1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test removing file other read/write perms - expect OK
29 # b: Test restoring file other read/write perms - expect OK
30 # c: Test removing file other read/execute perms - expect OK
31 # d: Test restoring file other read/execute perms - expect OK
32 # e: Test removing file other write/execute perms - expect OK
33 # f: Test restoring file other write/execute perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set GENERIC_ALLOW_ACL $env(GENERIC_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test file
60 set tfile "newfile.[pid]"
61 set fpath [file join ${BASEDIR} ${tfile}]
62
63 #
64 # Order of entries in the list is as follows:
65 # UFS :
66 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
67 # ZFS :
68 # <OWNER><OWNER><GROUP><GROUP><EVERYONE><EVERYONE>
69 #
70 # so the position of "other" ace is different between UFS and ZFS
71 #
72 if $IsZFS {
73 set other_allow_pos 4
74 set other_deny_pos 5
75 } else {
76 set other_allow_pos 5
77 set other_deny_pos 6
78 }
79
80 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
81 set tfh "[creatv4_file $fpath 777]"
82 if {$tfh == $NULL} {
83 putmsg stdout 0 "$TNAME: test setup"
84 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
85 putmsg stderr 0 "\t\t status=($status)."
86 Disconnect
87 exit $UNRESOLVED
88 }
89
90
91
92 # Start testing
93 # ------------------------------------------------------------------------
94 # a: Test removing file other read/write perms - expect OK
95
96 set tag "$TNAME{a}"
97 set ASSERTION "Test removing file other read/write perms - expect $expcode"
98 putmsg stdout 0 "$tag: $ASSERTION"
99
100 set sid {0 0}
101
102 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_EXECUTE_ACL ] ]
103
104 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_WRITE_ACL ] ]
105
106 # get the initial ACL settings.
107 set initial_acl [compound {Putfh $tfh; \
108 Getattr acl }]
109
110 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
111
112 #
113 # Break the string returned from the Geattr acl command into
114 # a list and then extract the actual ACL settings.
115 #
116 set acl_list [extract_acl_list $initial_acl]
117 putmsg stderr 1 "$tag: initial ACL : $acl_list"
118
119 # Create the new ACL settings by replacing the appropriate entries.
120 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
121 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
122 putmsg stderr 1 "$tag: new ACL : $acl_list"
123
124 # Set the new ACL values.
125 set res [compound {Putfh $tfh; \
126 Setattr $sid { {acl \
127 { $acl_list } } } } ]
128
129
130 ckres "Setattr acl" $status $expcode $res $FAIL
131
132 # Re-read ACL values
133 set res2 [compound {Putfh $tfh; \
134 Getattr acl }]
135
136 ckres "Getattr acl again" $status $expcode $res2 $FAIL
137
138 if { $status == "OK" } {
139 set new_acl_list [extract_acl_list $res2]
140 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
141
142 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
143 putmsg stderr 0 \
144 "\t Test FAIL: lists do not match."
145 } else {
146 putmsg stdout 0 "\t Test PASS"
147 }
148 }
149
150 puts ""
151
152 # ------------------------------------------------------------------------
153 # b: Test restoring file other read/write perms - expect OK
154
155 set tag "$TNAME{b}"
156 set ASSERTION "Test restoring file other read perms - expect $expcode"
157 putmsg stdout 0 "$tag: $ASSERTION"
158
159 restore_perms $tfh OTHER FILE
160
161
162 # ------------------------------------------------------------------------
163 # c: Test removing file other read/execute perms - expect OK
164
165 set tag "$TNAME{c}"
166 set ASSERTION "Test removing file other read/execute perms - expect $expcode"
167 putmsg stdout 0 "$tag: $ASSERTION"
168
169 set sid {0 0}
170
171 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_WRITE_ACL ] ]
172
173 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_READ_ACL $POSIX_EXECUTE_ACL ] ]
174
175 # get the initial ACL settings.
176 set initial_acl [compound {Putfh $tfh; \
177 Getattr acl }]
178
179 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
180
181 #
182 # Break the string returned from the Geattr acl command into
183 # a list and then extract the actual ACL settings.
184 #
185 set acl_list [extract_acl_list $initial_acl]
186 putmsg stderr 1 "$tag: initial ACL : $acl_list"
187
188 # Create the new ACL settings by replacing the appropriate entries.
189 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
190 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
191 putmsg stderr 1 "$tag: new ACL : $acl_list"
192
193
194 # Set the new ACL values.
195 set res [compound {Putfh $tfh; \
196 Setattr $sid { {acl \
197 { $acl_list } } } } ]
198
199 ckres "Setattr acl" $status $expcode $res $FAIL
200
201 # Re-read ACL values
202 set res2 [compound {Putfh $tfh; \
203 Getattr acl }]
204
205 ckres "Getattr acl again" $status $expcode $res2 $FAIL
206
207 if { $status == "OK" } {
208 set new_acl_list [extract_acl_list $res2]
209 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
210
211 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
212 putmsg stderr 0 \
213 "\t Test FAIL: lists do not match."
214 } else {
215 putmsg stdout 0 "\t Test PASS"
216 }
217 }
218
219 puts ""
220
221 # ------------------------------------------------------------------------
222 # d: Test restoring file other read/execute perms - expect OK
223
224 set tag "$TNAME{d}"
225 set ASSERTION "Test restoring file other read/execute perms - expect $expcode"
226 putmsg stdout 0 "$tag: $ASSERTION"
227
228 restore_perms $tfh OTHER FILE
229
230 # ------------------------------------------------------------------------
231 # e: Test removing file other write/execute perms - expect OK
232
233 set tag "$TNAME{e}"
234 set ASSERTION "Test removing file other write/execute perms - expect $expcode"
235 putmsg stdout 0 "$tag: $ASSERTION"
236
237 set sid {0 0}
238
239 set other_allow_mask [ aclmask [ concat $GENERIC_ALLOW_ACL $POSIX_READ_ACL ] ]
240
241 set other_deny_mask [ aclmask [ concat $GENERIC_DENY_ACL $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
242
243 # get the initial ACL settings.
244 set initial_acl [compound {Putfh $tfh; \
245 Getattr acl }]
246
247 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
248
249 #
250 # Break the string returned from the Geattr acl command into
251 # a list and then extract the actual ACL settings.
252 #
253 set acl_list [extract_acl_list $initial_acl]
254 putmsg stderr 1 "$tag: initial ACL : $acl_list"
255
256 # Create the new ACL settings by replacing the appropriate entries.
257 set acl_list [lreplace $acl_list $other_allow_pos $other_allow_pos "0 0 $other_allow_mask EVERYONE\@"]
258 set acl_list [lreplace $acl_list $other_deny_pos $other_deny_pos "1 0 $other_deny_mask EVERYONE\@"]
259 putmsg stderr 1 "$tag: new ACL : $acl_list"
260
261 # Set the new ACL values.
262 set res [compound {Putfh $tfh; \
263 Setattr $sid { {acl \
264 { $acl_list } } } } ]
265
266 ckres "Setattr acl" $status $expcode $res $FAIL
267
268 # Re-read ACL values
269 set res2 [compound {Putfh $tfh; \
270 Getattr acl }]
271
272 ckres "Getattr acl again" $status $expcode $res2 $FAIL
273
274 if { $status == "OK" } {
275 set new_acl_list [extract_acl_list $res2]
276 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
277
278 if { [compare_acl_lists $new_acl_list $acl_list] != 0} {
279 putmsg stderr 0 \
280 "\t Test FAIL: lists do not match."
281 } else {
282 putmsg stdout 0 "\t Test PASS"
283 }
284 }
285
286 puts ""
287
288 # ------------------------------------------------------------------------
289 # f: Test restoring file other write/execute perms - expect OK
290
291 set tag "$TNAME{f}"
292 set ASSERTION "Test restoring file other write/execute perms - expect $expcode"
293 putmsg stdout 0 "$tag: $ASSERTION"
294
295 restore_perms $tfh OTHER FILE
296
297 # ------------------------------------------------------------------------
298 # Cleanup
299 #
300 set tag "$TNAME-cleanup"
301 set res3 [compound {Putfh $bfh; Remove $tfile}]
302 if {$status != "OK"} {
303 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
304 putmsg stderr 0 "\t status=$status; please cleanup manually."
305 putmsg stderr 1 "\t res=($res3)"
306 putmsg stderr 1 " "
307 }
308
309 Disconnect
310 exit $PASS