#!/bin/sh
#
# Verify the kerberos server

. /usr/share/debian-edu-config/testsuite-lib.sh

retval=0

if test -r /etc/debian-edu/config ; then
    . /etc/debian-edu/config
fi

# Make sure all debconf templates with password passed from d-i to
# cfengine are empty after installation (bug #711251).
for template in debian-edu-config/kdc-password \
    debian-edu-config/kdc-password-again \
    debian-edu-config/ldap-password-again \
    debian-edu-config/ldap-password \
    debian-edu-config/first-user-password ; do
    if [ -n "$(perl -MDebconf::Db -MDebconf::Template -e "Debconf::Db->load; my \$template = Debconf::Template->get('$template'); print \$template->default || \$template->value;")" ]; then
	echo "error: debconf template $template is not empty! (BTS #711251)"
    else
	echo "success: debconf template $template is empty."
    fi
done

# In case we are not a Main-Server profile, just exit gracefully
if echo "$PROFILE" | grep -q Main-Server ; then
    :
else
    exit 0
fi

for process in krb5kdc kadmind ; do
    if pidof $process > /dev/null ; then
	echo "success: $0: $process is running."
    else
	echo "error: $0: $process is not running."
	retval=1
    fi
done

netstat_check kerberos udp "Kerberos" || retval=1
netstat_check kpasswd tcp "Kerberos" || retval=1
netstat_check kerberos-adm tcp "Kerberos" || retval=1

## list principals:
echo "==== Principals: "
kadmin.local -q listprincs

## check keytabs:
echo "==== Keytabs: "
for keytab in `find /etc -maxdepth 1 -name "krb5.keytab*"` ; do     
    echo `ls -l $keytab`
done

exit $retval
