1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing dir other read/write perms - expect OK
29 # b: Test restoring dir other read/write perms - expect OK
30 # c: Test removing dir other read/execute perms - expect OK
31 # d: Test restoring dir other read/execute perms - expect OK
32 # e: Test removing dir other write/execute perms - expect OK
33 # f: Test restoring dir other write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test dir
60 set dirname "newdir.[pid]"
61 set dpath [file join ${BASEDIR} ${dirname}]
62
63 #
64 # Order of entries in the list is as follows:
65 # UFS :
66 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
67 # ZFS :
68 # <OWNER><OWNER><GROUP><GROUP><EVERYONE><EVERYONE>
69 #
70 # so the position of "other" ace is different between UFS and ZFS
71 #
72 if $IsZFS {
73 set other_allow_pos 4
74 set other_deny_pos 5
75 } else {
76 set other_allow_pos 5
77 set other_deny_pos 6
78 }
79
80 # Create the test dir with all perms set (-rwxrwxrwx) and get its handle.
81 set dfh "[creatv4_dir $dpath 777]"
82 if {$dfh == $NULL} {
83 putmsg stdout 0 "$TNAME: test setup"
84 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
85 putmsg stderr 0 "\t\t status=($status)."
86 Disconnect
87 exit $UNRESOLVED
88 }
89
90
91 # Start testing
92 # ------------------------------------------------------------------------
93 # a: Test removing dir other read/write perms - expect OK
94
95 set tag "$TNAME{a}"
96 set ASSERTION "Test removing dir other read/write perms - expect $expcode"
97 putmsg stdout 0 "$tag: $ASSERTION"
98
99 set sid {0 0}
100
101 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
102
103 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
104
105 # get the initial ACL settings.
106 set initial_acl [compound {Putfh $dfh; \
107 Getattr acl }]
108
109 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
110
111 #
112 # Break the string returned from the Geattr acl command into
113 # a list and then extract the actual ACL settings.
114 #
115 set acl_list [extract_acl_list $initial_acl]
116 putmsg stderr 1 "$tag: initial ACL : $acl_list"
117
118 # Create the new ACL settings by replacing the appropriate entries.
119 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
120 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
121 putmsg stderr 1 "$tag: new ACL : $acl_list"
122
123
124 # Set the new ACL values.
125 set res [compound {Putfh $dfh; \
126 Setattr $sid { {acl \
127 { $acl_list } } } } ]
128
129
130 ckres "Setattr acl" $status $expcode $res $FAIL
131
132 # Re-read ACL values
133 set res2 [compound {Putfh $dfh; \
134 Getattr acl }]
135
136 ckres "Getattr acl again" $status $expcode $res2 $FAIL
137
138 if { $status == "OK" } {
139 set new_acl_list [extract_acl_list $res2]
140 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
141
142 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
143 putmsg stderr 0 \
144 "\t Test FAIL: lists do not match."
145 } else {
146 putmsg stdout 0 "\t Test PASS"
147 }
148 }
149
150 puts ""
151
152 # ------------------------------------------------------------------------
153 # b: Test restoring dir other read/write perms - expect OK
154
155 set tag "$TNAME{b}"
156 set ASSERTION "Test restoring dir other read/write perms - expect $expcode"
157 putmsg stdout 0 "$tag: $ASSERTION"
158
159 restore_perms $dfh OTHER DIR
160
161 # ------------------------------------------------------------------------
162 # c: Test removing dir other read/execute perms - expect OK
163
164 set tag "$TNAME{c}"
165 set ASSERTION "Test removing dir other read/execute perms - expect $expcode"
166 putmsg stdout 0 "$tag: $ASSERTION"
167
168 set sid {0 0}
169
170 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
171
172 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
173
174 # get the initial ACL settings.
175 set initial_acl [compound {Putfh $dfh; \
176 Getattr acl }]
177
178 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
179
180 #
181 # Break the string returned from the Geattr acl command into
182 # a list and then extract the actual ACL settings.
183 #
184 set acl_list [extract_acl_list $initial_acl]
185 putmsg stderr 1 "$tag: initial ACL : $acl_list"
186
187 # Create the new ACL settings by replacing the appropriate entries.
188 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
189 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
190 putmsg stderr 1 "$tag: new ACL : $acl_list"
191
192
193 # Set the new ACL values.
194 set res [compound {Putfh $dfh; \
195 Setattr $sid { {acl \
196 { $acl_list } } } } ]
197
198 ckres "Setattr acl" $status $expcode $res $FAIL
199
200 # Re-read ACL values
201 set res2 [compound {Putfh $dfh; \
202 Getattr acl }]
203
204 ckres "Getattr acl again" $status $expcode $res2 $FAIL
205
206 if { $status == "OK" } {
207 set new_acl_list [extract_acl_list $res2]
208 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
209
210 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
211 putmsg stderr 0 \
212 "\t Test FAIL: lists do not match."
213 } else {
214 putmsg stdout 0 "\t Test PASS"
215 }
216 }
217
218 puts ""
219
220 # ------------------------------------------------------------------------
221 # d: Test restoring dir other read/execute perms - expect OK
222
223 set tag "$TNAME{d}"
224 set ASSERTION "Test restoring dir other read/execute perms - expect $expcode"
225 putmsg stdout 0 "$tag: $ASSERTION"
226
227 restore_perms $dfh OTHER DIR
228
229 # ------------------------------------------------------------------------
230 # e: Test removing dir other write/execute perms - expect OK
231
232 set tag "$TNAME{e}"
233 set ASSERTION "Test removing dir other write/execute perms - expect $expcode"
234 putmsg stdout 0 "$tag: $ASSERTION"
235
236 set sid {0 0}
237
238 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
239
240 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
241
242 # get the initial ACL settings.
243 set initial_acl [compound {Putfh $dfh; \
244 Getattr acl }]
245
246 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
247
248 #
249 # Break the string returned from the Geattr acl command into
250 # a list and then extract the actual ACL settings.
251 #
252 set acl_list [extract_acl_list $initial_acl]
253 putmsg stderr 1 "$tag: initial ACL : $acl_list"
254
255 # Create the new ACL settings by replacing the appropriate entries.
256 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
257 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
258 putmsg stderr 1 "$tag: new ACL : $acl_list"
259
260
261 # Set the new ACL values.
262 set res [compound {Putfh $dfh; \
263 Setattr $sid { {acl \
264 { $acl_list } } } } ]
265
266 ckres "Setattr acl" $status $expcode $res $FAIL
267
268 # Re-read ACL values
269 set res2 [compound {Putfh $dfh; \
270 Getattr acl }]
271
272 ckres "Getattr acl again" $status $expcode $res2 $FAIL
273
274 if { $status == "OK" } {
275 set new_acl_list [extract_acl_list $res2]
276 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
277
278 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
279 putmsg stderr 0 \
280 "\t Test FAIL: lists do not match."
281 } else {
282 putmsg stdout 0 "\t Test PASS"
283 }
284 }
285
286 puts ""
287
288 # ------------------------------------------------------------------------
289 # f: Test restoring dir other write/execute perms - expect OK
290
291 set tag "$TNAME{f}"
292 set ASSERTION "Test restoring dir other write/execute perms - expect $expcode"
293 putmsg stdout 0 "$tag: $ASSERTION"
294
295 restore_perms $dfh OTHER DIR
296
297 # ------------------------------------------------------------------------
298 # Cleanup
299 #
300 set tag "$TNAME-cleanup"
301 set res3 [compound {Putfh $bfh; Remove $dirname}]
302 if {$status != "OK"} {
303 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp dir failed"
304 putmsg stderr 0 "\t status=$status; please cleanup manually."
305 putmsg stderr 1 "\t res=($res3)"
306 putmsg stderr 1 " "
307 }
308
309 Disconnect
310 exit $PASS