSION_2}
  510 \Reason{Obeys the max_rlife field of the configuration parameters, if
  511 set.}
  512 \Conditions{local}
  513 \Status{Implemented}
  514 }
  515 
  516 \numtest{111}{
  517 \Version{KADM5_API_VERSION_2}
  518 \Reason{Obeys the expiration field of the configuration parameters, if
  519 set.}
  520 \Status{Implemented}
  521 \Conditions{local}
  522 }
  523 
  524 \numtest{112}{
  525 \Version{KADM5_API_VERSION_2}
  526 \Reason{Obeys the flags field of the configuration parameters, if
  527 set.}
  528 \Conditions{local}
  529 \Status{Implemented}
  530 }
  531 
  532 \numtest{113}{
  533 \Version{KADM5_API_VERSION_2}
  534 \Reason{Obeys the keysalts and num_keysalts field of the configuration
  535 parameters, if set.}
  536 \Conditions{local}
  537 \Status{Implemented}
  538 }
  539 
  540 \numtest{114}{
  541 \Version{KADM5_API_VERSION_2}
  542 \Reason{Returns KADM5_BAD_SERVER_PARAMS if any client-only parameters
  543 are specified to server-side init.}
  544 \Conditions{local}
  545 \Status{Implemented}
  546 }
  547 
  548 \numtest{115}{
  549 \Version{KADM5_API_VERSION_2}
  550 \Reason{Returns KADM5_BAD_CLIENT_PARAMS if any client-only parameters
  551 are specified to server-side init.}
  552 \Conditions{RPC}
  553 \Status{Implemented}
  554 }
  555 
  556 \numtest{116}{
  557 \Version{KADM5_API_VERSION_2}
  558 \Reason{Two calls to init with clients having different privileges
  559 succeedes, and both clients maintain their correct privileges.}
  560 \Priority{Bug fix}
  561 \Conditions{RPC}
  562 \Status{Implemented}
  563 }
  564 
  565 \numtest{117}{
  566 \Version{KADM5_API_VERSION_2}
  567 \Reason{The max_life field defaults to value specified in the API
  568 Functional Specification when kdc.conf is unreadable.}
  569 \Priority{Bug fix, krb5-admin/18}
  570 \Conditions{local}
  571 \Status{Implemented}
  572 }
  573 
  574 \numtest{150}{
  575 \Version{KADM5_API_VERSION_2}
  576 \Reason{init_with_creds works when given an open ccache with a valid
  577 credential for ADMIN_SERVICE.}
  578 \Conditions{RPC}
  579 \Status{Implemented}
  580 }
  581 
  582 \numtest{151}{
  583 \Version{KADM5_API_VERSION_2}
  584 \Reason{init_with_creds works when given an open ccache with a valid
  585 credential for CHANGEPW_SERVICE.}
  586 \Conditions{RPC}
  587 \Status{Implemented}
  588 }
  589 
  590 \numtest{152}{
  591 \Version{KADM5_API_VERSION_2}
  592 \Reason{init_with_creds fails with KRB5_FCC_NOFILE (was
  593   KADM5_GSS_ERROR) when given an open
  594 ccache with no credentials.}
  595 \Conditions{RPC}
  596 \Status{Implemented}
  597 }
  598 
  599 \numtest{153}{
  600 \Version{KADM5_API_VERSION_2}
  601 \Reason{init_with_creds fails with KRB5_CC_NOTFOUND (was
  602   KADM5_GSS_ERROR) when given an open
  603 ccache without credentials for ADMIN_SERVICE or CHANGEPW_SERVICE.}
  604 \Conditions{RPC}
  605 \Status{Implemented}
  606 }
  607 
  608 \numtest{154}{
  609 \Version{KADM5_API_VERSION_2}
  610 \Reason{If the KRB5_KDC_PROFILE environment variable is set to a filename
  611 that does not exist, init fails with ENOENT.}
  612 \Conditions{RPC}
  613 \Status{Implemented}
  614 }
  615 
  616 \section{ovsec_kadm_destroy}
  617 
  618 \numtest{1}{
  619 \Reason{Valid invocation.}
  620 \Status{Implemented}
  621 }
  622 
  623 %\numtest{2}{
  624 %\Reason{Valid invocation (``get'' not allowed after destroy).}
  625 %\Status{Implemented}
  626 %}
  627 
  628 %\numtest{3}{
  629 %\Reason{Valid invocation (``add'' not allowed after destroy).}
  630 %\Status{Implemented}
  631 %}
  632 
  633 %\numtest{4}{
  634 %\Reason{Valid invocation (``modify'' not allowed after destroy).}
  635 %\Status{Implemented}
  636 %}
  637 
  638 %\numtest{5}{
  639 %\Reason{Valid invocation (``delete'' not allowed after destroy).}
  640 %\Status{Implemented}
  641 %}
  642 
  643 %\numtest{6}{
  644 %\Reason{Fails if database not initialized.}
  645 %\Status{Implemented}
  646 %}
  647 
  648 %\numtest{7}{
  649 %\Reason{Fails if invoked twice in a row.}
  650 %\Status{Implemented}
  651 %}
  652 
  653 \numtest{8}{
  654 \Reason{Database can be reinitialized after destroy.}
  655 \Status{Implemented}
  656 }
  657 
  658 \numtest{9}{
  659 \Priority{High}
  660 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
  661 \Status{Implemented}
  662 }
  663 
  664 \numtest{10}{
  665 \Priority{Low}
  666 \Reason{Connects to correct server when mutliple handles exist}
  667 \Conditions{client}
  668 }
  669 
  670 \section{ovsec_kadm_create_principal}
  671 
  672 %In the tests below, ``getu'' refers to a user who has only ``get'' access,
  673 %''addu'' refers to a user who has only ``add'' access, ``modifyu'' refers to
  674 %a user who has only ``modify'' access, and ``deleteu'' refers to a user
  675 %who has only ``delete'' access. ``amu'' refers to a user with ``add'' and
  676 %''modify'' access.  ``new_princ'' refers to a principal entry structure
  677 %filled in as follows:
  678 %
  679 %   krb5_parse_name("newuser", \&new_princ.principal);
  680 %   krb5_timeofday(\&new_princ.princ_expire_time);
  681 %       new_princ.princ_expire_time += 130;
  682 %   krb5_timeofday(\&new_princ.last_pwd_change);
  683 %       new_princ.last_pwd_change += 140;
  684 %   krb5_timeofday(\&new_princ.pw_expiration);
  685 %       new_princ.pw_expiration += 150;
  686 %   new_princ.max_life = 160;
  687 %   krb5_parse_name("usera", \&new_princ.mod_name);
  688 %   krb5_timeofday(\&new_princ.mod_date);
  689 %       new_princ.mod_date += 170;
  690 %   new_princ.attributes = 0xabcdabcd;
  691 %   new_princ.kvno = 180;
  692 %   new_princ.mkvno = 190;
  693 %   new_princ.policy = null;
  694 %   new_princ.aux_attributes = 0xdeadbeef;
  695 %
  696 %The offsets of 130 through 190 above are used to ensure that the
  697 %fields are all known to be different from each other, so that
  698 %accidentally switched fields can be detected.  Some of the fields in
  699 %this structure may be changed by the tests, but they should clean up
  700 %after themselves.
  701 
  702 %\numtest{1}{
  703 %\Reason{Fails if database not initialized.}
  704 %\Status{Implemented}
  705 %}
  706 
  707 \numtest{2}{
  708 \Reason{Fails on null princ argument.}
  709 \Status{Implemented}
  710 }
  711 
  712 \numtest{3}{
  713 \Reason{Fails on null password argument.}
  714 \Status{Implemented}
  715 }
  716 
  717 \numtest{4}{
  718 \Reason{Fails on empty-string password argument.}
  719 \Status{Implemented}
  720 }
  721 
  722 \numtest{5}{
  723 \Reason{Fails when mask contains undefined bit.}
  724 \Status{Implemented}
  725 }
  726 
  727 \numtest{6}{
  728 \Reason{Fails when mask contains LAST_PWD_CHANGE bit.}
  729 \Status{Implemented}
  730 }
  731 
  732 \numtest{7}{
  733 \Reason{Fails when mask contains MOD_TIME bit.}
  734 \Status{Implemented}
  735 }
  736 
  737 \numtest{8}{
  738 \Reason{Fails when mask contains MOD_NAME bit.}
  739 \Status{Implemented}
  740 }
  741 
  742 \numtest{9}{
  743 \Reason{Fails when mask contains MKVNO bit.}
  744 \Status{Implemented}
  745 }
  746 
  747 \numtest{10}{
  748 \Reason{Fails when mask contains AUX_ATTRIBUTES bit.}
  749 \Status{Implemented}
  750 }
  751 
  752 \numtest{11}{
  753 \Reason{Fails when mask contains POLICY_CLR bit.}
  754 \Status{Implemented}
  755 }
  756 
  757 \numtest{12}{
  758 \Reason{Fails for caller with no access bits.}
  759 \Status{Implemented}
  760 }
  761 
  762 \numtest{13}{
  763 \Reason{Fails when caller has ``get'' access and not ``add''.}
  764 \Conditions{RPC}
  765 \Status{Implemented}
  766 }
  767 
  768 \numtest{14}{
  769 \Reason{Fails when caller has ``modify'' access and not ``add''.}
  770 \Conditions{RPC}
  771 \Status{Implemented}
  772 }
  773 
  774 \numtest{15}{
  775 \Reason{Fails when caller has ``delete'' access and not ``add''.}
  776 \Conditions{RPC}
  777 \Status{Implemented}
  778 }
  779 
  780 \numtest{16}{
  781 \Reason{Fails when caller connected with CHANGEPW_SERVICE.}
  782 \Conditions{RPC}
  783 \Status{Implemented}
  784 }
  785 
  786 \numtest{17}{
  787 \Reason{Fails on attempt to create existing principal.}
  788 \Status{Implemented}
  789 }
  790 
  791 \numtest{18}{
  792 \Reason{Fails when password is too short.}
  793 \Status{Implemented}
  794 }
  795 
  796 \numtest{19}{
  797 \Reason{Fails when password has too few classes.}
  798 \Status{Implemented}
  799 }
  800 
  801 \numtest{20}{
  802 \Reason{Fails when password is in dictionary.}
  803 \Status{Implemented}
  804 }
  805 
  806 \numtest{21}{
  807 \Reason{Nonexistent policy is rejected.}
  808 \Status{Implemented}
  809 }
  810 
  811 \numtest{22}{
  812 \Reason{Fails on invalid principal name.}
  813 \Status{Implemented}
  814 }
  815 
  816 \numtest{23}{
  817 \Reason{Valid invocation.}
  818 \Status{Implemented}
  819 }
  820 
  821 \numtest{24}{
  822 \Reason{Succeeds when caller has ``add'' access and another one.}
  823 \Status{Implemented}
  824 }
  825 
  826 %\numtest{25}{
  827 %\Reason{Fails when password is too short, when override_qual is true.}
  828 %}
  829 
  830 %\numtest{26}{
  831 %\Reason{Fails when password has too few classes, when
  832 %       override_qual is true.}
  833 %}
  834 
  835 %\numtest{27}{
  836 %\Reason{Fails when password is in dictionary, when override_qual is
  837 %       true.}
  838 %}
  839 
  840 \numtest{28}{
  841 \Reason{Succeeds when assigning policy.}
  842 \Status{Implemented}
  843 }
  844 
  845 \numtest{29}{
  846 \Priority{High}
  847 \Reason{Allows 0 (never) for princ_expire_time.}
  848 \Status{Implemented}
  849 }
  850 
  851 \numtest{30}{
  852 \Reason{Allows 0 (never) for pw_expiration when there's no policy.}
  853 \Status{Implemented}
  854 }
  855 
  856 \numtest{31}{
  857 \Reason{Allows 0 (never) for pw_expiration when there's a policy with
  858     0 for pw_max_life.}
  859 \Status{Implemented}
  860 }
  861 
  862 \numtest{32}{
  863 \Reason{Accepts 0 (never) for pw_expiration when there's a policy with
  864     non-zero pw_max_life, and sets pw_expiration to zero.}
  865 \Status{Implemented}    
  866 }
  867 
  868 \numtest{33}{
  869 \Reason{Accepts and sets non-zero pw_expiration when no policy.}
  870 \Status{Implemented}
  871 }
  872 
  873 \numtest{34}{
  874 \Reason{Accepts and sets non-zero pw_expiration when there's a policy
  875     with zero pw_max_life.}
  876 \Status{Implemented}    
  877 }
  878 
  879 \numtest{35}{
  880 \Reason{Accepts and sets non-zero pw_expiration when there's a policy
  881     with pw_max_life later than the specified pw_expiration.}
  882 \Status{Implemented}    
  883 }
  884 
  885 \numtest{36}{
  886 \Reason{Accepts and sets non-zero pw_expiration greater than now_pw_max_life.}
  887 \Status{Implemented}    
  888 }
  889 
  890 \numtest{37}{
  891 \Priority{High}
  892 \Reason{Sets pw_expiration to 0 (never) if there's no policy and no
  893     specified pw_expiration.}
  894 \Status{Implemented}    
  895 }
  896 
  897 \numtest{38}{
  898 \Priority{High}
  899 \Reason{Sets pw_expiration to 0 (never) if it isn't specified and the
  900     policy has a 0 (never) pw_max_life.}
  901 \Status{Implemented}    
  902 }
  903 
  904 \numtest{39}{
  905 \Priority{High}
  906 \Reason{Sets pw_expiration to now + pw_max_life if it isn't specified
  907     and the policy has a non-zero pw_max_life.}
  908 \Status{Implemented}    
  909 }
  910 
  911 \numtest{40}{
  912 \Priority{High}
  913 \Reason{Allows 0 (forever) for max_life.}
  914 \Status{Implemented}
  915 }
  916 
  917 \numtest{41}{
  918 \Priority{High}
  919 \Reason{Doesn't modify or free mod_name on success.}
  920 }
  921 
  922 \numtest{42}{
  923 \Priority{High}
  924 \Reason{Doesn't modify or free mod_name on failure.}
  925 }
  926 
  927 \numtest{43}{
  928 \Priority{High}
  929 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
  930 \Status{Implemented}
  931 }
  932 
  933 \numtest{44}{
  934 \Priority{Low}
  935 \Reason{Connects to correct server when mutliple handles exist}
  936 \Conditions{RPC}
  937 }
  938 
  939 
  940 \section{ovsec_kadm_delete_principal}
  941 
  942 %\numtest{1}{
  943 %\Reason{Fails if database not initialized.}
  944 %\Status{Implemented}
  945 %}
  946 
  947 \numtest{2}{
  948 \Reason{Fails on null principal.}
  949 \Status{Implemented}
  950 }
  951 
  952 % Empty string principal is legal.
  953 %\numtest{3}{
  954 %\Reason{Fails on empty-string principal.}
  955 %}
  956 
  957 % There is not invalid principal names
  958 %\numtest{4}{
  959 %\Reason{Fails on invalid principal name.}
  960 %}
  961 
  962 \numtest{5}{
  963 \Priority{High}
  964 \Reason{Fails on nonexistent principal.}
  965 \Status{Implemented}
  966 }
  967 
  968 \numtest{6}{
  969 \Priority{High}
  970 \Reason{Fails when caller connected with CHANGEPW_SERVICE.}
  971 \Conditions{RPC}
  972 \Status{Implemented}
  973 }
  974 
  975 \numtest{7}{
  976 \Priority{High}
  977 \Reason{Fails if caller has ``add'' access and not ``delete''.}
  978 \Conditions{RPC}
  979 \Status{Implemented}
  980 }
  981 
  982 \numtest{8}{
  983 \Priority{High}
  984 \Reason{Fails if caller has ``modify'' access and not ``delete''.}
  985 \Conditions{RPC}
  986 \Status{Implemented}
  987 }
  988 
  989 \numtest{9}{
  990 \Priority{High}
  991 \Reason{Fails if caller has ``get'' access and not ``delete''.}
  992 \Conditions{RPC}
  993 \Status{Implemented}
  994 }
  995 
  996 \numtest{10}{
  997 \Priority{High}
  998 \Reason{Fails if caller has no access bits.}
  999 \Conditions{RPC}
 1000 \Status{Implemented}
 1001 }
 1002 
 1003 \numtest{11}{
 1004 \Priority{High}
 1005 \Reason{Valid invocation.}
 1006 \Status{Implemented}
 1007 }
 1008 
 1009 \numtest{12}{
 1010 \Priority{High}
 1011 \Reason{Valid invocation (on principal with policy).}
 1012 \Status{Implemented}
 1013 }
 1014 
 1015 \numtest{13}{
 1016 \Priority{High}
 1017 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 1018 \Status{Implemented}
 1019 }
 1020 
 1021 \numtest{14}{
 1022 \Priority{Low}
 1023 \Reason{Connects to correct server when mutliple handles exist}
 1024 \Conditions{RPC}
 1025 }
 1026 
 1027 
 1028 \section{ovsec_kadm_modify_principal}
 1029 
 1030 %\numtest{1}{
 1031 %\Reason{Fails if database not initialized.}
 1032 %\Status{Implemented}
 1033 %}
 1034 
 1035 \numtest{2}{
 1036 \Priority{High}
 1037 \Reason{Fails if user connected with CHANGEPW_SERVICE.}
 1038 \Conditions{RPC}
 1039 \Status{Implemented}
 1040 }
 1041 
 1042 \numtest{3}{
 1043 \Reason{Fails on mask with undefined bit set.}
 1044 \Status{Implemented}
 1045 }
 1046 
 1047 \numtest{4}{
 1048 \Reason{Fails on mask with PRINCIPAL set.}
 1049 \Status{Implemented}
 1050 }
 1051 
 1052 \numtest{5}{
 1053 \Priority{High}
 1054 \Reason{Fails on mask with LAST_PWD_CHANGE set.}
 1055 \Status{Implemented}
 1056 }
 1057 
 1058 \numtest{6}{
 1059 \Reason{Fails on mask with MOD_TIME set.}
 1060 \Status{Implemented}
 1061 }
 1062 
 1063 \numtest{7}{
 1064 \Reason{Fails on mask with MOD_NAME set.}
 1065 \Status{Implemented}
 1066 }
 1067 
 1068 \numtest{8}{
 1069 \Reason{Fails on mask with MKVNO set.}
 1070 \Status{Implemented}
 1071 }
 1072 
 1073 \numtest{9}{
 1074 \Priority{High}
 1075 \Reason{Fails on mask with AUX_ATTRIBUTES set.}
 1076 \Status{Implemented}
 1077 }
 1078 
 1079 \numtest{10}{
 1080 \Reason{Fails on nonexistent principal.}
 1081 \Status{Implemented}
 1082 }
 1083 
 1084 \numtest{11}{
 1085 \Priority{High}
 1086 \Reason{Fails for user with no access bits.}
 1087 \Conditions{RPC}
 1088 \Status{Implemented}
 1089 }
 1090 
 1091 \numtest{12}{
 1092 \Priority{High}
 1093 \Reason{Fails for user with ``get'' access.}
 1094 \Conditions{RPC}
 1095 \Status{Implemented}
 1096 }
 1097 
 1098 \numtest{13}{
 1099 \Priority{High}
 1100 \Reason{Fails for user with ``add'' access.}
 1101 \Conditions{RPC}
 1102 \Status{Implemented}
 1103 }
 1104 
 1105 \numtest{14}{
 1106 \Priority{High}
 1107 \Reason{Fails for user with ``delete'' access.}
 1108 \Conditions{RPC}
 1109 \Status{Implemented}
 1110 }
 1111 
 1112 \numtest{15}{
 1113 \Priority{High}
 1114 \Reason{Succeeds for user with ``modify'' access.}
 1115 \Conditions{RPC}
 1116 \Status{Implemented}
 1117 }
 1118 
 1119 \numtest{16}{
 1120 \Reason{Succeeds for user with ``modify'' and another access.}
 1121 \Conditions{RPC}
 1122 \Status{Implemented}
 1123 }
 1124 
 1125 \numtest{17}{
 1126 \Priority{High}
 1127 \Reason{Fails when nonexistent policy is specified.}
 1128 \Status{Implemented}
 1129 }
 1130 
 1131 \numtest{18}{
 1132 \Priority{High}
 1133 \Reason{Succeeds when existent policy is specified.}
 1134 \Status{Implemented}
 1135 }
 1136 
 1137 \numtest{19}{
 1138 \Reason{Updates policy count when setting policy from none.}
 1139 \Status{Implemented}
 1140 }
 1141 
 1142 \numtest{20}{
 1143 \Reason{Updates policy count when clearing policy from set.}
 1144 \Status{Implemented}
 1145 }
 1146 
 1147 \numtest{21}{
 1148 \Reason{Updates policy count when setting policy from other policy.}
 1149 \Status{Implemented}
 1150 }
 1151 
 1152 \numtest{21.5}{
 1153 \Reason{Policy reference count remains unchanged when policy is
 1154     changed to itself.}
 1155 \Status{Implemented.}
 1156 }
 1157 
 1158 \numtest{22}{
 1159 \Reason{Allows 0 (never) for pw_expiration when there's no policy.}
 1160 \Status{Implemented}
 1161 }
 1162 
 1163 \numtest{23}{
 1164 \Reason{Allows 0 (never) for pw_expiration when there's a policy with
 1165     0 for pw_max_life.}
 1166 \Status{Implemented}
 1167 }
 1168 
 1169 \numtest{24}{
 1170 \Reason{Accepts 0 (never) for pw_expiration when there's a policy with
 1171     non-zero pw_max_life, but actually sets pw_expiration to
 1172     last_pwd_change + pw_max_life.}
 1173 \Status{Implemented}
 1174 }
 1175 
 1176 \numtest{25}{
 1177 \Reason{Accepts and sets non-zero pw_expiration when no policy.}
 1178 \Status{Implemented}
 1179 }
 1180 
 1181 \numtest{26}{
 1182 \Reason{Accepts and sets non-zero pw_expiration when there's a policy
 1183     with zero pw_max_life.}
 1184 \Status{Implemented}    
 1185 }
 1186 
 1187 \numtest{27}{
 1188 \Reason{Accepts and sets non-zero pw_expiration when there's a policy
 1189     with pw_max_life later than the specified pw_expiration.}
 1190 \Status{Implemented}    
 1191 }
 1192 
 1193 \numtest{28}{
 1194 \Reason{Accepts non-zero pw_expiration and limits it to last_pwd_change +
 1195     pw_max_life when it's later than last_pwd_change + non-zero
 1196     pw_max_life in policy.}
 1197 \Status{Implemented}    
 1198 }
 1199 
 1200 \numtest{29}{
 1201 \Priority{High}
 1202 \Reason{Sets pw_expiration to 0 (never) when a policy is cleared and
 1203 no pw_expiration is specified.}
 1204 \Status{Implemented}    
 1205 }
 1206 
 1207 \numtest{30}{
 1208 \Priority{High}
 1209 \Reason{Sets pw_expiration to 0 (never) if it isn't specified and the
 1210     new policy has a 0 (never) pw_max_life.}
 1211 \Status{Implemented}    
 1212 }
 1213 
 1214 \numtest{31}{
 1215 \Priority{High}
 1216 \Reason{Sets pw_expiration to now + pw_max_life if it isn't specified
 1217     and the new policy has a non-zero pw_max_life.}
 1218 \Status{Implemented}    
 1219 }
 1220 
 1221 \numtest{32}{
 1222 \Priority{High}
 1223 \Reason{Accepts princ_expire_time change.}
 1224 \Status{Implemented}
 1225 }
 1226 
 1227 
 1228 
 1229 \numtest{33}{
 1230 \Priority{High}
 1231 \Reason{Accepts attributes change.}
 1232 \Status{Implemented}
 1233 }
 1234 
 1235 \numtest{33.25}{
 1236 \Priority{High}
 1237 \Reason{Accepts attributes change (KRB5_KDB_REQUIRES_PW_CHANGE).}
 1238 \Status{Implemented}
 1239 }
 1240 
 1241 \numtest{33.5}{
 1242 \Priority{High}
 1243 \Reason{Accepts attributes change (KRB5_DISALLOW_TGT_BASE).}
 1244 \Status{Implemented}
 1245 }
 1246 
 1247 \numtest{33.75}{
 1248 \Priority{High}
 1249 \Reason{Accepts attributes change (KRB5_PW_CHANGE_SERVICE).}
 1250 \Status{Implemented}
 1251 }
 1252 
 1253 \numtest{34}{
 1254 \Priority{High}
 1255 \Reason{Accepts max_life change.}
 1256 \Status{Implemented}
 1257 }
 1258 
 1259 \numtest{35}{
 1260 \Priority{High}
 1261 \Reason{Accepts kvno change.}
 1262 \Status{Implemented}
 1263 }
 1264 
 1265 \numtest{36}{
 1266 \Reason{Behaves correctly when policy is set to the same as it was
 1267     before.}
 1268 \Status{Implemented}    
 1269 }
 1270 
 1271 \numtest{37}{
 1272 \Reason{Behaves properly when POLICY_CLR is specified and there was no
 1273     policy before.}
 1274 \Status{Implemented}    
 1275 }
 1276 
 1277 \numtest{38}{
 1278 \Priority{High}
 1279 \Reason{Accepts 0 (never) for princ_expire_time.}
 1280 \Status{Implemented}
 1281 }
 1282 
 1283 \numtest{39}{
 1284 \Priority{High}
 1285 \Reason{Accepts 0 for max_life.}
 1286 \Status{Implemented}
 1287 }
 1288 
 1289 \numtest{40}{
 1290 \Reason{Rejects null principal argument.}
 1291 \Status{Implemented}
 1292 }
 1293 
 1294 \numtest{41}{
 1295 \Priority{High}
 1296 \Reason{Doesn't modify or free mod_name on success.}
 1297 }
 1298 
 1299 \numtest{42}{
 1300 \Priority{High}
 1301 \Reason{Doesn't modify or free mod_name on failure.}
 1302 }
 1303 
 1304 \numtest{43}{
 1305 \Priority{High}
 1306 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 1307 \Status{Implemented}
 1308 }
 1309 
 1310 \numtest{44}{
 1311 \Priority{Low}
 1312 \Reason{Connects to correct server when mutliple handles exist}
 1313 \Conditions{RPC}
 1314 }
 1315 
 1316 \numtest{100}{
 1317 \Version{KADM5_API_VERSION_2}
 1318 \Priority{bug-fix}
 1319 \Reason{Accepts max_rlife change.}
 1320 \Status{Implemented}
 1321 }
 1322 
 1323 \numtest{101}{
 1324 \Version{KADM5_API_VERSION_2}
 1325 \Reason{Rejects last_success change.}
 1326 \Status{Implemented}
 1327 }
 1328 
 1329 \numtest{102}{
 1330 \Version{KADM5_API_VERSION_2}
 1331 \Reason{Rejects last_failed change.}
 1332 \Status{Implemented}
 1333 }
 1334 
 1335 \numtest{103}{
 1336 \Version{KADM5_API_VERSION_2}
 1337 \Reason{Rejects fail_auth_count change.}
 1338 \Status{Implemented}
 1339 }
 1340 
 1341 \numtest{103.5}{
 1342 \Version{KADM5_API_VERSION_2}
 1343 \Reason{Rejects key_data change.}
 1344 \Status{Implemented}
 1345 }
 1346 
 1347 \numtest{104}{
 1348 \Version{KADM5_API_VERSION_2}
 1349 \Reason{Accepts tl_data change when all types are greater than 256.}
 1350 \Status{Implemented}
 1351 }
 1352 
 1353 \numtest{105}{
 1354 \Version{KADM5_API_VERSION_2}
 1355 \Reason{Returns KADM5_BAD_TL_TYPE when given tl_data with a type less
 1356 than 256.} 
 1357 \Status{Implemented}
 1358 }
 1359 
 1360 \section{ovsec_kadm_rename_principal}
 1361 
 1362 %\numtest{1}{
 1363 %\Reason{Fails if database not initialized.}
 1364 %\Status{Implemented}
 1365 %}
 1366 
 1367 \numtest{2}{
 1368 \Priority{High}
 1369 \Reason{Fails if user connected with CHANGEPW_SERVICE.}
 1370 \Conditions{RPC}
 1371 \Status{Implemented}
 1372 }
 1373 
 1374 \numtest{3}{
 1375 \Priority{High}
 1376 \Reason{Fails for user with no access bits.}
 1377 \Conditions{RPC}
 1378 \Status{Implemented}
 1379 }
 1380 
 1381 \numtest{4}{
 1382 \Reason{Fails for user with ``modify'' access and not ``add'' or
 1383 ``delete''.}
 1384 \Conditions{RPC}
 1385 \Status{Implemented}
 1386 }
 1387 
 1388 \numtest{5}{
 1389 \Reason{Fails for user with ``get'' access and not ``add'' or
 1390 ``delete''.}
 1391 \Conditions{RPC}
 1392 \Status{Implemented}
 1393 }
 1394 
 1395 \numtest{6}{
 1396 \Reason{Fails for user with ``modify'' and ``add'' but not ``delete''.}
 1397 \Conditions{RPC}
 1398 \Status{Implemented}
 1399 }
 1400 
 1401 \numtest{7}{
 1402 \Reason{Fails for user with ``modify'' and ``delete'' but not ``add''.}
 1403 \Conditions{RPC}
 1404 \Status{Implemented}
 1405 }
 1406 
 1407 \numtest{8}{
 1408 \Reason{Fails for user with ``get'' and ``add'' but not ``delete''.}
 1409 \Conditions{RPC}
 1410 \Status{Implemented}
 1411 }
 1412 
 1413 \numtest{9}{
 1414 \Reason{Fails for user with ``get'' and ``delete'' but not ``add.''}
 1415 \Conditions{RPC}
 1416 \Status{Implemented}
 1417 }
 1418 
 1419 \numtest{10}{
 1420 \Reason{Fails for user with ``modify'', ``get'' and ``add'', but not
 1421     ``delete''.}
 1422 \Conditions{RPC}
 1423 \Status{Implemented}
 1424 }
 1425 
 1426 \numtest{11}{
 1427 \Reason{Fails for user with ``modify'', ``get'' and ``delete'', but
 1428     not ``add''.}
 1429 \Conditions{RPC}
 1430 \Status{Implemented}
 1431 }
 1432 
 1433 \numtest{12}{
 1434 \Priority{High}
 1435 \Reason{Fails for user with ``add'' but not ``delete''.}
 1436 \Conditions{RPC}
 1437 \Status{Implemented}
 1438 }
 1439 
 1440 \numtest{13}{
 1441 \Priority{High}
 1442 \Reason{Fails for user with ``delete'' but not ``add''.}
 1443 \Conditions{RPC}
 1444 \Status{Implemented}
 1445 }
 1446 
 1447 \numtest{14}{
 1448 \Priority{High}
 1449 \Reason{Succeeds for user with ``add'' and ``delete'', when that user
 1450 has non-name-based salt.}
 1451 \Status{Implemented}
 1452 }
 1453 
 1454 \numtest{15}{
 1455 \Priority{High}
 1456 \Reason{Fails if target principal name exists.}
 1457 \Status{Implemented}
 1458 }
 1459 
 1460 \numtest{16}{
 1461 \Priority{High}
 1462 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 1463 \Status{Implemented}
 1464 }
 1465 
 1466 \numtest{17}{
 1467 \Priority{Low}
 1468 \Reason{Connects to correct server when mutliple handles exist}
 1469 \Conditions{RPC}
 1470 }
 1471 
 1472 \numtest{18}{
 1473 \Priority{bug fix}
 1474 \Reason{Returns NO_RENAME_SALT when asked to rename a principal whose
 1475 salt depends on the principal name.}
 1476 \Status{Implemented}
 1477 }
 1478 
 1479 \section{ovsec_kadm_chpass_principal}
 1480 \label{ovseckadmchpassprincipal}
 1481 
 1482 \subsection{Quality/history enforcement tests}
 1483 
 1484 This section lists a series of tests which will be run a number of
 1485 times, with various parameter settings (e.g., which access bits user
 1486 has, whether user connected with ADMIN_SERVICE or CHANGEPW_SERVICE,
 1487 etc.).  The table following the
 1488 list of tests gives the various parameter settings under which the
 1489 tests should be run, as well which should succeed and which should
 1490 fail for each choice of parameter settings.
 1491 
 1492 \subsubsection{List of tests}
 1493 
 1494 The test number of each of these tests is an offset from the base
 1495 given in the table below.
 1496 
 1497 \numtest{1}{
 1498 \Priority{High}
 1499 \Reason{With history setting of 1, change password to itself.}
 1500 }
 1501 
 1502 \numtest{2}{
 1503 \Reason{With history setting of 2 but no password changes since
 1504     principal creation, change password to itself.}
 1505 }
 1506 
 1507 \numtest{3}{
 1508 \Reason{With history setting of 2 and one password change since
 1509     principal creation, change password to itself
 1510     and directly previous password.}
 1511 }
 1512 
 1513 \numtest{4}{
 1514 \Priority{High}
 1515 \Reason{With a history setting of 3 and no password changes,
 1516     change password to itself.}
 1517 }
 1518 
 1519 \numtest{5}{
 1520 \Priority{High}
 1521 \Reason{With a history setting of 3 and 1 password change,
 1522     change password to itself or previous password.}
 1523 }
 1524 
 1525 \numtest{6}{
 1526 \Priority{High}
 1527 \Reason{With a history setting of 3 and 2 password changes,
 1528     change password to itself and the two previous passwords.}
 1529 }
 1530 
 1531 \numtest{7}{
 1532 \Priority{High}
 1533 \Reason{Change to previously unused password when now -
 1534     last_pwd_change $<$ pw_min_life.}
 1535 }
 1536 
 1537 \numtest{8}{
 1538 \Priority{High}
 1539 \Reason{Change to previously unused password that doesn't contain enough
 1540     character classes.}
 1541 }
 1542 
 1543 \numtest{9}{
 1544 \Priority{High}
 1545 \Reason{Change to previously unused password that's too short.}
 1546 }
 1547 
 1548 \numtest{10}{
 1549 \Priority{High}
 1550 \Reason{Change to previously unused password that's in the dictionary.}
 1551 }
 1552 
 1553 \subsubsection{List of parameter settings}
 1554 
 1555 In the table below, ``7 passes'' means that test 7 above passes and
 1556 the rest of the tests fail.
 1557 
 1558 \begin{tabular}{llllll}
 1559 Base & Modify access? & Own password? & Service & Pass/Fail \\ \hline
 1560 0 & No & Yes & ADMIN & all fail \\
 1561 20 & No & Yes & CHANGEPW & all fail \\
 1562 40 & No & No & ADMIN & all fail \\
 1563 60 & No & No & CHANGEPW & all fail \\
 1564 80 & Yes & Yes & ADMIN & 7 passes \\
 1565 100 & Yes & Yes & CHANGEPW & all fail \\
 1566 120 & Yes & No & ADMIN & 7 passes \\
 1567 140 & Yes & No & CHANGEPW & all fail \\
 1568 \end{tabular}
 1569 
 1570 \subsection{Other quality/history tests}
 1571 
 1572 \numtest{161}{
 1573 \Priority{High}
 1574 \Reason{With history of 1, can change password to anything other than
 1575     itself that doesn't conflict with other quality
 1576     rules.}
 1577 }
 1578 
 1579 \numtest{162}{
 1580 \Reason{With history of 2 and 2 password changes, can change password
 1581     to original password.}
 1582 }
 1583 
 1584 \numtest{163}{
 1585 \Priority{High}
 1586 \Reason{With history of 3 and 3 password changes, can change password
 1587     to original password.}
 1588 }
 1589 
 1590 \numtest{164}{
 1591 \Priority{High}
 1592 \Reason{Can change password when now - last_pwd_change $>$ pw_min_life.}
 1593 }
 1594 
 1595 \numtest{165}{
 1596 \Priority{High}
 1597 \Reason{Can change password when it contains exactly the number of
 1598     classes required by the policy.}
 1599 }
 1600 
 1601 \numtest{166}{
 1602 \Priority{High}
 1603 \Reason{Can change password when it is exactly the length required by
 1604     the policy.}
 1605 }
 1606 
 1607 \numtest{167}{
 1608 \Priority{High}
 1609 \Reason{Can change password to a word that isn't in the dictionary.}
 1610 }
 1611 
 1612 
 1613 \subsection{Other tests}
 1614 
 1615 %\numtest{168}{
 1616 %\Reason{Fails if database not initialized.}
 1617 %}
 1618 
 1619 \numtest{169}{
 1620 \Reason{Fails for non-existent principal.}
 1621 }
 1622 
 1623 \numtest{170}{
 1624 \Reason{Fails for null password.}
 1625 }
 1626 
 1627 \numtest{171}{
 1628 \Priority{High}
 1629 \Reason{Fails for empty-string password.}
 1630 }
 1631 
 1632 \numtest{172}{
 1633 \Priority{High}
 1634 \Reason{Pw_expiration is set to now + max_pw_life if policy exists and
 1635     has non-zero max_pw_life.}
 1636 }
 1637 
 1638 \numtest{173}{
 1639 \Priority{High}
 1640 \Reason{Pw_expiration is set to 0 if policy exists and has zero
 1641     max_pw_life.}
 1642 }
 1643 
 1644 \numtest{174}{
 1645 \Priority{High}
 1646 \Reason{Pw_expiration is set to 0 if no policy.}
 1647 }
 1648 
 1649 \numtest{175}{
 1650 \Priority{High}
 1651 \Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when password is
 1652     successfully changed.}
 1653 }
 1654 
 1655 \numtest{176}{
 1656 \Priority{High}
 1657 \Reason{Fails for user with no access bits, on other's password.}
 1658 }
 1659 
 1660 \numtest{177}{
 1661 \Priority{High}
 1662 \Reason{Fails for user with ``get'' but not ``modify'' access, on
 1663     other's password.}
 1664 }
 1665 
 1666 \numtest{178}{
 1667 \Reason{Fails for user with ``delete'' but not ``modify'' access, on
 1668     other's password.}
 1669 }
 1670 
 1671 \numtest{179}{
 1672 \Reason{Fails for user with ``add'' but not ``modify'' access, on
 1673     other's password.}
 1674 }
 1675 
 1676 \numtest{180}{
 1677 \Reason{Succeeds for user with ``get'' and ``modify'' access, on
 1678     other's password.}
 1679 \Status{Implemented}    
 1680 }
 1681 
 1682 \numtest{180.5}{
 1683 \Priority{High}
 1684 \Reason{Succeeds for user with ``modify'' but not ``get'' access, on
 1685     other's password.}
 1686 \Conditions{RPC}
 1687 \Status{Implemented}    
 1688 }
 1689 \numtest{180.625}{
 1690 \Priority{High}
 1691 \Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE on
 1692     others password}
 1693 \Conditions{RPC}
 1694 \Status{Implemented}
 1695 }
 1696 \numtest{180.75}{
 1697 \Priority{High}
 1698 \Reason{Fails for user with modify when connecting with CHANGEPW_SERVICE
 1699     on other's password which has expired}
 1700 \Conditions{RPC}
 1701 \Status{Implemented}
 1702 }
 1703 
 1704 %\numtest{181}{
 1705 %\Reason{Password that would succeed if override_qual were false fails
 1706 %   if override_qual is true.}
 1707 %\Expected{Returns CANNOT_OVERRIDE.}
 1708 %}
 1709 
 1710 \numtest{182}{
 1711 \Priority{High}
 1712 \Reason{Can not change key of ovsec_adm/history principal.}
 1713 \Status{Implemented}
 1714 }
 1715 
 1716 \numtest{183}{
 1717 \Priority{High}
 1718 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 1719 \Status{Implemented}
 1720 }
 1721 
 1722 \numtest{184}{
 1723 \Priority{Low}
 1724 \Reason{Connects to correct server when mutliple handles exist}
 1725 \Conditions{RPC}
 1726 }
 1727 
 1728 \numtest{200}{
 1729 \Version{KADM5_API_VERSION_2}
 1730 \Reason{Creates a key for the principal for each unique encryption
 1731 type/salt type in use.}
 1732 \Status{Implemented}
 1733 }
 1734 
 1735 \section{ovsec_kadm_chpass_principal_util}
 1736 
 1737 Rerun all the tests listed for ovsec_kadm_chpass_principal above in
 1738 Section \ref{ovseckadmchpassprincipal}.  Verify that they succeed
 1739 and fail in the same circumstances.  Also verify that in each failure
 1740 case, the error message returned in msg_ret is as specified in the
 1741 functional specification.
 1742 
 1743 Also, run the following additional tests.
 1744 
 1745 \numtest{1}{
 1746 \Reason{Null msg_ret is rejected.}
 1747 }
 1748 
 1749 \numtest{2}{
 1750 \Priority{High}
 1751 \Reason{New password is put into pw_ret, when it's prompted for.}
 1752 }
 1753 
 1754 \numtest{3}{
 1755 \Priority{High}
 1756 Reason{New password is put into pw_ret, when it's supplied by the
 1757     caller.}
 1758 }
 1759 
 1760 \numtest{4}{
 1761 \Priority{High}
 1762 \Reason{Successful invocation when pw_ret is null.}
 1763 }
 1764 
 1765 
 1766 
 1767 \section{ovsec_kadm_randkey_principal}
 1768 
 1769 \subsection{TOOSOON enforcement tests}
 1770 
 1771 This test should be run a number of times, as indicated in the table
 1772 following it.  The table also indicates the expected result of each
 1773 run of the test.
 1774 
 1775 \test{
 1776 \Reason{Change key when now - last_pwd_change $<$ pw_min_life.}
 1777 }
 1778 
 1779 \subsubsection{List of parameter settings}
 1780 
 1781 \begin{tabular}{llllll}
 1782 Number & Modify Access? & Own Key? & Service & Pass/Fail & Implemented? \\ \hline
 1783 1 & No & Yes & ADMIN & fail & Yes \\
 1784 3 & No & Yes & CHANGEPW & fail & Yes \\
 1785 5 & No & No & ADMIN & fail \\
 1786 7 & No & No & CHANGEPW & fail \\
 1787 9 & Yes & Yes & ADMIN & pass \\
 1788 11 & Yes & Yes & CHANGEPW & fail \\
 1789 13 & Yes & No & ADMIN & pass & Yes \\
 1790 15 & Yes & No & CHANGEPW & fail & Yes \\
 1791 \end{tabular}
 1792 
 1793 \subsection{Other tests}
 1794 
 1795 \numtest{17}{
 1796 \Reason{Fails if database not initialized.}
 1797 }
 1798 
 1799 \numtest{18}{
 1800 \Reason{Fails for non-existent principal.}
 1801 }
 1802 
 1803 \numtest{19}{
 1804 \Reason{Fails for null keyblock pointer.}
 1805 }
 1806 
 1807 \numtest{20}{
 1808 \Priority{High}
 1809 \Reason{Pw_expiration is set to now + max_pw_life if policy exists and
 1810     has non-zero max_pw_life.}
 1811 }
 1812 
 1813 \numtest{21}{
 1814 \Priority{High}
 1815 \Reason{Pw_expiration is set to 0 if policy exists and has zero
 1816     max_pw_life.}
 1817 }
 1818 
 1819 \numtest{22}{
 1820 \Priority{High}
 1821 \Reason{Pw_expiration is set to 0 if no policy.}
 1822 }
 1823 
 1824 \numtest{23}{
 1825 \Priority{High}
 1826 \Reason{KRB5_KDC_REQUIRES_PWCHANGE bit is cleared when key is
 1827     successfully changed.}
 1828 }
 1829 
 1830 \numtest{24}{
 1831 \Priority{High}
 1832 \Reason{Fails for user with no access bits, on other's password.}
 1833 }
 1834 
 1835 \numtest{25}{
 1836 \Priority{High}
 1837 \Reason{Fails for user with ``get'' but not ``modify'' access, on
 1838     other's password.}
 1839 \Vtwonote{Change-password instead of modify access.}
 1840 }
 1841 
 1842 \numtest{26}{
 1843 \Reason{Fails for user with ``delete'' but not ``modify'' access, on
 1844     other's password.}
 1845 \Vtwonote{Change-password instead of modify access.}
 1846 }
 1847 
 1848 \numtest{27}{
 1849 \Reason{Fails for user with ``add'' but not ``modify'' access, on
 1850     other's password.}
 1851 \Vtwonote{Change-password instead of modify access.}
 1852 }
 1853 
 1854 \numtest{28}{
 1855 \Reason{Succeeds for user with ``get'' and ``modify'' access, on
 1856     other's password.}
 1857 \Status{Implemented}
 1858 \Vtwonote{Change-password instead of modify access.}
 1859 }
 1860 
 1861 \numtest{28.25}{
 1862 \Priority{High}
 1863 \Reason{Fails for user with get and modify access on others password
 1864     When conneceted with CHANGEPW_SERVICE}
 1865 \Status{Implemented}
 1866 \Vtwonote{Change-password instead of modify access.}
 1867 }
 1868 
 1869 \numtest{28.5}{
 1870 \Priority{High}
 1871 \Reason{Succeeds for user with ``modify'' but not ``get'' access, on
 1872     other's password.}
 1873 \Status{Implemented}
 1874 \Vtwonote{Change-password instead of modify access.}
 1875 }
 1876 
 1877 \numtest{29}{
 1878 \Reason{The new key that's assigned is truly random. XXX not sure how
 1879     to test this.}
 1880 }
 1881 
 1882 \numtest{30}{
 1883 \Reason{Succeeds for own key, no other access bits when connecting with CHANGEPW service}
 1884 \Status{Implemented}
 1885 }
 1886 \numtest{31}{
 1887 \Reason{Succeeds for own key, no other access bits when connecting with ADMIM service}
 1888 \Status{Implemented}
 1889 }
 1890 
 1891 \numtest{32}{
 1892 \Reason{Cannot change ovsec_adm/history key}
 1893 \Status{Implemented}
 1894 }
 1895 
 1896 \numtest{33}{
 1897 \Priority{High}
 1898 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 1899 \Status{Implemented}
 1900 }
 1901 
 1902 \numtest{34}{
 1903 \Priority{Low}
 1904 \Reason{Connects to correct server when mutliple handles exist}
 1905 \Conditions{RPC}
 1906 }
 1907 
 1908 \numtest{100}{
 1909 \Version{KADM5_API_VERSION_2}
 1910 \Reason{Returns a key for each unique encryption type specified in the
 1911 keysalts.}
 1912 }
 1913 
 1914 \section{ovsec_kadm_get_principal}
 1915 
 1916 \numtest{1}{
 1917 \Reason{Fails for null ent.}
 1918 \Status{Implemented}
 1919 }
 1920 
 1921 \numtest{2}{
 1922 \Reason{Fails for non-existent principal.}
 1923 \Status{Implemented}
 1924 }
 1925 
 1926 \numtest{3}{
 1927 \Priority{High}
 1928 \Reason{Fails for user with no access bits, retrieving other principal.}
 1929 \Conditions{RPC}
 1930 \Status{Implemented}
 1931 }
 1932 
 1933 \numtest{4}{
 1934 \Priority{High}
 1935 \Reason{Fails for user with ``add'' but not ``get'', getting principal
 1936     other than his own, using ADMIN_SERVICE.}
 1937 \Conditions{RPC}
 1938 \Status{Implemented}
 1939 }
 1940 
 1941 \numtest{5}{
 1942 \Reason{Fails for user with ``modify'' but not ``get'', getting
 1943     principal other than his own, using ADMIN_SERVICE.}
 1944 \Conditions{RPC}
 1945 \Status{Implemented}
 1946 }
 1947 
 1948 \numtest{6}{
 1949 \Reason{Fails for user with ``delete'' but not ``get'', getting
 1950     principal other than his own, using ADMIN_SERVICE.}
 1951 \Conditions{RPC}
 1952 \Status{Implemented}
 1953 }
 1954 
 1955 \numtest{7}{
 1956 \Reason{Fails for user with ``delete'' but not ``get'', getting
 1957     principal other than his own, using CHANGEPW_SERVICE.}
 1958 \Conditions{RPC}
 1959 \Status{Implemented}
 1960 }
 1961 
 1962 \numtest{8}{
 1963 \Priority{High}
 1964 \Reason{Fails for user with ``get'', getting principal other than his
 1965     own, using CHANGEPW_SERVICE.}
 1966 \Conditions{RPC}
 1967 \Status{Implemented}
 1968 }
 1969 
 1970 \numtest{9}{
 1971 \Priority{High}
 1972 \Reason{Succeeds for user without ``get'', retrieving self, using
 1973     ADMIN_SERVICE.}
 1974 \Conditions{RPC}
 1975 \Status{Implemented}
 1976 }
 1977 
 1978 \numtest{10}{
 1979 \Reason{Succeeds for user without ``get'', retrieving self, using
 1980     CHANGEPW_SERVICE.}
 1981 \Status{Implemented}    
 1982 }
 1983 
 1984 \numtest{11}{
 1985 \Reason{Succeeds for user with ``get'', retrieving self, using
 1986     ADMIN_SERVICE.}
 1987 \Status{Implemented}        
 1988 }
 1989 
 1990 \numtest{12}{
 1991 \Reason{Succeeds for user with ``get'', retrieving self, using
 1992     CHANGEPW_SERVICE.}
 1993 \Status{Implemented}        
 1994 }
 1995 
 1996 \numtest{13}{
 1997 \Priority{High}
 1998 \Reason{Succeeds for user with ``get'', retrieving other user, using
 1999     ADMIN_SERVICE.}
 2000 \Status{Implemented}        
 2001 }
 2002 
 2003 \numtest{14}{
 2004 \Reason{Succeeds for user with ``get'' and ``modify'', retrieving
 2005     other principal, using ADMIN_SERVICE.}
 2006 \Status{Implemented}        
 2007 }
 2008 
 2009 \numtest{15}{
 2010 \Priority{High}
 2011 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 2012 \Status{Implemented}
 2013 }
 2014 
 2015 \numtest{16}{
 2016 \Priority{Low}
 2017 \Reason{Connects to correct server when mutliple handles exist}
 2018 \Conditions{RPC}
 2019 }
 2020 
 2021 \numtest{100}{
 2022 \Version{KADM5_API_VERSION_2}
 2023 \Reason{If KADM5_PRINCIPAL_NORMAL_MASK is specified, the key_data and
 2024 tl_data fields are NULL/zero.}
 2025 \Status{Implemented}
 2026 }
 2027 
 2028 \numtest{101}{
 2029 \Version{KADM5_API_VERSION_2}
 2030 \Reason{If KADM5_KEY_DATA is specified, the key_data fields contain
 2031 data but the contents are all NULL.}
 2032 \Conditions{RPC}
 2033 \Status{Implemented}
 2034 }
 2035 
 2036 \numtest{102}{
 2037 \Version{KADM5_API_VERSION_2}
 2038 \Reason{If KADM5_KEY_DATA is specified, the key_data fields contain
 2039 data and the contents are all non-NULL.}
 2040 \Conditions{local}
 2041 \Status{Implemented}
 2042 }
 2043 
 2044 \numtest{103}{
 2045 \Version{KADM5_API_VERSION_2}
 2046 \Reason{If KADM5_TL_DATA is specified, the tl_data field contains the
 2047 correct tl_data and no entries whose type is less than 256.}
 2048 \Status{Implemented}
 2049 }
 2050 
 2051 
 2052 \section{ovsec_kadm_create_policy}
 2053 
 2054 \numtest{1}{
 2055 \Reason{Fails for mask with undefined bit set.}
 2056 \Status{Implemented - untested}
 2057 }
 2058 
 2059 \numtest{2}{
 2060 \Priority{High}
 2061 \Reason{Fails if caller connected with CHANGEPW_SERVICE.}
 2062 \Conditions{RPC}
 2063 \Status{Implemented}
 2064 }
 2065 
 2066 \numtest{3}{
 2067 \Reason{Fails for mask without POLICY bit set.}
 2068 \Status{Implemented - untested}
 2069 }
 2070 
 2071 \numtest{4}{
 2072 \Reason{Fails for mask with REF_COUNT bit set.}
 2073 \Status{Implemented}
 2074 }
 2075 
 2076 \numtest{5}{
 2077 \Reason{Fails for invalid policy name.}
 2078 \Status{Implemented - untested}
 2079 }
 2080 
 2081 \numtest{6}{
 2082 \Priority{High}
 2083 \Reason{Fails for existing policy name.}
 2084 \Status{Implemented}
 2085 }
 2086 
 2087 \numtest{7}{
 2088 \Reason{Fails for null policy name.}
 2089 \Status{Implemented - untested}
 2090 }
 2091 
 2092 \numtest{8}{
 2093 \Priority{High}
 2094 \Reason{Fails for empty-string policy name.}
 2095 \Status{Implemented}
 2096 }
 2097 
 2098 \numtest{9}{
 2099 \Priority{High}
 2100 \Reason{Accepts 0 for pw_min_life.}
 2101 \Status{Implemented}
 2102 }
 2103 
 2104 \numtest{10}{
 2105 \Priority{High}
 2106 \Reason{Accepts non-zero for pw_min_life.}
 2107 \Status{Implemented}
 2108 }
 2109 
 2110 \numtest{11}{
 2111 \Priority{High}
 2112 \Reason{Accepts 0 for pw_max_life.}
 2113 \Status{Implemented}
 2114 }
 2115 
 2116 \numtest{12}{
 2117 \Priority{High}
 2118 \Reason{Accepts non-zero for pw_max_life.}
 2119 \Status{Implemented}
 2120 }
 2121 
 2122 \numtest{13}{
 2123 \Priority{High}
 2124 \Reason{Rejects 0 for pw_min_length.}
 2125 \Status{Implemented}
 2126 }
 2127 
 2128 \numtest{14}{
 2129 \Priority{High}
 2130 \Reason{Accepts non-zero for pw_min_length.}
 2131 \Status{Implemented}
 2132 }
 2133 
 2134 \numtest{15}{
 2135 \Priority{High}
 2136 \Reason{Rejects 0 for pw_min_classes.}
 2137 \Status{Implemented}
 2138 }
 2139 
 2140 \numtest{16}{
 2141 \Priority{High}
 2142 \Reason{Accepts 1 for pw_min_classes.}
 2143 \Status{Implemented}
 2144 }
 2145 
 2146 \numtest{17}{
 2147 \Priority{High}
 2148 \Reason{Accepts 4 for pw_min_classes.}
 2149 \Status{Implemented}
 2150 }
 2151 
 2152 \numtest{18}{
 2153 \Priority{High}
 2154 \Reason{Rejects 5 for pw_min_classes.}
 2155 \Status{Implemented}
 2156 }
 2157 
 2158 \numtest{19}{
 2159 \Priority{High}
 2160 \Reason{Rejects 0 for pw_history_num.}
 2161 \Status{Implemented}
 2162 }
 2163 
 2164 \numtest{20}{
 2165 \Priority{High}
 2166 \Reason{Accepts 1 for pw_history_num.}
 2167 \Status{Implemented}
 2168 }
 2169 
 2170 \numtest{21}{
 2171 \Priority{High}
 2172 \Reason{Accepts 10 for pw_history_num.}
 2173 \Status{Implemented}
 2174 }
 2175 
 2176 \numtest{21.5}{
 2177 \Reason{Rejects 11 for pw_history_num.}
 2178 \Status{Implemented - untested}
 2179 }
 2180 
 2181 \numtest{22}{
 2182 \Priority{High}
 2183 \Reason{Fails for user with no access bits.}
 2184 \Conditions{RPC}
 2185 \Status{Implemented}
 2186 }
 2187 
 2188 \numtest{23}{
 2189 \Priority{High}
 2190 \Reason{Fails for user with ``get'' but not ``add''.}
 2191 \Conditions{RPC}
 2192 \Status{Implemented}
 2193 }
 2194 
 2195 \numtest{24}{
 2196 \Reason{Fails for user with ``modify'' but not ``add.''}
 2197 \Conditions{RPC}
 2198 \Status{Implemented - untested}
 2199 }
 2200 
 2201 \numtest{25}{
 2202 \Reason{Fails for user with ``delete'' but not ``add.''}
 2203 \Conditions{RPC}
 2204 \Status{Implemented - untested}
 2205 }
 2206 
 2207 \numtest{26}{
 2208 \Priority{High}
 2209 \Reason{Succeeds for user with ``add.''}
 2210 \Status{Implemented}
 2211 }
 2212 
 2213 \numtest{27}{
 2214 \Reason{Succeeds for user with ``get'' and ``add.''}
 2215 \Status{Implemented - untested}
 2216 }
 2217 
 2218 \numtest{28}{
 2219 \Reason{Rejects null policy argument.}
 2220 \Status{Implemented - untested}
 2221 }
 2222 
 2223 \numtest{29}{
 2224 \Reason{Rejects pw_min_life greater than pw_max_life.}
 2225 }
 2226 
 2227 \numtest{30}{
 2228 \Priority{High}
 2229 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 2230 \Status{Implemented}
 2231 }
 2232 
 2233 \numtest{31}{
 2234 \Priority{Low}
 2235 \Reason{Connects to correct server when mutliple handles exist}
 2236 \Conditions{RPC}
 2237 }
 2238 
 2239 
 2240 \section{ovsec_kadm_delete_policy}
 2241 
 2242 \numtest{1}{
 2243 \Reason{Fails for null policy name.}
 2244 }
 2245 
 2246 \numtest{2}{
 2247 \Priority{High}
 2248 \Reason{Fails for empty-string policy name.}
 2249 \Status{Implemented}
 2250 }
 2251 
 2252 \numtest{3}{
 2253 \Reason{Fails for non-existent policy name.}
 2254 }
 2255 
 2256 \numtest{4}{
 2257 \Reason{Fails for bad policy name.}
 2258 }
 2259 
 2260 \numtest{5}{
 2261 \Priority{High}
 2262 \Reason{Fails if caller connected with CHANGEPW_SERVICE.}
 2263 \Conditions{RPC}
 2264 \Status{Implemented}
 2265 }
 2266 
 2267 \numtest{6}{
 2268 \Priority{High}
 2269 \Reason{Fails for user with no access bits.}
 2270 \Conditions{RPC}
 2271 \Status{Implemented}
 2272 }
 2273 
 2274 \numtest{7}{
 2275 \Priority{High}
 2276 \Reason{Fails for user with ``add'' but not ``delete''.}
 2277 \Conditions{RPC}
 2278 \Status{Implemented}
 2279 }
 2280 
 2281 \numtest{8}{
 2282 \Reason{Fails for user with ``modify'' but not ``delete''.}
 2283 \Conditions{RPC}
 2284 }
 2285 
 2286 \numtest{9}{
 2287 \Reason{Fails for user with ``get'' but not ``delete.''}
 2288 \Conditions{RPC}
 2289 }
 2290 
 2291 \numtest{10}{
 2292 \Priority{High}
 2293 \Reason{Succeeds for user with only ``delete''.}
 2294 \Status{Implemented}
 2295 }
 2296 
 2297 \numtest{11}{
 2298 \Reason{Succeeds for user with ``delete'' and ``add''.}
 2299 }
 2300 
 2301 \numtest{12}{
 2302 \Priority{High}
 2303 \Reason{Fails for policy with non-zero reference count.}
 2304 \Status{Implemented}
 2305 }
 2306 
 2307 \numtest{13}{
 2308 \Priority{High}
 2309 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 2310 \Status{Implemented}
 2311 }
 2312 
 2313 \numtest{14}{
 2314 \Priority{Low}
 2315 \Reason{Connects to correct server when mutliple handles exist}
 2316 \Conditions{RPC}
 2317 }
 2318 
 2319 
 2320 \section{ovsec_kadm_modify_policy}
 2321 
 2322 \numtest{1}{
 2323 \Reason{Fails for mask with undefined bit set.}
 2324 \Conditions{RPC}
 2325 }
 2326 
 2327 \numtest{2}{
 2328 \Priority{High}
 2329 \Reason{Fails if caller connected with CHANGEPW_SERVICE.}
 2330 \Status{Implemented}
 2331 }
 2332 
 2333 \numtest{3}{
 2334 \Reason{Fails for mask with POLICY bit set.}
 2335 }
 2336 
 2337 \numtest{4}{
 2338 \Reason{Fails for mask with REF_COUNT bit set.}
 2339 \Status{Implemented}
 2340 }
 2341 
 2342 \numtest{5}{
 2343 \Reason{Fails for invalid policy name.}
 2344 }
 2345 
 2346 \numtest{6}{
 2347 \Reason{Fails for non-existent policy name.}
 2348 }
 2349 
 2350 \numtest{7}{
 2351 \Reason{Fails for null policy name.}
 2352 }
 2353 
 2354 \numtest{8}{
 2355 \Priority{High}
 2356 \Reason{Fails for empty-string policy name.}
 2357 \Status{Implemented}
 2358 }
 2359 
 2360 \numtest{9}{
 2361 \Priority{High}
 2362 \Reason{Accepts 0 for pw_min_life.}
 2363 \Status{Implemented}
 2364 }
 2365 
 2366 \numtest{10}{
 2367 \Priority{High}
 2368 \Reason{Accepts non-zero for pw_min_life.}
 2369 \Status{Implemented}
 2370 }
 2371 
 2372 \numtest{11}{
 2373 \Priority{High}
 2374 \Reason{Accepts 0 for pw_max_life.}
 2375 \Status{Implemented}
 2376 }
 2377 
 2378 \numtest{12}{
 2379 \Priority{High}
 2380 \Reason{Accepts non-zero for pw_max_life.}
 2381 \Status{Implemented}
 2382 }
 2383 
 2384 \numtest{13}{
 2385 \Priority{High}
 2386 \Reason{Accepts 0 for pw_min_length.}
 2387 \Status{Implemented}
 2388 }
 2389 
 2390 \numtest{14}{
 2391 \Priority{High}
 2392 \Reason{Accepts non-zero for pw_min_length.}
 2393 \Status{Implemented}
 2394 }
 2395 
 2396 \numtest{15}{
 2397 \Priority{High}
 2398 \Reason{Rejects 0 for pw_min_classes.}
 2399 \Status{Implemented}
 2400 }
 2401 
 2402 \numtest{16}{
 2403 \Priority{High}
 2404 \Reason{Accepts 1 for pw_min_classes.}
 2405 \Status{Implemented}
 2406 }
 2407 
 2408 \numtest{17}{
 2409 \Priority{High}
 2410 \Reason{Accepts 4 for pw_min_classes.}
 2411 \Status{Implemented}
 2412 }
 2413 
 2414 \numtest{18}{
 2415 \Priority{High}
 2416 \Reason{Rejects 5 for pw_min_classes.}
 2417 \Status{Implemented}
 2418 }
 2419 
 2420 \numtest{19}{
 2421 \Priority{High}
 2422 \Reason{Rejects 0 for pw_history_num.}
 2423 \Status{Implemented}
 2424 }
 2425 
 2426 \numtest{20}{
 2427 \Priority{High}
 2428 \Reason{Accepts 1 for pw_history_num.}
 2429 \Status{Implemented}
 2430 }
 2431 
 2432 \numtest{21}{
 2433 \Priority{High}
 2434 \Reason{Accepts 10 for pw_history_num.}
 2435 \Status{Implemented}
 2436 }
 2437 
 2438 \numtest{22}{
 2439 \Priority{High}
 2440 \Reason{Fails for user with no access bits.}
 2441 \Conditions{RPC}
 2442 \Status{Implemented}
 2443 }
 2444 
 2445 \numtest{23}{
 2446 \Priority{High}
 2447 \Reason{Fails for user with ``get'' but not ``modify''.}
 2448 \Conditions{RPC}
 2449 \Status{Implemented}
 2450 }
 2451 
 2452 \numtest{24}{
 2453 \Reason{Fails for user with ``add'' but not ``modify.''}
 2454 \Conditions{RPC}
 2455 }
 2456 
 2457 \numtest{25}{
 2458 \Reason{Fails for user with ``delete'' but not ``modify.''}
 2459 \Conditions{RPC}
 2460 }
 2461 
 2462 \numtest{26}{
 2463 \Priority{High}
 2464 \Reason{Succeeds for user with ``modify.''}
 2465 \Status{Implemented}
 2466 }
 2467 
 2468 \numtest{27}{
 2469 \Reason{Succeeds for user with ``get'' and ``modify.''}
 2470 }
 2471 
 2472 \numtest{28}{
 2473 \Reason{Rejects null policy argument.}
 2474 }
 2475 
 2476 \numtest{29}{
 2477 \Reason{Rejects change which makes pw_min_life greater than
 2478     pw_max_life.}
 2479 }
 2480 
 2481 \numtest{30}{
 2482 \Priority{High}
 2483 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 2484 \Status{Implemented}
 2485 }
 2486 
 2487 \numtest{31}{
 2488 \Priority{Low}
 2489 \Reason{Connects to correct server when mutliple handles exist}
 2490 \Conditions{RPC}
 2491 }
 2492 
 2493 \section{ovsec_kadm_get_policy}
 2494 
 2495 \numtest{1}{
 2496 \Reason{Fails for null policy.}
 2497 }
 2498 
 2499 \numtest{2}{
 2500 \Reason{Fails for invalid policy name.}
 2501 }
 2502 
 2503 \numtest{3}{
 2504 \Priority{High}
 2505 \Reason{Fails for empty-string policy name.}
 2506 \Status{Implemented}
 2507 }
 2508 
 2509 \numtest{4}{
 2510 \Reason{Fails for non-existent policy name.}
 2511 }
 2512 
 2513 \numtest{5}{
 2514 \Reason{Fails for null ent.}
 2515 }
 2516 
 2517 \numtest{6}{
 2518 \Priority{High}
 2519 \Reason{Fails for user with no access bits trying to get other's
 2520     policy, using ADMIN_SERVICE.}
 2521 \Conditions{RPC}
 2522 \Status{Implemented}
 2523 }
 2524 
 2525 \numtest{7}{
 2526 \Priority{High}
 2527 \Reason{Fails for user with ``add'' but not ``get'' trying to get
 2528     other's policy, using ADMIN_SERVICE.}
 2529 \Conditions{RPC}
 2530 \Status{Implemented}
 2531 }
 2532 
 2533 \numtest{8}{
 2534 \Reason{Fails for user with ``modify'' but not ``get'' trying to get
 2535     other's policy, using ADMIN_SERVICE.}
 2536 \Conditions{RPC}    
 2537 }
 2538 
 2539 \numtest{9}{
 2540 \Reason{Fails for user with ``delete'' but not ``get'' trying to get
 2541     other's policy, using ADMIN_SERVICE.}
 2542 \Conditions{RPC}    
 2543 }
 2544 
 2545 \numtest{10}{
 2546 \Reason{Fails for user with ``delete'' but not ``get'' trying to get
 2547     other's policy, using CHANGEPW_SERVICE.}
 2548 \Conditions{RPC}    
 2549 }
 2550 
 2551 \numtest{11}{
 2552 \Priority{High}
 2553 \Reason{Succeeds for user with only ``get'', trying to get own policy,
 2554     using ADMIN_SERVICE.}
 2555 \Status{Implemented}
 2556 }
 2557 
 2558 \numtest{12}{
 2559 \Priority{High}
 2560 \Reason{Succeeds for user with only ``get'', trying to get own policy,
 2561     using CHANGEPW_SERVICE.}
 2562 \Status{Implemented}    
 2563 }
 2564 
 2565 \numtest{13}{
 2566 \Reason{Succeeds for user with ``add'' and ``get'', trying to get own
 2567     policy, using ADMIN_SERVICE.}
 2568 }
 2569 
 2570 \numtest{14}{
 2571 \Reason{Succeeds for user with ``add'' and ``get'', trying to get own
 2572     policy, using CHANGEPW_SERVICE.}
 2573 }
 2574 
 2575 \numtest{15}{
 2576 \Reason{Succeeds for user without ``get'', trying to get own policy,
 2577     using ADMIN_SERVICE.}
 2578 }
 2579 
 2580 \numtest{16}{
 2581 \Priority{High}
 2582 \Reason{Succeeds for user without ``get'', trying to get own policy,
 2583     using CHANGEPW_SERVICE.}
 2584 \Status{Implemented}    
 2585 }
 2586 
 2587 \numtest{17}{
 2588 \Priority{High}
 2589 \Reason{Succeeds for user with ``get'', trying to get other's policy,
 2590     using ADMIN_SERVICE.}
 2591 \Status{Implemented}    
 2592 }
 2593 
 2594 \numtest{18}{
 2595 \Priority{High}
 2596 \Reason{Fails for user with ``get'', trying to get other's policy,
 2597     using CHANGEPW_SERVICE.}
 2598 \Conditions{RPC}
 2599 \Status{Implemented}
 2600 }
 2601 
 2602 \numtest{19}{
 2603 \Reason{Succeeds for user with ``modify'' and ``get'', trying to get
 2604     other's policy, using ADMIN_SERVICE.}
 2605 }
 2606 
 2607 \numtest{20}{
 2608 \Reason{Fails for user with ``modify'' and ``get'', trying to get
 2609     other's policy, using CHANGEPW_SERVICE.}
 2610 }
 2611 
 2612 \numtest{21}{
 2613 \Priority{High}
 2614 \Reason{Returns BAD_SERVER_HANDLE when a null server handle is passed in}
 2615 \Status{Implemented}
 2616 }
 2617 
 2618 \numtest{22}{
 2619 \Priority{Low}
 2620 \Reason{Connects to correct server when mutliple handles exist}
 2621 \Conditions{RPC}
 2622 }
 2623 
 2624 
 2625 \section{ovsec_kadm_free_principal_ent}
 2626 
 2627 In addition to the tests listed here, a memory-leak detector such as
 2628 TestCenter, Purify or dbmalloc should be used to verify that the
 2629 memory freed by this function is really freed.
 2630 
 2631 \numtest{1}{
 2632 \Reason{Null princ succeeds.}
 2633 }
 2634 
 2635 \numtest{2}{
 2636 \Reason{Non-null princ succeeds.}
 2637 }
 2638 
 2639 
 2640 \section{ovsec_kadm_free_policy_ent}
 2641 
 2642 In addition to the tests listed here, a memory-leak detector such as
 2643 TestCenter, Purify or dbmalloc should be used to verify that the
 2644 memory freed by this function is really freed.
 2645 
 2646 \numtest{1}{
 2647 \Reason{Null policy succeeds.}
 2648 }
 2649 
 2650 \numtest{2}{
 2651 \Reason{Non-null policy succeeds.}
 2652 }
 2653 
 2654 
 2655 
 2656 \section{ovsec_kadm_get_privs}
 2657 
 2658 \numtest{1}{
 2659 \Reason{Fails for null pointer argument.}
 2660 }
 2661 
 2662 This test should be run with the 16 possible combinations of access
 2663 bits (since there are 4 access bits, there are $2^4 = 16$ possible
 2664 combinations of them):
 2665 
 2666 \numtest{2}{
 2667 \Priority{High}
 2668 \Reason{Returns correct bit mask for access bits of user.}
 2669 \Conditions{RPC}
 2670 }
 2671 
 2672 This test should be run locally:
 2673 
 2674 \numtest{3}{
 2675 \Priority{High}
 2676 \Reason{Returns 0x0f.}
 2677 \Conditions{local}
 2678 }
 2679 
 2680 \end{document}