1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (rwxrwx-wx) to an existing directory
29 # b: Test the default ACL settings of (rwxrwx-wx) are inherited by sub-dir
30 # c: Test the default ACL settings of (rwxrwx-wx) are inherited by sub-file
31 # d: Test adding a default ACL of (rwxrwxr-x) to an existing directory
32 # e: Test the default ACL settings of (rwxrwxr-x) are inherited by sub-dir
33 # f: Test the default ACL settings of (rwxrwxr-x) are inherited by sub-file
34 # g: Test adding a default ACL of (rwxrwxrw-) to an existing directory
35 # h: Test the default ACL settings of (rwxrwxrw-) are inherited by sub-dir
36 # i: Test the default ACL settings of (rwxrwxrw-) are inherited by sub-file
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
54 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
55 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
56 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
57 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
58 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
59
60 # Get handle for base directory
61 set bfh [get_fh "$BASEDIRS"]
62
63 # Set params relating to test file
64 set dirname "newdir.[pid]"
65 set dpath [file join ${BASEDIR} ${dirname}]
66
67 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
68 set dfh "[creatv4_dir $dpath 777]"
69 if {$dfh == $NULL} {
70 putmsg stdout 0 "$TNAME: test setup"
71 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
72 putmsg stderr 0 "\t\t status=($status)."
73 Disconnect
74 exit $UNRESOLVED
75 }
76
77 # get the initial non-default ACL settings.
78 set initial_acl [compound {Putfh $dfh; \
79 Getattr acl }]
80
81 if {$status != "OK"} {
82 putmsg stdout 0 "$TNAME: test setup"
83 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
84 putmsg stderr 0 "\t\t status=($status)."
85 Disconnect
86 exit $UNRESOLVED
87 }
88
89 #
90 # Break the string returned from the Geattr acl command into
91 # a list and then extract the actual ACL settings.
92 #
93 set initial_acl_list [extract_acl_list $initial_acl]
94
95 set sid {0 0}
96
97 # Default Dir ACL settings
98 #
99 # Owner - allow rwx
100 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
101 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
102
103 set dir_owner_deny_mask 0
104
105 # Group - allow rwx
106 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
107 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
108
109 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
110
111 # Other - allow rwx
112 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
113 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
114
115 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
116
117 if $IsZFS {
118 set inherited_owner_allow_mask $dir_owner_allow_mask
119 set inherited_owner_deny_mask $dir_owner_deny_mask
120 set inherited_group_allow_mask $dir_group_allow_mask
121 set inherited_group_deny_mask $dir_group_deny_mask
122
123 # in all sub-assertions, we only change "EVERYONE@" ACEs
124 # so other ACEs (OWNER and GROUP) are the same.
125 lappend inherited_dir_common_list \
126 "0 0 $dir_owner_allow_mask OWNER@" \
127 "0 0 $inherited_owner_allow_mask OWNER@" \
128 "0 0 $dir_owner_deny_mask OWNER@" \
129 "0 0 $inherited_owner_deny_mask OWNER@" \
130 "0 0 $dir_group_deny_mask GROUP@" \
131 "0 0 $inherited_group_deny_mask GROUP@" \
132 "0 0 $dir_group_allow_mask GROUP@" \
133 "0 0 $inherited_group_allow_mask GROUP@" \
134 "0 0 $dir_group_deny_mask GROUP@" \
135 "0 0 $inherited_group_deny_mask GROUP@"
136
137 lappend inherited_file_common_list \
138 "0 0 $inherited_owner_allow_mask OWNER@" \
139 "0 0 $inherited_owner_deny_mask OWNER@" \
140 "0 0 $inherited_group_deny_mask GROUP@" \
141 "0 0 $inherited_group_allow_mask GROUP@" \
142 "0 0 $inherited_group_deny_mask GROUP@"
143 }
144
145 # Create the new ACL settings by appending the appropriate default
146 # ACL entries.
147 #
148 # Order of entries in the list is as follows:
149 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
150 #
151 # Set the default ACL's
152
153 set acl_list $initial_acl_list
154 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
155 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
156 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
157 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
158 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
159 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
160 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
161
162 set dir_acl_list [concat $initial_acl_list $default_acl_list]
163 putmsg stderr 1 "$TNAME: new dir ACL : $dir_acl_list"
164
165 # Set the new ACL values.
166 set res [compound {Putfh $dfh; \
167 Setattr $sid { {acl \
168 { $dir_acl_list } } } } ]
169
170 ckres "Setattr acl" $status $expcode $res $FAIL
171
172 # Re-read ACL values
173 set res2 [compound {Putfh $dfh; \
174 Getattr acl }]
175
176 ckres "Getattr acl again" $status $expcode $res2 $FAIL
177
178 if { $status == "OK" } {
179 set new_acl_list [extract_acl_list $res2]
180 putmsg stderr 1 "$TNAME: re-read ACL : $new_acl_list"
181
182 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
183 putmsg stderr 0 \
184 "\t Test FAIL: setting default ACL failed."
185 }
186 }
187
188 puts ""
189
190 # Start testing
191 # ------------------------------------------------------------------------
192 # a: Test adding a default ACL of (rwxrwx-wx) to an existing directory
193
194 set tag "$TNAME{a}"
195 set ASSERTION "Test adding a default ACL of (rwxrwx-wx) to an existing directory"
196 putmsg stdout 0 "$tag: $ASSERTION"
197
198 set sid {0 0}
199
200 # Other - deny r, allow wx
201 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL \
202 $POSIX_EXECUTE_ACL ] ]
203
204 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
205
206 if $IsZFS {
207 set inherited_other_allow_mask $other_allow_mask
208 set inherited_other_deny_mask $other_deny_mask
209
210 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
211 # As we only concern the mask which will be compared, here we just set
212 # both TYPE and FLAG fields with 0.
213 lappend inherited_acl_dir_other_list_b \
214 "0 0 $other_allow_mask EVERYONE@" \
215 "0 0 $inherited_other_allow_mask EVERYONE@" \
216 "0 0 $other_deny_mask EVERYONE@" \
217 "0 0 $inherited_other_deny_mask EVERYONE@"
218
219 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
220 lappend inherited_acl_file_other_list_c \
221 "0 0 $inherited_other_allow_mask EVERYONE@" \
222 "0 0 $inherited_other_deny_mask EVERYONE@"
223 }
224
225 # Create the new ACL settings by replacing the appropriate entries.
226 #
227 # Order of entries in the list is as follows:
228 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
229 #
230 set acl_list $default_acl_list
231 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
232 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
233
234 set new_dir_acl [concat $initial_acl_list $acl_list]
235 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
236
237 # Set the new ACL values.
238 set res [compound {Putfh $dfh; \
239 Setattr $sid { {acl \
240 { $new_dir_acl } } } } ]
241
242 ckres "Setattr acl" $status $expcode $res $FAIL
243
244 # Re-read ACL values
245 set res2 [compound {Putfh $dfh; \
246 Getattr acl }]
247
248 ckres "Getattr acl again" $status $expcode $res2 $FAIL
249
250 if { $status == "OK" } {
251 set new_acl_list [extract_acl_list $res2]
252 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
253
254 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
255 putmsg stderr 0 \
256 "\t Test FAIL: lists do not match."
257 } else {
258 putmsg stdout 0 "\t Test PASS"
259 }
260 }
261
262 puts ""
263
264 # ------------------------------------------------------------------------
265 # b: Test the default ACL settings of (rwxrwx-wx) are inherited by sub-dir
266
267 set tag "$TNAME{b}"
268 set ASSERTION "Test the default ACL settings of (rwxrwx-wx) are inherited by sub-dir"
269 putmsg stdout 0 "$tag: $ASSERTION"
270
271 set sid {0 0}
272
273 # Set params relating to test sub-dir
274 set subdir "subdirB.[pid]"
275 set sdpath $BASEDIR/$dirname/$subdir
276
277 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
278 # over-ridden by the parent dir's default ACL settings, and get its handle.
279 set sdfh "[creatv4_dir $sdpath 777]"
280 if {$sdfh == $NULL} {
281 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
282 putmsg stderr 0 "\t\t status=($status)."
283 Disconnect
284 exit $UNRESOLVED
285 } else {
286 lappend dir_cont_list $subdir
287
288 # Read dir ACL values
289 set res2 [compound {Putfh $sdfh; \
290 Getattr acl }]
291
292 ckres "Getattr acl again" $status $expcode $res2 $FAIL
293
294 set new_acl_list [extract_acl_list $res2]
295 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
296
297 # The sub directory should have inherited the parents default
298 # ACL settings, as both its default and non-default settings.
299 if $IsZFS {
300 set exp_acl [ concat $inherited_dir_common_list \
301 $inherited_acl_dir_other_list_b $initial_acl_list ]
302 } else {
303 set exp_acl [concat $acl_list $acl_list]
304 }
305 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
306
307 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
308 putmsg stderr 0 \
309 "\t Test FAIL: lists do not match."
310 } else {
311 putmsg stdout 0 "\t Test PASS"
312 }
313 }
314
315 puts ""
316
317 # ------------------------------------------------------------------------
318 # c: Test the default ACL settings of (rwxrwx-wx) are inherited by sub-file
319
320 set tag "$TNAME{c}"
321 set ASSERTION "Test the default ACL settings of (rwxrwx-wx) are inherited by sub-file"
322 putmsg stdout 0 "$tag: $ASSERTION"
323
324 set sid { 0 0}
325
326 # Set params relating to test sub-file
327 set subfile "subfileC.[pid]"
328 set sfpath $BASEDIR/$dirname/$subfile
329
330 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
331 # over-ridden by the parent dir's default ACL settings, and get its handle.
332 set sffh "[creatv4_file $sfpath 777]"
333 if {$sffh == $NULL } {
334 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
335 putmsg stderr 0 "\t\t status=($status)."
336 Disconnect
337 exit $UNRESOLVED
338 } else {
339 lappend dir_cont_list $subfile
340
341 # Read file ACL values
342 set res2 [compound {Putfh $sffh; \
343 Getattr acl }]
344
345 ckres "Getattr acl again" $status $expcode $res2 $FAIL
346
347 set new_acl_list [extract_acl_list $res2]
348 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
349
350 if $IsZFS {
351 # The file should have inherited the parent directorys ACL
352 set exp_acl [ concat $inherited_file_common_list \
353 $inherited_acl_file_other_list_c $initial_acl_list ]
354 } else {
355 # The file should have inherited the parent directorys default
356 # ACL settings except for the DELETE_CHILD bitmask.
357 set exp_acl [dir2file_aclmask $acl_list]
358 }
359 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
360
361 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
362 putmsg stderr 0 \
363 "\t Test FAIL: lists do not match."
364 } else {
365 putmsg stdout 0 "\t Test PASS"
366 }
367 }
368
369 puts ""
370
371 # ------------------------------------------------------------------------
372 # d: Test adding a default ACL of (rwxrwxr-x) to an existing directory
373
374 set tag "$TNAME{d}"
375 set ASSERTION "Test adding a default ACL of (rwxrwxr-x) to an existing directory"
376 putmsg stdout 0 "$tag: $ASSERTION"
377
378 set sid {0 0}
379
380 # Other - allow r/x, deny w
381 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
382 $POSIX_EXECUTE_ACL ] ]
383
384 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL ] ]
385
386 if $IsZFS {
387 set inherited_other_allow_mask $other_allow_mask
388 set inherited_other_deny_mask $other_deny_mask
389
390 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs
391 # As we only concern the mask which will be compared, here we just set
392 # both TYPE and FLAG fields with 0.
393 lappend inherited_acl_dir_other_list_e \
394 "0 0 $other_allow_mask EVERYONE@" \
395 "0 0 $inherited_other_allow_mask EVERYONE@" \
396 "0 0 $other_deny_mask EVERYONE@" \
397 "0 0 $inherited_other_deny_mask EVERYONE@"
398
399 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
400 lappend inherited_acl_file_other_list_f \
401 "0 0 $inherited_other_allow_mask EVERYONE@" \
402 "0 0 $inherited_other_deny_mask EVERYONE@"
403 }
404
405 #
406 # Break the string returned from the Geattr acl command into
407 # a list and then extract the actual ACL settings.
408 #
409 set acl_list [extract_acl_list $initial_acl]
410
411 # Create the new ACL settings by replacing the appropriate entries.
412 #
413 # Order of entries in the list is as follows:
414 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
415 #
416 set acl_list $default_acl_list
417 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
418 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
419
420 set new_dir_acl [concat $initial_acl_list $acl_list]
421 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
422
423 # Set the new ACL values.
424 set res [compound {Putfh $dfh; \
425 Setattr $sid { {acl \
426 { $new_dir_acl } } } } ]
427
428 ckres "Setattr acl" $status $expcode $res $FAIL
429
430 # Re-read ACL values
431 set res2 [compound {Putfh $dfh; \
432 Getattr acl }]
433
434 ckres "Getattr acl again" $status $expcode $res2 $FAIL
435
436 if { $status == "OK" } {
437 set new_acl_list [extract_acl_list $res2]
438 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
439
440 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
441 putmsg stderr 0 \
442 "\t Test FAIL: lists do not match."
443 } else {
444 putmsg stdout 0 "\t Test PASS"
445 }
446 }
447
448 puts ""
449
450 # ------------------------------------------------------------------------
451 # e: Test the default ACL settings of (rwxrwxr-x) are inherited by sub-dir
452
453 set tag "$TNAME{e}"
454 set ASSERTION "Test the default ACL settings of (rwxrwxr-x) are inherited by sub-dir"
455 putmsg stdout 0 "$tag: $ASSERTION"
456
457 set sid {0 0}
458
459 # Set params relating to test file
460 set subdir "subdirE.[pid]"
461 set sdpath $BASEDIR/$dirname/$subdir
462
463 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
464 # over-ridden by the parent dir's default ACL settings, and get its handle.
465 set sdfh "[creatv4_dir $sdpath 777]"
466 if {$sdfh == $NULL} {
467 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
468 putmsg stderr 0 "\t\t status=($status)."
469 Disconnect
470 exit $UNRESOLVED
471 } else {
472 lappend dir_cont_list $subdir
473
474 # Read dir ACL values
475 set res2 [compound {Putfh $sdfh; \
476 Getattr acl }]
477
478 ckres "Getattr acl again" $status $expcode $res2 $FAIL
479
480 set new_acl_list [extract_acl_list $res2]
481 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
482
483 # The sub directory should have inherited the parents default
484 # ACL settings, as both its default and non-default settings.
485 if $IsZFS {
486 set exp_acl [ concat $inherited_dir_common_list \
487 $inherited_acl_dir_other_list_e $initial_acl_list ]
488 } else {
489 set exp_acl [concat $acl_list $acl_list]
490 }
491 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
492
493 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
494 putmsg stderr 0 \
495 "\t Test FAIL: lists do not match."
496 } else {
497 putmsg stdout 0 "\t Test PASS"
498 }
499
500 puts ""
501 }
502
503 # ------------------------------------------------------------------------
504 # f: Test the default ACL settings of (rwxrwxr-x) are inherited by sub-file
505
506 set tag "$TNAME{f}"
507 set ASSERTION "Test the default ACL settings of (rwxrwxr-x) are inherited by sub-file"
508 putmsg stdout 0 "$tag: $ASSERTION"
509
510 set sid { 0 0}
511
512 # Set params relating to test sub-file
513 set subfile "subfileF.[pid]"
514 set sfpath $BASEDIR/$dirname/$subfile
515
516 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
517 # over-ridden by the parent dir's default ACL settings, and get its handle.
518 set sffh "[creatv4_file $sfpath 777]"
519 if {$sffh == $NULL } {
520 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
521 putmsg stderr 0 "\t\t status=($status)."
522 Disconnect
523 exit $UNRESOLVED
524 } else {
525 lappend dir_cont_list $subfile
526
527 # Read file ACL values
528 set res2 [compound {Putfh $sffh; \
529 Getattr acl }]
530
531 ckres "Getattr acl again" $status $expcode $res2 $FAIL
532
533 set new_acl_list [extract_acl_list $res2]
534 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
535
536 if $IsZFS {
537 # The file should have inherited the parent directorys ACL
538 set exp_acl [ concat $inherited_file_common_list \
539 $inherited_acl_file_other_list_f $initial_acl_list ]
540 } else {
541 # The file should have inherited the parent directorys default
542 # ACL settings except for the DELETE_CHILD bitmask.
543 set exp_acl [dir2file_aclmask $acl_list]
544 }
545 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
546
547 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
548 putmsg stderr 0 \
549 "\t Test FAIL: lists do not match."
550 } else {
551 putmsg stdout 0 "\t Test PASS"
552 }
553 }
554
555 puts ""
556
557 # ------------------------------------------------------------------------
558 # g: Test adding a default ACL of (rwxrwxrw-) to an existing directory
559
560 set tag "$TNAME{g}"
561 set ASSERTION "Test adding a default ACL of (rwxrwxrw-) to an existing directory"
562 putmsg stdout 0 "$tag: $ASSERTION"
563
564 set sid {0 0}
565
566 # Other - allow rw, deny x
567 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
568 $POSIX_WRITE_DIR_ACL ] ]
569
570 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
571
572 if $IsZFS {
573 set inherited_other_allow_mask $other_allow_mask
574 set inherited_other_deny_mask $other_deny_mask
575
576 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs
577 # As we only concern the mask which will be compared, here we just set
578 # both TYPE and FLAG fields with 0.
579 lappend inherited_acl_dir_other_list_h \
580 "0 0 $other_allow_mask EVERYONE@" \
581 "0 0 $inherited_other_allow_mask EVERYONE@" \
582 "0 0 $other_deny_mask EVERYONE@" \
583 "0 0 $inherited_other_deny_mask EVERYONE@"
584
585 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
586 lappend inherited_acl_file_other_list_i \
587 "0 0 $inherited_other_allow_mask EVERYONE@" \
588 "0 0 $inherited_other_deny_mask EVERYONE@"
589 }
590
591 #
592 # Break the string returned from the Geattr acl command into
593 # a list and then extract the actual ACL settings.
594 #
595 set acl_list [extract_acl_list $initial_acl]
596
597 # Create the new ACL settings by replacing the appropriate entries.
598 #
599 # Order of entries in the list is as follows:
600 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
601 #
602 set acl_list $default_acl_list
603 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
604 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
605
606 set new_dir_acl [concat $initial_acl_list $acl_list]
607 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
608
609 # Set the new ACL values.
610 set res [compound {Putfh $dfh; \
611 Setattr $sid { {acl \
612 { $new_dir_acl } } } } ]
613
614 ckres "Setattr acl" $status $expcode $res $FAIL
615
616 # Re-read ACL values
617 set res2 [compound {Putfh $dfh; \
618 Getattr acl }]
619
620 ckres "Getattr acl again" $status $expcode $res2 $FAIL
621
622 if { $status == "OK" } {
623 set new_acl_list [extract_acl_list $res2]
624 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
625
626 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
627 putmsg stderr 0 \
628 "\t Test FAIL: lists do not match."
629 } else {
630 putmsg stdout 0 "\t Test PASS"
631 }
632 }
633
634 puts ""
635
636 # ------------------------------------------------------------------------
637 # h: Test the default ACL settings of (rwxrwxrw-) are inherited by sub-dir
638
639 set tag "$TNAME{h}"
640 set ASSERTION "Test the default ACL settings of (rwxrwxrw-) are inherited by sub-dir"
641 putmsg stdout 0 "$tag: $ASSERTION"
642
643 set sid {0 0}
644
645 # Set params relating to test file
646 set subdir "subdirH.[pid]"
647 set sdpath $BASEDIR/$dirname/$subdir
648
649 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
650 # over-ridden by the parent dir's default ACL settings, and get its handle.
651 set sdfh "[creatv4_dir $sdpath 777]"
652 if {$sdfh == $NULL} {
653 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
654 putmsg stderr 0 "\t\t status=($status)."
655 Disconnect
656 exit $UNRESOLVED
657 } else {
658 lappend dir_cont_list $subdir
659
660 # Read dir ACL values
661 set res2 [compound {Putfh $sdfh; \
662 Getattr acl }]
663
664 ckres "Getattr acl again" $status $expcode $res2 $FAIL
665
666 set new_acl_list [extract_acl_list $res2]
667 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
668
669 # The sub directory should have inherited the parents default
670 # ACL settings, as both its default and non-default settings.
671 if $IsZFS {
672 set exp_acl [ concat $inherited_dir_common_list \
673 $inherited_acl_dir_other_list_h $initial_acl_list ]
674 } else {
675 set exp_acl [concat $acl_list $acl_list]
676 }
677 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
678
679 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
680 putmsg stderr 0 \
681 "\t Test FAIL: lists do not match."
682 } else {
683 putmsg stdout 0 "\t Test PASS"
684 }
685
686 puts ""
687 }
688
689 # ------------------------------------------------------------------------
690 # i: Test the default ACL settings of (rwxrwxrw-) are inherited by sub-file
691
692 set tag "$TNAME{i}"
693 set ASSERTION "Test the default ACL settings of (rwxrwxrw-) are inherited by sub-file"
694 putmsg stdout 0 "$tag: $ASSERTION"
695
696 set sid { 0 0}
697
698 # Set params relating to test sub-file
699 set subfile "subfileI.[pid]"
700 set sfpath $BASEDIR/$dirname/$subfile
701
702 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
703 # over-ridden by the parent dir's default ACL settings, and get its handle.
704 set sffh "[creatv4_file $sfpath 777]"
705 if {$sffh == $NULL } {
706 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
707 putmsg stderr 0 "\t\t status=($status)."
708 Disconnect
709 exit $UNRESOLVED
710 } else {
711
712 lappend dir_cont_list $subfile
713
714 # Read file ACL values
715 set res2 [compound {Putfh $sffh; \
716 Getattr acl }]
717
718 ckres "Getattr acl again" $status $expcode $res2 $FAIL
719
720 set new_acl_list [extract_acl_list $res2]
721 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
722
723 if $IsZFS {
724 # The file should have inherited the parent directorys ACL
725 set exp_acl [ concat $inherited_file_common_list \
726 $inherited_acl_file_other_list_i $initial_acl_list ]
727 } else {
728 # The file should have inherited the parent directorys default
729 # ACL settings except for the DELETE_CHILD bitmask.
730 set exp_acl [dir2file_aclmask $acl_list]
731 }
732 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
733
734 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
735 putmsg stderr 0 \
736 "\t Test FAIL: lists do not match."
737 } else {
738 putmsg stdout 0 "\t Test PASS"
739 }
740 }
741
742 puts ""
743
744 #
745 # Final Cleanup - remove all the sub-files and sub-dirs first
746 # then the parent directory.
747 #
748 set tag "$TNAME-sub-cleanup"
749 remove_dir_entries $dfh $dir_cont_list
750
751 set tag "$TNAME-cleanup"
752 set res3 [compound {Putfh $bfh; Remove $dirname}]
753 if {$status != "OK"} {
754 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
755 putmsg stderr 0 "\t status=$status; please cleanup manually."
756 putmsg stderr 1 "\t res=($res3)"
757 putmsg stderr 1 " "
758 }
759
760 Disconnect
761 exit $PASS