1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26 27. $STF_SUITE/tests/acl/acl_common.kshlib 28 29################################################################################# 30# 31# __stc_assertion_start 32# 33# ID: zfs_acl_chmod_rwacl_001_pos 34# 35# DESCRIPTION: 36# Verify assigned read_acl/write_acl to owner@/group@/everyone@, 37# specificied user and group. File have the correct access permission. 38# 39# STRATEGY: 40# 1. Separatedly verify file and directory was assigned read_acl/write_acl 41# by root and non-root user. 42# 2. Verify owner always can read and write acl, even deny. 43# 3. Verify group access permission, when group was assigned 44# read_acl/write_acl. 45# 4. Verify access permission, after everyone was assigned read_acl/write. 46# 5. Verify everyone@ was deny except specificied user, this user can read 47# and write acl. 48# 6. Verify the group was deny except specified user, this user can read 49# and write acl 50# 51# TESTABILITY: explicit 52# 53# TEST_AUTOMATION_LEVEL: automated 54# 55# CODING_STATUS: COMPLETED (2005-10-19) 56# 57# __stc_assertion_end 58# 59################################################################################ 60 61verify_runnable "both" 62 63log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \ 64 "behaviour to access permission." 65log_onexit cleanup 66 67function read_ACL #<node> <user1> <user2> ... 68{ 69 typeset node=$1 70 typeset user 71 typeset -i ret 72 73 shift 74 for user in $@; do 75 chgusr_exec $user $LS -vd $node > /dev/null 2>&1 76 ret=$? 77 (( ret != 0 )) && return $ret 78 79 shift 80 done 81 82 return 0 83} 84 85function write_ACL #<node> <user1> <user2> ... 86{ 87 typeset node=$1 88 typeset user 89 typeset -i ret before_cnt after_cnt 90 91 shift 92 for user in "$@"; do 93 before_cnt=$(count_ACE $node) 94 ret=$?; 95 (( ret != 0 )) && return $ret 96 97 chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node 98 ret=$? 99 (( ret != 0 )) && return $ret 100 101 after_cnt=$(count_ACE $node) 102 ret=$? 103 (( ret != 0 )) && return $ret 104 105 chgusr_exec $user $CHMOD A0- $node 106 ret=$? 107 (( ret != 0 )) && return $ret 108 109 if (( after_cnt - before_cnt != 1 )); then 110 return 1 111 fi 112 113 shift 114 done 115 116 return 0 117} 118 119function check_owner #<node> 120{ 121 typeset node=$1 122 123 for acc in allow deny; do 124 log_must usr_exec \ 125 $CHMOD A0+owner@:read_acl/write_acl:$acc $node 126 log_must read_ACL $node $ZFS_ACL_CUR_USER 127 log_must write_ACL $node $ZFS_ACL_CUR_USER 128 log_must usr_exec $CHMOD A0- $node 129 done 130} 131 132function check_group #<node> 133{ 134 typeset node=$1 135 136 typeset grp_usr="" 137 if [[ $ZFS_ACL_CUR_USER == root ]]; then 138 grp_usr=$ZFS_ACL_ADMIN 139 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then 140 grp_usr=$ZFS_ACL_STAFF2 141 fi 142 143 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node 144 log_must read_ACL $node $grp_usr 145 log_must write_ACL $node $grp_usr 146 log_must usr_exec $CHMOD A0- $node 147 148 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node 149 log_mustnot read_ACL $node $grp_usr 150 log_mustnot write_ACL $node $grp_usr 151 log_must usr_exec $CHMOD A0- $node 152} 153 154function check_everyone #<node> 155{ 156 typeset node=$1 157 158 typeset flag 159 for flag in allow deny; do 160 if [[ $flag == allow ]]; then 161 log=log_must 162 else 163 log=log_mustnot 164 fi 165 166 log_must usr_exec \ 167 $CHMOD A0+everyone@:read_acl/write_acl:$flag $node 168 169 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 170 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 171 172 log_must usr_exec $CHMOD A0- $node 173 done 174} 175 176function check_spec_user #<node> 177{ 178 typeset node=$1 179 180 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 181 log_must usr_exec \ 182 $CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 183 184 # The specified user can read and write acl 185 log_must read_ACL $node $ZFS_ACL_OTHER1 186 log_must write_ACL $node $ZFS_ACL_OTHER1 187 188 # All the other user can't read and write acl 189 log_mustnot \ 190 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 191 log_mustnot \ 192 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 193 194 log_must usr_exec $CHMOD A0- $node 195 log_must usr_exec $CHMOD A0- $node 196} 197 198function check_spec_group #<node> 199{ 200 typeset node=$1 201 202 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 203 log_must usr_exec $CHMOD \ 204 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node 205 206 # The specified group can read and write acl 207 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 208 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 209 210 # All the other user can't read and write acl 211 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 212 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 213} 214 215function check_user_in_group #<node> 216{ 217 typeset node=$1 218 219 log_must usr_exec $CHMOD \ 220 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node 221 log_must usr_exec $CHMOD \ 222 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 223 log_must read_ACL $node $ZFS_ACL_OTHER1 224 log_must write_ACL $node $ZFS_ACL_OTHER1 225 log_mustnot read_ACL $node $ZFS_ACL_OTHER2 226 log_mustnot write_ACL $node $ZFS_ACL_OTHER2 227 228 log_must usr_exec $CHMOD A0- $node 229 log_must usr_exec $CHMOD A0- $node 230} 231 232set -A func_name check_owner \ 233 check_group \ 234 check_everyone \ 235 check_spec_user \ 236 check_spec_group \ 237 check_user_in_group 238 239test_requires ZFS_ACL 240 241for user in root $ZFS_ACL_STAFF1; do 242 log_must set_cur_usr $user 243 244 log_must usr_exec $TOUCH $testfile 245 log_must usr_exec $MKDIR $testdir 246 247 typeset func node 248 for func in ${func_name[@]}; do 249 for node in $testfile $testdir; do 250 eval $func \$node 251 done 252 done 253 254 log_must usr_exec $RM -rf $testfile $testdir 255done 256 257log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed." 258