1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 . $STF_SUITE/tests/acl/acl_common.kshlib
29
30 #################################################################################
31 #
32 # __stc_assertion_start
33 #
34 # ID: acl_chmod_delete_pos001
35 #
36 # DESCRIPTION:
37 # Verify that the combined delete_child/delete permission for
38 # owner/group/everyone are correct.
39 #
40 # -------------------------------------------------------
41 # | Parent Dir | Target Object Permissions |
42 # | permissions | |
43 # -------------------------------------------------------
44 # | | ACL Allows | ACL Denies| Delete |
45 # | | Delete | Delete | unspecified|
46 # -------------------------------------------------------
47 # | ACL Allows | Permit | Permit | Permit |
48 # | DELETE_CHILD | |
49 # -------------------------------------------------------
50 # | ACL Denies | Permit | Deny | Deny |
51 # | DELETE_CHILD | | | |
52 # -------------------------------------------------------
53 # | ACL specifies | | | |
54 # | only allows | Permit | Permit | Permit |
55 # | write and | | | |
56 # | execute | | | |
57 # -------------------------------------------------------
58 # | ACL denies | | | |
59 # | write and | Permit | Deny | Deny |
60 # | execute | | | |
61 # -------------------------------------------------------
62 #
63 # STRATEGY:
64 # 1. Create file and directory in nfs filesystem
65 # 2. Set special ACE combination to the file and directory
66 # 3. Try to remove the file
67 # 4. Verify that combined permissions for owner/group/everyone are correct.
68 #
69 # TESTABILITY: explicit
70 #
71 # TEST_AUTOMATION_LEVEL: automated
72 #
73 # __stc_assertion_end
74 #
75 ################################################################################
76
77 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
78 && set -x
79
80 function case_cleanup
81 {
82 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
83 && set -x
84
85 if [[ ! -e $target ]]; then
86 RUN_CHECK $TAR xpf $ARCHIVEFILE
87 fi
88
89 (( ${#cwd} != 0 )) && cd $cwd
90 cleanup_test_files basedir
91 if [[ -e $ARCHIVEFILE ]]; then
92 RUN_CHECK $RM -f $ARCHIVEFILE
93 fi
94
95 [[ -n $1 ]] && cleanup $1 || return 0
96 }
97
98 #owner@ group group_users other_users
99 set -A users \
100 "root" "root" "$ACL_ADMIN" "$ACL_OTHER1" \
101 "$ACL_STAFF1" "$ACL_STAFF_GROUP" "$ACL_STAFF2" "$ACL_OTHER1"
102
103 set -A access_parent \
104 "delete_child:allow" \
105 "delete_child:deny" \
106 "write_data:allow" \
107 "write_data:deny" \
108 "delete_child:deny write_data:allow" \
109 "delete_child:allow write_data:deny"
110
111 set -A access_target \
112 "delete:allow" \
113 "delete:deny" \
114 ""
115
116 set -A a_flag "owner@" "group@" "everyone@" "user:$ACL_STAFF1"
117
118
119 echo "ASSERTION: Verify that the combined delete_child/delete permission for" \
120 "owner/group/everyone are correct."
121
122 function operate_node #user node
123 {
124 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
125 && set -x
126
127 typeset user=$1
128 typeset node=$2
129 typeset ret
130
131 if [[ $user == "" || $node == "" ]]; then
132 echo "user, node are not defined."
133 case_cleanup $STF_FAIL
134 fi
135 if [[ -d $node ]]; then
136 RUN_CHECK chgusr_exec $user $RM -rf $node ; ret=$?
137 # chgusr_exec $user $RM -rf $node
138 # ret=$?
139 else
140 RUN_CHECK chgusr_exec $user $RM -f $node ; ret=$?
141 # chgusr_exec $user $RM -f $node
142 # ret=$?
143 fi
144
145 if [[ -e $node ]]; then
146 if [[ $ret -eq 0 ]]; then
147 echo "$node not removed, but return code is 0."
148 return 1
149 fi
150 else
151 RUN_CHECK $TAR xpf $ARCHIVEFILE \
152 || case_cleanup $STF_FAIL
153 if [[ $ret -ne 0 ]]; then
154 echo "$node removed, but return code is $ret."
155 return 1
156 fi
157 fi
158 return $ret
159 }
160
161 function logname #acl_parent acl_target user
162 {
163 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
164 && set -x
165
166 typeset acl_parent=$1
167 typeset acl_target=$2
168 typeset user=$3
169
170 # To super user, read and write deny permission was override.
171 if [[ $user == root || $acl_target == *:allow ]]; then
172 print "RUN_CHECK"
173 elif [[ $acl_parent == *"delete_child"* ]]; then
174 if [[ $acl_parent == *"delete_child:allow"* ]]; then
175 print "RUN_CHECK"
176 else
177 print "RUN_CHECKNEG"
178 fi
179 elif [[ $acl_parent == *"write_data"* ]]; then
180 if [[ $acl_parent == *"write_data:allow"* ]]; then
181 print "RUN_CHECK"
182 else
183 print "RUN_CHECKNEG"
184 fi
185 else
186 print "RUN_CHECKNEG"
187 fi
188 }
189
190 function check_chmod_results #node flag acl_parent acl_target g_usr o_usr
191 {
192 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
193 && set -x
194
195 typeset node=$1
196 typeset flag=$2
197 typeset acl_parent=$3
198 typeset acl_target=$2:$4
199 typeset g_usr=$5
200 typeset o_usr=$6
201 typeset log acl_tmp
202
203 for acl in $acl_parent ; do
204 acl_tmp="$2:$acl $acl_tmp"
205 done
206 acl_parent=$acl_tmp
207
208 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
209 eval "log=$(logname "$acl_parent" $acl_target $ACL_CUR_USER)"
210 $log operate_node $ACL_CUR_USER $node || case_cleanup $STF_FAIL
211 fi
212 if [[ $flag == "group@" || $flag == "everyone@" ]]; then
213 eval "log=$(logname "$acl_parent" $acl_target $g_usr)"
214 $log operate_node $g_usr $node || case_cleanup $STF_FAIL
215 fi
216 if [[ $flag == "everyone@" ]]; then
217 eval "log=$(logname "$acl_parent" $acl_target $o_usr)"
218 $log operate_node $o_usr $node || case_cleanup $STF_FAIL
219 fi
220 if [[ $flag == "user:"* ]]; then
221 typeset user=${flag#user:}
222 eval "log=$(logname "$acl_parent" $acl_target $user)"
223 $log operate_node $user $node
224 fi
225 }
226
227 function test_chmod_basic_access #node g_usr o_usr
228 {
229 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
230 && set -x
231
232 typeset node=${1%/}
233 typeset g_usr=$2
234 typeset o_usr=$3
235 typeset flag acl_p acl_t parent
236 typeset -i i=0
237
238 parent=${node%/*}
239
240 for w_flag in ${a_flag[@]}; do
241 for acl_p in "${access_parent[@]}"; do
242 i=0
243 for acl in $acl_p ; do
244 RUN_CHECK usr_exec $CHMOD A+$w_flag:$acl $parent \
245 || case_cleanup $STF_FAIL
246 (( i = i + 1))
247 done
248
249 for acl_t in "${access_target[@]}"; do
250 if [[ -n $acl_t ]]; then
251 RUN_CHECK usr_exec $CHMOD \
252 A+${w_flag}:${acl_t} $node \
253 || case_cleanup $STF_FAIL
254 fi
255
256 RUN_CHECK $TAR cpf $ARCHIVEFILE basedir \
257 || case_cleanup $STF_FAIL
258
259 check_chmod_results "$node" "$w_flag" \
260 "$acl_p" "$acl_t" "$g_usr" "$o_usr"
261
262 if [[ -n $acl_t ]]; then
263 RUN_CHECK usr_exec $CHMOD A0- $node \
264 || case_cleanup $STF_FAIL
265 fi
266 done
267
268 while (( i > 0 )); do
269 RUN_CHECK usr_exec $CHMOD A0- $parent \
270 || case_cleanup $STF_FAIL
271 (( i = i - 1 ))
272 done
273 done
274 done
275 }
276
277 function setup_test_files #base_node user group
278 {
279 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
280 && set -x
281
282 typeset base_node=$1
283 typeset user=$2
284 typeset group=$3
285
286 cleanup_test_files $base_node
287
288 RUN_CHECK $MKDIR -p $base_node || case_cleanup $STF_FAIL
289 RUN_CHECK $CHOWN $user:$group $base_node || case_cleanup $STF_FAIL
290
291 RUN_CHECK set_cur_usr $user || case_cleanup $STF_FAIL
292
293 # Prepare all files/sub-dirs for testing.
294 file0=$base_node/testfile_rm
295 dir0=$base_node/testdir_rm
296
297 RUN_CHECK usr_exec $TOUCH $file0 || case_cleanup $STF_FAIL
298 RUN_CHECK usr_exec $CHMOD 444 $file0 || case_cleanup $STF_FAIL
299
300 RUN_CHECK usr_exec $MKDIR -p $dir0 || case_cleanup $STF_FAIL
301 RUN_CHECK usr_exec $CHMOD 444 $dir0 || case_cleanup $STF_FAIL
302
303 RUN_CHECK usr_exec $CHMOD 555 $base_node || case_cleanup $STF_FAIL
304 return 0
305 }
306
307 function cleanup_test_files #base_node
308 {
309 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
310 && set -x
311
312 typeset base_node=$1
313
314 if [[ -d $base_node ]]; then
315 RUN_CHECK $RM -rf $base_node || cleanup $STF_FAIL
316 elif [[ -e $base_node ]]; then
317 RUN_CHECK $RM -f $base_node || cleanup $STF_FAIL
318 fi
319
320 return 0
321 }
322
323 typeset cwd=$PWD
324 typeset ARCHIVEFILE=archive.tar
325
326 typeset -i i=0
327 typeset -i j=0
328 typeset target
329 cd $TESTDIR
330 while (( i < ${#users[@]} )); do
331 setup_test_files basedir ${users[i]} ${users[((i+1))]}
332
333 j=0
334 while (( j < 1 )); do
335 eval target=\$file$j
336 test_chmod_basic_access $target \
337 "${users[((i+2))]}" "${users[((i+3))]}"
338
339 eval target=\$dir$j
340 test_chmod_basic_access $target \
341 "${users[((i+2))]}" "${users[((i+3))]}"
342
343 (( j = j + 1 ))
344 done
345
346 (( i += 4 ))
347 done
348
349 # Verify that the combined delete_child/delete permission for
350 # owner/group/everyone are correct.
351 case_cleanup $STF_PASS