1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir group read/write perms - expect OK
29 # b: Test restoring dir group read/write perms - expect OK
30 # c: Test removing dir group read/execute perms - expect OK
31 # d: Test restoring dir group read/execute perms - expect OK
32 # e: Test removing dir group write/execute perms - expect OK
33 # f: Test restoring dir group write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test dir
60 set dirname "newdir.[pid]"
61 set dpath [file join ${BASEDIR} ${dirname}]
62
63 # Create the test dir with all perms set (-rwxrwxrwx) and get its handle.
64 set dfh "[creatv4_dir $dpath 777]"
65 if {$dfh == $NULL} {
66 putmsg stdout 0 "$TNAME: test setup"
67 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
68 putmsg stderr 0 "\t\t status=($status)."
69 Disconnect
70 exit $UNRESOLVED
71 }
72
73
74 # Start testing
75 # ------------------------------------------------------------------------
76 # a: Test removing group read/write dir perms - expect OK
77
78 set tag "$TNAME{a}"
79 set ASSERTION "Test removing group read/write dir perms - expect $expcode"
80 putmsg stdout 0 "$tag: $ASSERTION"
81
82 set sid {0 0}
83
84 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
85
86 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
87
88 # get the initial ACL settings.
89 set initial_acl [compound {Putfh $dfh; \
90 Getattr acl }]
91
92 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
93
94 #
95 # Break the string returned from the Geattr acl command into
96 # a list and then extract the actual ACL settings.
97 #
98 set acl_list [extract_acl_list $initial_acl]
99 putmsg stderr 1 "$tag: initial ACL : $acl_list"
100
101 # Create the new ACL settings by replacing the appropriate entries.
102 #
103 # Order of entries in the list is as follows:
104 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
105 #
106 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
107 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
108 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
109 putmsg stderr 1 "$tag: new ACL : $acl_list"
110
111 # Set the new ACL values.
112 set res [compound {Putfh $dfh; \
113 Setattr $sid { {acl \
114 { $acl_list } } } } ]
115
116
117 ckres "Setattr acl" $status $expcode $res $FAIL
118
119 # Re-read ACL values
120 set res2 [compound {Putfh $dfh; \
121 Getattr acl }]
122
123 ckres "Getattr acl again" $status $expcode $res2 $FAIL
124
125 if { $status == "OK" } {
126 set new_acl_list [extract_acl_list $res2]
127 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
128
129 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
130 putmsg stderr 0 \
131 "\t Test FAIL: lists do not match."
132 } else {
133 putmsg stdout 0 "\t Test PASS"
134 }
135 }
136
137 puts ""
138
139 # ------------------------------------------------------------------------
140 # b: Test restoring dir group read/write perms - expect OK
141
142 set tag "$TNAME{b}"
143 set ASSERTION "Test restoring dir group read/write perms - expect $expcode"
144 putmsg stdout 0 "$tag: $ASSERTION"
145
146 restore_perms $dfh OWNER DIR
147
148 # ------------------------------------------------------------------------
149 # c: Test removing dir group read/execute perms - expect OK
150
151 set tag "$TNAME{c}"
152 set ASSERTION "Test removing dir group read/execute perms - expect $expcode"
153 putmsg stdout 0 "$tag: $ASSERTION"
154
155 set sid {0 0}
156
157 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
158
159 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 # get the initial ACL settings.
162 set initial_acl [compound {Putfh $dfh; \
163 Getattr acl }]
164
165 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
166
167 #
168 # Break the string returned from the Geattr acl command into
169 # a list and then extract the actual ACL settings.
170 #
171 set acl_list [extract_acl_list $initial_acl]
172 putmsg stderr 1 "$tag: initial ACL : $acl_list"
173
174 # Create the new ACL settings by replacing the appropriate entries.
175 #
176 # Order of entries in the list is as follows:
177 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
178 #
179 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
180 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
181 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
182 putmsg stderr 1 "$tag: new ACL : $acl_list"
183
184
185 # Set the new ACL values.
186 set res [compound {Putfh $dfh; \
187 Setattr $sid { {acl \
188 { $acl_list } } } } ]
189
190 ckres "Setattr acl" $status $expcode $res $FAIL
191
192 # Re-read ACL values
193 set res2 [compound {Putfh $dfh; \
194 Getattr acl }]
195
196 ckres "Getattr acl again" $status $expcode $res2 $FAIL
197
198 if { $status == "OK" } {
199 set new_acl_list [extract_acl_list $res2]
200 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
201
202 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
203 putmsg stderr 0 \
204 "\t Test FAIL: lists do not match."
205 } else {
206 putmsg stdout 0 "\t Test PASS"
207 }
208 }
209
210 puts ""
211
212 # ------------------------------------------------------------------------
213 # d: Test restoring dir group read/execute perms - expect OK
214
215 set tag "$TNAME{d}"
216 set ASSERTION "Test restoring dir group read/execute perms - expect $expcode"
217 putmsg stdout 0 "$tag: $ASSERTION"
218
219 restore_perms $dfh OWNER DIR
220
221 # ------------------------------------------------------------------------
222 # e: Test removing dir group write/execute perms - expect OK
223
224 set tag "$TNAME{e}"
225 set ASSERTION "Test removing dir group write/execute perms - expect $expcode"
226 putmsg stdout 0 "$tag: $ASSERTION"
227
228 set sid {0 0}
229
230 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
231
232 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
233
234 # get the initial ACL settings.
235 set initial_acl [compound {Putfh $dfh; \
236 Getattr acl }]
237
238 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
239
240 #
241 # Break the string returned from the Geattr acl command into
242 # a list and then extract the actual ACL settings.
243 #
244 set acl_list [extract_acl_list $initial_acl]
245 putmsg stderr 1 "$tag: initial ACL : $acl_list"
246
247 # Create the new ACL settings by replacing the appropriate entries.
248 #
249 # Order of entries in the list is as follows:
250 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
251 #
252 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
253 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
254 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
255 putmsg stderr 1 "$tag: new ACL : $acl_list"
256
257 # Set the new ACL values.
258 set res [compound {Putfh $dfh; \
259 Setattr $sid { {acl \
260 { $acl_list } } } } ]
261
262 ckres "Setattr acl" $status $expcode $res $FAIL
263
264 # Re-read ACL values
265 set res2 [compound {Putfh $dfh; \
266 Getattr acl }]
267
268 ckres "Getattr acl again" $status $expcode $res2 $FAIL
269
270 if { $status == "OK" } {
271 set new_acl_list [extract_acl_list $res2]
272 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
273
274 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
275 putmsg stderr 0 \
276 "\t Test FAIL: lists do not match."
277 } else {
278 putmsg stdout 0 "\t Test PASS"
279 }
280 }
281
282 puts ""
283
284 # ------------------------------------------------------------------------
285 # f: Test restoring dir group write/execute perms - expect OK
286
287 set tag "$TNAME{f}"
288 set ASSERTION "Test restoring dir group write/execute perms - expect $expcode"
289 putmsg stdout 0 "$tag: $ASSERTION"
290
291 restore_perms $dfh OWNER DIR
292
293 # ------------------------------------------------------------------------
294 # Cleanup
295 #
296 set tag "$TNAME-cleanup"
297 set res3 [compound {Putfh $bfh; Remove $dirname}]
298 if {$status != "OK"} {
299 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed"
300 putmsg stderr 0 "\t status=$status; please cleanup manually."
301 putmsg stderr 1 "\t res=($res3)"
302 putmsg stderr 1 " "
303 }
304
305 Disconnect
306 exit $PASS