acl/nontrivial/zfs_acl_chmod_aclmode_001_pos.ksh

d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#!/usr/bin/ksh -p
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Copyright 2016 Nexenta Systems, Inc.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# DESCRIPTION:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Verify chmod have correct behaviour on directories and files when
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# filesystem has the different aclmode setting
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# STRATEGY:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 1. Loop super user and non-super user to run the test case.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 2. Create basedir and a set of subdirectores and files within it.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 3. Separately chmod basedir with different aclmode options,
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov#    combine with the variable setting of aclmode:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov#    "discard", "groupmask", or "passthrough".
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 4. Verify each directories and files have the correct access control
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov#    capability.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyverify_runnable "both"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    (( ${#cwd} != 0 )) && cd $cwd
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -f $TARFILE ]] && log_must rm -f $TARFILE
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -d $basedir ]] && log_must rm -rf $basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovlog_assert "Verify chmod have correct behaviour to directory and file when" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "filesystem has the different aclmode setting"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_onexit cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A aclmode_flag "discard" "groupmask" "passthrough"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A ace_prefix \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "user:$ZFS_ACL_OTHER1" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "user:$ZFS_ACL_OTHER2" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "group:$ZFS_ACL_STAFF_GROUP" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "group:$ZFS_ACL_OTHER_GROUP"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A argv "000" "444" "644" "777" "755" "231" "562" "413"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A ace_file_preset \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "read_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "write_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "append_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "execute" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "read_data/write_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "read_data/write_data/append_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "write_data/append_data" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "read_data/execute" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "write_data/append_data/execute" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    "read_data/write_data/append_data/execute"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Define the base directory and file
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedybasedir=$TESTDIR/basedir;  ofile=$basedir/ofile; odir=$basedir/odir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedynfile=$basedir/nfile; ndir=$basedir/ndir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren KennedyTARFILE=$TESTDIR/tarfile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Verify all the node have expected correct access control
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyallnodes="$nfile $ndir"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# According to the original bits, the input ACE access and ACE type, return the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# expect bits after 'chmod A0{+|=}'.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 bits which was make up of three bit 'rwx'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 bits_limit which was make up of three bit 'rwx'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $4 ACE access which is read_data, write_data or execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $5 ctrl which is to determine allow or deny according to owner/group bit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction cal_bits # isdir bits bits_limit acl_access ctrl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i isdir=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i bits=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i bits_limit=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_access=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i ctrl=${5:-0}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset flagr=0 flagw=0 flagx=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset tmpstr
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if (( ctrl == 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( (( bits & 4 )) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagr=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( (( bits & 2 )) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagw=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( (( bits & 1 )) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagx=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov        # Determine ACE as per owner/group bit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        flagr=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        flagw=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        flagx=1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((bits & 4)) != 0 )) && \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            (( ((bits_limit & 4)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagr=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((bits & 2)) != 0 )) && \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            (( ((bits_limit & 2)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagw=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((bits & 1)) != 0 )) && \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            (( ((bits_limit & 1)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            flagx=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((flagr != 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $acl_access == *"read_data"* ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            if [[ $acl_access == *"allow"* &&
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                $passthrough == 0 ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                tmpstr=${tmpstr}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            elif ((isdir == 0)); then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                tmpstr=${tmpstr}/read_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                tmpstr=${tmpstr}/list_directory/read_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((flagw != 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $acl_access == *"allow"* && $passthrough == 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            tmpstr=${tmpstr}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if [[ $acl_access == *"write_data"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                if ((isdir == 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    tmpstr=${tmpstr}/write_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    tmpstr=${tmpstr}/add_file/write_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if [[ $acl_access == *"append_data"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                if ((isdir == 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    tmpstr=${tmpstr}/append_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    tmpstr=${tmpstr}/add_subdirectory
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    tmpstr=${tmpstr}/append_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((flagx != 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $acl_access == *"execute"* ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            if [[ $acl_access == *"allow"* &&
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                $passthrough == 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                tmpstr=${tmpstr}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                tmpstr=${tmpstr}/execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    tmpstr=${tmpstr#/}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo "$tmpstr"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# To translate an ace if the node is dir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 acl to be translated
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction translate_acl # isdir acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i isdir=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset who prefix acltemp action
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((isdir != 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        who=${acl%%:*}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        prefix=$who
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        acltemp=${acl#*:}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        acltemp=${acltemp%%:*}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        prefix=$prefix:$acltemp
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        action=${acl##*:}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        acl=$prefix:$(cal_bits $isdir 7 7 $acl 0):$action
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo "$acl"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# To verify if a new ACL is generated as result of
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# chmod operation.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 bit indicates whether owner/group bit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 newmode indicates the mode changed using chmod
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_new_acl # bit newmode isdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset bits=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset mode=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i isdir=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset new_acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset gbit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset ebit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset str=":"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    typeset dc=""
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov    gbit=${mode:1:1}
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov    ebit=${mode:2:1}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if (( ((bits & 4)) == 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((gbit & 4)) != 0 || \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            ((ebit & 4)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if ((isdir == 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}${str}read_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}${str}list_directory/read_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            str="/"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if (( ((bits & 2)) == 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((gbit & 2)) != 0 || \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            ((ebit & 2)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if ((isdir == 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}${str}write_data/append_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}${str}add_file/write_data/
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}add_subdirectory/append_data
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                dc="/delete_child"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            str="/"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if (( ((bits & 1)) == 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if (( ((gbit & 1)) != 0 || \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            ((ebit & 1)) != 0 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                new_acl=${new_acl}${str}execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov    new_acl=${new_acl}${dc}
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo "$new_acl"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction build_new_acl # newmode isdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset newmode=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset isdir=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset expect
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((flag == 0)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        prefix="owner@"
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov        bit=${newmode:0:1}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        status=$(check_new_acl $bit $newmode $isdir)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        prefix="group@"
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov        bit=${newmode:1:1}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        status=$(check_new_acl $bit $newmode $isdir)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    expect=$prefix$status:deny
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo $expect
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# According to inherited flag, verify subdirectories and files within it has
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# correct inherited access control.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction verify_aclmode # <aclmode> <node> <newmode>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # Define the nodes which will be affected by inherit.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset aclmode=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset newmode=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # count: the ACE item to fetch
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # pass: to mark if the current ACE should apply to the target
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # passcnt: counter, if it achieves to maxnumber,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    #   then no additional ACE should apply.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i count=0 pass=0 passcnt=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i bits=0 obits=0 bits_owner=0 isdir=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i total_acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i acl_count=$(count_ACE $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    ((total_acl = maxnumber + 3))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ -d $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        ((isdir = 1))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    ((i = maxnumber - 1))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    count=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    passcnt=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    flag=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    while ((i >= 0)); do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        pass=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        expect1=${acls[$i]}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        passthrough=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # aclmode=passthrough,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # no changes will be made to the ACL other than
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # generating the necessary ACL entries to represent
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # the new mode of the file or directory.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # aclmode=discard,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # delete all ACL entries that don't represent
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # the mode of the file.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # aclmode=groupmask,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # reduce user or group permissions.  The permissions are
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # reduced, such that they are no greater than the group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # permission bits, unless it is a user entry that has the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # same UID as the owner of the file or directory.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # Then, the ACL permissions are reduced so that they are
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # no greater than owner permission bits.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        case $aclmode in
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov        passthrough)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            if ((acl_count > total_acl)); then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                expect1=$(build_new_acl $newmode $isdir)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                flag=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                ((total_acl = total_acl + 1))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                ((i = i + 1))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                passthrough=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                expect1=$(translate_acl $isdir $expect1)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov        groupmask)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            if ((acl_count > total_acl)); then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                expect1=$(build_new_acl $newmode $isdir)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                flag=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                ((total_acl = total_acl + 1))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                ((i = i + 1))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            elif [[ $expect1 == *":allow"* ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                who=${expect1%%:*}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                aclaction=${expect1##*:}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                prefix=$who
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                acltemp=""
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                reduce=0
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                # To determine the mask bits
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                # according to the entry type.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                #
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                case $who in
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                owner@)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    pos=0
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                group@)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    pos=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                everyone@)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    pos=2
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                user)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    acltemp=${expect1#*:}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    acltemp=${acltemp%%:*}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    owner=$(get_owner $node)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    group=$(get_group $node)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    if [[ $acltemp == $owner ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        pos=0
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        pos=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    prefix=$prefix:$acltemp
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                group)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    acltemp=${expect1#*:}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    acltemp=${acltemp%%:*}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    pos=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    prefix=$prefix:$acltemp
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    reduce=1
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                esac
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                obits=${newmode:$pos:1}
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                ((bits = $obits))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                # permission should be no greater than the
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                # group permission bits
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                if ((reduce != 0)); then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ((bits &= ${newmode:1:1}))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    # The ACL permissions are reduced so
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    # that they are no greater than owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    # permission bits.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ((bits_owner = ${newmode:0:1}))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    ((bits &= $bits_owner))
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                if ((bits < obits)) && [[ -n $acltemp ]]; then
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    expect2=$prefix:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    new_bit=$(cal_bits $isdir $obits \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        $bits_owner $expect1 1)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    expect2=${expect2}${new_bit}:allow
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    expect2=$prefix:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    new_bit=$(cal_bits $isdir $obits \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        $obits $expect1 1)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    expect2=${expect2}${new_bit}:allow
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                priv=$(cal_bits $isdir $obits $bits_owner \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    $expect2 0)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                expect1=$prefix:$priv:$aclaction
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            else
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                expect1=$(translate_acl $isdir $expect1)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            fi
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov        discard)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            passcnt=maxnumber
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            break
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov            ;;
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        esac
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if ((pass == 0)) ; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            # Get the first ACE to do comparison
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            aclcur=$(get_ACE $node $count)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            aclcur=${aclcur#$count:}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if [[ -n $expect1 && $expect1 != $aclcur ]]; then
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy                ls -vd $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                log_fail "$aclmode $i #$count " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    "ACE: $aclcur, expect to be " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    "$expect1"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        ((count = count + 1))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        ((i = i - 1))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # If there's no any ACE be checked, it should be identify as
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # an normal file/dir, verify it.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    #
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if ((passcnt == maxnumber)); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ -d $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            compare_acls $node $odir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        elif [[ -f $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            compare_acls $node $ofile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $? -ne 0 ]]; then
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            ls -vd $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log_fail "Unexpect acl: $node, $aclmode ($newmode)"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset -i maxnumber=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset target
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset -i passthrough=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset -i flag=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfor mode in "${aclmode_flag[@]}"; do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must zfs set aclmode=$mode $TESTPOOL/$TESTFS
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    for user in root $ZFS_ACL_STAFF1; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_must set_cur_usr $user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec mkdir $basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec mkdir $odir
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec touch $ofile
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec mkdir $ndir
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec touch $nfile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        for obj in $allnodes; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            maxnumber=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            for preset in "${ace_file_preset[@]}"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                for prefix in "${ace_prefix[@]}"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    acl=$prefix:$preset
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    case $((maxnumber % 2)) in
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    0)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        acl=$acl:deny
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        ;;
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                    1)
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        acl=$acl:allow
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov                        ;;
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    esac
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy                    log_must usr_exec chmod A+$acl $obj
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    acls[$maxnumber]=$acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                    ((maxnumber = maxnumber + 1))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            # Archive the file and directory
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            log_must tar cpf@ $TARFILE $basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if [[ -d $obj ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                target=$odir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            elif [[ -f $obj ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                target=$ofile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            for newmode in "${argv[@]}"; do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy                log_must usr_exec chmod $newmode $obj
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy                log_must usr_exec chmod $newmode $target
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                log_must verify_aclmode $mode $obj $newmode
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy                log_must tar xpf@ $TARFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec rm -rf $basedir $TARFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedydone
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovlog_pass "Verify chmod behaviour co-op with aclmode setting passed"