1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file group read/write perms - expect OK
29 # b: Test restoring file group read/write perms - expect OK
30 # c: Test removing file group read/execute perms - expect OK
31 # d: Test restoring file group read/execute perms - expect OK
32 # e: Test removing file group write/execute perms - expect OK
33 # f: Test restoring file group write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test file
60 set tfile "newfile.[pid]"
61 set fpath [file join ${BASEDIR} ${tfile}]
62
63 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
64 set tfh "[creatv4_file $fpath 777]"
65 if {$tfh == $NULL} {
66 putmsg stdout 0 "$TNAME: test setup"
67 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
68 putmsg stderr 0 "\t\t status=($status)."
69 Disconnect
70 exit $UNRESOLVED
71 }
72
73
74
75 # Start testing
76 # ------------------------------------------------------------------------
77 # a: Test removing group read/write file perms - expect OK
78
79 set tag "$TNAME{a}"
80 set ASSERTION "Test removing group read/write file perms - expect $expcode"
81 putmsg stdout 0 "$tag: $ASSERTION"
82
83 set sid {0 0}
84
85 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
86
87 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
88
89 # get the initial ACL settings.
90 set initial_acl [compound {Putfh $tfh; \
91 Getattr acl }]
92
93 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
94
95 #
96 # Break the string returned from the Geattr acl command into
97 # a list and then extract the actual ACL settings.
98 #
99 set acl_list [extract_acl_list $initial_acl]
100 putmsg stderr 1 "$tag: initial ACL : $acl_list"
101
102 # Create the new ACL settings by replacing the appropriate entries.
103 #
104 # Order of entries in the list is as follows:
105 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
106 #
107 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
108 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
109 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
110 putmsg stderr 1 "$tag: new ACL : $acl_list"
111
112 # Set the new ACL values.
113 set res [compound {Putfh $tfh; \
114 Setattr $sid { {acl \
115 { $acl_list } } } } ]
116
117
118 ckres "Setattr acl" $status $expcode $res $FAIL
119
120 # Re-read ACL values
121 set res2 [compound {Putfh $tfh; \
122 Getattr acl }]
123
124 ckres "Getattr acl again" $status $expcode $res2 $FAIL
125
126 if { $status == "OK" } {
127 set new_acl_list [extract_acl_list $res2]
128 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
129
130 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
131 putmsg stderr 0 \
132 "\t Test FAIL: lists do not match."
133 } else {
134 putmsg stdout 0 "\t Test PASS"
135 }
136 }
137
138 puts ""
139
140 # ------------------------------------------------------------------------
141 # b: Test restoring file group read/write perms - expect OK
142
143 set tag "$TNAME{b}"
144 set ASSERTION "Test restoring file group read/write perms - expect $expcode"
145 putmsg stdout 0 "$tag: $ASSERTION"
146
147 restore_perms $tfh GROUP FILE
148
149
150 # ------------------------------------------------------------------------
151 # c: Test removing file group read/execute perms - expect OK
152
153 set tag "$TNAME{c}"
154 set ASSERTION "Test removing file group read/execute perms - expect $expcode"
155 putmsg stdout 0 "$tag: $ASSERTION"
156
157 set sid {0 0}
158
159 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_ACL ] ]
160
161 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
162
163 # get the initial ACL settings.
164 set initial_acl [compound {Putfh $tfh; \
165 Getattr acl }]
166
167 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
168
169 #
170 # Break the string returned from the Geattr acl command into
171 # a list and then extract the actual ACL settings.
172 #
173 set acl_list [extract_acl_list $initial_acl]
174 putmsg stderr 1 "$tag: initial ACL : $acl_list"
175
176 # Create the new ACL settings by replacing the appropriate entries.
177 #
178 # Order of entries in the list is as follows:
179 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
180 #
181 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
182 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
183 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
184 putmsg stderr 1 "$tag: new ACL : $acl_list"
185
186
187 # Set the new ACL values.
188 set res [compound {Putfh $tfh; \
189 Setattr $sid { {acl \
190 { $acl_list } } } } ]
191
192 ckres "Setattr acl" $status $expcode $res $FAIL
193
194 # Re-read ACL values
195 set res2 [compound {Putfh $tfh; \
196 Getattr acl }]
197
198 ckres "Getattr acl again" $status $expcode $res2 $FAIL
199
200 if { $status == "OK" } {
201 set new_acl_list [extract_acl_list $res2]
202 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
203
204 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
205 putmsg stderr 0 \
206 "\t Test FAIL: lists do not match."
207 } else {
208 putmsg stdout 0 "\t Test PASS"
209 }
210 }
211
212 puts ""
213
214 # ------------------------------------------------------------------------
215 # d: Test restoring file group read/execute perms - expect OK
216
217 set tag "$TNAME{d}"
218 set ASSERTION "Test restoring file group read/execute perms - expect $expcode"
219 putmsg stdout 0 "$tag: $ASSERTION"
220
221 restore_perms $tfh GROUP FILE
222
223 # ------------------------------------------------------------------------
224 # e: Test removing file group write/execute perms - expect OK
225
226 set tag "$TNAME{e}"
227 set ASSERTION "Test removing file group write/execute perms - expect $expcode"
228 putmsg stdout 0 "$tag: $ASSERTION"
229
230 set sid {0 0}
231
232 set group_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
233
234 set group_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
235
236 # get the initial ACL settings.
237 set initial_acl [compound {Putfh $tfh; \
238 Getattr acl }]
239
240 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
241
242 #
243 # Break the string returned from the Geattr acl command into
244 # a list and then extract the actual ACL settings.
245 #
246 set acl_list [extract_acl_list $initial_acl]
247 putmsg stderr 1 "$tag: initial ACL : $acl_list"
248
249 # Create the new ACL settings by replacing the appropriate entries.
250 #
251 # Order of entries in the list is as follows:
252 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
253 #
254 set acl_list [lreplace $acl_list 2 2 "1 40 $group_deny_mask GROUP\@"]
255 set acl_list [lreplace $acl_list 3 3 "0 40 $group_allow_mask GROUP\@"]
256 set acl_list [lreplace $acl_list 4 4 "1 40 $group_deny_mask GROUP\@"]
257 putmsg stderr 1 "$tag: new ACL : $acl_list"
258
259
260 # Set the new ACL values.
261 set res [compound {Putfh $tfh; \
262 Setattr $sid { {acl \
263 { $acl_list } } } } ]
264
265 ckres "Setattr acl" $status $expcode $res $FAIL
266
267 # Re-read ACL values
268 set res2 [compound {Putfh $tfh; \
269 Getattr acl }]
270
271 ckres "Getattr acl again" $status $expcode $res2 $FAIL
272
273 if { $status == "OK" } {
274 set new_acl_list [extract_acl_list $res2]
275 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
276
277 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
278 putmsg stderr 0 \
279 "\t Test FAIL: lists do not match."
280 } else {
281 putmsg stdout 0 "\t Test PASS"
282 }
283 }
284
285 puts ""
286
287 # ------------------------------------------------------------------------
288 # f: Test restoring file group write/execute perms - expect OK
289
290 set tag "$TNAME{f}"
291 set ASSERTION "Test restoring file group write/execute perms - expect $expcode"
292 putmsg stdout 0 "$tag: $ASSERTION"
293
294 restore_perms $tfh GROUP FILE
295
296 # ------------------------------------------------------------------------
297 # Cleanup
298 #
299 set tag "$TNAME-cleanup"
300 set res3 [compound {Putfh $bfh; Remove $tfile}]
301 if {$status != "OK"} {
302 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
303 putmsg stderr 0 "\t status=$status; please cleanup manually."
304 putmsg stderr 1 "\t res=($res3)"
305 putmsg stderr 1 " "
306 }
307
308 Disconnect
309 exit $PASS