1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27# ident "@(#)cifs_attr_002_pos.ksh 1.1 08/02/27 SMI" 28# 29 30. $STF_SUITE/tests/acl/acl_common.kshlib 31. $STF_SUITE/tests/acl/cifs/cifs.kshlib 32 33################################################################################# 34# 35# __stc_assertion_start 36# 37# ID: cifs_attr_002_pos 38# 39# DESCRIPTION: 40# Verify the user with PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR 41# could set/clear BSD'ish attributes. 42# (Immutable, nounlink, and appendonly) 43# 44# STRATEGY: 45# 1. Loop super user and non-super user to run the test case. 46# 2. Create basedir and a set of subdirectores and files within it. 47# 3. Grant user has PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR separately. 48# 4. Verify set/clear BSD'ish attributes should succeed. 49# 50# TESTABILITY: explicit 51# 52# TEST_AUTOMATION_LEVEL: automated 53# 54# CODING_STATUS: COMPLETED (2007-11-05) 55# 56# __stc_assertion_end 57# 58################################################################################ 59 60verify_runnable "global" 61 62if ! cifs_supported ; then 63 log_unsupported "CIFS not supported on current system." 64fi 65 66test_requires ZFS_ACL ZFS_XATTR 67 68function cleanup 69{ 70 if [[ -n $gobject ]]; then 71 destroy_object $gobject 72 fi 73 74 for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do 75 mtpt=$(get_prop mountpoint $fs) 76 log_must $RM -rf $mtpt/file.* $mtpt/dir.* 77 done 78} 79 80# 81# Set the special attribute to the given node 82# 83# $1: The given node (file/dir) 84# $2: The special attribute to be set 85# $3: Execute username 86# 87function set_attribute 88{ 89 typeset object=$1 90 typeset attr=$2 91 typeset user=$3 92 typeset ret=0 93 94 if [[ -z $object ]]; then 95 log_fail "Object not defined." 96 fi 97 98 if [[ -z $attr ]]; then 99 attr="uiadm" 100 if [[ -f $object ]]; then 101 attr="${attr}q" 102 fi 103 fi 104 105 if [[ -n $user ]]; then 106 $RUNWATTR -u $user -p =basic${priv_mod} \ 107 "$CHMOD S+c${attr} $object" 108 ret=$? 109 else 110 $CHMOD S+c${attr} $object 111 ret=$? 112 fi 113 114 return $ret 115} 116 117# 118# Clear the special attribute to the given node 119# 120# $1: The given node (file/dir) 121# $2: The special attribute to be cleared 122# $3: Execute username 123# 124function clear_attribute 125{ 126 typeset object=$1 127 typeset attr=$2 128 typeset user=$3 129 typeset ret=0 130 131 if [[ -z $object ]]; then 132 log_fail "Object($object) not defined." 133 fi 134 135 if [[ -z $attr ]]; then 136 attr="uiadm" 137 if [[ -f $object ]]; then 138 attr="${attr}q" 139 fi 140 fi 141 142 if [[ -n $user ]]; then 143 $RUNWATTR -u $user -p =basic${priv_mod} \ 144 "$CHMOD S-c${attr} $object" 145 ret=$? 146 else 147 $CHMOD S-c${attr} $object 148 ret=$? 149 fi 150 151 return $ret 152} 153 154# 155# Grant the privset to the given user 156# 157# $1: The given user 158# $2: The given privset 159# 160function grant_priv 161{ 162 typeset user=$1 163 typeset priv=$2 164 165 if [[ -z $user || -z $priv ]]; then 166 log_fail "User($user), Priv($priv) not defined." 167 fi 168 priv_mod=",$priv" 169 return $? 170} 171 172# 173# Revoke the all additional privset from the given user 174# 175# $1: The given user 176# 177function revoke_priv 178{ 179 typeset user=$1 180 181 if [[ -z $user ]]; then 182 log_fail "User not defined." 183 fi 184 priv_mod= 185 return $? 186} 187 188# 189# Invoke the function and verify whether its return code as expected 190# 191# $1: Function be invoked 192# $2: The given node (file/dir) 193# $3: Execute user 194# $4: Option 195# 196function verify_op 197{ 198 typeset func=$1 199 typeset object=$2 200 typeset opt=$3 201 typeset user=$4 202 typeset expect="log_mustnot" 203 204 if [[ -z $func || -z $object ]]; then 205 log_fail "Func($func), Object($object) not defined." 206 fi 207 208 # If user has PRIV_FILE_FLAG_SET, it could permit to set_attribute, 209 # And If has PRIV_FILE_FLAG_CLEAR, it could permit to clear_attribute, 210 # otherwise log_mustnot. 211 if [[ -z $user || $user == "root" ]] || \ 212 [[ $priv_mod == *"file_flag_set"* ]] || \ 213 [[ $priv_mod == *"all"* ]] ; then 214 expect="log_must" 215 fi 216 if [[ -d $object ]] && \ 217 [[ $opt == *"q"* ]] ; then 218 expect="log_mustnot" 219 fi 220 221 if [[ $func == clear_attribute ]]; then 222 if [[ $expect == "log_mustnot" ]]; then 223 expect="log_must" 224 elif [[ -z $user || $user == "root" ]] || \ 225 [[ $priv_mod == *"all"* ]] ; then 226 expect="log_must" 227 else 228 expect="log_mustnot" 229 fi 230 fi 231 232 $expect $func $object $opt $user 233} 234 235log_assert "Verify set/clear BSD'ish attributes will succeed while user has " \ 236 "PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege" 237log_onexit cleanup 238 239file="file.0" 240dir="dir.0" 241FLAGOPTIONS="u i a d q m" 242 243typeset gobject 244for fs in $TESTPOOL $TESTPOOL/$TESTFS ; do 245 mtpt=$(get_prop mountpoint $fs) 246 for owner in root $ZFS_ACL_STAFF1 ; do 247 248 create_object "file" $mtpt/$file $owner 249 create_object "dir" $mtpt/$dir $owner 250 251 for object in $mtpt/$file $mtpt/$dir ; do 252 gobject=$object 253 for user in root $ZFS_ACL_STAFF2 ; do 254 log_must grant_priv $user file_flag_set 255 for opt in $FLAGOPTIONS ; do 256 verify_op set_attribute \ 257 $object $opt $user 258 verify_op clear_attribute \ 259 $object $opt $user 260 done 261 log_must revoke_priv $user 262 263 log_must grant_priv $user all 264 for opt in $FLAGOPTIONS ; do 265 verify_op set_attribute \ 266 $object $opt $user 267 verify_op clear_attribute \ 268 $object $opt $user 269 done 270 log_must revoke_priv $user 271 done 272 done 273 destroy_object $mtpt/$file $mtpt/$dir 274 done 275done 276 277log_pass "Set/Clear BSD'ish attributes succeed while user has " \ 278 "PRIV_FILE_FLAG_SET/PRIV_FILE_FLAG_CLEAR privilege" 279