1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26
27. $STF_SUITE/tests/delegate/delegate_common.kshlib
28
29#################################################################################
30#
31# __stc_assertion_start
32#
33# ID: zfs_allow_003_pos
34#
35# DESCRIPTION:
36#	Verify option '-l' only allow permission to the dataset itself.
37#
38# STRATEGY:
39#	1. Create descendent datasets of $ROOT_TESTFS
40#	2. Select user, group and everyone and set local permission separately.
41#	3. Set locally permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
42#	4. Verify the permissions are only allow on $ROOT_TESTFS or
43#	   $ROOT_TESTVOL.
44#
45# TESTABILITY: explicit
46#
47# TEST_AUTOMATION_LEVEL: automated
48#
49# CODING_STATUS: COMPLETED (2006-09-19)
50#
51# __stc_assertion_end
52#
53################################################################################
54
55verify_runnable "both"
56
57log_assert "Verify option '-l' only allow permission to the dataset itself."
58
59childfs=$ROOT_TESTFS/childfs
60
61eval set -A dataset $DATASETS
62enc=$(get_prop encryption $dataset)
63if [[ $? -eq 0 ]] && [[ -n "$enc" ]] && [[ "$enc" != "off" ]]; then
64	typeset perms="snapshot,reservation,compression,allow,\
65userprop"
66else
67	typeset perms="snapshot,reservation,compression,checksum,\
68allow,userprop"
69fi
70
71log_must $ZFS create $childfs
72
73for dtst in $DATASETS ; do
74	log_must $ZFS allow -l $STAFF1 $perms $dtst
75	log_must verify_perm $dtst $perms $STAFF1
76	if [[ $dtst == $ROOT_TESTFS ]] ; then
77		log_must verify_noperm $childfs $perms \
78			$STAFF1 $STAFF2 $OTHER1 $OTHER2
79	fi
80done
81
82log_must restore_root_datasets
83
84log_must $ZFS create $childfs
85for dtst in $DATASETS ; do
86	log_must $ZFS allow -l -g $STAFF_GROUP $perms $dtst
87	log_must verify_perm $dtst $perms $STAFF1 $STAFF2
88	if [[ $dtst == $ROOT_TESTFS ]] ; then
89		log_must verify_noperm $childfs $perms \
90			$STAFF1 $STAFF2 $OTHER1 $OTHER2
91	fi
92done
93
94log_must restore_root_datasets
95
96log_must $ZFS create $childfs
97for dtst in $DATASETS ; do
98	log_must $ZFS allow -l -e $perms $dtst
99	log_must verify_perm $dtst $perms $STAFF1 $STAFF2 $OTHER1 $OTHER2
100	if [[ $dtst == $ROOT_TESTFS ]] ; then
101		log_must verify_noperm $childfs $perms \
102			$STAFF1 $STAFF2 $OTHER1 $OTHER2
103	fi
104done
105
106log_pass "Verify option '-l' only allow permission to the dataset itself pass."
107