1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir other read perms - expect OK
29 # b: Test restoring dir other read perms - expect OK
30 # c: Test removing dir other write perms - expect OK
31 # d: Test restoring dir other write perms - expect OK
32 # e: Test removing dir other execute perms - expect OK
33 # f: Test restoring dir other execute perms - expect OK
34 # g: Test removing all other dir perms - expect OK
35 # h: Test restoring all other dir perms - expect OK
36 #
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
54 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
55 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
56 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
57
58 # Get handle for base directory
59 set bfh [get_fh "$BASEDIRS"]
60
61 # Set params relating to test dir
62 set dirname "newdir.[pid]"
63 set dpath [file join ${BASEDIR} ${dirname}]
64
65 #
66 # Order of entries in the list is as follows:
67 # UFS :
68 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
69 # ZFS :
70 # <OWNER><OWNER><GROUP><GROUP><EVERYONE><EVERYONE>
71 #
72 # so the position of "other" ace is different between UFS and ZFS
73 #
74 if $IsZFS {
75 set other_allow_pos 4
76 set other_deny_pos 5
77 } else {
78 set other_allow_pos 5
79 set other_deny_pos 6
80 }
81
82 # Create the test dir with all perms set (-rwxrwxrwx) and get its handle.
83 set dfh "[creatv4_dir $dpath 777]"
84 if {$dfh == $NULL} {
85 putmsg stdout 0 "$TNAME: test setup"
86 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
87 putmsg stderr 0 "\t\t status=($status)."
88 Disconnect
89 exit $UNRESOLVED
90 }
91
92
93
94 # Start testing
95 # ------------------------------------------------------------------------
96 # a: Test removing dir other read perms - expect OK
97
98 set tag "$TNAME{a}"
99 set ASSERTION "Test removing dir other read perms - expect $expcode"
100 putmsg stdout 0 "$tag: $ASSERTION"
101
102 set sid {0 0}
103
104 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL \
105 $POSIX_EXECUTE_ACL ] ]
106
107 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
108
109 # get the initial ACL settings.
110 set initial_acl [compound {Putfh $dfh; \
111 Getattr acl }]
112
113 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
114
115 #
116 # Break the string returned from the Geattr acl command into
117 # a list and then extract the actual ACL settings.
118 #
119 set acl_list [extract_acl_list $initial_acl]
120 putmsg stderr 1 "$tag: initial ACL : $acl_list"
121
122 # Create the new ACL settings by replacing the appropriate entries.
123 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
124 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
125 putmsg stderr 1 "$tag: new ACL : $acl_list"
126
127 # Set the new ACL values.
128 set res [compound {Putfh $dfh; \
129 Setattr $sid { {acl \
130 { $acl_list } } } } ]
131
132
133 ckres "Setattr acl" $status $expcode $res $FAIL
134
135 # Re-read ACL values
136 set res2 [compound {Putfh $dfh; \
137 Getattr acl }]
138
139 ckres "Getattr acl again" $status $expcode $res2 $FAIL
140
141 if { $status == "OK" } {
142 set new_acl_list [extract_acl_list $res2]
143 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
144
145 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
146 putmsg stderr 0 \
147 "\t Test FAIL: lists do not match."
148 } else {
149 putmsg stdout 0 "\t Test PASS"
150 }
151 }
152
153 puts ""
154
155 # ------------------------------------------------------------------------
156 # b: Test restoring dir other read perms - expect OK
157
158 set tag "$TNAME{b}"
159 set ASSERTION "Test restoring dir other read perms - expect $expcode"
160 putmsg stdout 0 "$tag: $ASSERTION"
161
162 restore_perms $dfh OTHER DIR
163
164 # ------------------------------------------------------------------------
165 # c: Test removing dir other write perms - expect OK
166
167 set tag "$TNAME{c}"
168 set ASSERTION "Test removing dir other write perms - expect $expcode"
169 putmsg stdout 0 "$tag: $ASSERTION"
170
171 set sid {0 0}
172
173 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
174
175 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL ] ]
176
177 # get the initial ACL settings.
178 set initial_acl [compound {Putfh $dfh; \
179 Getattr acl }]
180
181 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
182
183 #
184 # Break the string returned from the Geattr acl command into
185 # a list and then extract the actual ACL settings.
186 #
187 set acl_list [extract_acl_list $initial_acl]
188 putmsg stderr 1 "$tag: initial ACL : $acl_list"
189
190 # Create the new ACL settings by replacing the appropriate entries.
191 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
192 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
193 putmsg stderr 1 "$tag: new ACL : $acl_list"
194
195 # Set the new ACL values.
196 set res [compound {Putfh $dfh; \
197 Setattr $sid { {acl \
198 { $acl_list } } } } ]
199
200 ckres "Setattr acl" $status $expcode $res $FAIL
201
202 # Re-read ACL values
203 set res2 [compound {Putfh $dfh; \
204 Getattr acl }]
205
206 ckres "Getattr acl again" $status $expcode $res2 $FAIL
207
208 if { $status == "OK" } {
209 set new_acl_list [extract_acl_list $res2]
210 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
211
212 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
213 putmsg stderr 0 \
214 "\t Test FAIL: lists do not match."
215 } else {
216 putmsg stdout 0 "\t Test PASS"
217 }
218 }
219
220 puts ""
221
222 # ------------------------------------------------------------------------
223 # d: Test restoring dir other write perms - expect OK
224
225 set tag "$TNAME{d}"
226 set ASSERTION "Test restoring dir other write perms - expect $expcode"
227 putmsg stdout 0 "$tag: $ASSERTION"
228
229 restore_perms $dfh OTHER DIR
230
231 # ------------------------------------------------------------------------
232 # e: Test removing dir other execute perms - expect OK
233
234 set tag "$TNAME{e}"
235 set ASSERTION "Test removing dir other execute perms - expect $expcode"
236 putmsg stdout 0 "$tag: $ASSERTION"
237
238 set sid {0 0}
239
240 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
241 $POSIX_WRITE_DIR_ACL ] ]
242
243 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
244
245 # get the initial ACL settings.
246 set initial_acl [compound {Putfh $dfh; \
247 Getattr acl }]
248
249 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
250
251 #
252 # Break the string returned from the Geattr acl command into
253 # a list and then extract the actual ACL settings.
254 #
255 set acl_list [extract_acl_list $initial_acl]
256 putmsg stderr 1 "$tag: initial ACL : $acl_list"
257
258 # Create the new ACL settings by replacing the appropriate entries.
259 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
260 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
261 putmsg stderr 1 "$tag: new ACL : $acl_list"
262
263 # Set the new ACL values.
264 set res [compound {Putfh $dfh; \
265 Setattr $sid { {acl \
266 { $acl_list } } } } ]
267
268 ckres "Setattr acl" $status $expcode $res $FAIL
269
270 # Re-read ACL values
271 set res2 [compound {Putfh $dfh; \
272 Getattr acl }]
273
274 ckres "Getattr acl again" $status $expcode $res2 $FAIL
275
276 if { $status == "OK" } {
277 set new_acl_list [extract_acl_list $res2]
278 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
279
280 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
281 putmsg stderr 0 \
282 "\t Test FAIL: lists do not match."
283 } else {
284 putmsg stdout 0 "\t Test PASS"
285 }
286 }
287
288 puts ""
289
290 # ------------------------------------------------------------------------
291 # f: Test restoring dir other execute perms - expect OK
292
293 set tag "$TNAME{f}"
294 set ASSERTION "Test restoring dir other execute perms - expect $expcode"
295 putmsg stdout 0 "$tag: $ASSERTION"
296
297 restore_perms $dfh OTHER DIR
298
299
300 # ------------------------------------------------------------------------
301 # g: Test removing all dir other perms - expect OK
302
303 set tag "$TNAME{g}"
304 set ASSERTION "Test removing all dir other perms - expect $expcode"
305 putmsg stdout 0 "$tag: $ASSERTION"
306
307 set sid {0 0}
308
309 set other_allow_mask [ aclmask $GENERIC_ALLOW_ACL ]
310
311 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
312 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
313
314 # get the initial ACL settings.
315 set initial_acl [compound {Putfh $dfh; \
316 Getattr acl }]
317
318 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
319
320 #
321 # Break the string returned from the Geattr acl command into
322 # a list and then extract the actual ACL settings.
323 #
324 set acl_list [extract_acl_list $initial_acl]
325 putmsg stderr 1 "$tag: initial ACL : $acl_list"
326
327 # Create the new ACL settings by replacing the appropriate entries.
328 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
329 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
330 putmsg stderr 1 "$tag: new ACL : $acl_list"
331
332 # Set the new ACL values.
333 set res [compound {Putfh $dfh; \
334 Setattr $sid { {acl \
335 { $acl_list } } } } ]
336
337 ckres "Setattr acl" $status $expcode $res $FAIL
338
339 # Re-read ACL values
340 set res2 [compound {Putfh $dfh; \
341 Getattr acl }]
342
343 ckres "Getattr acl again" $status $expcode $res2 $FAIL
344
345 if { $status == "OK" } {
346 set new_acl_list [extract_acl_list $res2]
347 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
348
349 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
350 putmsg stderr 0 \
351 "\t Test FAIL: lists do not match."
352 } else {
353 putmsg stdout 0 "\t Test PASS"
354 }
355 }
356
357 puts ""
358
359 # ------------------------------------------------------------------------
360 # h: Test restoring all dir other perms - expect OK
361
362 set tag "$TNAME{h}"
363 set ASSERTION "Test restoring all dir other perms - expect $expcode"
364 putmsg stdout 0 "$tag: $ASSERTION"
365
366 restore_perms $dfh OTHER DIR
367
368 # ------------------------------------------------------------------------
369 # Cleanup
370 #
371 set tag "$TNAME-cleanup"
372 set res3 [compound {Putfh $bfh; Remove $dirname}]
373 if {$status != "OK"} {
374 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed"
375 putmsg stderr 0 "\t status=$status; please cleanup manually."
376 putmsg stderr 1 "\t res=($res3)"
377 putmsg stderr 1 " "
378 }
379
380 Disconnect
381 exit $PASS