1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (rwx-wxrwx) to an existing directory
29 # b: Test the default ACL settings of (rwx-wxrwx) are inherited by sub-dir
30 # c: Test the default ACL settings of (rwx-wxrwx) are inherited by sub-file
31 # d: Test adding a default ACL of (rwxr-xrwx) to an existing directory
32 # e: Test the default ACL settings of (rwxr-xrwx) are inherited by sub-dir
33 # f: Test the default ACL settings of (rwxr-xrwx) are inherited by sub-file
34 # g: Test adding a default ACL of (rwxrw-rwx) to an existing directory
35 # h: Test the default ACL settings of (rwxrw-rwx) are inherited by sub-dir
36 # i: Test the default ACL settings of (rwxrw-rwx) are inherited by sub-file
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51 set dir_cont_list ""
52
53 set POSIX_READ_ACL $env(POSIX_READ_ACL)
54 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
55 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
56 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
57 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
58 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
59 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
60
61 # Get handle for base directory
62 set bfh [get_fh "$BASEDIRS"]
63
64 # Set params relating to test file
65 set dirname "newdir.[pid]"
66 set dpath [file join ${BASEDIR} ${dirname}]
67
68 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
69 set dfh "[creatv4_dir $dpath 777]"
70 if {$dfh == $NULL} {
71 putmsg stdout 0 "$TNAME: test setup"
72 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
73 putmsg stderr 0 "\t\t status=($status)."
74 Disconnect
75 exit $UNRESOLVED
76 }
77
78 # get the initial non-default ACL settings.
79 set initial_acl [compound {Putfh $dfh; \
80 Getattr acl }]
81
82 if {$status != "OK"} {
83 putmsg stdout 0 "$TNAME: test setup"
84 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
85 putmsg stderr 0 "\t\t status=($status)."
86 Disconnect
87 exit $UNRESOLVED
88 }
89
90 #
91 # Break the string returned from the Geattr acl command into
92 # a list and then extract the actual ACL settings.
93 #
94 set initial_acl_list [extract_acl_list $initial_acl]
95
96 set sid {0 0}
97
98 # Default Dir ACL settings
99 #
100 # Owner - allow rwx
101 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
102 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
103
104 set dir_owner_deny_mask 0
105
106 # Group - allow rwx
107 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
108 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
109
110 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
111
112 # Other - allow rwx
113 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
114 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
115
116 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
117
118 if $IsZFS {
119 set inherited_owner_allow_mask $dir_owner_allow_mask
120 set inherited_owner_deny_mask $dir_owner_deny_mask
121 set inherited_other_allow_mask $dir_other_allow_mask
122 set inherited_other_deny_mask $dir_other_deny_mask
123
124 # in all sub-assertions, we only change "GROUP@" ACEs
125 # so other ACEs (OWNER and EVERYONE) are the same.
126 lappend inherited_owner_dir_common_list \
127 "0 0 $dir_owner_allow_mask OWNER@" \
128 "0 0 $inherited_owner_allow_mask OWNER@" \
129 "0 0 $dir_owner_deny_mask OWNER@" \
130 "0 0 $inherited_owner_deny_mask OWNER@"
131
132 lappend inherited_owner_file_common_list \
133 "0 0 $inherited_owner_allow_mask OWNER@" \
134 "0 0 $inherited_owner_deny_mask OWNER@"
135
136 lappend inherited_other_dir_common_list \
137 "0 0 $dir_other_allow_mask EVERYONE@" \
138 "0 0 $inherited_other_allow_mask EVERYONE@" \
139 "0 0 $dir_other_deny_mask EVERYONE@" \
140 "0 0 $inherited_other_deny_mask EVERYONE@"
141
142 lappend inherited_other_file_common_list \
143 "0 0 $inherited_other_allow_mask EVERYONE@" \
144 "0 0 $inherited_other_deny_mask EVERYONE@"
145 }
146
147 # Create the new ACL settings by appending the appropriate default
148 # ACL entries.
149 #
150 # Order of entries in the list is as follows:
151 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
152 #
153 # Set the default ACL's
154
155 set acl_list $initial_acl_list
156 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
157 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
158 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
159 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
160 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
161 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
162 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
163
164 set dir_acl_list [concat $initial_acl_list $default_acl_list]
165 putmsg stderr 1 "$TNAME: new dir ACL : $dir_acl_list"
166
167 # Set the new ACL values.
168 set res [compound {Putfh $dfh; \
169 Setattr $sid { {acl \
170 { $dir_acl_list } } } } ]
171
172 ckres "Setattr acl" $status $expcode $res $FAIL
173
174 # Re-read ACL values
175 set res2 [compound {Putfh $dfh; \
176 Getattr acl }]
177
178 ckres "Getattr acl again" $status $expcode $res2 $FAIL
179
180 if { $status == "OK" } {
181 set new_acl_list [extract_acl_list $res2]
182
183 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
184 putmsg stderr 0 \
185 "\t Test FAIL: default ACL setting incorrect"
186 Disconnect
187 exit $FAIL
188
189 }
190 }
191
192 puts ""
193
194 # Start testing
195 # ------------------------------------------------------------------------
196 # a: Test adding a default ACL of (rwx-wxrwx) to an existing directory
197
198 set tag "$TNAME{a}"
199 set ASSERTION "Test adding a default ACL of (rwx-wxrwx) to an existing directory"
200 putmsg stdout 0 "$tag: $ASSERTION"
201
202 set sid {0 0}
203
204 # Group - deny r, allow wx
205 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL \
206 $POSIX_EXECUTE_ACL ] ]
207
208 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
209
210 if $IsZFS {
211 set inherited_group_allow_mask $group_allow_mask
212 set inherited_group_deny_mask $group_deny_mask
213
214 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
215 # As we only concern the mask which will be compared, here we just set
216 # both TYPE and FLAG fields with 0.
217 lappend inherited_acl_dir_group_list_b \
218 "0 0 $group_deny_mask GROUP\@" \
219 "0 0 $inherited_group_deny_mask GROUP\@" \
220 "0 0 $group_allow_mask GROUP\@" \
221 "0 0 $inherited_group_allow_mask GROUP\@" \
222 "0 0 $group_deny_mask GROUP\@" \
223 "0 0 $inherited_group_deny_mask GROUP\@"
224
225 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
226 lappend inherited_acl_file_group_list_c \
227 "0 0 $inherited_group_deny_mask GROUP\@" \
228 "0 0 $inherited_group_allow_mask GROUP\@" \
229 "0 0 $inherited_group_deny_mask GROUP\@"
230 }
231
232 # Create the new ACL settings by replacing the appropriate entries.
233 #
234 # Order of entries in the list is as follows:
235 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
236 #
237 set acl_list $default_acl_list
238 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
239 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
240 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
241
242 set new_dir_acl [concat $initial_acl_list $acl_list]
243 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
244
245 # Set the new ACL values.
246 set res [compound {Putfh $dfh; \
247 Setattr $sid { {acl \
248 { $new_dir_acl } } } } ]
249
250 ckres "Setattr acl" $status $expcode $res $FAIL
251
252 # Re-read ACL values
253 set res2 [compound {Putfh $dfh; \
254 Getattr acl }]
255
256 ckres "Getattr acl again" $status $expcode $res2 $FAIL
257
258 if { $status == "OK" } {
259 set new_acl_list [extract_acl_list $res2]
260 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
261
262 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
263 putmsg stderr 0 \
264 "\t Test FAIL: lists do not match."
265 } else {
266 putmsg stdout 0 "\t Test PASS"
267 }
268 }
269
270 puts ""
271
272 # ------------------------------------------------------------------------
273 # b: Test the default ACL settings are inherited by sub-dir (rwx-wxrwx)
274
275 set tag "$TNAME{b}"
276 set ASSERTION "Test the default ACL settings of (rwx-wxrwx) are inherited by sub-dir"
277 putmsg stdout 0 "$tag: $ASSERTION"
278
279 set sid {0 0}
280
281 # Set params relating to test sub-dir
282 set subdir "subdirB.[pid]"
283 set sdpath $BASEDIR/$dirname/$subdir
284
285 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
286 # over-ridden by the parent dir's default ACL settings, and get its handle.
287 set sdfh "[creatv4_dir $sdpath 777]"
288 if {$sdfh == $NULL} {
289 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
290 putmsg stderr 0 "\t\t status=($status)."
291 Disconnect
292 exit $UNRESOLVED
293 } else {
294 lappend dir_cont_list $subdir
295
296 # Read dir ACL values
297 set res2 [compound {Putfh $sdfh; \
298 Getattr acl }]
299
300 ckres "Getattr acl again" $status $expcode $res2 $FAIL
301
302 set new_acl_list [extract_acl_list $res2]
303 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
304
305 # The sub directory should have inherited the parents default
306 # ACL settings, as both its default and non-default settings.
307 if $IsZFS {
308 set exp_acl [ concat $inherited_owner_dir_common_list \
309 $inherited_acl_dir_group_list_b \
310 $inherited_other_dir_common_list \
311 $initial_acl_list]
312 } else {
313 set exp_acl [concat $acl_list $acl_list]
314 }
315 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
316
317 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
318 putmsg stderr 0 \
319 "\t Test FAIL: lists do not match."
320 } else {
321 putmsg stdout 0 "\t Test PASS"
322 }
323 }
324
325 puts ""
326
327 # ------------------------------------------------------------------------
328 # c: Test the default ACL settings are inherited by sub-file (rwx-wxrwx)
329
330 set tag "$TNAME{c}"
331 set ASSERTION "Test the default ACL settings are inherited by sub-file (rwx-wxrwx)"
332 putmsg stdout 0 "$tag: $ASSERTION"
333
334 set sid { 0 0}
335
336 # Set params relating to test sub-file
337 set subfile "subfileC.[pid]"
338 set sfpath $BASEDIR/$dirname/$subfile
339
340 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
341 # over-ridden by the parent dir's default ACL settings, and get its handle.
342 set sffh "[creatv4_file $sfpath 777]"
343 if {$sffh == $NULL } {
344 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
345 putmsg stderr 0 "\t\t status=($status)."
346 Disconnect
347 exit $UNRESOLVED
348 } else {
349
350 lappend dir_cont_list $subfile
351
352 # Read file ACL values
353 set res2 [compound {Putfh $sffh; \
354 Getattr acl }]
355
356 ckres "Getattr acl again" $status $expcode $res2 $FAIL
357
358 set new_acl_list [extract_acl_list $res2]
359 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
360
361 if $IsZFS {
362 # The file should have inherited the parent directorys ACL
363 set exp_acl [ concat $inherited_owner_file_common_list \
364 $inherited_acl_file_group_list_c \
365 $inherited_other_file_common_list \
366 $initial_acl_list]
367 } else {
368 # The file should have inherited the parent directorys default
369 # ACL settings except for the DELETE_CHILD bitmask.
370 set exp_acl [dir2file_aclmask $acl_list]
371 }
372 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
373
374 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
375 putmsg stderr 0 \
376 "\t Test FAIL: lists do not match."
377 } else {
378 putmsg stdout 0 "\t Test PASS"
379 }
380 }
381
382 puts ""
383
384 # ------------------------------------------------------------------------
385 # d: Test adding a default ACL of (rwxr-xrwx) to an existing directory
386
387 set tag "$TNAME{d}"
388 set ASSERTION "Test adding a default ACL of (rwxr-xrwx) to an existing directory"
389 putmsg stdout 0 "$tag: $ASSERTION"
390
391 set sid {0 0}
392
393 # Group - allow r/x, deny w
394 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
395 $POSIX_EXECUTE_ACL ] ]
396
397 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL ] ]
398
399 if $IsZFS {
400 set inherited_group_allow_mask $group_allow_mask
401 set inherited_group_deny_mask $group_deny_mask
402
403 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs
404 # As we only concern the mask which will be compared, here we just set
405 # both TYPE and FLAG fields with 0.
406 lappend inherited_acl_dir_group_list_e \
407 "0 0 $group_deny_mask GROUP\@" \
408 "0 0 $inherited_group_deny_mask GROUP\@" \
409 "0 0 $group_allow_mask GROUP\@" \
410 "0 0 $inherited_group_allow_mask GROUP\@" \
411 "0 0 $group_deny_mask GROUP\@" \
412 "0 0 $inherited_group_deny_mask GROUP\@"
413
414 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
415 lappend inherited_acl_file_group_list_f \
416 "0 0 $inherited_group_deny_mask GROUP\@" \
417 "0 0 $inherited_group_allow_mask GROUP\@" \
418 "0 0 $inherited_group_deny_mask GROUP\@"
419 }
420
421 #
422 # Break the string returned from the Geattr acl command into
423 # a list and then extract the actual ACL settings.
424 #
425 set acl_list [extract_acl_list $initial_acl]
426
427 # Create the new ACL settings by replacing the appropriate entries.
428 #
429 # Order of entries in the list is as follows:
430 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
431 #
432 set acl_list $default_acl_list
433 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
434 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
435 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
436
437 set new_dir_acl [concat $initial_acl_list $acl_list]
438 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
439
440 # Set the new ACL values.
441 set res [compound {Putfh $dfh; \
442 Setattr $sid { {acl \
443 { $new_dir_acl } } } } ]
444
445 ckres "Setattr acl" $status $expcode $res $FAIL
446
447 # Re-read ACL values
448 set res2 [compound {Putfh $dfh; \
449 Getattr acl }]
450
451 ckres "Getattr acl again" $status $expcode $res2 $FAIL
452
453 if { $status == "OK" } {
454 set new_acl_list [extract_acl_list $res2]
455 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
456
457 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
458 putmsg stderr 0 \
459 "\t Test FAIL: lists do not match."
460 } else {
461 putmsg stdout 0 "\t Test PASS"
462 }
463 }
464
465 puts ""
466
467 # ------------------------------------------------------------------------
468 # e: Test the default ACL settings of (rwxr-xrwx) are inherited by sub-dir
469
470 set tag "$TNAME{e}"
471 set ASSERTION "Test the default ACL settings of (rwxr-xrwx) are inherited by sub-dir"
472 putmsg stdout 0 "$tag: $ASSERTION"
473
474 set sid {0 0}
475
476 # Set params relating to test file
477 set subdir "subdirE.[pid]"
478 set sdpath $BASEDIR/$dirname/$subdir
479
480 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
481 # over-ridden by the parent dir's default ACL settings, and get its handle.
482 set sdfh "[creatv4_dir $sdpath 777]"
483 if {$sdfh == $NULL} {
484 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
485 putmsg stderr 0 "\t\t status=($status)."
486 Disconnect
487 exit $UNRESOLVED
488 } else {
489 lappend dir_cont_list $subdir
490
491 # Read dir ACL values
492 set res2 [compound {Putfh $sdfh; \
493 Getattr acl }]
494
495 ckres "Getattr acl again" $status $expcode $res2 $FAIL
496
497 set new_acl_list [extract_acl_list $res2]
498 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
499
500 # The sub directory should have inherited the parents default
501 # ACL settings, as both its default and non-default settings.
502 if $IsZFS {
503 set exp_acl [ concat $inherited_owner_dir_common_list \
504 $inherited_acl_dir_group_list_e \
505 $inherited_other_dir_common_list \
506 $initial_acl_list]
507 } else {
508 set exp_acl [concat $acl_list $acl_list]
509 }
510 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
511
512 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
513 putmsg stderr 0 \
514 "\t Test FAIL: lists do not match."
515 } else {
516 putmsg stdout 0 "\t Test PASS"
517 }
518
519 puts ""
520 }
521
522 # ------------------------------------------------------------------------
523 # f: Test the default ACL settings are inherited by sub-file (rwxr-xrwx)
524
525 set tag "$TNAME{f}"
526 set ASSERTION "Test the default ACL settings are inherited by sub-file (rwxr-xrwx)"
527 putmsg stdout 0 "$tag: $ASSERTION"
528
529 set sid { 0 0}
530
531 # Set params relating to test sub-file
532 set subfile "subfileF.[pid]"
533 set sfpath $BASEDIR/$dirname/$subfile
534
535 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
536 # over-ridden by the parent dir's default ACL settings, and get its handle.
537 set sffh "[creatv4_file $sfpath 777]"
538 if {$sffh == $NULL } {
539 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
540 putmsg stderr 0 "\t\t status=($status)."
541 Disconnect
542 exit $UNRESOLVED
543 } else {
544
545 lappend dir_cont_list $subfile
546
547 # Read file ACL values
548 set res2 [compound {Putfh $sffh; \
549 Getattr acl }]
550
551 ckres "Getattr acl again" $status $expcode $res2 $FAIL
552
553 set new_acl_list [extract_acl_list $res2]
554 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
555
556 if $IsZFS {
557 # The file should have inherited the parent directorys ACL
558 set exp_acl [ concat $inherited_owner_file_common_list \
559 $inherited_acl_file_group_list_f \
560 $inherited_other_file_common_list \
561 $initial_acl_list]
562 } else {
563 # The file should have inherited the parent directorys default
564 # ACL settings except for the DELETE_CHILD bitmask.
565 set exp_acl [dir2file_aclmask $acl_list]
566 }
567 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
568
569 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
570 putmsg stderr 0 \
571 "\t Test FAIL: lists do not match."
572 } else {
573 putmsg stdout 0 "\t Test PASS"
574 }
575 }
576
577 puts ""
578
579 # ------------------------------------------------------------------------
580 # g: Test adding a default ACL of (rwxrw-rwx) to an existing directory
581
582 set tag "$TNAME{g}"
583 set ASSERTION "Test adding a default ACL of (rwxrw-rwx) to an existing directory"
584 putmsg stdout 0 "$tag: $ASSERTION"
585
586 set sid {0 0}
587
588 # Group - allow rw, deny x
589 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
590 $POSIX_WRITE_DIR_ACL ] ]
591
592 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
593
594 if $IsZFS {
595 set inherited_group_allow_mask $group_allow_mask
596 set inherited_group_deny_mask $group_deny_mask
597
598 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs
599 # As we only concern the mask which will be compared, here we just set
600 # both TYPE and FLAG fields with 0.
601 lappend inherited_acl_dir_group_list_h \
602 "0 0 $group_deny_mask GROUP\@" \
603 "0 0 $inherited_group_deny_mask GROUP\@" \
604 "0 0 $group_allow_mask GROUP\@" \
605 "0 0 $inherited_group_allow_mask GROUP\@" \
606 "0 0 $group_deny_mask GROUP\@" \
607 "0 0 $inherited_group_deny_mask GROUP\@"
608
609 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
610 lappend inherited_acl_file_group_list_i \
611 "0 0 $inherited_group_deny_mask GROUP\@" \
612 "0 0 $inherited_group_allow_mask GROUP\@" \
613 "0 0 $inherited_group_deny_mask GROUP\@"
614 }
615
616 #
617 # Break the string returned from the Geattr acl command into
618 # a list and then extract the actual ACL settings.
619 #
620 set acl_list [extract_acl_list $initial_acl]
621
622 # Create the new ACL settings by replacing the appropriate entries.
623 #
624 # Order of entries in the list is as follows:
625 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
626 #
627 set acl_list $default_acl_list
628 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
629 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
630 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
631
632 set new_dir_acl [concat $initial_acl_list $acl_list]
633 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
634
635 # Set the new ACL values.
636 set res [compound {Putfh $dfh; \
637 Setattr $sid { {acl \
638 { $new_dir_acl } } } } ]
639
640 ckres "Setattr acl" $status $expcode $res $FAIL
641
642 # Re-read ACL values
643 set res2 [compound {Putfh $dfh; \
644 Getattr acl }]
645
646 ckres "Getattr acl again" $status $expcode $res2 $FAIL
647
648 if { $status == "OK" } {
649 set new_acl_list [extract_acl_list $res2]
650 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
651
652 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
653 putmsg stderr 0 \
654 "\t Test FAIL: lists do not match."
655 } else {
656 putmsg stdout 0 "\t Test PASS"
657 }
658 }
659
660 puts ""
661
662 # ------------------------------------------------------------------------
663 # h: Test the default ACL settings of (rwxrw-rwx) are inherited by sub-dir
664
665 set tag "$TNAME{h}"
666 set ASSERTION "Test the default ACL settings of (rwxrw-rwx) are inherited by sub-dir"
667 putmsg stdout 0 "$tag: $ASSERTION"
668
669 set sid {0 0}
670
671 # Set params relating to test file
672 set subdir "subdirH.[pid]"
673 set sdpath $BASEDIR/$dirname/$subdir
674
675 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
676 # over-ridden by the parent dir's default ACL settings, and get its handle.
677 set sdfh "[creatv4_dir $sdpath 777]"
678 if {$sdfh == $NULL} {
679 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
680 putmsg stderr 0 "\t\t status=($status)."
681 Disconnect
682 exit $UNRESOLVED
683 } else {
684 lappend dir_cont_list $subdir
685
686 # Read dir ACL values
687 set res2 [compound {Putfh $sdfh; \
688 Getattr acl }]
689
690 ckres "Getattr acl again" $status $expcode $res2 $FAIL
691
692 set new_acl_list [extract_acl_list $res2]
693 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
694
695 # The sub directory should have inherited the parents default
696 # ACL settings, as both its default and non-default settings.
697 if $IsZFS {
698 set exp_acl [ concat $inherited_owner_dir_common_list \
699 $inherited_acl_dir_group_list_h \
700 $inherited_other_dir_common_list \
701 $initial_acl_list]
702 } else {
703 set exp_acl [concat $acl_list $acl_list]
704 }
705 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
706
707 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
708 putmsg stderr 0 \
709 "\t Test FAIL: lists do not match."
710 } else {
711 putmsg stdout 0 "\t Test PASS"
712 }
713
714 puts ""
715 }
716
717 # ------------------------------------------------------------------------
718 # i: Test the default ACL settings are inherited by sub-file (rwxrw-rwx)
719
720 set tag "$TNAME{i}"
721 set ASSERTION "Test the default ACL settings are inherited by sub-file (rwxrw-rwx)"
722 putmsg stdout 0 "$tag: $ASSERTION"
723
724 set sid { 0 0}
725
726 # Set params relating to test sub-file
727 set subfile "subfileI.[pid]"
728 set sfpath $BASEDIR/$dirname/$subfile
729
730 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
731 # over-ridden by the parent dir's default ACL settings, and get its handle.
732 set sffh "[creatv4_file $sfpath 777]"
733 if {$sffh == $NULL } {
734 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
735 putmsg stderr 0 "\t\t status=($status)."
736 Disconnect
737 exit $UNRESOLVED
738 } else {
739
740 lappend dir_cont_list $subfile
741
742 # Read file ACL values
743 set res2 [compound {Putfh $sffh; \
744 Getattr acl }]
745
746 ckres "Getattr acl again" $status $expcode $res2 $FAIL
747
748 set new_acl_list [extract_acl_list $res2]
749 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
750
751 if $IsZFS {
752 # The file should have inherited the parent directorys ACL
753 set exp_acl [ concat $inherited_owner_file_common_list \
754 $inherited_acl_file_group_list_i \
755 $inherited_other_file_common_list \
756 $initial_acl_list]
757 } else {
758 # The file should have inherited the parent directorys default
759 # ACL settings except for the DELETE_CHILD bitmask.
760 set exp_acl [dir2file_aclmask $acl_list]
761 }
762 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
763
764 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
765 putmsg stderr 0 \
766 "\t Test FAIL: lists do not match."
767 } else {
768 putmsg stdout 0 "\t Test PASS"
769 }
770 }
771
772 puts ""
773
774 #
775 # Final Cleanup - remove all the sub-files and sub-dirs first
776 # then the parent directory.
777 #
778 set tag "$TNAME-sub-cleanup"
779
780 remove_dir_entries $dfh $dir_cont_list
781
782 set tag "$TNAME-cleanup"
783 set res3 [compound {Putfh $bfh; Remove $dirname}]
784 if {$status != "OK"} {
785 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
786 putmsg stderr 0 "\t status=$status; please cleanup manually."
787 putmsg stderr 1 "\t res=($res3)"
788 putmsg stderr 1 " "
789 }
790
791 Disconnect
792 exit $PASS