1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir owner read/write perms - expect OK
29 # b: Test restoring dir owner read/write perms - expect OK
30 # c: Test removing dir owner read/execute perms - expect OK
31 # d: Test restoring dir owner read/execute perms - expect OK
32 # e: Test removing dir owner write/execute perms - expect OK
33 # f: Test restoring dir owner write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test directory
60 set dirname "newdir.[pid]"
61 set dpath [file join ${BASEDIR} ${dirname}]
62
63 # Create the test dir with all perms set (-rwxrwxrwx) and get its handle.
64 set dfh "[creatv4_dir $dpath 777]"
65 if {$dfh == $NULL} {
66 putmsg stdout 0 "$TNAME: test setup"
67 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
68 putmsg stderr 0 "\t\t status=($status)."
69 Disconnect
70 exit $UNRESOLVED
71 }
72
73
74
75 # Start testing
76 # ------------------------------------------------------------------------
77 # a: Test removing dir owner read/write perms - expect OK
78
79 set tag "$TNAME{a}"
80 set ASSERTION "Test removing dir owner read/write perms - expect $expcode"
81 putmsg stdout 0 "$tag: $ASSERTION"
82
83 set sid {0 0}
84
85 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
86
87 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
88
89 # get the initial ACL settings.
90 set initial_acl [compound {Putfh $dfh; \
91 Getattr acl }]
92
93 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
94
95 #
96 # Break the string returned from the Geattr acl command into
97 # a list and then extract the actual ACL settings.
98 #
99 set acl_list [extract_acl_list $initial_acl]
100 putmsg stderr 1 "$tag: initial ACL : $acl_list"
101
102 # Create the new ACL settings by replacing the appropriate entries.
103 #
104 # Order of entries in the list is as follows:
105 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
106 #
107 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
108 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
109 putmsg stderr 1 "$tag: new ACL : $acl_list"
110
111 # Set the new ACL values.
112 set res [compound {Putfh $dfh; \
113 Setattr $sid { {acl \
114 { $acl_list } } } } ]
115
116
117 ckres "Setattr acl" $status $expcode $res $FAIL
118
119 # Re-read ACL values
120 set res2 [compound {Putfh $dfh; \
121 Getattr acl }]
122
123 ckres "Getattr acl again" $status $expcode $res2 $FAIL
124
125 if { $status == "OK" } {
126 set new_acl_list [extract_acl_list $res2]
127 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
128
129 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
130 putmsg stderr 0 \
131 "\t Test FAIL: lists do not match."
132 } else {
133 putmsg stdout 0 "\t Test PASS"
134 }
135 }
136
137 puts ""
138
139 # ------------------------------------------------------------------------
140 # b: Test restoring dir owner read/write perms - expect OK
141
142 set tag "$TNAME{b}"
143 set ASSERTION "Test restoring dir owner read/write perms - expect $expcode"
144 putmsg stdout 0 "$tag: $ASSERTION"
145
146 restore_perms $dfh OWNER DIR
147
148 # ------------------------------------------------------------------------
149 # c: Test removing dir owner read/execute perms - expect OK
150
151 set tag "$TNAME{c}"
152 set ASSERTION "Test removing dir owner read/execute perms - expect $expcode"
153 putmsg stdout 0 "$tag: $ASSERTION"
154
155 set sid {0 0}
156
157 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
158
159 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 # get the initial ACL settings.
162 set initial_acl [compound {Putfh $dfh; \
163 Getattr acl }]
164
165 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
166
167 #
168 # Break the string returned from the Geattr acl command into
169 # a list and then extract the actual ACL settings.
170 #
171 set acl_list [extract_acl_list $initial_acl]
172 putmsg stderr 1 "$tag: initial ACL : $acl_list"
173
174 # Create the new ACL settings by replacing the appropriate entries.
175 #
176 # Order of entries in the list is as follows:
177 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
178 #
179 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
180 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
181 putmsg stderr 1 "$tag: new ACL : $acl_list"
182
183 # Set the new ACL values.
184 set res [compound {Putfh $dfh; \
185 Setattr $sid { {acl \
186 { $acl_list } } } } ]
187
188 ckres "Setattr acl" $status $expcode $res $FAIL
189
190 # Re-read ACL values
191 set res2 [compound {Putfh $dfh; \
192 Getattr acl }]
193
194 ckres "Getattr acl again" $status $expcode $res2 $FAIL
195
196 if { $status == "OK" } {
197 set new_acl_list [extract_acl_list $res2]
198 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
199
200 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
201 putmsg stderr 0 \
202 "\t Test FAIL: lists do not match."
203 } else {
204 putmsg stdout 0 "\t Test PASS"
205 }
206 }
207
208 puts ""
209
210 # ------------------------------------------------------------------------
211 # d: Test restoring dir owner read/execute perms - expect OK
212
213 set tag "$TNAME{d}"
214 set ASSERTION "Test restoring dir owner read/execute perms - expect $expcode"
215 putmsg stdout 0 "$tag: $ASSERTION"
216
217 restore_perms $dfh OWNER DIR
218
219 # ------------------------------------------------------------------------
220 # e: Test removing dir owner write/execute perms - expect OK
221
222 set tag "$TNAME{e}"
223 set ASSERTION "Test removing dir owner write/execute perms - expect $expcode"
224 putmsg stdout 0 "$tag: $ASSERTION"
225
226 set sid {0 0}
227
228 set owner_allow_mask [ aclmask [concat $OWNER_ALLOW_ACL $POSIX_READ_ACL ] ]
229
230 set owner_deny_mask [ aclmask [ concat $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
231
232 # get the initial ACL settings.
233 set initial_acl [compound {Putfh $dfh; \
234 Getattr acl }]
235
236 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
237
238 #
239 # Break the string returned from the Geattr acl command into
240 # a list and then extract the actual ACL settings.
241 #
242 set acl_list [extract_acl_list $initial_acl]
243 putmsg stderr 1 "$tag: initial ACL : $acl_list"
244
245 # Create the new ACL settings by replacing the appropriate entries.
246 #
247 # Order of entries in the list is as follows:
248 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
249 #
250 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
251 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
252 putmsg stderr 1 "$tag: new ACL : $acl_list"
253
254 # Set the new ACL values.
255 set res [compound {Putfh $dfh; \
256 Setattr $sid { {acl \
257 { $acl_list } } } } ]
258
259 ckres "Setattr acl" $status $expcode $res $FAIL
260
261 # Re-read ACL values
262 set res2 [compound {Putfh $dfh; \
263 Getattr acl }]
264
265 ckres "Getattr acl again" $status $expcode $res2 $FAIL
266
267 if { $status == "OK" } {
268 set new_acl_list [extract_acl_list $res2]
269 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
270
271 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
272 putmsg stderr 0 \
273 "\t Test FAIL: lists do not match."
274 } else {
275 putmsg stdout 0 "\t Test PASS"
276 }
277 }
278
279 puts ""
280
281 # ------------------------------------------------------------------------
282 # f: Test restoring dir owner write/execute perms - expect OK
283
284 set tag "$TNAME{f}"
285 set ASSERTION "Test restoring dir owner write/execute perms - expect $expcode"
286 putmsg stdout 0 "$tag: $ASSERTION"
287
288 restore_perms $dfh OWNER DIR
289
290 # ------------------------------------------------------------------------
291 # Cleanup
292 #
293 set tag "$TNAME-cleanup"
294 set res3 [compound {Putfh $bfh; Remove $dirname}]
295 if {$status != "OK"} {
296 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed "
297 putmsg stderr 0 "\t status=$status; please cleanup manually."
298 putmsg stderr 1 "\t res=($res3)"
299 putmsg stderr 1 " "
300 }
301
302 Disconnect
303 exit $PASS