1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"@(#)zfs_acl_chmod_rwx_003_pos.ksh	1.3	07/07/31 SMI"
28#
29
30. $STF_SUITE/tests/acl/acl_common.kshlib
31
32#################################################################################
33#
34# __stc_assertion_start
35#
36# ID: zfs_acl_chmod_rwx_003_pos
37#
38# DESCRIPTION:
39#	Verify that the read_data/write_data/execute permission for
40#	owner/group/everyone are correct.
41#
42# STRATEGY:
43#	1. Loop root and non-root user.
44#	2. Separated verify type@:access:allow|deny to file and directory
45#	3. To super user, read and write deny was override.
46#	4. According to ACE list and override rule, expect that
47#	   read/write/execute file or directory succeed or fail.
48#
49# TESTABILITY: explicit
50#
51# TEST_AUTOMATION_LEVEL: automated
52#
53# CODING_STATUS: COMPLETED (2005-10-09)
54#
55# __stc_assertion_end
56#
57################################################################################
58
59verify_runnable "both"
60
61#	owner@		group_users		other_users
62set -A users \
63	"root" 		"$ZFS_ACL_ADMIN" 	"$ZFS_ACL_OTHER1" \
64	"$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF2" 	"$ZFS_ACL_OTHER1"
65
66# In order to test execute permission, read_data was need firstly.
67set -A a_access "read_data" "write_data" "read_data/execute"
68set -A a_flag "owner@" "group@" "everyone@"
69
70log_assert "Verify that the read_data/write_data/execute permission for" \
71	"owner/group/everyone are correct."
72log_onexit cleanup
73
74function logname #node acl_spec user
75{
76	typeset node=$1
77	typeset acl_spec=$2
78	typeset user=$3
79
80	# To super user, read and write deny permission was override.
81	if [[ $acl_spec == *:allow ]] || \
82		[[ $user == root && -d $node ]] || \
83		[[ $user == root && $acl_spec != *"execute"* ]]
84	then
85		print "log_must"
86	elif [[ $acl_spec == *:deny ]]; then
87		print "log_mustnot"
88	fi
89}
90
91function check_chmod_results #node acl_spec g_usr o_usr
92{
93	typeset node=$1
94	typeset acl_spec=$2
95	typeset g_usr=$3
96	typeset o_usr=$4
97	typeset log
98
99	if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then
100		log=$(logname $node $acl_spec $ZFS_ACL_CUR_USER)
101		$log rwx_node $ZFS_ACL_CUR_USER $node $acl_spec
102	fi
103	if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then
104		log=$(logname $node $acl_spec $g_usr)
105		$log rwx_node $g_usr $node $acl_spec
106	fi
107	if [[ $acl_spec == "everyone@"* ]]; then
108		log=$(logname $node $acl_spec $o_usr)
109		$log rwx_node $o_usr $node $acl_spec
110	fi
111}
112
113function test_chmod_basic_access #node group_user other_user
114{
115	typeset node=$1
116	typeset g_usr=$2
117	typeset o_usr=$3
118	typeset flag access acl_spec
119
120	for flag in ${a_flag[@]}; do
121		for access in ${a_access[@]}; do
122			for tp in allow deny; do
123				acl_spec="$flag:$access:$tp"
124				log_must usr_exec $CHMOD A+$acl_spec $node
125				check_chmod_results \
126					$node $acl_spec $g_usr $o_usr
127				log_must usr_exec $CHMOD A0- $node
128			done
129		done
130	done
131}
132
133test_requires ZFS_ACL
134
135typeset -i i=0
136while (( i < ${#users[@]} )); do
137	log_must set_cur_usr ${users[i]}
138
139	log_must usr_exec $TOUCH $testfile
140	test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]}
141	log_must usr_exec $MKDIR $testdir
142	test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]}
143
144	log_must usr_exec $RM -rf $testfile $testdir
145
146	(( i += 3 ))
147done
148
149log_pass "Verify that the read_data/write_data/execute permission for" \
150	"owner/group/everyone passed."
151