summaryrefslogtreecommitdiffstats
path: root/.github/workflows/smb-kerberos.yml
blob: c069d665a6ae632bb29b5badb42c8f8f4083464d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
name: Samba Kerberos SSO
on:
  push:
    branches:
      - master
      - stable*
    paths:
      - 'apps/files_external/**'
      - '.github/workflows/smb-kerberos.yml'
  pull_request:
    paths:
      - 'apps/files_external/**'
      - '.github/workflows/smb-kerberos.yml'

jobs:
  smb-kerberos-tests:
    runs-on: ubuntu-latest

    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

    name: smb-kerberos-sso

    steps:
      - name: Checkout server
        uses: actions/checkout@v3
        with:
          submodules: true
      - name: Pull images
        run: |
          docker pull icewind1991/samba-krb-test-dc
          docker pull icewind1991/samba-krb-test-apache
          docker pull icewind1991/samba-krb-test-client
      - name: Setup AD-DC
        run: |
          cp apps/files_external/tests/*.sh .
          mkdir data
          sudo chown -R 33 data apps config
          DC_IP=$(./start-dc.sh)
          ./start-apache.sh $DC_IP $PWD
          echo "DC_IP=$DC_IP" >> $GITHUB_ENV
      - name: Set up Nextcloud
        run: |
          docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test'

          # setup user_saml
          docker exec --user 33 apache ./occ app:enable user_saml --force
          docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
          docker exec --user 33 apache ./occ saml:config:create
          docker exec --user 33 apache ./occ saml:config:set 1 --general-uid_mapping=REMOTE_USER

          # setup external storage
          docker exec --user 33 apache ./occ app:enable files_external --force
          docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache
          docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test
          docker exec --user 33 apache ./occ files_external:config 1 share netlogon
          docker exec --user 33 apache ./occ files_external:list
      - name: Test SSO
        run: |
          mkdir /tmp/shared/cookies
          chmod 0777 /tmp/shared/cookies

          echo "SAML login"
          ./client-cmd.sh ${{ env.DC_IP }} curl -c /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
          echo "Check we are logged in"
          CONTENT=$(./client-cmd.sh ${{ env.DC_IP }} curl -b /shared/cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
          CONTENT=$(echo $CONTENT | head -n 1 | tr -d '[:space:]')
          [[ $CONTENT == "testfile" ]]
      - name: Show logs
        if: failure()
        run: |
          docker exec --user 33 apache ./occ log:file
          FILEPATH=$(docker exec --user 33 apache ./occ log:file | grep "Log file:" | cut -d' ' -f3)
          docker exec --user 33 apache cat $FILEPATH