12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 |
- name: Samba Kerberos SSO
- on:
- push:
- branches:
- - master
- - stable*
- paths:
- - 'apps/files_external/**'
- pull_request:
- paths:
- - 'apps/files_external/**'
-
- jobs:
- smb-kerberos-tests:
- runs-on: ubuntu-latest
-
- name: kerberos
-
- steps:
- - name: Checkout server
- uses: actions/checkout@v3
- with:
- submodules: true
- - name: Pull images
- run: |
- docker pull icewind1991/samba-krb-test-dc
- docker pull icewind1991/samba-krb-test-apache
- docker pull icewind1991/samba-krb-test-client
- - name: Setup AD-DC
- run: |
- mkdir data
- sudo chown -R 33 data apps config
- apps/files_external/tests/setup-krb.sh
- - name: Set up Nextcloud
- run: |
- docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
- docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test'
-
- # setup user_saml
- docker exec --user 33 apache ./occ app:enable user_saml --force
- docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
- docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER
-
- # setup external storage
- docker exec --user 33 apache ./occ app:enable files_external --force
- docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache
- docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test
- docker exec --user 33 apache ./occ files_external:config 1 share netlogon
- docker exec --user 33 apache ./occ files_external:list
- - name: Test SSO
- run: |
- mkdir cookies
- chmod 0777 cookies
-
- DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}')
- echo "SAML login"
- docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
- curl -c /cookies/jar --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
- echo "Check we are logged in"
- CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
- curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
- echo $CONTENT
- CONTENT=$(echo $CONTENT | tr -d '[:space:]')
- [[ $CONTENT == "testfile" ]]
|