1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file owner read/write perms - expect OK
29 # b: Test restoring file owner read/write perms - expect OK
30 # c: Test removing file owner read/execute perms - expect OK
31 # d: Test restoring file owner read/execute perms - expect OK
32 # e: Test removing file owner write/execute perms - expect OK
33 # f: Test setting file owner write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test file
60 set tfile "newfile.[pid]"
61 set fpath [file join ${BASEDIR} ${tfile}]
62
63 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
64 set tfh "[creatv4_file $fpath 777]"
65 if {$tfh == $NULL} {
66 putmsg stdout 0 "$TNAME: test setup"
67 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
68 putmsg stderr 0 "\t\t status=($status)."
69 Disconnect
70 exit $UNRESOLVED
71 }
72
73
74 # Start testing
75 # ------------------------------------------------------------------------
76 # a: Test removing file owner read/write perms - expect OK
77
78 set tag "$TNAME{a}"
79 set ASSERTION "Test removing file owner read/write perms - expect $expcode"
80 putmsg stdout 0 "$tag: $ASSERTION"
81
82 set sid {0 0}
83
84 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
85
86 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
87
88 # get the initial ACL settings.
89 set initial_acl [compound {Putfh $tfh; \
90 Getattr acl }]
91
92 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
93
94 #
95 # Break the string returned from the Geattr acl command into
96 # a list and then extract the actual ACL settings.
97 #
98 set acl_list [extract_acl_list $initial_acl]
99 putmsg stderr 1 "$tag: initial ACL : $acl_list"
100
101 # Create the new ACL settings by replacing the appropriate entries.
102 #
103 # Order of entries in the list is as follows:
104 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
105 #
106 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
107 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
108 putmsg stderr 1 "$tag: new ACL : $acl_list"
109
110
111 # Set the new ACL values.
112 set res [compound {Putfh $tfh; \
113 Setattr $sid { {acl \
114 { $acl_list } } } } ]
115
116
117 ckres "Setattr acl" $status $expcode $res $FAIL
118
119 # Re-read ACL values
120 set res2 [compound {Putfh $tfh; \
121 Getattr acl }]
122
123 ckres "Getattr acl again" $status $expcode $res2 $FAIL
124
125 if { $status == "OK" } {
126 set new_acl_list [extract_acl_list $res2]
127 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
128
129 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
130 putmsg stderr 0 \
131 "\t Test FAIL: lists do not match."
132 } else {
133 putmsg stdout 0 "\t Test PASS"
134 }
135 }
136
137 puts ""
138
139 # ------------------------------------------------------------------------
140 # b: Test restoring file owner read/write perms - expect OK
141
142 set tag "$TNAME{b}"
143 set ASSERTION "Test restoring file owner read/write perms - expect $expcode"
144 putmsg stdout 0 "$tag: $ASSERTION"
145
146 restore_perms $tfh OWNER FILE
147
148 # ------------------------------------------------------------------------
149 # c: Test removing file owner read/execute perms - expect OK
150
151 set tag "$TNAME{c}"
152 set ASSERTION "Test removing file owner read/execute perms - expect $expcode"
153 putmsg stdout 0 "$tag: $ASSERTION"
154
155 set sid {0 0}
156
157 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_WRITE_ACL ] ]
158
159 set owner_deny_mask [ aclmask [ concat $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 # get the initial ACL settings.
162 set initial_acl [compound {Putfh $tfh; \
163 Getattr acl }]
164
165 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
166
167 #
168 # Break the string returned from the Geattr acl command into
169 # a list and then extract the actual ACL settings.
170 #
171 set acl_list [extract_acl_list $initial_acl]
172 putmsg stderr 1 "$tag: initial ACL : $acl_list"
173
174 # Create the new ACL settings by replacing the appropriate entries.
175 #
176 # Order of entries in the list is as follows:
177 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
178 #
179 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
180 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
181 putmsg stderr 1 "$tag: new ACL : $acl_list"
182
183 # Set the new ACL values.
184 set res [compound {Putfh $tfh; \
185 Setattr $sid { {acl \
186 { $acl_list } } } } ]
187
188 ckres "Setattr acl" $status $expcode $res $FAIL
189
190 # Re-read ACL values
191 set res2 [compound {Putfh $tfh; \
192 Getattr acl }]
193
194 ckres "Getattr acl again" $status $expcode $res2 $FAIL
195
196 if { $status == "OK" } {
197 set new_acl_list [extract_acl_list $res2]
198 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
199
200 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
201 putmsg stderr 0 \
202 "\t Test FAIL: lists do not match."
203 } else {
204 putmsg stdout 0 "\t Test PASS"
205 }
206 }
207
208 puts ""
209
210 # ------------------------------------------------------------------------
211 # d: Test restoring file owner read/execute perms - expect OK
212
213 set tag "$TNAME{d}"
214 set ASSERTION "Test restoring file owner write/execute perms - expect $expcode"
215 putmsg stdout 0 "$tag: $ASSERTION"
216
217 restore_perms $tfh OWNER FILE
218
219 # ------------------------------------------------------------------------
220 # e: Test removing file owner write/execute perms - expect OK
221
222 set tag "$TNAME{e}"
223 set ASSERTION "Test removing file owner execute perms - expect $expcode"
224 putmsg stdout 0 "$tag: $ASSERTION"
225
226 set sid {0 0}
227
228 set owner_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL ] ]
229
230 set owner_deny_mask [ aclmask [ concat $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
231
232 # get the initial ACL settings.
233 set initial_acl [compound {Putfh $tfh; \
234 Getattr acl }]
235
236 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
237
238 #
239 # Break the string returned from the Geattr acl command into
240 # a list and then extract the actual ACL settings.
241 #
242 set acl_list [extract_acl_list $initial_acl]
243 putmsg stderr 1 "$tag: initial ACL : $acl_list"
244
245 # Create the new ACL settings by replacing the appropriate entries.
246 #
247 # Order of entries in the list is as follows:
248 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
249 #
250 set acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
251 set acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
252 putmsg stderr 1 "$tag: new ACL : $acl_list"
253
254
255 # Set the new ACL values.
256 set res [compound {Putfh $tfh; \
257 Setattr $sid { {acl \
258 { $acl_list } } } } ]
259
260 ckres "Setattr acl" $status $expcode $res $FAIL
261
262 # Re-read ACL values
263 set res2 [compound {Putfh $tfh; \
264 Getattr acl }]
265
266 ckres "Getattr acl again" $status $expcode $res2 $FAIL
267
268 if { $status == "OK" } {
269 set new_acl_list [extract_acl_list $res2]
270 putmsg stderr 1 "$tag: new ACL : $acl_list"
271
272 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
273 putmsg stderr 0 \
274 "\t Test FAIL: lists do not match."
275 } else {
276 putmsg stdout 0 "\t Test PASS"
277 }
278 }
279
280 puts ""
281
282 # ------------------------------------------------------------------------
283 # f: Test restoring file owner write/execute perms - expect OK
284
285 set tag "$TNAME{f}"
286 set ASSERTION "Test restoring file owner execute perms - expect $expcode"
287 putmsg stdout 0 "$tag: $ASSERTION"
288
289 restore_perms $tfh OWNER FILE
290
291
292 # ------------------------------------------------------------------------
293 # Cleanup
294 #
295 set tag "$TNAME-cleanup"
296 set res3 [compound {Putfh $bfh; Remove $tfile}]
297 if {$status != "OK"} {
298 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
299 putmsg stderr 0 "\t status=$status; please cleanup manually."
300 putmsg stderr 1 "\t res=($res3)"
301 putmsg stderr 1 " "
302 }
303
304 Disconnect
305 exit $PASS