1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26 27. $STF_SUITE/tests/acl/acl_common.kshlib 28. $STF_SUITE/tests/acl/cifs/cifs.kshlib 29 30################################################################################# 31# 32# __stc_assertion_start 33# 34# ID: cifs_attr_002_pos 35# 36# DESCRIPTION: 37# Verify the user with PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR 38# could set/clear BSD'ish attributes. 39# (Immutable, nounlink, and appendonly) 40# 41# STRATEGY: 42# 1. Loop super user and non-super user to run the test case. 43# 2. Create basedir and a set of subdirectores and files within it. 44# 3. Grant user has PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR separately. 45# 4. Verify set/clear BSD'ish attributes should succeed. 46# 47# TESTABILITY: explicit 48# 49# TEST_AUTOMATION_LEVEL: automated 50# 51# CODING_STATUS: COMPLETED (2007-11-05) 52# 53# __stc_assertion_end 54# 55################################################################################ 56 57verify_runnable "global" 58 59if ! cifs_supported ; then 60 log_unsupported "CIFS not supported on current system." 61fi 62 63test_requires ZFS_ACL ZFS_XATTR 64 65function cleanup 66{ 67 if [[ -n $gobject ]]; then 68 destroy_object $gobject 69 fi 70 71 for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do 72 mtpt=$(get_prop mountpoint $fs) 73 log_must $RM -rf $mtpt/file.* $mtpt/dir.* 74 done 75} 76 77# 78# Set the special attribute to the given node 79# 80# $1: The given node (file/dir) 81# $2: The special attribute to be set 82# $3: Execute username 83# 84function set_attribute 85{ 86 typeset object=$1 87 typeset attr=$2 88 typeset user=$3 89 typeset ret=0 90 91 if [[ -z $object ]]; then 92 log_fail "Object not defined." 93 fi 94 95 if [[ -z $attr ]]; then 96 attr="uiadm" 97 if [[ -f $object ]]; then 98 attr="${attr}q" 99 fi 100 fi 101 102 if [[ -n $user ]]; then 103 $RUNWATTR -u $user -p =basic${priv_mod} \ 104 "$CHMOD S+c${attr} $object" 105 ret=$? 106 else 107 $CHMOD S+c${attr} $object 108 ret=$? 109 fi 110 111 return $ret 112} 113 114# 115# Clear the special attribute to the given node 116# 117# $1: The given node (file/dir) 118# $2: The special attribute to be cleared 119# $3: Execute username 120# 121function clear_attribute 122{ 123 typeset object=$1 124 typeset attr=$2 125 typeset user=$3 126 typeset ret=0 127 128 if [[ -z $object ]]; then 129 log_fail "Object($object) not defined." 130 fi 131 132 if [[ -z $attr ]]; then 133 attr="uiadm" 134 if [[ -f $object ]]; then 135 attr="${attr}q" 136 fi 137 fi 138 139 if [[ -n $user ]]; then 140 $RUNWATTR -u $user -p =basic${priv_mod} \ 141 "$CHMOD S-c${attr} $object" 142 ret=$? 143 else 144 $CHMOD S-c${attr} $object 145 ret=$? 146 fi 147 148 return $ret 149} 150 151# 152# Grant the privset to the given user 153# 154# $1: The given user 155# $2: The given privset 156# 157function grant_priv 158{ 159 typeset user=$1 160 typeset priv=$2 161 162 if [[ -z $user || -z $priv ]]; then 163 log_fail "User($user), Priv($priv) not defined." 164 fi 165 priv_mod=",$priv" 166 return $? 167} 168 169# 170# Revoke the all additional privset from the given user 171# 172# $1: The given user 173# 174function revoke_priv 175{ 176 typeset user=$1 177 178 if [[ -z $user ]]; then 179 log_fail "User not defined." 180 fi 181 priv_mod= 182 return $? 183} 184 185# 186# Invoke the function and verify whether its return code as expected 187# 188# $1: Function be invoked 189# $2: The given node (file/dir) 190# $3: Execute user 191# $4: Option 192# 193function verify_op 194{ 195 typeset func=$1 196 typeset object=$2 197 typeset opt=$3 198 typeset user=$4 199 typeset expect="log_mustnot" 200 201 if [[ -z $func || -z $object ]]; then 202 log_fail "Func($func), Object($object) not defined." 203 fi 204 205 # If user has PRIV_FILE_FLAG_SET, it could permit to set_attribute, 206 # And If has PRIV_FILE_FLAG_CLEAR, it could permit to clear_attribute, 207 # otherwise log_mustnot. 208 if [[ -z $user || $user == "root" ]] || \ 209 [[ $priv_mod == *"file_flag_set"* ]] || \ 210 [[ $priv_mod == *"all"* ]] ; then 211 expect="log_must" 212 fi 213 if [[ -d $object ]] && \ 214 [[ $opt == *"q"* ]] ; then 215 expect="log_mustnot" 216 fi 217 218 if [[ $func == clear_attribute ]]; then 219 if [[ $expect == "log_mustnot" ]]; then 220 expect="log_must" 221 elif [[ -z $user || $user == "root" ]] || \ 222 [[ $priv_mod == *"all"* ]] ; then 223 expect="log_must" 224 else 225 expect="log_mustnot" 226 fi 227 fi 228 229 $expect $func $object $opt $user 230} 231 232log_assert "Verify set/clear BSD'ish attributes will succeed while user has " \ 233 "PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege" 234log_onexit cleanup 235 236file="file.0" 237dir="dir.0" 238FLAGOPTIONS="u i a d q m" 239 240typeset gobject 241for fs in $TESTPOOL $TESTPOOL/$TESTFS ; do 242 mtpt=$(get_prop mountpoint $fs) 243 for owner in root $ZFS_ACL_STAFF1 ; do 244 245 create_object "file" $mtpt/$file $owner 246 create_object "dir" $mtpt/$dir $owner 247 248 for object in $mtpt/$file $mtpt/$dir ; do 249 gobject=$object 250 for user in root $ZFS_ACL_STAFF2 ; do 251 log_must grant_priv $user file_flag_set 252 for opt in $FLAGOPTIONS ; do 253 verify_op set_attribute \ 254 $object $opt $user 255 verify_op clear_attribute \ 256 $object $opt $user 257 done 258 log_must revoke_priv $user 259 260 log_must grant_priv $user all 261 for opt in $FLAGOPTIONS ; do 262 verify_op set_attribute \ 263 $object $opt $user 264 verify_op clear_attribute \ 265 $object $opt $user 266 done 267 log_must revoke_priv $user 268 done 269 done 270 destroy_object $mtpt/$file $mtpt/$dir 271 done 272done 273 274log_pass "Set/Clear BSD'ish attributes succeed while user has " \ 275 "PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege" 276