1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_acl_chmod_delete_001_pos.ksh	1.6	09/01/13 SMI"
30#
31
32. $STF_SUITE/tests/acl/acl_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_acl_chmod_delete_001_pos
39#
40# DESCRIPTION:
41#	Verify that the combined delete_child/delete permission for
42#	owner/group/everyone are correct.
43#
44#        -------------------------------------------------------
45#        |   Parent Dir  |           Target Object Permissions |
46#        |  permissions  |                                     |
47#        -------------------------------------------------------
48#        |               | ACL Allows | ACL Denies| Delete     |
49#        |               |  Delete    |  Delete   | unspecified|
50#        -------------------------------------------------------
51#        |  ACL Allows   | Permit     | Permit    | Permit     |
52#        |  DELETE_CHILD |                                     |
53#        -------------------------------------------------------
54#        |  ACL Denies   | Permit     | Deny      | Deny       |
55#        |  DELETE_CHILD |            |           |            |
56#        -------------------------------------------------------
57#        | ACL specifies |            |           |            |
58#        | only allows   | Permit     | Permit    | Permit     |
59#        | write and     |            |           |            |
60#        | execute       |            |           |            |
61#        -------------------------------------------------------
62#        | ACL denies    |            |           |            |
63#        | write and     | Permit     | Deny      | Deny       |
64#        | execute       |            |           |            |
65#        -------------------------------------------------------
66#
67# STRATEGY:
68# 1. Create file and  directory in zfs filesystem
69# 2. Set special ACE combination to the file and directory
70# 3. Try to remove the file
71# 4. Verify that combined permissions for owner/group/everyone are correct.
72#
73# TESTABILITY: explicit
74#
75# TEST_AUTOMATION_LEVEL: automated
76#
77# CODING_STATUS: COMPLETED (2005-10-24)
78#
79# __stc_assertion_end
80#
81################################################################################
82
83verify_runnable "both"
84
85function cleanup
86{
87	[[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0
88
89	if [[ ! -e $target ]]; then
90		log_must $TAR xpf $TESTDIR/$ARCHIVEFILE
91	fi
92
93	(( ${#cwd} != 0 )) && cd $cwd
94	cleanup_test_files $TESTDIR/basedir
95	log_must $RM -f $TESTDIR/$ARCHIVEFILE
96	return 0
97}
98
99#owner@	          group	                 group_users       other_users
100set -A users \
101"root"            "root"                 "$ZFS_ACL_ADMIN"  "$ZFS_ACL_OTHER1" \
102"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1"
103
104set -A access_parent \
105	"delete_child:allow" \
106	"delete_child:deny" \
107	"write_data:allow" \
108	"write_data:deny" \
109	"delete_child:deny write_data:allow" \
110	"delete_child:allow write_data:deny"
111
112set -A access_target \
113	"delete:allow" \
114	"delete:deny" \
115	""
116
117set -A a_flag "owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1"
118
119log_assert "Verify that the combined delete_child/delete permission for" \
120	"owner/group/everyone are correct."
121log_onexit cleanup
122
123function operate_node #user node
124{
125	typeset user=$1
126	typeset node=$2
127	typeset ret
128
129	if [[ $user == "" || $node == "" ]]; then
130		log_fail "user, node are not defined."
131	fi
132	if [[ -d $node ]]; then
133		chgusr_exec $user $RM -rf $node ; ret=$?
134	else
135		chgusr_exec $user $RM -f $node ; ret=$?
136	fi
137
138	if [[ -e $node ]]; then
139		if [[ $ret -eq 0 ]]; then
140			log_note "$node not removed, but return code is 0."
141			return 1
142		fi
143	else
144		log_must $TAR xpf $TESTDIR/$ARCHIVEFILE
145		if [[ $ret -ne 0 ]]; then
146			log_note "$node removed, but return code is $ret."
147			return 1
148		fi
149	fi
150	return $ret
151}
152
153function logname #acl_parent acl_target user
154{
155	typeset acl_parent=$1
156	typeset acl_target=$2
157	typeset user=$3
158
159	# To super user, read and write deny permission was override.
160	if [[ $user == root || $acl_target == *:allow ]]; then
161		print "log_must"
162	elif [[ $acl_parent == *"delete_child"* ]]; then
163		if [[ $acl_parent == *"delete_child:allow"* ]]; then
164			print "log_must"
165		else
166			print "log_mustnot"
167		fi
168	elif [[ $acl_parent == *"write_data"* ]]; then
169		if [[ $acl_parent == *"write_data:allow"* ]]; then
170			print "log_must"
171		else
172			print "log_mustnot"
173		fi
174	else
175		print "log_mustnot"
176	fi
177}
178
179function check_chmod_results #node flag acl_parent acl_target g_usr o_usr
180{
181	typeset node=$1
182	typeset flag=$2
183	typeset acl_parent=$3
184	typeset acl_target=$2:$4
185	typeset g_usr=$5
186	typeset o_usr=$6
187	typeset log acl_tmp
188
189	for acl in $acl_parent ; do
190		acl_tmp="$2:$acl $acl_tmp"
191	done
192	acl_parent=$acl_tmp
193
194	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
195		log=$(logname "$acl_parent" $acl_target $ZFS_ACL_CUR_USER)
196		$log operate_node $ZFS_ACL_CUR_USER $node
197	fi
198	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
199		log=$(logname "$acl_parent" $acl_target $g_usr)
200		$log operate_node $g_usr $node
201	fi
202	if [[ $flag == "everyone@" ]]; then
203		log=$(logname "$acl_parent" $acl_target $o_usr)
204		$log operate_node $o_usr $node
205	fi
206	if [[ $flag == "user:"* ]]; then
207		typeset user=${flag#user:}
208		log=$(logname "$acl_parent" $acl_target $user)
209		$log operate_node $user $node
210	fi
211}
212
213function test_chmod_basic_access #node g_usr o_usr
214{
215	typeset node=${1%/}
216	typeset g_usr=$2
217	typeset o_usr=$3
218	typeset flag acl_p acl_t parent
219	typeset -i i=0
220
221	parent=${node%/*}
222
223	for flag in ${a_flag[@]}; do
224	for acl_p in "${access_parent[@]}"; do
225		i=0
226		for acl in $acl_p ; do
227			log_must usr_exec $CHMOD A+$flag:$acl $parent
228			(( i = i + 1))
229		done
230
231		for acl_t in "${access_target[@]}"; do
232			[[ -n $acl_t ]] && \
233				log_must usr_exec $CHMOD A+$flag:$acl_t $node
234
235			log_must $TAR cpf $TESTDIR/$ARCHIVEFILE basedir
236
237			check_chmod_results "$node" "$flag" \
238				 "$acl_p" "$acl_t" "$g_usr" "$o_usr"
239
240			[[ -n $acl_t ]] && \
241				log_must usr_exec $CHMOD A0- $node
242		done
243
244		while (( i > 0 )); do
245			log_must usr_exec $CHMOD A0- $parent
246			(( i = i - 1 ))
247		done
248	done
249	done
250}
251
252function setup_test_files #base_node user group
253{
254	typeset base_node=$1
255	typeset user=$2
256	typeset group=$3
257
258	cleanup_test_files $base_node
259
260	log_must $MKDIR -p $base_node
261	log_must $CHOWN $user:$group $base_node
262
263	log_must set_cur_usr $user
264
265	# Prepare all files/sub-dirs for testing.
266	file0=$base_node/testfile_rm
267	dir0=$base_node/testdir_rm
268
269	log_must usr_exec $TOUCH $file0
270	log_must usr_exec $CHMOD 444 $file0
271
272	log_must usr_exec $MKDIR -p $dir0
273	log_must usr_exec $CHMOD 444 $dir0
274
275	log_must usr_exec $CHMOD 555 $base_node
276	return 0
277}
278
279function cleanup_test_files #base_node
280{
281	typeset base_node=$1
282
283	if [[ -d $base_node ]]; then
284		log_must $RM -rf $base_node
285	elif [[ -e $base_node ]]; then
286		log_must $RM -f $base_node
287	fi
288
289	return 0
290}
291
292typeset cwd=$PWD
293typeset ARCHIVEFILE=archive.tar
294
295test_requires ZFS_ACL
296
297typeset -i i=0
298typeset -i j=0
299typeset target
300cd $TESTDIR
301while (( i < ${#users[@]} )); do
302	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
303
304	j=0
305	while (( j < 1 )); do
306		eval target=\$file$j
307		test_chmod_basic_access $target \
308			"${users[((i+2))]}" "${users[((i+3))]}"
309
310		eval target=\$dir$j
311		test_chmod_basic_access $target \
312			"${users[((i+2))]}" "${users[((i+3))]}"
313
314		(( j = j + 1 ))
315	done
316
317	(( i += 4 ))
318done
319
320log_pass "Verify that the combined delete_child/delete permission for" \
321	"owner/group/everyone are correct."
322