#!/bin/sh
# PCP QA Test No. 1672
# Exercise different SASL auth methods using a custom sasldb.
#
# Copyright (c) 2020 Red Hat.
#
# NOTE
#	This test is likely to fail unless hostname(1) returns
#	some sort of FQDN.  For example, when hostname was vm23 it
#	failed, but when hostname was set (via /etc/hostname in
#	this case) to vm23.localdomain the test passes.

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_get_libpcp_config
$authentication || _notrun "No authentication support available"

sasl_notrun_checks saslpasswd2 sasldblistusers2
$pluginviewer -a | grep 'Plugin "sasldb"' >/dev/null
test $? -eq 0 || _notrun "SASL sasldb auxprop plugin unavailable"
$pluginviewer -c | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No client support for plain authentication'
$pluginviewer -s | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No server support for plain authentication'

cleanup()
{
    # restore any modified pmcd configuration files
    _restore_config $PCP_SASLCONF_DIR/pmcd.conf

    _service pcp stop 2>&1 | _filter_pcp_stop
    _service pcp start 2>&1 2>&1 | _filter_pcp_start
    _wait_for_pmcd
    _wait_for_pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
hostname=`hostname`
$sudo rm -rf $tmp.* $seq.full
trap "cleanup; exit \$status" 0 1 2 3 15

_filter_listusers2()
{
    sed \
        -e "s/^$username/USER/" \
        -e "s/@$hostname:/@HOST:/"
}

# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo 'mech_list: plain login digest-md5' >$tmp.sasl
echo "sasldb_path: $tmp.passwd.db" >>$tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo chown pcp:pcp $PCP_SASLCONF_DIR/pmcd.conf
ls -l $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full
$sudo -u pcp cat $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full

echo "Creating temporary sasldb, add user running QA to it" | tee -a $seq.full
echo y | saslpasswd2 -p -a pmcd -f $tmp.passwd.db $username

echo "Verify saslpasswd2 has successfully added a new user" | tee -a $seq.full
sasldblistusers2 -f $tmp.passwd.db \
| tee -a $seq.full \
| _filter_listusers2

echo "Ensure pmcd can read the password file" | tee -a $seq.full
$sudo chown pcp:pcp $tmp.passwd.db
ls -l $tmp.passwd.db >>$seq.full
$sudo -u pcp od -c $tmp.passwd.db >>$seq.full

echo "Start pmcd with this shiny new sasldb"
_service pcp restart 2>&1 | tee -a $seq.full >$tmp.out
_wait_for_pmcd
_wait_for_pmlogger

for method in plain login digest-md5
do
    echo
    echo "=== method: ${method}, authentication with invalid password ==="
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=n" pmcd.feature.authentication 2>&1 \
    | grep -o "authentication failure"

    echo
    echo "=== method: ${method}, authentication with correct password ==="
    pminfo -f -h "pcp://localhost?method=${method}&username=${username}&password=y" pmcd.feature.authentication
done


# success, all done
status=0
exit
