#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
# Copyright 2016 Nexenta Systems, Inc.
#
#
#
function cleanup_user_group
{
typeset i
del_user $i
done
for i in $STAFF_GROUP $OTHER_GROUP ; do
del_group $i
done
return 0
}
#
# Restore test file system to the original status.
#
function restore_root_datasets
{
if datasetexists $ROOT_TESTFS ; then
fi
if is_global_zone ; then
if datasetexists $ROOT_TESTVOL ; then
fi
fi
return 0
}
#
# Verify the specified user have permission on the dataset
#
# $1 dataset
# $2 permissions which are separated by comma(,)
# $3-n users
#
function verify_perm
{
typeset dtst=$1
typeset permissions=$2
shift 2
if [[ -z $@ || -z $permissions || -z $dtst ]]; then
return 1
fi
typeset user
typeset perm
for perm in $permissions; do
typeset -i ret=1
ret=$?
ret=$?
fi
"on $dtst"
return 1
fi
done
done
return 0
}
#
# Verify the specified user have no permission on the dataset
#
# $1 dataset
# $2 permissions which are separated by comma(,)
# $3-n users
#
function verify_noperm
{
typeset dtst=$1
typeset permissions=$2
shift 2
if [[ -z $@ || -z $permissions || -z $dtst ]]; then
return 1
fi
typeset user
typeset perm
for perm in $permissions; do
typeset -i ret=1
ret=$?
ret=$?
fi
"on $dtst"
return 1
fi
done
done
return 0
}
function common_perm
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset -i ret=1
send)
ret=$?
;;
ret=$?
;;
ret=$?
;;
compression|checksum|readonly)
ret=$?
;;
ret=$?
;;
ret=$?
;;
*)
ret=1
;;
esac
return $ret
}
function check_fs_perm
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset -i ret=1
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
*)
ret=$?
;;
esac
return $ret
}
function check_vol_perm
{
typeset user=$1
typeset perm=$2
typeset vol=$3
typeset -i ret=1
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
ret=$?
;;
*)
ret=$?
;;
esac
return $ret
}
function setup_unallow_testenv
{
if [[ $dtst == $ROOT_TESTFS ]]; then
fi
done
return 0
}
#
# Verify permission send for specified user on the dataset
# $1 user
# $2 permission
# $3 dataset
#
function verify_send
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset oldval
typeset -i ret=1
ret=0
fi
return $ret
}
function verify_fs_receive
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset dtst
if is_global_zone ; then
fi
if datasetexists $dtstsnap ; then
return 1
fi
if datasetexists $dtstsnap ; then
return 1
fi
if datasetexists $dtstsnap ; then
return 1
fi
if ! datasetexists $dtstsnap ; then
return 1
fi
# check the data integrity
return 1
fi
done
return 0
}
function verify_userprop
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
return 1
fi
return 0
}
function verify_ccr
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset oldval
set -A modes "on" "off"
n=1
n=0
fi
return 1
fi
return 0
}
function verify_copies
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset oldval
set -A modes 1 2 3
n=1
n=2
n=0
fi
return 1
fi
return 0
}
function verify_reservation
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset oldval=$(get_prop reservation $dtst)
return 1
fi
return 0
}
function verify_fs_create
{
typeset user=$1
typeset perm=$2
typeset fs=$3
if datasetexists $newfs ; then
return 1
fi
if ! datasetexists $newfs ; then
return 1
fi
if is_global_zone ; then
# mount permission is required for sparse volume
if datasetexists $newvol ; then
return 1
fi
if ! datasetexists $newvol ; then
return 1
fi
# mount and reserveration permission are
# required for normal volume
if datasetexists $newvol ; then
return 1
fi
if datasetexists $newvol ; then
return 1
fi
if datasetexists $newvol ; then
return 1
fi
if datasetexists $newvol ; then
return 1
fi
if ! datasetexists $newvol ; then
return 1
fi
fi
return 0
}
function verify_fs_destroy
{
typeset user=$1
typeset perm=$2
typeset fs=$3
if datasetexists $fs ; then
return 1
fi
fi
if ! datasetexists $fs ; then
return 1
fi
# mount permission is required
if datasetexists $fs ; then
return 1
fi
fi
return 0
}
# Verify that given the correct delegation, a regular user can:
# Take a snapshot of an unmounted dataset
# Take a snapshot of an mounted dataset
function verify_fs_snapshot
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset mntpt=$(get_prop mountpoint $fs)
fi
if ! datasetexists $snap ; then
return 1
fi
fi
if ! datasetexists $snap ; then
return 1
fi
if ! datasetexists $snap ; then
return 1
fi
return 0
}
function verify_fs_rollback
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
typeset mntpt=$(get_prop mountpoint $fs)
fi
if is_global_zone ; then
return 1
fi
else
# datasetcksum can not be used in local zone
return 1
fi
fi
return 0
}
function verify_fs_clone
{
typeset user=$1
typeset perm=$2
typeset fs=$3
if datasetexists $clone ; then
return 1
fi
if datasetexists $clone ; then
return 1
fi
if datasetexists $clone ; then
return 1
fi
if ! datasetexists $clone ; then
return 1
fi
return 0
}
function verify_fs_rename
{
typeset user=$1
typeset perm=$2
typeset fs=$3
fi
# case 1
if datasetexists $renamefs ; then
return 1
fi
# case 2
if datasetexists $renamefs ; then
return 1
fi
# case 3
if datasetexists $renamefs ; then
return 1
fi
# case 4
if datasetexists $renamefs ; then
return 1
fi
# case 5
if datasetexists $renamefs ; then
return 1
fi
# case 6
if datasetexists $renamefs ; then
return 1
fi
# case 7
if ! datasetexists $renamefs ; then
return 1
fi
return 0
}
function verify_fs_mount
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset mntpt=$(get_prop mountpoint $fs)
return 1
fi
fi
return 1
fi
# mountpoint's owner must be the user
return 1
fi
log_must zfs set mountpoint=$mntpt $fs
fi
return 0
}
function verify_fs_share
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset -i ret=0
fi
ret=1
fi
return $ret
}
function verify_fs_mountpoint
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset mntpt=$(get_prop mountpoint $fs)
if [[ $newmntpt != \
return 1
fi
log_must zfs set mountpoint=$mntpt $fs
fi
return 1
fi
# require mount permission when fs is mounted
if [[ $newmntpt != \
return 1
fi
log_must zfs set mountpoint=$mntpt $fs
fi
return 0
}
function verify_fs_promote
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset clone_orig=$(get_prop origin $clone)
# promote should fail if original fs does not have
# promote permission
return 1
fi
return 1
fi
return 1
fi
return 1
fi
return 0
}
function verify_fs_canmount
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
set -A modes "on" "off"
n=1
n=0
fi
return 1
fi
fi
# fs is mounted
# property value does not change if
# no mount permission
set -A modes "on" "off"
n=1
n=0
fi
return 1
fi
fi
return 0
}
function verify_fs_recordsize
{
typeset user=$1
typeset perm=$2
typeset fs=$3
return 1
fi
return 0
}
function verify_fs_quota
{
typeset user=$1
typeset perm=$2
typeset fs=$3
return 1
fi
return 0
}
function verify_fs_aclmode
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
set -A modes "discard" "groupmask" "passthrough"
n=1
n=2
n=0
fi
return 1
fi
return 0
}
function verify_fs_aclinherit
{
typeset user=$1
typeset perm=$2
typeset fs=$3
#
# PSARC/2008/231 change the default value of aclinherit to "restricted"
# but still keep the old interface of "secure"
#
typeset oldval
set -A modes "discard" "noallow" "secure" "passthrough"
n=1
n=2
n=3
n=0
fi
typeset newval=$(get_prop aclinherit $fs)
return 0
return 1
fi
return 0
}
function verify_fs_snapdir
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
set -A modes "visible" "hidden"
n=1
n=0
fi
return 1
fi
return 0
}
function verify_fs_aedsx
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
set -A modes "on" "off"
n=1
n=0
fi
return 1
fi
return 0
}
function verify_fs_zoned
{
typeset user=$1
typeset perm=$2
typeset fs=$3
typeset oldval
set -A modes "on" "off"
n=1
n=0
fi
if is_global_zone ; then
if [[ ${modes[$n]} != \
return 1
fi
if [[ $n -eq 0 ]]; then
else
fi
fi
# n always is 1 in this case
if [[ $oldval != \
return 1
fi
# mount permission is needed
# to make zoned=on
if [[ ${modes[$n]} != \
return 1
fi
fi
fi
if ! is_global_zone; then
return 1
fi
fi
return 0
}
function verify_fs_sharenfs
{
typeset user=$1
typeset perm=$2
typeset fs=$3
nmode="on"
else
nmode="off"
fi
return 1
fi
return 1
fi
return 0
}
function verify_vol_destroy
{
typeset user=$1
typeset perm=$2
typeset vol=$3
if ! datasetexists $vol ; then
return 1
fi
# mount permission is required
if datasetexists $vol ; then
return 1
fi
return 0
}
function verify_vol_snapshot
{
typeset user=$1
typeset perm=$2
typeset vol=$3
if datasetexists $snap ; then
return 1
fi
if ! datasetexists $snap ; then
return 1
fi
return 0
}
function verify_vol_rollback
{
typeset user=$1
typeset perm=$2
typeset vol=$3
typeset oldval
sleep 10
return 1
fi
# rollback on volume has to be with mount permission
sleep 10
return 1
fi
return 0
}
function verify_vol_clone
{
typeset user=$1
typeset perm=$2
typeset vol=$3
if datasetexists $clone ; then
return 1
fi
if datasetexists $clone ; then
return 1
fi
if datasetexists $clone ; then
return 1
fi
# require create permission on parent and
# mount permission on itself as well
if ! datasetexists $clone ; then
return 1
fi
return 0
}
function verify_vol_rename
{
typeset user=$1
typeset perm=$2
typeset vol=$3
if datasetexists $renamevol ; then
return 1
fi
if datasetexists $renamevol ; then
return 1
fi
if datasetexists $renamevol ; then
return 1
fi
# require both create permission on parent and
# mount permission on parent as well
if ! datasetexists $renamevol ; then
return 1
fi
return 0
}
function verify_vol_promote
{
typeset user=$1
typeset perm=$2
typeset vol=$3
typeset clone_orig=$(get_prop origin $clone)
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 1
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 2
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 3
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 4
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 5
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 6
then
return 1
fi
# promote should fail if $vol and $clone
# miss either mount or promote permission
# case 7
then
return 1
fi
# promote only succeeds when $vol and $clone
# have both mount and promote permission
# case 8
return 1
fi
return 0
}
function verify_vol_volsize
{
typeset user=$1
typeset perm=$2
typeset vol=$3
typeset oldval
# sparse volume
then
return 1
fi
else
# normal volume, reservation permission
# is required
then
return 1
fi
then
return 1
fi
fi
return 0
}
function verify_allow
{
typeset user=$1
typeset perm=$2
typeset dtst=$3
typeset -i ret
ret=$?
return 1
fi
ret=$?
return 1
fi
return 0
}