#!/bin/sh
# PCP QA Test No. 1672
# Exercise different SASL auth methods using a custom sasldb.
#
# Copyright (c) 2020 Red Hat.
#
# NOTE
#	This test is likely to fail unless a domainname can be
#	found for the host.  For example, when hostname was vm23
#	it failed, but when hostname was set (via /etc/hostname in
#	this case) to vm23.localdomain the test passes.  The test
#	is also known to pass with a domainname(1) explicitly set.

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_get_libpcp_config
$authentication || _notrun "No authentication support available"

sasl_notrun_checks saslpasswd2 sasldblistusers2

$pluginviewer -a | grep 'Plugin "sasldb"' >/dev/null
test $? -eq 0 || _notrun "SASL sasldb auxprop plugin unavailable"

mechanisms="plain login scram-sha-256"
for mech in $mechanisms
do
    case $mech
    in
	scram-*)	# special, we need SCRAM-SHA-256 not SCRAM-SHA-1
		$pluginviewer -c | grep 'SCRAM-SHA-256' >/dev/null 2>&1
		test $? -eq 0 || _notrun "No client support for $mech authentication"
		$pluginviewer -s | grep 'SCRAM-SHA-256' >/dev/null 2>&1
		test $? -eq 0 || _notrun "No server support for $mech authentication"
		;;
	*)
		$pluginviewer -c | grep 'Plugin "'$mech'"' >/dev/null 2>&1
		test $? -eq 0 || _notrun "No client support for $mech authentication"
		$pluginviewer -s | grep 'Plugin "'$mech'"' >/dev/null 2>&1
		test $? -eq 0 || _notrun "No server support for $mech authentication"
		;;
    esac
done

_cleanup()
{
    # restore any modified pmcd configuration files
    _restore_config $PCP_SASLCONF_DIR/pmcd.conf

    _service pmcd restart 2>&1 | _filter_pcp_restart
    _wait_for_pmcd
    _service pmlogger restart 2>&1 | _filter_pcp_restart
    _wait_for_pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

hostname=`hostname`
echo "hostname -> $hostname" >>$seq_full
if which domainname >/dev/null 2>&1
then
    domainname=`domainname`
elif which dnsdomainname >/dev/null 2>&1
then
    domainname=`dnsdomainname`
else
    domainname=''
fi
echo "domainname -> $domainname" >>$seq_full

echo "hostname -f -> `hostname -f`" >>$seq_full
if [ -n "$domainname" ]
then
    :
elif echo "$hostname" | grep '\.' >/dev/null
then
    :
else
    _notrun "hostname -> $hostname, no domain name available"
fi

_filter_listusers2()
{
    sed \
        -e "s/^$username/USER/" \
        -e "s/@$hostname:/@HOST:/"
}

# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo "mech_list: $mechanisms" >$tmp.sasl
echo "sasldb_path: $tmp.passwd.db" >>$tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo chown $PCP_USER:$PCP_GROUP $PCP_SASLCONF_DIR/pmcd.conf
ls -l $PCP_SASLCONF_DIR/pmcd.conf >>$seq_full
$sudo -u $PCP_USER cat $PCP_SASLCONF_DIR/pmcd.conf >>$seq_full

echo "Creating temporary sasldb, add user running QA to it" | tee -a $seq_full
echo y | saslpasswd2 -p -a pmcd -f $tmp.passwd.db $username

echo "Verify saslpasswd2 has successfully added a new user" | tee -a $seq_full
sasldblistusers2 -f $tmp.passwd.db \
| tee -a $seq_full \
| _filter_listusers2

echo "Ensure pmcd can read the password file" | tee -a $seq_full
$sudo chown $PCP_USER:$PCP_GROUP $tmp.passwd.db
ls -l $tmp.passwd.db >>$seq_full
$sudo -u $PCP_USER od -c $tmp.passwd.db >>$seq_full

echo "Start pmcd with this shiny new sasldb"
if ! _service pmcd restart 2>&1; then _exit 1; fi \
| _filter_pcp_restart
_wait_for_pmcd || _exit 1
if ! _service pmlogger restart 2>&1; then _exit 1; fi \
| _filter_pcp_restart
_wait_for_pmlogger || _exit 1

for method in $mechanisms
do
    echo
    echo "=== method: ${method}, authentication with invalid password ===" | tee -a $seq_full
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=n" pmcd.feature.authentication 2>&1 | tee -a $seq_full \
    | grep 'Authentication - ' | grep -E -q "authentication failure|Cannot connect"
    test $? -eq 0 && echo "authentication failure"

    echo
    echo "=== method: ${method}, authentication with correct password ===" | tee -a $seq_full
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=y" pmcd.feature.authentication
done


# success, all done
status=0
exit
