1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file owner read perms - expect OK
29 # b: Test restoring file owner read perms - expect OK
30 # c: Test removing file owner write perms - expect OK
31 # d: Test restoring file owner write perms - expect OK
32 # e: Test removing file owner execute perms - expect OK
33 # f: Test restoring file owner execute perms - expect OK
34 # g: Test removing all file owner perms - expect OK
35 # h: Test restoring all file owner perms - expect OK
36 #
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
54 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
55 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
56 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
57
58 # Get handle for base directory
59 set bfh [get_fh "$BASEDIRS"]
60
61 # Set params relating to test file
62 set tfile "newfile.[pid]"
63 set fpath [file join ${BASEDIR} ${tfile}]
64
65 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
66 set tfh "[creatv4_file $fpath 777]"
67 if {$tfh == $NULL} {
68 putmsg stdout 0 "$TNAME: test setup"
69 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
70 putmsg stderr 0 "\t\t status=($status)."
71 Disconnect
72 exit $UNRESOLVED
73 }
74
75 # Start testing
76 # ------------------------------------------------------------------------
77 # a: Test removing file owner read perms - expect OK
78
79 set tag "$TNAME{a}"
80 set ASSERTION "Test removing file owner read perms - expect $expcode"
81 putmsg stdout 0 "$tag: $ASSERTION"
82
83 set sid {0 0}
84
85 set owner_allow_mask [aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
86
87 set owner_deny_mask [ aclmask $POSIX_READ_ACL ]
88
89 # get the initial ACL settings.
90 set initial_acl [compound {Putfh $tfh; \
91 Getattr acl }]
92
93 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
94
95 #
96 # Break the string returned from the Geattr acl command into
97 # a list and then extract the actual ACL settings.
98 #
99 set acl_list [extract_acl_list $initial_acl]
100 putmsg stderr 1 "$tag: initial ACL : $acl_list"
101
102 # Create the new ACL settings by replacing the appropriate entries.
103 #
104 # Order of entries in the list is as follows:
105 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
106 #
107 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
108 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
109 putmsg stderr 1 "$tag: new ACL : $acl_list"
110
111
112 # Set the new ACL values.
113 set res [compound {Putfh $tfh; \
114 Setattr $sid { {acl \
115 { $acl_list } } } } ]
116
117
118 ckres "Setattr acl" $status $expcode $res $FAIL
119
120 # Re-read ACL values
121 set res2 [compound {Putfh $tfh; \
122 Getattr acl }]
123
124 ckres "Getattr acl again" $status $expcode $res2 $FAIL
125
126 if { $status == "OK" } {
127 set new_acl_list [extract_acl_list $res2]
128 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
129
130 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
131 putmsg stderr 0 \
132 "\t Test FAIL: lists do not match."
133 } else {
134 putmsg stdout 0 "\t Test PASS"
135 }
136 }
137
138 puts ""
139
140 # ------------------------------------------------------------------------
141 # b: Test restoring file owner read perms - expect OK
142
143 set tag "$TNAME{b}"
144 set ASSERTION "Test restoring file owner read perms - expect $expcode"
145 putmsg stdout 0 "$tag: $ASSERTION"
146
147 restore_perms $tfh OWNER FILE
148
149
150 # ------------------------------------------------------------------------
151 # c: Test removing file owner write perms - expect OK
152
153 set tag "$TNAME{c}"
154 set ASSERTION "Test removing file owner write perms - expect $expcode"
155 putmsg stdout 0 "$tag: $ASSERTION"
156
157 set sid {0 0}
158
159 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 set owner_deny_mask [ aclmask $POSIX_WRITE_ACL ]
162
163 # get the initial ACL settings.
164 set initial_acl [compound {Putfh $tfh; \
165 Getattr acl }]
166
167 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
168
169 #
170 # Break the string returned from the Geattr acl command into
171 # a list and then extract the actual ACL settings.
172 #
173 set acl_list [extract_acl_list $initial_acl]
174 putmsg stderr 1 "$tag: initial ACL : $acl_list"
175
176 # Create the new ACL settings by replacing the appropriate entries.
177 #
178 # Order of entries in the list is as follows:
179 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
180 #
181 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
182 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
183 putmsg stderr 1 "$tag: new ACL : $acl_list"
184
185 # Set the new ACL values.
186 set res [compound {Putfh $tfh; \
187 Setattr $sid { {acl \
188 { $acl_list } } } } ]
189
190 ckres "Setattr acl" $status $expcode $res $FAIL
191
192 # Re-read ACL values
193 set res2 [compound {Putfh $tfh; \
194 Getattr acl }]
195
196 ckres "Getattr acl again" $status $expcode $res2 $FAIL
197
198 if { $status == "OK" } {
199 set new_acl_list [extract_acl_list $res2]
200 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
201
202 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
203 putmsg stderr 0 \
204 "\t Test FAIL: lists do not match."
205 } else {
206 putmsg stdout 0 "\t Test PASS"
207 }
208 }
209
210 puts ""
211
212 # ------------------------------------------------------------------------
213 # d: Test restoring file owner write perms - expect OK
214
215 set tag "$TNAME{d}"
216 set ASSERTION "Test restoring file owner write perms - expect $expcode"
217 putmsg stdout 0 "$tag: $ASSERTION"
218
219 restore_perms $tfh OWNER FILE
220
221 # ------------------------------------------------------------------------
222 # e: Test removing file owner execute perms - expect OK
223
224 set tag "$TNAME{e}"
225 set ASSERTION "Test removing file owner execute perms - expect $expcode"
226 putmsg stdout 0 "$tag: $ASSERTION"
227
228 set sid {0 0}
229
230 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
231
232 set owner_deny_mask [ aclmask $POSIX_EXECUTE_ACL ]
233
234 # get the initial ACL settings.
235 set initial_acl [compound {Putfh $tfh; \
236 Getattr acl }]
237
238 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
239
240 #
241 # Break the string returned from the Geattr acl command into
242 # a list and then extract the actual ACL settings.
243 #
244 set acl_list [extract_acl_list $initial_acl]
245 putmsg stderr 1 "$tag: initial ACL : $acl_list"
246
247 # Create the new ACL settings by replacing the appropriate entries.
248 #
249 # Order of entries in the list is as follows:
250 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
251 #
252 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
253 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
254 putmsg stderr 1 "$tag: new ACL : $acl_list"
255
256 # Set the new ACL values.
257 set res [compound {Putfh $tfh; \
258 Setattr $sid { {acl \
259 { $acl_list } } } } ]
260
261 ckres "Setattr acl" $status $expcode $res $FAIL
262
263 # Re-read ACL values
264 set res2 [compound {Putfh $tfh; \
265 Getattr acl }]
266
267 ckres "Getattr acl again" $status $expcode $res2 $FAIL
268
269 if { $status == "OK" } {
270 set new_acl_list [extract_acl_list $res2]
271 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
272
273 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
274 putmsg stderr 0 \
275 "\t Test FAIL: lists do not match."
276 } else {
277 putmsg stdout 0 "\t Test PASS"
278 }
279 }
280
281 puts ""
282
283 # ------------------------------------------------------------------------
284 # f: Test restoring file owner execute perms - expect OK
285
286 set tag "$TNAME{f}"
287 set ASSERTION "Test restoring file owner execute perms - expect $expcode"
288 putmsg stdout 0 "$tag: $ASSERTION"
289
290 restore_perms $tfh OWNER FILE
291
292 # ------------------------------------------------------------------------
293 # g: Test removing all file owner perms - expect OK
294
295 set tag "$TNAME{g}"
296 set ASSERTION "Test removing all file owner perms - expect $expcode"
297 putmsg stdout 0 "$tag: $ASSERTION"
298
299 set sid {0 0}
300
301 set owner_allow_mask [ aclmask $OWNER_ALLOW_ACL ]
302
303 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
304
305 # get the initial ACL settings.
306 set initial_acl [compound {Putfh $tfh; \
307 Getattr acl }]
308
309 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
310
311 #
312 # Break the string returned from the Geattr acl command into
313 # a list and then extract the actual ACL settings.
314 #
315 set acl_list [extract_acl_list $initial_acl]
316 putmsg stderr 1 "$tag: initial ACL : $acl_list"
317
318 # Create the new ACL settings by replacing the appropriate entries.
319 #
320 # Order of entries in the list is as follows:
321 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
322 #
323 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
324 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
325 putmsg stderr 1 "$tag: new ACL : $acl_list"
326
327 # Set the new ACL values.
328 set res [compound {Putfh $tfh; \
329 Setattr $sid { {acl \
330 { $acl_list } } } } ]
331
332 ckres "Setattr acl" $status $expcode $res $FAIL
333
334 # Re-read ACL values
335 set res2 [compound {Putfh $tfh; \
336 Getattr acl }]
337
338 ckres "Getattr acl again" $status $expcode $res2 $FAIL
339
340 if { $status == "OK" } {
341 set new_acl_list [extract_acl_list $res2]
342 putmsg stderr 1 "$tag: new ACL : $acl_list"
343
344 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
345 putmsg stderr 0 \
346 "\t Test FAIL: lists do not match."
347 } else {
348 putmsg stdout 0 "\t Test PASS"
349 }
350 }
351
352 puts ""
353
354 # ------------------------------------------------------------------------
355 # h: Test restoring all file owner perms - expect OK
356
357 set tag "$TNAME{h}"
358 set ASSERTION "Test restoring all file owner perms - expect $expcode"
359 putmsg stdout 0 "$tag: $ASSERTION"
360
361 restore_perms $tfh OWNER FILE
362
363
364 # ------------------------------------------------------------------------
365 # Cleanup
366 #
367 set tag "$TNAME-cleanup"
368 set res3 [compound {Putfh $bfh; Remove $tfile}]
369 if {$status != "OK"} {
370 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
371 putmsg stderr 0 "\t status=$status; please cleanup manually."
372 putmsg stderr 1 "\t res=($res3)"
373 putmsg stderr 1 " "
374 }
375
376 Disconnect
377 exit $PASS