1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27# ident "@(#)zfs_acl_chmod_owner_001_pos.ksh 1.4 09/01/13 SMI" 28# 29 30. $STF_SUITE/tests/acl/acl_common.kshlib 31 32################################################################################# 33# 34# __stc_assertion_start 35# 36# ID: zfs_acl_chmod_owner_001_pos 37# 38# DESCRIPTION: 39# Verify that the write_owner for 40# owner/group/everyone are correct. 41# 42# STRATEGY: 43# 1. Create file and directory in zfs filesystem 44# 2. Set special write_owner ACE to the file and directory 45# 3. Try to chown/chgrp of the file and directory to take owner/group 46# 4. Verify that the owner/group are correct. Follow these rules: 47# (1) If uid is granted the write_owner permission, 48# then it can only do chown to its own uid, 49# or a group that they are a member of. 50# (2) Owner will ignore permission of (1) even write_owner not granted. 51# (3) Superuser will always permit whatever they do. 52# 53# TESTABILITY: explicit 54# 55# TEST_AUTOMATION_LEVEL: automated 56# 57# CODING_STATUS: COMPLETED (2005-10-26) 58# 59# __stc_assertion_end 60# 61################################################################################ 62 63verify_runnable "both" 64 65function cleanup 66{ 67 [[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0 68 69 if [[ ! -e $target ]]; then 70 log_must $TAR xpf $TESTDIR/$ARCHIVEFILE 71 fi 72 73 (( ${#cwd} != 0 )) && cd $cwd 74 cleanup_test_files $TESTDIR/basedir 75 log_must $RM -f $TESTDIR/$ARCHIVEFILE 76 return 0 77} 78 79#owner@ group group_users other_users 80set -A users \ 81"root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 82"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1" 83 84set -A a_access \ 85 "write_owner:allow" \ 86 "write_owner:deny" 87 88set -A a_flag "owner@" "group@" "everyone@" 89 90log_assert "Verify that the chown/chgrp could take owner/group " \ 91 "while permission is granted." 92log_onexit cleanup 93 94# 95# Get the owner of a file/directory 96# 97function get_owner #node 98{ 99 typeset node=$1 100 typeset value 101 102 if [[ -z $node ]]; then 103 log_fail "node are not defined." 104 fi 105 106 if [[ -d $node ]]; then 107 value=$($LS -dl $node | $AWK '{print $3}') 108 elif [[ -e $node ]]; then 109 value=$($LS -l $node | $AWK '{print $3}') 110 fi 111 112 $ECHO $value 113} 114 115# 116# Get the group of a file/directory 117# 118function get_group #node 119{ 120 typeset node=$1 121 typeset value 122 123 if [[ -z $node ]]; then 124 log_fail "node are not defined." 125 fi 126 127 if [[ -d $node ]]; then 128 value=$($LS -dl $node | $AWK '{print $4}') 129 elif [[ -e $node ]]; then 130 value=$($LS -l $node | $AWK '{print $4}') 131 fi 132 133 $ECHO $value 134} 135 136 137# 138# Get the group name that a UID belongs to 139# 140function get_user_group #uid 141{ 142 typeset uid=$1 143 typeset value 144 145 if [[ -z $uid ]]; then 146 log_fail "UID not defined." 147 fi 148 149 value=$(id $uid) 150 151 if [[ $? -eq 0 ]]; then 152 value=${value##*\(} 153 value=${value%%\)*} 154 $ECHO $value 155 else 156 log_fail "Invalid UID (uid)." 157 fi 158} 159 160function operate_node_owner #user node old_owner expect_owner 161{ 162 typeset user=$1 163 typeset node=$2 164 typeset old_owner=$3 165 typeset expect_owner=$4 166 typeset ret new_owner 167 168 if [[ $user == "" || $node == "" ]]; then 169 log_fail "user, node are not defined." 170 fi 171 172 chgusr_exec $user $CHOWN $expect_owner $node ; ret=$? 173 new_owner=$(get_owner $node) 174 175 if [[ $new_owner != $old_owner ]]; then 176 $TAR xpf $TESTDIR/$ARCHIVEFILE 177 fi 178 179 if [[ $ret -eq 0 ]]; then 180 if [[ $new_owner != $expect_owner ]]; then 181 log_note "Owner not changed as expected " \ 182 "($old_owner|$new_owner|$expect_owner), " \ 183 "but return code is $ret." 184 return 1 185 fi 186 elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then 187 log_note "Owner changed ($old_owner|$new_owner), " \ 188 "but return code is $ret." 189 return 2 190 fi 191 192 return $ret 193} 194 195function operate_node_group #user node old_group expect_group 196{ 197 typeset user=$1 198 typeset node=$2 199 typeset old_group=$3 200 typeset expect_group=$4 201 typeset ret new_group 202 203 if [[ $user == "" || $node == "" ]]; then 204 log_fail "user, node are not defined." 205 fi 206 207 chgusr_exec $user $CHGRP $expect_group $node ; ret=$? 208 new_group=$(get_group $node) 209 210 if [[ $new_group != $old_group ]]; then 211 $TAR xpf $TESTDIR/$ARCHIVEFILE 212 fi 213 214 if [[ $ret -eq 0 ]]; then 215 if [[ $new_group != $expect_group ]]; then 216 log_note "Group not changed as expected " \ 217 "($old_group|$new_group|$expect_group), " \ 218 "but return code is $ret." 219 return 1 220 fi 221 elif [[ $ret -ne 0 && $new_group != $old_group ]]; then 222 log_note "Group changed ($old_group|$new_group), " \ 223 "but return code is $ret." 224 return 2 225 fi 226 227 return $ret 228} 229 230function logname #acl_target user old new 231{ 232 typeset acl_target=$1 233 typeset user=$2 234 typeset old=$3 235 typeset new=$4 236 typeset ret="log_mustnot" 237 238 # To super user, read and write deny permission was override. 239 if [[ $user == root ]]; then 240 ret="log_must" 241 elif [[ $user == $new ]] ; then 242 if [[ $user == $old || $acl_target == *:allow ]]; then 243 ret="log_must" 244 fi 245 fi 246 247 print $ret 248} 249 250function check_chmod_results #node flag acl_target g_usr o_usr 251{ 252 typeset node=$1 253 typeset flag=$2 254 typeset acl_target=$2:$3 255 typeset g_usr=$4 256 typeset o_usr=$5 257 typeset log old_owner old_group new_owner new_group 258 259 old_owner=$(get_owner $node) 260 old_group=$(get_group $node) 261 262 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 263 for new_owner in $ZFS_ACL_CUR_USER "nobody"; do 264 new_group=$(get_user_group $new_owner) 265 266 log=$(logname $acl_target $ZFS_ACL_CUR_USER \ 267 $old_owner $new_owner) 268 269 $log operate_node_owner $ZFS_ACL_CUR_USER $node \ 270 $old_owner $new_owner 271 272 $log operate_node_group $ZFS_ACL_CUR_USER $node \ 273 $old_group $new_group 274 done 275 fi 276 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 277 for new_owner in $g_usr "nobody"; do 278 new_group=$(get_user_group $new_owner) 279 280 log=$(logname $acl_target $g_usr $old_owner \ 281 $new_owner) 282 283 $log operate_node_owner $g_usr $node \ 284 $old_owner $new_owner 285 286 $log operate_node_group $g_usr \ 287 $node $old_group $new_group 288 done 289 fi 290 if [[ $flag == "everyone@" ]]; then 291 for new_owner in $g_usr "nobody"; do 292 new_group=$(get_user_group $new_owner) 293 294 log=$(logname $acl_target $o_usr $old_owner \ 295 $new_owner) 296 297 $log operate_node_owner $o_usr $node \ 298 $old_owner $new_owner 299 300 $log operate_node_group $o_usr $node \ 301 $old_group $new_group 302 done 303 fi 304} 305 306function test_chmod_basic_access #node g_usr o_usr 307{ 308 typeset node=${1%/} 309 typeset g_usr=$2 310 typeset o_usr=$3 311 typeset flag acl_p acl_t parent 312 313 parent=${node%/*} 314 315 for flag in ${a_flag[@]}; do 316 for acl_t in "${a_access[@]}"; do 317 log_must usr_exec $CHMOD A+$flag:$acl_t $node 318 319 $TAR cpf $TESTDIR/$ARCHIVEFILE basedir 320 321 check_chmod_results "$node" "$flag" \ 322 "$acl_t" "$g_usr" "$o_usr" 323 324 log_must usr_exec $CHMOD A0- $node 325 done 326 done 327} 328 329function setup_test_files #base_node user group 330{ 331 typeset base_node=$1 332 typeset user=$2 333 typeset group=$3 334 335 cleanup_test_files $base_node 336 337 log_must $MKDIR -p $base_node 338 log_must $CHOWN $user:$group $base_node 339 340 log_must set_cur_usr $user 341 342 # Prepare all files/sub-dirs for testing. 343 344 file0=$base_node/testfile_rm 345 346 dir0=$base_node/testdir_rm 347 348 log_must usr_exec $TOUCH $file0 349 log_must usr_exec $CHMOD 444 $file0 350 351 log_must usr_exec $MKDIR -p $dir0 352 log_must usr_exec $CHMOD 444 $dir0 353 354 log_must usr_exec $CHMOD 555 $base_node 355 return 0 356} 357 358function cleanup_test_files #base_node 359{ 360 typeset base_node=$1 361 362 if [[ -d $base_node ]]; then 363 log_must $RM -rf $base_node 364 elif [[ -e $base_node ]]; then 365 log_must $RM -f $base_node 366 fi 367 368 return 0 369} 370 371typeset cwd=$PWD 372typeset ARCHIVEFILE=archive.tar 373 374test_requires ZFS_ACL 375 376typeset -i i=0 377typeset -i j=0 378typeset target 379cd $TESTDIR 380while (( i < ${#users[@]} )); do 381 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 382 383 j=0 384 while (( j < 1 )); do 385 eval target=\$file$j 386 test_chmod_basic_access $target \ 387 "${users[((i+2))]}" "${users[((i+3))]}" 388 389 eval target=\$dir$j 390 test_chmod_basic_access $target \ 391 "${users[((i+2))]}" "${users[((i+3))]}" 392 393 (( j = j + 1 )) 394 done 395 396 (( i += 4 )) 397done 398 399log_pass "Verify that the chown/chgrp could take owner/group " \ 400 "while permission is granted." 401