1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 . $STF_SUITE/tests/acl/acl_common.kshlib
29
30 #################################################################################
31 #
32 # __stc_assertion_start
33 #
34 # ID: acl_chmod_rwx_pos003
35 #
36 # DESCRIPTION:
37 # Verify that the read_data/write_data/execute permission for
38 # owner/group/everyone are correct.
39 #
40 # STRATEGY:
41 # 1. Loop root and non-root user.
42 # 2. Separated verify type@:access:allow|deny to file and directory
43 # 3. To super user, read and write deny was override.
44 # 4. According to ACE list and override rule, expect that
45 # read/write/execute file or directory succeed or fail.
46 #
47 # TESTABILITY: explicit
48 #
49 # TEST_AUTOMATION_LEVEL: automated
50 #
51 # __stc_assertion_end
52 #
53 ################################################################################
54
55 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
56 && set -x
57
58 # owner@ group_users other_users
59 set -A users \
60 "root" "$ACL_ADMIN" "$ACL_OTHER1" \
61 "$ACL_STAFF1" "$ACL_STAFF2" "$ACL_OTHER1"
62
63 # In order to test execute permission, read_data was need firstly.
64 set -A a_access "read_data" "write_data" "read_data/execute"
65 set -A a_flag "owner@" "group@" "everyone@"
66
67 echo "ASSERTION: Verify that the read_data/write_data/execute permission for" \
68 "owner/group/everyone are correct."
69
70 if [[ -n $ZONE_PATH ]]; then
71 echo "\n\tThe test runs in TX configuration, we don't verify"
72 echo "\texecute permission on a directory as a regular user.\n"
73 fi
74
75 function logname #node acl_spec user
76 {
77 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
78 && set -x
79
80 typeset node=$1
81 typeset acl_spec=$2
82 typeset user=$3
83
84 # To super user, read and write deny permission was override.
85 if [[ $acl_spec == *:allow ]] || \
86 [[ $user == root && -d $node ]] || \
87 [[ $user == root && $acl_spec != *"execute"* ]]
88 then
89 print "RUN_CHECK"
90 elif [[ $acl_spec == *:deny ]]; then
91 print "RUN_CHECKNEG"
92 fi
93 }
94
95 function check_chmod_results #node acl_spec g_usr o_usr
96 {
97 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
98 && set -x
99
100 typeset node=$1
101 typeset acl_spec=$2
102 typeset g_usr=$3
103 typeset o_usr=$4
104 typeset log
105
106 # In the following condition, rwx_node() calls 'find' to verify
107 # execute permission. But 'find' can not get current working
108 # directory in TX env if the user is a regular user, which has
109 # has no permission to access zone path.
110 if [[ $g_usr != root ]] && [[ -n $ZONE_PATH ]] \
111 && [[ -d $node ]] && [[ $acl_spec == *execute* ]]; then
112 return
113 fi
114 if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then
115 log=$(logname $node $acl_spec $ACL_CUR_USER)
116 $log rwx_node $ACL_CUR_USER $node $acl_spec \
117 > $STF_TMPDIR/$NAME.$$ 2>&1 \
118 || cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
119 fi
120 if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then
121 log=$(logname $node $acl_spec $g_usr)
122 $log rwx_node $g_usr $node $acl_spec \
123 > $STF_TMPDIR/$NAME.$$ 2>&1 \
124 || cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
125 fi
126 if [[ $acl_spec == "everyone@"* ]]; then
127 log=$(logname $node $acl_spec $o_usr)
128 $log rwx_node $o_usr $node $acl_spec \
129 > $STF_TMPDIR/$NAME.$$ 2>&1 \
130 || cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
131 fi
132 }
133
134 function test_chmod_basic_access #node group_user other_user
135 {
136 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
137 && set -x
138
139 typeset node=$1
140 typeset g_usr=$2
141 typeset o_usr=$3
142 typeset flg access acl_spec
143
144 for flg in ${a_flag[@]}; do
145 for access in ${a_access[@]}; do
146 for tp in allow deny; do
147 acl_spec="$flg:$access:$tp"
148 RUN_CHECK usr_exec $CHMOD A+$acl_spec $node \
149 || cleanup $STF_FAIL
150 check_chmod_results \
151 $node $acl_spec $g_usr $o_usr
152 RUN_CHECK usr_exec $CHMOD A0- $node \
153 || cleanup $STF_FAIL
154 done
155 done
156 done
157 }
158
159 typeset -i i=0
160 while (( i < ${#users[@]} )); do
161 RUN_CHECK set_cur_usr ${users[i]} || cleanup $STF_FAIL
162
163 RUN_CHECK usr_exec $TOUCH $testfile || cleanup $STF_FAIL
164 test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]}
165 RUN_CHECK usr_exec $MKDIR $testdir || cleanup $STF_FAIL
166 test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]}
167
168 RUN_CHECK usr_exec $RM -rf $testfile $testdir || cleanup $STF_FAIL
169
170 (( i += 3 ))
171 done
172
173 # Verify that the read_data/write_data/execute permission for
174 # owner/group/everyone passed.
175 cleanup $STF_PASS