apfstests/093

#! /bin/bash
# FS QA Test No. 093
#
# Test out for IRIX the removal of file capabilities when
# writing to the file (when it doesn't have CAP_FSETID & CAP_SETFCAP)
# i.e. not root.
# Test out fix for pv#901019
#
#-----------------------------------------------------------------------
# Copyright (c) 2000-2004 Silicon Graphics, Inc.  All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#
#-----------------------------------------------------------------------
#
# creator
owner=tes@sgi.com

seq=`basename $0`

here=`pwd`
tmp=/tmp/$$
runas=$here/src/runas
status=1	# FAILure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

# get standard environment, filters and checks
. ./common.rc
. ./common.filter
. ./common.attr

_cleanup()
{
    [ -n "$testdir" ] && rm -f $file
    _cleanup_testdir
}

_testfilter()
{
    sed -e "s#$testdir#TESTDIR#g"
}

_filefilter()
{
    sed -e "s#$tmp##" -e "s#$file#file#"
}

# real QA test starts here
_supported_fs generic
_supported_os IRIX

[ -x $runas ] || _notrun "$runas executable not found"

rm -f $seq.full

_setup_testdir
_need_to_be_root

echo "QA output created by $seq"
echo ""
file=$testdir/$seq.file

user=`grep ':all=:all=' /etc/capability | tail -1 | $AWK_PROG -F: '{print $1}'`
uid=`_cat_passwd | grep $user | $AWK_PROG -F: '{print $3}'`

cat >$tmp.append <<EOF
#!/bin/bash
echo data >>$file
EOF
chmod ugo+x $tmp.append

echo "touch file"
touch $file
chmod ugo+w $file 

echo "chcap on file"
chcap CAP_CHOWN+p $file

echo "ls -P on file"
ls -P $file | _testfilter

echo "append to file as root"
$tmp.append

echo "ls -P on file"
ls -P $file | _testfilter

echo "cat file"
echo "----"
cat $file
echo "----"

echo "append to file as user without caps"
# in particular user doesn't have FSETID or SETFCAP
$runas -u $uid $tmp.append

echo "cat file"
echo "----"
cat $file
echo "----"

echo "ls -P on file"
ls -P $file | _testfilter

# try again when it doesn't have the EA
echo "append to file as user without caps a 2nd time"
$runas -u $uid $tmp.append

echo "ls -P on file"
ls -P $file | _testfilter

echo "cat file"
echo "----"
cat $file
echo "----"

echo "only let root write to file"
chmod 700 $file
chown root $file 

echo "as non-root try to append to file"
$runas -u $uid $tmp.append 2>&1 | _filefilter

echo "restore perms on file"
chmod 777 $file

echo "set a root EA on file"
attr -R -s test -V testval $file | _filefilter

echo "list EA on file"
attr -R -l $file | _filefilter

echo "as non-root try to append to file"
$runas -u $uid $tmp.append 2>&1 | _filefilter

echo "list EA on file"
attr -R -l $file | _filefilter

chown $uid $file
chmod ugo+w $testdir
echo "as non-root call writemod"
$runas -u $uid src/writemod $file 2>&1 | _filefilter

echo "cat file"
echo "----"
cat $file
echo "----"

# success, all done
status=0
exit