1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_allow_004_pos.ksh	1.4	09/08/06 SMI"
30#
31
32. $STF_SUITE/tests/delegate/delegate_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_allow_004_pos
39#
40# DESCRIPTION:
41#	Verify option '-d' allow permission to the descendent datasets, and not
42#	for this dataset itself.
43#
44# STRATEGY:
45#	1. Create descendent datasets of $ROOT_TESTFS
46#	2. Select user, group and everyone and set descendent permission
47#	   separately.
48#	3. Set descendent permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
49#	4. Verify those permissions are allowed to $ROOT_TESTFS's
50#	   descendent dataset.
51#	5. Verify the permissions are not allowed to $ROOT_TESTFS or
52#	   $ROOT_TESTVOL.
53#
54# TESTABILITY: explicit
55#
56# TEST_AUTOMATION_LEVEL: automated
57#
58# CODING_STATUS: COMPLETED (2006-09-18)
59#
60# __stc_assertion_end
61#
62################################################################################
63
64verify_runnable "both"
65
66log_assert "Verify option '-d' allow permission to the descendent datasets."
67log_onexit restore_root_datasets
68
69childfs=$ROOT_TESTFS/childfs
70
71eval set -A dataset $DATASETS
72enc=$(get_prop encryption $dataset)
73if [[ $? -eq 0 ]] && [[ -n "$enc" ]] && [[ "$enc" != "off" ]]; then
74	typeset perms="snapshot,reservation,compression,allow,\
75userprop"
76else
77	typeset perms="snapshot,reservation,compression,checksum,\
78allow,userprop"
79fi
80
81if check_version "5.10" ; then
82	perms="${perms},send"
83fi
84
85# Verify option '-d' only affect sub-datasets
86log_must $ZFS create $childfs
87for dtst in $DATASETS ; do
88	log_must $ZFS allow -d $STAFF1 $perms $dtst
89	log_must verify_noperm $dtst $perms $STAFF1
90	if [[ $dtst == $ROOT_TESTFS ]]; then
91		log_must verify_perm $childfs $perms $STAFF1
92	fi
93done
94
95log_must restore_root_datasets
96
97# Verify option '-d + -g' affect group in sub-datasets.
98log_must $ZFS create $childfs
99for dtst in $DATASETS ; do
100	log_must $ZFS allow -d -g $STAFF_GROUP $perms $dtst
101	log_must verify_noperm $dtst $perms $STAFF2
102	if [[ $dtst == $ROOT_TESTFS ]]; then
103		log_must verify_perm $childfs $perms $STAFF2
104	fi
105done
106
107log_must restore_root_datasets
108
109# Verify option '-d + -e' affect everyone in sub-datasets.
110log_must $ZFS create $childfs
111for dtst in $DATASETS ; do
112	log_must $ZFS allow -d -e $perms $dtst
113	log_must verify_noperm $dtst $perms $OTHER1 $OTHER2
114	if [[ $dtst == $ROOT_TESTFS ]]; then
115		log_must verify_perm $childfs $perms $OTHER1 $OTHER2
116	fi
117done
118
119log_must restore_root_datasets
120
121log_pass "Verify option '-d' allow permission to the descendent datasets pass."
122