#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: Checking SSH message of the day for Debian remains
## bugs: [666]
## roles:
##  - domaincontroller_master
##  - domaincontroller_backup
## packages: [univention-directory-manager-tools]
## exposure: dangerous

# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137

username=$(user_randomname)
sshKnownHostsFile="$(mktemp)"
user_create "$username" \
	--set groups="$(get_domain_admins_dn)"

for((i=0;i<20;i++)); do
	if univention-ldapsearch uid="$username" dn | grep ^dn:; then
		break
	fi
	sleep 1
done
/usr/lib/univention-pam/ldap-group-to-file.py

python3 -c "#BEGIN PYTHON SCRIPT
import sys
import getpass

import pexpect

host = 'localhost'
user = '$username'
password = b'univention'

ex_newkey = b'Are you sure you want to continue connecting'
ex_password = b'assword: '

child = pexpect.spawn('ssh -o UserKnownHostsFile=\"${sshKnownHostsFile}\" %s@%s' % (user, host), timeout=10)
child.logfile = sys.stderr.buffer
i = child.expect([pexpect.TIMEOUT, ex_newkey, ex_password])
if i == 0:  # Timeout
	print('ERROR!')
	print('SSH could not login. Here is what SSH said:')
	print(child.before, child.after)
	sys.exit(1)

if i == 1:  # SSH does not have the public key. Just accept it.
	child.sendline(b'yes')
	i = child.expect([pexpect.TIMEOUT, ex_password])
	if i == 0: # Timeout
		print('ERROR!')
		print('SSH could not login. Here is what SSH said:')
		print(child.before, child.after)
		sys.exit(1)
child.sendline(password)
child.sendline(b'exit')
i = child.expect([pexpect.TIMEOUT, pexpect.EOF])
if i == 0:  # Timeout
	print('ERROR!')
	print('SSH could not login. Here is what SSH said:')
	print(child.before, child.after)
	sys.exit(1)
if b'Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY' not in child.before:
	print('MotD is clean')
	sys.exit(0)
else:
	print('Found Debian message! (This is bad)')
	sys.exit(1)
#END PYTHON SCRIPT"
ret=$?

user_remove "$username"

rm -f "$sshKnownHostsFile"
exit $ret

# vim:set filetype=sh ts=4:
