1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_acl_chmod_rwx_003_pos.ksh	1.3	07/07/31 SMI"
30#
31
32. $STF_SUITE/tests/acl/acl_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_acl_chmod_rwx_003_pos
39#
40# DESCRIPTION:
41#	Verify that the read_data/write_data/execute permission for
42#	owner/group/everyone are correct.
43#
44# STRATEGY:
45#	1. Loop root and non-root user.
46#	2. Separated verify type@:access:allow|deny to file and directory
47#	3. To super user, read and write deny was override.
48#	4. According to ACE list and override rule, expect that
49#	   read/write/execute file or directory succeed or fail.
50#
51# TESTABILITY: explicit
52#
53# TEST_AUTOMATION_LEVEL: automated
54#
55# CODING_STATUS: COMPLETED (2005-10-09)
56#
57# __stc_assertion_end
58#
59################################################################################
60
61verify_runnable "both"
62
63#	owner@		group_users		other_users
64set -A users \
65	"root" 		"$ZFS_ACL_ADMIN" 	"$ZFS_ACL_OTHER1" \
66	"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF2" 	"$ZFS_ACL_OTHER1"
67
68# In order to test execute permission, read_data was need firstly.
69set -A a_access "read_data" "write_data" "read_data/execute"
70set -A a_flag "owner@" "group@" "everyone@"
71
72log_assert "Verify that the read_data/write_data/execute permission for" \
73	"owner/group/everyone are correct."
74log_onexit cleanup
75
76function logname #node acl_spec user
77{
78	typeset node=$1
79	typeset acl_spec=$2
80	typeset user=$3
81
82	# To super user, read and write deny permission was override.
83	if [[ $acl_spec == *:allow ]] || \
84		[[ $user == root && -d $node ]] || \
85		[[ $user == root && $acl_spec != *"execute"* ]]
86	then
87		print "log_must"
88	elif [[ $acl_spec == *:deny ]]; then
89		print "log_mustnot"
90	fi
91}
92
93function check_chmod_results #node acl_spec g_usr o_usr
94{
95	typeset node=$1
96	typeset acl_spec=$2
97	typeset g_usr=$3
98	typeset o_usr=$4
99	typeset log
100
101	if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then
102		log=$(logname $node $acl_spec $ZFS_ACL_CUR_USER)
103		$log rwx_node $ZFS_ACL_CUR_USER $node $acl_spec
104	fi
105	if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then
106		log=$(logname $node $acl_spec $g_usr)
107		$log rwx_node $g_usr $node $acl_spec
108	fi
109	if [[ $acl_spec == "everyone@"* ]]; then
110		log=$(logname $node $acl_spec $o_usr)
111		$log rwx_node $o_usr $node $acl_spec
112	fi
113}
114
115function test_chmod_basic_access #node group_user other_user
116{
117	typeset node=$1
118	typeset g_usr=$2
119	typeset o_usr=$3
120	typeset flag access acl_spec
121
122	for flag in ${a_flag[@]}; do
123		for access in ${a_access[@]}; do
124			for tp in allow deny; do
125				acl_spec="$flag:$access:$tp"
126				log_must usr_exec $CHMOD A+$acl_spec $node
127				check_chmod_results \
128					$node $acl_spec $g_usr $o_usr
129				log_must usr_exec $CHMOD A0- $node
130			done
131		done
132	done
133}
134
135test_requires ZFS_ACL
136
137typeset -i i=0
138while (( i < ${#users[@]} )); do
139	log_must set_cur_usr ${users[i]}
140
141	log_must usr_exec $TOUCH $testfile
142	test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]}
143	log_must usr_exec $MKDIR $testdir
144	test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]}
145
146	log_must usr_exec $RM -rf $testfile $testdir
147
148	(( i += 3 ))
149done
150
151log_pass "Verify that the read_data/write_data/execute permission for" \
152	"owner/group/everyone passed."
153