1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2016 by Delphix. All rights reserved.
30# Copyright 2023 RackTop Systems, Inc.
31#
32
33. $STF_SUITE/tests/functional/acl/acl_common.kshlib
34
35#
36# DESCRIPTION:
37#	Verify that the write_xattr for remove the extended attributes of
38#	owner/group/everyone are correct.
39#
40# STRATEGY:
41# 1. Create file and  directory in zfs filesystem
42# 2. Set special write_xattr ACE to the file and directory
43# 3. Try to remove the extended attributes of the file and directory
44# 4. Verify above operation is successful.
45#
46
47verify_runnable "both"
48
49function cleanup
50{
51	cd $cwd
52
53	cleanup_test_files $TESTDIR/basedir
54
55	if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
56		log_must rm -f $TESTDIR/$ARCHIVEFILE
57	fi
58
59	return 0
60}
61
62#	owner@	group	group_users		other_users
63set -A users \
64	"root"	"root"	"$ZFS_ACL_ADMIN"	"$ZFS_ACL_OTHER1" \
65	"$ZFS_ACL_STAFF1"	"$ZFS_ACL_STAFF_GROUP"	"$ZFS_ACL_STAFF2" \
66	"$ZFS_ACL_OTHER1"
67
68set -A a_access \
69	"write_xattr:allow" \
70	"write_xattr:deny"
71
72set -A a_flag "owner@" "group@" "everyone@"
73
74MYTESTFILE=/etc/passwd
75
76log_assert "Verify that the permission of write_xattr for " \
77	"owner/group/everyone while remove extended attributes are correct."
78log_onexit cleanup
79
80function operate_node #user node acl
81{
82	typeset user=$1
83	typeset node=$2
84	typeset acl_t=$3
85	typeset ret
86
87	if [[ $user == "" || $node == "" ]]; then
88		log_fail "user, node are not defined."
89	fi
90
91	chgusr_exec $user runat $node rm -f attr.0 ; ret=$?
92
93	if [[ $ret -eq 0 ]]; then
94		log_must cleanup_test_files $TESTDIR/basedir
95		log_must tar xpf@ $TESTDIR/$ARCHIVEFILE
96	fi
97
98	return $ret
99}
100
101function logname #acl_target owner user
102{
103	typeset acl_target=$1
104	typeset owner=$2
105	typeset user=$3
106	typeset ret="log_mustnot"
107
108	# To super user, read and write deny permission was override.
109	if [[ $user == root || $owner == $user ]] then
110		ret="log_must"
111	fi
112
113	print $ret
114}
115
116function check_chmod_results #node flag acl_target owner g_usr o_usr
117{
118	typeset node=$1
119	typeset flag=$2
120	typeset acl_target=$2:$3
121	typeset owner=$4
122	typeset g_usr=$5
123	typeset o_usr=$6
124	typeset log
125
126	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
127		log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER)
128		$log operate_node $ZFS_ACL_CUR_USER $node $acl_target
129	fi
130	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
131		log=$(logname $acl_target $owner $g_usr)
132		$log operate_node $g_usr $node $acl_target
133	fi
134	if [[ $flag == "everyone@" ]]; then
135		log=$(logname $acl_target $owner $o_usr)
136		$log operate_node $o_usr $node $acl_target
137	fi
138}
139
140function test_chmod_basic_access #node owner g_usr o_usr
141{
142	typeset node=${1%/}
143	typeset owner=$2
144	typeset g_usr=$3
145	typeset o_usr=$4
146	typeset flag acl_p acl_t parent
147
148	parent=${node%/*}
149
150	for flag in ${a_flag[@]}; do
151		for acl_t in "${a_access[@]}"; do
152			log_must usr_exec chmod A+$flag:$acl_t $node
153
154			log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir
155
156			check_chmod_results "$node" "$flag" \
157				"$acl_t" "$owner" "$g_usr" "$o_usr"
158
159			log_pos usr_exec chmod A-$flag:$acl_t $node
160		done
161	done
162}
163
164function setup_test_files #base_node user group
165{
166	typeset base_node=$1
167	typeset user=$2
168	typeset group=$3
169
170	cleanup_test_files $base_node
171
172	log_must mkdir -p $base_node
173	log_must chown $user:$group $base_node
174
175	log_must set_cur_usr $user
176
177	# Prepare all files/sub-dirs for testing.
178
179	file0=$base_node/testfile_rm
180
181	dir0=$base_node/testdir_rm
182
183	log_must usr_exec touch $file0
184	log_must usr_exec chmod 444 $file0
185
186	log_must usr_exec runat $file0 cp $MYTESTFILE attr.0
187
188	log_must usr_exec mkdir -p $dir0
189	log_must usr_exec chmod 555 $dir0
190
191	log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0
192
193	log_must usr_exec chmod 555 $base_node
194	return 0
195}
196
197function cleanup_test_files #base_node
198{
199	typeset base_node=$1
200
201	if [[ -d $base_node ]]; then
202		log_must rm -rf $base_node
203	elif [[ -e $base_node ]]; then
204		log_must rm -f $base_node
205	fi
206
207	return 0
208}
209
210typeset cwd=$PWD
211typeset ARCHIVEFILE=archive.tar
212
213typeset -i i=0
214typeset -i j=0
215typeset target
216
217while (( i < ${#users[@]} )); do
218	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
219	cd $TESTDIR
220
221	j=0
222	while (( j < 1 )); do
223		eval target=\$file$j
224		test_chmod_basic_access $target ${users[i]} \
225			"${users[((i+2))]}" "${users[((i+3))]}"
226
227		eval target=\$dir$j
228		test_chmod_basic_access $target ${users[i]} \
229			"${users[((i+2))]}" "${users[((i+3))]}"
230
231		(( j = j + 1 ))
232	done
233
234	(( i += 4 ))
235done
236
237log_pass "Verify that the permission of write_xattr for " \
238	"owner/group/everyone while remove extended attributes are correct."
239