#!/bin/bash

test_username=user1
test_password=Univention.99
admin_name=Administrator
admin_pw=Univention.99

adds_fqdn=$(net ads lookup | sed -n 's/^Domain Controller:\t*//p')
net ads user add "$test_username" "$test_password" -U"$admin_name"%"$admin_pw"
(univention-adsearch samaccountname="$test_username" dn | sed -n 's/^DN: /dn: /p' ; echo -e "changetype: modify\nreplace: userAccountControl\nuserAccountControl: 512") | ldapmodify -x -h "$adds_fqdn" -D "$admin_name@$(hostname -d)" -w "$admin_pw" > /dev/null 2>&1
test_output=$(univention-adsearch samaccountname="$test_username" userAccountControl | sed -n 's/^userAccountControl: //p')
if ! [ "$test_output" = "512" ]; then
	echo "FAIL: Activation of user account failed"
	exit 1
fi

sleep 10

echo "Trying kerberized smbclient access against local user home share"
kinit --password-file=<(echo -n "$test_password") "$test_username"
test_output=$(smbclient -k //$(hostname -f)/homes -c "put /etc/hosts hosts" 2>&1)
if ! [ -e "/home/$test_username/hosts" ]; then
	echo "$test_output"
	echo FAIL
	exit 1
else
	rm "/home/$test_username/hosts"
fi

echo "Trying kerberized smbclient access against AD sysvol share"
test_output=$(smbclient -k //"$adds_fqdn"/sysvol -c "cd $(hostname -d)" 2>&1)
if ! [ $? -eq 0 ]; then
	echo "$test_output"
	echo "FAIL: Cannot access remote sysvol domain directory"
	exit 1
fi

echo SUCCESS