#!/bin/sh
# PCP QA Test No. 1672
# Exercise different SASL auth methods using a custom sasldb.
#
# Copyright (c) 2020 Red Hat.
#
# NOTE
#	This test is likely to fail unless a domainname can be
#	found for the host.  For example, when hostname was vm23
#	it failed, but when hostname was set (via /etc/hostname in
#	this case) to vm23.localdomain the test passes.  The test
#	is also known to pass with a domainname(1) explicitly set.

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_get_libpcp_config
$authentication || _notrun "No authentication support available"

sasl_notrun_checks saslpasswd2 sasldblistusers2

$pluginviewer -a | grep 'Plugin "sasldb"' >/dev/null
test $? -eq 0 || _notrun "SASL sasldb auxprop plugin unavailable"

mechanisms="plain login scram-sha-256"
for mech in $mechanisms
do
    mechanism=`echo $mech | sed -e 's/-.*//g'`
    $pluginviewer -c | grep 'Plugin "'$mechanism'"' >/dev/null 2>&1
    test $? -eq 0 || _notrun "No client support for $mechanism authentication"
    $pluginviewer -s | grep 'Plugin "'$mechanism'"' >/dev/null 2>&1
    test $? -eq 0 || _notrun "No server support for $mechanism authentication"
done

cleanup()
{
    # restore any modified pmcd configuration files
    _restore_config $PCP_SASLCONF_DIR/pmcd.conf

    _service pcp stop 2>&1 | _filter_pcp_stop
    _service pcp start 2>&1 2>&1 | _filter_pcp_start
    _wait_for_pmcd
    _wait_for_pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
$sudo rm -rf $tmp.* $seq.full
trap "cleanup; exit \$status" 0 1 2 3 15

hostname=`hostname`
echo "hostname -> $hostname" >>$seq.full
domainname=`domainname`
echo "domainname -> $domainname" >>$seq.full

echo "hostname -f -> `hostname -f`" >>$seq.full
if [ -n "$domainname" ]
then
    :
elif echo "$hostname" | grep '\.' >/dev/null
then
    :
else
    _notrun "hostname -> $hostname, no domain name available"
fi

_filter_listusers2()
{
    sed \
        -e "s/^$username/USER/" \
        -e "s/@$hostname:/@HOST:/"
}

# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo "mech_list: $mechanisms" >$tmp.sasl
echo "sasldb_path: $tmp.passwd.db" >>$tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo chown pcp:pcp $PCP_SASLCONF_DIR/pmcd.conf
ls -l $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full
$sudo -u pcp cat $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full

echo "Creating temporary sasldb, add user running QA to it" | tee -a $seq.full
echo y | saslpasswd2 -p -a pmcd -f $tmp.passwd.db $username

echo "Verify saslpasswd2 has successfully added a new user" | tee -a $seq.full
sasldblistusers2 -f $tmp.passwd.db \
| tee -a $seq.full \
| _filter_listusers2

echo "Ensure pmcd can read the password file" | tee -a $seq.full
$sudo chown pcp:pcp $tmp.passwd.db
ls -l $tmp.passwd.db >>$seq.full
$sudo -u pcp od -c $tmp.passwd.db >>$seq.full

echo "Start pmcd with this shiny new sasldb"
_service pcp restart 2>&1 | tee -a $seq.full >$tmp.out
_wait_for_pmcd
_wait_for_pmlogger

for method in $mechanisms
do
    echo
    echo "=== method: ${method}, authentication with invalid password ===" | tee -a $seq.full
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=n" pmcd.feature.authentication 2>&1 | tee -a $seq.full \
    | grep 'Authentication - ' | egrep -q "authentication failure|Cannot connect"
    test $? -eq 0 && echo "authentication failure"

    echo
    echo "=== method: ${method}, authentication with correct password ===" | tee -a $seq.full
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=y" pmcd.feature.authentication
done


# success, all done
status=0
exit
