1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 . $STF_SUITE/tests/acl/acl_common.kshlib
29
30 #################################################################################
31 #
32 # __stc_assertion_start
33 #
34 # ID: acl_chmod_xattr_pos001
35 #
36 # DESCRIPTION:
37 # Verify that the read_xattr/write_xattr for
38 # owner/group/everyone are correct.
39 #
40 # STRATEGY:
41 # 1. Create file and directory in nfs filesystem
42 # 2. Set special read_xattr ACE to the file and directory
43 # 3. Try to list the extended attributes of the file and directory
44 # 4. Set special write_xattr ACE to the file and directory
45 # 5. Try to add new extended attributes to the file and directory
46 # 6. Verify above operation is successful.
47 #
48 # TESTABILITY: explicit
49 #
50 # TEST_AUTOMATION_LEVEL: automated
51 #
52 # __stc_assertion_end
53 #
54 ################################################################################
55
56 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
57 && set -x
58
59 function case_cleanup
60 {
61 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
62 && set -x
63
64 [[ $1 != $STF_PASS ]] && [[ -f $STF_TMPDIR/$NAME.$$ ]] \
65 && cat $STF_TMPDIR/$NAME.$$
66 rm -rf $STF_TMPDIR/$NAME.$$.*
67
68 cd $cwd
69
70 cleanup_test_files $TESTDIR/basedir
71
72 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
73 RUN_CHECK $RM -f $TESTDIR/$ARCHIVEFILE || cleanup $STF_FAIL
74 fi
75
76 cleanup $1
77 }
78
79 # owner@ group group_users other_users
80 set -A users \
81 "root" "root" "$ACL_ADMIN" "$ACL_OTHER1" \
82 "$ACL_STAFF1" "$ACL_STAFF_GROUP" "$ACL_STAFF2" "$ACL_OTHER1"
83
84 set -A a_access \
85 "read_xattr:allow" \
86 "read_xattr:deny" \
87 "write_xattr:allow" \
88 "write_xattr:deny"
89
90 set -A a_flag "owner@" "group@" "everyone@"
91
92 MYTESTFILE=$STF_SUITE/STF.INFO
93
94 echo "ASSERTION: Verify that the permission of read_xattr/write_xattr for " \
95 "owner/group/everyone are correct."
96
97 function operate_node #user node acl
98 {
99 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
100 && set -x
101
102 typeset user=$1
103 typeset node=$2
104 typeset acl_t=$3
105 typeset ret
106
107 if [[ $user == "" || $node == "" ]]; then
108 echo "user, node are not defined."
109 case_cleanup $STF_FAIL
110 fi
111
112 if [[ $acl_t == *read_xattr* ]]; then
113 RUN_CHECK chgusr_exec $user $RUNAT $node $LS \
114 > $STF_TMPDIR/$NAME.$$ 2>&1
115 ret=$?
116 elif [[ $acl_t == *write_xattr* ]]; then
117 RUN_CHECK chgusr_exec $user $RUNAT $node $CP $MYTESTFILE attr.1 \
118 > $STF_TMPDIR/$NAME.$$ 2>&1
119 ret=$?
120
121 if [[ $ret -eq 0 ]]; then
122 RUN_CHECK cleanup_test_files basedir \
123 || case_cleanup $STF_FAIL
124 RUN_CHECK $TAR xpf@ $ARCHIVEFILE \
125 || case_cleanup $STF_FAIL
126 fi
127 fi
128
129 return $ret
130 }
131
132 function logname #acl_target user
133 {
134 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
135 && set -x
136
137 typeset acl_target=$1
138 typeset user=$2
139 typeset ret="RUN_CHECKNEG"
140
141 # To super user, read and write deny permission was override.
142 if [[ $user == root || $acl_target == *:allow ]] then
143 ret="RUN_CHECK"
144 fi
145
146 print $ret
147 }
148
149 function check_chmod_results #node flag acl_target g_usr o_usr
150 {
151 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
152 && set -x
153
154 typeset node=$1
155 typeset flg=$2
156 typeset acl_target=$2:$3
157 typeset g_usr=$4
158 typeset o_usr=$5
159 typeset log
160
161 if [[ $flg == "owner@" || $flg == "everyone@" ]]; then
162 eval "log=$(logname $acl_target $ACL_CUR_USER)" \
163 || case_cleanup $STF_FAIL
164
165 # $log $ACL_CUR_USER:$node $acl_target
166 $log operate_node $ACL_CUR_USER $node $acl_target \
167 || case_cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
168 fi
169 if [[ $flg == "group@" || $flg == "everyone@" ]]; then
170 eval "log=$(logname $acl_target $g_usr)" \
171 || case_cleanup $STF_FAIL
172
173 # $log $g_usr:$node $acl_target
174 $log operate_node $g_usr $node $acl_target \
175 || case_cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
176 fi
177 if [[ $flg == "everyone@" ]]; then
178 eval "log=$(logname $acl_target $o_usr)" \
179 || case_cleanup $STF_FAIL
180
181 # $log $o_usr:$node $acl_target
182 $log operate_node $o_usr $node $acl_target \
183 || case_cleanup $STF_FAIL $STF_TMPDIR/$NAME.$$
184 fi
185 }
186
187 function test_chmod_basic_access #node g_usr o_usr
188 {
189 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
190 && set -x
191
192 typeset node=${1%/}
193 typeset g_usr=$2
194 typeset o_usr=$3
195 typeset flg acl_p acl_t parent
196
197 parent=${node%/*}
198
199 for flg in ${a_flag[@]}; do
200 for acl_t in "${a_access[@]}"; do
201 RUN_CHECK usr_exec $CHMOD A+$flg:$acl_t $node \
202 || case_cleanup $STF_FAIL
203
204 RUN_CHECK $TAR cpf@ $ARCHIVEFILE basedir \
205 || case_cleanup $STF_FAIL
206
207 check_chmod_results "$node" "$flg" \
208 "$acl_t" "$g_usr" "$o_usr"
209
210 RUN_CHECK usr_exec $CHMOD A0- $node \
211 || case_cleanup $STF_FAIL
212 done
213 done
214 }
215
216 function setup_test_files #base_node user group
217 {
218 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
219 && set -x
220
221 typeset base_node=$1
222 typeset user=$2
223 typeset group=$3
224
225 cleanup_test_files $base_node
226
227 RUN_CHECK $MKDIR -p $base_node || case_cleanup $STF_FAIL
228 RUN_CHECK $CHOWN $user:$group $base_node || case_cleanup $STF_FAIL
229
230 RUN_CHECK set_cur_usr $user || case_cleanup $STF_FAIL
231
232 # Prepare all files/sub-dirs for testing.
233
234 file0=$base_node/testfile_rm
235
236 dir0=$base_node/testdir_rm
237
238 RUN_CHECK usr_exec $TOUCH $file0 || case_cleanup $STF_FAIL
239 RUN_CHECK usr_exec $CHMOD 444 $file0 || case_cleanup $STF_FAIL
240
241 RUN_CHECK usr_exec $RUNAT $file0 $CP $MYTESTFILE attr.0 \
242 || case_cleanup $STF_FAIL
243
244 RUN_CHECK usr_exec $MKDIR -p $dir0 || case_cleanup $STF_FAIL
245 RUN_CHECK usr_exec $CHMOD 555 $dir0 || case_cleanup $STF_FAIL
246
247 RUN_CHECK usr_exec $RUNAT $dir0 $CP $MYTESTFILE attr.0 \
248 || case_cleanup $STF_FAIL
249
250 RUN_CHECK usr_exec $CHMOD 777 $base_node || case_cleanup $STF_FAIL
251 return 0
252 }
253
254 function cleanup_test_files #base_node
255 {
256 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
257 && set -x
258
259 typeset base_node=$1
260
261 if [[ -d $base_node ]]; then
262 RUN_CHECK $RM -rf $base_node || case_cleanup $STF_FAIL
263 elif [[ -e $base_node ]]; then
264 RUN_CHECK $RM -f $base_node || case_cleanup $STF_FAIL
265 fi
266
267 return 0
268 }
269
270 typeset cwd=$PWD
271 typeset ARCHIVEFILE=archive.tar
272
273 typeset -i i=0
274 typeset -i j=0
275 typeset target
276
277 cd $TESTDIR
278 while (( i < ${#users[@]} )); do
279 setup_test_files basedir ${users[i]} ${users[((i+1))]}
280
281 j=0
282 while (( j < 1 )); do
283 eval target=\$file$j
284 test_chmod_basic_access $target \
285 "${users[((i+2))]}" "${users[((i+3))]}"
286
287 eval target=\$dir$j
288 test_chmod_basic_access $target \
289 "${users[((i+2))]}" "${users[((i+3))]}"
290
291 (( j = j + 1 ))
292 done
293
294 (( i += 4 ))
295 done
296
297 # Verify that the permission of read_xattr/write_xattr for
298 # owner/group/everyone are correct.
299 case_cleanup $STF_PASS