#!/bin/sh
#*********************************************************************
#   Copyright (c) International Business Machines  Corp., 2003
#
#   This program is free software;  you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#   the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program;  if not, write to the Free Software
#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#
#
#
#  FILE   : acls
#
#  PURPOSE: Tests extended acls
#
#  HISTORY:
#    03/03 Jerone Young  (jyoung5@us.ibm.com)
#    09/08 Jacky Malcles changing the setup to have this TC started by runltp
#*********************************************************************
#
################################################################
#
# Make sure that uid=root is running this script.
# Make sure that loop device is built into the kernel
# Make sure that ACL(Access Control List) and Extended Attribute are
#     built into the kernel
#
#
################################################################

export TCID=acltest01
export TST_TOTAL=5
export TST_COUNT=1

. test.sh

TMP=${TMP:=/tmp}

TEST_USER1="acltest1"
TEST_USER1_GROUP="users"
TEST_USER1_PASSWD="ltp_test_pass1"
TEST_USER1_HOMEDIR="$TMP/tacl/mount-ext3/$TEST_USER1"

FILE_ACL="$TMP/tacl/mount-ext3/test_file"
FILE_ACL_LINK="$TMP/tacl/mount-ext3/test_file_link"
TCbin=`pwd`

COMMAND=$(command -v "getenforce" "setenforce" |wc -l)
if [ $COMMAND -eq 2 ]; then
	SELINUX=$(getenforce)
else
	SELINUX=""
fi

do_setup()
{
	tst_require_root

	if ! ( test -d $TMP/tacl || mkdir -m 777 $TMP/tacl) ; then
		tst_brkm TBROK "Failed to create $TMP/tacl directory."
	fi

	dd if=/dev/zero of=$TMP/tacl/blkext3 bs=1k count=10240 && chmod 777 $TMP/tacl/blkext3
	if [ $? -ne 0 ] ; then
		tst_brkm TBROK "Failed to create $TMP/tacl/blkext3"
	fi

	if ! LOOP_DEV=$(losetup -f) || [ "x$LOOP_DEV" = x ]; then
		tst_brkm TCONF "[ losetup.1 ] Failed to find an available loopback device -- is the required support compiled in your kernel?"
	fi

	if ! losetup $LOOP_DEV $TMP/tacl/blkext3 2>&1 > /dev/null; then
		echo ""
		tst_brkm TCONF "[ losetup.2 ] Failed to setup the device."
	fi

	mount | grep ext2
	if [ $? -ne 0 ]; then
		mkfs -t ext3 $LOOP_DEV #> /dev/null 2>&1
		mkdir  -m 777 $TMP/tacl/mount-ext3
		mount -t ext3 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
		if [ $? -ne 0 ]; then
			tst_resm TCONF "[ mount ] Make sure that ACL (Access Control List)"
			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
			tst_brkm TCONF "\t Can not mount ext3 file system with acl and user_xattr options\n"
		fi
	else
		mkfs -t ext2 $LOOP_DEV
		mkdir  -m 777 $TMP/tacl/mount-ext3
		mount -t ext2 -o defaults,acl,user_xattr $LOOP_DEV $TMP/tacl/mount-ext3
		if [ $? -ne 0 ]; then
			tst_resm TCONF "FAILED: [ mount ] Make sure that ACL (Access Control List)"
			tst_resm TCONF "\t and Extended Attribute are built into the kernel\n"
			tst_brkm TCONF "\t Can not mount ext2 file system with acl and user_xattr options\n"
		fi
	fi

	# We couldn't consider whether the SElinux is Disable or Permissive.
	# We only set it to Permissive when it it Enforcing.
	if [ "$SELINUX" = "Enforcing" ]; then
		echo "set the SElinux to Permissive."
		setenforce 0
	fi

	useradd -d $TEST_USER1_HOMEDIR -m -g $TEST_USER1_GROUP $TEST_USER1 -s /bin/sh
	if [ $? -ne 0 ]; then
		tst_brkm TBROK "Could not add test user $TEST_USER1."
	fi
}

do_cleanup()
{
	userdel $TEST_USER1 > /dev/null 2>&1
	rm -f $FILE_ACL > /dev/null 2>&1
	rm -f $FILE_ACL_LINK > /dev/null 2>&1
	mount | grep -q "$TMP/tacl/mount-ext3" && umount -d $TMP/tacl/mount-ext3
	rm -rf $TMP/tacl

	# We set it back to Enforcing.
	if [ "$SELINUX" = "Enforcing" ]; then
		echo "set the SElinux back to Enforcing."
		setenforce 1
	fi
}

do_setup
TST_CLEANUP=do_cleanup

tst_resm TINFO "Testing ACL for root"

touch $FILE_ACL
touch $FILE_ACL_LINK

#setup files for extended attributes
setfacl -mu:root:r $FILE_ACL_LINK
setfacl -mu:root:r $FILE_ACL

acl_file_test $FILE_ACL
if [ $? -ne 0 ]; then
	tst_resm TFAIL "Extended acls for files."
else
	tst_resm TPASS "Extended acls for files."
fi

acl_link_test $FILE_ACL_LINK
if [ $? -ne 0 ]; then
	tst_resm TFAIL "Extended acls for links."
else
	tst_resm TPASS "Extended acls for links."
fi

chown $TEST_USER1 $FILE_ACL
chown $TEST_USER1 $FILE_ACL_LINK

tst_resm TINFO "Testing ACL for $TEST_USER1"

#setup files for extended attributes
setfacl -m u:$TEST_USER1:r $FILE_ACL_LINK
setfacl -m u:$TEST_USER1:r $FILE_ACL

tst_su $TEST_USER1 "acl_file_test $FILE_ACL"
if [ $? -ne 0 ]; then
	tst_resm TFAIL "Extended acls for files."
else
	tst_resm TPASS "Extended acls for files."
fi

tst_su $TEST_USER1 "acl_link_test $FILE_ACL_LINK"
if [ $? -ne 0 ]; then
	tst_resm TFAIL "Extended acls for links."
else
	tst_resm TPASS "Extended acls for links."
fi

tst_exit
