d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Copyright 2016 Nexenta Systems, Inc.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Verify chmod have correct behaviour on directories and files when
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# filesystem has the different aclmode setting
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 1. Loop super user and non-super user to run the test case.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 2. Create basedir and a set of subdirectores and files within it.
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 3. Separately chmod basedir with different aclmode options,
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# combine with the variable setting of aclmode:
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# "discard", "groupmask", or "passthrough".
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# 4. Verify each directories and files have the correct access control
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# capability.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy [[ -f $TARFILE ]] && log_must rm -f $TARFILE
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy [[ -d $basedir ]] && log_must rm -rf $basedir
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovlog_assert "Verify chmod have correct behaviour to directory and file when" \
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A aclmode_flag "discard" "groupmask" "passthrough"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovset -A argv "000" "444" "644" "777" "755" "231" "562" "413"
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov# Define the base directory and file
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedybasedir=$TESTDIR/basedir; ofile=$basedir/ofile; odir=$basedir/odir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Verify all the node have expected correct access control
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# According to the original bits, the input ACE access and ACE type, return the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# expect bits after 'chmod A0{+|=}'.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 bits which was make up of three bit 'rwx'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 bits_limit which was make up of three bit 'rwx'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $4 ACE access which is read_data, write_data or execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $5 ctrl which is to determine allow or deny according to owner/group bit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction cal_bits # isdir bits bits_limit acl_access ctrl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset -i ctrl=${5:-0}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_access == *"read_data"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_access == *"allow"* && $passthrough == 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_access == *"write_data"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_access == *"append_data"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# To translate an ace if the node is dir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 acl to be translated
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy acl=$prefix:$(cal_bits $isdir 7 7 $acl 0):$action
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# To verify if a new ACL is generated as result of
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# chmod operation.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 bit indicates whether owner/group bit
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 newmode indicates the mode changed using chmod
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 isdir indicate if the target is a directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy new_acl=${new_acl}${str}list_directory/read_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy new_acl=${new_acl}${str}write_data/append_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy new_acl=${new_acl}${str}add_file/write_data/
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy new_acl=${new_acl}add_subdirectory/append_data
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy status=$(check_new_acl $bit $newmode $isdir)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy status=$(check_new_acl $bit $newmode $isdir)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# According to inherited flag, verify subdirectories and files within it has
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# correct inherited access control.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction verify_aclmode # <aclmode> <node> <newmode>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # Define the nodes which will be affected by inherit.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # pass: to mark if the current ACE should apply to the target
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # passcnt: counter, if it achieves to maxnumber,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset -i count=0 pass=0 passcnt=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset -i bits=0 obits=0 bits_owner=0 isdir=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -d $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # no changes will be made to the ACL other than
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # generating the necessary ACL entries to represent
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # delete all ACL entries that don't represent
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # reduce user or group permissions. The permissions are
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # reduced, such that they are no greater than the group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # permission bits, unless it is a user entry that has the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # same UID as the owner of the file or directory.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # Then, the ACL permissions are reduced so that they are
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankov if [[ $acltemp == $owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -n $expect1 && $expect1 != $aclcur ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # If there's no any ACE be checked, it should be identify as
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -d $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ -f $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $? -ne 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_fail "Unexpect acl: $node, $aclmode ($newmode)"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must zfs set aclmode=$mode $TESTPOOL/$TESTFS
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -d $obj ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ -f $obj ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must verify_aclmode $mode $obj $newmode
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec rm -rf $basedir $TARFILE
232f5a2e6e6fcc0e7d4f5bd719cd5e6433a24020Yuri Pankovlog_pass "Verify chmod behaviour co-op with aclmode setting passed"