1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_allow_003_pos.ksh	1.4	09/08/06 SMI"
30#
31
32. $STF_SUITE/tests/delegate/delegate_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_allow_003_pos
39#
40# DESCRIPTION:
41#	Verify option '-l' only allow permission to the dataset itself.
42#
43# STRATEGY:
44#	1. Create descendent datasets of $ROOT_TESTFS
45#	2. Select user, group and everyone and set local permission separately.
46#	3. Set locally permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
47#	4. Verify the permissions are only allow on $ROOT_TESTFS or
48#	   $ROOT_TESTVOL.
49#
50# TESTABILITY: explicit
51#
52# TEST_AUTOMATION_LEVEL: automated
53#
54# CODING_STATUS: COMPLETED (2006-09-19)
55#
56# __stc_assertion_end
57#
58################################################################################
59
60verify_runnable "both"
61
62log_assert "Verify option '-l' only allow permission to the dataset itself."
63log_onexit restore_root_datasets
64
65childfs=$ROOT_TESTFS/childfs
66
67eval set -A dataset $DATASETS
68enc=$(get_prop encryption $dataset)
69if [[ $? -eq 0 ]] && [[ -n "$enc" ]] && [[ "$enc" != "off" ]]; then
70	typeset perms="snapshot,reservation,compression,allow,\
71userprop"
72else
73	typeset perms="snapshot,reservation,compression,checksum,\
74allow,userprop"
75fi
76
77if check_version "5.10" ; then
78	perms="${perms},send"
79fi
80
81log_must $ZFS create $childfs
82
83for dtst in $DATASETS ; do
84	log_must $ZFS allow -l $STAFF1 $perms $dtst
85	log_must verify_perm $dtst $perms $STAFF1
86	if [[ $dtst == $ROOT_TESTFS ]] ; then
87		log_must verify_noperm $childfs $perms \
88			$STAFF1 $STAFF2 $OTHER1 $OTHER2
89	fi
90done
91
92log_must restore_root_datasets
93
94log_must $ZFS create $childfs
95for dtst in $DATASETS ; do
96	log_must $ZFS allow -l -g $STAFF_GROUP $perms $dtst
97	log_must verify_perm $dtst $perms $STAFF1 $STAFF2
98	if [[ $dtst == $ROOT_TESTFS ]] ; then
99		log_must verify_noperm $childfs $perms \
100			$STAFF1 $STAFF2 $OTHER1 $OTHER2
101	fi
102done
103
104log_must restore_root_datasets
105
106log_must $ZFS create $childfs
107for dtst in $DATASETS ; do
108	log_must $ZFS allow -l -e $perms $dtst
109	log_must verify_perm $dtst $perms $STAFF1 $STAFF2 $OTHER1 $OTHER2
110	if [[ $dtst == $ROOT_TESTFS ]] ; then
111		log_must verify_noperm $childfs $perms \
112			$STAFF1 $STAFF2 $OTHER1 $OTHER2
113	fi
114done
115
116log_must restore_root_datasets
117
118log_pass "Verify option '-l' only allow permission to the dataset itself pass."
119