#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "Testing password change with udm and samba"
## exposure: safe
## packages:
##  - univention-samba
## roles:
## - domaincontroller_master
## - domaincontroller_backup
## - domaincontroller_slave 
## - memberserver 
## tags:
##  - basic
##  - skip_admember
## versions:
##  3.1-1: skip
##  3.2-0: fixed


# shellcheck source=../../lib/base.sh
. "$TESTLIBPATH/base.sh" || exit 137
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137
. /usr/share/univention-lib/ldap.sh || exit 137

echo "----create user"
##create user
SAMBA="true"
MAIL="false"
KERBEROS="true"
PERSON="false"
POSIX="true"

username="$(user_randomname)"
first_password="univention"
second_password="$(random_chars 8 ${_upperletters}${_lowerletters}${_ciphers}äöü)1AÄÜÖ"
third_password="$(random_chars 8 ${_upperletters}${_lowerletters}${_ciphers}äöü)1AÄÜÖ"

if [ -n "$tests_domainadmin_account" ]; then
	admin_account=$(ucs_convertDN2UID "$tests_domainadmin_account")
else
	admin_account=Administrator
fi

trap 'user_remove "$username"' INT TERM EXIT

if ! user_create "$username"; then
	fail_fast 1 "User could not be created"
fi

winbind_separator=$(wbinfo --separator)
FQUSERNAME="$windows_domain$winbind_separator$username"
if [ "$samba_domain_security" = "ads" ]; then
	net_mode="ads"
else
	net_mode="rpc user"
fi

sleep 10 ## wait for S4-Connector and maybe DC backups to replicate
wait_for_replication

USER_DN="$(udm-test users/user list --filter uid="$username" | sed -ne 's/^DN: //p')"

##test normal connection with smbclient
echo "----test normal connection with smbclient"
i=0
while ! output="$(smbclient -U "$username%$first_password" -L "$hostname.$domainname")"
do
	let i="$i"+1
	if [ "$i" = 30 ]; then
		echo "$output"
		fail_test 1 "Could not authenticate with smbclient."
		break
	fi
	sleep 1
done

##changing the password with net rpc / samba
echo "----changing the password with net $net_mode"
echo "net $net_mode password \"$username\" \"$second_password\" -U\"$admin_account%$tests_domainadmin_pwd\""
net $net_mode password "$username" "$second_password" -U"$admin_account%$tests_domainadmin_pwd"
if [ "$?" != 0 ];then
	error "net $net_mode password change returned a non-zero exit code: $?. Continuing anyway, see Bug #31794"
fi

sleep 3
wait_for_replication

##test login with udm with new password
echo "----test login with udm with new password"
i=0
while ! output="$(univention-directory-manager users/user list --filter uid="$username" --binddn "$USER_DN" --bindpwd "$second_password")"
do
	let i="$i"+1
	if [ "$i" = 30 ]; then
		echo "$output"
		fail_test 1 "Could not authenticate with UDM after password change with smbpasswd."
		break
	fi
	sleep 1
done

##change the password with udm
echo "----change the password with udm"
output="$(udm-test users/user modify --dn "$USER_DN" --set "password=$third_password")"
if [ "$?" != 0 ];then
	echo "$output"
	fail_test 1 "Could not change password with UDM"
fi

sleep 10 ## wait for S4-Connector and maybe DC backups to replicate
wait_for_replication

##test login with smbclient with new password
echo "----test login with smbclient with new password"
i=0
while ! output="$(smbclient -U "$username%$third_password" -L "$hostname.$domainname")"
do
	let i="$i"+1
	if [ "$i" = 30 ]; then
		echo "$output"
		fail_test 1 "Could not authenticate with smbclient after password change with UDM."
		break
	fi
	sleep 1
done

exit $RETVAL
