#!/usr/share/ucs-test/runner python
## desc: check if a radius login via DOMAIN\USERNAME is working
## tags: [apptest, radius]
## packages:
##   - univention-radius
## join: true
## exposure: dangerous

import subprocess
import tempfile
import univention.testing.udm as udm_test
import univention.testing.ucr as ucr_test


def eapol_test(username):
	testdata = '''network={{
        key_mgmt=WPA-EAP
        eap=PEAP
        identity="{}"
        anonymous_identity="anonymous"
        password="univention"
        phase2="autheap=MSCHAPV2"
}}
'''.format(username)
	with tempfile.NamedTemporaryFile() as fd:
		fd.write(testdata)
		fd.flush()
		subprocess.check_call(['/usr/sbin/eapol_test', '-c', fd.name, '-s', 'testing123'])


def main():
	with ucr_test.UCSTestConfigRegistry() as ucr:
		with udm_test.UCSTestUDM() as udm:
			username_allowed = udm.create_user(networkAccess=1)[1]
			eapol_test(username_allowed)
			eapol_test('{}\\{}'.format(ucr.get('windows/domain'), username_allowed))


if __name__ == '__main__':
	main()
