1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_acl_chmod_rwacl_001_pos.ksh	1.5	09/05/19 SMI"
30#
31
32. $STF_SUITE/tests/acl/acl_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_acl_chmod_rwacl_001_pos
39#
40# DESCRIPTION:
41#	Verify assigned read_acl/write_acl to owner@/group@/everyone@,
42#	specificied user and group. File have the correct access permission.
43#
44# STRATEGY:
45#	1. Separatedly verify file and directory was assigned read_acl/write_acl
46#	   by root and non-root user.
47#	2. Verify owner always can read and write acl, even deny.
48#	3. Verify group access permission, when group was assigned
49#	   read_acl/write_acl.
50#	4. Verify access permission, after everyone was assigned read_acl/write.
51#	5. Verify everyone@ was deny except specificied user, this user can read
52#	   and write acl.
53#	6. Verify the group was deny except specified user, this user can read
54#	   and write acl
55#
56# TESTABILITY: explicit
57#
58# TEST_AUTOMATION_LEVEL: automated
59#
60# CODING_STATUS: COMPLETED (2005-10-19)
61#
62# __stc_assertion_end
63#
64################################################################################
65
66verify_runnable "both"
67
68log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \
69	"behaviour to access permission."
70log_onexit cleanup
71
72function read_ACL #<node> <user1> <user2> ...
73{
74	typeset node=$1
75	typeset user
76	typeset -i ret
77
78	shift
79	for user in $@; do
80		chgusr_exec $user $LS -vd $node > /dev/null 2>&1
81		ret=$?
82		(( ret != 0 )) && return $ret
83
84		shift
85	done
86
87	return 0
88}
89
90function write_ACL #<node> <user1> <user2> ...
91{
92	typeset node=$1
93	typeset user
94	typeset -i ret before_cnt after_cnt
95
96	shift
97	for user in "$@"; do
98		before_cnt=$(count_ACE $node)
99		ret=$?;
100		(( ret != 0 )) && return $ret
101
102		chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node
103		ret=$?
104		(( ret != 0 )) && return $ret
105
106		after_cnt=$(count_ACE $node)
107		ret=$?
108		(( ret != 0 )) && return $ret
109
110		chgusr_exec $user $CHMOD A0- $node
111		ret=$?
112		(( ret != 0 )) && return $ret
113
114		if (( after_cnt - before_cnt != 1 )); then
115			return 1
116		fi
117
118		shift
119	done
120
121	return 0
122}
123
124function check_owner #<node>
125{
126	typeset node=$1
127
128	for acc in allow deny; do
129		log_must usr_exec \
130			$CHMOD A0+owner@:read_acl/write_acl:$acc $node
131		log_must read_ACL $node $ZFS_ACL_CUR_USER
132		log_must write_ACL $node $ZFS_ACL_CUR_USER
133		log_must usr_exec $CHMOD A0- $node
134	done
135}
136
137function check_group #<node>
138{
139	typeset node=$1
140
141	typeset grp_usr=""
142	if [[ $ZFS_ACL_CUR_USER == root ]]; then
143		grp_usr=$ZFS_ACL_ADMIN
144	elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then
145		grp_usr=$ZFS_ACL_STAFF2
146	fi
147
148	log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node
149	log_must read_ACL $node $grp_usr
150	log_must write_ACL $node $grp_usr
151	log_must usr_exec $CHMOD A0- $node
152
153	log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node
154	log_mustnot read_ACL $node $grp_usr
155	log_mustnot write_ACL $node $grp_usr
156	log_must usr_exec $CHMOD A0- $node
157}
158
159function check_everyone #<node>
160{
161	typeset node=$1
162
163	typeset flag
164	for flag in allow deny; do
165		if [[ $flag == allow ]]; then
166			log=log_must
167		else
168			log=log_mustnot
169		fi
170
171		log_must usr_exec \
172			$CHMOD A0+everyone@:read_acl/write_acl:$flag $node
173
174		$log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
175		$log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
176
177		log_must usr_exec $CHMOD A0- $node
178	done
179}
180
181function check_spec_user #<node>
182{
183	typeset node=$1
184
185	log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
186	log_must usr_exec \
187		$CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
188
189	# The specified user can read and write acl
190	log_must read_ACL $node $ZFS_ACL_OTHER1
191	log_must write_ACL $node $ZFS_ACL_OTHER1
192
193	# All the other user can't read and write acl
194	log_mustnot \
195		read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
196	log_mustnot \
197		write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
198
199	log_must usr_exec $CHMOD A0- $node
200	log_must usr_exec $CHMOD A0- $node
201}
202
203function check_spec_group #<node>
204{
205	typeset node=$1
206
207	log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
208	log_must usr_exec $CHMOD \
209		A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node
210
211	# The specified group can read and write acl
212	log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
213	log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
214
215	# All the other user can't read and write acl
216	log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
217	log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
218}
219
220function check_user_in_group #<node>
221{
222	typeset node=$1
223
224	log_must usr_exec $CHMOD \
225		A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node
226	log_must usr_exec $CHMOD \
227		A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
228	log_must read_ACL $node $ZFS_ACL_OTHER1
229	log_must write_ACL $node $ZFS_ACL_OTHER1
230	log_mustnot read_ACL $node $ZFS_ACL_OTHER2
231	log_mustnot write_ACL $node $ZFS_ACL_OTHER2
232
233	log_must usr_exec $CHMOD A0- $node
234	log_must usr_exec $CHMOD A0- $node
235}
236
237set -A func_name check_owner \
238		check_group \
239		check_everyone \
240		check_spec_user \
241		check_spec_group \
242		check_user_in_group
243
244test_requires ZFS_ACL
245
246for user in root $ZFS_ACL_STAFF1; do
247	log_must set_cur_usr $user
248
249	log_must usr_exec $TOUCH $testfile
250	log_must usr_exec $MKDIR $testdir
251
252	typeset func node
253	for func in ${func_name[@]}; do
254		for node in $testfile $testdir; do
255			eval $func \$node
256		done
257	done
258
259	log_must usr_exec $RM -rf $testfile $testdir
260done
261
262log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed."
263