1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (rwxrwxrwx) to an existing directory
29 # b: Test the default ACL settings of (rwxrwxrwx) are inherited by sub-dir
30 # c: Test the default ACL settings of (rwxrwxrwx) are inherited by sub-file
31 # d: Test adding a default ACL of (-wxrwxrwx) to an existing directory
32 # e: Test the default ACL settings of (-wxrwxrwx) are inherited by sub-dir
33 # f: Test the default ACL settings of (-wxrwxrwx) are inherited by sub-dir
34 # g: Test adding a default ACL of (r-xrwxrwx) to an existing directory
35 # h: Test the default ACL settings of (r-xrwxrwx) are inherited by sub-dir
36 # i: Test the default ACL settings of (r-xrwxrwx) are inherited by sub-dir
37 # j: Test adding a default ACL of (rw-rwxrwx) to an existing directory
38 # k: Test the default ACL settings of (rw-rwxrwx) are inherited by sub-dir
39 # l: Test the default ACL settings of (rw-rwxrwx) are inherited by sub-dir
40
41 set TESTROOT $env(TESTROOT)
42
43 # include common code and init section
44 source [file join ${TESTROOT} tcl.init]
45 source [file join ${TESTROOT} testproc]
46 source [file join ${TESTROOT} acltools]
47
48 # connect to the test server
49 Connect
50
51 # setting local variables
52 set TNAME $argv0
53 set expcode "OK"
54 set dir_cont_list ""
55
56 set POSIX_READ_ACL $env(POSIX_READ_ACL)
57 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
58 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
59 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
60 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
61 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
62 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
63
64 # Get handle for base directory
65 set bfh [get_fh "$BASEDIRS"]
66
67 # Set params relating to test file
68 set dirname "newdir.[pid]"
69 set dpath [file join ${BASEDIR} ${dirname}]
70
71 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
72 set dfh "[creatv4_dir $dpath 777]"
73 if {$dfh == $NULL} {
74 putmsg stdout 0 "$TNAME: test setup"
75 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
76 putmsg stderr 0 "\t\t status=($status)."
77 Disconnect
78 exit $UNRESOLVED
79 }
80
81 # get the initial non-default ACL settings.
82 set initial_acl [compound {Putfh $dfh; \
83 Getattr acl }]
84
85 if {$status != "OK"} {
86 putmsg stdout 0 "$TNAME: test setup"
87 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
88 putmsg stderr 0 "\t\t status=($status)."
89 Disconnect
90 exit $UNRESOLVED
91 }
92
93 #
94 # Break the string returned from the Geattr acl command into
95 # a list and then extract the actual ACL settings.
96 #
97 set initial_acl_list [extract_acl_list $initial_acl]
98 putmsg stderr 1 "$TNAME: initial ACL : $initial_acl_list"
99
100 # Start testing
101 # --------------------------------------------------------------------------------
102 # a: Test adding a default ACL of (rwxrwxrwx) to an existing directory
103
104 set tag "$TNAME{a}"
105 set ASSERTION "Test adding a default ACL of (rwxrwxrwx) to an existing directory"
106 putmsg stdout 0 "$tag: $ASSERTION"
107
108 set sid {0 0}
109
110 # Default Dir ACL settings
111 #
112 # Owner - allow rwx
113 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
114 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
115
116 set dir_owner_deny_mask 0
117
118 # Group - allow rwx
119 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
120 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
121
122 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
123
124 # Other - allow rwx
125 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
126 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
127
128 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
129
130 if $IsZFS {
131 set inherited_owner_allow_mask $dir_owner_allow_mask
132 set inherited_owner_deny_mask $dir_owner_deny_mask
133
134 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
135 # As we only concern the mask which will be compared, here we just set
136 # both TYPE and FLAG fields with 0.
137 lappend inherited_acl_dir_owner_list_b \
138 "0 0 $dir_owner_allow_mask OWNER@" \
139 "0 0 $inherited_owner_allow_mask OWNER@" \
140 "0 0 $dir_owner_deny_mask OWNER@" \
141 "0 0 $inherited_owner_deny_mask OWNER@"
142
143 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
144 lappend inherited_acl_file_owner_list_c \
145 "0 0 $inherited_owner_allow_mask OWNER@" \
146 "0 0 $inherited_owner_deny_mask OWNER@"
147
148 set inherited_group_allow_mask $dir_group_allow_mask
149 set inherited_group_deny_mask $dir_group_deny_mask
150 set inherited_other_allow_mask $dir_other_allow_mask
151 set inherited_other_deny_mask $dir_other_deny_mask
152
153 # in all sub-assertions, we only change "OWNER@" ACEs
154 # so other ACEs (GROUP and EVERYONE) are the same.
155 lappend inherited_dir_common_list \
156 "0 0 $dir_group_deny_mask GROUP@" \
157 "0 0 $inherited_group_deny_mask GROUP@" \
158 "0 0 $dir_group_allow_mask GROUP@" \
159 "0 0 $inherited_group_allow_mask GROUP@" \
160 "0 0 $dir_group_deny_mask GROUP@" \
161 "0 0 $inherited_group_deny_mask GROUP@" \
162 "0 0 $dir_other_allow_mask EVERYONE@" \
163 "0 0 $inherited_other_allow_mask EVERYONE@" \
164 "0 0 $dir_other_deny_mask EVERYONE@" \
165 "0 0 $inherited_other_deny_mask EVERYONE@"
166
167 set expected_dir_common_list [ concat $inherited_dir_common_list \
168 $initial_acl_list ]
169
170 lappend inherited_file_common_list \
171 "0 0 $inherited_group_deny_mask GROUP@" \
172 "0 0 $inherited_group_allow_mask GROUP@" \
173 "0 0 $inherited_group_deny_mask GROUP@" \
174 "0 0 $inherited_other_allow_mask EVERYONE@" \
175 "0 0 $inherited_other_deny_mask EVERYONE@"
176
177 set expected_file_common_list [ concat $inherited_file_common_list \
178 $initial_acl_list ]
179 }
180
181 # Create the new ACL settings by appending the appropriate default
182 # ACL entries.
183 #
184 # Order of entries in the list is as follows:
185 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
186 #
187 # Set the default ACL's
188
189 set acl_list $initial_acl_list
190 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
191 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
192 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
193 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
194 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
195 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
196 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
197
198 set dir_acl_list [concat $initial_acl_list $default_acl_list]
199 putmsg stderr 1 "$tag: new dir ACL : $dir_acl_list"
200
201 # Set the new ACL values.
202 set res [compound {Putfh $dfh; \
203 Setattr $sid { {acl \
204 { $dir_acl_list } } } } ]
205
206 ckres "Setattr acl" $status $expcode $res $FAIL
207
208 # Re-read ACL values
209 set res2 [compound {Putfh $dfh; \
210 Getattr acl }]
211
212 ckres "Getattr acl again" $status $expcode $res2 $FAIL
213
214 if { $status == "OK" } {
215 set new_acl_list [extract_acl_list $res2]
216 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
217
218 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
219 putmsg stderr 0 \
220 "\t Test FAIL: lists do not match."
221 } else {
222 putmsg stdout 0 "\t Test PASS"
223 }
224 }
225
226 puts ""
227
228 # ------------------------------------------------------------------------
229 # b: Test the default ACL settings of (rwxrwxrwx) are inherited by sub-dir
230
231 set tag "$TNAME{b}"
232 set ASSERTION "Test the default ACL settings of (rwxrwxrwx) are inherited by sub-dir"
233 putmsg stdout 0 "$tag: $ASSERTION"
234
235 set sid {0 0}
236
237 # Set params relating to test file
238 set subdir "subdirB.[pid]"
239 set sdpath $BASEDIR/$dirname/$subdir
240
241 # Attempt to create the sub-dir and get its handle
242 set sdfh "[creatv4_dir $sdpath 777]"
243 if {$sdfh == $NULL} {
244 putmsg stderr 0 "\t Test FAIL: failed to create tmp subdir=($subdir)"
245 putmsg stderr 0 "\t\t status=($status)."
246 } else {
247 # Add the sub-dir name to a list for easy removal later.
248 lappend dir_cont_list $subdir
249
250 # Read subdir ACL values
251 set res2 [compound {Putfh $sdfh; \
252 Getattr acl }]
253
254 ckres "Getattr acl again" $status $expcode $res2 $FAIL
255
256 set new_acl_list [extract_acl_list $res2]
257 if $IsZFS {
258 set expected_acl [ concat $inherited_acl_dir_owner_list_b \
259 $expected_dir_common_list ]
260 } else {
261 set expected_acl [concat $default_acl_list $default_acl_list]
262 }
263 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
264 putmsg stderr 1 "$tag: expected ACL: $expected_acl"
265
266 if { [compare_acl_lists $new_acl_list $expected_acl MASK] != 0} {
267 putmsg stderr 0 \
268 "\t Test FAIL: lists do not match."
269 } else {
270 putmsg stdout 0 "\t Test PASS"
271 }
272
273 puts ""
274 }
275
276 # ------------------------------------------------------------------------
277 # c: Test the default ACL settings of (rwxrwxrwx) are inherited by sub-file
278
279 set tag "$TNAME{c}"
280 set ASSERTION "Test the default ACL settings of (rwxrwxrwx) are inherited by sub-file"
281 putmsg stdout 0 "$tag: $ASSERTION"
282
283 set sid { 0 0}
284
285 # Set params relating to test sub-file
286 set subfile "subfileC.[pid]"
287 set sfpath $BASEDIR/$dirname/$subfile
288
289 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
290 # over-ridden by the parent dir's default ACL settings, and get its handle.
291 set sffh "[creatv4_file $sfpath 777]"
292 if {$sffh == $NULL } {
293 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
294 putmsg stderr 0 "\t\t status=($status)."
295 Disconnect
296 exit $UNRESOLVED
297 } else {
298
299 lappend dir_cont_list $subfile
300
301 # Read file ACL values
302 set res2 [compound {Putfh $sffh; \
303 Getattr acl }]
304
305 ckres "Getattr acl again" $status $expcode $res2 $FAIL
306
307 set new_acl_list [extract_acl_list $res2]
308 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
309
310 if $IsZFS {
311 # The file should have inherited the parent directorys acl
312 set exp_acl [ concat $inherited_acl_file_owner_list_c \
313 $expected_file_common_list ]
314 } else {
315 # The file should have inherited the parent directorys default
316 # ACL settings except for the DELETE_CHILD bitmask.
317 set exp_acl [dir2file_aclmask $acl_list]
318 }
319 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
320
321 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
322 putmsg stderr 0 \
323 "\t Test FAIL: lists do not match."
324 } else {
325 putmsg stdout 0 "\t Test PASS"
326 }
327 }
328
329 puts ""
330
331 # ------------------------------------------------------------------------
332 # d: Test adding a default ACL of (-wxrwxrwx) to an existing directory
333
334 set tag "$TNAME{d}"
335 set ASSERTION "Test adding a default ACL of (-wxrwxrwx) to an existing directory"
336 putmsg stdout 0 "$tag: $ASSERTION"
337
338 set sid {0 0}
339
340 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_DIR_ACL \
341 $POSIX_EXECUTE_ACL ] ]
342
343 set owner_deny_mask [ aclmask $POSIX_READ_ACL ]
344
345 if $IsZFS {
346 set inherited_owner_allow_mask $owner_allow_mask
347 set inherited_owner_deny_mask $owner_deny_mask
348
349 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs.
350 # As we only concern the mask which will be compared, here we just set
351 # both TYPE and FLAG fields with 0.
352 lappend inherited_acl_dir_owner_list_e \
353 "0 0 $owner_allow_mask OWNER\@" \
354 "0 0 $inherited_owner_allow_mask OWNER\@" \
355 "0 0 $owner_deny_mask OWNER\@" \
356 "0 0 $inherited_owner_deny_mask OWNER\@"
357
358 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
359 lappend inherited_acl_file_owner_list_f \
360 "0 0 $inherited_owner_allow_mask OWNER\@" \
361 "0 0 $inherited_owner_deny_mask OWNER\@"
362 }
363
364 # Create the new ACL settings by replacing the appropriate entries.
365 #
366 # Order of entries in the list is as follows:
367 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
368 #
369 set acl_list $default_acl_list
370 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
371 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
372
373 set new_dir_acl [concat $initial_acl_list $acl_list]
374 putmsg stderr 1 "$tag: new ACL : $new_dir_acl"
375
376 # Set the new ACL values.
377 set res [compound {Putfh $dfh; \
378 Setattr $sid { {acl \
379 { $new_dir_acl } } } } ]
380
381 ckres "Setattr acl" $status $expcode $res $FAIL
382
383 # Re-read ACL values
384 set res2 [compound {Putfh $dfh; \
385 Getattr acl }]
386
387 ckres "Getattr acl again" $status $expcode $res2 $FAIL
388
389 if { $status == "OK" } {
390 set new_acl_list [extract_acl_list $res2]
391 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
392
393 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
394 putmsg stderr 0 \
395 "\t Test FAIL: lists do not match."
396 } else {
397 putmsg stdout 0 "\t Test PASS"
398 }
399 }
400
401 puts ""
402
403 # ------------------------------------------------------------------------
404 # e: Test the default ACL settings are inherited by sub-dir (-wxrwxrwx)
405
406 set tag "$TNAME{e}"
407 set ASSERTION "Test the default ACL settings of (-wxrwxrwx) are inherited by sub-dir"
408 putmsg stdout 0 "$tag: $ASSERTION"
409
410 set sid {0 0}
411
412 # Set params relating to test sub-dir
413 set subdir "subdirE.[pid]"
414 set sdpath $BASEDIR/$dirname/$subdir
415
416 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
417 # over-ridden by the parent dir's default ACL settings, and get its handle.
418 set sdfh "[creatv4_dir $sdpath 777]"
419 if {$sdfh == $NULL} {
420 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
421 putmsg stderr 0 "\t\t status=($status)."
422 Disconnect
423 exit $UNRESOLVED
424 } else {
425 lappend dir_cont_list $subdir
426
427 # Read dir ACL values
428 set res2 [compound {Putfh $sdfh; \
429 Getattr acl }]
430
431 ckres "Getattr acl again" $status $expcode $res2 $FAIL
432
433 set new_acl_list [extract_acl_list $res2]
434 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
435
436 # The sub directory should have inherited the parents default
437 # ACL settings, as both its default and non-default settings.
438 if $IsZFS {
439 set exp_acl [ concat $inherited_acl_dir_owner_list_e \
440 $expected_dir_common_list ]
441 } else {
442 set exp_acl [concat $acl_list $acl_list]
443 }
444 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
445
446 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
447 putmsg stderr 0 \
448 "\t Test FAIL: lists do not match."
449 } else {
450 putmsg stdout 0 "\t Test PASS"
451 }
452 }
453
454 puts ""
455
456 # ------------------------------------------------------------------------
457 # f: Test the default ACL settings of (-wxrwxrwx) are inherited by sub-file
458
459 set tag "$TNAME{f}"
460 set ASSERTION "Test the default ACL settings of (-wxrwxrwx) are inherited by sub-file"
461 putmsg stdout 0 "$tag: $ASSERTION"
462
463 set sid { 0 0}
464
465 # Set params relating to test sub-file
466 set subfile "subfileF.[pid]"
467 set sfpath $BASEDIR/$dirname/$subfile
468
469 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
470 # over-ridden by the parent dir's default ACL settings, and get its handle.
471 set sffh "[creatv4_file $sfpath 777]"
472 if {$sffh == $NULL } {
473 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
474 putmsg stderr 0 "\t\t status=($status)."
475 Disconnect
476 exit $UNRESOLVED
477 } else {
478
479 lappend dir_cont_list $subfile
480
481 # Read file ACL values
482 set res2 [compound {Putfh $sffh; \
483 Getattr acl }]
484
485 ckres "Getattr acl again" $status $expcode $res2 $FAIL
486
487 set new_acl_list [extract_acl_list $res2]
488 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
489
490 if $IsZFS {
491 # The file should have inherited the parent directorys acl
492 set exp_acl [ concat $inherited_acl_file_owner_list_f \
493 $expected_file_common_list ]
494 } else {
495 # The file should have inherited the parent directorys default
496 # ACL settings except for the DELETE_CHILD bitmask.
497 set exp_acl [dir2file_aclmask $acl_list]
498 }
499 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
500
501 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
502 putmsg stderr 0 \
503 "\t Test FAIL: lists do not match."
504 } else {
505 putmsg stdout 0 "\t Test PASS"
506 }
507 }
508
509 puts ""
510
511 # ------------------------------------------------------------------------
512 # g: Test adding a default ACL of (r-xrwxrwx) to an existing directory
513
514 set tag "$TNAME{g}"
515 set ASSERTION "Test adding a default ACL of (r-xrwxrwx) to an existing directory"
516 putmsg stdout 0 "$tag: $ASSERTION"
517
518 set sid {0 0}
519
520 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
521 $POSIX_EXECUTE_ACL ] ]
522
523 set owner_deny_mask [ aclmask $POSIX_WRITE_DIR_ACL ]
524
525 if $IsZFS {
526 set inherited_owner_allow_mask $owner_allow_mask
527 set inherited_owner_deny_mask $owner_deny_mask
528
529 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs.
530 # As we only concern the mask which will be compared, here we just set
531 # both TYPE and FLAG fields with 0.
532 lappend inherited_acl_dir_owner_list_h \
533 "0 0 $owner_allow_mask OWNER\@" \
534 "0 0 $inherited_owner_allow_mask OWNER\@" \
535 "0 0 $owner_deny_mask OWNER\@" \
536 "0 0 $inherited_owner_deny_mask OWNER\@"
537
538 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
539 lappend inherited_acl_file_owner_list_i \
540 "0 0 $inherited_owner_allow_mask OWNER\@" \
541 "0 0 $inherited_owner_deny_mask OWNER\@"
542 }
543
544 #
545 # Break the string returned from the Geattr acl command into
546 # a list and then extract the actual ACL settings.
547 #
548 set acl_list [extract_acl_list $initial_acl]
549
550 # Create the new ACL settings by replacing the appropriate entries.
551 #
552 # Order of entries in the list is as follows:
553 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
554 #
555 set acl_list $default_acl_list
556 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
557 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
558
559 set new_dir_acl [concat $initial_acl_list $acl_list]
560 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
561
562 # Set the new ACL values.
563 set res [compound {Putfh $dfh; \
564 Setattr $sid { {acl \
565 { $new_dir_acl } } } } ]
566
567 ckres "Setattr acl" $status $expcode $res $FAIL
568
569 # Re-read ACL values
570 set res2 [compound {Putfh $dfh; \
571 Getattr acl }]
572
573 ckres "Getattr acl again" $status $expcode $res2 $FAIL
574
575 if { $status == "OK" } {
576 set new_acl_list [extract_acl_list $res2]
577 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
578
579 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
580 putmsg stderr 0 \
581 "\t Test FAIL: lists do not match."
582 } else {
583 putmsg stdout 0 "\t Test PASS"
584 }
585 }
586
587 puts ""
588
589 # ------------------------------------------------------------------------
590 # h: Test the default ACL settings of (r-xrwxrwx) are inherited by sub-dir
591
592 set tag "$TNAME{h}"
593 set ASSERTION "Test the default ACL settings of (r-xrwxrwx) are inherited by sub-dir"
594 putmsg stdout 0 "$tag: $ASSERTION"
595
596 set sid {0 0}
597
598 # Set params relating to test file
599 set subdir "subdirH.[pid]"
600 set sdpath $BASEDIR/$dirname/$subdir
601
602 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
603 # over-ridden by the parent dir's default ACL settings, and get its handle.
604 set sdfh "[creatv4_dir $sdpath 777]"
605 if {$sdfh == $NULL} {
606 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
607 putmsg stderr 0 "\t\t status=($status)."
608 Disconnect
609 exit $UNRESOLVED
610 } else {
611 lappend dir_cont_list $subdir
612
613 # Read dir ACL values
614 set res2 [compound {Putfh $sdfh; \
615 Getattr acl }]
616
617 ckres "Getattr acl again" $status $expcode $res2 $FAIL
618
619 set new_acl_list [extract_acl_list $res2]
620 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
621
622 # The sub directory should have inherited the parents default
623 # ACL settings, as both its default and non-default settings.
624 if $IsZFS {
625 set exp_acl [ concat $inherited_acl_dir_owner_list_h \
626 $expected_dir_common_list ]
627 } else {
628 set exp_acl [concat $acl_list $acl_list]
629 }
630 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
631
632 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
633 putmsg stderr 0 \
634 "\t Test FAIL: lists do not match."
635 } else {
636 putmsg stdout 0 "\t Test PASS"
637 }
638 }
639
640 puts ""
641
642 # ------------------------------------------------------------------------
643 # i: Test the default ACL settings of (r-xrwxrwx) are inherited by sub-file
644
645 set tag "$TNAME{i}"
646 set ASSERTION "Test the default ACL settings of (r-xrwxrwx) are inherited by sub-file"
647 putmsg stdout 0 "$tag: $ASSERTION"
648
649 set sid { 0 0}
650
651 # Set params relating to test sub-file
652 set subfile "subfileI.[pid]"
653 set sfpath $BASEDIR/$dirname/$subfile
654
655 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
656 # over-ridden by the parent dir's default ACL settings, and get its handle.
657 set sffh "[creatv4_file $sfpath 777]"
658 if {$sffh == $NULL } {
659 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
660 putmsg stderr 0 "\t\t status=($status)."
661 Disconnect
662 exit $UNRESOLVED
663 } else {
664
665 lappend dir_cont_list $subfile
666
667 # Read file ACL values
668 set res2 [compound {Putfh $sffh; \
669 Getattr acl }]
670
671 ckres "Getattr acl again" $status $expcode $res2 $FAIL
672
673 set new_acl_list [extract_acl_list $res2]
674 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
675
676 if $IsZFS {
677 # The file should have inherited the parent directorys acl
678 set exp_acl [ concat $inherited_acl_file_owner_list_i \
679 $expected_file_common_list ]
680 } else {
681 # The file should have inherited the parent directorys default
682 # ACL settings except for the DELETE_CHILD bitmask.
683 set exp_acl [dir2file_aclmask $acl_list]
684 }
685 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
686
687 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
688 putmsg stderr 0 \
689 "\t Test FAIL: lists do not match."
690 } else {
691 putmsg stdout 0 "\t Test PASS"
692 }
693 }
694
695 puts ""
696
697 # ------------------------------------------------------------------------
698 # j: Test adding a default ACL of (rw-rwxrwx) to an existing directory
699
700 set tag "$TNAME{j}"
701 set ASSERTION "Test adding a default ACL of (rw-rwxrwx) to an existing directory"
702 putmsg stdout 0 "$tag: $ASSERTION"
703
704 set sid {0 0}
705
706 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
707
708 set owner_deny_mask [ aclmask $POSIX_EXECUTE_ACL ]
709
710 if $IsZFS {
711 set inherited_owner_allow_mask $owner_allow_mask
712 set inherited_owner_deny_mask $owner_deny_mask
713
714 # For case k, ONE ACE on parent directory can create TWO ACEs on sub-dirs
715 # As we only concern the mask which will be compared, here we just set
716 # both TYPE and FLAG fields with 0.
717 lappend inherited_acl_dir_owner_list_k \
718 "0 0 $owner_allow_mask OWNER\@" \
719 "0 0 $inherited_owner_allow_mask OWNER\@" \
720 "0 0 $owner_deny_mask OWNER\@" \
721 "0 0 $inherited_owner_deny_mask OWNER\@"
722
723 # For case l, ONE ACE on parent directory can create ONE ACE on sub-file
724 lappend inherited_acl_file_owner_list_l \
725 "0 0 $inherited_owner_allow_mask OWNER\@" \
726 "0 0 $inherited_owner_deny_mask OWNER\@"
727 }
728
729 #
730 # Break the string returned from the Geattr acl command into
731 # a list and then extract the actual ACL settings.
732 #
733 set acl_list [extract_acl_list $initial_acl]
734
735 # Create the new ACL settings by replacing the appropriate entries.
736 #
737 # Order of entries in the list is as follows:
738 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
739 #
740 set acl_list $default_acl_list
741 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
742 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
743
744 set new_dir_acl [concat $initial_acl_list $acl_list]
745 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
746
747 # Set the new ACL values.
748 set res [compound {Putfh $dfh; \
749 Setattr $sid { {acl \
750 { $new_dir_acl } } } } ]
751
752 ckres "Setattr acl" $status $expcode $res $FAIL
753
754 # Re-read ACL values
755 set res2 [compound {Putfh $dfh; \
756 Getattr acl }]
757
758 ckres "Getattr acl again" $status $expcode $res2 $FAIL
759
760 if { $status == "OK" } {
761 set new_acl_list [extract_acl_list $res2]
762 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
763
764 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
765 putmsg stderr 0 \
766 "\t Test FAIL: lists do not match."
767 } else {
768 putmsg stdout 0 "\t Test PASS"
769 }
770 }
771
772 puts ""
773
774 # ------------------------------------------------------------------------
775 # k: Test the default ACL settings of (rw-rwxrwx) are inherited by sub-dir
776
777 set tag "$TNAME{k}"
778 set ASSERTION "Test the default ACL settings of (rw-rwxrwx) are inherited by sub-dir"
779 putmsg stdout 0 "$tag: $ASSERTION"
780
781 set sid {0 0}
782
783 # Set params relating to test file
784 set subdir "subdirK.[pid]"
785 set sdpath $BASEDIR/$dirname/$subdir
786
787 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
788 # over-ridden by the parent dir's default ACL settings, and get its handle.
789 set sdfh "[creatv4_dir $sdpath 777]"
790 if {$sdfh == $NULL} {
791 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
792 putmsg stderr 0 "\t\t status=($status)."
793 Disconnect
794 exit $UNRESOLVED
795 } else {
796 lappend dir_cont_list $subdir
797
798 # Read dir ACL values
799 set res2 [compound {Putfh $sdfh; \
800 Getattr acl }]
801
802 ckres "Getattr acl again" $status $expcode $res2 $FAIL
803
804 set new_acl_list [extract_acl_list $res2]
805 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
806
807 # The sub directory should have inherited the parents default
808 # ACL settings, as both its default and non-default settings.
809 if $IsZFS {
810 set exp_acl [ concat $inherited_acl_dir_owner_list_k \
811 $expected_dir_common_list ]
812 } else {
813 set exp_acl [concat $acl_list $acl_list]
814 }
815 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
816
817 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
818 putmsg stderr 0 \
819 "\t Test FAIL: lists do not match."
820 } else {
821 putmsg stdout 0 "\t Test PASS"
822 }
823
824 puts ""
825 }
826
827 # ------------------------------------------------------------------------
828 # l: Test the default ACL settings of (rw-rwxrwx) are inherited by sub-file
829
830 set tag "$TNAME{l}"
831 set ASSERTION "Test the default ACL settings of (rw-rwxrwx) are inherited by sub-file"
832 putmsg stdout 0 "$tag: $ASSERTION"
833
834 set sid { 0 0}
835
836 # Set params relating to test sub-file
837 set subfile "subfileL.[pid]"
838 set sfpath $BASEDIR/$dirname/$subfile
839
840 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
841 # over-ridden by the parent dir's default ACL settings, and get its handle.
842 set sffh "[creatv4_file $sfpath 777]"
843 if {$sffh == $NULL } {
844 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
845 putmsg stderr 0 "\t\t status=($status)."
846 Disconnect
847 exit $UNRESOLVED
848 } else {
849
850 lappend dir_cont_list $subfile
851
852 # Read file ACL values
853 set res2 [compound {Putfh $sffh; \
854 Getattr acl }]
855
856 ckres "Getattr acl again" $status $expcode $res2 $FAIL
857
858 set new_acl_list [extract_acl_list $res2]
859 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
860
861 if $IsZFS {
862 # The file should have inherited the parent directorys acl
863 set exp_acl [ concat $inherited_acl_file_owner_list_l \
864 $expected_file_common_list ]
865 } else {
866 # The file should have inherited the parent directorys default
867 # ACL settings except for the DELETE_CHILD bitmask.
868 set exp_acl [dir2file_aclmask $acl_list]
869 }
870 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
871
872 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
873 putmsg stderr 0 \
874 "\t Test FAIL: lists do not match."
875 } else {
876 putmsg stdout 0 "\t Test PASS"
877 }
878 }
879
880 puts ""
881
882 #
883 # Final Cleanup - remove all the sub-files and sub-dirs first
884 # then the parent directory.
885 #
886 set tag "$TNAME-sub-cleanup"
887 remove_dir_entries $dfh $dir_cont_list
888
889 set tag "$TNAME-cleanup"
890 set res3 [compound {Putfh $bfh; Remove $dirname}]
891 if {$status != "OK"} {
892 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
893 putmsg stderr 0 "\t status=$status; please cleanup manually."
894 putmsg stderr 1 "\t res=($res3)"
895 putmsg stderr 1 " "
896 }
897
898 Disconnect
899 exit $PASS