1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (rwx--xrwx) to an existing directory
29 # b: Test the default ACL settings of (rwx--xrwx) are inherited by sub-dir
30 # c: Test the default ACL settings of (rwx--xrwx) are inherited by sub-dir
31 # d: Test adding a default ACL of (rwx-w-rwx) to an existing directory
32 # e: Test the default ACL settings of (rwx-w-rwx) are inherited by sub-dir
33 # f: Test the default ACL settings of (rwx-w-rwx) are inherited by sub-dir
34 # g: Test adding a default ACL of (rwxr--rwx) to an existing directory
35 # h: Test the default ACL settings of (rwxr--rwx) are inherited by sub-dir
36 # i: Test the default ACL settings of (rwxr--rwx) are inherited by sub-dir
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51 set dir_cont_list ""
52
53 set POSIX_READ_ACL $env(POSIX_READ_ACL)
54 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
55 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
56 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
57 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
58 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
59 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
60
61 # Get handle for base directory
62 set bfh [get_fh "$BASEDIRS"]
63
64 # Set params relating to test file
65 set dirname "newdir.[pid]"
66 set dpath [file join ${BASEDIR} ${dirname}]
67
68 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
69 set dfh "[creatv4_dir $dpath 777]"
70 if {$dfh == $NULL} {
71 putmsg stdout 0 "$TNAME: test setup"
72 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
73 putmsg stderr 0 "\t\t status=($status)."
74 Disconnect
75 exit $UNRESOLVED
76 }
77
78 # get the initial non-default ACL settings.
79 set initial_acl [compound {Putfh $dfh; \
80 Getattr acl }]
81
82 if {$status != "OK"} {
83 putmsg stdout 0 "$TNAME: test setup"
84 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
85 putmsg stderr 0 "\t\t status=($status)."
86 Disconnect
87 exit $UNRESOLVED
88 }
89
90 #
91 # Break the string returned from the Geattr acl command into
92 # a list and then extract the actual ACL settings.
93 #
94 set initial_acl_list [extract_acl_list $initial_acl]
95
96 set sid {0 0}
97
98 # Default Dir ACL settings
99 #
100 # Owner - allow rwx
101 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
102 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
103
104 set dir_owner_deny_mask 0
105
106 # Group - allow rwx
107 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
108 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
109
110 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
111
112 # Other - allow rwx
113 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
114 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
115
116 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
117
118 if $IsZFS {
119 set inherited_owner_allow_mask $dir_owner_allow_mask
120 set inherited_owner_deny_mask $dir_owner_deny_mask
121 set inherited_other_allow_mask $dir_other_allow_mask
122 set inherited_other_deny_mask $dir_other_deny_mask
123
124 # in all sub-assertions, we only change "GROUP@" ACEs
125 # so other ACEs (OWNER and EVERYONE) are the same.
126 lappend inherited_owner_dir_common_list \
127 "0 0 $dir_owner_allow_mask OWNER@" \
128 "0 0 $inherited_owner_allow_mask OWNER@" \
129 "0 0 $dir_owner_deny_mask OWNER@" \
130 "0 0 $inherited_owner_deny_mask OWNER@"
131
132 lappend inherited_owner_file_common_list \
133 "0 0 $inherited_owner_allow_mask OWNER@" \
134 "0 0 $inherited_owner_deny_mask OWNER@"
135
136 lappend inherited_other_dir_common_list \
137 "0 0 $dir_other_allow_mask EVERYONE@" \
138 "0 0 $inherited_other_allow_mask EVERYONE@" \
139 "0 0 $dir_other_deny_mask EVERYONE@" \
140 "0 0 $inherited_other_deny_mask EVERYONE@"
141
142 lappend inherited_other_file_common_list \
143 "0 0 $inherited_other_allow_mask EVERYONE@" \
144 "0 0 $inherited_other_deny_mask EVERYONE@"
145 }
146
147 # Create the new ACL settings by appending the appropriate default
148 # ACL entries.
149 #
150 # Order of entries in the list is as follows:
151 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
152 #
153 # Set the default ACL's
154
155 set acl_list $initial_acl_list
156 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
157 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
158 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
159 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
160 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
161 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
162 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
163
164 set dir_acl_list [concat $initial_acl_list $default_acl_list]
165 putmsg stderr 1 "$TNAME: new dir ACL : $dir_acl_list"
166
167 # Set the new ACL values.
168 set res [compound {Putfh $dfh; \
169 Setattr $sid { {acl \
170 { $dir_acl_list } } } } ]
171
172 ckres "Setattr acl" $status $expcode $res $FAIL
173
174 # Re-read ACL values
175 set res2 [compound {Putfh $dfh; \
176 Getattr acl }]
177
178 ckres "Getattr acl again" $status $expcode $res2 $FAIL
179
180 if { $status == "OK" } {
181 set new_acl_list [extract_acl_list $res2]
182
183 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
184 putmsg stderr 0 \
185 "\t Test FAIL: default ACL setup failed."
186 }
187 }
188
189 puts ""
190
191 # Start testing
192 # ------------------------------------------------------------------------
193 # a: Test adding a default ACL of (rwx--xrwx) to an existing directory
194
195 set tag "$TNAME{a}"
196 set ASSERTION "Test adding a default ACL of (rwx--xrwx) to an existing directory"
197 putmsg stdout 0 "$tag: $ASSERTION"
198
199 set sid {0 0}
200
201 # Group - allow x, deny rw
202 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
203
204 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
205 $POSIX_WRITE_DIR_ACL ] ]
206
207 if $IsZFS {
208 set inherited_group_allow_mask $group_allow_mask
209 set inherited_group_deny_mask $group_deny_mask
210
211 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
212 # As we only concern the mask which will be compared, here we just set
213 # both TYPE and FLAG fields with 0.
214 lappend inherited_acl_dir_group_list_b \
215 "0 0 $group_deny_mask GROUP\@" \
216 "0 0 $inherited_group_deny_mask GROUP\@" \
217 "0 0 $group_allow_mask GROUP\@" \
218 "0 0 $inherited_group_allow_mask GROUP\@" \
219 "0 0 $group_deny_mask GROUP\@" \
220 "0 0 $inherited_group_deny_mask GROUP\@"
221
222 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
223 lappend inherited_acl_file_group_list_c \
224 "0 0 $inherited_group_deny_mask GROUP\@" \
225 "0 0 $inherited_group_allow_mask GROUP\@" \
226 "0 0 $inherited_group_deny_mask GROUP\@"
227 }
228
229 # Create the new ACL settings by replacing the appropriate entries.
230 #
231 # Order of entries in the list is as follows:
232 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
233 #
234 set acl_list $default_acl_list
235 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
236 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
237 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
238
239 set new_dir_acl [concat $initial_acl_list $acl_list]
240 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
241
242 # Set the new ACL values.
243 set res [compound {Putfh $dfh; \
244 Setattr $sid { {acl \
245 { $new_dir_acl } } } } ]
246
247 ckres "Setattr acl" $status $expcode $res $FAIL
248
249 # Re-read ACL values
250 set res2 [compound {Putfh $dfh; \
251 Getattr acl }]
252
253 ckres "Getattr acl again" $status $expcode $res2 $FAIL
254
255 if { $status == "OK" } {
256 set new_acl_list [extract_acl_list $res2]
257
258 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
259 putmsg stderr 0 \
260 "\t Test FAIL: lists do not match."
261 } else {
262 putmsg stdout 0 "\t Test PASS"
263 }
264 }
265
266 puts ""
267
268 # ------------------------------------------------------------------------
269 # b: Test the default ACL settings of (rwx--xrwx) are inherited by sub-dir
270
271 set tag "$TNAME{b}"
272 set ASSERTION "Test the default ACL settings of (rwx--xrwx) are inherited by sub-dir"
273 putmsg stdout 0 "$tag: $ASSERTION"
274
275 set sid {0 0}
276
277 # Set params relating to test sub-dir
278 set subdir "subdirB.[pid]"
279 set sdpath $BASEDIR/$dirname/$subdir
280
281 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
282 # over-ridden by the parent dir's default ACL settings, and get its handle.
283 set sdfh "[creatv4_dir $sdpath 777]"
284 if {$sdfh == $NULL} {
285 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
286 putmsg stderr 0 "\t\t status=($status)."
287 Disconnect
288 exit $UNRESOLVED
289 } else {
290 lappend dir_cont_list $subdir
291
292 # Read dir ACL values
293 set res2 [compound {Putfh $sdfh; \
294 Getattr acl }]
295
296 ckres "Getattr acl again" $status $expcode $res2 $FAIL
297
298 set new_acl_list [extract_acl_list $res2]
299 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
300
301 # The sub directory should have inherited the parents default
302 # ACL settings, as both its default and non-default settings.
303 if $IsZFS {
304 set exp_acl [ concat $inherited_owner_dir_common_list \
305 $inherited_acl_dir_group_list_b \
306 $inherited_other_dir_common_list \
307 $initial_acl_list]
308 } else {
309 set exp_acl [concat $acl_list $acl_list]
310 }
311 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
312
313 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
314 putmsg stderr 0 \
315 "\t Test FAIL: lists do not match."
316 } else {
317 putmsg stdout 0 "\t Test PASS"
318 }
319 }
320
321 puts ""
322
323 # ------------------------------------------------------------------------
324 # c: Test the default ACL settings of (rwx--xrwx) are inherited by sub-file
325
326 set tag "$TNAME{c}"
327 set ASSERTION "Test the default ACL settings of (rwx--xrwx) are inherited by sub-file"
328 putmsg stdout 0 "$tag: $ASSERTION"
329
330 set sid { 0 0}
331
332 # Set params relating to test sub-file
333 set subfile "subfileC.[pid]"
334 set sfpath $BASEDIR/$dirname/$subfile
335
336 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
337 # over-ridden by the parent dir's default ACL settings, and get its handle.
338 set sffh "[creatv4_file $sfpath 777]"
339 if {$sffh == $NULL } {
340 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
341 putmsg stderr 0 "\t\t status=($status)."
342 Disconnect
343 exit $UNRESOLVED
344 } else {
345 lappend dir_cont_list $subfile
346
347 # Read file ACL values
348 set res2 [compound {Putfh $sffh; \
349 Getattr acl }]
350
351 ckres "Getattr acl again" $status $expcode $res2 $FAIL
352
353 set new_acl_list [extract_acl_list $res2]
354 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
355
356 if $IsZFS {
357 # The file should have inherited the parent directorys ACL
358 set exp_acl [ concat $inherited_owner_file_common_list \
359 $inherited_acl_file_group_list_c \
360 $inherited_other_file_common_list \
361 $initial_acl_list]
362 } else {
363 # The file should have inherited the parent directorys default
364 # ACL settings except for the DELETE_CHILD bitmask.
365 set exp_acl [dir2file_aclmask $acl_list]
366 }
367 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
368
369 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
370 putmsg stderr 0 \
371 "\t Test FAIL: lists do not match."
372 } else {
373 putmsg stdout 0 "\t Test PASS"
374 }
375 }
376
377 puts ""
378
379 # ------------------------------------------------------------------------
380 # d: Test adding a default ACL of (rwx-w-rwx) to an existing directory
381
382 set tag "$TNAME{d}"
383 set ASSERTION "Test adding a default ACL of (rwx-w-rwx) to an existing directory"
384 putmsg stdout 0 "$tag: $ASSERTION"
385
386 set sid {0 0}
387
388 # Group - allow w, deny r/x
389 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
390
391 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
392
393 if $IsZFS {
394 set inherited_group_allow_mask $group_allow_mask
395 set inherited_group_deny_mask $group_deny_mask
396
397 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs
398 # As we only concern the mask which will be compared, here we just set
399 # both TYPE and FLAG fields with 0.
400 lappend inherited_acl_dir_group_list_e \
401 "0 0 $group_deny_mask GROUP\@" \
402 "0 0 $inherited_group_deny_mask GROUP\@" \
403 "0 0 $group_allow_mask GROUP\@" \
404 "0 0 $inherited_group_allow_mask GROUP\@" \
405 "0 0 $group_deny_mask GROUP\@" \
406 "0 0 $inherited_group_deny_mask GROUP\@"
407
408 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
409 lappend inherited_acl_file_group_list_f \
410 "0 0 $inherited_group_deny_mask GROUP\@" \
411 "0 0 $inherited_group_allow_mask GROUP\@" \
412 "0 0 $inherited_group_deny_mask GROUP\@"
413 }
414
415 #
416 # Break the string returned from the Geattr acl command into
417 # a list and then extract the actual ACL settings.
418 #
419 set acl_list [extract_acl_list $initial_acl]
420
421 # Create the new ACL settings by replacing the appropriate entries.
422 #
423 # Order of entries in the list is as follows:
424 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
425 #
426 set acl_list $default_acl_list
427 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
428 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
429 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
430
431 set new_dir_acl [concat $initial_acl_list $acl_list]
432 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
433
434 # Set the new ACL values.
435 set res [compound {Putfh $dfh; \
436 Setattr $sid { {acl \
437 { $new_dir_acl } } } } ]
438
439 ckres "Setattr acl" $status $expcode $res $FAIL
440
441 # Re-read ACL values
442 set res2 [compound {Putfh $dfh; \
443 Getattr acl }]
444
445 ckres "Getattr acl again" $status $expcode $res2 $FAIL
446
447 if { $status == "OK" } {
448 set new_acl_list [extract_acl_list $res2]
449 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
450
451 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
452 putmsg stderr 0 \
453 "\t Test FAIL: lists do not match."
454 } else {
455 putmsg stdout 0 "\t Test PASS"
456 }
457 }
458
459 puts ""
460
461 # ------------------------------------------------------------------------
462 # e: Test the default ACL settings of (rwx-w-rwx) are inherited by sub-dir
463
464 set tag "$TNAME{e}"
465 set ASSERTION "Test the default ACL settings of (rwx-w-rwx) are inherited by sub-dir"
466 putmsg stdout 0 "$tag: $ASSERTION"
467
468 set sid {0 0}
469
470 # Set params relating to test file
471 set subdir "subdirE.[pid]"
472 set sdpath $BASEDIR/$dirname/$subdir
473
474 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
475 # over-ridden by the parent dir's default ACL settings, and get its handle.
476 set sdfh "[creatv4_dir $sdpath 777]"
477 if {$sdfh == $NULL} {
478 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
479 putmsg stderr 0 "\t\t status=($status)."
480 Disconnect
481 exit $UNRESOLVED
482 } else {
483 lappend dir_cont_list $subdir
484
485 # Read dir ACL values
486 set res2 [compound {Putfh $sdfh; \
487 Getattr acl }]
488
489 ckres "Getattr acl again" $status $expcode $res2 $FAIL
490
491 set new_acl_list [extract_acl_list $res2]
492 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
493
494 # The sub directory should have inherited the parents default
495 # ACL settings, as both its default and non-default settings.
496 if $IsZFS {
497 set exp_acl [ concat $inherited_owner_dir_common_list \
498 $inherited_acl_dir_group_list_e \
499 $inherited_other_dir_common_list \
500 $initial_acl_list]
501 } else {
502 set exp_acl [concat $acl_list $acl_list]
503 }
504 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
505
506 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
507 putmsg stderr 0 \
508 "\t Test FAIL: lists do not match."
509 } else {
510 putmsg stdout 0 "\t Test PASS"
511 }
512
513 puts ""
514 }
515
516 # ------------------------------------------------------------------------
517 # f: Test the default ACL settings of (rwx-w-rwx) are inherited by sub-file
518
519 set tag "$TNAME{f}"
520 set ASSERTION "Test the default ACL settings of (rwx-w-rwx) are inherited by sub-file"
521 putmsg stdout 0 "$tag: $ASSERTION"
522
523 set sid { 0 0}
524
525 # Set params relating to test sub-file
526 set subfile "subfileF.[pid]"
527 set sfpath $BASEDIR/$dirname/$subfile
528
529 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
530 # over-ridden by the parent dir's default ACL settings, and get its handle.
531 set sffh "[creatv4_file $sfpath 777]"
532 if {$sffh == $NULL } {
533 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
534 putmsg stderr 0 "\t\t status=($status)."
535 Disconnect
536 exit $UNRESOLVED
537 } else {
538 lappend dir_cont_list $subfile
539
540 # Read file ACL values
541 set res2 [compound {Putfh $sffh; \
542 Getattr acl }]
543
544 ckres "Getattr acl again" $status $expcode $res2 $FAIL
545
546 set new_acl_list [extract_acl_list $res2]
547 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
548
549 if $IsZFS {
550 # The file should have inherited the parent directorys ACL
551 set exp_acl [ concat $inherited_owner_file_common_list \
552 $inherited_acl_file_group_list_f \
553 $inherited_other_file_common_list \
554 $initial_acl_list]
555 } else {
556 # The file should have inherited the parent directorys default
557 # ACL settings except for the DELETE_CHILD bitmask.
558 set exp_acl [dir2file_aclmask $acl_list]
559 }
560 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
561
562 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
563 putmsg stderr 0 \
564 "\t Test FAIL: lists do not match."
565 } else {
566 putmsg stdout 0 "\t Test PASS"
567 }
568 }
569
570 puts ""
571
572 # ------------------------------------------------------------------------
573 # g: Test adding a default ACL of (rwxr--rwx) to an existing directory
574
575 set tag "$TNAME{g}"
576 set ASSERTION "Test adding a default ACL of (rwxr--rwx) to an existing directory"
577 putmsg stdout 0 "$tag: $ASSERTION"
578
579 set sid {0 0}
580
581 # Group - allow r, deny wx
582 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
583
584 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL \
585 $POSIX_EXECUTE_ACL ] ]
586
587 if $IsZFS {
588 set inherited_group_allow_mask $group_allow_mask
589 set inherited_group_deny_mask $group_deny_mask
590
591 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs
592 # As we only concern the mask which will be compared, here we just set
593 # both TYPE and FLAG fields with 0.
594 lappend inherited_acl_dir_group_list_h \
595 "0 0 $group_deny_mask GROUP\@" \
596 "0 0 $inherited_group_deny_mask GROUP\@" \
597 "0 0 $group_allow_mask GROUP\@" \
598 "0 0 $inherited_group_allow_mask GROUP\@" \
599 "0 0 $group_deny_mask GROUP\@" \
600 "0 0 $inherited_group_deny_mask GROUP\@"
601
602 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
603 lappend inherited_acl_file_group_list_i \
604 "0 0 $inherited_group_deny_mask GROUP\@" \
605 "0 0 $inherited_group_allow_mask GROUP\@" \
606 "0 0 $inherited_group_deny_mask GROUP\@"
607 }
608
609 #
610 # Break the string returned from the Geattr acl command into
611 # a list and then extract the actual ACL settings.
612 #
613 set acl_list [extract_acl_list $initial_acl]
614
615 # Create the new ACL settings by replacing the appropriate entries.
616 #
617 # Order of entries in the list is as follows:
618 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
619 #
620 set acl_list $default_acl_list
621 set acl_list [lreplace $acl_list 2 2 "1 4b $group_deny_mask GROUP\@"]
622 set acl_list [lreplace $acl_list 3 3 "0 4b $group_allow_mask GROUP\@"]
623 set acl_list [lreplace $acl_list 4 4 "1 4b $group_deny_mask GROUP\@"]
624
625 set new_dir_acl [concat $initial_acl_list $acl_list]
626 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
627
628 # Set the new ACL values.
629 set res [compound {Putfh $dfh; \
630 Setattr $sid { {acl \
631 { $new_dir_acl } } } } ]
632
633 ckres "Setattr acl" $status $expcode $res $FAIL
634
635 # Re-read ACL values
636 set res2 [compound {Putfh $dfh; \
637 Getattr acl }]
638
639 ckres "Getattr acl again" $status $expcode $res2 $FAIL
640
641 if { $status == "OK" } {
642 set new_acl_list [extract_acl_list $res2]
643 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
644
645 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
646 putmsg stderr 0 \
647 "\t Test FAIL: lists do not match."
648 } else {
649 putmsg stdout 0 "\t Test PASS"
650 }
651 }
652
653 puts ""
654
655 # ------------------------------------------------------------------------
656 # h: Test the default ACL settings of (rwxr--rwx) are inherited by sub-dir
657
658 set tag "$TNAME{h}"
659 set ASSERTION "Test the default ACL settings of (rwxr--rwx) are inherited by sub-dir"
660 putmsg stdout 0 "$tag: $ASSERTION"
661
662 set sid {0 0}
663
664 # Set params relating to test file
665 set subdir "subdirH.[pid]"
666 set sdpath $BASEDIR/$dirname/$subdir
667
668 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
669 # over-ridden by the parent dir's default ACL settings, and get its handle.
670 set sdfh "[creatv4_dir $sdpath 777]"
671 if {$sdfh == $NULL} {
672 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
673 putmsg stderr 0 "\t\t status=($status)."
674 Disconnect
675 exit $UNRESOLVED
676 } else {
677 lappend dir_cont_list $subdir
678
679 # Read dir ACL values
680 set res2 [compound {Putfh $sdfh; \
681 Getattr acl }]
682
683 ckres "Getattr acl again" $status $expcode $res2 $FAIL
684
685 set new_acl_list [extract_acl_list $res2]
686 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
687
688 # The sub directory should have inherited the parents default
689 # ACL settings, as both its default and non-default settings.
690 if $IsZFS {
691 set exp_acl [ concat $inherited_owner_dir_common_list \
692 $inherited_acl_dir_group_list_h \
693 $inherited_other_dir_common_list \
694 $initial_acl_list]
695 } else {
696 set exp_acl [concat $acl_list $acl_list]
697 }
698 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
699
700 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
701 putmsg stderr 0 \
702 "\t Test FAIL: lists do not match."
703 } else {
704 putmsg stdout 0 "\t Test PASS"
705 }
706
707 puts ""
708 }
709
710 # ------------------------------------------------------------------------
711 # i: Test the default ACL settings of (rwxr--rwx) are inherited by sub-file
712
713 set tag "$TNAME{i}"
714 set ASSERTION "Test the default ACL settings of (rwxr--rwx) are inherited by sub-file"
715 putmsg stdout 0 "$tag: $ASSERTION"
716
717 set sid { 0 0}
718
719 # Set params relating to test sub-file
720 set subfile "subfileI.[pid]"
721 set sfpath $BASEDIR/$dirname/$subfile
722
723 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
724 # over-ridden by the parent dir's default ACL settings, and get its handle.
725 set sffh "[creatv4_file $sfpath 777]"
726 if {$sffh == $NULL } {
727 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
728 putmsg stderr 0 "\t\t status=($status)."
729 Disconnect
730 exit $UNRESOLVED
731 } else {
732 lappend dir_cont_list $subfile
733
734 # Read file ACL values
735 set res2 [compound {Putfh $sffh; \
736 Getattr acl }]
737
738 ckres "Getattr acl again" $status $expcode $res2 $FAIL
739
740 set new_acl_list [extract_acl_list $res2]
741 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
742
743 if $IsZFS {
744 # The file should have inherited the parent directorys ACL
745 set exp_acl [ concat $inherited_owner_file_common_list \
746 $inherited_acl_file_group_list_i \
747 $inherited_other_file_common_list \
748 $initial_acl_list]
749 } else {
750 # The file should have inherited the parent directorys default
751 # ACL settings except for the DELETE_CHILD bitmask.
752 set exp_acl [dir2file_aclmask $acl_list]
753 }
754 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
755
756 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
757 putmsg stderr 0 \
758 "\t Test FAIL: lists do not match."
759 } else {
760 putmsg stdout 0 "\t Test PASS"
761 }
762 }
763
764 puts ""
765
766 #
767 # Final Cleanup - remove all the sub-files and sub-dirs first
768 # then the parent directory.
769 #
770 set tag "$TNAME-sub-cleanup"
771 remove_dir_entries $dfh $dir_cont_list
772
773 set tag "$TNAME-cleanup"
774 set res3 [compound {Putfh $bfh; Remove $dirname}]
775 if {$status != "OK"} {
776 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
777 putmsg stderr 0 "\t status=$status; please cleanup manually."
778 putmsg stderr 1 "\t res=($res3)"
779 putmsg stderr 1 " "
780 }
781
782 Disconnect
783 exit $PASS