1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file group read perms - expect OK
29 # b: Test restoring file group read perms - expect OK
30 # c: Test removing file group write perms - expect OK
31 # d: Test restoring file group write perms - expect OK
32 # e: Test removing file group execute perms - expect OK
33 # f: Test restoring file group execute perms - expect OK
34 # g: Test removing all file group perms - expect OK
35 # h: Test restoring all file group perms - expect OK
36 #
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
54 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
55 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
56 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
57
58 # Get handle for base directory
59 set bfh [get_fh "$BASEDIRS"]
60
61 # Set params relating to test file
62 set tfile "newfile.[pid]"
63 set fpath [file join ${BASEDIR} ${tfile}]
64
65 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
66 set tfh "[creatv4_file $fpath 777]"
67 if {$tfh == $NULL} {
68 putmsg stdout 0 "$TNAME: test setup"
69 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
70 putmsg stderr 0 "\t\t status=($status)."
71 Disconnect
72 exit $UNRESOLVED
73 }
74
75
76
77 # Start testing
78 # ------------------------------------------------------------------------
79 # a: Test removing group read file perms - expect OK
80
81 set tag "$TNAME{a}"
82 set ASSERTION "Test removing group read file perms - expect $expcode"
83 putmsg stdout 0 "$tag: $ASSERTION"
84
85 set sid {0 0}
86
87 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
88
89 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
90
91 # get the initial ACL settings.
92 set initial_acl [compound {Putfh $tfh; \
93 Getattr acl }]
94
95 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
96
97 #
98 # Break the string returned from the Geattr acl command into
99 # a list and then extract the actual ACL settings.
100 #
101 set acl_list [extract_acl_list $initial_acl]
102 putmsg stderr 1 "$tag: initial ACL : $acl_list"
103
104 # Create the new ACL settings by replacing the appropriate entries.
105 #
106 # Order of entries in the list is as follows:
107 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
108 #
109 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
110 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
111 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
112 putmsg stderr 1 "$tag: new ACL : $acl_list"
113
114 # Set the new ACL values.
115 set res [compound {Putfh $tfh; \
116 Setattr $sid { {acl \
117 { $acl_list } } } } ]
118
119 ckres "Setattr acl" $status $expcode $res $FAIL
120
121 # Re-read ACL values
122 set res2 [compound {Putfh $tfh; \
123 Getattr acl }]
124
125 ckres "Getattr acl again" $status $expcode $res2 $FAIL
126
127 if { $status == "OK" } {
128 set new_acl_list [extract_acl_list $res2]
129 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
130
131 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
132 putmsg stderr 0 \
133 "\t Test FAIL: lists do not match."
134 } else {
135 putmsg stdout 0 "\t Test PASS"
136 }
137 }
138
139 puts ""
140
141 # ------------------------------------------------------------------------
142 # b: Test restoring file group read perms - expect OK
143
144 set tag "$TNAME{b}"
145 set ASSERTION "Test restoring file group read perms - expect $expcode"
146 putmsg stdout 0 "$tag: $ASSERTION"
147
148 restore_perms $tfh GROUP FILE
149
150 # ------------------------------------------------------------------------
151 # c: Test removing file group write perms - expect OK
152
153 set tag "$TNAME{c}"
154 set ASSERTION "Test removing file group write perms - expect $expcode"
155 putmsg stdout 0 "$tag: $ASSERTION"
156
157 set sid {0 0}
158
159 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
160
161 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_ACL ] ]
162
163 # get the initial ACL settings.
164 set initial_acl [compound {Putfh $tfh; \
165 Getattr acl }]
166
167 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
168
169 #
170 # Break the string returned from the Geattr acl command into
171 # a list and then extract the actual ACL settings.
172 #
173 set acl_list [extract_acl_list $initial_acl]
174 putmsg stderr 1 "$tag: initial ACL : $acl_list"
175
176 # Create the new ACL settings by replacing the appropriate entries.
177 #
178 # Order of entries in the list is as follows:
179 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
180 #
181 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
182 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
183 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
184 putmsg stderr 1 "$tag: new ACL : $acl_list"
185
186
187 # Set the new ACL values.
188 set res [compound {Putfh $tfh; \
189 Setattr $sid { {acl \
190 { $acl_list } } } } ]
191
192 ckres "Setattr acl" $status $expcode $res $FAIL
193
194 # Re-read ACL values
195 set res2 [compound {Putfh $tfh; \
196 Getattr acl }]
197
198 ckres "Getattr acl again" $status $expcode $res2 $FAIL
199
200 if { $status == "OK" } {
201 set new_acl_list [extract_acl_list $res2]
202 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
203
204 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
205 putmsg stderr 0 \
206 "\t Test FAIL: lists do not match."
207 } else {
208 putmsg stdout 0 "\t Test PASS"
209 }
210 }
211
212 puts ""
213
214 # ------------------------------------------------------------------------
215 # d: Test restoring file group write perms - expect OK
216
217 set tag "$TNAME{d}"
218 set ASSERTION "Test restoring file group write perms - expect $expcode"
219 putmsg stdout 0 "$tag: $ASSERTION"
220
221 restore_perms $tfh GROUP FILE
222
223 # ------------------------------------------------------------------------
224 # e: Test removing file group execute perms - expect OK
225
226 set tag "$TNAME{e}"
227 set ASSERTION "Test removing file group execute perms - expect $expcode"
228 putmsg stdout 0 "$tag: $ASSERTION"
229
230 set sid {0 0}
231
232 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
233
234 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
235
236 # get the initial ACL settings.
237 set initial_acl [compound {Putfh $tfh; \
238 Getattr acl }]
239
240 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
241
242 #
243 # Break the string returned from the Geattr acl command into
244 # a list and then extract the actual ACL settings.
245 #
246 set acl_list [extract_acl_list $initial_acl]
247 putmsg stderr 1 "$tag: initial ACL : $acl_list"
248
249 # Create the new ACL settings by replacing the appropriate entries.
250 #
251 # Order of entries in the list is as follows:
252 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
253 #
254 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
255 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
256 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
257 putmsg stderr 1 "$tag: new ACL : $acl_list"
258
259
260 # Set the new ACL values.
261 set res [compound {Putfh $tfh; \
262 Setattr $sid { {acl \
263 { $acl_list } } } } ]
264
265 ckres "Setattr acl" $status $expcode $res $FAIL
266
267 # Re-read ACL values
268 set res2 [compound {Putfh $tfh; \
269 Getattr acl }]
270
271 ckres "Getattr acl again" $status $expcode $res2 $FAIL
272
273 if { $status == "OK" } {
274 set new_acl_list [extract_acl_list $res2]
275 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
276
277 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
278 putmsg stderr 0 \
279 "\t Test FAIL: lists do not match."
280 } else {
281 putmsg stdout 0 "\t Test PASS"
282 }
283 }
284
285 puts ""
286
287 # ------------------------------------------------------------------------
288 # f: Test restoring file group execute perms - expect OK
289
290 set tag "$TNAME{f}"
291 set ASSERTION "Test restoring file group execute perms - expect $expcode"
292 putmsg stdout 0 "$tag: $ASSERTION"
293
294 restore_perms $tfh GROUP FILE
295
296 # ------------------------------------------------------------------------
297 # g: Test removing all file group perms - expect OK
298
299 set tag "$TNAME{g}"
300 set ASSERTION "Test removing all file group perms - expect $expcode"
301 putmsg stdout 0 "$tag: $ASSERTION"
302
303 set sid {0 0}
304
305 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL ] ]
306
307 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL \
308 $POSIX_EXECUTE_ACL ] ]
309
310 # get the initial ACL settings.
311 set initial_acl [compound {Putfh $tfh; \
312 Getattr acl }]
313
314 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
315
316 #
317 # Break the string returned from the Geattr acl command into
318 # a list and then extract the actual ACL settings.
319 #
320 set acl_list [extract_acl_list $initial_acl]
321 putmsg stderr 1 "$tag: initial ACL : $acl_list"
322
323 # Create the new ACL settings by replacing the appropriate entries.
324 #
325 # Order of entries in the list is as follows:
326 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
327 #
328 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
329 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
330 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
331 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
332
333
334 # Set the new ACL values.
335 set res [compound {Putfh $tfh; \
336 Setattr $sid { {acl \
337 { $acl_list } } } } ]
338
339 ckres "Setattr acl" $status $expcode $res $FAIL
340
341 # Re-read ACL values
342 set res2 [compound {Putfh $tfh; \
343 Getattr acl }]
344
345 ckres "Getattr acl again" $status $expcode $res2 $FAIL
346
347 if { $status == "OK" } {
348 set new_acl_list [extract_acl_list $res2]
349 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
350
351 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
352 putmsg stderr 0 \
353 "\t Test FAIL: lists do not match."
354 } else {
355 putmsg stdout 0 "\t Test PASS"
356 }
357 }
358
359 puts ""
360
361 # ------------------------------------------------------------------------
362 # h: Test restoring all file group perms - expect OK
363
364 set tag "$TNAME{h}"
365 set ASSERTION "Test restoring all file group perms - expect $expcode"
366 putmsg stdout 0 "$tag: $ASSERTION"
367
368 restore_perms $tfh GROUP FILE
369
370
371 # ------------------------------------------------------------------------
372 # Cleanup
373 #
374 set tag "$TNAME-cleanup"
375 set res3 [compound {Putfh $bfh; Remove $tfile}]
376 if {$status != "OK"} {
377 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
378 putmsg stderr 0 "\t status=$status; please cleanup manually."
379 putmsg stderr 1 "\t res=($res3)"
380 putmsg stderr 1 " "
381 }
382
383 Disconnect
384 exit $PASS