#!/bin/sh -u
#
#   Copyright (C) 2008 CAI Qian <caiqian@cclom.cn>
#   Copyright (c) International Business Machines  Corp., 2003
#
#   This program is free software;  you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#   the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#   FILE: /etc/at.deny
#
#   PURPOSE: Test that /etc/at.deny , does not allow those in the file
#   to run cron jobs.
#
#   HISTORY:
#		04/03 Jerone Young (jyoung5@us.ibm.com)
#

export TCID=at_deny01
export TST_TOTAL=1
export TST_COUNT=1
TMP=${TMP:=/tmp}
deny="/etc/at.deny"
test_user1="test_user_1"
test_user2="test_user_2"
test_user1_home="/home/${test_user1}"
test_user2_home="/home/${test_user2}"
tmpfile="$TMP/at_deny_test"

if [ "$(id -ru)" = 0 ]; then
	. cmdlib.sh
fi

#-----------------------------------------------------------------------
# FUNCTION:  do_setup
#-----------------------------------------------------------------------

do_setup()
{
	# Move any files that may get in the way.
	rm "${tmpfile}" >/dev/null 2>&1
	mv "${deny}" "${deny}.old" >/dev/null 2>&1

	# if /etc/at.allow is there, /etc/at.deny will be ignored. So, we
	# need to remove it first.
	if [ -f "/etc/at.allow" ]; then
		mv /etc/at.allow /etc/at.allow.old
	fi

	# Remove users for clean enviroment.
	rm -rf "${test_user1_home}" "${test_user2_home}"
	userdel -r "${test_user1}" >/dev/null 2>&1
	userdel -r "${test_user2}" >/dev/null 2>&1

	# Create the 1st user.
	if ! useradd -g users -d "${test_user1_home}" -m "${test_user1}"; then
		echo "Could not add test user ${test_user1} to system."
		exit 1
	fi

	# Create the 2nd user.
	if ! useradd -g users -d "${test_user2_home}" -m "${test_user2}"; then
		echo "Could not add test user ${test_user2} to system."
		exit 1
	fi

	# This is the workaround for a potential bug.
	# [Bug 468337] At Refuse to Work with Non-login Shell
	# https://bugzilla.redhat.com/show_bug.cgi?id=468337
	# As we are running in non-login shell now, we cannot run the script
	# by simply given it a relative path. Therefore, we copy it to test
	# users' home directories, and run it from there.
	cp "$0" "${test_user1_home}/." &&
	cp "$0" "${test_user2_home}/." &&
	echo "export LTPROOT='$LTPROOT'" > "${test_user1_home}/cached_ltproot" &&
	echo "export LTPROOT='$LTPROOT'" > "${test_user2_home}/cached_ltproot"
	if [ $? -ne 0 ]; then
		tst_resm TBROK "Couldn't copy over req'd files for test users"
		exit 1
	fi

	restart_daemon atd
}

#-----------------------------------------------------------------------
# FUNCTION:  do_cleanup
#-----------------------------------------------------------------------
do_cleanup()
{
	# We forcefully remove those files anyway. Otherwise userdel may
	# give us bad warnings.
	rm -rf "${test_user1_home}" "${test_user2_home}"
	userdel -r "${test_user1}" >/dev/null 2>&1
	userdel -r "${test_user2}" >/dev/null 2>&1
	rm "${deny}"
	mv "${deny}.old" "${deny}" >/dev/null 2>&1
	rm "${tmpfile}" >/dev/null 2>&1

	if [ -f /etc/at.allow.old ]; then
		mv /etc/at.allow.old /etc/at.allow
	fi
}

#-----------------------------------------------------------------------
# FUNCTION:  run_test
#-----------------------------------------------------------------------
run_test()
{
	if [ $(whoami) = "${test_user1}" ]; then
		. "${test_user1_home}/cached_ltproot" || exit 1
		export PATH="$PATH:$LTPROOT/testcases/bin"

		echo "TEST: ${deny} should deny only those who are not in the file to run jobs."
		echo "(1) TEST THAT PERSON NOT IN ${deny} IS ABLE TO RUN JOB."
		echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" |
		if ! at -m now + 1 minutes; then
			echo "Error while adding job using at for user ${test_user1}."
			exit 1
		fi
		echo " Sleeping for 75 seconds...."
		sleep 75

		exit_code=1
		test -e "${tmpfile}" && exit_code=0
		if [ ${exit_code} -eq 1 ]; then
			tst_resm TFAIL "At denyed user to execute test job"
		else
			tst_resm TPASS "At did not deny user to execute job"
		fi

		rm -f "${tmpfile}" >/dev/null 2>&1
		exit ${exit_code}

	elif [ $(whoami) = "${test_user2}" ]; then

		. "${test_user2_home}/cached_ltproot" || exit 1
		export PATH="$PATH:$LTPROOT/testcases/bin"

		echo "(2) TEST THAT PERSON IN ${deny} IS NOT ABLE TO RUN JOB."

		echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" |
		if ! at -m now + 1 minutes; then
			echo "Expected error while adding job user at for user ${test_user2}"
		fi
		echo "Sleeping for 75 seconds...."
		sleep 75

		exit_code=1
		test -e "${tmpfile}" || exit_code=0
		if [ ${exit_code} -eq 1 ]; then
			echo "At did not deny user to execute job, TEST FAILED."
		else
			echo "At denyed user to execute test job, TEST PASSED."
		fi

		rm -f "${tmpfile}" >/dev/null 2>&1
		exit ${exit_code}

	fi
}

#-----------------------------------------------------------------------
# FUNCTION: main
#-----------------------------------------------------------------------
if ! type at > /dev/null; then
	tst_resm TCONF "at command not found on system"
elif [ "$(id -ru)" = 0 ]; then
	if do_setup ; then
		if ! echo "${test_user2}" >"${deny}"; then
			exit_code=1
		elif ! su "${test_user1}" -lc "${test_user1_home}/${0##*/}"; then
			exit_code=1
		elif ! su "${test_user2}" -lc "${test_user2_home}/${0##*/}"; then
			exit_code=1
		else
			exit_code=0
		fi
		do_cleanup
	else
		exit_code=1
	fi
	exit ${exit_code}
else
	run_test
	exit 0
fi