big-one New usr/src/test/nfsv4-tests/tests/acl/cmd_tests/setfacl

   1 #! /usr/bin/ksh -p
   2 #
   3 # CDDL HEADER START
   4 #
   5 # The contents of this file are subject to the terms of the
   6 # Common Development and Distribution License (the "License").
   7 # You may not use this file except in compliance with the License.
   8 #
   9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10 # or http://www.opensolaris.org/os/licensing.
  11 # See the License for the specific language governing permissions
  12 # and limitations under the License.
  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 
  23 #
  24 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  25 # Use is subject to license terms.
  26 #
  27 # ACL setfacl/getfacl positive basic test
  28 #     Call setfacl(1) modify 'groups' in the ACL entries to an attribute
  29 #     file; then verify ACLs are set correctly with getfacl(1).
  30 #
  31 
  32 [[ -n $DEBUG && $DEBUG != 0 ]] && set -x
  33 
  34 NAME=`basename $0`
  35 CDIR=`pwd`
  36 
  37 TESTROOT=${TESTROOT:-"$CDIR/../"}
  38 
  39 # Source for common functions
  40 . $CDIR/ACL.utils
  41 
  42 # Preparation: create temp file/directory for testing 
  43 # Assume MNTPTR is the base test directory.
  44 TFILE=$MNTPTR/$NAME.file.$$
  45 AFILE=$NAME.attr.$$
  46 EFILE=$TMPDIR/$NAME.err.$$
  47 
  48 function test_setup
  49 {
  50     [[ -n $DEBUG && $DEBUG != 0 ]] && set -x
  51 
  52     echo "\n" > $EFILE
  53     echo "This is test file for $NAME" > $TFILE  2>> $EFILE || return $?
  54     chmod 0666 $TFILE >> $EFILE 2>&1 || return $?
  55     runat $TFILE "echo \"This is attribute file for $TFILE\" \
  56         > $AFILE" 2>> $EFILE || return $?
  57     runat $TFILE "chmod 0666 $AFILE" 2>> $EFILE | return $?
  58 }
  59 
  60 function cleanup
  61 {
  62     [[ -n $DEBUG && $DEBUG != 0 ]] && set -x
  63 
  64     rm -fr $TFILE $EFILE $TMPDIR/$NAME.*.$$
  65     exit $1
  66 }
  67 
  68 # Test assertion driver
  69 function run_assertion
  70 {
  71     [[ -n $DEBUG && $DEBUG != 0 ]] && set -x
  72 
  73     OP=${1}
  74     TOBJ=${2}
  75     ULIST=${3}
  76     WHO=$4
  77     CKREAD=$5
  78 
  79     echo "\n" > $EFILE
  80     set_acls $OP $TOBJ "$ULIST" $WHO $TFILE || return $FAIL
  81     get_acls $TOBJ $TMPDIR/$NAME.ga.$$ $TFILE || return $FAIL
  82     ck_aces $OP "$ULIST" $TMPDIR/$NAME.ga.$$ || return $FAIL
  83     # try to read the file as group in ULIST
  84     if [ -n "$CKREAD" ]; then
  85         # get the user and try to read
  86         su $TUSER2 -c "runat $TFILE \"cat $TOBJ"\" > $TMPDIR/$NAME.ga2.$$ 2>&1
  87         case "$CKREAD" in
  88             "true")
  89                 grep "cannot" $TMPDIR/$NAME.ga2.$$ > /dev/null 2>&1
  90                 if [ $? -ne 0 ]; then
  91                     echo "\t Test FAIL, user<$user> still can read $TOBJ"
  92                     grep $user $TMPDIR/$NAME.ga.$$
  93                     cat $TMPDIR/$NAME.ga2.$$
  94                     return $FAIL
  95                 fi  ;;
  96             "ckattr")
  97                 grep "file for $TFILE" $TMPDIR/$NAME.ga2.$$ > /dev/null 2>&1
  98                 if [ $? -ne 0 ]; then
  99                     echo "\t Test FAIL, user<$user> unable to read $TOBJ"
 100                     grep $user $TMPDIR/$NAME.ga.$$
 101                     cat $TMPDIR/$NAME.ga2.$$
 102                     return $FAIL
 103                 fi  ;;
 104         esac
 105         [ "$DEBUG" != "0" ] && cat $TMPDIR/$NAME.ga2.$$
 106     fi
 107         
 108     echo "\t Test PASS"
 109 
 110 }
 111 
 112 # Start main program here:
 113 # ----------------------------------------------------------------------
 114 test_setup
 115 if [ $? -ne 0 ]; then
 116     echo "$NAME{setup}: preparation for $NAME test"
 117     echo "\t UNINITIATED - no assertions will be run"
 118     cat $EFILE
 119     cleanup $UNINITIATED
 120 fi
 121 
 122 # Assertions
 123 # ----------------------------------------------------------------------
 124 # a: setfacl to add group & perms to an attr file:
 125 ULIST="other:rwx staff:rw- bin:--x nobody:r-x"
 126 ASSERTION="setfacl to add <$ULIST>\n\tgroups to the attribute"
 127 ASSERTION="$ASSERTION file, expect successful"
 128 echo "$NAME{a}: $ASSERTION"
 129 run_assertion m $AFILE "$ULIST" group
 130 
 131 # b: setfacl to modify group & perms in an attr file, expect successful
 132 ULIST="other:--- staff:r-- bin:-wx nobody:rwx"
 133 ASSERTION="modify groups <$ULIST>\n\tto the attribute"
 134 ASSERTION="$ASSERTION file, expect successful"
 135 echo "$NAME{b}: $ASSERTION"
 136 run_assertion m $AFILE "$ULIST" group
 137 
 138 # c: setfacl to modify mask in an attr file, expect successful
 139 ULIST="mask:--x"
 140 ASSERTION="setfacl to modify <$ULIST> to attr file, expect successful"
 141 echo "$NAME{c}: $ASSERTION"
 142 run_assertion m $AFILE $ULIST none
 143 
 144 # d: verify groups' perms are correct after the mask changed
 145 ULIST="other:--- staff:--- bin:--x nobody:--x"
 146 ASSERTION="verify effective perms on attr file of groups \n\t<$ULIST>"
 147 ASSERTION="$ASSERTION set correctly"
 148 echo "$NAME{d}: $ASSERTION"
 149 get_acls $AFILE $TMPDIR/$NAME.gd.$$ $TFILE && \
 150         ck_aces me "$ULIST" $TMPDIR/$NAME.gd.$$ && echo "\t Test PASS" 
 151 
 152 # e: setfacl to modify group w/all perms; but can't read the file due to mask
 153 ULIST="staff:rwx"
 154 ASSERTION="setfacl to modify <$ULIST> to attr file; but group\n\tshould still"
 155 ASSERTION="$ASSERTION not able to read the file due to mask set before."
 156 echo "$NAME{e}: $ASSERTION"
 157 run_assertion m $AFILE $ULIST group true
 158 
 159 # f: setfacl to modify mask in an attr file, expect successful
 160 ULIST="mask:rw-"
 161 ASSERTION="reset the mask <$ULIST> to attr file, expect successful"
 162 echo "$NAME{f}: $ASSERTION"
 163 run_assertion m $AFILE $ULIST none
 164 
 165 # g: verify groups' perms are correct after the mask changed
 166 ULIST="staff:rw-"
 167 ASSERTION="verify effective perms on attr file of group \n\t<$ULIST>"
 168 ASSERTION="$ASSERTION set correctly after mask changed."
 169 echo "$NAME{g}: $ASSERTION"
 170 get_acls $AFILE $TMPDIR/$NAME.gg.$$ $TFILE && \
 171         ck_aces me "$ULIST" $TMPDIR/$NAME.gg.$$ && echo "\t Test PASS" 
 172 
 173 # h: setfacl to modify group w/all perms; but can't read the file due to mask
 174 ULIST="bin:rw-"
 175 ASSERTION="setfacl to modify <$ULIST> to the attr file; group be\n\t"
 176 ASSERTION="$ASSERTION able to read the file now due to mask set before."
 177 echo "$NAME{h}: $ASSERTION"
 178 
 179 is_cipso "vers=4" $SERVER
 180 if [ $? -eq $CIPSO_NFSV4 ]; then
 181         echo "Not supported over CIPSO connection.\n\tTest UNSUPPORTED"
 182 else
 183         run_assertion m $AFILE $ULIST group ckattr
 184 fi
 185 
 186 # i: setfacl to delete group & perms in the file, expect successful
 187 ULIST="other:rwx staff:rw- bin:--x nobody:r-x"
 188 ASSERTION="delete groups <$ULIST>\n\tACLs from the attr file, expect successful"
 189 echo "$NAME{i}: $ASSERTION"
 190 
 191 is_cipso "vers=4" $SERVER
 192 if [ $? -eq $CIPSO_NFSV4 ]; then
 193         echo "Not supported over CIPSO connection.\n\tTest UNSUPPORTED"
 194 else
 195         run_assertion d $AFILE "$ULIST" group
 196 fi
 197 
 198 # Finally cleanup and exit
 199 cleanup $PASS