1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"@(#)zfs_acl_chmod_owner_001_pos.ksh	1.4	09/01/13 SMI"
28#
29
30. $STF_SUITE/tests/acl/acl_common.kshlib
31
32#################################################################################
33#
34# __stc_assertion_start
35#
36# ID: zfs_acl_chmod_owner_001_pos
37#
38# DESCRIPTION:
39#	Verify that the write_owner for
40#	owner/group/everyone are correct.
41#
42# STRATEGY:
43# 1. Create file and  directory in zfs filesystem
44# 2. Set special write_owner ACE to the file and directory
45# 3. Try to chown/chgrp of the file and directory to take owner/group
46# 4. Verify that the owner/group are correct. Follow these rules:
47#  	(1) If uid is granted the write_owner permission,
48#		then it can only do chown to its own uid,
49#		or a group that they are a member of.
50#	(2) Owner will ignore permission of (1) even write_owner not granted.
51#	(3) Superuser will always permit whatever they do.
52#
53# TESTABILITY: explicit
54#
55# TEST_AUTOMATION_LEVEL: automated
56#
57# CODING_STATUS: COMPLETED (2005-10-26)
58#
59# __stc_assertion_end
60#
61################################################################################
62
63verify_runnable "both"
64
65function cleanup
66{
67	[[ ! -e $TESTDIR/$ARCHIVEFILE ]] && return 0
68
69	if [[ ! -e $target ]]; then
70		log_must $TAR xpf $TESTDIR/$ARCHIVEFILE
71	fi
72
73	(( ${#cwd} != 0 )) && cd $cwd
74	cleanup_test_files $TESTDIR/basedir
75	log_must $RM -f $TESTDIR/$ARCHIVEFILE
76	return 0
77}
78
79#owner@	          group                  group_users       other_users
80set -A users \
81"root"            "root"                 "$ZFS_ACL_ADMIN"  "$ZFS_ACL_OTHER1" \
82"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1"
83
84set -A a_access \
85	"write_owner:allow" \
86	"write_owner:deny"
87
88set -A a_flag "owner@" "group@" "everyone@"
89
90log_assert "Verify that the chown/chgrp could take owner/group " \
91	"while permission is granted."
92log_onexit cleanup
93
94#
95# Get the owner of a file/directory
96#
97function get_owner #node
98{
99	typeset node=$1
100	typeset value
101
102	if [[ -z $node ]]; then
103		log_fail "node are not defined."
104	fi
105
106	if [[ -d $node ]]; then
107		value=$($LS -dl $node | $AWK '{print $3}')
108	elif [[ -e $node ]]; then
109		value=$($LS -l $node | $AWK '{print $3}')
110	fi
111
112	$ECHO $value
113}
114
115#
116# Get the group of a file/directory
117#
118function get_group #node
119{
120	typeset node=$1
121	typeset value
122
123	if [[ -z $node ]]; then
124		log_fail "node are not defined."
125	fi
126
127	if [[ -d $node ]]; then
128		value=$($LS -dl $node | $AWK '{print $4}')
129	elif [[ -e $node ]]; then
130		value=$($LS -l $node | $AWK '{print $4}')
131	fi
132
133	$ECHO $value
134}
135
136
137#
138# Get the group name that a UID belongs to
139#
140function get_user_group #uid
141{
142	typeset uid=$1
143	typeset value
144
145	if [[ -z $uid ]]; then
146		log_fail "UID not defined."
147	fi
148
149	value=$(id $uid)
150
151	if [[ $? -eq 0 ]]; then
152		value=${value##*\(}
153		value=${value%%\)*}
154		$ECHO $value
155	else
156		log_fail "Invalid UID (uid)."
157	fi
158}
159
160function operate_node_owner #user node old_owner expect_owner
161{
162	typeset user=$1
163	typeset node=$2
164	typeset old_owner=$3
165	typeset expect_owner=$4
166	typeset ret new_owner
167
168	if [[ $user == "" || $node == "" ]]; then
169		log_fail "user, node are not defined."
170	fi
171
172	chgusr_exec $user $CHOWN $expect_owner $node ; ret=$?
173	new_owner=$(get_owner $node)
174
175	if [[ $new_owner != $old_owner ]]; then
176		$TAR xpf $TESTDIR/$ARCHIVEFILE
177	fi
178
179	if [[ $ret -eq 0 ]]; then
180		if [[ $new_owner != $expect_owner ]]; then
181			log_note "Owner not changed as expected " \
182				"($old_owner|$new_owner|$expect_owner), " \
183				"but return code is $ret."
184			return 1
185		fi
186	elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then
187		log_note "Owner changed ($old_owner|$new_owner), " \
188			"but return code is $ret."
189		return 2
190	fi
191
192	return $ret
193}
194
195function operate_node_group #user node old_group expect_group
196{
197	typeset user=$1
198	typeset node=$2
199	typeset old_group=$3
200	typeset expect_group=$4
201	typeset ret new_group
202
203	if [[ $user == "" || $node == "" ]]; then
204		log_fail "user, node are not defined."
205	fi
206
207	chgusr_exec $user $CHGRP $expect_group $node ; ret=$?
208	new_group=$(get_group $node)
209
210	if [[ $new_group != $old_group ]]; then
211		$TAR xpf $TESTDIR/$ARCHIVEFILE
212	fi
213
214	if [[ $ret -eq 0 ]]; then
215		if [[ $new_group != $expect_group ]]; then
216			log_note "Group not changed as expected " \
217				"($old_group|$new_group|$expect_group), " \
218				"but return code is $ret."
219			return 1
220		fi
221	elif [[ $ret -ne 0 && $new_group != $old_group ]]; then
222		log_note "Group changed ($old_group|$new_group), " \
223			"but return code is $ret."
224		return 2
225	fi
226
227	return $ret
228}
229
230function logname #acl_target user old new
231{
232	typeset acl_target=$1
233	typeset user=$2
234	typeset old=$3
235	typeset new=$4
236	typeset ret="log_mustnot"
237
238	# To super user, read and write deny permission was override.
239	if [[ $user == root ]]; then
240		ret="log_must"
241	elif [[ $user == $new ]] ; then
242		if [[ $user == $old || $acl_target == *:allow ]]; then
243			ret="log_must"
244		fi
245	fi
246
247	print $ret
248}
249
250function check_chmod_results #node flag acl_target g_usr o_usr
251{
252	typeset node=$1
253	typeset flag=$2
254	typeset acl_target=$2:$3
255	typeset g_usr=$4
256	typeset o_usr=$5
257	typeset log old_owner old_group new_owner new_group
258
259	old_owner=$(get_owner $node)
260	old_group=$(get_group $node)
261
262	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
263		for new_owner in $ZFS_ACL_CUR_USER "nobody"; do
264			new_group=$(get_user_group $new_owner)
265
266			log=$(logname $acl_target $ZFS_ACL_CUR_USER \
267				$old_owner $new_owner)
268
269			$log operate_node_owner $ZFS_ACL_CUR_USER $node \
270				$old_owner $new_owner
271
272			$log operate_node_group $ZFS_ACL_CUR_USER $node \
273				$old_group $new_group
274		done
275	fi
276	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
277		for new_owner in $g_usr "nobody"; do
278			new_group=$(get_user_group $new_owner)
279
280			log=$(logname $acl_target $g_usr $old_owner \
281				$new_owner)
282
283			$log operate_node_owner $g_usr $node \
284				$old_owner $new_owner
285
286			$log operate_node_group $g_usr \
287				$node $old_group $new_group
288		done
289	fi
290	if [[ $flag == "everyone@" ]]; then
291		for new_owner in $g_usr "nobody"; do
292			new_group=$(get_user_group $new_owner)
293
294			log=$(logname $acl_target $o_usr $old_owner \
295				$new_owner)
296
297			$log operate_node_owner $o_usr $node \
298				$old_owner $new_owner
299
300			$log operate_node_group $o_usr $node \
301				$old_group $new_group
302		done
303	fi
304}
305
306function test_chmod_basic_access #node g_usr o_usr
307{
308	typeset node=${1%/}
309	typeset g_usr=$2
310	typeset o_usr=$3
311	typeset flag acl_p acl_t parent
312
313	parent=${node%/*}
314
315	for flag in ${a_flag[@]}; do
316		for acl_t in "${a_access[@]}"; do
317			log_must usr_exec $CHMOD A+$flag:$acl_t $node
318
319			$TAR cpf $TESTDIR/$ARCHIVEFILE basedir
320
321			check_chmod_results "$node" "$flag" \
322				"$acl_t" "$g_usr" "$o_usr"
323
324			log_must usr_exec $CHMOD A0- $node
325		done
326	done
327}
328
329function setup_test_files #base_node user group
330{
331	typeset base_node=$1
332	typeset user=$2
333	typeset group=$3
334
335	cleanup_test_files $base_node
336
337	log_must $MKDIR -p $base_node
338	log_must $CHOWN $user:$group $base_node
339
340	log_must set_cur_usr $user
341
342	# Prepare all files/sub-dirs for testing.
343
344	file0=$base_node/testfile_rm
345
346	dir0=$base_node/testdir_rm
347
348	log_must usr_exec $TOUCH $file0
349	log_must usr_exec $CHMOD 444 $file0
350
351	log_must usr_exec $MKDIR -p $dir0
352	log_must usr_exec $CHMOD 444 $dir0
353
354	log_must usr_exec $CHMOD 555 $base_node
355	return 0
356}
357
358function cleanup_test_files #base_node
359{
360	typeset base_node=$1
361
362	if [[ -d $base_node ]]; then
363		log_must $RM -rf $base_node
364	elif [[ -e $base_node ]]; then
365		log_must $RM -f $base_node
366	fi
367
368	return 0
369}
370
371typeset cwd=$PWD
372typeset ARCHIVEFILE=archive.tar
373
374test_requires ZFS_ACL
375
376typeset -i i=0
377typeset -i j=0
378typeset target
379cd $TESTDIR
380while (( i < ${#users[@]} )); do
381	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
382
383	j=0
384	while (( j < 1 )); do
385		eval target=\$file$j
386		test_chmod_basic_access $target \
387			"${users[((i+2))]}" "${users[((i+3))]}"
388
389		eval target=\$dir$j
390		test_chmod_basic_access $target \
391			"${users[((i+2))]}" "${users[((i+3))]}"
392
393		(( j = j + 1 ))
394	done
395
396	(( i += 4 ))
397done
398
399log_pass "Verify that the chown/chgrp could take owner/group " \
400	"while permission is granted."
401