1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26
27. $STF_SUITE/tests/acl/acl_common.kshlib
28. $STF_SUITE/tests/acl/cifs/cifs.kshlib
29
30#################################################################################
31#
32# __stc_assertion_start
33#
34# ID: cifs_attr_002_pos
35#
36# DESCRIPTION:
37#	Verify the user with PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR
38#	could set/clear BSD'ish attributes.
39#	(Immutable, nounlink, and appendonly)
40#
41# STRATEGY:
42#	1. Loop super user and non-super user to run the test case.
43#	2. Create basedir and a set of subdirectores and files within it.
44#	3. Grant user has PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR separately.
45#	4. Verify set/clear BSD'ish attributes should succeed.
46#
47# TESTABILITY: explicit
48#
49# TEST_AUTOMATION_LEVEL: automated
50#
51# CODING_STATUS: COMPLETED (2007-11-05)
52#
53# __stc_assertion_end
54#
55################################################################################
56
57verify_runnable "global"
58
59if ! cifs_supported ; then
60	log_unsupported "CIFS not supported on current system."
61fi
62
63test_requires ZFS_ACL ZFS_XATTR
64
65function cleanup
66{
67	if [[ -n $gobject ]]; then
68		destroy_object $gobject
69	fi
70
71	for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do
72		mtpt=$(get_prop mountpoint $fs)
73		log_must $RM -rf $mtpt/file.* $mtpt/dir.*
74	done
75}
76
77#
78# Set the special attribute to the given node
79#
80# $1: The given node (file/dir)
81# $2: The special attribute to be set
82# $3: Execute username
83#
84function set_attribute
85{
86	typeset object=$1
87	typeset attr=$2
88	typeset user=$3
89	typeset ret=0
90
91	if [[ -z $object ]]; then
92		log_fail "Object not defined."
93	fi
94
95	if [[ -z $attr ]]; then
96		attr="uiadm"
97		if [[ -f $object ]]; then
98			attr="${attr}q"
99		fi
100	fi
101
102	if [[ -n $user ]]; then
103		$RUNWATTR -u $user -p =basic${priv_mod} \
104			"$CHMOD S+c${attr} $object"
105		ret=$?
106	else
107		$CHMOD S+c${attr} $object
108		ret=$?
109	fi
110
111	return $ret
112}
113
114#
115# Clear the special attribute to the given node
116#
117# $1: The given node (file/dir)
118# $2: The special attribute to be cleared
119# $3: Execute username
120#
121function clear_attribute
122{
123	typeset object=$1
124	typeset attr=$2
125	typeset user=$3
126	typeset ret=0
127
128	if [[ -z $object ]]; then
129		log_fail "Object($object) not defined."
130	fi
131
132	if [[ -z $attr ]]; then
133		attr="uiadm"
134		if [[ -f $object ]]; then
135			attr="${attr}q"
136		fi
137	fi
138
139	if [[ -n $user ]]; then
140		$RUNWATTR -u $user -p =basic${priv_mod} \
141			"$CHMOD S-c${attr} $object"
142		ret=$?
143	else
144		$CHMOD S-c${attr} $object
145		ret=$?
146	fi
147
148	return $ret
149}
150
151#
152# Grant the privset to the given user
153#
154# $1: The given user
155# $2: The given privset
156#
157function grant_priv
158{
159	typeset user=$1
160	typeset priv=$2
161
162	if [[ -z $user || -z $priv ]]; then
163		log_fail "User($user), Priv($priv) not defined."
164	fi
165	priv_mod=",$priv"
166	return $?
167}
168
169#
170# Revoke the all additional privset from the given user
171#
172# $1: The given user
173#
174function revoke_priv
175{
176	typeset user=$1
177
178	if [[ -z $user ]]; then
179		log_fail "User not defined."
180	fi
181	priv_mod=
182	return $?
183}
184
185#
186# Invoke the function and verify whether its return code as expected
187#
188# $1: Function be invoked
189# $2: The given node (file/dir)
190# $3: Execute user
191# $4: Option
192#
193function verify_op
194{
195	typeset func=$1
196	typeset object=$2
197	typeset opt=$3
198	typeset user=$4
199	typeset expect="log_mustnot"
200
201	if [[ -z $func || -z $object ]]; then
202		log_fail "Func($func), Object($object) not defined."
203	fi
204
205	# If user has PRIV_FILE_FLAG_SET, it could permit to set_attribute,
206	# And If has PRIV_FILE_FLAG_CLEAR, it could permit to clear_attribute,
207	# otherwise log_mustnot.
208	if [[ -z $user || $user == "root" ]] || \
209		[[ $priv_mod == *"file_flag_set"* ]] || \
210		[[ $priv_mod == *"all"* ]] ; then
211			expect="log_must"
212	fi
213	if [[ -d $object ]] && \
214		[[ $opt == *"q"* ]] ; then
215		expect="log_mustnot"
216	fi
217
218	if [[ $func == clear_attribute ]]; then
219		if [[ $expect == "log_mustnot" ]]; then
220			expect="log_must"
221		elif [[ -z $user || $user == "root" ]] || \
222			[[ $priv_mod == *"all"* ]] ; then
223			expect="log_must"
224		else
225			expect="log_mustnot"
226		fi
227	fi
228
229	$expect $func $object $opt $user
230}
231
232log_assert "Verify set/clear BSD'ish attributes will succeed while user has " \
233	"PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege"
234log_onexit cleanup
235
236file="file.0"
237dir="dir.0"
238FLAGOPTIONS="u i a d q m"
239
240typeset gobject
241for fs in $TESTPOOL $TESTPOOL/$TESTFS ; do
242	mtpt=$(get_prop mountpoint $fs)
243	for owner in root $ZFS_ACL_STAFF1 ; do
244
245		create_object "file" $mtpt/$file $owner
246		create_object "dir" $mtpt/$dir $owner
247
248		for object in $mtpt/$file $mtpt/$dir ; do
249			gobject=$object
250			for user in root $ZFS_ACL_STAFF2 ; do
251				log_must grant_priv $user file_flag_set
252				for opt in $FLAGOPTIONS ; do
253					verify_op set_attribute \
254						$object $opt $user
255					verify_op clear_attribute \
256						$object $opt $user
257				done
258				log_must revoke_priv $user
259
260				log_must grant_priv $user all
261				for opt in $FLAGOPTIONS ; do
262					verify_op set_attribute \
263						$object $opt $user
264					verify_op clear_attribute \
265						$object $opt $user
266				done
267				log_must revoke_priv $user
268			done
269		done
270		destroy_object $mtpt/$file $mtpt/$dir
271	done
272done
273
274log_pass "Set/Clear BSD'ish attributes succeed while user has " \
275	"PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege"
276