src/kauth/test/testlocking.boundaries.tcl

   1 # Copyright 2000, International Business Machines Corporation and others.
   2 # All Rights Reserved.
   3 #
   4 # This software has been released under the terms of the IBM Public
   5 # License.  For details, see the LICENSE file in the top-level source
   6 # directory or online at http://www.openafs.org/dl/license10.html
   7
   8 # boundary conditions:
   9 # verify locking occurs on n+1 failures, where n is the permitted number.
  10 # verify that n in {0,1,253,254} work
  11 # verify that n == 255 or greater fails
  12 # verify that n < 0 fails
  13 # locktime < 0 should fail
  14 # locktime == 0 should succeed (infinite)
  15 # verify locktime of 0 (infinite) produces correct output from kas exam
  16 # locktime <= 36*60 should work quietly
  17 # locktime > 2160 should give error message
  18 # test locktimes in hh:mm also, 00:00 00:01 01:00 01:01 35:59 36:00 36:01
  19
  20 # fail to authenticate once
  21 # verify that klog does not report locked
  22 # verify that exam reports not locked
  23 # fail to authenticate many times - 1.
  24 # verify that klog does not report locked
  25 # verify that exam reports locked (unless -attempts is 0)
  26 # fail to authenticate once more.
  27 # verify that klog does report locked  (unless -attempts is 0)
  28 # verify that exam reports locked  (unless -attempts is 0)
  29
  30 # note: attempts don't reset totally, only one server's attempts counter
  31 # gets reset.
  32 # set attempts to 200                    (check that the attempts reset)
  33 # fail several times, then succeed
  34 # check that you can retry 200 times before id gets locked
  35
  36 # check that kas unlock works (implicit)
  37 # check that the correct # of attempts remain after some # of failures? (implicit)
  38
  39 # the following things are not yet tested.  That is, this test procedure
  40 # does not sleep for 36 hours to see if the id will automatically unlock
  41 # or not.
  42 #
  43 # verify locktimes of 1 min to 36*60-1 work
  44 # test locktimes of 36*60, 36*60+1, 36*60+14, 36*60+15
  45 # verify locktime of 0 (infinite) remains locked for longer than 36*60+30
  46 source testlocking.utils.tcl
  47
  48 set usr lyletest0
  49 create_user $usr
  50
  51 # test the error cases
  52 foreach i { -1 255 256 } {
  53    spawn $kas setfields $usr -attempts $i -admin_us $admin \
  54          -password_for $adminpass -cell $cell
  55    expect_limits_msg $i
  56    wait_for $spawn_id
  57 }
  58
  59 # I expect these cases to succeed
  60 foreach i { 0 1 253 254 } {
  61    spawn $kas setfields $usr -attempts $i  -admin_us $admin \
  62           -password_for $adminpass -cell $cell
  63    expect_nothing $i
  64    wait_for $spawn_id
  65    verify_attempts $usr $i
  66    verify_lock $usr $i
  67 }
  68
  69 verify_lock_time $usr 0
  70
  71 # test the lock time error cases
  72 set i -1
  73 spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
  74          -password_for $adminpass -cell $cell
  75 expect_timelimits_msg $i
  76 wait_for $spawn_id
  77
  78 foreach i { 2161 2162 2175 36:01 36:02 36:14 36:15  } {
  79    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
  80          -password_for $adminpass -cell $cell
  81    expect_timelimits_msg $i
  82    expect timeout {print "\nFAILED: timeout\n"} \
  83           eof {print "\nFAILED: eof\n"} \
  84           "{*Continuing with lock time of exactly 36 hours.*}" {print "\nSUCCESS\n" }
  85    wait_for $spawn_id
  86 }
  87
  88 foreach i { 0 1 2 3 4 5 6 7 8 9 10 55 60 61 2159 2160 00:00 } {
  89    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
  90          -password_for $adminpass -cell $cell
  91    expect_nothing $i
  92    wait_for $spawn_id
  93    verify_lock_time $usr $i
  94 }
  95
  96 # having a hard time with these guys, so I do them individually....
  97    set i 00:01
  98    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
  99          -password_for $adminpass -cell $cell
 100    expect_nothing $i
 101    wait_for $spawn_id
 102    verify_lock_time $usr 1
 103
 104    set i 01:00
 105    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
 106          -password_for $adminpass -cell $cell
 107    expect_nothing $i
 108    wait_for $spawn_id
 109    verify_lock_time $usr 60
 110
 111    set i 01:01
 112    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
 113          -password_for $adminpass -cell $cell
 114    expect_nothing $i
 115    wait_for $spawn_id
 116    verify_lock_time $usr 61
 117
 118    set i 35:59
 119    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
 120          -password_for $adminpass -cell $cell
 121    expect_nothing $i
 122    wait_for $spawn_id
 123    verify_lock_time $usr 2159
 124
 125    set i 36:00
 126    spawn $kas setfields $usr -attempts 1 -locktime $i -admin_us $admin \
 127          -password_for $adminpass -cell $cell
 128    expect_nothing $i
 129    wait_for $spawn_id
 130    verify_lock_time $usr 2160