#!/bin/sh

# Copy packet genrating program to unique name, so we can find it in the output
# from dmesg. Print the copy's name.
copy() {
	progcopy=$(mktemp /tmp/sft-XXXXXX) # Fits in sched.h's TASK_COMM_LEN.
	if [ x$(basename $1) = x$1 ]; then
		cp $(which $1) $progcopy 
	else
		cp $1 $progcopy # Uniquely rename to find in dmesg output.
	fi
	chmod +x $progcopy
	echo $progcopy
}

failmsg() {
	echo "*FAIL* ($*)"
}

passmsg() {
	echo " PASS  ($*)"
}

# Copy packet_generator arg. to a random name, so we can identify its use in a log.
# Then, run the prog command and check to see if it produced evil packets.
test() {
	regex=$1
	evil=$2
	good=$3
	bad=$4
	prog=$5
	shift # Regex.
	shift # Evil flag.
	shift # Good message.
	shift # Bad message. 
	shift # Program; rest are args. to prog.
	baseprog=$(basename $prog)
	$prog $* > /dev/null
	if [ $? != 0 ]; then
		failmsg $prog $* itself failed
		return 1
	fi
	# Lazy-eval \$baseprog in $regex:
	dmesg | eval grep \"$regex\" > /dev/null
	see_no_evil=$?
	if [ xevil = x$evil ]; then
		if [ 1 = $see_no_evil ]; then
			failmsg $baseprog $bad
			return 1
		else
			passmsg $baseprog $good
			return 0
		fi
	else
		if [ 1 = $see_no_evil ]; then
			passmsg $baseprog $good
			return 0
		else
			failmsg $baseprog $bad
			return 1
		fi
	fi
}

test_evil_bit() {
	test "setting evil bit.*\$baseprog" evil "tainted" "should have been tainted" $*
}

test_ipv6_evil_label() {
	test "setting IPv6 evil label.*\$baseprog" evil "tainted" "should have been tainted" $*
}

test_ipv6_no_evil_label() {
	test "setting IPv6 evil label.*\$baseprog" no_evil "not tainted" "should not have been tainted" $*
}

test_no_evil_bit() {
	test "setting evil bit.*\$baseprog" no_evil "not tainted" "should not have been tainted" $*
}

test_inherit_logged() {
	test "\$baseprog.*with inherited confidentiality" evil "logged" "should have been logged" $*
}

if [ x$(whoami) != xroot ]; then
	echo Please run as root using sudo from a non-root account. >&2
	exit 1
fi

if [ -z "$SUDO_USER" ]; then
	echo Please run as root using sudo from a non-root account. >&2
	exit 1
fi

if [ x$SUDO_USER == xroot ]; then
	echo Please run as root using sudo from a non-root account. >&2
	exit 1
fi

if [ -z "$1" ]; then
	SF_HOSTNAME=www.flyn.org
else
	SF_HOSTNAME=$1
fi

echo https://$SF_HOSTNAME/ > confidential
./programs/setconfidential confidential

./programs/settrusted $(which Xorg)

[ -x programs/msgtool ] || ( cd programs && su -c make $SUDO_USER > /dev/null )
[ -x programs/shmtool ] || ( cd programs && su -c make $SUDO_USER > /dev/null )
