1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26
27. $STF_SUITE/tests/acl/acl_common.kshlib
28
29#################################################################################
30#
31# __stc_assertion_start
32#
33# ID: zfs_acl_chmod_delete_001_pos
34#
35# DESCRIPTION:
36#	Verify that the combined delete_child/delete permission for
37#	owner/group/everyone are correct.
38#
39#        -------------------------------------------------------
40#        |   Parent Dir  |           Target Object Permissions |
41#        |  permissions  |                                     |
42#        -------------------------------------------------------
43#        |               | ACL Allows | ACL Denies| Delete     |
44#        |               |  Delete    |  Delete   | unspecified|
45#        -------------------------------------------------------
46#        |  ACL Allows   | Permit     | Permit    | Permit     |
47#        |  DELETE_CHILD |                                     |
48#        -------------------------------------------------------
49#        |  ACL Denies   | Permit     | Deny      | Deny       |
50#        |  DELETE_CHILD |            |           |            |
51#        -------------------------------------------------------
52#        | ACL specifies |            |           |            |
53#        | only allows   | Permit     | Permit    | Permit     |
54#        | write and     |            |           |            |
55#        | execute       |            |           |            |
56#        -------------------------------------------------------
57#        | ACL denies    |            |           |            |
58#        | write and     | Permit     | Deny      | Deny       |
59#        | execute       |            |           |            |
60#        -------------------------------------------------------
61#
62# STRATEGY:
63# 1. Create file and  directory in zfs filesystem
64# 2. Set special ACE combination to the file and directory
65# 3. Try to remove the file
66# 4. Verify that combined permissions for owner/group/everyone are correct.
67#
68# TESTABILITY: explicit
69#
70# TEST_AUTOMATION_LEVEL: automated
71#
72# CODING_STATUS: COMPLETED (2005-10-24)
73#
74# __stc_assertion_end
75#
76################################################################################
77
78verify_runnable "both"
79
80function cleanup
81{
82	[[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0
83
84	if [[ ! -e $target ]]; then
85		log_must $TAR xpf $TESTDIR/$ARCHIVEFILE
86	fi
87
88	(( ${#cwd} != 0 )) && cd $cwd
89	cleanup_test_files $TESTDIR/basedir
90	log_must $RM -f $TESTDIR/$ARCHIVEFILE
91	return 0
92}
93
94#owner@	          group	                 group_users       other_users
95set -A users \
96"root"            "root"                 "$ZFS_ACL_ADMIN"  "$ZFS_ACL_OTHER1" \
97"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1"
98
99set -A access_parent \
100	"delete_child:allow" \
101	"delete_child:deny" \
102	"write_data:allow" \
103	"write_data:deny" \
104	"delete_child:deny write_data:allow" \
105	"delete_child:allow write_data:deny"
106
107set -A access_target \
108	"delete:allow" \
109	"delete:deny" \
110	""
111
112set -A a_flag "owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1"
113
114log_assert "Verify that the combined delete_child/delete permission for" \
115	"owner/group/everyone are correct."
116log_onexit cleanup
117
118function operate_node #user node
119{
120	typeset user=$1
121	typeset node=$2
122	typeset ret
123
124	if [[ $user == "" || $node == "" ]]; then
125		log_fail "user, node are not defined."
126	fi
127	if [[ -d $node ]]; then
128		chgusr_exec $user $RM -rf $node ; ret=$?
129	else
130		chgusr_exec $user $RM -f $node ; ret=$?
131	fi
132
133	if [[ -e $node ]]; then
134		if [[ $ret -eq 0 ]]; then
135			log_note "$node not removed, but return code is 0."
136			return 1
137		fi
138	else
139		log_must $TAR xpf $TESTDIR/$ARCHIVEFILE
140		if [[ $ret -ne 0 ]]; then
141			log_note "$node removed, but return code is $ret."
142			return 1
143		fi
144	fi
145	return $ret
146}
147
148function logname #acl_parent acl_target user
149{
150	typeset acl_parent=$1
151	typeset acl_target=$2
152	typeset user=$3
153
154	# To super user, read and write deny permission was override.
155	if [[ $user == root || $acl_target == *:allow ]]; then
156		print "log_must"
157	elif [[ $acl_parent == *"delete_child"* ]]; then
158		if [[ $acl_parent == *"delete_child:allow"* ]]; then
159			print "log_must"
160		else
161			print "log_mustnot"
162		fi
163	elif [[ $acl_parent == *"write_data"* ]]; then
164		if [[ $acl_parent == *"write_data:allow"* ]]; then
165			print "log_must"
166		else
167			print "log_mustnot"
168		fi
169	else
170		print "log_mustnot"
171	fi
172}
173
174function check_chmod_results #node flag acl_parent acl_target g_usr o_usr
175{
176	typeset node=$1
177	typeset flag=$2
178	typeset acl_parent=$3
179	typeset acl_target=$2:$4
180	typeset g_usr=$5
181	typeset o_usr=$6
182	typeset log acl_tmp
183
184	for acl in $acl_parent ; do
185		acl_tmp="$2:$acl $acl_tmp"
186	done
187	acl_parent=$acl_tmp
188
189	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
190		log=$(logname "$acl_parent" $acl_target $ZFS_ACL_CUR_USER)
191		$log operate_node $ZFS_ACL_CUR_USER $node
192	fi
193	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
194		log=$(logname "$acl_parent" $acl_target $g_usr)
195		$log operate_node $g_usr $node
196	fi
197	if [[ $flag == "everyone@" ]]; then
198		log=$(logname "$acl_parent" $acl_target $o_usr)
199		$log operate_node $o_usr $node
200	fi
201	if [[ $flag == "user:"* ]]; then
202		typeset user=${flag#user:}
203		log=$(logname "$acl_parent" $acl_target $user)
204		$log operate_node $user $node
205	fi
206}
207
208function test_chmod_basic_access #node g_usr o_usr
209{
210	typeset node=${1%/}
211	typeset g_usr=$2
212	typeset o_usr=$3
213	typeset flag acl_p acl_t parent
214	typeset -i i=0
215
216	parent=${node%/*}
217
218	for flag in ${a_flag[@]}; do
219	for acl_p in "${access_parent[@]}"; do
220		i=0
221		for acl in $acl_p ; do
222			log_must usr_exec $CHMOD A+$flag:$acl $parent
223			(( i = i + 1))
224		done
225
226		for acl_t in "${access_target[@]}"; do
227			[[ -n $acl_t ]] && \
228				log_must usr_exec $CHMOD A+$flag:$acl_t $node
229
230			log_must $TAR cpf $TESTDIR/$ARCHIVEFILE basedir
231
232			check_chmod_results "$node" "$flag" \
233				 "$acl_p" "$acl_t" "$g_usr" "$o_usr"
234
235			[[ -n $acl_t ]] && \
236				log_must usr_exec $CHMOD A0- $node
237		done
238
239		while (( i > 0 )); do
240			log_must usr_exec $CHMOD A0- $parent
241			(( i = i - 1 ))
242		done
243	done
244	done
245}
246
247function setup_test_files #base_node user group
248{
249	typeset base_node=$1
250	typeset user=$2
251	typeset group=$3
252
253	cleanup_test_files $base_node
254
255	log_must $MKDIR -p $base_node
256	log_must $CHOWN $user:$group $base_node
257
258	log_must set_cur_usr $user
259
260	# Prepare all files/sub-dirs for testing.
261	file0=$base_node/testfile_rm
262	dir0=$base_node/testdir_rm
263
264	log_must usr_exec $TOUCH $file0
265	log_must usr_exec $CHMOD 444 $file0
266
267	log_must usr_exec $MKDIR -p $dir0
268	log_must usr_exec $CHMOD 444 $dir0
269
270	log_must usr_exec $CHMOD 555 $base_node
271	return 0
272}
273
274function cleanup_test_files #base_node
275{
276	typeset base_node=$1
277
278	if [[ -d $base_node ]]; then
279		log_must $RM -rf $base_node
280	elif [[ -e $base_node ]]; then
281		log_must $RM -f $base_node
282	fi
283
284	return 0
285}
286
287typeset cwd=$PWD
288typeset ARCHIVEFILE=archive.tar
289
290test_requires ZFS_ACL
291
292typeset -i i=0
293typeset -i j=0
294typeset target
295cd $TESTDIR
296while (( i < ${#users[@]} )); do
297	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
298
299	j=0
300	while (( j < 1 )); do
301		eval target=\$file$j
302		test_chmod_basic_access $target \
303			"${users[((i+2))]}" "${users[((i+3))]}"
304
305		eval target=\$dir$j
306		test_chmod_basic_access $target \
307			"${users[((i+2))]}" "${users[((i+3))]}"
308
309		(( j = j + 1 ))
310	done
311
312	(( i += 4 ))
313done
314
315log_pass "Verify that the combined delete_child/delete permission for" \
316	"owner/group/everyone are correct."
317