1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# $FreeBSD$ 24 25# 26# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 27# Use is subject to license terms. 28# 29# ident "@(#)zfs_acl_chmod_rwacl_001_pos.ksh 1.5 09/05/19 SMI" 30# 31 32. $STF_SUITE/tests/acl/acl_common.kshlib 33 34################################################################################# 35# 36# __stc_assertion_start 37# 38# ID: zfs_acl_chmod_rwacl_001_pos 39# 40# DESCRIPTION: 41# Verify assigned read_acl/write_acl to owner@/group@/everyone@, 42# specificied user and group. File have the correct access permission. 43# 44# STRATEGY: 45# 1. Separatedly verify file and directory was assigned read_acl/write_acl 46# by root and non-root user. 47# 2. Verify owner always can read and write acl, even deny. 48# 3. Verify group access permission, when group was assigned 49# read_acl/write_acl. 50# 4. Verify access permission, after everyone was assigned read_acl/write. 51# 5. Verify everyone@ was deny except specificied user, this user can read 52# and write acl. 53# 6. Verify the group was deny except specified user, this user can read 54# and write acl 55# 56# TESTABILITY: explicit 57# 58# TEST_AUTOMATION_LEVEL: automated 59# 60# CODING_STATUS: COMPLETED (2005-10-19) 61# 62# __stc_assertion_end 63# 64################################################################################ 65 66verify_runnable "both" 67 68log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \ 69 "behaviour to access permission." 70log_onexit cleanup 71 72function read_ACL #<node> <user1> <user2> ... 73{ 74 typeset node=$1 75 typeset user 76 typeset -i ret 77 78 shift 79 for user in $@; do 80 chgusr_exec $user $LS -vd $node > /dev/null 2>&1 81 ret=$? 82 (( ret != 0 )) && return $ret 83 84 shift 85 done 86 87 return 0 88} 89 90function write_ACL #<node> <user1> <user2> ... 91{ 92 typeset node=$1 93 typeset user 94 typeset -i ret before_cnt after_cnt 95 96 shift 97 for user in "$@"; do 98 before_cnt=$(count_ACE $node) 99 ret=$?; 100 (( ret != 0 )) && return $ret 101 102 chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node 103 ret=$? 104 (( ret != 0 )) && return $ret 105 106 after_cnt=$(count_ACE $node) 107 ret=$? 108 (( ret != 0 )) && return $ret 109 110 chgusr_exec $user $CHMOD A0- $node 111 ret=$? 112 (( ret != 0 )) && return $ret 113 114 if (( after_cnt - before_cnt != 1 )); then 115 return 1 116 fi 117 118 shift 119 done 120 121 return 0 122} 123 124function check_owner #<node> 125{ 126 typeset node=$1 127 128 for acc in allow deny; do 129 log_must usr_exec \ 130 $CHMOD A0+owner@:read_acl/write_acl:$acc $node 131 log_must read_ACL $node $ZFS_ACL_CUR_USER 132 log_must write_ACL $node $ZFS_ACL_CUR_USER 133 log_must usr_exec $CHMOD A0- $node 134 done 135} 136 137function check_group #<node> 138{ 139 typeset node=$1 140 141 typeset grp_usr="" 142 if [[ $ZFS_ACL_CUR_USER == root ]]; then 143 grp_usr=$ZFS_ACL_ADMIN 144 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then 145 grp_usr=$ZFS_ACL_STAFF2 146 fi 147 148 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node 149 log_must read_ACL $node $grp_usr 150 log_must write_ACL $node $grp_usr 151 log_must usr_exec $CHMOD A0- $node 152 153 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node 154 log_mustnot read_ACL $node $grp_usr 155 log_mustnot write_ACL $node $grp_usr 156 log_must usr_exec $CHMOD A0- $node 157} 158 159function check_everyone #<node> 160{ 161 typeset node=$1 162 163 typeset flag 164 for flag in allow deny; do 165 if [[ $flag == allow ]]; then 166 log=log_must 167 else 168 log=log_mustnot 169 fi 170 171 log_must usr_exec \ 172 $CHMOD A0+everyone@:read_acl/write_acl:$flag $node 173 174 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 175 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 176 177 log_must usr_exec $CHMOD A0- $node 178 done 179} 180 181function check_spec_user #<node> 182{ 183 typeset node=$1 184 185 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 186 log_must usr_exec \ 187 $CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 188 189 # The specified user can read and write acl 190 log_must read_ACL $node $ZFS_ACL_OTHER1 191 log_must write_ACL $node $ZFS_ACL_OTHER1 192 193 # All the other user can't read and write acl 194 log_mustnot \ 195 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 196 log_mustnot \ 197 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 198 199 log_must usr_exec $CHMOD A0- $node 200 log_must usr_exec $CHMOD A0- $node 201} 202 203function check_spec_group #<node> 204{ 205 typeset node=$1 206 207 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 208 log_must usr_exec $CHMOD \ 209 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node 210 211 # The specified group can read and write acl 212 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 213 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 214 215 # All the other user can't read and write acl 216 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 217 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 218} 219 220function check_user_in_group #<node> 221{ 222 typeset node=$1 223 224 log_must usr_exec $CHMOD \ 225 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node 226 log_must usr_exec $CHMOD \ 227 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 228 log_must read_ACL $node $ZFS_ACL_OTHER1 229 log_must write_ACL $node $ZFS_ACL_OTHER1 230 log_mustnot read_ACL $node $ZFS_ACL_OTHER2 231 log_mustnot write_ACL $node $ZFS_ACL_OTHER2 232 233 log_must usr_exec $CHMOD A0- $node 234 log_must usr_exec $CHMOD A0- $node 235} 236 237set -A func_name check_owner \ 238 check_group \ 239 check_everyone \ 240 check_spec_user \ 241 check_spec_group \ 242 check_user_in_group 243 244test_requires ZFS_ACL 245 246for user in root $ZFS_ACL_STAFF1; do 247 log_must set_cur_usr $user 248 249 log_must usr_exec $TOUCH $testfile 250 log_must usr_exec $MKDIR $testdir 251 252 typeset func node 253 for func in ${func_name[@]}; do 254 for node in $testfile $testdir; do 255 eval $func \$node 256 done 257 done 258 259 log_must usr_exec $RM -rf $testfile $testdir 260done 261 262log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed." 263