1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir owner read perms - expect OK
29 # b: Test restoring dir owner read perms - expect OK
30 # c: Test removing dir owner write perms - expect OK
31 # d: Test restoring dir owner write perms - expect OK
32 # e: Test removing dir owner execute perms - expect OK
33 # f: Test restoring dir owner execute perms - expect OK
34
35 set TESTROOT $env(TESTROOT)
36
37 # include common code and init section
38 source [file join ${TESTROOT} tcl.init]
39 source [file join ${TESTROOT} testproc]
40 source [file join ${TESTROOT} acltools]
41
42 # connect to the test server
43 Connect
44
45 # local variables
46 set TNAME $argv0
47
48 set POSIX_READ_ACL $env(POSIX_READ_ACL)
49 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
50 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
51 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
52 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
53
54 # Get handle for base directory
55 set bfh [get_fh "$BASEDIRS"]
56
57 # Set params relating to test dir
58 set dirname "newdirA.[pid]"
59 set dpath [file join ${BASEDIR} ${dirname}]
60
61 # Create the test directory with all perms set (-rwxrwxrwx) and get its handle.
62 set dfh "[creatv4_dir $dpath 777]"
63 if { $dfh == ""} {
64 putmsg stdout 0 "$TNAME: test setup"
65 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
66 putmsg stderr 0 "\t\t status=($status)."
67 Disconnect
68 exit $UNRESOLVED
69 }
70
71
72 # Start testing
73 # ------------------------------------------------------------------------
74 # a: Test removing dir owner read perms - expect OK
75
76 set tag "$TNAME{a}"
77 set ASSERTION "Test removing dir owner read perms - expect OK"
78 putmsg stdout 0 "$tag: $ASSERTION"
79
80 set sid {0 0}
81
82 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
83
84 set owner_deny_mask [ aclmask $POSIX_READ_ACL ]
85
86 # get the initial ACL settings.
87 set expcode "OK"
88 set initial_acl [compound {Putfh $dfh; \
89 Getattr acl }]
90
91 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
92
93 #
94 # Break the string returned from the Geattr acl command into
95 # a list and then extract the actual ACL settings.
96 #
97 set acl_list [extract_acl_list $initial_acl]
98 putmsg stderr 1 "$tag: initial ACL : $acl_list"
99
100 # Create the new ACL settings by replacing the appropriate entries.
101 #
102 # Order of entries in the list is as follows:
103 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
104 #
105 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
106 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
107
108 putmsg stderr 1 "$tag: new ACL : $acl_list"
109
110 # Set the new ACL values.
111 set res [compound {Putfh $dfh; \
112 Setattr $sid { {acl \
113 { $acl_list } } } } ]
114
115
116 ckres "Setattr acl" $status $expcode $res $FAIL
117
118 # Re-read ACL values
119 set res2 [compound {Putfh $dfh; \
120 Getattr acl }]
121
122 ckres "Getattr acl again" $status $expcode $res2 $FAIL
123
124 if { $status == "OK" } {
125 set new_acl_list [extract_acl_list $res2]
126
127 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
128
129 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
130 putmsg stderr 0 \
131 "\t Test FAIL: lists do not match."
132 } else {
133 putmsg stdout 0 "\t Test PASS"
134 }
135 }
136
137 puts ""
138
139 # ------------------------------------------------------------------------
140 # b: Test restoring dir owner read perms - expect OK
141
142 set tag "$TNAME{b}"
143 set ASSERTION "Test restoring dir owner read perms - expect OK"
144 putmsg stdout 0 "$tag: $ASSERTION"
145
146 restore_perms $dfh OWNER DIR
147
148 # ------------------------------------------------------------------------
149 # c: Test removing dir owner write perms - expect OK
150
151 set tag "$TNAME{c}"
152 set ASSERTION "Test removing dir owner write perms - expect OK"
153 putmsg stdout 0 "$tag: $ASSERTION"
154
155 set sid {0 0}
156
157 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
158
159 set owner_deny_mask [ aclmask $POSIX_WRITE_DIR_ACL ]
160
161 # get the initial ACL settings.
162 set expcode "OK"
163 set initial_acl [compound {Putfh $dfh; \
164 Getattr acl }]
165
166 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
167
168 #
169 # Break the string returned from the Geattr acl command into
170 # a list and then extract the actual ACL settings.
171 #
172 set acl_list [extract_acl_list $initial_acl]
173 putmsg stderr 1 "$tag: initial ACL : $acl_list"
174
175 # Create the new ACL settings by replacing the appropriate entries.
176 #
177 # Order of entries in the list is as follows:
178 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
179 #
180 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
181 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
182 putmsg stderr 1 "$tag: new ACL : $acl_list"
183
184 # Set the new ACL values.
185 set res [compound {Putfh $dfh; \
186 Setattr $sid { {acl \
187 { $acl_list } } } } ]
188
189
190 ckres "Setattr acl" $status $expcode $res $FAIL
191
192 # Re-read ACL values
193 set res2 [compound {Putfh $dfh; \
194 Getattr acl }]
195
196 ckres "Getattr acl again" $status $expcode $res2 $FAIL
197
198 if { $status == "OK" } {
199 set new_acl_list [extract_acl_list $res2]
200
201 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
202
203 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
204 putmsg stderr 0 \
205 "\t Test FAIL: lists do not match."
206 } else {
207 putmsg stdout 0 "\t Test PASS"
208 }
209 }
210
211 puts ""
212
213 # ------------------------------------------------------------------------
214 # d: Test restoring dir owner write perms - expect OK
215
216 set tag "$TNAME{d}"
217 set ASSERTION "Test restoring dir owner write perms - expect OK"
218 putmsg stdout 0 "$tag: $ASSERTION"
219
220 restore_perms $dfh OWNER DIR
221
222 # ------------------------------------------------------------------------
223 # e: Test removing dir owner execute perms - expect OK
224
225 set tag "$TNAME{e}"
226 set ASSERTION "Test removing dir owner execute perms - expect OK"
227 putmsg stdout 0 "$tag: $ASSERTION"
228
229 set sid {0 0}
230
231 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
232
233 set owner_deny_mask [ aclmask $POSIX_EXECUTE_ACL ]
234
235 # get the initial ACL settings.
236 set expcode "OK"
237 set initial_acl [compound {Putfh $dfh; \
238 Getattr acl }]
239
240 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
241
242 #
243 # Break the string returned from the Geattr acl command into
244 # a list and then extract the actual ACL settings.
245 #
246 set acl_list [extract_acl_list $initial_acl]
247 putmsg stderr 1 "$tag: initial ACL : $acl_list"
248
249 # Create the new ACL settings by replacing the appropriate entries.
250 #
251 # Order of entries in the list is as follows:
252 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
253 #
254 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
255 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
256 putmsg stderr 1 "$tag: new ACL : $acl_list"
257
258 # Set the new ACL values.
259 set res [compound {Putfh $dfh; \
260 Setattr $sid { {acl \
261 { $acl_list } } } } ]
262
263
264 ckres "Setattr acl" $status $expcode $res $FAIL
265
266 # Re-read ACL values
267 set res2 [compound {Putfh $dfh; \
268 Getattr acl }]
269
270 ckres "Getattr acl again" $status $expcode $res2 $FAIL
271
272 if { $status == "OK" } {
273 set new_acl_list [extract_acl_list $res2]
274 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
275
276 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
277 putmsg stderr 0 \
278 "\t Test FAIL: lists do not match."
279 } else {
280 putmsg stdout 0 "\t Test PASS"
281 }
282 }
283
284 puts ""
285
286 # ------------------------------------------------------------------------
287 # f: Test restoring dir owner execute perms - expect OK
288
289 set tag "$TNAME{f}"
290 set ASSERTION "Test restoring dir owner execute perms - expect OK"
291 putmsg stdout 0 "$tag: $ASSERTION"
292
293 restore_perms $dfh OWNER DIR
294
295
296 # ------------------------------------------------------------------------
297 # Cleanup
298 #
299 set tag "$TNAME-cleanup"
300 set res3 [compound {Putfh $bfh; Remove $dirname}]
301 if {$status != "OK"} {
302 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed"
303 putmsg stderr 0 "\t status=$status; please cleanup manually."
304 putmsg stderr 1 "\t res=($res3)"
305 putmsg stderr 1 " "
306 }
307
308 Disconnect
309 exit $PASS