1 # Copyright 2000, International Business Machines Corporation and others.
4 # This software has been released under the terms of the IBM Public
5 # License. For details, see the LICENSE file in the top-level source
6 # directory or online at http://www.openafs.org/dl/license10.html
9 # verify locking occurs on n+1 failures, where n is the permitted number.
10 # verify that n in {0,1,253,254} work
11 # verify that n == 255 or greater fails
12 # verify that n < 0 fails
13 # locktime < 0 should fail
14 # locktime == 0 should succeed (infinite)
15 # verify locktime of 0 (infinite) produces correct output from kas exam
16 # locktime <= 36*60 should work quietly
17 # locktime > 2160 should give error message
18 # test locktimes in hh:mm also, 00:00 00:01 01:00 01:01 35:59 36:00 36:01
20 # fail to authenticate once
21 # verify that klog does not report locked
22 # verify that exam reports not locked
23 # fail to authenticate many times - 1.
24 # verify that klog does not report locked
25 # verify that exam reports locked (unless -attempts is 0)
26 # fail to authenticate once more.
27 # verify that klog does report locked (unless -attempts is 0)
28 # verify that exam reports locked (unless -attempts is 0)
30 # note: attempts don't reset totally, only one server's attempts counter
32 # set attempts to 200 (check that the attempts reset)
33 # fail several times, then succeed
34 # check that you can retry 200 times before id gets locked
36 # check that kas unlock works (implicit)
37 # check that the correct # of attempts remain after some # of failures? (implicit)
39 # the following things are not yet tested. That is, this test procedure
40 # does not sleep for 36 hours to see if the id will automatically unlock
43 # verify locktimes of 1 min to 36*60-1 work
44 # test locktimes of 36*60, 36*60+1, 36*60+14, 36*60+15
45 # verify locktime of 0 (infinite) remains locked for longer than 36*60+30
46 source testlocking.utils.tcl
51 # test the error cases
52 foreach i
{ -1 255 256 } {
53 spawn
$kas setfields
$usr -attempts $i -admin_us $admin \
54 -password_for $adminpass -cell $cell
59 # I expect these cases to succeed
60 foreach i
{ 0 1 253 254 } {
61 spawn
$kas setfields
$usr -attempts $i -admin_us $admin \
62 -password_for $adminpass -cell $cell
65 verify_attempts
$usr $i
69 verify_lock_time
$usr 0
71 # test the lock time error cases
73 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
74 -password_for $adminpass -cell $cell
75 expect_timelimits_msg
$i
78 foreach i
{ 2161 2162 2175 36:01 36:02 36:14 36:15 } {
79 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
80 -password_for $adminpass -cell $cell
81 expect_timelimits_msg
$i
82 expect timeout
{print
"\nFAILED: timeout\n"} \
83 eof {print
"\nFAILED: eof\n"} \
84 "{*Continuing with lock time of exactly 36 hours.*}" {print
"\nSUCCESS\n" }
88 foreach i
{ 0 1 2 3 4 5 6 7 8 9 10 55 60 61 2159 2160 00:00 } {
89 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
90 -password_for $adminpass -cell $cell
93 verify_lock_time
$usr $i
96 # having a hard time with these guys, so I do them individually....
98 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
99 -password_for $adminpass -cell $cell
102 verify_lock_time
$usr 1
105 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
106 -password_for $adminpass -cell $cell
109 verify_lock_time
$usr 60
112 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
113 -password_for $adminpass -cell $cell
116 verify_lock_time
$usr 61
119 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
120 -password_for $adminpass -cell $cell
123 verify_lock_time
$usr 2159
126 spawn
$kas setfields
$usr -attempts 1 -locktime $i -admin_us $admin \
127 -password_for $adminpass -cell $cell
130 verify_lock_time
$usr 2160