#!/usr/share/ucs-test/runner python
## desc: check if a radius login via host/FQDN@REALM is working
## tags: [apptest, radius]
## packages:
##   - univention-radius
## join: true
## exposure: dangerous

from __future__ import print_function
import subprocess
import univention.testing.udm as udm_test
import univention.testing.ucr as ucr_test
import univention.uldap as uldap


def radtest(username, password):
	subprocess.check_call([
		'radtest',
		'-t',
		'mschap',
		username,
		password,
		'127.0.0.1:18120',
		'0',
		'testing123',
	])


def main():
	with ucr_test.UCSTestConfigRegistry() as ucr:
		with udm_test.UCSTestUDM() as udm:
			udm.create_group(
				networkAccess=1,
				hosts=[ucr.get('ldap/hostdn')]
			)
			lo = uldap.getMachineConnection()
			krb5PrincipalName = lo.search(filter='(&(objectClass=univentionHost)(cn={}))'.format(ucr.get('hostname')))[0][1]['krb5PrincipalName'][0]
			print('\n\nkrb5PrincipalName = {}\n\n'.format(krb5PrincipalName))
			radtest(krb5PrincipalName, open('/etc/machine.secret', 'r').read().strip())


if __name__ == '__main__':
	main()
