#!/usr/share/ucs-test/runner python
## desc: http-proxy-basic-ntlm-auth-check
## roles: [domaincontroller_master, domaincontroller_backup, domaincontroller_slave, memberserver]
## tags: [apptest]
## exposure: dangerous
## packages: [univention-squid]

from essential.simplecurl import SimpleCurl
from univention.config_registry import handler_set, handler_unset
import itertools
import pycurl
import subprocess
import univention.testing.ucr as ucr_test
import univention.testing.utils as utils

def checkAuths(host, passwd,  url, (basic, ntlm), expect_wrong_password):
	# in case all auth are disabled, all return 200
	http_basic, http_ntlm, http_gneg = (200, 200, 200)
	if basic or ntlm:
		http_basic = 200 if (basic and not expect_wrong_password) else 407
		http_ntlm = 200 if (ntlm and not expect_wrong_password) else 407
	checkBasic(host, passwd, url, http_basic)
	checkNTLM(host, passwd, url, http_ntlm)

def checkBasic(host, passwd, url, http_code):
	print 'Performing Basic proxy auth check'
	curl = SimpleCurl(proxy=host, password=passwd, auth=pycurl.HTTPAUTH_BASIC)
	result = curl.response(url)
	if http_code != result:
		utils.fail('Basic proxy auth check failed, http_code = %r, expected = %r' % (result, http_code))

def checkNTLM(host, passwd, url, http_code):
	print 'Performing NTLM proxy auth check'
	curl = SimpleCurl(proxy=host, password=passwd, auth=pycurl.HTTPAUTH_NTLM)
	result = curl.response(url)
	if http_code != result:
		utils.fail('NTLM proxy auth check failed, http_code = %r, expected = %r' % (result, http_code))


def setAuthVariables((basic, ntlm)):
	"""set ucr variables according to the auth states, and restart Squid"""
	if basic:
		handler_set(['squid/basicauth=yes'])
	else:
		handler_unset(['squid/basicauth'])
	if ntlm:
		handler_set(['squid/ntlmauth=yes'])
	else:
		handler_unset(['squid/ntlmauth'])
	subprocess.call(["/etc/init.d/squid3", "restart"])

def printHeader(state, passwd, expect_wrong_password):
	print '-' * 40
	print '(Basic, NTLM) = %s' % (state,)
	print 'Password used: %s, expect_wrong_password: %s' % (
			passwd, expect_wrong_password)

def main():
	with ucr_test.UCSTestConfigRegistry() as ucr:
		# url = ucr.get('proxy/filter/redirecttarget')
		url = 'http://www.univention.de'
		host = '%s.%s' % (ucr.get('hostname'), ucr.get('domainname'))

		# list of tuples (passwd, expect_wrong_password) used in the test
		passwords = [('univention', False),('wrong_passwd',True)]

		# Generate all the possibilities for the auth states
		# [(0, 0), (0, 1), (1, 0), (1, 1)]
		authStates = list(itertools.product([0,1], repeat=2))

		for passwd, expect_wrong_password in passwords:
			for state in authStates:
				printHeader(state, passwd, expect_wrong_password)

				# set ucr variables according to the auth states
				setAuthVariables(state)

				# Perform the checks
				checkAuths(host, passwd, url, state, expect_wrong_password)

if __name__ == '__main__':
	main()
