#!/usr/bin/python2.6
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.

import privileges
import rbac
import os
import sys
import tempfile

# privileges tests

def test_setppriv():
    amchild = os.fork()
    if amchild == 0:
        if privileges.setppriv(privileges.PRIV_OFF, privileges.PRIV_EFFECTIVE, 
            ['proc_fork']):
            try:
                os.fork()
                sys.exit(1)
            except OSError, e:
                sys.exit(0)

    child = os.wait()
    if child[1] is not 0:
        print "setppriv. Bad exit status from pid %i\n" % child[0]
        return False
    return True

def test_getppriv():
    if 'proc_fork' in privileges.getppriv(privileges.PRIV_LIMIT):
        return True
    print "getppriv or PRIV_PROC_FORK not in PRIV_LIMIT.\n"
    return False

def test_priv_ineffect():
    if privileges.priv_ineffect('proc_fork'):
        return True
    print "priv_ineffect or PRIV_PROC_FORK not in effect\n"
    return False

# authattr tests

def test_chkauthattr():
    try:
        a = rbac.authattr()
    except Exception, e:
        print "Could not instantiate authattr object: %s\n" % e
        return False
    try:
        res = a.chkauthattr('solaris.*', 'root')
    except Exception, e:
        print "chkauthattr failed: %s\n" % e
        return False
    if not res:
        print "chkauthattr failed or \'root\' lacks \'solaris.*\'\n"
        return False
    return True

def test_getauthattr():
    try:
        a = rbac.authattr()
    except Exception, e:
        print "Could not instantiate authattr object: %s\n" % e
        return False
    try:
        res = a.getauthattr()
    except Exception, e:
        print "getauthattr failed: %s\n" % e
        return False
    if not 'name' in res.keys():
        print "getauthattr failed\n"
        return False
    return True

def test_getauthnam():
    try:
        a = rbac.authattr()
    except Exception, e:
        print "Could not instantiate authattr object: %s\n" % e
        return False
    try:
        res = a.getauthnam('solaris.')
    except Exception, e:
        print "getauthnam failed: %s\n" % e
        return False
    if not res:
        print "getauthnam failed or \'solaris.\' not in auth_attr(4)\n"
        return False
    return True

def test_authattr_iter():
    try:
        a = rbac.authattr()
    except Exception, e:
        print "Could not instantiate authattr object: %s\n" % e
        return False
    res = a.next()
    if not 'name' in res.keys() or type(a) != type(a.__iter__()):
        print "authattr object is not an iterable\n"
        return False
    return True

# execattr tests

def test_getexecattr():
    try:
        a = rbac.execattr()
    except Exception, e:
        print "Could not instantiate execattr object: %s\n" % e
        return False
    try:
        res = a.getexecattr()
    except Exception, e:
        print "getexecattr failed: %s\n" % e
        return False
    if not 'name' in res.keys():
        print "getexecattr failed\n"
        return False
    return True

def test_getexecuser():
    try:
        a = rbac.execattr()
    except Exception, e:
        print "Could not instantiate execattr object: %s\n" % e
        return False
    try:
        res = a.getexecuser("root", "act", "*;*;*;*;*")
    except Exception, e:
        print "getexecuser failed: %s\n" % e
        return False
    if not res:
        print "getexecuser failed or \'root\' not assigned to \'act\', " \
            "\'*;*;*;*;*\' \n"
        return False
    return True


def test_getexecprof():
    try:
        a = rbac.execattr()
    except Exception, e:
        print "Could not instantiate execattr object: %s\n" % e
        return False
    try:
        res = a.getexecprof("All", "cmd", "*")
    except Exception, e:
        print "getexecprof failed: %s\n" % e
        return False
    if not res:
        print "getexecprof failed or \'All\' not granted \'cmd\' : \'*\'\n"
        return False
    return True

def test_execattr_iter():
    try:
        a = rbac.execattr()
    except Exception, e:
        print "Could not instantiate execattr object: %s\n" % e
        return False
    res = a.next()
    if not 'name' in res.keys() or type(a) != type(a.__iter__()):
        print "execattr object is not an iterable\n"
        return False
    return True

# userattr tests

def test_getuserattr():
    try:
        a = rbac.userattr()
    except Exception, e:
        print "Could not instantiate userattr object: %s\n" % e
        return False
    try:
        res = a.getuserattr()
    except Exception, e:
        print "getuserattr failed: %s\n" % e
        return False
    if not 'name' in res.keys():
        print "getuserattr failed\n"
        return False
    return True

def test_fgetuserattr():
    temp = tempfile.NamedTemporaryFile()
    temp.write("user::::profiles=Software Installation;roles=foo;"\
        "auths=solaris.foo.bar")
    temp.seek(0)
    try:
        a = rbac.userattr()
    except Exception, e:
        print "Could not instantiate userattr object: %s\n" % e
        return False
    try:
        res = a.fgetuserattr(temp.name)
        temp.close()    
    except Exception, e:
        print "fgetuserattr failed: %s\n" % e
        temp.close()
        return False
    if not 'name' in res.keys():
        print "fgetuserattr failed\n"
        return False
    return True

def test_getuseruid():
    try:
        a = rbac.userattr()
    except Exception, e:
        print "Could not instantiate userattr object: %s\n" % e
        return False
    try:
        res = a.getuseruid(0)
    except Exception, e:
        print "getusernam failed: %s\n" % e
        return False
    if not 'name' in res:
        print "getusernam failed or no uid 0\n"
        return False
    return True

def test_getusernam():
    try:
        a = rbac.userattr()
    except Exception, e:
        print "Could not instantiate userattr object: %s\n" % e
        return False
    try:
        res = a.getusernam('root')
    except Exception, e:
        print "getusernam failed: %s\n" % e
        return False
    if not 'name' in res:
        print "getusernam failed or no \'root\' user\n"
        return False
    return True

def test_userattr_iter():
    try:
        a = rbac.userattr()
    except Exception, e:
        print "Could not instantiate userattr object: %s\n" % e
        return False
    res = a.next()
    if not 'name' in res.keys() or type(a) != type(a.__iter__()):
        print "userattr object is not an iterable\n"
        return False
    return True

if not test_setppriv() or not test_getppriv() or not test_priv_ineffect():
    print "*** Failures detected in privileges module\n"    
    sys.exit(1)

if not test_getauthattr() or not test_chkauthattr() or not test_getauthnam() \
    or not test_authattr_iter:
    print "*** Failures detected in rbac.authattr\n"
    sys.exit(1)

if not test_getexecattr() or not test_getexecuser() or not test_getexecprof() \
    or not test_execattr_iter():
    print "*** Failures detected in rbac.execattr\n"
    sys.exit(1)

if not test_getuserattr() or not test_fgetuserattr() or not test_getusernam()\
    or not test_getuseruid() or not test_userattr_iter():
    print "*** Failures detected in rbac.userattr\n"
    sys.exit(1)