name: Samba Kerberos SSO on: push: branches: - master - stable* paths: - 'apps/files_external/**' pull_request: paths: - 'apps/files_external/**' jobs: smb-kerberos-tests: runs-on: ubuntu-latest name: kerberos steps: - name: Checkout server uses: actions/checkout@v3 with: submodules: true - name: Pull images run: | docker pull icewind1991/samba-krb-test-dc docker pull icewind1991/samba-krb-test-apache docker pull icewind1991/samba-krb-test-client - name: Setup AD-DC run: | mkdir data sudo chown -R 33 data apps config apps/files_external/tests/setup-krb.sh - name: Set up Nextcloud run: | docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test' # setup user_saml docker exec --user 33 apache ./occ app:enable user_saml --force docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable' docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER # setup external storage docker exec --user 33 apache ./occ app:enable files_external --force docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test docker exec --user 33 apache ./occ files_external:config 1 share netlogon docker exec --user 33 apache ./occ files_external:list - name: Test SSO run: | mkdir cookies chmod 0777 cookies DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}') echo "SAML login" docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ curl -c /cookies/jar --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login echo "Check we are logged in" CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \ curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt) echo $CONTENT CONTENT=$(echo $CONTENT | tr -d '[:space:]') [[ $CONTENT == "testfile" ]]