#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: "As a final test check for Samba4 objects without objectclass"
## exposure: dangerous
## packages:
##  - univention-samba4
## roles:
## - domaincontroller_master
## - domaincontroller_backup
## - domaincontroller_slave
## tags: [basic]
# shellcheck source=../../lib/user.sh
. "$TESTLIBPATH/user.sh" || exit 137
# shellcheck source=../../lib/shares.sh
. "$TESTLIBPATH/shares.sh" || exit 137
# shellcheck source=../../lib/random.sh
. "$TESTLIBPATH/random.sh" || exit 137
# shellcheck source=../../lib/samba.sh
. "$TESTLIBPATH/samba.sh" || exit 137

ldif=$(univention-s4search --cross-ncs '(!(objectclass=*))')
dnlist=$(echo "$ldif" | sed -n 's/^dn: //p')
server="$hostname"

if [ -z "$dnlist" ]; then
	if [ "$server_role" != "domaincontroller_master" ]; then
		server="$ldap_master"

		filename=$(mktemp)
		echo -n "$tests_domainadmin_pwd" > "$filename"
		ADMINISTRATOR_NAME=$(univention-ldapsearch -b "$tests_domainadmin_account" uid | sed -ne 's/^uid: //p')
		ldif=$(univention-ssh "$filename" "$ADMINISTRATOR_NAME@$ldap_master" 'univention-s4search --cross-ncs \"(!(objectclass=*))\"')
		rm "$filename"

		dnlist=$(echo "$ldif" | sed -n 's/^dn: //p')
	fi
fi

if [ -n "$dnlist" ]; then
	fail_test 1 "Samba4 objects without objectclass found on $server! Objects:"
	echo "$ldif"

	mv /sbin/halt /sbin/halt.DISABLED

	if [ "$server_role" = "domaincontroller_master" ]; then
		exit $RETVAL
	fi

	filename=$(mktemp)
	echo -n "$tests_domainadmin_pwd" > "$filename"

	## Close your eyes
	ldapmodify -x -h "$ldap_master" -p "$ldap_master_port" -D "$tests_domainadmin_account" -y "$filename" <<-%EOF
	dn: $tests_domainadmin_account
	changetype: modify
	replace: uidNumber
	uidNumber: 0
	%EOF

	ADMINISTRATOR_NAME=$(univention-ldapsearch -b "$tests_domainadmin_account" uid | sed -ne 's/^uid: //p')
	i=0
	max_i=650
	delta_t=1
	echo "Waiting for ncsd passwd ttl end ($max_i seconds max)"
	while [ "$(univention-ssh "$filename" "$ADMINISTRATOR_NAME@$ldap_master" "getent passwd $ADMINISTRATOR_NAME" | cut -d: -f 3)" != 0 ]; do
		if [ "$i" -gt "$max_i" ]; then
			echo -e "\nDEBUG: nscd doesn't seem to timeout."
			break
		fi
		sleep "$delta_t"
		i=$(($i + 1))
		echo -n .
	done
	if [ "$i" -le "$max_i" ]; then
		echo -e "\nOk, trying to disable /sbin/halt on $ldap_master"
	fi

	univention-ssh "$filename" "$ADMINISTRATOR_NAME@$ldap_master" "mv /sbin/halt /sbin/halt.DISABLED"
	rm "$filename"
fi

exit $RETVAL
