1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# $FreeBSD$ 24 25# 26# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 27# Use is subject to license terms. 28# 29# ident "@(#)zfs_acl_chmod_delete_001_pos.ksh 1.6 09/01/13 SMI" 30# 31 32. $STF_SUITE/tests/acl/acl_common.kshlib 33 34################################################################################# 35# 36# __stc_assertion_start 37# 38# ID: zfs_acl_chmod_delete_001_pos 39# 40# DESCRIPTION: 41# Verify that the combined delete_child/delete permission for 42# owner/group/everyone are correct. 43# 44# ------------------------------------------------------- 45# | Parent Dir | Target Object Permissions | 46# | permissions | | 47# ------------------------------------------------------- 48# | | ACL Allows | ACL Denies| Delete | 49# | | Delete | Delete | unspecified| 50# ------------------------------------------------------- 51# | ACL Allows | Permit | Permit | Permit | 52# | DELETE_CHILD | | 53# ------------------------------------------------------- 54# | ACL Denies | Permit | Deny | Deny | 55# | DELETE_CHILD | | | | 56# ------------------------------------------------------- 57# | ACL specifies | | | | 58# | only allows | Permit | Permit | Permit | 59# | write and | | | | 60# | execute | | | | 61# ------------------------------------------------------- 62# | ACL denies | | | | 63# | write and | Permit | Deny | Deny | 64# | execute | | | | 65# ------------------------------------------------------- 66# 67# STRATEGY: 68# 1. Create file and directory in zfs filesystem 69# 2. Set special ACE combination to the file and directory 70# 3. Try to remove the file 71# 4. Verify that combined permissions for owner/group/everyone are correct. 72# 73# TESTABILITY: explicit 74# 75# TEST_AUTOMATION_LEVEL: automated 76# 77# CODING_STATUS: COMPLETED (2005-10-24) 78# 79# __stc_assertion_end 80# 81################################################################################ 82 83verify_runnable "both" 84 85function cleanup 86{ 87 [[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0 88 89 if [[ ! -e $target ]]; then 90 log_must $TAR xpf $TESTDIR/$ARCHIVEFILE 91 fi 92 93 (( ${#cwd} != 0 )) && cd $cwd 94 cleanup_test_files $TESTDIR/basedir 95 log_must $RM -f $TESTDIR/$ARCHIVEFILE 96 return 0 97} 98 99#owner@ group group_users other_users 100set -A users \ 101"root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 102"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1" 103 104set -A access_parent \ 105 "delete_child:allow" \ 106 "delete_child:deny" \ 107 "write_data:allow" \ 108 "write_data:deny" \ 109 "delete_child:deny write_data:allow" \ 110 "delete_child:allow write_data:deny" 111 112set -A access_target \ 113 "delete:allow" \ 114 "delete:deny" \ 115 "" 116 117set -A a_flag "owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1" 118 119log_assert "Verify that the combined delete_child/delete permission for" \ 120 "owner/group/everyone are correct." 121log_onexit cleanup 122 123function operate_node #user node 124{ 125 typeset user=$1 126 typeset node=$2 127 typeset ret 128 129 if [[ $user == "" || $node == "" ]]; then 130 log_fail "user, node are not defined." 131 fi 132 if [[ -d $node ]]; then 133 chgusr_exec $user $RM -rf $node ; ret=$? 134 else 135 chgusr_exec $user $RM -f $node ; ret=$? 136 fi 137 138 if [[ -e $node ]]; then 139 if [[ $ret -eq 0 ]]; then 140 log_note "$node not removed, but return code is 0." 141 return 1 142 fi 143 else 144 log_must $TAR xpf $TESTDIR/$ARCHIVEFILE 145 if [[ $ret -ne 0 ]]; then 146 log_note "$node removed, but return code is $ret." 147 return 1 148 fi 149 fi 150 return $ret 151} 152 153function logname #acl_parent acl_target user 154{ 155 typeset acl_parent=$1 156 typeset acl_target=$2 157 typeset user=$3 158 159 # To super user, read and write deny permission was override. 160 if [[ $user == root || $acl_target == *:allow ]]; then 161 print "log_must" 162 elif [[ $acl_parent == *"delete_child"* ]]; then 163 if [[ $acl_parent == *"delete_child:allow"* ]]; then 164 print "log_must" 165 else 166 print "log_mustnot" 167 fi 168 elif [[ $acl_parent == *"write_data"* ]]; then 169 if [[ $acl_parent == *"write_data:allow"* ]]; then 170 print "log_must" 171 else 172 print "log_mustnot" 173 fi 174 else 175 print "log_mustnot" 176 fi 177} 178 179function check_chmod_results #node flag acl_parent acl_target g_usr o_usr 180{ 181 typeset node=$1 182 typeset flag=$2 183 typeset acl_parent=$3 184 typeset acl_target=$2:$4 185 typeset g_usr=$5 186 typeset o_usr=$6 187 typeset log acl_tmp 188 189 for acl in $acl_parent ; do 190 acl_tmp="$2:$acl $acl_tmp" 191 done 192 acl_parent=$acl_tmp 193 194 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 195 log=$(logname "$acl_parent" $acl_target $ZFS_ACL_CUR_USER) 196 $log operate_node $ZFS_ACL_CUR_USER $node 197 fi 198 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 199 log=$(logname "$acl_parent" $acl_target $g_usr) 200 $log operate_node $g_usr $node 201 fi 202 if [[ $flag == "everyone@" ]]; then 203 log=$(logname "$acl_parent" $acl_target $o_usr) 204 $log operate_node $o_usr $node 205 fi 206 if [[ $flag == "user:"* ]]; then 207 typeset user=${flag#user:} 208 log=$(logname "$acl_parent" $acl_target $user) 209 $log operate_node $user $node 210 fi 211} 212 213function test_chmod_basic_access #node g_usr o_usr 214{ 215 typeset node=${1%/} 216 typeset g_usr=$2 217 typeset o_usr=$3 218 typeset flag acl_p acl_t parent 219 typeset -i i=0 220 221 parent=${node%/*} 222 223 for flag in ${a_flag[@]}; do 224 for acl_p in "${access_parent[@]}"; do 225 i=0 226 for acl in $acl_p ; do 227 log_must usr_exec $CHMOD A+$flag:$acl $parent 228 (( i = i + 1)) 229 done 230 231 for acl_t in "${access_target[@]}"; do 232 [[ -n $acl_t ]] && \ 233 log_must usr_exec $CHMOD A+$flag:$acl_t $node 234 235 log_must $TAR cpf $TESTDIR/$ARCHIVEFILE basedir 236 237 check_chmod_results "$node" "$flag" \ 238 "$acl_p" "$acl_t" "$g_usr" "$o_usr" 239 240 [[ -n $acl_t ]] && \ 241 log_must usr_exec $CHMOD A0- $node 242 done 243 244 while (( i > 0 )); do 245 log_must usr_exec $CHMOD A0- $parent 246 (( i = i - 1 )) 247 done 248 done 249 done 250} 251 252function setup_test_files #base_node user group 253{ 254 typeset base_node=$1 255 typeset user=$2 256 typeset group=$3 257 258 cleanup_test_files $base_node 259 260 log_must $MKDIR -p $base_node 261 log_must $CHOWN $user:$group $base_node 262 263 log_must set_cur_usr $user 264 265 # Prepare all files/sub-dirs for testing. 266 file0=$base_node/testfile_rm 267 dir0=$base_node/testdir_rm 268 269 log_must usr_exec $TOUCH $file0 270 log_must usr_exec $CHMOD 444 $file0 271 272 log_must usr_exec $MKDIR -p $dir0 273 log_must usr_exec $CHMOD 444 $dir0 274 275 log_must usr_exec $CHMOD 555 $base_node 276 return 0 277} 278 279function cleanup_test_files #base_node 280{ 281 typeset base_node=$1 282 283 if [[ -d $base_node ]]; then 284 log_must $RM -rf $base_node 285 elif [[ -e $base_node ]]; then 286 log_must $RM -f $base_node 287 fi 288 289 return 0 290} 291 292typeset cwd=$PWD 293typeset ARCHIVEFILE=archive.tar 294 295test_requires ZFS_ACL 296 297typeset -i i=0 298typeset -i j=0 299typeset target 300cd $TESTDIR 301while (( i < ${#users[@]} )); do 302 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 303 304 j=0 305 while (( j < 1 )); do 306 eval target=\$file$j 307 test_chmod_basic_access $target \ 308 "${users[((i+2))]}" "${users[((i+3))]}" 309 310 eval target=\$dir$j 311 test_chmod_basic_access $target \ 312 "${users[((i+2))]}" "${users[((i+3))]}" 313 314 (( j = j + 1 )) 315 done 316 317 (( i += 4 )) 318done 319 320log_pass "Verify that the combined delete_child/delete permission for" \ 321 "owner/group/everyone are correct." 322