RISCI_ATOM
/
nextcloud-server
зеркало из https://github.com/nextcloud/server.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							name: Samba Kerberos SSO
on:
  push:
    branches:
      - master
      - stable*
    paths:
      - 'apps/files_external/**'
  pull_request:
    paths:
      - 'apps/files_external/**'

jobs:
  smb-kerberos-tests:
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        php-versions: ['8.0', '8.1']

    name: php${{ matrix.php-versions }}-${{ matrix.ftpd }}

    steps:
      - name: Checkout server
        uses: actions/checkout@v3
        with:
          submodules: true
      - name: Pull images
        run: |
          docker pull icewind1991/samba-krb-test-dc
          docker pull icewind1991/samba-krb-test-apache
          docker pull icewind1991/samba-krb-test-client
      - name: Setup AD-DC
        run: |
          mkdir data
          sudo chown -R 33 data apps config
          apps/files_external/tests/setup-krb.sh
      - name: Set up Nextcloud
        run: |
          docker exec --user 33 apache ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
          docker exec --user 33 apache ./occ config:system:set trusted_domains 1 --value 'httpd.domain.test'

          # setup user_saml
          docker exec --user 33 apache ./occ app:enable user_saml --force
          docker exec --user 33 apache ./occ config:app:set user_saml type --value 'environment-variable'
          docker exec --user 33 apache ./occ config:app:set user_saml general-uid_mapping --value REMOTE_USER

          # setup external storage
          docker exec --user 33 apache ./occ app:enable files_external --force
          docker exec --user 33 apache ./occ files_external:create smb smb smb::kerberosapache
          docker exec --user 33 apache ./occ files_external:config 1 host krb.domain.test
          docker exec --user 33 apache ./occ files_external:config 1 share netlogon
          docker exec --user 33 apache ./occ files_external:list
      - name: Test SSO
        run: |
          mkdir cookies
          chmod 0777 cookies

          DC_IP=$(docker inspect dc --format '{{.NetworkSettings.IPAddress}}')
          docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
            curl -c /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/index.php/apps/user_saml/saml/login
          CONTENT=$(docker run --rm --name client -v $PWD/cookies:/cookies -v /tmp/shared:/shared --dns $DC_IP --hostname client.domain.test icewind1991/samba-krb-test-client \
            curl -b /cookies/jar -s --negotiate -u testuser@DOMAIN.TEST: --delegation always http://httpd.domain.test/remote.php/webdav/smb/test.txt)
          echo $CONTENT
          CONTENT=$(echo $CONTENT | tr -d '[:space:]')
          [[ $CONTENT == "testfile" ]]


  smb-kerberos-summary:
    runs-on: ubuntu-latest
    needs: smb-kerberos-tests

    if: always()

    steps:
      - name: Summary status
        run: if ${{ needs.smb-kerberos-tests.result != 'success' }}; then exit 1; fi