#!/bin/bash
# meta: proxy=True
# meta: preconfig=../../DPM-config
##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004.
# See http://www.eu-egee.org/partners/ for details on the copyright
# holders.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# AUTHORS: Dimitar Shiyachki <Dimitar.Shiyachki@cern.ch>
#
##############################################################################

SCRIPTDIR="$(dirname "$(readlink -f ${BASH_SOURCE})")"
source "${SCRIPTDIR}/../../Macros"

PROXY_NEEDED

TEST_DIR=d`date +%s%N`
TEST_SUBDIR1=s1`date +%s%N`
DUMMY_GROUPNAME=g`date +%s%N`
TEMP_FILE=/tmp/_dpm_test_temp

voms-proxy-info -all

FQANlist=$(voms-proxy-info -all | grep "^attribute : /$VO" | \
           sed -e 's/\/Role=NULL//' | sed -e 's/\/Capability=NULL//' \
           | sed -e 's/attribute : //')

echo
echo "Current user's FQAN list:"
echo "$FQANlist"
echo
echo "Working directory is: $DPNS_HOME"
echo

echo "Creating directory $TEST_DIR/$TEST_SUBDIR1"
dpns-mkdir -p $TEST_DIR/$TEST_SUBDIR1

echo
echo -n "Looking up owning group id: "
ORIGINAL_GID=$(dpns-ls -l $DPNS_HOME/$TEST_DIR | grep $TEST_SUBDIR1 | \
               sed -e 's/[rwxd-]*\s*[0-9]*\s*[0-9]*\s*\([0-9]*\).*/\1/')
echo $ORIGINAL_GID

echo
echo -n "Getting the FQAN corresponding to the group id: "
ORIGINAL_GROUPNAME=$(dpns-listgrpmap --gid $ORIGINAL_GID | sed -e 's/\s*[0-9]*\s*//')
echo $ORIGINAL_GROUPNAME

NEW_GROUPNAME=""
echo
echo -n "Picking a FQAN from the user's proxy FQANs: "
for fqan in $FQANlist; do
   sfqan=$(echo $fqan | sed -e 's/\///')
   if [ "$sfqan" != "$ORIGINAL_GROUPNAME" ]; then
      NEW_GROUPNAME=$(echo $fqan | sed -e 's/\///')
      break
   fi
done
echo $NEW_GROUPNAME

if [ "x$NEW_GROUPNAME" == "x" ]; then
  echo "The user must have at least two different FQAN!!"
  exit 1
fi

echo
echo -n "Checking whether the FQAN is registered in the DPNS groupmap: "
NEW_GID=$(dpns-listgrpmap --group "$NEW_GROUPNAME" | sed -e 's/\s*\([0-9]*\)\s*.*/\1/')
if [ -z "$NEW_GID" ]; then
   echo "not registered"
   echo "Trying to register remotely on the DPM head node using ssh remote command"
   DPM_HOST_EXEC "export DPNS_HOST=localhost; export PATH=$PATH:/opt/lcg/bin; dpns-entergrpmap --group $NEW_GROUPNAME"
   echo -n "Looking up the new GID: "
   NEW_GID=$(dpns-listgrpmap --group "$NEW_GROUPNAME" | sed -e 's/\s*\([0-9]*\)\s*.*/\1/')
fi
echo $NEW_GID

echo
echo -n "Proceeding with the group owner change of $TEST_DIR/$TEST_SUBDIR1"
dpns-chgrp $NEW_GID $TEST_DIR/$TEST_SUBDIR1
if [ $? -ne 0 ]; then
   dpns-rm -r $TEST_DIR
   TEST_FAILED "...error occured"
fi

echo -n "Checking the newly set group owner with dpns-ls"
NEWLYSET_GID=$(dpns-ls -l $TEST_DIR | grep $TEST_SUBDIR1 | \
               sed -e 's/[rwxd-]*\s*[0-9]*\s*[0-9]*\s*\([0-9]*\).*/\1/')
if [ $NEW_GID -ne $NEWLYSET_GID ]; then
   dpns-rm -r $TEST_DIR
   TEST_FAILED "New gid does not match"
else
   echo "...ok"
fi

echo
echo "Registering a dummy group in the DPNS groupmap: $DUMMY_GROUPNAME"
echo "Our user is not its member. Group owner change access should be denied."
DPM_HOST_EXEC "export DPNS_HOST=localhost; export PATH=$PATH:/opt/lcg/bin; dpns-entergrpmap --group $DUMMY_GROUPNAME"
echo -n "Looking up the GID of the dummy group: "
DUMMY_GID=$(dpns-listgrpmap --group "$DUMMY_GROUPNAME" | sed -e 's/\s*\([0-9]*\)\s*.*/\1/')
echo $DUMMY_GID
dpns-chgrp $DUMMY_GID $TEST_DIR/$TEST_SUBDIR1 2>$TEMP_FILE
if ( [ $? -eq 0 ] ) || \
      ( ! grep -q "Operation not permitted" $TEMP_FILE; ); then
   dpns-rm -r $TEST_DIR
   DPM_HOST_EXEC "export DPNS_HOST=localhost; \
             export PATH=$PATH:/opt/lcg/bin; dpns-rmgrpmap --gid $DUMMY_GID --group $DUMMY_GROUPNAME"
   TEST_FAILED "Error. Access allowed."
else
   echo
   echo "OK: Access denied."
   cat $TEMP_FILE
   echo
fi

DPM_HOST_EXEC "export DPNS_HOST=localhost; \
          export PATH=$PATH:/opt/lcg/bin; dpns-rmgrpmap --gid $DUMMY_GID --group $DUMMY_GROUPNAME"

dpns-rm -r $TEST_DIR
rm -f $TEMP_FILE

echo "OVERALL RESULT:"
TEST_PASSED

