1
0

smb-kerberos.yml 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. name: Samba Kerberos SSO
  2. on:
  3. push:
  4. branches:
  5. - master
  6. - stable*
  7. paths:
  8. - 'apps/files_external/**'
  9. pull_request:
  10. paths:
  11. - 'apps/files_external/**'
  12. jobs:
  13. smb-kerberos-tests:
  14. runs-on: ubuntu-latest
  15. strategy:
  16. fail-fast: false
  17. matrix:
  18. php-versions: ['8.0', '8.1']
  19. name: php${{ matrix.php-versions }}-${{ matrix.ftpd }}
  20. steps:
  21. - name: Checkout server
  22. uses: actions/checkout@v3
  23. with:
  24. submodules: true
  25. - name: Pull images
  26. run: |
  27. docker pull icewind1991/samba-krb-test-dc
  28. docker pull icewind1991/samba-krb-test-apache
  29. docker pull icewind1991/samba-krb-test-client
  30. - name: Setup AD-DC
  31. run: |
  32. mkdir data
  33. sudo chown -R 33 data apps config
  34. apps/files_external/tests/setup-krb.sh
  35. - name: Set up Nextcloud
  36. run: |
  37. docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
  38. docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test'
  39. # setup user_saml
  40. docker exec --user 33 apache ./occ app:enable user_saml --force
  41. docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
  42. docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER
  43. # setup external storage
  44. docker exec --user 33 apache ./occ app:enable files_external --force
  45. docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache
  46. docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test
  47. docker exec --user 33 apache ./occ files_external:config 1 share netlogon
  48. docker exec --user 33 apache ./occ files_external:list
  49. - name: Test SSO
  50. run: |
  51. mkdir cookies
  52. chmod 0777 cookies
  53. DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}')
  54. docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
  55. curl -c /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
  56. CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
  57. curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
  58. echo $CONTENT
  59. CONTENT=$(echo $CONTENT | tr -d '[:space:]')
  60. [[ $CONTENT == "testfile" ]]
  61. smb-kerberos-summary:
  62. runs-on: ubuntu-latest
  63. needs: smb-kerberos-tests
  64. if: always()
  65. steps:
  66. - name: Summary status
  67. run: if ${{ needs.smb-kerberos-tests.result != 'success' }}; then exit 1; fi