#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "Winbind Test"
## exposure: safe
## packages:
##  - winbind
##  - samba
## roles-not:
## - basesystem
## tags:
##  - basic
##  - skip_admember

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/samba.sh
. "$TESTLIBPATH/samba.sh" || exit 137

SAMBA="true"
MAIL="false"
KERBEROS="true"
PERSON="false"
POSIX="true"

password="univention"
username="$(user_randomname)"
trap 'user_remove "$username"' INT TERM EXIT

##create User
echo "##  create User"
if ! user_create "$username"; then
	fail_fast 1 "Failed to create user";
fi

winbind_separator=$(wbinfo --separator)
FQUSERNAME="$(/usr/sbin/univention-config-registry get windows/domain)$winbind_separator$username"

wait_for_replication

##wbinfo tests
echo "##  wbinfo -t"
if ! wbinfo -t; then
	fail_fast 1 "Checking shared secret failed"
fi

echo "##  wbinfo --ping"
if ! wbinfo --ping; then
	fail_fast 1 "failed to ping the winbind-daemon";
fi

echo "##  wbinfo --ping-dc"
if ! wbinfo --ping-dc; then
	echo "No connection to NETLOGON, continuing anyway, see Bug #31772"
fi

echo "##  wbinfo -D"
for i in $(wbinfo --trusted-domains);
do
	if ! output="$(wbinfo -D "$i")"; then
		print "$output"
		fail_fast 1 "Failed to look up domaininfo"
	fi
done

if [ "$(/usr/sbin/univention-config-registry get server/role)" = "memberserver" ]; then
	NAME="$FQUSERNAME"
else
	NAME="$username"
fi

wait_for_LDAP_replication_of_domain_sambaSid "$username"
# give some some more seconds
sleep 15

printf "##  wbinfo --name-to-sid:\t"
output=$(wbinfo -n "$username")
if [ $? != 0 ]; then
	fail_fast 1 "wbinfo --name-to-sid '$username' failed"
else
	user_sid=$(echo "$output" | cut -d' '  -f1)
fi
echo "$user_sid"

printf "##  wbinfo --sid-to-uid:\t"
user_uid=$(wbinfo -S "$user_sid")
if [ $? != 0 ]; then
	fail_fast 1 "wbinfo --sid-to-uid '$user_sid' failed"
fi
echo "$user_uid"

printf "##  wbinfo --uid-to-sid:\t"
user_sid2=$(wbinfo -U "$user_uid")
if [ $? != 0 ]; then
	fail_fast 1 "wbinfo --uid-to-sid '$user_uid' failed"
fi
echo "$user_sid2"

printf "##  wbinfo --sid-to-name:\t"
output=$(wbinfo -s "$user_sid2")
if [ $? != 0 ]; then
	fail_fast 1 "wbinfo --sid-to-name '$user_sid2' failed"
else
	user_name2=$(echo "$output" | cut -d' '  -f1)
fi
echo "$user_name2"

if [ "$user_name2" != "$FQUSERNAME" ]; then
	fail_fast 1 "Unexpected user name obtained from SID lookup: $user_name2, expected: $NAME"
fi

echo "##  checking user groups"
for group_sid in $(wbinfo --user-domgroups="$user_sid");
do
	test "$group_sid" = "$user_sid" && continue
	printf "##  wbinfo --user-domgroups:\t$group_sid\n"
	printf "##  wbinfo --sid-to-gid:\t"
	group_gid=$(wbinfo -Y "$group_sid")
	if [ "$?" != 0 ]; then
		fail_fast 1 "wbinfo --sid-to-gid '$group_sid' failed"
	fi
	echo "$group_gid"
	printf "##  wbinfo --gid-to-sid:\t"
	output=$(wbinfo -G "$group_gid")
	if [ "$?" != 0 ]; then
		fail_fast 1 "wbinfo --gid-to-sid '$group_gid' failed"
	else
		group_sid2=$(echo "$output")
	fi
	echo "$group_sid2"
	printf "##  wbinfo --sid-to-name:\t"
	output=$(wbinfo -s "$group_sid2")
	if [ "$?" != 0 ]; then
		fail_fast 1 "wbinfo --sid-to-name '$group_sid2' failed"
	else
		group_name2=$(echo "$output" | sed 's/ [0-9]*$//')
	fi
	echo "$group_name2"
	printf "##  wbinfo --name-to-sid:\t"
	output=$(wbinfo -n "$group_name2")
	if [ "$?" != 0 ]; then
		fail_fast 1 "wbinfo --name-to-sid '$group_name2' failed"
	else
		group_sid3=$(echo "$output" | cut -d' '  -f1)
	fi
	echo "$group_sid3"
done

echo "##  wbinfo --authenticate"
wbinfo -a "$NAME%$password"
if [ "$?" != 0 ]; then
	fail_fast 1 "wbinfo --authenticate '$NAME%$password' failed"
fi

echo "##  wbinfo --krb5auth"
if ! wbinfo --krb5auth "$NAME"%"$password"; then
	fail_fast 1 "wbinfo --krb5auth '$NAME%$password' failed"
fi

exit 0
