#!/usr/share/ucs-test/runner bash
## desc: Checking SSH message of the day for Debian remains
## bugs: [666]
## roles:
##  - domaincontroller_master
##  - domaincontroller_backup
## packages: [univention-directory-manager-tools]
## exposure: dangerous

. "$TESTLIBPATH/base.sh" || exit 137
. "$TESTLIBPATH/user.sh" || exit 137

username=$(user_randomname)
sshKnownHostsFile="$(mktemp)"
user_create "$username" \
	--set groups="$(get_domain_admins_dn)"

for((i=0;i<20;i++)); do
	if univention-ldapsearch uid="$username" dn | grep ^dn:; then
		break
	fi
	sleep 1
done
/usr/lib/univention-pam/ldap-group-to-file.py

python -c "#BEGIN PYTHON SCRIPT
import pexpect
import sys
import getpass

host = 'localhost'
user = '$username'
password = 'univention'

ex_newkey = 'Are you sure you want to continue connecting'
ex_password = 'assword: '

child = pexpect.spawn('ssh -o UserKnownHostsFile=\"${sshKnownHostsFile}\" %s@%s'%(user, host), timeout=10)
child.logfile = sys.stderr
i = child.expect([pexpect.TIMEOUT, ex_newkey, ex_password])
if i == 0: # Timeout
	print 'ERROR!'
	print 'SSH could not login. Here is what SSH said:'
	print child.before, child.after
	sys.exit(1)
if i == 1: # SSH does not have the public key. Just accept it.
	child.sendline ('yes')
	i = child.expect([pexpect.TIMEOUT, ex_password])
	if i == 0: # Timeout
		print 'ERROR!'
		print 'SSH could not login. Here is what SSH said:'
		print child.before, child.after
		sys.exit(1)
child.sendline(password)
child.sendline('exit')
i = child.expect([pexpect.TIMEOUT, pexpect.EOF])
if i == 0: # Timeout
	print 'ERROR!'
	print 'SSH could not login. Here is what SSH said:'
	print child.before, child.after
	sys.exit(1)
if child.before.find('Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY') == -1:
	print 'MotD is clean'
	sys.exit(0)
else:
	print 'Found Debian message! (This is bad)'
	sys.exit(1)
#END PYTHON SCRIPT"
ret=$?

user_remove "$username"

rm -f "$sshKnownHostsFile"
exit $ret

# vim:set filetype=sh ts=4:
