#!/bin/sh -u
#
#   Copyright (C) 2008 CAI Qian <caiqian@cclom.cn>
#   Copyright (c) International Business Machines  Corp., 2003
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful, but
#   WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#   General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this pronram; if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
#   USA
#
#   FILE: /etc/at.allow
#
#   PURPOSE: Test that /etc/at.allow , only allows those in the file to
#   run cron jobs.
#
#   HISTORY:
#           04/03 Jerone Young (jyoung5@us.ibm.com)
#

allow="/etc/at.allow"
test_user1="test_user_1"
test_user2="test_user_2"
test_user2_home="/home/${test_user2}"
test_user1_home="/home/${test_user1}"
tmpfile="/tmp/at_allow_test"

#-----------------------------------------------------------------------
# FUNCTION:  do_setup
#-----------------------------------------------------------------------

do_setup()
{
    # Move any files that may get in the way.
    rm "${tmpfile}" >/dev/null 2>&1
    mv "${allow}" "${allow}.old" >/dev/null 2>&1

    # Remove users for clean enviroment.
    rm -rf "${test_user1_home}" "${test_user2_home}"
    userdel -r "${test_user1}" >/dev/null 2>&1
    userdel -r "${test_user2}" >/dev/null 2>&1

    # Create the 1st user.
    useradd -g users -d "${test_user1_home}"  -m "${test_user1}"
    if [ $? != 0 ]; then
	echo "Could not add test user ${test_user1} to system."
	exit 1
    fi

    # Create the 2nd user.
    useradd -g users -d "${test_user2_home}" -m "${test_user2}"
    if [ $? != 0 ]; then
	echo "Could not add test user ${test_user2} to system."
	exit 1
    fi

    # This is the workaround for a potential bug.
    # [Bug 468337] At Refuse to Work with Non-login Shell
    # https://bugzilla.redhat.com/show_bug.cgi?id=468337
    # As we are running in non-login shell now, we cannot run the script
    # by simply given it a relative path. Therefore, we copy it to test
    # users' home directories, and run it from there.
    cp "$0" "${test_user1_home}"
    cp "$0" "${test_user2_home}"

    # Restart atd daemon.
    /etc/init.d/atd restart
}

#-----------------------------------------------------------------------
# FUNCTION:  do_cleanup
#-----------------------------------------------------------------------
do_cleanup()
{
    # We forcefully remove those files anyway. Otherwise userdel may
    # give us bad warnings.
    rm -rf "${test_user1_home}" "${test_user2_home}"
    userdel -r "${test_user1}" >/dev/null 2>&1
    userdel -r "${test_user2}" >/dev/null 2>&1
    rm "${allow}"
    mv "${allow}.old" "${allow}" >/dev/null 2>&1
    rm "${tmpfile}" >/dev/null 2>&1
}

#-----------------------------------------------------------------------
# FUNCTION:  run_test
#-----------------------------------------------------------------------
run_test()
{
    if [ $(whoami) = "${test_user1}" ]; then 
        echo "TEST: $allow should allow only those who in the file to\
 run jobs."
        echo "(1) TEST THAT PERSON IN ${allow} IS ABLE TO RUN JOB."
	echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" |
         at -m now + 1 minutes
        if [ $? != 0 ]; then
            echo "Error while adding job using at for user ${test_user1}."
            exit 1
        fi
        echo " Sleeping for 75 seconds...."	
        sleep 75

        exit_code=1
        test -e "${tmpfile}" && exit_code=0
        if [ ${exit_code} -eq 1 ]; then
            echo "At did not allow user to execute job, TEST FAILED."
	else
            echo "At allowed user to exectue test job, TEST PASSED."
	fi

	rm -f "${tmpfile}" >/dev/null 2>&1
        exit ${exit_code}

    elif [ $(whoami) = "${test_user2}" ]; then
        echo "(2) TEST PERSON THAT IS NOT IN ${allow} IS NOT ABLE TO\
 RUN JOB."
        echo "echo 'TEST JOB RAN' >>\"${tmpfile}\" 2>&1" |
         at -m now + 1 minutes
        if [ $? != 0 ]; then
            echo "Expected error while adding job user at for user\
 ${test_user2}"
        fi
	echo "Sleeping for 75 seconds...."
        sleep 75

        exit_code=1
        test -e "${tmpfile}" || exit_code=0
        if [ ${exit_code} -eq 1 ]; then
            echo "At allowed user to exectue test job, TEST FAILED."
        else
            echo "At did not allow user to execute job, TEST PASSED."
        fi

        rm -f "${tmpfile}" >/dev/null 2>&1
	exit ${exit_code}
    fi
}

#-----------------------------------------------------------------------
# FUNCTION: main
#-----------------------------------------------------------------------
if [ $(whoami) = "root" ]; then
    do_setup
    echo "${test_user1}" >"${allow}"
    exit_code=0
    
    su "${test_user1}" -lc "${test_user1_home}/$(basename $0)"
    if [ $? != 0 ]; then
	exit_code=1
    fi
    
    su "${test_user2}" -lc "${test_user2_home}/$(basename $0)"
    if [ $? != 0 ]; then
	exit_code=1
    fi 
    do_cleanup
    exit ${exit_code}
else
    run_test
    exit 0
fi
