#!/usr/share/ucs-test/runner bash
## desc: "Test accessing sysvol with smbclient using kerberos authentification"
## exposure: safe
## packages:
##  - univention-samba4
## roles:
## - domaincontroller_master
## - domaincontroller_backup
## - domaincontroller_slave

. "$TESTLIBPATH/user.sh" || exit 137
. "$TESTLIBPATH/shares.sh" || exit 137
. "$TESTLIBPATH/random.sh" || exit 137
. "$TESTLIBPATH/samba.sh" || exit 137

#----create User
echo "----create User"
SAMBA="true"
MAIL="false"
KERBEROS="true"
PERSON="false"
POSIX="true"

username="$(user_randomname)"
password=univention
trap 'user_remove "$username"' INT TERM EXIT
if ! user_create "$username"; then
	fail_fast 1 "User could not be created"
fi


wait_for_replication
# force_drs_replication
wait_for_drs_replication "(sAMAccountName=$username)"

## Authentification with kinit
echo "----Authentification with kinit"
i=0
while ! output="$(echo "$password" | kinit --password-file=STDIN "$username" 2>&1)"
do
	let i=$i+1
	if [ "$i" = 10 ]; then
		fail_test 1 "kinit $username failed"
		break
	fi
	sleep 3
done

## Access sysvol using smbclient
echo "----Access sysvol using smbclient"
i=0
while ! output="$(smbclient "//$(hostname -f)/sysvol" -k -c "ls $domainname/Policies" 2>&1)"
do
	let i=$i+1
	if [ "$i" = 10 ]; then
		echo "$output"
		fail_test 1 "Could not access Policies on sysvol with Kerberos authentication"
		break
	fi
	sleep 3
done

exit $RETVAL
