#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "Create a GPO with samba-tool "
## exposure: safe
## packages:
##  - univention-samba4
## roles:
## - domaincontroller_master
## - domaincontroller_backup
## - domaincontroller_slave
## tags: [basic]

# shellcheck source=../../lib/shares.sh
. "$TESTLIBPATH/shares.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137

gponame="$(random_chars 8 "${_upperletters}${_lowerletters}${_ciphers}")"	## samba RC6 seems to dislike UTF-8 in GPO names
echo gponame "$gponame"

check_domainadmin_credentials || fail_fast 77 "UCR variables for admin credentials are not set"
ADMINISTRATOR_NAME="$(univention-ldapsearch -b "$tests_domainadmin_account" uid | grep uid | sed -ne 's/^uid: //p')"

s4_domainname=$(samba-tool domain info 127.0.0.1 | sed -n 's/^Domain *: //p') ## Samba's idea of spelling

## general sanity check: wait for the samba-share.py Listener to synchronize /etc/samba/shares.conf and /etc/samba/shares.conf.d (Bug #29399)
i=0
while ! samba-tool domain info 127.0.0.1 > /dev/null 2>&1
do
	let i="$i"+1
	if [ "$i" = 15 ]; then
		echo "samba-tool Failure (Bug #29399)" >&2
		break
	fi
	sleep 2
done

## create the GPO
echo "----create the GPO in Samba/AD with samba-tool"
gpo_cn="$(samba-tool gpo create "$gponame" -H ldap://"$hostname.$domainname" -U"$ADMINISTRATOR_NAME%$tests_domainadmin_pwd" | sed -n "s/GPO '$gponame' created as //p")"
if [ -n "$gpo_cn" ]; then
	trap 'samba-tool gpo del "$gpo_cn" -H ldap://"$hostname.$domainname" -U"$ADMINISTRATOR_NAME%$tests_domainadmin_pwd"' INT TERM EXIT
else
	fail_fast 1 "WARNING: samba-tool gpo create did not return a GPO cn"
fi


## --local tests
echo "----search sam.ldb for GPO"
i=0

while true
do
	displayName="$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(objectClass=groupPolicyContainer)(cn=$gpo_cn))" displayName | sed -ne 's/^displayName: //p')"
	if [ -n "$displayName" ]; then
		break
	fi

	let i="$i"+1
	if [ "$i" = 20 ]; then
		fail_fast 1 "Could not find displayName of GPO in sam.ldb"
	fi
	sleep 1
done

##check whether the directory for the GPO has been created
echo "----check whether the directory for the GPO has been created"
i=0
while ! [ -d "/var/lib/samba/sysvol/$s4_domainname/Policies/$gpo_cn" ]
do
	let i="$i"+1
	if [ "$i" = 20 ]; then
		fail_fast 1 "Directory for GPO has not been created"
	fi
	sleep 1
done

##check whether the GPO is listed in samba-tool
echo "----check whether the GPO is listed in samba-tool"
i=0
while ! ( output=$(samba-tool gpo show "$gpo_cn" 2>&1) && grep -Eq "^GPO\s+:\s$gpo_cn" <<<"$output" > /dev/null )
do
	let i="$i"+1
	if [ "$i" = 10 ]; then
		if [ -n "$output" ]; then
			echo "$output"
		fi
		fail_fast 1 "GPO is not listed in samba-tool"
	fi
	sleep 1
done

exit $RETVAL
