1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26
27. $STF_SUITE/tests/delegate/delegate_common.kshlib
28
29#################################################################################
30#
31# __stc_assertion_start
32#
33# ID: zfs_allow_004_pos
34#
35# DESCRIPTION:
36#	Verify option '-d' allow permission to the descendent datasets, and not
37#	for this dataset itself.
38#
39# STRATEGY:
40#	1. Create descendent datasets of $ROOT_TESTFS
41#	2. Select user, group and everyone and set descendent permission
42#	   separately.
43#	3. Set descendent permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
44#	4. Verify those permissions are allowed to $ROOT_TESTFS's
45#	   descendent dataset.
46#	5. Verify the permissions are not allowed to $ROOT_TESTFS or
47#	   $ROOT_TESTVOL.
48#
49# TESTABILITY: explicit
50#
51# TEST_AUTOMATION_LEVEL: automated
52#
53# CODING_STATUS: COMPLETED (2006-09-18)
54#
55# __stc_assertion_end
56#
57################################################################################
58
59verify_runnable "both"
60
61log_assert "Verify option '-d' allow permission to the descendent datasets."
62log_onexit restore_root_datasets
63
64childfs=$ROOT_TESTFS/childfs
65
66eval set -A dataset $DATASETS
67enc=$(get_prop encryption $dataset)
68if [[ $? -eq 0 ]] && [[ -n "$enc" ]] && [[ "$enc" != "off" ]]; then
69	typeset perms="snapshot,reservation,compression,allow,\
70userprop"
71else
72	typeset perms="snapshot,reservation,compression,checksum,\
73allow,userprop"
74fi
75
76if check_version "5.10" ; then
77	perms="${perms},send"
78fi
79
80# Verify option '-d' only affect sub-datasets
81log_must $ZFS create $childfs
82for dtst in $DATASETS ; do
83	log_must $ZFS allow -d $STAFF1 $perms $dtst
84	log_must verify_noperm $dtst $perms $STAFF1
85	if [[ $dtst == $ROOT_TESTFS ]]; then
86		log_must verify_perm $childfs $perms $STAFF1
87	fi
88done
89
90log_must restore_root_datasets
91
92# Verify option '-d + -g' affect group in sub-datasets.
93log_must $ZFS create $childfs
94for dtst in $DATASETS ; do
95	log_must $ZFS allow -d -g $STAFF_GROUP $perms $dtst
96	log_must verify_noperm $dtst $perms $STAFF2
97	if [[ $dtst == $ROOT_TESTFS ]]; then
98		log_must verify_perm $childfs $perms $STAFF2
99	fi
100done
101
102log_must restore_root_datasets
103
104# Verify option '-d + -e' affect everyone in sub-datasets.
105log_must $ZFS create $childfs
106for dtst in $DATASETS ; do
107	log_must $ZFS allow -d -e $perms $dtst
108	log_must verify_noperm $dtst $perms $OTHER1 $OTHER2
109	if [[ $dtst == $ROOT_TESTFS ]]; then
110		log_must verify_perm $childfs $perms $OTHER1 $OTHER2
111	fi
112done
113
114log_must restore_root_datasets
115
116log_pass "Verify option '-d' allow permission to the descendent datasets pass."
117