#!/bin/sh
#*********************************************************************
#   Copyright (c) International Business Machines  Corp., 2003
#
#   This program is free software;  you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#   the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program;  if not, write to the Free Software
#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
#
#
#  FILE   : acls
#
#  PURPOSE: Tests extended acls
#
#  HISTORY:
#    03/03 Jerone Young  (jyoung5@us.ibm.com)
#    09/08 Jacky Malcles changing the setup to have this TC started by runltp
#*********************************************************************
#
################################################################
#
# Make sure that uid=root is running this script.
# Make sure that loop device is built into the kernel
# Make sure that ACL(Access Control List) and Extended Attribute are
#     built into the kernel
#
#
################################################################

export TCID=acltest01
export TST_TOTAL=5
export TST_COUNT=1

. test.sh

TMP=${TMP:=/tmp}

TEST_USER1="acltest1"
TEST_USER1_GROUP="users"
TEST_USER1_PASSWD="ltp_test_pass1"
TEST_USER1_HOMEDIR="$TMP/tacl/mount-ext3/$TEST_USER1"

FILE_ACL="$TMP/tacl/mount-ext3/test_file"
FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
TCbin=`pwd`

COMMAND=$(command -v "getenforce" "setenforce" |wc -l)
if [ $COMMAND -eq 2 ]; then
	SELINUX=$(getenforce)
else
	SELINUX=""
fi

#-----------------------------------------------------------------------
# FUNCTION:  do_setup
#-----------------------------------------------------------------------

do_setup(){

	tst_require_root

	rm -f $FILE_ACL
	rm -f $FILE_ACL_LINK

	# We couldn't consider whether the SElinux is Disable or Permissive.
	# We only set it to Permissive when it it Enforcing.
	if [ "$SELINUX" = "Enforcing" ]; then
		echo "set the SElinux to Permissive."
		setenforce 0
	fi

	if [ "x$TEST_USER1_HOMEDIR" = "x" ]; then
		tst_brkm TBROK "Could not find user $TEST_USER1's home directory."
	fi

	# XXX (garrcoop): why is cleanup junk being done in setup??? Bad test!!!
	rm -rf $TEST_USER1_HOMEDIR
	userdel $TEST_USER1 > /dev/null 2>&1
	sleep 1
	useradd -d $TEST_USER1_HOMEDIR -m -g $TEST_USER1_GROUP $TEST_USER1 -s /bin/sh

	if [ $? -ne 0 ]; then
		tst_brkm TBROK "Could not add test user $TEST_USER1."
	fi

}

#-----------------------------------------------------------------------
# FUNCTION:  do_cleanup
#-----------------------------------------------------------------------

do_cleanup() {
	rm -rf $TEST_USER1_HOMEDIR
	userdel $TEST_USER1 > /dev/null 2>&1
	rm -f $FILE_ACL > /dev/null 2>&1
	rm -f $FILE_ACL_LINK > /dev/null 2>&1
	mount | grep "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
	[ "x$LOOP_DEV" != x ] && losetup -d $LOOP_DEV
	rm -rf $TMP/tacl

	# We set it back to Enforcing.
	if [ "$SELINUX" = "Enforcing" ]; then
		echo "set the SElinux back to Enforcing."
		setenforce 1
	fi
}

#-----------------------------------------------------------------------
# FUNCTION:  MAIN
#-----------------------------------------------------------------------

iam=`whoami`
if [ "z$iam" = "z$TEST_USER1" ]
then
	echo ""
else
	tst_require_root

	if ! ( test -d $TMP/tacl || mkdir -m 777 $TMP/tacl) ; then
		tst_brkm TBROK "Failed to create $TMP/tacl directory."
	fi

	trap do_cleanup EXIT

	#	The  following  commands  can  be  used as an example of using
	#	a loopback device.

	dd if=/dev/zero of=$TMP/tacl/blkext3 bs=1k count=10240 && chmod 777 $TMP/tacl/blkext3
	if [ $? -ne 0 ] ; then
		tst_brkm TBROK "Failed to create $TMP/tacl/blkext3"
	fi

	# Avoid hardcoded loopback device values (-f tries to find the first
	# available loopback device name)!
	if ! LOOP_DEV=$(losetup -f) || [ "x$LOOP_DEV" = x ]; then
		tst_brkm TCONF "[ losetup.1 ] Failed to find an available loopback device -- is the required support compiled in your kernel?"
	fi

	if ! losetup $LOOP_DEV $TMP/tacl/blkext3 2>&1 > /dev/null; then
		echo ""
		tst_brkm TCONF "[ losetup.2 ] Failed to setup the device."
	fi

	mount | grep ext2
	if [ $? -ne 0 ]; then
		mkfs -t ext3 $LOOP_DEV #> /dev/null 2>&1
		mkdir  -m 777 $TMP/tacl/mount-ext3
		mount -t ext3 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
		if [ $? -ne 0 ]
		then
			tst_resm TCONF "[ mount ] Make sure that ACL (Access Control List)"
			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
			tst_brkm TCONF "\t Can not mount ext3 file system with acl and user_xattr options\n"
		fi
	else

		mkfs -t ext2 $LOOP_DEV
		mkdir  -m 777 $TMP/tacl/mount-ext3
		mount -t ext2 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
		if [ $? -ne 0 ]
		then
			tst_resm TCONF "FAILED: [ mount ] Make sure that ACL (Access Control List)"
			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
			tst_brkm TCONF "\t Can not mount ext2 file system with acl and user_xattr options\n"
		fi

	fi

fi

if [ "z$iam" = "z$TEST_USER1" ]
then
	echo ""
	echo "TESTING ACLS FOR 2ND USER $iam"

	#setup files for extended attributes
	setfacl -m u:$TEST_USER1:r $FILE_ACL_LINK
	setfacl -m u:$TEST_USER1:r $FILE_ACL

	echo "Trying extended acls for files"
	${TCbin}/acl_file_test $FILE_ACL
	if [ $? -ne 0 ]
	then
		tst_resm TFAIL "Extended acls for files."
	else
		tst_resm TPASS "Extended acls for files."
	fi

	echo "Trying extended acls for file links"
	${TCbin}/acl_link_test $FILE_ACL_LINK
	if [ $? -ne 0 ]
	then
		tst_resm TFAIL "Extended acls for links."
	else
		tst_resm TPASS "Extended acls for links."
	fi
else
	do_setup
	echo ""
	echo "TESTING ACLS FOR USER $iam"

	touch $FILE_ACL
	touch $FILE_ACL_LINK

	#setup files for extended attributes
	setfacl -mu:root:r $FILE_ACL_LINK
	setfacl -mu:root:r $FILE_ACL

	echo "Trying extended acls for files"
	${TCbin}/acl_file_test $FILE_ACL
	if [ $? -ne 0 ]
	then
		tst_resm TFAIL "Extended acls for files."
	else
		tst_resm TPASS "Extended acls for files."
	fi

	echo "Trying extended acls for file links"
	${TCbin}/acl_link_test $FILE_ACL_LINK
	if [ $? -ne 0 ]
	then
		tst_resm TFAIL "Extended acls for links."
	else
		tst_resm TPASS "Extended acls for links."
	fi

	chown $TEST_USER1 $FILE_ACL
	chown $TEST_USER1 $FILE_ACL_LINK

	su $TEST_USER1 -c "$0"
	echo ""
	do_cleanup
fi

tst_exit
