dyatlenkoea/diag-domain-client
1
0
Fork 0
forked from saratov/diag-domain-client
Code Pull Requests Activity

Compare commits

merge into: dyatlenkoea:master
Branches Tags
dyatlenkoea:master
dyatlenkoea:klist-test
dyatlenkoea:new-script
dyatlenkoea:icon
dyatlenkoea:refactoring
dyatlenkoea:test1
dyatlenkoea:master1
dyatlenkoea:0.2.6-alt1
dyatlenkoea:0.2.5-alt1
dyatlenkoea:0.2.4-alt1
dyatlenkoea:0.2.3-alt1
dyatlenkoea:0.2.2-alt1
dyatlenkoea:0.2.1-alt1
...
pull from: dyatlenkoea:refactoring
Branches Tags
dyatlenkoea:klist-test
dyatlenkoea:new-script
dyatlenkoea:icon
dyatlenkoea:master
dyatlenkoea:refactoring
dyatlenkoea:test1
dyatlenkoea:master1
dyatlenkoea:0.2.6-alt1
dyatlenkoea:0.2.5-alt1
dyatlenkoea:0.2.4-alt1
dyatlenkoea:0.2.3-alt1
dyatlenkoea:0.2.2-alt1
dyatlenkoea:0.2.1-alt1

2 Commits
master ... refactorin

Author SHA1 Message Date
Andrey Limachko
aa0975489f
Update TODO 2024-02-23 15:23:39 +04:00
Andrey Limachko
c3a95435b7
First draft 2023-06-28 17:00:46 +04:00
6 changed files with 967 additions and 697 deletions
Show Stats Expand all files Collapse all files

2
TODO
View File

@ -57,3 +57,5 @@ Check versions of all (Windows) Domain Controllers
Multiword search in resolv.conf
Add sssd.conf output
Время жизни kerberos билета

796
domain-diag
View File

@ -1,11 +1,20 @@
#!/bin/bash
#
# Copyright (c) 2022-2023 Andrey Limachko <liannnix@altlinux.org>
# Copyright (c) 2022-2023 Evgeny Sinelnikov <sin@altlinux.org>
# Copyright (C) 2022-2023 Andrey Limachko <liannnix@altlinux.org>
# Copyright (C) 2022-2023 Evgeny Sinelnikov <sin@altlinux.org>
#
# Active Directory domain environment diagnostic tool
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# SPDX-License-Identifier: GPL-2.0-or-later
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
set -euo pipefail
@ -23,6 +32,9 @@ runcmd=run
logfile=/dev/null
force=
global_retval=0
selected_module=
modules_path="./modules/tests"
modules_list=()
show_usage()
{
@ -33,12 +45,12 @@ show_usage()
echo "<check/test-function-name> must be a function name from the list of tests"
echo ""
echo "Options:"
echo " -h, --help This message"
echo " -V, --version Display version number"
echo " -v, --verbose Verbose output"
echo " -w, --logfile[=FILE] Write verbose output to file"
echo " -f, --force Force logging to existing file"
echo " -l, --list List of tests"
echo " -h, --help This message"
echo " -V, --version Display version number"
echo " -v, --verbose Verbose output"
echo " -w, --logfile[=FILE] Write verbose output to file"
echo " -f, --force Force logging to existing file"
echo " -l, --list List of tests"
echo ""
exit 0;
}
@ -59,7 +71,7 @@ while :; do
-v|--verbose) verbose=1
;;
-w|--logfile) shift
test -n "$1" && logfile="$1" || logfile="domain-diag.log"
[[ -n "$1" ]] && logfile="$1" || logfile="domain-diag.log"
;;
-f|--force) force=1
;;
@ -75,705 +87,95 @@ while :; do
shift
done
customcmd="$*"
selected_module="$*"
msg_non_root()
{
echo -n "$*: ["
color_text "SKIP" blue
echo "]"
load_modules_list() {
local modules=
modules=$(ls $modules_path)
for module in $modules; do
if [[ "$module" =~ ^[0-9a-zA-Z_-]+$ ]]; then
. "$modules_path/$module" && modules_list+=("$module")
fi
done
[[ -z "$modules_list" ]] && return 1 || return 0
}
msg_fail()
{
echo -n "$*: ["
color_text "FAIL" red
echo "]"
}
msg_warn()
{
echo -n "$*: ["
color_text "WARN" yellow
echo "]"
}
msg_done()
{
echo -n "$*: ["
color_text "DONE" green
echo "]"
}
__command_msg()
{
local p='$'
if test "$1" = '-r'; then
shift
p='#'
prepare_selected_module() {
if [[ -n "$selected_module" ]]; then
for module in $modules_list; do
if [[ "$module" == "${selected_module[@]}" ]]; then
modules_list=("$module")
return 0
fi
done
return 1
fi
color_message "$p $*" bold
}
_command()
{
local retval=0
local x=
local q=
local r=
if test "$1" = '-q'; then
shift
q=1
fi
if test "$1" = '-r'; then
shift
r=1
fi
if test "$1" = '-x'; then
shift
x=1
fi
test -z "$q" && test -z "$r" && __command_msg "$*"
test -z "$q" && test -n "$r" && __command_msg -r "$*"
test -z "$x" || echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
eval "$*" || retval=$?
test -z "$x" || echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
echo
return $retval
run_module() {
local module=
module="$1"
$module
}
__header()
{
color_message "===============================================================================" bold white
}
__footer()
{
color_message "===============================================================================" bold white
}
__short_msg()
{
case "$1" in
0) msg_done "$2" ;;
2) msg_warn "$2" ;;
102) msg_non_root "$2" ;;
*) msg_fail "$2" ;;
print_module() {
local module=
local module_ret=
local module_name=
local module_status=
local module_color=
module="$1"
module_ret="$2"
module_name=$($module.get_name)
case "$module_ret" in
"0")
module_color="green"
module_status="DONE"
;;
"1")
module_color="red"
module_status="FAIL"
;;
"2")
module_color="yellow"
module_status="WARN"
;;
"102")
module_color="blue"
module_status="SKIP"
;;
*)
module_color="cyan"
module_status="UNKN"
;;
esac
echo -n "$module_name: ["
color_text "$module_status" "$module_color"
echo "]"
}
__delimiter()
{
echo "-------------------------------------------------------------------------------"
}
__check_title()
{
color_message "$1" bold white
}
__newline()
{
echo
}
__log()
{
test -z $verbose && tee -a "$logfile" 1>/dev/null 2>&1 ||
tee -a "$logfile"
}
__log_force_print()
{
tee -a "$logfile"
}
print_head()
{
__header | __log
__check_title "| Samba environment diagnostic tool |" | __log
__delimiter | __log
echo "Version: $VERSION" | __log
echo "Date: $(date)" | __log
__delimiter | __log
echo "System information" | __log
echo "Kernel: $(uname -r)" | __log
echo "Branch: $(apt-repo list | cut -d ' ' -f 2 | grep -e '^\[.*\]$' | tail -1 | sed -E 's/\[(.*)\]/\1/')" | __log
__footer | __log
__newline | __log
}
is_root()
{
if test "$(id -u)" != 0; then
return 1
fi
return 0
}
__not_root_skip()
{
local msg=
if test -n "${1+x}" && test "$1" = "-m"; then
shift
msg="$1"
fi
echo -n "Running not by root, SKIP: $msg"
echo
echo
}
run()
{
local retval=126
local func="$1"
local msg
msg=$(printf "| %s |" "$func")
__header | __log
__check_title "$msg" | __log
__delimiter | __log
__newline | __log
$func 2>&1 | __log && retval=0 || retval=$?
__delimiter | __log
__short_msg $retval "$2" | __log_force_print
__footer | __log
__newline | __log
return $retval
}
check_hostnamectl()
{
local retval=0
local static_host=
local transient_host=
transient_host="$(hostname)" || retval=1
static_host="$(hostnamectl --static)" || retval=1
_command hostnamectl || retval=1
test "$static_host" = "$transient_host" || retval=1
return $retval
}
test_hostname()
{
local host="$HOSTNAME_COMMON"
echo $host
echo
test "$host" != "${host/.}" || return 2
}
check_system_auth()
{
local auth=
auth=$(/usr/sbin/control system-auth)
_command /usr/sbin/control system-auth
_command readlink -f /etc/pam.d/system-auth
_command -x cat /etc/pam.d/system-auth
test -n "$auth" -a "$auth" != "unknown"
}
test_domain_system_auth()
{
test -n "$SYSTEM_AUTH" ||
SYSTEM_AUTH=local
_command /usr/sbin/control system-auth
_command test "$SYSTEM_AUTH" != "local" || return 2
}
is_system_auth_local()
{
test "$SYSTEM_AUTH" = "local"
}
check_system_policy()
{
local policy=
policy=$(/usr/sbin/control system-policy)
_command /usr/sbin/control system-policy
_command readlink -f /etc/pam.d/system-policy
_command -x cat /etc/pam.d/system-policy
test -n "$policy" -a "$policy" != "unknown"
}
test_gpupdate_system_policy()
{
test -n "$SYSTEM_POLICY" ||
SYSTEM_POLICY=local
_command /usr/sbin/control system-policy
_command test "$SYSTEM_POLICY" == "gpupdate" || return 2
}
check_krb5_conf_exists()
{
local retval=0
_command ls -l /etc/krb5.conf
if ! test -e /etc/krb5.conf; then
is_system_auth_local && retval=2 || retval=1
else
_command -x cat /etc/krb5.conf
fi
return $retval
}
check_krb5_conf_ccache()
{
local ccache=
ccache=$(/usr/sbin/control krb5-conf-ccache)
_command /usr/sbin/control krb5-conf-ccache
test -n "$ccache" -a "$ccache" != "unknown"
}
test_keyring_krb5_conf_ccache()
{
local ccache=
ccache=$(/usr/sbin/control krb5-conf-ccache)
_command /usr/sbin/control krb5-conf-ccache
_command test -n "$ccache" -a "$ccache" == "keyring" || return 2
}
check_krb5_conf_kdc_lookup()
{
local retval=0
echo -n "/etc/krb5.conf: dns_lookup_kdc "
if grep -q '^\s*dns_lookup_kdc\s*=\s*\([Tt][Rr][Uu][Ee]\|1\|[Yy][Ee][Ss]\)\s*$' /etc/krb5.conf; then
echo "is enabled"
else
if grep -q '^\s*dns_lookup_kdc\s*=' /etc/krb5.conf; then
echo "is disabled"
retval=1
else
echo "is enabled by default"
retval=2
fi
fi
echo
return $retval
}
check_krb5_keytab_exists()
{
local retval=0
_command ls -l /etc/krb5.keytab
if ! test -e /etc/krb5.keytab; then
is_system_auth_local && retval=2 || retval=1
fi
return $retval
}
check_keytab_credential_list()
{
local retval=0
if ! is_root; then
__not_root_skip && return 102
fi
if ! _command -r klist -ke; then
is_system_auth_local && retval=2 || retval=1
fi
return $retval
}
check_resolv_conf()
{
local retval=0
_command ls -l /etc/resolv.conf
_command -x cat /etc/resolv.conf
}
compare_resolv_conf_with_default_realm()
{
echo "SEARCH_DOMAINS = '$SEARCH_DOMAINS'"
echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"
echo
local domain=
local realm=
local retval=2
domains=$(echo "$SEARCH_DOMAINS" | tr '[:upper:]' '[:lower:]')
realm=$(echo "$KRB5_DEFAULT_REALM" | tr '[:upper:]' '[:lower:]')
test -z "$realm" && return $retval
test -z "$domains" && return $retval
for domain in $domains; do
test "$domain" = "$realm" && retval=0
run_modules() {
local ret=
ret=0
for module in "${modules_list[@]}"; do
local module_ret=
module_ret=0
run_module "$module" || module_ret=$?
print_module "$module" "$module_ret"
[[ "$module_ret" > 0 ]] && [[ "$module_ret" > "$ret" ]] && ret="$module_ret"
done
return $retval
return $ret
}
check_smb_conf()
{
local retval=0
_command ls -l /etc/samba/smb.conf
_command -x grep -v -e "'^\s*[#;]'" -e "'^\s*$'" /etc/samba/smb.conf
_command -x testparm -l -s
main() {
local ret
ret=0
load_modules_list ||
( echo "Load modules list error" && exit 127 )
prepare_selected_module ||
( echo "Module $selected_module not found" && exit 127 )
run_modules || ret=$?
return $ret
}
compare_smb_realm_with_krb5_default_realm()
{
echo "SMB_REALM = '$SMB_REALM'"
echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"
echo
test -n "$SMB_REALM" || return 2
test -n "$KRB5_DEFAULT_REALM" || return 2
test "$KRB5_DEFAULT_REALM" = "$SMB_REALM" || return 2
}
test_smb_realm()
{
local retval=0
DOMAIN_REALM="$KRB5_DEFAULT_REALM"
if test -n "$SMB_REALM"; then
DOMAIN_REALM="$SMB_REALM"
DOMAIN_DOMAIN="$(echo "$SMB_REALM" | tr '[:upper:]' '[:lower:]')"
else
test -z "$DOMAIN_REALM" ||
DOMAIN_DOMAIN="$(echo "$DOMAIN_REALM" | tr '[:upper:]' '[:lower:]')"
test -n "$DOMAIN_REALM" ||
DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" | tr '[:lower:]' '[:upper:]')"
is_system_auth_local && retval=2 || retval=1
fi
echo "DOMAIN_REALM = '$DOMAIN_REALM'"
echo "DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"
echo
return $retval
}
test_domainname()
{
HOSTNAME_DOMAIN=$(hostname -d)
if test "$HOSTNAME_DOMAIN" = "$HOSTNAME_SHORT" ||
test "$HOSTNAME_DOMAIN" = '(none)' ||
test -z "$HOSTNAME_DOMAIN"; then
HOSTNAME_DOMAIN=
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo
return 2
fi
if test -z "$DOMAIN_DOMAIN"; then
DOMAIN_DOMAIN="$HOSTNAME_DOMAIN"
test -n "$DOMAIN_REALM" ||
DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" | tr '[:lower:]' '[:upper:]')"
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo "Update realm and domain from HOSTNAME_DOMAIN:"
echo " DOMAIN_REALM = '$DOMAIN_REALM'"
echo " DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"
echo
return 2
fi
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo
test "$HOSTNAME_DOMAIN" = "$DOMAIN_DOMAIN" || return 1
}
check_time_synchronization()
{
local retval=0
_command timedatectl || return 1
}
test_time_synchronization()
{
local retval=0
local func="test \$(timedatectl show -p NTPSynchronized --value) == \"yes\""
__command_msg "$func"
_command -q "$func" || retval=2
return $retval
}
_check_nameserver()
{
local ns="$1"
if _command ping -c 2 -i2 "$ns"; then
test -z "$DOMAIN_DOMAIN" || _command host "$DOMAIN_DOMAIN" "$ns"
else
return 1
fi
}
check_nameservers()
{
retval1=0
retval2=0
retval3=0
if [ -n "$NAMESERVER1" ]; then
_check_nameserver "$NAMESERVER1" || retval1=1
fi
if [ -n "$NAMESERVER2" ]; then
_check_nameserver "$NAMESERVER2" || retval2=1
fi
if [ -n "$NAMESERVER3" ]; then
_check_nameserver "$NAMESERVER3" || retval3=1
fi
if test "$retval1" = 0 -a "$retval2" = 0 -a "$retval3" = 0; then
return 0;
fi
if test "$retval1" = 1 -a "$retval2" = 1 -a "$retval3" = 1; then
return 1;
fi
return 2
}
_ldap_get_computer()
{
local retval=0
local dc="$1"
local computer="$2"
local filter=""
local domain_dn=
if test -n "${3+x}"; then
filter="$3"
fi
domain_dn=$(echo $DOMAIN_DOMAIN | sed 's/\./,dc=/g' | sed 's/^/dc=/')
local searchcmd="ldapsearch -o nettimeout=30 -Y GSSAPI -N -h $dc -b $domain_dn"
searchcmd="$searchcmd \"(&(ObjectClass=computer)(objectCategory=Computer)(name=$computer))\""
__command_msg "$searchcmd $filter"
_command -q "$searchcmd" "$filter" || retval=2
return $retval
}
_check_domain_controller()
{
local retval=0
local dc="$1"
local computer=
local ldap_computer=
local computer=
local hostname_upper=
hostname_upper=$(echo $HOSTNAME_SHORT | tr '[:lower:]' '[:upper:]')
local domain_upper=
domain_upper=$(echo $DOMAIN_DOMAIN | tr '[:lower:]' '[:upper:]')
local kinit_realm="$hostname_upper\$\@$domain_upper"
if is_root; then
KRB5CCNAME="FILE:/tmp/domain-diag_krb5cc_%{uid}"
_command kinit -k "$kinit_realm" || retval=2
if test "$retval" != "0"; then
is_system_auth_local && return 2 || return 1
fi
fi
computer="$(echo $1 | sed 's/\..*$//')"
_ldap_get_computer "$dc" "$computer" "| grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' '" || retval=2
__newline
_command kdestroy -A
return $retval
}
check_domain_controllers()
{
local retval=2
local hostcmd="host -t srv _ldap._tcp.$DOMAIN_DOMAIN | cut -d ' ' -f 8"
local resolv_msg=
local controllers_names=
__command_msg "$hostcmd"
controllers_names=$(_command -q "$hostcmd" || retval=2)
echo $controllers_names | sed 's/ /\n/g'
echo
for controller_name in $controllers_names; do
resolv_msg="host $controller_name | sed 's/^.* //g'"
_command "$resolv_msg"
done
for controller_name in $controllers_names; do
# TODO: Add controller check by ip
_check_domain_controller $controller_name && retval=0
done
test -z "$controllers_names" && retval=2
! is_system_auth_local && test $retval != 0 && retval=1
return $retval
}
check_kerberos_and_ldap_srv_records()
{
test -n "$DOMAIN_DOMAIN" || return 1
_command host -t srv "_kerberos._udp.$DOMAIN_DOMAIN"
_command host -t srv "_ldap._tcp.$DOMAIN_DOMAIN"
}
compare_netbios_name()
{
local netbios=
local host=
netbios=$(echo "$SMB_NETBIOS_NAME" | tr '[:upper:]' '[:lower:]')
host=$(echo "$HOSTNAME_SHORT" | tr '[:upper:]' '[:lower:]')
echo "SMB_NETBIOS_NAME = '$SMB_NETBIOS_NAME'"
echo "HOSTNAME_SHORT = '$HOSTNAME_SHORT'"
echo
test "$netbios" = "$host" || return 1
}
check_common_packages()
{
local retval=0
_command rpm -q alterator-auth || retval=1
_command rpm -q libnss-role || retval=1
_command rpm -q libkrb5 || retval=1
_command rpm -q libsmbclient || retval=1
return $retval
}
check_group_policy_packages()
{
local retval=0
_command rpm -q local-policy || retval=1
_command rpm -q gpupdate || retval=1
return $retval
}
check_sssd_ad_packages()
{
local retval=0
_command rpm -q task-auth-ad-sssd || retval=1
return $retval
}
check_sssd_winbind_packages()
{
local retval=0
_command rpm -q task-auth-ad-winbind || retval=2
return $retval
}
default_run()
{
local retval=0
run "$1" "$2" || retval=$?
test $retval = 1 && global_retval=1
return 0
}
list_run()
{
test -z $verbose &&
echo "$1" ||
echo "$1: $2"
}
custom_run()
{
if echo "$customcmd" | tr ' ' '\n' | grep -q "^$1\$"; then
run "$1" "$2" && global_retval=0 || global_retval=$?
fi
}
init_log()
{
local log_index
if test -e "$logfile" && test "$logfile" != "/dev/null" && test -z "$force"; then
log_index=$(find . -maxdepth 1 -name "$logfile.*" 2>/dev/null | sort -V | tail -1 | sed -E 's/^.*\.([^.]*)$/\1/' || true)
logfile="$logfile".$(($log_index + 1))
fi
if test "$logfile" != "/dev/null"; then
echo -n > "$logfile"
fi
}
init_vars()
{
local host=
host=$(hostname)
local domain realm
HOSTNAME_COMMON="$host"
HOSTNAME_SHORT=$(hostname -s)
HOSTNAME_FQDN=$(hostname -f)
local nameserver_lines=
nameserver_lines=$(grep "^nameserver\s\+" /etc/resolv.conf || true)
NAMESERVER1=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -1)
NAMESERVER2=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -2 | tail -1)
NAMESERVER3=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -3 | tail -1)
SMB_REALM=
SMB_NETBIOS_NAME=
if which testparm >/dev/null 2>&1; then
SMB_REALM=$(testparm -l -v -s 2>/dev/null | grep "^\s*realm\s*=" | sed -e 's/^\s*realm\s*=\s*//' -e 's/\s*$//')
SMB_NETBIOS_NAME=$(testparm -l -v -s 2>/dev/null | grep "^\s*netbios name\s*=" | sed -e 's/^\s*netbios name\s*=\s*//' -e 's/\s*$//')
fi
SEARCH_DOMAINS=
local search_line=
if test -f /etc/resolv.conf; then
search_line=$(grep "^search\s\+" /etc/resolv.conf || true)
SEARCH_DOMAINS=$(echo $search_line | sed -e 's/^search\s\+//' -e 's/\s\+$//' )
fi
KRB5_DEFAULT_REALM=
local krb5_default_realm_line=
if test -e /etc/krb5.conf; then
krb5_default_realm_line=$(grep "^\s*default_realm\s\+" /etc/krb5.conf || true)
KRB5_DEFAULT_REALM=$( echo "$krb5_default_realm_line" | sed -e 's/^\s*default_realm\s*=\s*//' -e 's/\s*$//')
fi
realm=$(echo "$KRB5_DEFAULT_REALM" | tr '[:upper:]' '[:lower:]')
if test -n "$realm"; then
DOMAIN_DOMAIN="$realm"
else
DOMAIN_DOMAIN=$(echo $SEARCH_DOMAINS | cut -d ' ' -f 1 | tr '[:upper:]' '[:lower:]')
fi
SYSTEM_AUTH="$(/usr/sbin/control system-auth)"
SYSTEM_POLICY="$(/usr/sbin/control system-policy)"
}
if ! test -z $listcmd; then
runcmd=list_run
elif ! test -z "$customcmd"; then
runcmd=custom_run
global_retval=127
else
runcmd=default_run
fi
if test -z $listcmd; then
init_log
print_head
init_vars
fi
$runcmd check_hostnamectl "Check hostname persistance"
$runcmd test_hostname "Test hostname is FQDN (not short)"
$runcmd check_system_auth "System authentication method"
$runcmd test_domain_system_auth "Domain system authentication enabled"
$runcmd check_system_policy "System policy method"
$runcmd test_gpupdate_system_policy "System group policy enabled"
$runcmd check_krb5_conf_exists "Check Kerberos configuration exists"
$runcmd check_krb5_conf_ccache "Kerberos credential cache status"
$runcmd test_keyring_krb5_conf_ccache "Using keyring as kerberos credential cache"
$runcmd check_krb5_conf_kdc_lookup "Check DNS lookup kerberos KDC status"
$runcmd check_krb5_keytab_exists "Check machine crendetial cache is exists"
$runcmd check_keytab_credential_list "Check machine credentials list in keytab"
$runcmd check_resolv_conf "Check nameserver resolver configuration"
$runcmd compare_resolv_conf_with_default_realm "Compare krb5 realm and first search domain"
$runcmd check_smb_conf "Check Samba configuration"
$runcmd compare_smb_realm_with_krb5_default_realm "Compare samba and krb5 realms"
$runcmd test_smb_realm "Check Samba domain realm"
$runcmd test_domainname "Check hostname FQDN domainname"
$runcmd check_time_synchronization "Check time synchronization"
$runcmd test_time_synchronization "Time synchronization enabled"
$runcmd check_nameservers "Check nameservers availability"
$runcmd check_domain_controllers "Check domain controllers list"
$runcmd check_kerberos_and_ldap_srv_records "Check Kerberos and LDAP SRV-records"
$runcmd compare_netbios_name "Compare NetBIOS name and hostname"
$runcmd check_common_packages "Check common packages"
$runcmd check_group_policy_packages "Check group policy packages"
$runcmd check_sssd_ad_packages "Check SSSD AD packages"
$runcmd check_sssd_winbind_packages "Check SSSD Winbind packages"
test -f "$logfile" && test -w "$logfile" &&
sed -i 's/\x1b\[[0-9;]*[mGKH]//g' $logfile
exit "$global_retval"
main

779
domain-diag.old Executable file
View File

@ -0,0 +1,779 @@
#!/bin/bash
#
# Copyright (c) 2022-2023 Andrey Limachko <liannnix@altlinux.org>
# Copyright (c) 2022-2023 Evgeny Sinelnikov <sin@altlinux.org>
#
# Active Directory domain environment diagnostic tool
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
set -euo pipefail
. shell-terminfo
. shell-getopt
terminfo_init
PROG="domain-diag"
VERSION=0.2.3
verbose=
listcmd=
runcmd=run
logfile=/dev/null
force=
global_retval=0
show_usage()
{
echo "Active Directory domain environment diagnostic tool"
echo ""
echo "Usage: $PROG [options] [<check/test-function-name>]"
echo ""
echo "<check/test-function-name> must be a function name from the list of tests"
echo ""
echo "Options:"
echo " -h, --help This message"
echo " -V, --version Display version number"
echo " -v, --verbose Verbose output"
echo " -w, --logfile[=FILE] Write verbose output to file"
echo " -f, --force Force logging to existing file"
echo " -l, --list List of tests"
echo ""
exit 0;
}
print_version()
{
echo "$VERSION"
exit 0;
}
TEMP=$(getopt -n "$PROG" -o "v,V,w::,f,l,h" -l "verbose,version,logfile::,force,list,help" -- "$@") || show_usage
eval set -- "$TEMP"
while :; do
case "$1" in
-h|--help) show_usage
;;
-v|--verbose) verbose=1
;;
-w|--logfile) shift
test -n "$1" && logfile="$1" || logfile="domain-diag.log"
;;
-f|--force) force=1
;;
-l|--list) listcmd=1
;;
-V|--version) print_version "$PROG"
;;
--) shift; break
;;
*) fatal "Unrecognized option: $1"
;;
esac
shift
done
customcmd="$*"
msg_non_root()
{
echo -n "$*: ["
color_text "SKIP" blue
echo "]"
}
msg_fail()
{
echo -n "$*: ["
color_text "FAIL" red
echo "]"
}
msg_warn()
{
echo -n "$*: ["
color_text "WARN" yellow
echo "]"
}
msg_done()
{
echo -n "$*: ["
color_text "DONE" green
echo "]"
}
__command_msg()
{
local p='$'
if test "$1" = '-r'; then
shift
p='#'
fi
color_message "$p $*" bold
}
_command()
{
local retval=0
local x=
local q=
local r=
if test "$1" = '-q'; then
shift
q=1
fi
if test "$1" = '-r'; then
shift
r=1
fi
if test "$1" = '-x'; then
shift
x=1
fi
test -z "$q" && test -z "$r" && __command_msg "$*"
test -z "$q" && test -n "$r" && __command_msg -r "$*"
test -z "$x" || echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
eval "$*" || retval=$?
test -z "$x" || echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
echo
return $retval
}
__header()
{
color_message "===============================================================================" bold white
}
__footer()
{
color_message "===============================================================================" bold white
}
__short_msg()
{
case "$1" in
0) msg_done "$2" ;;
2) msg_warn "$2" ;;
102) msg_non_root "$2" ;;
*) msg_fail "$2" ;;
esac
}
__delimiter()
{
echo "-------------------------------------------------------------------------------"
}
__check_title()
{
color_message "$1" bold white
}
__newline()
{
echo
}
__log()
{
test -z $verbose && tee -a "$logfile" 1>/dev/null 2>&1 ||
tee -a "$logfile"
}
__log_force_print()
{
tee -a "$logfile"
}
print_head()
{
__header | __log
__check_title "| Samba environment diagnostic tool |" | __log
__delimiter | __log
echo "Version: $VERSION" | __log
echo "Date: $(date)" | __log
__delimiter | __log
echo "System information" | __log
echo "Kernel: $(uname -r)" | __log
echo "Branch: $(apt-repo list | cut -d ' ' -f 2 | grep -e '^\[.*\]$' | tail -1 | sed -E 's/\[(.*)\]/\1/')" | __log
__footer | __log
__newline | __log
}
is_root()
{
if test "$(id -u)" != 0; then
return 1
fi
return 0
}
__not_root_skip()
{
local msg=
if test -n "${1+x}" && test "$1" = "-m"; then
shift
msg="$1"
fi
echo -n "Running not by root, SKIP: $msg"
echo
echo
}
run()
{
local retval=126
local func="$1"
local msg
msg=$(printf "| %s |" "$func")
__header | __log
__check_title "$msg" | __log
__delimiter | __log
__newline | __log
$func 2>&1 | __log && retval=0 || retval=$?
__delimiter | __log
__short_msg $retval "$2" | __log_force_print
__footer | __log
__newline | __log
return $retval
}
check_hostnamectl()
{
local retval=0
local static_host=
local transient_host=
transient_host="$(hostname)" || retval=1
static_host="$(hostnamectl --static)" || retval=1
_command hostnamectl || retval=1
test "$static_host" = "$transient_host" || retval=1
return $retval
}
test_hostname()
{
local host="$HOSTNAME_COMMON"
echo $host
echo
test "$host" != "${host/.}" || return 2
}
check_system_auth()
{
local auth=
auth=$(/usr/sbin/control system-auth)
_command /usr/sbin/control system-auth
_command readlink -f /etc/pam.d/system-auth
_command -x cat /etc/pam.d/system-auth
test -n "$auth" -a "$auth" != "unknown"
}
test_domain_system_auth()
{
test -n "$SYSTEM_AUTH" ||
SYSTEM_AUTH=local
_command /usr/sbin/control system-auth
_command test "$SYSTEM_AUTH" != "local" || return 2
}
is_system_auth_local()
{
test "$SYSTEM_AUTH" = "local"
}
check_system_policy()
{
local policy=
policy=$(/usr/sbin/control system-policy)
_command /usr/sbin/control system-policy
_command readlink -f /etc/pam.d/system-policy
_command -x cat /etc/pam.d/system-policy
test -n "$policy" -a "$policy" != "unknown"
}
test_gpupdate_system_policy()
{
test -n "$SYSTEM_POLICY" ||
SYSTEM_POLICY=local
_command /usr/sbin/control system-policy
_command test "$SYSTEM_POLICY" == "gpupdate" || return 2
}
check_krb5_conf_exists()
{
local retval=0
_command ls -l /etc/krb5.conf
if ! test -e /etc/krb5.conf; then
is_system_auth_local && retval=2 || retval=1
else
_command -x cat /etc/krb5.conf
fi
return $retval
}
check_krb5_conf_ccache()
{
local ccache=
ccache=$(/usr/sbin/control krb5-conf-ccache)
_command /usr/sbin/control krb5-conf-ccache
test -n "$ccache" -a "$ccache" != "unknown"
}
test_keyring_krb5_conf_ccache()
{
local ccache=
ccache=$(/usr/sbin/control krb5-conf-ccache)
_command /usr/sbin/control krb5-conf-ccache
_command test -n "$ccache" -a "$ccache" == "keyring" || return 2
}
check_krb5_conf_kdc_lookup()
{
local retval=0
echo -n "/etc/krb5.conf: dns_lookup_kdc "
if grep -q '^\s*dns_lookup_kdc\s*=\s*\([Tt][Rr][Uu][Ee]\|1\|[Yy][Ee][Ss]\)\s*$' /etc/krb5.conf; then
echo "is enabled"
else
if grep -q '^\s*dns_lookup_kdc\s*=' /etc/krb5.conf; then
echo "is disabled"
retval=1
else
echo "is enabled by default"
retval=2
fi
fi
echo
return $retval
}
check_krb5_keytab_exists()
{
local retval=0
_command ls -l /etc/krb5.keytab
if ! test -e /etc/krb5.keytab; then
is_system_auth_local && retval=2 || retval=1
fi
return $retval
}
check_keytab_credential_list()
{
local retval=0
if ! is_root; then
__not_root_skip && return 102
fi
if ! _command -r klist -ke; then
is_system_auth_local && retval=2 || retval=1
fi
return $retval
}
check_resolv_conf()
{
local retval=0
_command ls -l /etc/resolv.conf
_command -x cat /etc/resolv.conf
}
compare_resolv_conf_with_default_realm()
{
echo "SEARCH_DOMAINS = '$SEARCH_DOMAINS'"
echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"
echo
local domain=
local realm=
local retval=2
domains=$(echo "$SEARCH_DOMAINS" | tr '[:upper:]' '[:lower:]')
realm=$(echo "$KRB5_DEFAULT_REALM" | tr '[:upper:]' '[:lower:]')
test -z "$realm" && return $retval
test -z "$domains" && return $retval
for domain in $domains; do
test "$domain" = "$realm" && retval=0
done
return $retval
}
check_smb_conf()
{
local retval=0
_command ls -l /etc/samba/smb.conf
_command -x grep -v -e "'^\s*[#;]'" -e "'^\s*$'" /etc/samba/smb.conf
_command -x testparm -l -s
}
compare_smb_realm_with_krb5_default_realm()
{
echo "SMB_REALM = '$SMB_REALM'"
echo "KRB5_DEFAULT_REALM = '$KRB5_DEFAULT_REALM'"
echo
test -n "$SMB_REALM" || return 2
test -n "$KRB5_DEFAULT_REALM" || return 2
test "$KRB5_DEFAULT_REALM" = "$SMB_REALM" || return 2
}
test_smb_realm()
{
local retval=0
DOMAIN_REALM="$KRB5_DEFAULT_REALM"
if test -n "$SMB_REALM"; then
DOMAIN_REALM="$SMB_REALM"
DOMAIN_DOMAIN="$(echo "$SMB_REALM" | tr '[:upper:]' '[:lower:]')"
else
test -z "$DOMAIN_REALM" ||
DOMAIN_DOMAIN="$(echo "$DOMAIN_REALM" | tr '[:upper:]' '[:lower:]')"
test -n "$DOMAIN_REALM" ||
DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" | tr '[:lower:]' '[:upper:]')"
is_system_auth_local && retval=2 || retval=1
fi
echo "DOMAIN_REALM = '$DOMAIN_REALM'"
echo "DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"
echo
return $retval
}
test_domainname()
{
HOSTNAME_DOMAIN=$(hostname -d)
if test "$HOSTNAME_DOMAIN" = "$HOSTNAME_SHORT" ||
test "$HOSTNAME_DOMAIN" = '(none)' ||
test -z "$HOSTNAME_DOMAIN"; then
HOSTNAME_DOMAIN=
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo
return 2
fi
if test -z "$DOMAIN_DOMAIN"; then
DOMAIN_DOMAIN="$HOSTNAME_DOMAIN"
test -n "$DOMAIN_REALM" ||
DOMAIN_REALM="$(echo "$DOMAIN_DOMAIN" | tr '[:lower:]' '[:upper:]')"
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo "Update realm and domain from HOSTNAME_DOMAIN:"
echo " DOMAIN_REALM = '$DOMAIN_REALM'"
echo " DOMAIN_DOMAIN = '$DOMAIN_DOMAIN'"
echo
return 2
fi
echo "HOSTNAME_DOMAIN = '$HOSTNAME_DOMAIN'"
echo
test "$HOSTNAME_DOMAIN" = "$DOMAIN_DOMAIN" || return 1
}
check_time_synchronization()
{
local retval=0
_command timedatectl || return 1
}
test_time_synchronization()
{
local retval=0
local func="test \$(timedatectl show -p NTPSynchronized --value) == \"yes\""
__command_msg "$func"
_command -q "$func" || retval=2
return $retval
}
_check_nameserver()
{
local ns="$1"
if _command ping -c 2 -i2 "$ns"; then
test -z "$DOMAIN_DOMAIN" || _command host "$DOMAIN_DOMAIN" "$ns"
else
return 1
fi
}
check_nameservers()
{
retval1=0
retval2=0
retval3=0
if [ -n "$NAMESERVER1" ]; then
_check_nameserver "$NAMESERVER1" || retval1=1
fi
if [ -n "$NAMESERVER2" ]; then
_check_nameserver "$NAMESERVER2" || retval2=1
fi
if [ -n "$NAMESERVER3" ]; then
_check_nameserver "$NAMESERVER3" || retval3=1
fi
if test "$retval1" = 0 -a "$retval2" = 0 -a "$retval3" = 0; then
return 0;
fi
if test "$retval1" = 1 -a "$retval2" = 1 -a "$retval3" = 1; then
return 1;
fi
return 2
}
_ldap_get_computer()
{
local retval=0
local dc="$1"
local computer="$2"
local filter=""
local domain_dn=
if test -n "${3+x}"; then
filter="$3"
fi
domain_dn=$(echo $DOMAIN_DOMAIN | sed 's/\./,dc=/g' | sed 's/^/dc=/')
local searchcmd="ldapsearch -o nettimeout=30 -Y GSSAPI -N -h $dc -b $domain_dn"
searchcmd="$searchcmd \"(&(ObjectClass=computer)(objectCategory=Computer)(name=$computer))\""
__command_msg "$searchcmd $filter"
_command -q "$searchcmd" "$filter" || retval=2
return $retval
}
_check_domain_controller()
{
local retval=0
local dc="$1"
local computer=
local ldap_computer=
local computer=
local hostname_upper=
hostname_upper=$(echo $HOSTNAME_SHORT | tr '[:lower:]' '[:upper:]')
local domain_upper=
domain_upper=$(echo $DOMAIN_DOMAIN | tr '[:lower:]' '[:upper:]')
local kinit_realm="$hostname_upper\$\@$domain_upper"
if is_root; then
KRB5CCNAME="FILE:/tmp/domain-diag_krb5cc_%{uid}"
_command kinit -k "$kinit_realm" || retval=2
if test "$retval" != "0"; then
is_system_auth_local && return 2 || return 1
fi
fi
computer="$(echo $1 | sed 's/\..*$//')"
_ldap_get_computer "$dc" "$computer" "| grep 'operating\|name:' | cut -d ' ' -f 2 | tr '\n' ' '" || retval=2
__newline
_command kdestroy -A
return $retval
}
check_domain_controllers()
{
local retval=2
local hostcmd="host -t srv _ldap._tcp.$DOMAIN_DOMAIN | cut -d ' ' -f 8"
local resolv_msg=
local controllers_names=
__command_msg "$hostcmd"
controllers_names=$(_command -q "$hostcmd" || retval=2)
echo $controllers_names | sed 's/ /\n/g'
echo
for controller_name in $controllers_names; do
resolv_msg="host $controller_name | sed 's/^.* //g'"
_command "$resolv_msg"
done
for controller_name in $controllers_names; do
# TODO: Add controller check by ip
_check_domain_controller $controller_name && retval=0
done
test -z "$controllers_names" && retval=2
! is_system_auth_local && test $retval != 0 && retval=1
return $retval
}
check_kerberos_and_ldap_srv_records()
{
test -n "$DOMAIN_DOMAIN" || return 1
_command host -t srv "_kerberos._udp.$DOMAIN_DOMAIN"
_command host -t srv "_ldap._tcp.$DOMAIN_DOMAIN"
}
compare_netbios_name()
{
local netbios=
local host=
netbios=$(echo "$SMB_NETBIOS_NAME" | tr '[:upper:]' '[:lower:]')
host=$(echo "$HOSTNAME_SHORT" | tr '[:upper:]' '[:lower:]')
echo "SMB_NETBIOS_NAME = '$SMB_NETBIOS_NAME'"
echo "HOSTNAME_SHORT = '$HOSTNAME_SHORT'"
echo
test "$netbios" = "$host" || return 1
}
check_common_packages()
{
local retval=0
_command rpm -q alterator-auth || retval=1
_command rpm -q libnss-role || retval=1
_command rpm -q libkrb5 || retval=1
_command rpm -q libsmbclient || retval=1
return $retval
}
check_group_policy_packages()
{
local retval=0
_command rpm -q local-policy || retval=1
_command rpm -q gpupdate || retval=1
return $retval
}
check_sssd_ad_packages()
{
local retval=0
_command rpm -q task-auth-ad-sssd || retval=1
return $retval
}
check_sssd_winbind_packages()
{
local retval=0
_command rpm -q task-auth-ad-winbind || retval=2
return $retval
}
default_run()
{
local retval=0
run "$1" "$2" || retval=$?
test $retval = 1 && global_retval=1
return 0
}
list_run()
{
test -z $verbose &&
echo "$1" ||
echo "$1: $2"
}
custom_run()
{
if echo "$customcmd" | tr ' ' '\n' | grep -q "^$1\$"; then
run "$1" "$2" && global_retval=0 || global_retval=$?
fi
}
init_log()
{
local log_index
if test -e "$logfile" && test "$logfile" != "/dev/null" && test -z "$force"; then
log_index=$(find . -maxdepth 1 -name "$logfile.*" 2>/dev/null | sort -V | tail -1 | sed -E 's/^.*\.([^.]*)$/\1/' || true)
logfile="$logfile".$(($log_index + 1))
fi
if test "$logfile" != "/dev/null"; then
echo -n > "$logfile"
fi
}
init_vars()
{
local host=
host=$(hostname)
local domain realm
HOSTNAME_COMMON="$host"
HOSTNAME_SHORT=$(hostname -s)
HOSTNAME_FQDN=$(hostname -f)
local nameserver_lines=
nameserver_lines=$(grep "^nameserver\s\+" /etc/resolv.conf || true)
NAMESERVER1=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -1)
NAMESERVER2=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -2 | tail -1)
NAMESERVER3=$(echo "$nameserver_lines" | sed -e 's/^nameserver\s\+//' -e 's/\s/\n/' | head -3 | tail -1)
SMB_REALM=
SMB_NETBIOS_NAME=
if which testparm >/dev/null 2>&1; then
SMB_REALM=$(testparm -l -v -s 2>/dev/null | grep "^\s*realm\s*=" | sed -e 's/^\s*realm\s*=\s*//' -e 's/\s*$//')
SMB_NETBIOS_NAME=$(testparm -l -v -s 2>/dev/null | grep "^\s*netbios name\s*=" | sed -e 's/^\s*netbios name\s*=\s*//' -e 's/\s*$//')
fi
SEARCH_DOMAINS=
local search_line=
if test -f /etc/resolv.conf; then
search_line=$(grep "^search\s\+" /etc/resolv.conf || true)
SEARCH_DOMAINS=$(echo $search_line | sed -e 's/^search\s\+//' -e 's/\s\+$//' )
fi
KRB5_DEFAULT_REALM=
local krb5_default_realm_line=
if test -e /etc/krb5.conf; then
krb5_default_realm_line=$(grep "^\s*default_realm\s\+" /etc/krb5.conf || true)
KRB5_DEFAULT_REALM=$( echo "$krb5_default_realm_line" | sed -e 's/^\s*default_realm\s*=\s*//' -e 's/\s*$//')
fi
realm=$(echo "$KRB5_DEFAULT_REALM" | tr '[:upper:]' '[:lower:]')
if test -n "$realm"; then
DOMAIN_DOMAIN="$realm"
else
DOMAIN_DOMAIN=$(echo $SEARCH_DOMAINS | cut -d ' ' -f 1 | tr '[:upper:]' '[:lower:]')
fi
SYSTEM_AUTH="$(/usr/sbin/control system-auth)"
SYSTEM_POLICY="$(/usr/sbin/control system-policy)"
}
if ! test -z $listcmd; then
runcmd=list_run
elif ! test -z "$customcmd"; then
runcmd=custom_run
global_retval=127
else
runcmd=default_run
fi
if test -z $listcmd; then
init_log
print_head
init_vars
fi
$runcmd check_hostnamectl "Check hostname persistance"
$runcmd test_hostname "Test hostname is FQDN (not short)"
$runcmd check_system_auth "System authentication method"
$runcmd test_domain_system_auth "Domain system authentication enabled"
$runcmd check_system_policy "System policy method"
$runcmd test_gpupdate_system_policy "System group policy enabled"
$runcmd check_krb5_conf_exists "Check Kerberos configuration exists"
$runcmd check_krb5_conf_ccache "Kerberos credential cache status"
$runcmd test_keyring_krb5_conf_ccache "Using keyring as kerberos credential cache"
$runcmd check_krb5_conf_kdc_lookup "Check DNS lookup kerberos KDC status"
$runcmd check_krb5_keytab_exists "Check machine crendetial cache is exists"
$runcmd check_keytab_credential_list "Check machine credentials list in keytab"
$runcmd check_resolv_conf "Check nameserver resolver configuration"
$runcmd compare_resolv_conf_with_default_realm "Compare krb5 realm and first search domain"
$runcmd check_smb_conf "Check Samba configuration"
$runcmd compare_smb_realm_with_krb5_default_realm "Compare samba and krb5 realms"
$runcmd test_smb_realm "Check Samba domain realm"
$runcmd test_domainname "Check hostname FQDN domainname"
$runcmd check_time_synchronization "Check time synchronization"
$runcmd test_time_synchronization "Time synchronization enabled"
$runcmd check_nameservers "Check nameservers availability"
$runcmd check_domain_controllers "Check domain controllers list"
$runcmd check_kerberos_and_ldap_srv_records "Check Kerberos and LDAP SRV-records"
$runcmd compare_netbios_name "Compare NetBIOS name and hostname"
$runcmd check_common_packages "Check common packages"
$runcmd check_group_policy_packages "Check group policy packages"
$runcmd check_sssd_ad_packages "Check SSSD AD packages"
$runcmd check_sssd_winbind_packages "Check SSSD Winbind packages"
test -f "$logfile" && test -w "$logfile" &&
sed -i 's/\x1b\[[0-9;]*[mGKH]//g' $logfile
exit "$global_retval"

43
lib/domain-diag-functions Normal file
View File

@ -0,0 +1,43 @@
#!/bin/bash
#
# Copyright (C) 2022-2023 Andrey Limachko <liannnix@altlinux.org>
# Copyright (C) 2022-2023 Evgeny Sinelnikov <sin@altlinux.org>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
set -euo pipefail
# generic eval command
_eval() {
eval "$*"
}
# eval command with currrent user kerberos ticket
_kinit_user_eval() {
return 0
}
# eval command with machine kerberos ticket
_kinit_machine_eval() {
return 0
}
# return 0 if current user is root
_is_root() {
if [[ "$(id -u)" != 0 ]]; then
return 1
fi
return 0
}

BIN
modules/tests/.test_hostname_non_transient.swp Normal file
View File

Binary file not shown.

44
modules/tests/test_hostname_non_transient Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
#
# Copyright (C) 2022-2023 Andrey Limachko <liannnix@altlinux.org>
# Copyright (C) 2022-2023 Evgeny Sinelnikov <sin@altlinux.org>
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# Possible return values:
# 0 - DONE
# 1 - FAIL
# 2 - WARN
# 102 - SKIP
set -euo pipefail
. ./lib/domain-diag-functions
test_hostname_non_transient.get_name() {
echo "Test hostname is non transient"
}
test_hostname_non_transient.get_description() {
echo "Test hostname is non transient"
}
test_hostname_non_transient() {
local retval=0
local static_host=
local transient_host=
transient_host="$(_eval hostname)" || retval=1
static_host="$(_eval hostnamectl --static)" || retval=1
[[ "$static_host" = "$transient_host" ]] || retval=1
return $retval
}