1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26 27. $STF_SUITE/tests/acl/acl_common.kshlib 28 29################################################################################# 30# 31# __stc_assertion_start 32# 33# ID: zfs_acl_chmod_delete_001_pos 34# 35# DESCRIPTION: 36# Verify that the combined delete_child/delete permission for 37# owner/group/everyone are correct. 38# 39# ------------------------------------------------------- 40# | Parent Dir | Target Object Permissions | 41# | permissions | | 42# ------------------------------------------------------- 43# | | ACL Allows | ACL Denies| Delete | 44# | | Delete | Delete | unspecified| 45# ------------------------------------------------------- 46# | ACL Allows | Permit | Permit | Permit | 47# | DELETE_CHILD | | 48# ------------------------------------------------------- 49# | ACL Denies | Permit | Deny | Deny | 50# | DELETE_CHILD | | | | 51# ------------------------------------------------------- 52# | ACL specifies | | | | 53# | only allows | Permit | Permit | Permit | 54# | write and | | | | 55# | execute | | | | 56# ------------------------------------------------------- 57# | ACL denies | | | | 58# | write and | Permit | Deny | Deny | 59# | execute | | | | 60# ------------------------------------------------------- 61# 62# STRATEGY: 63# 1. Create file and directory in zfs filesystem 64# 2. Set special ACE combination to the file and directory 65# 3. Try to remove the file 66# 4. Verify that combined permissions for owner/group/everyone are correct. 67# 68# TESTABILITY: explicit 69# 70# TEST_AUTOMATION_LEVEL: automated 71# 72# CODING_STATUS: COMPLETED (2005-10-24) 73# 74# __stc_assertion_end 75# 76################################################################################ 77 78verify_runnable "both" 79 80function cleanup 81{ 82 [[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0 83 84 if [[ ! -e $target ]]; then 85 log_must $TAR xpf $TESTDIR/$ARCHIVEFILE 86 fi 87 88 (( ${#cwd} != 0 )) && cd $cwd 89 cleanup_test_files $TESTDIR/basedir 90 log_must $RM -f $TESTDIR/$ARCHIVEFILE 91 return 0 92} 93 94#owner@ group group_users other_users 95set -A users \ 96"root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 97"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1" 98 99set -A access_parent \ 100 "delete_child:allow" \ 101 "delete_child:deny" \ 102 "write_data:allow" \ 103 "write_data:deny" \ 104 "delete_child:deny write_data:allow" \ 105 "delete_child:allow write_data:deny" 106 107set -A access_target \ 108 "delete:allow" \ 109 "delete:deny" \ 110 "" 111 112set -A a_flag "owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1" 113 114log_assert "Verify that the combined delete_child/delete permission for" \ 115 "owner/group/everyone are correct." 116log_onexit cleanup 117 118function operate_node #user node 119{ 120 typeset user=$1 121 typeset node=$2 122 typeset ret 123 124 if [[ $user == "" || $node == "" ]]; then 125 log_fail "user, node are not defined." 126 fi 127 if [[ -d $node ]]; then 128 chgusr_exec $user $RM -rf $node ; ret=$? 129 else 130 chgusr_exec $user $RM -f $node ; ret=$? 131 fi 132 133 if [[ -e $node ]]; then 134 if [[ $ret -eq 0 ]]; then 135 log_note "$node not removed, but return code is 0." 136 return 1 137 fi 138 else 139 log_must $TAR xpf $TESTDIR/$ARCHIVEFILE 140 if [[ $ret -ne 0 ]]; then 141 log_note "$node removed, but return code is $ret." 142 return 1 143 fi 144 fi 145 return $ret 146} 147 148function logname #acl_parent acl_target user 149{ 150 typeset acl_parent=$1 151 typeset acl_target=$2 152 typeset user=$3 153 154 # To super user, read and write deny permission was override. 155 if [[ $user == root || $acl_target == *:allow ]]; then 156 print "log_must" 157 elif [[ $acl_parent == *"delete_child"* ]]; then 158 if [[ $acl_parent == *"delete_child:allow"* ]]; then 159 print "log_must" 160 else 161 print "log_mustnot" 162 fi 163 elif [[ $acl_parent == *"write_data"* ]]; then 164 if [[ $acl_parent == *"write_data:allow"* ]]; then 165 print "log_must" 166 else 167 print "log_mustnot" 168 fi 169 else 170 print "log_mustnot" 171 fi 172} 173 174function check_chmod_results #node flag acl_parent acl_target g_usr o_usr 175{ 176 typeset node=$1 177 typeset flag=$2 178 typeset acl_parent=$3 179 typeset acl_target=$2:$4 180 typeset g_usr=$5 181 typeset o_usr=$6 182 typeset log acl_tmp 183 184 for acl in $acl_parent ; do 185 acl_tmp="$2:$acl $acl_tmp" 186 done 187 acl_parent=$acl_tmp 188 189 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 190 log=$(logname "$acl_parent" $acl_target $ZFS_ACL_CUR_USER) 191 $log operate_node $ZFS_ACL_CUR_USER $node 192 fi 193 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 194 log=$(logname "$acl_parent" $acl_target $g_usr) 195 $log operate_node $g_usr $node 196 fi 197 if [[ $flag == "everyone@" ]]; then 198 log=$(logname "$acl_parent" $acl_target $o_usr) 199 $log operate_node $o_usr $node 200 fi 201 if [[ $flag == "user:"* ]]; then 202 typeset user=${flag#user:} 203 log=$(logname "$acl_parent" $acl_target $user) 204 $log operate_node $user $node 205 fi 206} 207 208function test_chmod_basic_access #node g_usr o_usr 209{ 210 typeset node=${1%/} 211 typeset g_usr=$2 212 typeset o_usr=$3 213 typeset flag acl_p acl_t parent 214 typeset -i i=0 215 216 parent=${node%/*} 217 218 for flag in ${a_flag[@]}; do 219 for acl_p in "${access_parent[@]}"; do 220 i=0 221 for acl in $acl_p ; do 222 log_must usr_exec $CHMOD A+$flag:$acl $parent 223 (( i = i + 1)) 224 done 225 226 for acl_t in "${access_target[@]}"; do 227 [[ -n $acl_t ]] && \ 228 log_must usr_exec $CHMOD A+$flag:$acl_t $node 229 230 log_must $TAR cpf $TESTDIR/$ARCHIVEFILE basedir 231 232 check_chmod_results "$node" "$flag" \ 233 "$acl_p" "$acl_t" "$g_usr" "$o_usr" 234 235 [[ -n $acl_t ]] && \ 236 log_must usr_exec $CHMOD A0- $node 237 done 238 239 while (( i > 0 )); do 240 log_must usr_exec $CHMOD A0- $parent 241 (( i = i - 1 )) 242 done 243 done 244 done 245} 246 247function setup_test_files #base_node user group 248{ 249 typeset base_node=$1 250 typeset user=$2 251 typeset group=$3 252 253 cleanup_test_files $base_node 254 255 log_must $MKDIR -p $base_node 256 log_must $CHOWN $user:$group $base_node 257 258 log_must set_cur_usr $user 259 260 # Prepare all files/sub-dirs for testing. 261 file0=$base_node/testfile_rm 262 dir0=$base_node/testdir_rm 263 264 log_must usr_exec $TOUCH $file0 265 log_must usr_exec $CHMOD 444 $file0 266 267 log_must usr_exec $MKDIR -p $dir0 268 log_must usr_exec $CHMOD 444 $dir0 269 270 log_must usr_exec $CHMOD 555 $base_node 271 return 0 272} 273 274function cleanup_test_files #base_node 275{ 276 typeset base_node=$1 277 278 if [[ -d $base_node ]]; then 279 log_must $RM -rf $base_node 280 elif [[ -e $base_node ]]; then 281 log_must $RM -f $base_node 282 fi 283 284 return 0 285} 286 287typeset cwd=$PWD 288typeset ARCHIVEFILE=archive.tar 289 290test_requires ZFS_ACL 291 292typeset -i i=0 293typeset -i j=0 294typeset target 295cd $TESTDIR 296while (( i < ${#users[@]} )); do 297 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 298 299 j=0 300 while (( j < 1 )); do 301 eval target=\$file$j 302 test_chmod_basic_access $target \ 303 "${users[((i+2))]}" "${users[((i+3))]}" 304 305 eval target=\$dir$j 306 test_chmod_basic_access $target \ 307 "${users[((i+2))]}" "${users[((i+3))]}" 308 309 (( j = j + 1 )) 310 done 311 312 (( i += 4 )) 313done 314 315log_pass "Verify that the combined delete_child/delete permission for" \ 316 "owner/group/everyone are correct." 317