1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test adding a default ACL of (rwxrwx--x) to an existing directory
29 # b: Test the default ACL settings of (rwxrwx--x) are inherited by sub-dir
30 # c: Test the default ACL settings of (rwxrwx--x) are inherited by sub-file
31 # d: Test adding a default ACL of (rwxrwx-w-) to an existing directory
32 # e: Test the default ACL settings of (rwxrwx-w-) are inherited by sub-dir
33 # f: Test the default ACL settings of (rwxrwx-w-) are inherited by sub-file
34 # g: Test adding a default ACL of (rwxrwxr--) to an existing directory
35 # h: Test the default ACL settings of (rwxrwxr--) are inherited by sub-dir
36 # i: Test the default ACL settings of (rwxrwxr--) are inherited by sub-file
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
54 set POSIX_WRITE_DIR_ACL $env(POSIX_WRITE_DIR_ACL)
55 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
56 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
57 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
58 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
59
60 # Get handle for base directory
61 set bfh [get_fh "$BASEDIRS"]
62
63 # Set params relating to test file
64 set dirname "newdir.[pid]"
65 set dpath [file join ${BASEDIR} ${dirname}]
66
67 # Create the test parent dir with all perms set (-rwxrwxrwx) and get its handle.
68 set dfh "[creatv4_dir $dpath 777]"
69 if {$dfh == $NULL} {
70 putmsg stdout 0 "$TNAME: test setup"
71 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp dir=($dirname)"
72 putmsg stderr 0 "\t\t status=($status)."
73 Disconnect
74 exit $UNRESOLVED
75 }
76
77 # get the initial non-default ACL settings.
78 set initial_acl [compound {Putfh $dfh; \
79 Getattr acl }]
80
81 if {$status != "OK"} {
82 putmsg stdout 0 "$TNAME: test setup"
83 putmsg stderr 0 "\t Test UNRESOLVED: failed to get ACL for dir=($dirname)"
84 putmsg stderr 0 "\t\t status=($status)."
85 Disconnect
86 exit $UNRESOLVED
87 }
88
89 #
90 # Break the string returned from the Geattr acl command into
91 # a list and then extract the actual ACL settings.
92 #
93 set initial_acl_list [extract_acl_list $initial_acl]
94
95 set sid {0 0}
96
97 # Default Dir ACL settings
98 #
99 # Owner - allow rwx
100 set dir_owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
101 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
102
103 set dir_owner_deny_mask 0
104
105 # Group - allow rwx
106 set dir_group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
107 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
108
109 set dir_group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
110
111 # Other - allow rwx
112 set dir_other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL \
113 $POSIX_WRITE_DIR_ACL $POSIX_EXECUTE_ACL ] ]
114
115 set dir_other_deny_mask [ aclmask $GENERIC_DENY_ACL ]
116
117 if $IsZFS {
118 set inherited_owner_allow_mask $dir_owner_allow_mask
119 set inherited_owner_deny_mask $dir_owner_deny_mask
120 set inherited_group_allow_mask $dir_group_allow_mask
121 set inherited_group_deny_mask $dir_group_deny_mask
122
123 # in all sub-assertions, we only change "EVERYONE@" ACEs
124 # so other ACEs (OWNER and GROUP) are the same.
125 lappend inherited_dir_common_list \
126 "0 0 $dir_owner_allow_mask OWNER@" \
127 "0 0 $inherited_owner_allow_mask OWNER@" \
128 "0 0 $dir_owner_deny_mask OWNER@" \
129 "0 0 $inherited_owner_deny_mask OWNER@" \
130 "0 0 $dir_group_deny_mask GROUP@" \
131 "0 0 $inherited_group_deny_mask GROUP@" \
132 "0 0 $dir_group_allow_mask GROUP@" \
133 "0 0 $inherited_group_allow_mask GROUP@" \
134 "0 0 $dir_group_deny_mask GROUP@" \
135 "0 0 $inherited_group_deny_mask GROUP@"
136
137 lappend inherited_file_common_list \
138 "0 0 $inherited_owner_allow_mask OWNER@" \
139 "0 0 $inherited_owner_deny_mask OWNER@" \
140 "0 0 $inherited_group_deny_mask GROUP@" \
141 "0 0 $inherited_group_allow_mask GROUP@" \
142 "0 0 $inherited_group_deny_mask GROUP@"
143 }
144
145 # Create the new ACL settings by appending the appropriate default
146 # ACL entries.
147 #
148 # Order of entries in the list is as follows:
149 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
150 #
151 # Set the default ACL's
152
153 set acl_list $initial_acl_list
154 lappend default_acl_list "0 b $dir_owner_allow_mask OWNER\@"
155 lappend default_acl_list "1 b $dir_owner_deny_mask OWNER\@"
156 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
157 lappend default_acl_list "0 4b $dir_group_allow_mask GROUP\@"
158 lappend default_acl_list "1 4b $dir_group_deny_mask GROUP\@"
159 lappend default_acl_list "0 b $dir_other_allow_mask EVERYONE\@"
160 lappend default_acl_list "1 b $dir_other_deny_mask EVERYONE\@"
161
162 set dir_acl_list [concat $initial_acl_list $default_acl_list]
163
164 # Set the new ACL values.
165 set res [compound {Putfh $dfh; \
166 Setattr $sid { {acl \
167 { $dir_acl_list } } } } ]
168
169 ckres "Setattr acl" $status $expcode $res $FAIL
170
171 # Re-read ACL values
172 set res2 [compound {Putfh $dfh; \
173 Getattr acl }]
174
175 ckres "Getattr acl again" $status $expcode $res2 $FAIL
176
177 if { $status == "OK" } {
178 set new_acl_list [extract_acl_list $res2]
179
180 if { [compare_acl_lists $new_acl_list $dir_acl_list MASK] != 0} {
181 putmsg stderr 0 \
182 "\t Test FAIL: setting default ACL faile."
183 }
184 }
185
186 puts ""
187
188 # Start testing
189 # ------------------------------------------------------------------------
190 # a: Test adding a default ACL of (rwxrwx--x) to an existing directory
191
192
193 set tag "$TNAME{a}"
194 set ASSERTION "Test adding a default ACL of (rwxrwx--x) to an existing directory"
195 putmsg stdout 0 "$tag: $ASSERTION"
196
197 set sid {0 0}
198
199 # Other - allow x, deny rw
200 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
201
202 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
203 $POSIX_WRITE_DIR_ACL ] ]
204
205 if $IsZFS {
206 set inherited_other_allow_mask $other_allow_mask
207 set inherited_other_deny_mask $other_deny_mask
208
209 # For case b, ONE ACE on parent directory can create TWO ACEs on sub-dirs
210 # As we only concern the mask which will be compared, here we just set
211 # both TYPE and FLAG fields with 0.
212 lappend inherited_acl_dir_other_list_b \
213 "0 0 $other_allow_mask EVERYONE@" \
214 "0 0 $inherited_other_allow_mask EVERYONE@" \
215 "0 0 $other_deny_mask EVERYONE@" \
216 "0 0 $inherited_other_deny_mask EVERYONE@"
217
218 # For case c, ONE ACE on parent directory can create ONE ACE on sub-file
219 lappend inherited_acl_file_other_list_c \
220 "0 0 $inherited_other_allow_mask EVERYONE@" \
221 "0 0 $inherited_other_deny_mask EVERYONE@"
222 }
223
224 # Create the new ACL settings by replacing the appropriate entries.
225 #
226 # Order of entries in the list is as follows:
227 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
228 #
229 set acl_list $default_acl_list
230 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
231 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
232
233 set new_dir_acl [concat $initial_acl_list $acl_list]
234 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
235
236 # Set the new ACL values.
237 set res [compound {Putfh $dfh; \
238 Setattr $sid { {acl \
239 { $new_dir_acl } } } } ]
240
241 ckres "Setattr acl" $status $expcode $res $FAIL
242
243 # Re-read ACL values
244 set res2 [compound {Putfh $dfh; \
245 Getattr acl }]
246
247 ckres "Getattr acl again" $status $expcode $res2 $FAIL
248
249 if { $status == "OK" } {
250 set new_acl_list [extract_acl_list $res2]
251 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
252
253 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
254 putmsg stderr 0 \
255 "\t Test FAIL: lists do not match."
256 } else {
257 putmsg stdout 0 "\t Test PASS"
258 }
259 }
260
261 puts ""
262
263 # ------------------------------------------------------------------------
264 # b: Test the default ACL settings of (rwxrwx--x) are inherited by sub-dir
265
266 set tag "$TNAME{b}"
267 set ASSERTION "Test the default ACL settings of (rwxrwx--x) are inherited by sub-dir"
268 putmsg stdout 0 "$tag: $ASSERTION"
269
270 set sid {0 0}
271
272 # Set params relating to test sub-dir
273 set subdir "subdirB.[pid]"
274 set sdpath $BASEDIR/$dirname/$subdir
275
276 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
277 # over-ridden by the parent dir's default ACL settings, and get its handle.
278 set sdfh "[creatv4_dir $sdpath 777]"
279 if {$sdfh == $NULL} {
280 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
281 putmsg stderr 0 "\t\t status=($status)."
282 Disconnect
283 exit $UNRESOLVED
284 } else {
285 lappend dir_cont_list $subdir
286
287 # Read dir ACL values
288 set res2 [compound {Putfh $sdfh; \
289 Getattr acl }]
290
291 ckres "Getattr acl again" $status $expcode $res2 $FAIL
292
293 set new_acl_list [extract_acl_list $res2]
294 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
295
296 # The sub directory should have inherited the parents default
297 # ACL settings, as both its default and non-default settings.
298 if $IsZFS {
299 set exp_acl [ concat $inherited_dir_common_list \
300 $inherited_acl_dir_other_list_b $initial_acl_list ]
301 } else {
302 set exp_acl [concat $acl_list $acl_list]
303 }
304 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
305
306 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
307 putmsg stderr 0 \
308 "\t Test FAIL: lists do not match."
309 } else {
310 putmsg stdout 0 "\t Test PASS"
311 }
312 }
313
314 puts ""
315
316 # ------------------------------------------------------------------------
317 # c: Test the default ACL settings of (rwxrwx--x) are inherited by sub-file
318
319 set tag "$TNAME{c}"
320 set ASSERTION "Test the default ACL settings of (rwxrwx--x) are inherited by sub-file"
321 putmsg stdout 0 "$tag: $ASSERTION"
322
323 set sid { 0 0}
324
325 # Set params relating to test sub-file
326 set subfile "subfileC.[pid]"
327 set sfpath $BASEDIR/$dirname/$subfile
328
329 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
330 # over-ridden by the parent dir's default ACL settings, and get its handle.
331 set sffh "[creatv4_file $sfpath 777]"
332 if {$sffh == $NULL } {
333 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
334 putmsg stderr 0 "\t\t status=($status)."
335 Disconnect
336 exit $UNRESOLVED
337 } else {
338 lappend dir_cont_list $subfile
339
340 # Read file ACL values
341 set res2 [compound {Putfh $sffh; \
342 Getattr acl }]
343
344 ckres "Getattr acl again" $status $expcode $res2 $FAIL
345
346 set new_acl_list [extract_acl_list $res2]
347 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
348
349 if $IsZFS {
350 # The file should have inherited the parent directorys ACL
351 set exp_acl [ concat $inherited_file_common_list \
352 $inherited_acl_file_other_list_c $initial_acl_list ]
353 } else {
354 # The file should have inherited the parent directorys default
355 # ACL settings except for the DELETE_CHILD bitmask.
356 set exp_acl [dir2file_aclmask $acl_list]
357 }
358 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
359
360 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
361 putmsg stderr 0 \
362 "\t Test FAIL: lists do not match."
363 } else {
364 putmsg stdout 0 "\t Test PASS"
365 }
366 }
367
368 puts ""
369
370 # ------------------------------------------------------------------------
371 # d: Test adding a default ACL of (rwxrwx-w-) to an existing directory
372
373 set tag "$TNAME{d}"
374 set ASSERTION "Test adding a default ACL of (rwxrwx-w-) to an existing directory"
375 putmsg stdout 0 "$tag: $ASSERTION"
376
377 set sid {0 0}
378
379 # Other - allow w, deny r/x
380 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_DIR_ACL ] ]
381
382 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
383 $POSIX_EXECUTE_ACL ] ]
384
385 if $IsZFS {
386 set inherited_other_allow_mask $other_allow_mask
387 set inherited_other_deny_mask $other_deny_mask
388
389 # For case e, ONE ACE on parent directory can create TWO ACEs on sub-dirs
390 # As we only concern the mask which will be compared, here we just set
391 # both TYPE and FLAG fields with 0.
392 lappend inherited_acl_dir_other_list_e \
393 "0 0 $other_allow_mask EVERYONE@" \
394 "0 0 $inherited_other_allow_mask EVERYONE@" \
395 "0 0 $other_deny_mask EVERYONE@" \
396 "0 0 $inherited_other_deny_mask EVERYONE@"
397
398 # For case f, ONE ACE on parent directory can create ONE ACE on sub-file
399 lappend inherited_acl_file_other_list_f \
400 "0 0 $inherited_other_allow_mask EVERYONE@" \
401 "0 0 $inherited_other_deny_mask EVERYONE@"
402 }
403
404 #
405 # Break the string returned from the Geattr acl command into
406 # a list and then extract the actual ACL settings.
407 #
408 set acl_list [extract_acl_list $initial_acl]
409
410 # Create the new ACL settings by replacing the appropriate entries.
411 #
412 # Order of entries in the list is as follows:
413 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
414 #
415 set acl_list $default_acl_list
416 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
417 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
418
419 set new_dir_acl [concat $initial_acl_list $acl_list]
420 putmsg stderr 1 "$tag: new dir ACL : $new_dir_acl"
421
422 # Set the new ACL values.
423 set res [compound {Putfh $dfh; \
424 Setattr $sid { {acl \
425 { $new_dir_acl } } } } ]
426
427 ckres "Setattr acl" $status $expcode $res $FAIL
428
429 # Re-read ACL values
430 set res2 [compound {Putfh $dfh; \
431 Getattr acl }]
432
433 ckres "Getattr acl again" $status $expcode $res2 $FAIL
434
435 if { $status == "OK" } {
436 set new_acl_list [extract_acl_list $res2]
437 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
438
439 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
440 putmsg stderr 0 \
441 "\t Test FAIL: lists do not match."
442 } else {
443 putmsg stdout 0 "\t Test PASS"
444 }
445 }
446
447 puts ""
448
449 # ------------------------------------------------------------------------
450 # e: Test the default ACL settings of (rwxrwx-w-) are inherited by sub-dir
451
452 set tag "$TNAME{e}"
453 set ASSERTION "Test the default ACL settings of (rwxrwx-w-) are inherited by sub-dir"
454 putmsg stdout 0 "$tag: $ASSERTION"
455
456 set sid {0 0}
457
458 # Set params relating to test file
459 set subdir "subdirE.[pid]"
460 set sdpath $BASEDIR/$dirname/$subdir
461
462 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
463 # over-ridden by the parent dir's default ACL settings, and get its handle.
464 set sdfh "[creatv4_dir $sdpath 777]"
465 if {$sdfh == $NULL} {
466 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
467 putmsg stderr 0 "\t\t status=($status)."
468 Disconnect
469 exit $UNRESOLVED
470 } else {
471 lappend dir_cont_list $subdir
472
473 # Read dir ACL values
474 set res2 [compound {Putfh $sdfh; \
475 Getattr acl }]
476
477 ckres "Getattr acl again" $status $expcode $res2 $FAIL
478
479 set new_acl_list [extract_acl_list $res2]
480 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
481
482 # The sub directory should have inherited the parents default
483 # ACL settings, as both its default and non-default settings.
484 if $IsZFS {
485 set exp_acl [ concat $inherited_dir_common_list \
486 $inherited_acl_dir_other_list_e $initial_acl_list ]
487 } else {
488 set exp_acl [concat $acl_list $acl_list]
489 }
490 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
491
492 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
493 putmsg stderr 0 \
494 "\t Test FAIL: lists do not match."
495 } else {
496 putmsg stdout 0 "\t Test PASS"
497 }
498
499 puts ""
500 }
501
502 # ------------------------------------------------------------------------
503 # f: Test the default ACL settings of (rwxrwx-w-) are inherited by sub-file
504
505 set tag "$TNAME{f}"
506 set ASSERTION "Test the default ACL settings of (rwxrwx-w-) are inherited by sub-file"
507 putmsg stdout 0 "$tag: $ASSERTION"
508
509 set sid { 0 0}
510
511 # Set params relating to test sub-file
512 set subfile "subfileF.[pid]"
513 set sfpath $BASEDIR/$dirname/$subfile
514
515 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
516 # over-ridden by the parent dir's default ACL settings, and get its handle.
517 set sffh "[creatv4_file $sfpath 777]"
518 if {$sffh == $NULL } {
519 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
520 putmsg stderr 0 "\t\t status=($status)."
521 Disconnect
522 exit $UNRESOLVED
523 } else {
524 lappend dir_cont_list $subfile
525
526 # Read file ACL values
527 set res2 [compound {Putfh $sffh; \
528 Getattr acl }]
529
530 ckres "Getattr acl again" $status $expcode $res2 $FAIL
531
532 set new_acl_list [extract_acl_list $res2]
533 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
534
535 if $IsZFS {
536 # The file should have inherited the parent directorys ACL
537 set exp_acl [ concat $inherited_file_common_list \
538 $inherited_acl_file_other_list_f $initial_acl_list ]
539 } else {
540 # The file should have inherited the parent directorys default
541 # ACL settings except for the DELETE_CHILD bitmask.
542 set exp_acl [dir2file_aclmask $acl_list]
543 }
544 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
545
546 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
547 putmsg stderr 0 \
548 "\t Test FAIL: lists do not match."
549 } else {
550 putmsg stdout 0 "\t Test PASS"
551 }
552 }
553
554 puts ""
555
556 # ------------------------------------------------------------------------
557 # g: Test adding a default ACL of (rwxrwxr--) to an existing directory
558
559 set tag "$TNAME{g}"
560 set ASSERTION "Test adding a default ACL of (rwxrwxr--) to an existing directory"
561 putmsg stdout 0 "$tag: $ASSERTION"
562
563 set sid {0 0}
564
565 # Other - allow r, deny wx
566 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
567
568 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_DIR_ACL \
569 $POSIX_EXECUTE_ACL ] ]
570
571 if $IsZFS {
572 set inherited_other_allow_mask $other_allow_mask
573 set inherited_other_deny_mask $other_deny_mask
574
575 # For case h, ONE ACE on parent directory can create TWO ACEs on sub-dirs
576 # As we only concern the mask which will be compared, here we just set
577 # both TYPE and FLAG fields with 0.
578 lappend inherited_acl_dir_other_list_h \
579 "0 0 $other_allow_mask EVERYONE@" \
580 "0 0 $inherited_other_allow_mask EVERYONE@" \
581 "0 0 $other_deny_mask EVERYONE@" \
582 "0 0 $inherited_other_deny_mask EVERYONE@"
583
584 # For case i, ONE ACE on parent directory can create ONE ACE on sub-file
585 lappend inherited_acl_file_other_list_i \
586 "0 0 $inherited_other_allow_mask EVERYONE@" \
587 "0 0 $inherited_other_deny_mask EVERYONE@"
588 }
589
590 #
591 # Break the string returned from the Geattr acl command into
592 # a list and then extract the actual ACL settings.
593 #
594 set acl_list [extract_acl_list $initial_acl]
595
596 # Create the new ACL settings by replacing the appropriate entries.
597 #
598 # Order of entries in the list is as follows:
599 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
600 #
601 set acl_list $default_acl_list
602 set acl_list [lreplace $acl_list 5 5 "0 b $other_allow_mask EVERYONE\@"]
603 set acl_list [lreplace $acl_list 6 6 "1 b $other_deny_mask EVERYONE\@"]
604
605 set new_dir_acl [concat $initial_acl_list $acl_list]
606 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
607
608 # Set the new ACL values.
609 set res [compound {Putfh $dfh; \
610 Setattr $sid { {acl \
611 { $new_dir_acl } } } } ]
612
613 ckres "Setattr acl" $status $expcode $res $FAIL
614
615 # Re-read ACL values
616 set res2 [compound {Putfh $dfh; \
617 Getattr acl }]
618
619 ckres "Getattr acl again" $status $expcode $res2 $FAIL
620
621 if { $status == "OK" } {
622 set new_acl_list [extract_acl_list $res2]
623 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
624
625 if { [compare_acl_lists $new_acl_list $new_dir_acl] != 0} {
626 putmsg stderr 0 \
627 "\t Test FAIL: lists do not match."
628 } else {
629 putmsg stdout 0 "\t Test PASS"
630 }
631 }
632
633 puts ""
634
635 # ------------------------------------------------------------------------
636 # h: Test the default ACL settings of (rwxrwxr--) are inherited by sub-dir
637
638 set tag "$TNAME{h}"
639 set ASSERTION "Test the default ACL settings of (rwxrwxr--) are inherited by sub-dir"
640 putmsg stdout 0 "$tag: $ASSERTION"
641
642 set sid {0 0}
643
644 # Set params relating to test file
645 set subdir "subdirH.[pid]"
646 set sdpath $BASEDIR/$dirname/$subdir
647
648 # Attempt to create the sub-dir with all perms set (-rwxrwxrwx) which should be
649 # over-ridden by the parent dir's default ACL settings, and get its handle.
650 set sdfh "[creatv4_dir $sdpath 777]"
651 if {$sdfh == $NULL} {
652 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subdir=($subdir)"
653 putmsg stderr 0 "\t\t status=($status)."
654 Disconnect
655 exit $UNRESOLVED
656 } else {
657 lappend dir_cont_list $subdir
658
659 # Read dir ACL values
660 set res2 [compound {Putfh $sdfh; \
661 Getattr acl }]
662
663 ckres "Getattr acl again" $status $expcode $res2 $FAIL
664
665 set new_acl_list [extract_acl_list $res2]
666 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
667
668 # The sub directory should have inherited the parents default
669 # ACL settings, as both its default and non-default settings.
670 if $IsZFS {
671 set exp_acl [ concat $inherited_dir_common_list \
672 $inherited_acl_dir_other_list_h $initial_acl_list ]
673 } else {
674 set exp_acl [concat $acl_list $acl_list]
675 }
676 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
677
678 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
679 putmsg stderr 0 \
680 "\t Test FAIL: lists do not match."
681 } else {
682 putmsg stdout 0 "\t Test PASS"
683 }
684
685 puts ""
686 }
687
688 # ------------------------------------------------------------------------
689 # i: Test the default ACL settings of (rwxrwxr--) are inherited by sub-file
690
691 set tag "$TNAME{i}"
692 set ASSERTION "Test the default ACL settings of (rwxrwxr--) are inherited by sub-file"
693 putmsg stdout 0 "$tag: $ASSERTION"
694
695 set sid { 0 0}
696
697 # Set params relating to test sub-file
698 set subfile "subfileI.[pid]"
699 set sfpath $BASEDIR/$dirname/$subfile
700
701 # Attempt to create the sub-file with all perms set (-rwxrwxrwx) which should be
702 # over-ridden by the parent dir's default ACL settings, and get its handle.
703 set sffh "[creatv4_file $sfpath 777]"
704 if {$sffh == $NULL } {
705 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp subfile=($subfile)"
706 putmsg stderr 0 "\t\t status=($status)."
707 Disconnect
708 exit $UNRESOLVED
709 } else {
710 lappend dir_cont_list $subfile
711
712 # Read file ACL values
713 set res2 [compound {Putfh $sffh; \
714 Getattr acl }]
715
716 ckres "Getattr acl again" $status $expcode $res2 $FAIL
717
718 set new_acl_list [extract_acl_list $res2]
719 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
720
721 if $IsZFS {
722 # The file should have inherited the parent directorys ACL
723 set exp_acl [ concat $inherited_file_common_list \
724 $inherited_acl_file_other_list_i $initial_acl_list ]
725 } else {
726 # The file should have inherited the parent directorys default
727 # ACL settings except for the DELETE_CHILD bitmask.
728 set exp_acl [dir2file_aclmask $acl_list]
729 }
730 putmsg stderr 1 "$tag: expected ACL: $exp_acl"
731
732 if { [compare_acl_lists $new_acl_list $exp_acl MASK] != 0} {
733 putmsg stderr 0 \
734 "\t Test FAIL: lists do not match."
735 } else {
736 putmsg stdout 0 "\t Test PASS"
737 }
738 }
739
740 puts ""
741
742 #
743 # Final Cleanup - remove all the sub-files and sub-dirs first
744 # then the parent directory.
745 #
746 set tag "$TNAME-sub-cleanup"
747 remove_dir_entries $dfh $dir_cont_list
748
749 set tag "$TNAME-cleanup"
750 set res3 [compound {Putfh $bfh; Remove $dirname}]
751 if {$status != "OK"} {
752 putmsg stderr 0 "\t WARNING: cleanup to remove tmp parent dir failed"
753 putmsg stderr 0 "\t status=$status; please cleanup manually."
754 putmsg stderr 1 "\t res=($res3)"
755 putmsg stderr 1 " "
756 }
757
758 Disconnect
759 exit $PASS