1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test setting ACE4_DELETE ACL attr in DENY ace access_mask
29 # b: Test setting ACE4_WRITE_OWNER ACL attr in DENY ace access_mask
30 # c: Test setting ACE4_WRITE_OWNER ACL attr in ALLOW ace access_mask
31 # d: Test setting ACE4_SYNCHRONIZE ACL attr in DENY ace access_mask
32 # e: Test setting ACE4_READ_NAMED_ATTRS ACL attr in DENY ace access_mask
33 # f: Test setting ACE4_WRITE_NAMED_ATTRS ACL attr in DENY ace access_mask
34 # g: Test setting ACE4_DELETE_CHILD ACL attr in ALLOW ace access_mask
35 # h: Test setting ACE4_DELETE_CHILD ACL attr in DENY ace access_mask
36 # i: Test setting ACE4_WRITE_ACL attr in ALLOW ACE whose "who" field is not "OWNER@"
37 # j: Test setting ACE4_WRITE_ATTRIBUTES attr in ALLOW ACE whose "who" field is not "OWNER@"
38 # k: Test setting ACE4_WRITE_DATA attr in ALLOW ACE without ACE4_APPEND_DATA
39 # l: Test setting ACE4_APPEND_DATA attr in ALLOW ACE without ACE4_WRITE_DATA
40 # m: Test setting ACE4_WRITE_DATA attr in DENY ACE without ACE4_APPEND_DATA
41 # n: Test setting ACE4_APPEND_DATA attr in DENY ACE without ACE4_WRITE_DATA
42 #
43 # All tests expect ATTRNOTSUPP for UFS, and expect OK for ZFS
44 #
45
46 set TESTROOT $env(TESTROOT)
47
48 # include common code and init section
49 source [file join ${TESTROOT} tcl.init]
50 source [file join ${TESTROOT} testproc]
51 source [file join ${TESTROOT} acltools]
52
53 # connect to the test server
54 Connect
55
56 # setting local variables
57 set TNAME $argv0
58 set expcode_get "OK"
59 if $IsZFS {
60 set expcode_set "OK"
61 } else {
62 set expcode_set "ATTRNOTSUPP"
63 }
64
65 set POSIX_READ_ACL $env(POSIX_READ_ACL)
66 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
67 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
68 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
69 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
70 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
71
72 # Set params relating to test file
73 set filename "newfile.[pid]"
74 set fpath [file join ${BASEDIR} ${filename}]
75
76 # Create the test file and get its handle.
77 set tfh "[creatv4_file $fpath 777]"
78 if {$tfh == $NULL} {
79 putmsg stdout 0 "$TNAME: test setup"
80 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($filename)"
81 putmsg stderr 0 "\t\t status=($status)."
82 Disconnect
83 exit $UNRESOLVED
84 }
85
86 # Get handle for base directory
87 set bfh [get_fh "$BASEDIRS"]
88
89
90 # Start testing
91 # ---------------------------------------------------------------
92 #a: Test setting ACE4_DELETE ACL attr in DENY ACE
93 # expect ATTRNOTSUPP for UFS
94 # expect OK for ZFS
95
96 set tag "$TNAME{a}"
97 set ASSERTION "Test set ACL access_mask attr ACE4_DELETE in DENY ACE, \
98 expect $expcode_set"
99 putmsg stdout 0 "$tag: $ASSERTION"
100
101 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
102 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
103
104 set owner_deny_mask [ aclmask ACE4_DELETE ]
105
106 set sid {0 0}
107
108 # get the initial ACL settings.
109 set initial_acl [compound {Putfh $tfh; \
110 Getattr acl }]
111
112 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
113
114 #
115 # Break the string returned from the Geattr acl command into
116 # a list and then extract the actual ACL settings.
117 #
118 set acl_list [extract_acl_list $initial_acl]
119 putmsg stderr 1 "$tag: initial ACL : $acl_list"
120
121 # Create the new ACL settings by replacing the appropriate entries.
122 #
123 # Order of entries in the list is as follows:
124 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
125 #
126 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
127 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
128 putmsg stderr 1 "$tag: new ACL : $acl_list"
129
130 # Attempt to set the new ACL values, expect this to fail.
131 set res [compound {Putfh $tfh; \
132 Setattr $sid { {acl \
133 { $acl_list } } } } ]
134
135 ckres "Setattr" $status $expcode_set $res $PASS
136
137 puts ""
138
139 # ---------------------------------------------------------------
140 #b: Test set ACL access_mask attr ACE4_WRITE_OWNER in DENY ACE
141 # expect ATTRNOTSUPP for UFS
142 # expect OK for ZFS
143
144 set tag "$TNAME{b}"
145 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_OWNER in DENY ACE, \
146 expect $expcode_set"
147 putmsg stdout 0 "$tag: $ASSERTION"
148
149 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
150 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
151
152 set owner_deny_mask [ aclmask ACE4_WRITE_OWNER ]
153
154 set sid {0 0}
155
156 # get the initial ACL settings.
157 set initial_acl [compound {Putfh $tfh; \
158 Getattr acl }]
159
160 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
161
162 #
163 # Break the string returned from the Geattr acl command into
164 # a list and then extract the actual ACL settings.
165 #
166 set acl_list [extract_acl_list $initial_acl]
167 putmsg stderr 1 "$tag: initial ACL : $acl_list"
168
169 # Create the new ACL settings by replacing the appropriate entries.
170 #
171 # Order of entries in the list is as follows:
172 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
173 #
174 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
175 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
176 putmsg stderr 1 "$tag: new ACL : $acl_list"
177
178 # Attempt to set the new ACL values, expect this to fail.
179 set res [compound {Putfh $tfh; \
180 Setattr $sid { {acl \
181 { $acl_list } } } } ]
182
183 ckres "Setattr" $status $expcode_set $res $PASS
184
185 puts ""
186
187 # ---------------------------------------------------------------
188 #c: Test set ACL access_mask attr ACE4_WRITE_OWNER in ALLOW ACE
189 # expect ATTRNOTSUPP for UFS
190 # expect OK for ZFS
191
192 set tag "$TNAME{c}"
193 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_OWNER in ALLOW ACE, \
194 expect $expcode_set"
195 putmsg stdout 0 "$tag: $ASSERTION"
196
197 set owner_allow_mask [ aclmask [ concat "ACE4_WRITE_OWNER" $OWNER_ALLOW_ACL \
198 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
199
200 set owner_deny_mask 0
201
202 set sid {0 0}
203
204 # get the initial ACL settings.
205 set initial_acl [compound {Putfh $tfh; \
206 Getattr acl }]
207
208 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
209
210 #
211 # Break the string returned from the Geattr acl command into
212 # a list and then extract the actual ACL settings.
213 #
214 set acl_list [extract_acl_list $initial_acl]
215 putmsg stderr 1 "$tag: initial ACL : $acl_list"
216
217 # Create the new ACL settings by replacing the appropriate entries.
218 #
219 # Order of entries in the list is as follows:
220 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
221 #
222 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
223 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
224 putmsg stderr 1 "$tag: new ACL : $acl_list"
225
226 # Attempt to set the new ACL values, expect this to fail.
227 set res [compound {Putfh $tfh; \
228 Setattr $sid { {acl \
229 { $acl_list } } } } ]
230
231 ckres "Setattr" $status $expcode_set $res $PASS
232
233 puts ""
234 # ---------------------------------------------------------------
235 #d: Test set ACL access_mask attr ACE4_SYNCHRONIZE in DENY ACE
236 # expect ATTRNOTSUPP for UFS
237 # expect OK for ZFS
238
239 set tag "$TNAME{d}"
240 set ASSERTION "Test set ACL access_mask attr ACE4_SYNCHRONIZE in DENY ACE, \
241 expect $expcode_set"
242 putmsg stdout 0 "$tag: $ASSERTION"
243
244 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
245 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
246
247 set owner_deny_mask [ aclmask ACE4_SYNCHRONIZE ]
248
249 set sid {0 0}
250
251 # get the initial ACL settings.
252 set initial_acl [compound {Putfh $tfh; \
253 Getattr acl }]
254
255 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
256
257 #
258 # Break the string returned from the Geattr acl command into
259 # a list and then extract the actual ACL settings.
260 #
261 set acl_list [extract_acl_list $initial_acl]
262 putmsg stderr 1 "$tag: initial ACL : $acl_list"
263
264 # Create the new ACL settings by replacing the appropriate entries.
265 #
266 # Order of entries in the list is as follows:
267 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
268 #
269 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
270 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
271 putmsg stderr 1 "$tag: new ACL : $acl_list"
272
273 # Attempt to set the new ACL values, expect this to fail.
274 set res [compound {Putfh $tfh; \
275 Setattr $sid { {acl \
276 { $acl_list } } } } ]
277
278 ckres "Setattr" $status $expcode_set $res $PASS
279
280 puts ""
281
282 # ---------------------------------------------------------------
283 #e: Test set ACL access_mask attr ACE4_READ_NAMED_ATTRS in DENY ACE
284 # expect ATTRNOTSUPP for UFS
285 # expect OK for ZFS
286
287 set tag "$TNAME{e}"
288 set ASSERTION "Test set ACL access_mask attr ACE4_READ_NAMED_ATTRS \
289 in DENY ACE, expect $expcode_set"
290 putmsg stdout 0 "$tag: $ASSERTION"
291
292 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
293 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
294
295 set owner_deny_mask [ aclmask ACE4_READ_NAMED_ATTRS ]
296
297 set sid {0 0}
298
299 # get the initial ACL settings.
300 set initial_acl [compound {Putfh $tfh; \
301 Getattr acl }]
302
303 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
304
305 #
306 # Break the string returned from the Geattr acl command into
307 # a list and then extract the actual ACL settings.
308 #
309 set acl_list [extract_acl_list $initial_acl]
310 putmsg stderr 1 "$tag: initial ACL : $acl_list"
311
312 # Create the new ACL settings by replacing the appropriate entries.
313 #
314 # Order of entries in the list is as follows:
315 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
316 #
317 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
318 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
319 putmsg stderr 1 "$tag: new ACL : $acl_list"
320
321 # Attempt to set the new ACL values, expect this to fail.
322 set res [compound {Putfh $tfh; \
323 Setattr $sid { {acl \
324 { $acl_list } } } } ]
325
326 ckres "Setattr" $status $expcode_set $res $PASS
327
328 puts ""
329
330 # ---------------------------------------------------------------
331 #f: Test set ACL access_mask attr ACE4_WRITE_NAMED_ATTRS in DENY ACE
332 # expect ATTRNOTSUPP for UFS
333 # expect OK for ZFS
334
335 set tag "$TNAME{f}"
336 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_NAMED_ATTRS \
337 in DENY ACE, expect $expcode_set"
338 putmsg stdout 0 "$tag: $ASSERTION"
339
340 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
341 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
342
343 set owner_deny_mask [ aclmask ACE4_WRITE_NAMED_ATTRS ]
344
345 set sid {0 0}
346
347 # get the initial ACL settings.
348 set initial_acl [compound {Putfh $tfh; \
349 Getattr acl }]
350
351 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
352
353 #
354 # Break the string returned from the Geattr acl command into
355 # a list and then extract the actual ACL settings.
356 #
357 set acl_list [extract_acl_list $initial_acl]
358 putmsg stderr 1 "$tag: initial ACL : $acl_list"
359
360 # Create the new ACL settings by replacing the appropriate entries.
361 #
362 # Order of entries in the list is as follows:
363 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
364 #
365 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
366 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
367 putmsg stderr 1 "$tag: new ACL : $acl_list"
368
369 # Attempt to set the new ACL values, expect this to fail.
370 set res [compound {Putfh $tfh; \
371 Setattr $sid { {acl \
372 { $acl_list } } } } ]
373
374 ckres "Setattr" $status $expcode_set $res $PASS
375
376 puts ""
377
378
379 # ---------------------------------------------------------------
380 #g: Test set ACL access_mask attr ACE4_DELETE_CHILD in ALLOW ACE
381 # expect ATTRNOTSUPP for UFS
382 # expect OK for ZFS
383
384 set tag "$TNAME{g}"
385 set ASSERTION "Test set ACL access_mask attr ACE4_DELETE_CHILD in ALLOW ACE, \
386 expect $expcode_set"
387 putmsg stdout 0 "$tag: $ASSERTION"
388
389 set owner_allow_mask [ aclmask [ concat "ACE4_DELETE_CHILD" $OWNER_ALLOW_ACL \
390 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
391
392 set owner_deny_mask 0
393
394 set sid {0 0}
395
396 # get the initial ACL settings.
397 set initial_acl [compound {Putfh $tfh; \
398 Getattr acl }]
399
400 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
401
402 #
403 # Break the string returned from the Geattr acl command into
404 # a list and then extract the actual ACL settings.
405 #
406 set acl_list [extract_acl_list $initial_acl]
407 putmsg stderr 1 "$tag: initial ACL : $acl_list"
408
409 # Create the new ACL settings by replacing the appropriate entries.
410 #
411 # Order of entries in the list is as follows:
412 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
413 #
414 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
415 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
416 putmsg stderr 1 "$tag: new ACL : $acl_list"
417
418 # Attempt to set the new ACL values, expect this to fail.
419 set res [compound {Putfh $tfh; \
420 Setattr $sid { {acl \
421 { $acl_list } } } } ]
422
423 ckres "Setattr" $status $expcode_set $res $PASS
424
425 puts ""
426
427 # ---------------------------------------------------------------
428 #h: Test set ACL access_mask attr ACE4_DELETE_CHILD in DENY ACE;
429 # expect ATTRNOTSUPP for UFS
430 # expect OK for ZFS
431
432 set tag "$TNAME{h}"
433 set ASSERTION "Test set ACL access_mask attr ACE4_DELETE_CHILD in DENY ACE, \
434 expect $expcode_set"
435 putmsg stdout 0 "$tag: $ASSERTION"
436
437 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
438 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
439
440 set owner_deny_mask [ aclmask ACE4_DELETE_CHILD ]
441
442 set sid {0 0}
443
444 # get the initial ACL settings.
445 set initial_acl [compound {Putfh $tfh; \
446 Getattr acl }]
447
448 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
449
450 #
451 # Break the string returned from the Geattr acl command into
452 # a list and then extract the actual ACL settings.
453 #
454 set acl_list [extract_acl_list $initial_acl]
455 putmsg stderr 1 "$tag: initial ACL : $acl_list"
456
457 # Create the new ACL settings by replacing the appropriate entries.
458 #
459 # Order of entries in the list is as follows:
460 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
461 #
462 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
463 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
464 putmsg stderr 1 "$tag: new ACL : $acl_list"
465
466 # Attempt to set the new ACL values, expect this to fail.
467 set res [compound {Putfh $tfh; \
468 Setattr $sid { {acl \
469 { $acl_list } } } } ]
470
471 ckres "Setattr" $status $expcode_set $res $PASS
472
473 puts ""
474
475 # ---------------------------------------------------------------
476 #i: Test setting ACE4_WRITE_ACL attr in ALLOW ACE whose "who" field is not "OWNER@"
477 # expect ATTRNOTSUPP for UFS
478 # expect OK for ZFS
479
480 set tag "$TNAME{i}"
481 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_ACL with \"who\" \
482 not OWNER@ in ALLOW ACE, expect $expcode_set"
483 putmsg stdout 0 "$tag: $ASSERTION"
484
485 set group_allow_mask [ aclmask [ concat "ACE4_WRITE_ACL" $GENERIC_ALLOW_ACL \
486 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
487
488 set group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
489
490 set sid {0 0}
491
492 # get the initial ACL settings.
493 set initial_acl [compound {Putfh $tfh; \
494 Getattr acl }]
495
496 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
497
498 #
499 # Break the string returned from the Geattr acl command into
500 # a list and then extract the actual ACL settings.
501 #
502 set acl_list [extract_acl_list $initial_acl]
503 putmsg stderr 1 "$tag: initial ACL : $acl_list"
504
505 # Create the new ACL settings by replacing the appropriate entries.
506 #
507 # Order of entries in the list is as follows:
508 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
509 #
510 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
511 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
512 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
513 putmsg stderr 1 "$tag: new ACL : $acl_list"
514
515 # Attempt to set the new ACL values, expect this to fail.
516 set res [compound {Putfh $tfh; \
517 Setattr $sid { {acl \
518 { $acl_list } } } } ]
519
520 ckres "Setattr" $status $expcode_set $res $PASS
521
522 puts ""
523
524
525 # ---------------------------------------------------------------
526 #j: Test setting ACE4_WRITE_ATTRIBUTES attr in ALLOW ACE whose "who" field is not "OWNER@"
527 # expect ATTRNOTSUPP for UFS
528 # expect OK for ZFS
529
530 set tag "$TNAME{j}"
531 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_ATTRIBUTES with \"who\", \
532 not OWNER@ expect $expcode_set"
533 putmsg stdout 0 "$tag: $ASSERTION"
534
535 set group_allow_mask [ aclmask [ concat "ACE4_WRITE_ATTRIBUTES" $GENERIC_ALLOW_ACL \
536 $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
537
538 set group_deny_mask [ aclmask $GENERIC_DENY_ACL ]
539
540 set sid {0 0}
541
542 # get the initial ACL settings.
543 set initial_acl [compound {Putfh $tfh; \
544 Getattr acl }]
545
546 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
547
548 #
549 # Break the string returned from the Geattr acl command into
550 # a list and then extract the actual ACL settings.
551 #
552 set acl_list [extract_acl_list $initial_acl]
553 putmsg stderr 1 "$tag: initial ACL : $acl_list"
554
555 # Create the new ACL settings by replacing the appropriate entries.
556 #
557 # Order of entries in the list is as follows:
558 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
559 #
560 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
561 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
562 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
563 putmsg stderr 1 "$tag: new ACL : $acl_list"
564
565 # Attempt to set the new ACL values, expect this to fail.
566 set res [compound {Putfh $tfh; \
567 Setattr $sid { {acl \
568 { $acl_list } } } } ]
569
570 ckres "Setattr" $status $expcode_set $res $PASS
571
572 puts ""
573
574 # ---------------------------------------------------------------
575 #k: Test setting ACE4_WRITE_DATA attr in ALLOW ACE without ACE4_APPEND_DATA
576 # expect ATTRNOTSUPP for UFS
577 # expect OK for ZFS
578
579 set tag "$TNAME{k}"
580 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_DATA without \
581 ACE4_APPEND_DATA in ALLOW ACE, expect $expcode_set"
582 putmsg stdout 0 "$tag: $ASSERTION"
583
584 #
585 # POSIX_WRITE_DATA contains ACE4_WRITE_DATA and ACE4_APPEND_DATA, so
586 # rather than use that we use ACE4_WRITE_DATA on its own.
587 #
588 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
589 $POSIX_READ_ACL "ACE4_WRITE_DATA" $POSIX_EXECUTE_ACL ] ]
590
591 set owner_deny_mask 0
592
593 set sid {0 0}
594
595 # get the initial ACL settings.
596 set initial_acl [compound {Putfh $tfh; \
597 Getattr acl }]
598
599 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
600
601 #
602 # Break the string returned from the Geattr acl command into
603 # a list and then extract the actual ACL settings.
604 #
605 set acl_list [extract_acl_list $initial_acl]
606 putmsg stderr 1 "$tag: initial ACL : $acl_list"
607
608 # Create the new ACL settings by replacing the appropriate entries.
609 #
610 # Order of entries in the list is as follows:
611 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
612 #
613 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
614 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
615 putmsg stderr 1 "$tag: new ACL : $acl_list"
616
617 # Attempt to set the new ACL values, expect this to fail.
618 set res [compound {Putfh $tfh; \
619 Setattr $sid { {acl \
620 { $acl_list } } } } ]
621
622 ckres "Setattr" $status $expcode_set $res $PASS
623
624 puts ""
625
626 # ---------------------------------------------------------------
627 #l: Test setting ACE4_APPEND_DATA attr in ALLOW ACE without ACE4_WRITE_DATA
628 # expect ATTRNOTSUPP for UFs
629 # expect OK for ZFS
630
631 set tag "$TNAME{l}"
632 set ASSERTION "Test set ACL access_mask attr ACE4_APPEND_DATA without \
633 ACE4_WRITE_DATA in ALLOW ACE, expect $expcode_set"
634 putmsg stdout 0 "$tag: $ASSERTION"
635
636 #
637 # POSIX_WRITE_DATA contains ACE4_WRITE_DATA and ACE4_APPEND_DATA, so
638 # rather than use that we use ACE4_APPEND_DATA on its own.
639 #
640 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL \
641 $POSIX_READ_ACL "ACE4_APPEND_DATA" $POSIX_EXECUTE_ACL ] ]
642
643 set owner_deny_mask 0
644
645 set sid {0 0}
646
647 # get the initial ACL settings.
648 set initial_acl [compound {Putfh $tfh; \
649 Getattr acl }]
650
651 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
652
653 #
654 # Break the string returned from the Geattr acl command into
655 # a list and then extract the actual ACL settings.
656 #
657 set acl_list [extract_acl_list $initial_acl]
658 putmsg stderr 1 "$tag: initial ACL : $acl_list"
659
660 # Create the new ACL settings by replacing the appropriate entries.
661 #
662 # Order of entries in the list is as follows:
663 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
664 #
665 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
666 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
667 putmsg stderr 1 "$tag: new ACL : $acl_list"
668
669 # Attempt to set the new ACL values, expect this to fail.
670 set res [compound {Putfh $tfh; \
671 Setattr $sid { {acl \
672 { $acl_list } } } } ]
673
674 ckres "Setattr" $status $expcode_set $res $PASS
675
676 puts ""
677
678 # ---------------------------------------------------------------
679 #m: Test setting ACE4_WRITE_DATA attr in DENY ACE without ACE4_APPEND_DATA
680 # expect ATTRNOTSUPP for UFS
681 # expect OK for ZFS
682
683 set tag "$TNAME{m}"
684 set ASSERTION "Test set ACL access_mask attr ACE4_WRITE_DATA without \
685 ACE4_APPEND_DATA in DENY ACE, expect $expcode_set"
686 putmsg stdout 0 "$tag: $ASSERTION"
687
688 set owner_allow_mask [ aclmask $OWNER_ALLOW_ACL ]
689
690 #
691 # POSIX_WRITE_DATA contains ACE4_WRITE_DATA and ACE4_APPEND_DATA, so
692 # rather than use that we use ACE4_WRITE_DATA on its own.
693 #
694 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL "ACE4_WRITE_DATA" \
695 $POSIX_EXECUTE_ACL ] ]
696
697 set sid {0 0}
698
699 # get the initial ACL settings.
700 set initial_acl [compound {Putfh $tfh; \
701 Getattr acl }]
702
703 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
704
705 #
706 # Break the string returned from the Geattr acl command into
707 # a list and then extract the actual ACL settings.
708 #
709 set acl_list [extract_acl_list $initial_acl]
710 putmsg stderr 1 "$tag: initial ACL : $acl_list"
711
712 # Create the new ACL settings by replacing the appropriate entries.
713 #
714 # Order of entries in the list is as follows:
715 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
716 #
717 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
718 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
719 putmsg stderr 1 "$tag: new ACL : $acl_list"
720
721 # Attempt to set the new ACL values, expect this to fail.
722 set res [compound {Putfh $tfh; \
723 Setattr $sid { {acl \
724 { $acl_list } } } } ]
725
726 ckres "Setattr" $status $expcode_set $res $PASS
727
728 puts ""
729
730 # ---------------------------------------------------------------
731 #n: Test setting ACE4_APPEND_DATA attr in DENY ACE without ACE4_WRITE_DATA
732 # expect ATTRNOTSUPP for UFS
733 # expect OK for ZFS
734
735 set tag "$TNAME{n}"
736 set ASSERTION "Test set ACL access_mask attr ACE4_APPEND_DATA without \
737 ACE4_WRITE_DATA in DENY ACE, expect $expcode_set"
738 putmsg stdout 0 "$tag: $ASSERTION"
739
740 set owner_allow_mask [ aclmask $OWNER_ALLOW_ACL ]
741
742 #
743 # POSIX_WRITE_DATA contains ACE4_WRITE_DATA and ACE4_APPEND_DATA, so
744 # rather than use that we use ACE4_APPEND_DATA on its own.
745 #
746 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL "ACE4_APPEND_DATA" \
747 $POSIX_EXECUTE_ACL ] ]
748
749 set sid {0 0}
750
751 # get the initial ACL settings.
752 set initial_acl [compound {Putfh $tfh; \
753 Getattr acl }]
754
755 ckres "Getattr acl" $status $expcode_get $initial_acl $FAIL
756
757 #
758 # Break the string returned from the Geattr acl command into
759 # a list and then extract the actual ACL settings.
760 #
761 set acl_list [extract_acl_list $initial_acl]
762 putmsg stderr 1 "$tag: initial ACL : $acl_list"
763
764 # Create the new ACL settings by replacing the appropriate entries.
765 #
766 # Order of entries in the list is as follows:
767 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
768 #
769 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
770 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
771 putmsg stderr 1 "$tag: new ACL : $acl_list"
772
773 # Attempt to set the new ACL values, expect this to fail.
774 set res [compound {Putfh $tfh; \
775 Setattr $sid { {acl \
776 { $acl_list } } } } ]
777
778 ckres "Setattr" $status $expcode_set $res $PASS
779
780 puts ""
781
782 #
783 #
784 #
785 # Cleanup
786 #
787 set tag "$TNAME-cleanup"
788 set res2 [compound {Putfh $bfh; Remove $filename}]
789 if {$status != "OK"} {
790 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
791 putmsg stderr 0 "\t status=$status; please cleanup manually."
792 putmsg stderr 1 "\t res=($res2)"
793 putmsg stderr 1 " "
794 Disconnect
795 exit $WARNING
796 }
797
798 Disconnect
799 exit $PASS