1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"@(#)cifs_attr_002_pos.ksh	1.1	08/02/27 SMI"
28#
29
30. $STF_SUITE/tests/acl/acl_common.kshlib
31. $STF_SUITE/tests/acl/cifs/cifs.kshlib
32
33#################################################################################
34#
35# __stc_assertion_start
36#
37# ID: cifs_attr_002_pos
38#
39# DESCRIPTION:
40#	Verify the user with PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR
41#	could set/clear BSD'ish attributes.
42#	(Immutable, nounlink, and appendonly)
43#
44# STRATEGY:
45#	1. Loop super user and non-super user to run the test case.
46#	2. Create basedir and a set of subdirectores and files within it.
47#	3. Grant user has PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR separately.
48#	4. Verify set/clear BSD'ish attributes should succeed.
49#
50# TESTABILITY: explicit
51#
52# TEST_AUTOMATION_LEVEL: automated
53#
54# CODING_STATUS: COMPLETED (2007-11-05)
55#
56# __stc_assertion_end
57#
58################################################################################
59
60verify_runnable "global"
61
62if ! cifs_supported ; then
63	log_unsupported "CIFS not supported on current system."
64fi
65
66test_requires ZFS_ACL ZFS_XATTR
67
68function cleanup
69{
70	if [[ -n $gobject ]]; then
71		destroy_object $gobject
72	fi
73
74	for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do
75		mtpt=$(get_prop mountpoint $fs)
76		log_must $RM -rf $mtpt/file.* $mtpt/dir.*
77	done
78}
79
80#
81# Set the special attribute to the given node
82#
83# $1: The given node (file/dir)
84# $2: The special attribute to be set
85# $3: Execute username
86#
87function set_attribute
88{
89	typeset object=$1
90	typeset attr=$2
91	typeset user=$3
92	typeset ret=0
93
94	if [[ -z $object ]]; then
95		log_fail "Object not defined."
96	fi
97
98	if [[ -z $attr ]]; then
99		attr="uiadm"
100		if [[ -f $object ]]; then
101			attr="${attr}q"
102		fi
103	fi
104
105	if [[ -n $user ]]; then
106		$RUNWATTR -u $user -p =basic${priv_mod} \
107			"$CHMOD S+c${attr} $object"
108		ret=$?
109	else
110		$CHMOD S+c${attr} $object
111		ret=$?
112	fi
113
114	return $ret
115}
116
117#
118# Clear the special attribute to the given node
119#
120# $1: The given node (file/dir)
121# $2: The special attribute to be cleared
122# $3: Execute username
123#
124function clear_attribute
125{
126	typeset object=$1
127	typeset attr=$2
128	typeset user=$3
129	typeset ret=0
130
131	if [[ -z $object ]]; then
132		log_fail "Object($object) not defined."
133	fi
134
135	if [[ -z $attr ]]; then
136		attr="uiadm"
137		if [[ -f $object ]]; then
138			attr="${attr}q"
139		fi
140	fi
141
142	if [[ -n $user ]]; then
143		$RUNWATTR -u $user -p =basic${priv_mod} \
144			"$CHMOD S-c${attr} $object"
145		ret=$?
146	else
147		$CHMOD S-c${attr} $object
148		ret=$?
149	fi
150
151	return $ret
152}
153
154#
155# Grant the privset to the given user
156#
157# $1: The given user
158# $2: The given privset
159#
160function grant_priv
161{
162	typeset user=$1
163	typeset priv=$2
164
165	if [[ -z $user || -z $priv ]]; then
166		log_fail "User($user), Priv($priv) not defined."
167	fi
168	priv_mod=",$priv"
169	return $?
170}
171
172#
173# Revoke the all additional privset from the given user
174#
175# $1: The given user
176#
177function revoke_priv
178{
179	typeset user=$1
180
181	if [[ -z $user ]]; then
182		log_fail "User not defined."
183	fi
184	priv_mod=
185	return $?
186}
187
188#
189# Invoke the function and verify whether its return code as expected
190#
191# $1: Function be invoked
192# $2: The given node (file/dir)
193# $3: Execute user
194# $4: Option
195#
196function verify_op
197{
198	typeset func=$1
199	typeset object=$2
200	typeset opt=$3
201	typeset user=$4
202	typeset expect="log_mustnot"
203
204	if [[ -z $func || -z $object ]]; then
205		log_fail "Func($func), Object($object) not defined."
206	fi
207
208	# If user has PRIV_FILE_FLAG_SET, it could permit to set_attribute,
209	# And If has PRIV_FILE_FLAG_CLEAR, it could permit to clear_attribute,
210	# otherwise log_mustnot.
211	if [[ -z $user || $user == "root" ]] || \
212		[[ $priv_mod == *"file_flag_set"* ]] || \
213		[[ $priv_mod == *"all"* ]] ; then
214			expect="log_must"
215	fi
216	if [[ -d $object ]] && \
217		[[ $opt == *"q"* ]] ; then
218		expect="log_mustnot"
219	fi
220
221	if [[ $func == clear_attribute ]]; then
222		if [[ $expect == "log_mustnot" ]]; then
223			expect="log_must"
224		elif [[ -z $user || $user == "root" ]] || \
225			[[ $priv_mod == *"all"* ]] ; then
226			expect="log_must"
227		else
228			expect="log_mustnot"
229		fi
230	fi
231
232	$expect $func $object $opt $user
233}
234
235log_assert "Verify set/clear BSD'ish attributes will succeed while user has " \
236	"PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege"
237log_onexit cleanup
238
239file="file.0"
240dir="dir.0"
241FLAGOPTIONS="u i a d q m"
242
243typeset gobject
244for fs in $TESTPOOL $TESTPOOL/$TESTFS ; do
245	mtpt=$(get_prop mountpoint $fs)
246	for owner in root $ZFS_ACL_STAFF1 ; do
247
248		create_object "file" $mtpt/$file $owner
249		create_object "dir" $mtpt/$dir $owner
250
251		for object in $mtpt/$file $mtpt/$dir ; do
252			gobject=$object
253			for user in root $ZFS_ACL_STAFF2 ; do
254				log_must grant_priv $user file_flag_set
255				for opt in $FLAGOPTIONS ; do
256					verify_op set_attribute \
257						$object $opt $user
258					verify_op clear_attribute \
259						$object $opt $user
260				done
261				log_must revoke_priv $user
262
263				log_must grant_priv $user all
264				for opt in $FLAGOPTIONS ; do
265					verify_op set_attribute \
266						$object $opt $user
267					verify_op clear_attribute \
268						$object $opt $user
269				done
270				log_must revoke_priv $user
271			done
272		done
273		destroy_object $mtpt/$file $mtpt/$dir
274	done
275done
276
277log_pass "Set/Clear BSD'ish attributes succeed while user has " \
278	"PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege"
279