#!/bin/bash
#
#   Copyright (c) International Business Machines  Corp., 2003
#
#   This program is free software;  you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#   the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program;  if not, write to the Free Software
#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
#	FILE: /var/spool/cron/allow
#
#	PURPOSE: Test that /var/spool/cron/allow , only allows those in the file to run cron jobs.
#
#	HISTORY:
#		04/03 Jerone Young (jyoung5@us.ibm.com)
#

echo "This script contains bashism that needs to be fixed!"

iam=`whoami`

tvar=${MACHTYPE%-*}
tvar=${tvar#*-}

if [ "$tvar" = "redhat" -o "$tvar" = "redhat-linux" ]
then
CRON_ALLOW="/etc/cron.allow"
else
CRON_ALLOW="/var/spool/cron/allow"
fi

TEST_USER1="ca_user1"
TEST_USER1_HOME="/home/$TEST_USER1"
TEST_USER2="ca_user2"
TEST_USER2_HOME="/home/$TEST_USER2"

#-----------------------------------------------------------------------
# FUNCTION:  do_setup
#-----------------------------------------------------------------------

do_setup() {
	#move any files that may get in the way
	rm /tmp/cron_allow_test > /dev/null 2>&1
	rm /tmp/cron_allow_test1 > /dev/null 2>&1
	mv $CRON_ALLOW $CRON_ALLOW.old > /dev/null 2>&1

	#remove users for clean enviroment
    su $TEST_USER1 -c "crontab -r"
    su $TEST_USER2 -c "crontab -r"
        rm -rf /home/$TEST_USER1
        rm -rf /home/$TEST_USER2
	userdel $TEST_USER1
	userdel $TEST_USER2
	sleep 1

#create 1st user
	useradd -m -g users $TEST_USER1
	if [ $? != 0 ]
    then {
        echo "Could not add test user $TEST_USER1 to system."
        exit 1
    }
    fi

#create 2nd user
	useradd -m -g users $TEST_USER2
    if [ $? != 0 ]
    then {
        echo "Could not add test user $TEST_USER2 to system."
        exit 1
    }
    fi
}

#-----------------------------------------------------------------------
# FUNCTION:  do_cleanup
#-----------------------------------------------------------------------
do_cleanup(){
    su $TEST_USER1 -c "crontab -r"
    su $TEST_USER2 -c "crontab -r"
        rm -rf /home/$TEST_USER1
        rm -rf /home/$TEST_USER2
	userdel $TEST_USER1
	userdel $TEST_USER2
	rm $CRON_ALLOW
	mv $CRON_ALLOW.old $CRON_ALLOW > /dev/null 2>&1
	rm /tmp/cron_allow_test >/dev/null 2>&1
}

#-----------------------------------------------------------------------
# FUNCTION:  run_test
#-----------------------------------------------------------------------
run_test() {

if [ $iam = $TEST_USER1 ]
then
	echo "TEST: $CRON_ALLOW should only allow those in the file to
run cron jobs."

	echo "(1) TEST THAT PERSON IN $CRON_ALLOW IS ABLE TO RUN JOB."

	echo "backup crontab...."
    crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam

	crontab - << EOF
        `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test 2>&1
EOF
	if [ $? != 0 ]; then
	echo Error while adding crontab for user $TEST_USER1
	exit 1
	fi

	echo "sleeping for 130 seconds...."
	sleep 130

	EXIT_CODE=1
	test -e /tmp/cron_allow_test && EXIT_CODE=0

	if [ $EXIT_CODE = 1 ]; then
		echo "Cron did not allow user to execute job , TEST FAILED"
	else
		echo "Cron allowed user to execute test job, TEST PASSED"
	fi

	 echo "restore old crontab..."
     crontab /tmp/crontab-cronallow-save-$iam
     rm -f /tmp/crontab-cronallow-save-$iam


	rm -f /tmp/cron_allow_test

	exit $EXIT_CODE
fi

if [ $iam = $TEST_USER2 ]
then
        echo "(2) TEST THAT PERSON NOT IN $CRON_ALLOW IS NOT ABLE TO RUN JOB."

		echo "backup crontab...."
    	crontab -l | grep '^[^#]' > /tmp/crontab-cronallow-save-$iam

        crontab - << EOF
        `date '+%M' | awk '{ORS=""; print ($1+2)%60 " * * * * "}'` echo "TEST JOB RAN" >> /tmp/cron_allow_test1 2>&1
EOF
        if [ $? != 0 ]; then
        echo Error while adding crontab for user $TEST_USER2
        fi

        echo "sleeping for 130 seconds...."
        sleep 130

        EXIT_CODE=0
        test -e /tmp/cron_allow_test1 && EXIT_CODE=1

        if [ $EXIT_CODE = 0 ]; then
                echo "Cron did not allow user to execute job , TEST PASSED"
        else
                echo "Cron allowed user to execute test job, TEST FAILED"
        fi

		echo "restore old crontab..."
     	crontab /tmp/crontab-cronallow-save-$iam
     	rm -f /tmp/crontab-cronallow-save-$iam

        rm -f /tmp/cron_allow_test1

        exit $EXIT_CODE
fi

}

#-----------------------------------------------------------------------
# FUNCTION: main
#-----------------------------------------------------------------------
if [ $iam = "root" ]
then
	do_setup
	echo $TEST_USER1 > $CRON_ALLOW
	EXIT_CODE=0
	su $TEST_USER1 -c "$0"
	if [ $? != 0 ]
	then
	   EXIT_CODE=1
	fi
	su $TEST_USER2 -c "$0"
	if [ $? != 0 ]
	then EXIT_CODE=1
	fi
	do_cleanup
	exit $EXIT_CODE
else
	run_test
fi