1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (--xrwxrwx) to an existing directory
29 # b: Test the default ACL settings of (--xrwxrwx) are inherited by sub-dir
30 # c: Test the default ACL settings of (--xrwxrwx) are inherited by sub-file
31 # d: Test adding a default ACL of (-w-rwxrwx) to an existing directory
32 # e: Test the default ACL settings of (-w-rwxrwx) are inherited by sub-dir
33 # f: Test the default ACL settings of (-w-rwxrwx) are inherited by sub-file
34 # g: Test adding a default ACL of (r--rwxrwx) to an existing directory
35 # h: Test the default ACL settings of (r--rwxrwx) are inherited by sub-dir
36 # i: Test the default ACL settings of (r--rwxrwx) are inherited by sub-file
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51 set dir_cont_list ""
52
53 set POSIX_READ_ACL $env(POSIX_READ_ACL)
54 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
55 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
56 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
57 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
58 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
59 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
60
61 # Get handle for base directory
62 set bfh [get_fh "$BASEDIRS"]
63
64 # Set params relating to test file
65 set dirname "newdir.[pid]"
66 set dpath [file join ${BASEDIR} ${dirname}]
67
68 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
69 set dfh "[creatv4_dir $dpath 777]"
70 if {$dfh == $NULL} {
71 putmsg stdout 0 "$TNAME: test setup"
72 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
73 putmsg stderr 0 "\t\t status=($status)."
74 Disconnect
75 exit $UNRESOLVED
76 }
77
78 # get the initial non-default ACL settings.
79 set initial_acl [compound {Putfh $dfh; \
80 Getattr acl }]
81
82 if {$status != "OK"} {
83 putmsg stdout 0 "$TNAME: test setup"
84 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
85 putmsg stderr 0 "\t\t status=($status)."
86 Disconnect
87 exit $UNRESOLVED
88 }
89
90 #
91 # Break the string returned from the Geattr acl command into
92 # a list and then extract the actual ACL settings.
93 #
94 set initial_acl_list [extract_acl_list $initial_acl]
95 putmsg stderr 1 "$TNAME: initial ACL : $initial_acl_list"
96
97 set sid {0 0}
98
99 # Default Dir ACL settings
100 #
101 # Owner - allow rwx
102 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
103 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
104
105 set dir_owner_deny_mask 0
106
107 # Group - allow rwx
108 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
109 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
110
111 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
112
113 # Other - allow rwx
114 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
115 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
116
117 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
118
119 if $IsZFS {
120 set inherited_group_allow_mask $dir_group_allow_mask
121 set inherited_group_deny_mask $dir_group_deny_mask
122 set inherited_other_allow_mask $dir_other_allow_mask
123 set inherited_other_deny_mask $dir_other_deny_mask
124
125 # in all sub-assertions, we only change "OWNER@" ACEs
126 # so other ACEs (GROUP and EVERYONE) are the same.
127 lappend inherited_dir_common_list \
128 "0 0 $dir_group_deny_mask GROUP@" \
129 "0 0 $inherited_group_deny_mask GROUP@" \
130 "0 0 $dir_group_allow_mask GROUP@" \
131 "0 0 $inherited_group_allow_mask GROUP@" \
132 "0 0 $dir_group_deny_mask GROUP@" \
133 "0 0 $inherited_group_deny_mask GROUP@" \
134 "0 0 $dir_other_allow_mask EVERYONE@" \
135 "0 0 $inherited_other_allow_mask EVERYONE@" \
136 "0 0 $dir_other_deny_mask EVERYONE@" \
137 "0 0 $inherited_other_deny_mask EVERYONE@"
138
139 set expected_dir_common_list [ concat $inherited_dir_common_list \
140 $initial_acl_list ]
141
142 lappend inherited_file_common_list \
143 "0 0 $inherited_group_deny_mask GROUP@" \
144 "0 0 $inherited_group_allow_mask GROUP@" \
145 "0 0 $inherited_group_deny_mask GROUP@" \
146 "0 0 $inherited_other_allow_mask EVERYONE@" \
147 "0 0 $inherited_other_deny_mask EVERYONE@"
148
149 set expected_file_common_list [ concat $inherited_file_common_list \
150 $initial_acl_list ]
151 }
152
153 # Create the new ACL settings by appending the appropriate default
154 # ACL entries.
155 #
156 # Order of entries in the list is as follows:
157 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
158 #
159 # Set the default ACL's
160
161 set acl_list $initial_acl_list
162 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
163 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
164 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
165 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
166 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
167 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
168 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
169
170 set dir_acl_list [concat $initial_acl_list $default_acl_list]
171 putmsg stderr 1 "$TNAME: new dir ACL : $dir_acl_list"
172
173 # Set the new ACL values.
174 set res [compound {Putfh $dfh; \
175 Setattr $sid { {acl \
176 { $dir_acl_list } } } } ]
177
178 ckres "Setattr acl" $status $expcode $res $FAIL
179
180 # Re-read ACL values
181 set res2 [compound {Putfh $dfh; \
182 Getattr acl }]
183
184 ckres "Getattr acl again" $status $expcode $res2 $FAIL
185
186 if { $status == "OK" } {
187 set new_acl_list [extract_acl_list $res2]
188 putmsg stderr 1 "$TNAME: re-read ACL : $new_acl_list"
189
190 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
191 putmsg stderr 0 \
192 "\t Test FAIL: default ACL setup failed."
193 }
194 }
195
196 puts ""
197
198 # Start testing
199 # --------------------------------------------------------------------------------
200 # a: Test adding a default ACL of (--xrwxrwx) to an existing directory
201
202 set tag "$TNAME{a}"
203 set ASSERTION "Test adding a default ACL of (--xrwxrwx) to an existing directory"
204 putmsg stdout 0 "$tag: $ASSERTION"
205
206 set sid {0 0}
207
208 # Owner - deny rw, allow x
209 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
210
211 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_WRITE_DIR_ACL ] ]
212
213 if $IsZFS {
214 set inherited_owner_allow_mask $owner_allow_mask
215 set inherited_owner_deny_mask $owner_deny_mask
216
217 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
218 # As we only concern the mask which will be compared, here we just set
219 # both TYPE and FLAG fields with 0.
220 lappend inherited_acl_dir_owner_list_b \
221 "0 0 $owner_allow_mask OWNER\@" \
222 "0 0 $inherited_owner_allow_mask OWNER\@" \
223 "0 0 $owner_deny_mask OWNER\@" \
224 "0 0 $inherited_owner_deny_mask OWNER\@"
225
226 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
227 lappend inherited_acl_file_owner_list_c \
228 "0 0 $inherited_owner_allow_mask OWNER\@" \
229 "0 0 $inherited_owner_deny_mask OWNER\@"
230 }
231
232 # Create the new ACL settings by appending the appropriate default
233 # ACL entries.
234 #
235 # Order of entries in the list is as follows:
236 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
237 #
238 set acl_list $default_acl_list
239 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
240 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
241
242 set new_dir_acl [concat $initial_acl_list $acl_list]
243 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
244
245 # Set the new ACL values.
246 set res [compound {Putfh $dfh; \
247 Setattr $sid { {acl \
248 { $new_dir_acl } } } } ]
249
250 ckres "Setattr acl" $status $expcode $res $FAIL
251
252 # Re-read ACL values
253 set res2 [compound {Putfh $dfh; \
254 Getattr acl }]
255
256 ckres "Getattr acl again" $status $expcode $res2 $FAIL
257
258 if { $status == "OK" } {
259 set new_acl_list [extract_acl_list $res2]
260 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
261
262 if { [compare_acl_lists $new_acl_list $new_dir_acl MASK] != 0} {
263 putmsg stderr 0 \
264 "\t Test FAIL: lists do not match."
265 } else {
266 putmsg stdout 0 "\t Test PASS"
267 }
268 }
269
270 puts ""
271
272 # ------------------------------------------------------------------------
273 # b: Test the default ACL settings of (--xrwxrwx) are inherited by sub-dir
274
275 set tag "$TNAME{b}"
276 set ASSERTION "Test the default ACL settings of (--xrwxrwx) are inherited by sub-dir"
277 putmsg stdout 0 "$tag: $ASSERTION"
278
279 set sid {0 0}
280
281 # Set params relating to test file
282 set subdir "subdirB.[pid]"
283 set sdpath $BASEDIR/$dirname/$subdir
284
285 # Attempt to create the sub-dir and get its handle
286 set sdfh "[creatv4_dir $sdpath 777]"
287 if {$sdfh == $NULL} {
288 putmsg stderr 0 "\t Test FAIL: failed to create tmp subdir=($subdir)"
289 putmsg stderr 0 "\t\t status=($status)."
290 } else {
291 lappend dir_cont_list $subdir
292
293 # Read subdir ACL values
294 set res2 [compound {Putfh $sdfh; \
295 Getattr acl }]
296
297 ckres "Getattr acl again" $status $expcode $res2 $FAIL
298
299 set new_acl_list [extract_acl_list $res2]
300 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
301
302 if $IsZFS {
303 set exp_acl [ concat $inherited_acl_dir_owner_list_b \
304 $expected_dir_common_list ]
305 } else {
306 # The sub directory should have inherited the parents default
307 # ACL settings, as both its default and non-default settings.
308 set exp_acl [concat $acl_list $acl_list]
309 }
310 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
311
312 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
313 putmsg stderr 0 \
314 "\t Test FAIL: lists do not match."
315 } else {
316 putmsg stdout 0 "\t Test PASS"
317 }
318
319 puts ""
320
321 }
322
323 # ------------------------------------------------------------------------
324 # c: Test the default ACL settings of (--xrwxrwx) are inherited by sub-file
325
326 set tag "$TNAME{c}"
327 set ASSERTION "Test the default ACL settings of (--xrwxrwx) are inherited by sub-file"
328 putmsg stdout 0 "$tag: $ASSERTION"
329
330 set sid { 0 0}
331
332 # Set params relating to test sub-file
333 set subfile "subfileC.[pid]"
334 set sfpath $BASEDIR/$dirname/$subfile
335
336 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
337 # over-ridden by the parent dir's default ACL settings, and get its handle.
338 set sffh "[creatv4_file $sfpath 777]"
339 if {$sffh == $NULL } {
340 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
341 putmsg stderr 0 "\t\t status=($status)."
342 Disconnect
343 exit $UNRESOLVED
344 } else {
345
346 lappend dir_cont_list $subfile
347
348 # Read file ACL values
349 set res2 [compound {Putfh $sffh; \
350 Getattr acl }]
351
352 ckres "Getattr acl again" $status $expcode $res2 $FAIL
353
354 set new_acl_list [extract_acl_list $res2]
355 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
356
357 # The file should have inherited the parent directorys default
358 # ACL settings except for the DELETE_CHILD bitmask.
359 if $IsZFS {
360 set exp_acl [ concat $inherited_acl_file_owner_list_c \
361 $expected_file_common_list ]
362 } else {
363 set exp_acl [dir2file_aclmask $acl_list]
364 }
365 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
366
367 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
368 putmsg stderr 0 \
369 "\t Test FAIL: lists do not match."
370 } else {
371 putmsg stdout 0 "\t Test PASS"
372 }
373 }
374
375 puts ""
376
377 # ------------------------------------------------------------------------
378 # d: Test adding a default ACL of (-w-rwxrwx) to an existing directory
379
380 set tag "$TNAME{d}"
381 set ASSERTION "Test adding a default ACL of (-w-rwxrwx) to an existing directory"
382 putmsg stdout 0 "$tag: $ASSERTION"
383
384 set sid {0 0}
385
386 # Owner - allow write, deny r/x
387 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
388
389 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
390
391 if $IsZFS {
392 set inherited_owner_allow_mask $owner_allow_mask
393 set inherited_owner_deny_mask $owner_deny_mask
394
395 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs
396 # As we only concern the mask which will be compared, here we just set
397 # both TYPE and FLAG fields with 0.
398 lappend inherited_acl_dir_owner_list_e \
399 "0 0 $owner_allow_mask OWNER\@" \
400 "0 0 $inherited_owner_allow_mask OWNER\@" \
401 "0 0 $owner_deny_mask OWNER\@" \
402 "0 0 $inherited_owner_deny_mask OWNER\@"
403
404 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
405 lappend inherited_acl_file_owner_list_f \
406 "0 0 $inherited_owner_allow_mask OWNER\@" \
407 "0 0 $inherited_owner_deny_mask OWNER\@"
408 }
409
410 # Create the new ACL settings by replacing the appropriate entries.
411 #
412 # Order of entries in the list is as follows:
413 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
414 #
415 set acl_list $default_acl_list
416 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
417 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
418
419 set new_dir_acl [concat $initial_acl_list $acl_list]
420 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
421
422 # Set the new ACL values.
423 set res [compound {Putfh $dfh; \
424 Setattr $sid { {acl \
425 { $new_dir_acl } } } } ]
426
427 ckres "Setattr acl" $status $expcode $res $FAIL
428
429 # Re-read ACL values
430 set res2 [compound {Putfh $dfh; \
431 Getattr acl }]
432
433 ckres "Getattr acl again" $status $expcode $res2 $FAIL
434
435 if { $status == "OK" } {
436 set new_acl_list [extract_acl_list $res2]
437 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
438
439 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
440 putmsg stderr 0 \
441 "\t Test FAIL: lists do not match."
442 } else {
443 putmsg stdout 0 "\t Test PASS"
444 }
445 }
446
447 puts ""
448
449 # ------------------------------------------------------------------------
450 # e: Test the default ACL settings are inherited by sub-dir (-w-rwxrwx)
451
452 set tag "$TNAME{e}"
453 set ASSERTION "Test the default ACL settings of (-w-rwxrwx) are inherited by sub-dir"
454 putmsg stdout 0 "$tag: $ASSERTION"
455
456 set sid {0 0}
457
458 # Set params relating to test sub-dir
459 set subdir "subdirE.[pid]"
460 set sdpath $BASEDIR/$dirname/$subdir
461
462 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
463 # over-ridden by the parent dir's default ACL settings, and get its handle.
464 set sdfh "[creatv4_dir $sdpath 777]"
465 if {$sdfh == $NULL} {
466 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
467 putmsg stderr 0 "\t\t status=($status)."
468 Disconnect
469 exit $UNRESOLVED
470 } else {
471
472 lappend dir_cont_list $subdir
473
474 # Read dir ACL values
475 set res2 [compound {Putfh $sdfh; \
476 Getattr acl }]
477
478 ckres "Getattr acl again" $status $expcode $res2 $FAIL
479
480 set new_acl_list [extract_acl_list $res2]
481 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
482
483 # The sub directory should have inherited the parents default
484 # ACL settings, as both its default and non-default settings.
485 if $IsZFS {
486 set exp_acl [ concat $inherited_acl_dir_owner_list_e \
487 $expected_dir_common_list ]
488 } else {
489 set exp_acl [concat $acl_list $acl_list]
490 }
491 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
492
493 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
494 putmsg stderr 0 \
495 "\t Test FAIL: lists do not match."
496 } else {
497 putmsg stdout 0 "\t Test PASS"
498 }
499 }
500
501 puts ""
502
503 # ------------------------------------------------------------------------
504 # f: Test the default ACL settings of (-w-rwxrwx) are inherited by sub-file
505
506 set tag "$TNAME{f}"
507 set ASSERTION "Test the default ACL settings of (-w-rwxrwx) are inherited by sub-file"
508 putmsg stdout 0 "$tag: $ASSERTION"
509
510 set sid { 0 0}
511
512 # Set params relating to test sub-file
513 set subfile "subfileF.[pid]"
514 set sfpath $BASEDIR/$dirname/$subfile
515
516 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
517 # over-ridden by the parent dir's default ACL settings, and get its handle.
518 set sffh "[creatv4_file $sfpath 777]"
519 if {$sffh == $NULL } {
520 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
521 putmsg stderr 0 "\t\t status=($status)."
522 Disconnect
523 exit $UNRESOLVED
524 } else {
525
526 lappend dir_cont_list $subfile
527
528 # Read file ACL values
529 set res2 [compound {Putfh $sffh; \
530 Getattr acl }]
531
532 ckres "Getattr acl again" $status $expcode $res2 $FAIL
533
534 set new_acl_list [extract_acl_list $res2]
535 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
536
537 if $IsZFS {
538 # The file should have inherited the parent directorys acl
539 set exp_acl [ concat $inherited_acl_file_owner_list_f \
540 $expected_file_common_list ]
541 } else {
542 # The file should have inherited the parent directorys default
543 # ACL settings except for the DELETE_CHILD bitmask.
544 set exp_acl [dir2file_aclmask $acl_list]
545 }
546 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
547
548 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
549 putmsg stderr 0 \
550 "\t Test FAIL: lists do not match."
551 } else {
552 putmsg stdout 0 "\t Test PASS"
553 }
554 }
555
556 puts ""
557
558 # ------------------------------------------------------------------------
559 # g: Test adding a default ACL of (r--rwxrwx) to an existing directory
560
561 set tag "$TNAME{g}"
562 set ASSERTION "Test adding a default ACL of (r--rwxrwx) to an existing directory"
563 putmsg stdout 0 "$tag: $ASSERTION"
564
565 set sid {0 0}
566
567 # Owner - allow read, deny wx
568 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL ] ]
569
570 set owner_deny_mask [ aclmask [ concat $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
571
572 if $IsZFS {
573 set inherited_owner_allow_mask $owner_allow_mask
574 set inherited_owner_deny_mask $owner_deny_mask
575
576 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs
577 # As we only concern the mask which will be compared, here we just set
578 # both TYPE and FLAG fields with 0.
579 lappend inherited_acl_dir_owner_list_h \
580 "0 0 $owner_allow_mask OWNER\@" \
581 "0 0 $inherited_owner_allow_mask OWNER\@" \
582 "0 0 $owner_deny_mask OWNER\@" \
583 "0 0 $inherited_owner_deny_mask OWNER\@"
584
585 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
586 lappend inherited_acl_file_owner_list_i \
587 "0 0 $inherited_owner_allow_mask OWNER\@" \
588 "0 0 $inherited_owner_deny_mask OWNER\@"
589 }
590
591 #
592 # Break the string returned from the Geattr acl command into
593 # a list and then extract the actual ACL settings.
594 #
595 set acl_list [extract_acl_list $initial_acl]
596
597 # Create the new ACL settings by replacing the appropriate entries.
598 #
599 # Order of entries in the list is as follows:
600 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
601 #
602 set acl_list $default_acl_list
603 set acl_list [lreplace $acl_list 0 0 "0 b $owner_allow_mask OWNER\@"]
604 set acl_list [lreplace $acl_list 1 1 "1 b $owner_deny_mask OWNER\@"]
605
606 set new_dir_acl [concat $initial_acl_list $acl_list]
607 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
608
609 # Set the new ACL values.
610 set res [compound {Putfh $dfh; \
611 Setattr $sid { {acl \
612 { $new_dir_acl } } } } ]
613
614 ckres "Setattr acl" $status $expcode $res $FAIL
615
616 # Re-read ACL values
617 set res2 [compound {Putfh $dfh; \
618 Getattr acl }]
619
620 ckres "Getattr acl again" $status $expcode $res2 $FAIL
621
622 if { $status == "OK" } {
623 set new_acl_list [extract_acl_list $res2]
624 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
625
626 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
627 putmsg stderr 0 \
628 "\t Test FAIL: lists do not match."
629 } else {
630 putmsg stdout 0 "\t Test PASS"
631 }
632 }
633
634 puts ""
635
636 # ------------------------------------------------------------------------
637 # h: Test the default ACL settings of (r--rwxrwx) are inherited by sub-dir
638
639 set tag "$TNAME{h}"
640 set ASSERTION "Test the default ACL settings of (r--rwxrwx) are inherited by sub-dir"
641 putmsg stdout 0 "$tag: $ASSERTION"
642
643 set sid {0 0}
644
645 # Set params relating to test file
646 set subdir "subdirH.[pid]"
647 set sdpath $BASEDIR/$dirname/$subdir
648
649 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
650 # over-ridden by the parent dir's default ACL settings, and get its handle.
651 set sdfh "[creatv4_dir $sdpath 777]"
652 if {$sdfh == $NULL} {
653 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
654 putmsg stderr 0 "\t\t status=($status)."
655 Disconnect
656 exit $UNRESOLVED
657 } else {
658
659 lappend dir_cont_list $subdir
660
661 # Read dir ACL values
662 set res2 [compound {Putfh $sdfh; \
663 Getattr acl }]
664
665 ckres "Getattr acl again" $status $expcode $res2 $FAIL
666
667 set new_acl_list [extract_acl_list $res2]
668 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
669
670 # The sub directory should have inherited the parents default
671 # ACL settings, as both its default and non-default settings.
672 if $IsZFS {
673 set exp_acl [ concat $inherited_acl_dir_owner_list_h \
674 $expected_dir_common_list ]
675 } else {
676 set exp_acl [concat $acl_list $acl_list]
677 }
678 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
679
680 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
681 putmsg stderr 0 \
682 "\t Test FAIL: lists do not match."
683 } else {
684 putmsg stdout 0 "\t Test PASS"
685 }
686
687 puts ""
688 }
689
690 # ------------------------------------------------------------------------
691 # I: Test the default ACL settings of (r--rwxrwx) are inherited by sub-file
692
693 set tag "$TNAME{i}"
694 set ASSERTION "Test the default ACL settings of (r--rwxrwx) are inherited by sub-file"
695 putmsg stdout 0 "$tag: $ASSERTION"
696
697 set sid { 0 0}
698
699 # Set params relating to test sub-file
700 set subfile "subfileI.[pid]"
701 set sfpath $BASEDIR/$dirname/$subfile
702
703 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
704 # over-ridden by the parent dir's default ACL settings, and get its handle.
705 set sffh "[creatv4_file $sfpath 777]"
706 if {$sffh == $NULL } {
707 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
708 putmsg stderr 0 "\t\t status=($status)."
709 Disconnect
710 exit $UNRESOLVED
711 } else {
712
713 lappend dir_cont_list $subfile
714
715 # Read file ACL values
716 set res2 [compound {Putfh $sffh; \
717 Getattr acl }]
718
719 ckres "Getattr acl again" $status $expcode $res2 $FAIL
720
721 set new_acl_list [extract_acl_list $res2]
722 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
723
724 if $IsZFS {
725 # The file should have inherited the parent directorys ACL
726 set exp_acl [ concat $inherited_acl_file_owner_list_i \
727 $expected_file_common_list ]
728 } else {
729 # The file should have inherited the parent directorys default
730 # ACL settings except for the DELETE_CHILD bitmask.
731 set exp_acl [dir2file_aclmask $acl_list]
732 }
733 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
734
735 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
736 putmsg stderr 0 \
737 "\t Test FAIL: lists do not match."
738 } else {
739 putmsg stdout 0 "\t Test PASS"
740 }
741 }
742
743 puts ""
744
745 #
746 # Final Cleanup - remove all the sub-files and sub-dirs first
747 # then the parent directory.
748 #
749 set tag "$TNAME-sub-cleanup"
750 remove_dir_entries $dfh $dir_cont_list
751
752 set tag "$TNAME-cleanup"
753 set res3 [compound {Putfh $bfh; Remove $dirname}]
754 if {$status != "OK"} {
755 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
756 putmsg stderr 0 "\t status=$status; please cleanup manually."
757 putmsg stderr 1 "\t res=($res3)"
758 putmsg stderr 1 " "
759 }
760
761 Disconnect
762 exit $PASS