1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file other read perms - expect OK
29 # b: Test restoring file other read perms - expect OK
30 # c: Test removing file other write perms - expect OK
31 # d: Test restoring file other write perms - expect OK
32 # e: Test removing file other execute perms - expect OK
33 # f: Test restoring file other execute perms - expect OK
34 # g: Test removing all other file perms - expect OK
35 # h: Test restoring all other file perms - expect OK
36 #
37
38 set TESTROOT $env(TESTROOT)
39
40 # include common code and init section
41 source [file join ${TESTROOT} tcl.init]
42 source [file join ${TESTROOT} testproc]
43 source [file join ${TESTROOT} acltools]
44
45 # connect to the test server
46 Connect
47
48 # setting local variables
49 set TNAME $argv0
50 set expcode "OK"
51
52 set POSIX_READ_ACL $env(POSIX_READ_ACL)
53 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
54 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
55 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
56 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
57
58 # Get handle for base directory
59 set bfh [get_fh "$BASEDIRS"]
60
61 # Set params relating to test file
62 set tfile "newfile.[pid]"
63 set fpath [file join ${BASEDIR} ${tfile}]
64
65 #
66 # Order of entries in the list is as follows:
67 # UFS :
68 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
69 # ZFS :
70 # <OWNER><OWNER><GROUP><GROUP><EVERYONE><EVERYONE>
71 #
72 # so the position of "other" ace is different between UFS and ZFS
73 #
74 if $IsZFS {
75 set other_allow_pos 4
76 set other_deny_pos 5
77 } else {
78 set other_allow_pos 5
79 set other_deny_pos 6
80 }
81
82 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
83 set tfh "[creatv4_file $fpath 777]"
84 if {$tfh == $NULL} {
85 putmsg stdout 0 "$TNAME: test setup"
86 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
87 putmsg stderr 0 "\t\t status=($status)."
88 Disconnect
89 exit $UNRESOLVED
90 }
91
92
93
94 # Start testing
95 # ------------------------------------------------------------------------
96 # a: Test removing file other read perms - expect OK
97
98 set tag "$TNAME{a}"
99 set ASSERTION "Test removing file other read perms - expect $expcode"
100 putmsg stdout 0 "$tag: $ASSERTION"
101
102 set sid {0 0}
103
104 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
105
106 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL ] ]
107
108 # get the initial ACL settings.
109 set initial_acl [compound {Putfh $tfh; \
110 Getattr acl }]
111
112 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
113
114 #
115 # Break the string returned from the Geattr acl command into
116 # a list and then extract the actual ACL settings.
117 #
118 set acl_list [extract_acl_list $initial_acl]
119 putmsg stderr 1 "$tag: initial ACL : $acl_list"
120
121 # Create the new ACL settings by replacing the appropriate entries.
122 #
123 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
124 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
125 putmsg stderr 1 "$tag: new ACL : $acl_list"
126
127 # Set the new ACL values.
128 set res [compound {Putfh $tfh; \
129 Setattr $sid { {acl \
130 { $acl_list } } } } ]
131
132
133 ckres "Setattr acl" $status $expcode $res $FAIL
134
135 # Re-read ACL values
136 set res2 [compound {Putfh $tfh; \
137 Getattr acl }]
138
139 ckres "Getattr acl again" $status $expcode $res2 $FAIL
140
141 if { $status == "OK" } {
142 set new_acl_list [extract_acl_list $res2]
143 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
144
145 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
146 putmsg stderr 0 \
147 "\t Test FAIL: lists do not match."
148 } else {
149 putmsg stdout 0 "\t Test PASS"
150 }
151 }
152
153 puts ""
154
155 # ------------------------------------------------------------------------
156 # b: Test restoring file other read perms - expect OK
157
158 set tag "$TNAME{b}"
159 set ASSERTION "Test restoring file other read perms - expect $expcode"
160 putmsg stdout 0 "$tag: $ASSERTION"
161
162 restore_perms $tfh OTHER FILE
163
164 # ------------------------------------------------------------------------
165 # c: Test removing file other write perms - expect OK
166
167 set tag "$TNAME{c}"
168 set ASSERTION "Test removing file other write perms - expect $expcode"
169 putmsg stdout 0 "$tag: $ASSERTION"
170
171 set sid {0 0}
172
173 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
174
175 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_ACL ] ]
176
177 # get the initial ACL settings.
178 set initial_acl [compound {Putfh $tfh; \
179 Getattr acl }]
180
181 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
182
183 #
184 # Break the string returned from the Geattr acl command into
185 # a list and then extract the actual ACL settings.
186 #
187 set acl_list [extract_acl_list $initial_acl]
188 putmsg stderr 1 "$tag: initial ACL : $acl_list"
189
190 # Create the new ACL settings by replacing the appropriate entries.
191 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
192 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
193 putmsg stderr 1 "$tag: new ACL : $acl_list"
194
195
196 # Set the new ACL values.
197 set res [compound {Putfh $tfh; \
198 Setattr $sid { {acl \
199 { $acl_list } } } } ]
200
201 ckres "Setattr acl" $status $expcode $res $FAIL
202
203 # Re-read ACL values
204 set res2 [compound {Putfh $tfh; \
205 Getattr acl }]
206
207 ckres "Getattr acl again" $status $expcode $res2 $FAIL
208
209 if { $status == "OK" } {
210 set new_acl_list [extract_acl_list $res2]
211 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
212
213 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
214 putmsg stderr 0 \
215 "\t Test FAIL: lists do not match."
216 } else {
217 putmsg stdout 0 "\t Test PASS"
218 }
219 }
220
221 puts ""
222
223 # ------------------------------------------------------------------------
224 # d: Test restoring file other write perms - expect OK
225
226 set tag "$TNAME{d}"
227 set ASSERTION "Test restoring file other write perms - expect $expcode"
228 putmsg stdout 0 "$tag: $ASSERTION"
229
230 restore_perms $tfh OTHER FILE
231
232
233 # ------------------------------------------------------------------------
234 # e: Test removing file other execute perms - expect OK
235
236 set tag "$TNAME{e}"
237 set ASSERTION "Test removing file other execute perms - expect $expcode"
238 putmsg stdout 0 "$tag: $ASSERTION"
239
240 set sid {0 0}
241
242 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
243
244 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_EXECUTE_ACL ] ]
245
246 # get the initial ACL settings.
247 set initial_acl [compound {Putfh $tfh; \
248 Getattr acl }]
249
250 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
251
252 #
253 # Break the string returned from the Geattr acl command into
254 # a list and then extract the actual ACL settings.
255 #
256 set acl_list [extract_acl_list $initial_acl]
257 putmsg stderr 1 "$tag: initial ACL : $acl_list"
258
259 # Create the new ACL settings by replacing the appropriate entries.
260 #
261 # Order of entries in the list is as follows:
262 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
263 #
264 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
265 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
266 putmsg stderr 1 "$tag: new ACL : $acl_list"
267
268
269 # Set the new ACL values.
270 set res [compound {Putfh $tfh; \
271 Setattr $sid { {acl \
272 { $acl_list } } } } ]
273
274 ckres "Setattr acl" $status $expcode $res $FAIL
275
276 # Re-read ACL values
277 set res2 [compound {Putfh $tfh; \
278 Getattr acl }]
279
280 ckres "Getattr acl again" $status $expcode $res2 $FAIL
281
282 if { $status == "OK" } {
283 set new_acl_list [extract_acl_list $res2]
284 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
285
286 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
287 putmsg stderr 0 \
288 "\t Test FAIL: lists do not match."
289 } else {
290 putmsg stdout 0 "\t Test PASS"
291 }
292 }
293
294 puts ""
295
296 # ------------------------------------------------------------------------
297 # f: Test restoring file other execute perms - expect OK
298
299 set tag "$TNAME{f}"
300 set ASSERTION "Test restoring file other execute perms - expect $expcode"
301 putmsg stdout 0 "$tag: $ASSERTION"
302
303 restore_perms $tfh OTHER FILE
304
305
306 # ------------------------------------------------------------------------
307 # g: Test removing all file other perms - expect OK
308
309 set tag "$TNAME{g}"
310 set ASSERTION "Test removing all file other perms - expect $expcode"
311 putmsg stdout 0 "$tag: $ASSERTION"
312
313 set sid {0 0}
314
315 set other_allow_mask [ aclmask $GENERIC_ALLOW_ACL ]
316
317 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL \
318 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
319
320 # get the initial ACL settings.
321 set initial_acl [compound {Putfh $tfh; \
322 Getattr acl }]
323
324 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
325
326 #
327 # Break the string returned from the Geattr acl command into
328 # a list and then extract the actual ACL settings.
329 #
330 set acl_list [extract_acl_list $initial_acl]
331 putmsg stderr 1 "$tag: initial ACL : $acl_list"
332
333 # Create the new ACL settings by replacing the appropriate entries.
334 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
335 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
336 putmsg stderr 1 "$tag: new ACL : $acl_list"
337
338
339 # Set the new ACL values.
340 set res [compound {Putfh $tfh; \
341 Setattr $sid { {acl \
342 { $acl_list } } } } ]
343
344 ckres "Setattr acl" $status $expcode $res $FAIL
345
346 # Re-read ACL values
347 set res2 [compound {Putfh $tfh; \
348 Getattr acl }]
349
350 ckres "Getattr acl again" $status $expcode $res2 $FAIL
351
352 if { $status == "OK" } {
353 set new_acl_list [extract_acl_list $res2]
354 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
355
356 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
357 putmsg stderr 0 \
358 "\t Test FAIL: lists do not match."
359 } else {
360 putmsg stdout 0 "\t Test PASS"
361 }
362 }
363
364 puts ""
365
366 # ------------------------------------------------------------------------
367 # h: Test restoring all file other perms - expect OK
368
369 set tag "$TNAME{h}"
370 set ASSERTION "Test restoring all file other perms - expect $expcode"
371 putmsg stdout 0 "$tag: $ASSERTION"
372
373 restore_perms $tfh OTHER FILE
374
375 # ------------------------------------------------------------------------
376 # Cleanup
377 #
378 set tag "$TNAME-cleanup"
379 set res3 [compound {Putfh $bfh; Remove $tfile}]
380 if {$status != "OK"} {
381 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
382 putmsg stderr 0 "\t status=$status; please cleanup manually."
383 putmsg stderr 1 "\t res=($res3)"
384 putmsg stderr 1 " "
385 }
386
387 Disconnect
388 exit $PASS