#!/bin/sh
#
#   Copyright (C) International Business Machines  Corp., 2003
#
#   This program is free software;  you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY;  without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
#   the GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this pronram;  if not, write to the Free Software
#   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
#
#  FILE   : ftpusers01
#
#  PURPOSE: Test functionality of the /etc/ftpusers file; verify that this
#           can restrict ftp access to this host 
#
#  HISTORY:
#     03/03  Jerone Young (jeroney@us.ibm.com) 
#     04/03  Dustin Kirkland (k1rkland@us.ibm.com)
#
#  NOTE:
#	This version is intended for EAL certification, it will need modification 
#	to conform with LTP standards in the offical LTP tree.

RHOST="localhost"
TEST_USER="ftp_user"
TEST_USER_PASSWD="ltp_test_pass"
TEST_USER_ENCRYPTED_PASSWD="\$1\$1yzzszzz\$7P9AphbzAN43pTktT/kpp/"
TEST_USER_HOMEDIR="/home/$TEST_USER"
TEST=0

#-----------------------------------------------------------------------
# FUNCTION:  create_user
#-----------------------------------------------------------------------

create_user(){

        echo "Creating test user $TEST_USER..."
	
	#erase user if he may exist , so we can have a clean env
        rm -rf /home/$TEST_USER
	userdel $TEST_USER 
        sleep 1

	useradd -m -p $TEST_USER_ENCRYPTED_PASSWD $TEST_USER 

	if [ $? != 0 ] 
	then { 
		echo "Could not add test user $TEST_USER to system $RHOST."
		exit 1
	}
	fi

	USER_UID=`id -u $TEST_USER`
	USER_GID=`id -g $TEST_USER`
        remove_user_from_ftp_users_db
	
}

#-----------------------------------------------------------------------
# FUNCTION:  delete_user
#-----------------------------------------------------------------------

delete_user(){
        echo "Deleting test user $TEST_USER..."
        rm -rf /home/$TEST_USER
	userdel $TEST_USER
        if [ $? != 0 ]
        then
                echo "Not able to delete test user $TEST_USER."
                exit 1
        fi
}

#-----------------------------------------------------------------------
# FUNCTION:  verify_user_not_in_ftpusers_db
#-----------------------------------------------------------------------

verify_user_not_in_ftpusers_db(){

        echo "Verifying test user $TEST_USER not in /etc/ftpusers database..."

        FTPUSERS=`grep $TEST_USER /etc/ftpusers`
        if [ "x$FTPUSERS" != "x" ]
        then {
            echo "Test user $TEST_USER found in /etc/ftpusers when it should not."
            exit 1
        }
        fi
}

#-----------------------------------------------------------------------
# FUNCTION:  verify_user_is_in_ftpusers_db
#-----------------------------------------------------------------------

verify_user_is_in_ftpusers_db(){
        echo "Verifying test user $TEST_USER is in /etc/ftpusers database..."
        FTPUSERS=`grep $TEST_USER /etc/ftpusers`
        if [ "x$FTPUSERS" == "x" ]
        then {
            echo "Test user $TEST_USER not found in /etc/ftpusers when it should."
            exit 1
        }
        fi
}

#-----------------------------------------------------------------------
# FUNCTION: verify_user_can_ftp
#
# DESCRIPTION: The test user will ftp in and create a directory in his home directory on the remote host.
#              The directory is then checked on the remote hosts to see if it is owned
#	       by the test user. 
#-----------------------------------------------------------------------

verify_user_can_ftp(){

        echo "Verifying test user $TEST_USER can ftp to $RHOST..."

        expect -c "
                   spawn ftp $RHOST
                   sleep 1
                   expect -re \": \"
                   send \"$TEST_USER\r\"
                   expect -re \"Password:\"
                   send \"$TEST_USER_PASSWD\r\"
                   expect {
                     # 530 - Login failed
                           \"530\" {send_user \"==> TEST \#$TEST : FAIL (ftp rejected login attempt)\n\";exit 1}
                     # 230 - Login successful
                           \"230\" {send_user \"==> TEST \#$TEST : PASS (ftp allowed login attempt)\n\";exit 0}
                   }
                   expect \"ftp> \"
                   send \"quit\r\"
                  "
        TEST=$(($TEST+1))
	if [ $? != 0 ] 
        then {
		exit 1
        }
	fi
}

#-----------------------------------------------------------------------
# FUNCTION: verify_user_cannot_ftp
#
# DESCRIPTION: The test user will ftp in and create a directory in his 
#              home directory on the remote host.
#              The directory is then checked on the remote hosts to see 
#              if it is owned by the test user.
#-----------------------------------------------------------------------

verify_user_cannot_ftp(){

        expect -c "
                   spawn ftp $RHOST
                   sleep 1
                   expect -re \": \"
                   send \"$TEST_USER\r\"
                   expect -re \"Password:\"
                   send \"$TEST_USER_PASSWD\r\"
                   expect {
                     # 530 - Login failed
                           \"530\" {send_user \"==> TEST \#$TEST : PASS (ftp rejected login attempt)\n\";exit 0}
                     # 230 - Login successful
                           \"230\" {send_user \"==> TEST \#$TEST : FAIL (ftp allowed login attempt)\n\";exit 1}
                   }
                   expect \"ftp> \"
                   send \"quit\r\"
                  "
        TEST=$(($TEST+1))
        if [ $? != 0 ]
        then {
                   exit 1
        }
        fi
}

#-----------------------------------------------------------------------
# FUNCTION:  add_user_to_ftpusers_db
#-----------------------------------------------------------------------

add_user_to_ftpusers_db(){
        echo "Adding test user $TEST_USER to /etc/ftpusers database..."
        echo $TEST_USER >> /etc/ftpusers
        if [ $? != 0 ]
        then
                echo "Not able to add test user $TEST_USER to /etc/ftpusers."
                exit 1
        fi
}


#-----------------------------------------------------------------------
# FUNCTION:  remove_user_from_ftp_users_db
#-----------------------------------------------------------------------

remove_user_from_ftp_users_db(){
        echo "Removing test user $TEST_USER from /etc/ftpusers database..."
        cat /etc/ftpusers | grep -v "^$TEST_USER$" > /etc/ftpusers
        if [ $? != 0 ]
        then
                echo "Warning: Not able to remove test user $TEST_USER from /etc/ftpusers or file empty."
##########################
#                exit 1  #
##########################
        fi
}


#----------------------------------------------------------------------
# FUNCTION: MAIN
# PURPOSE:  To invoke the functions to perform the tasks described in
#           the prologue.
#----------------------------------------------------------------------
create_user
echo "-> Test #0 : Verify user not in /etc/ftpusers and can FTP"
verify_user_not_in_ftpusers_db
verify_user_can_ftp
echo "-> Test #1 : Add user to /etc/ftpusers and verify user cannot FTP"
add_user_to_ftpusers_db
verify_user_is_in_ftpusers_db
verify_user_cannot_ftp
echo "-> Test #2 : Remove user from /etc/ftpusers and verify user can FTP"
remove_user_from_ftp_users_db
verify_user_can_ftp
delete_user
