1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir group read perms - expect OK
29 # b: Test restoring dir group read perms - expect OK
30 # c: Test removing dir group write perms - expect OK
31 # d: Test restoring dir group write perms - expect OK
32 # e: Test removing dir group execute perms - expect OK
33 # f: Test restoring dir group execute perms - expect OK
34 # g: Test removing all dir group perms - expect OK
35 # h: Test restoring all dir group perms - expect OK
36 #
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
54 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
55 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
56 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
57
58 # Get handle for base directory
59 set bfh [get_fh "$BASEDIRS"]
60
61 # Set params relating to test dir
62 set dirname "newdirA.[pid]"
63 set dpath [file join ${BASEDIR} ${dirname}]
64
65 # Create the test directory with all perms set (-rwxrwxrwx) and get its handle.
66 set dfh "[creatv4_dir $dpath 777]"
67 if { $dfh == ""} {
68 putmsg stdout 0 "$TNAME: test setup"
69 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
70 putmsg stderr 0 "\t\t status=($status)."
71 Disconnect
72 exit $UNRESOLVED
73 }
74
75
76
77 # Start testing
78 # ------------------------------------------------------------------------
79 # a: Test removing group read dir perms - expect OK
80
81 set tag "$TNAME{a}"
82 set ASSERTION "Test removing group read dir perms - expect $expcode"
83 putmsg stdout 0 "$tag: $ASSERTION"
84
85 set sid {0 0}
86
87 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
88
89 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
90
91 # get the initial ACL settings.
92 set initial_acl [compound {Putfh $dfh; \
93 Getattr acl }]
94
95 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
96
97 #
98 # Break the string returned from the Geattr acl command into
99 # a list and then extract the actual ACL settings.
100 #
101 set acl_list [extract_acl_list $initial_acl]
102 putmsg stderr 1 "$tag: initial ACL : $acl_list"
103
104 # Create the new ACL settings by replacing the appropriate entries.
105 #
106 # Order of entries in the list is as follows:
107 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
108 #
109 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
110 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
111 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
112 putmsg stderr 1 "$tag: new ACL : $acl_list"
113
114 # Set the new ACL values.
115 set res [compound {Putfh $dfh; \
116 Setattr $sid { {acl \
117 { $acl_list } } } } ]
118
119 ckres "Setattr acl" $status $expcode $res $FAIL
120
121 # Re-read ACL values
122 set res2 [compound {Putfh $dfh; \
123 Getattr acl }]
124
125 ckres "Getattr acl again" $status $expcode $res2 $FAIL
126
127 if { $status == "OK" } {
128 set new_acl_list [extract_acl_list $res2]
129 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
130
131 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
132 putmsg stderr 0 \
133 "\t Test FAIL: lists do not match."
134 } else {
135 putmsg stdout 0 "\t Test PASS"
136 }
137 }
138
139 puts ""
140
141 # ------------------------------------------------------------------------
142 # b: Test restoring dir group read perms - expect OK
143
144 set tag "$TNAME{b}"
145 set ASSERTION "Test restoring dir group read perms - expect $expcode"
146 putmsg stdout 0 "$tag: $ASSERTION"
147
148 restore_perms $dfh GROUP DIR
149
150 # ------------------------------------------------------------------------
151 # c: Test removing dir group write perms - expect OK
152
153 set tag "$TNAME{c}"
154 set ASSERTION "Test removing dir group write perms - expect $expcode"
155 putmsg stdout 0 "$tag: $ASSERTION"
156
157 set sid {0 0}
158
159 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL ] ]
162
163 # get the initial ACL settings.
164 set initial_acl [compound {Putfh $dfh; \
165 Getattr acl }]
166
167 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
168
169 #
170 # Break the string returned from the Geattr acl command into
171 # a list and then extract the actual ACL settings.
172 #
173 set acl_list [extract_acl_list $initial_acl]
174 putmsg stderr 1 "$tag: initial ACL : $acl_list"
175
176 # Create the new ACL settings by replacing the appropriate entries.
177 #
178 # Order of entries in the list is as follows:
179 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
180 #
181 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
182 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
183 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
184 putmsg stderr 1 "$tag: new ACL : $acl_list"
185
186
187 # Set the new ACL values.
188 set res [compound {Putfh $dfh; \
189 Setattr $sid { {acl \
190 { $acl_list } } } } ]
191
192 ckres "Setattr acl" $status $expcode $res $FAIL
193
194 # Re-read ACL values
195 set res2 [compound {Putfh $dfh; \
196 Getattr acl }]
197
198 ckres "Getattr acl again" $status $expcode $res2 $FAIL
199
200 if { $status == "OK" } {
201 set new_acl_list [extract_acl_list $res2]
202 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
203
204 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
205 putmsg stderr 0 \
206 "\t Test FAIL: lists do not match."
207 } else {
208 putmsg stdout 0 "\t Test PASS"
209 }
210 }
211
212 puts ""
213
214 # ------------------------------------------------------------------------
215 # d: Test restoring dir group write perms - expect OK
216
217 set tag "$TNAME{d}"
218 set ASSERTION "Test restoring dir group write perms - expect $expcode"
219 putmsg stdout 0 "$tag: $ASSERTION"
220
221 restore_perms $dfh GROUP DIR
222
223 # ------------------------------------------------------------------------
224 # e: Test removing dir group execute perms - expect OK
225
226 set tag "$TNAME{e}"
227 set ASSERTION "Test removing dir group execute perms - expect $expcode"
228 putmsg stdout 0 "$tag: $ASSERTION"
229
230 set sid {0 0}
231
232 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
233
234 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
235
236 # get the initial ACL settings.
237 set initial_acl [compound {Putfh $dfh; \
238 Getattr acl }]
239
240 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
241
242 #
243 # Break the string returned from the Geattr acl command into
244 # a list and then extract the actual ACL settings.
245 #
246 set acl_list [extract_acl_list $initial_acl]
247 putmsg stderr 1 "$tag: initial ACL : $acl_list"
248
249 # Create the new ACL settings by replacing the appropriate entries.
250 #
251 # Order of entries in the list is as follows:
252 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
253 #
254 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
255 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
256 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
257 putmsg stderr 1 "$tag: new ACL : $acl_list"
258
259
260 # Set the new ACL values.
261 set res [compound {Putfh $dfh; \
262 Setattr $sid { {acl \
263 { $acl_list } } } } ]
264
265 ckres "Setattr acl" $status $expcode $res $FAIL
266
267 # Re-read ACL values
268 set res2 [compound {Putfh $dfh; \
269 Getattr acl }]
270
271 ckres "Getattr acl again" $status $expcode $res2 $FAIL
272
273 if { $status == "OK" } {
274 set new_acl_list [extract_acl_list $res2]
275 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
276
277 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
278 putmsg stderr 0 \
279 "\t Test FAIL: lists do not match."
280 } else {
281 putmsg stdout 0 "\t Test PASS"
282 }
283 }
284
285 puts ""
286
287 # ------------------------------------------------------------------------
288 # f: Test restoring dir group execute perms - expect OK
289
290 set tag "$TNAME{f}"
291 set ASSERTION "Test restoring dir group execute perms - expect $expcode"
292 putmsg stdout 0 "$tag: $ASSERTION"
293
294 restore_perms $dfh GROUP DIR
295
296 # ------------------------------------------------------------------------
297 # g: Test removing all dir group perms - expect OK
298
299 set tag "$TNAME{g}"
300 set ASSERTION "Test removing all dir group perms - expect $expcode"
301 putmsg stdout 0 "$tag: $ASSERTION"
302
303 set sid {0 0}
304
305 set group_allow_mask [ aclmask $GENERIC_ALLOW_ACL ]
306
307 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
308 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
309
310 # get the initial ACL settings.
311 set initial_acl [compound {Putfh $dfh; \
312 Getattr acl }]
313
314 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
315
316 #
317 # Break the string returned from the Geattr acl command into
318 # a list and then extract the actual ACL settings.
319 #
320 set acl_list [extract_acl_list $initial_acl]
321 putmsg stderr 1 "$tag: initial ACL : $acl_list"
322
323 # Create the new ACL settings by replacing the appropriate entries.
324 #
325 # Order of entries in the list is as follows:
326 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
327 #
328 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
329 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
330 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
331 putmsg stderr 1 "$tag: new ACL : $acl_list"
332
333 # Set the new ACL values.
334 set res [compound {Putfh $dfh; \
335 Setattr $sid { {acl \
336 { $acl_list } } } } ]
337
338 ckres "Setattr acl" $status $expcode $res $FAIL
339
340 # Re-read ACL values
341 set res2 [compound {Putfh $dfh; \
342 Getattr acl }]
343
344 ckres "Getattr acl again" $status $expcode $res2 $FAIL
345
346 if { $status == "OK" } {
347 set new_acl_list [extract_acl_list $res2]
348 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
349
350 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
351 putmsg stderr 0 \
352 "\t Test FAIL: lists do not match."
353 } else {
354 putmsg stdout 0 "\t Test PASS"
355 }
356 }
357
358 puts ""
359
360 # ------------------------------------------------------------------------
361 # h: Test restoring all dir group perms - expect OK
362
363 set tag "$TNAME{h}"
364 set ASSERTION "Test restoring all dir group perms - expect $expcode"
365 putmsg stdout 0 "$tag: $ASSERTION"
366
367 restore_perms $dfh GROUP DIR
368
369 # ------------------------------------------------------------------------
370 # Cleanup
371 #
372 set tag "$TNAME-cleanup"
373 set res3 [compound {Putfh $bfh; Remove $dirname}]
374 if {$status != "OK"} {
375 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed"
376 putmsg stderr 0 "\t status=$status; please cleanup manually."
377 putmsg stderr 1 "\t res=($res3)"
378 putmsg stderr 1 " "
379 }
380
381 Disconnect
382 exit $PASS