1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23# $FreeBSD$
24
25#
26# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
27# Use is subject to license terms.
28#
29# ident	"@(#)zfs_allow_010_pos.ksh	1.3	07/07/31 SMI"
30#
31
32. $STF_SUITE/tests/delegate/delegate_common.kshlib
33
34#################################################################################
35#
36# __stc_assertion_start
37#
38# ID: zfs_allow_010_pos
39#
40# DESCRIPTION:
41#	Scan the following permissions one by one to verify privileged user
42#	has correct permission delegation in datasets.
43#
44# STRATEGY:
45#	1. Delegate all the permission one by one to user on dataset.
46#	2. Verify privileged user has correct permission without any other
47#	   permissions allowed.
48#
49# TESTABILITY: explicit
50#
51# TEST_AUTOMATION_LEVEL: automated
52#
53# CODING_STATUS: COMPLETED (2006-11-02)
54#
55# __stc_assertion_end
56#
57################################################################################
58
59verify_runnable "both"
60
61log_assert "Verify privileged user has correct permissions once which was "\
62	"delegated to him in datasets"
63log_onexit restore_root_datasets
64
65#
66#				Results in	Results in
67#		Permission	Filesystem	Volume
68#
69set -A perms	create		true		false	\
70		snapshot	true		true	\
71		mount		true		false	\
72		send		true		true	\
73		allow		true		true	\
74		quota		true		false	\
75		reservation	true		true	\
76		recordsize	true		false	\
77		mountpoint	true		false	\
78		checksum	true		true	\
79		compression	true		true	\
80		canmount	true		false	\
81		atime		true		false	\
82		devices		true		false	\
83		exec		true		false	\
84		volsize		false		true	\
85		setuid		true		false	\
86		readonly	true		true	\
87		snapdir		true		false	\
88		userprop	true		true	\
89		aclmode		true		false	\
90		aclinherit	true		false	\
91		rollback	true		true	\
92		clone		true		true	\
93		rename		true		true	\
94		promote		true		true	\
95		zoned		true		false	\
96		shareiscsi	true		true	\
97		xattr		true		false	\
98		receive		true		false	\
99		destroy		true		true
100if is_global_zone; then
101	typeset -i n=${#perms[@]}
102	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
103	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
104fi
105
106for dtst in $DATASETS; do
107	typeset -i k=1
108	typeset type=$(get_prop type $dtst)
109	[[ $type == "volume" ]] && k=2
110
111	typeset -i i=0
112	while (( i < ${#perms[@]} )); do
113		log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst
114
115		if [[ ${perms[((i+k))]} == "true" ]]; then
116			log_must verify_perm $dtst ${perms[$i]} $STAFF1
117		else
118			log_must verify_noperm $dtst ${perms[$i]} $STAFF1
119		fi
120
121		log_must restore_root_datasets
122
123		((i += 3))
124	done
125done
126
127log_pass "Verify privileged user has correct permissions " \
128	"in datasets passed."
129