d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#!/bin/ksh -p
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# DESCRIPTION:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Verify that the read_data/write_data/execute permission for
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# owner/group/everyone are correct.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# STRATEGY:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 1. Loop root and non-root user.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 2. Separated verify type@:access:allow|deny to file and directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 3. To super user, read and write deny was override.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 4. According to ACE list and override rule, expect that
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# read/write/execute file or directory succeed or fail.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyverify_runnable "both"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# owner@ group_users other_users
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A users \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# In order to test execute permission, read_data was need firstly.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A a_access "read_data" "write_data" "read_data/execute"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A a_flag "owner@" "group@" "everyone@"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_assert "Verify that the read_data/write_data/execute permission for" \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "owner/group/everyone are correct."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_onexit cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction logname #node acl_spec user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset acl_spec=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset user=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # To super user, read and write deny permission was override.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_spec == *:allow ]] || \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy [[ $user == root && -d $node ]] || \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy [[ $user == root && $acl_spec != *"execute"* ]]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy print "log_must"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ $acl_spec == *:deny ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy print "log_mustnot"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_chmod_results #node acl_spec g_usr o_usr
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset acl_spec=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset g_usr=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset o_usr=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset log
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=$(logname $node $acl_spec $ZFS_ACL_CUR_USER)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $log rwx_node $ZFS_ACL_CUR_USER $node $acl_spec
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=$(logname $node $acl_spec $g_usr)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $log rwx_node $g_usr $node $acl_spec
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $acl_spec == "everyone@"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=$(logname $node $acl_spec $o_usr)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $log rwx_node $o_usr $node $acl_spec
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction test_chmod_basic_access #node group_user other_user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset g_usr=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset o_usr=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset flag access acl_spec
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for flag in ${a_flag[@]}; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for access in ${a_access[@]}; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for tp in allow deny; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy acl_spec="$flag:$access:$tp"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A+$acl_spec $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_chmod_results \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $node $acl_spec $g_usr $o_usr
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset -i i=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedywhile (( i < ${#users[@]} )); do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must set_cur_usr ${users[i]}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec touch $testfile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]}
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec mkdir $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec rm -rf $testfile $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( i += 3 ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedydone
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_pass "Verify that the read_data/write_data/execute permission for" \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "owner/group/everyone passed."