1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26 # NFSv4 ACL attributes:
27 #
28 # a: Test server accepts ACE4_READ_NAMED_ATTRS but doesn't return it - expect OK
29 # b: Test restoring file owner perms - expect OK
30 # c: Test server accepts ACE4_WRITE_NAMED_ATTRS but doesn't return it - expect OK
31 # d: Test restoring file owner perms - expect OK
32 # e: Test server accepts ACE4_DELETE but doesn't return it - expect OK
33 # f: Test restoring all file owner perms - expect OK
34 #
35
36 set TESTROOT $env(TESTROOT)
37
38 # include common code and init section
39 source [file join ${TESTROOT} tcl.init]
40 source [file join ${TESTROOT} testproc]
41 source [file join ${TESTROOT} acltools]
42
43 # connect to the test server
44 Connect
45
46 # setting local variables
47 set TNAME $argv0
48 set expcode "OK"
49
50 set POSIX_READ_ACL $env(POSIX_READ_ACL)
51 set POSIX_WRITE_ACL $env(POSIX_WRITE_ACL)
52 set POSIX_EXECUTE_ACL $env(POSIX_EXECUTE_ACL)
53 set OWNER_ALLOW_ACL $env(OWNER_ALLOW_ACL)
54 set GENERIC_DENY_ACL $env(GENERIC_DENY_ACL)
55
56 # Get handle for base directory
57 set bfh [get_fh "$BASEDIRS"]
58
59 # Set params relating to test file
60 set tfile "newfile.[pid]"
61 set fpath [file join ${BASEDIR} ${tfile}]
62
63 # Create the test file with all perms set (-rwxrwxrwx) and get its handle.
64 set tfh "[creatv4_file $fpath 777]"
65 if {$tfh == $NULL} {
66 putmsg stdout 0 "$TNAME: test setup"
67 putmsg stderr 0 "\t Test UNRESOLVED: failed to create tmp file=($tfile)"
68 putmsg stderr 0 "\t\t status=($status)."
69 Disconnect
70 exit $UNRESOLVED
71 }
72
73 # Start testing
74 # ------------------------------------------------------------------------
75 # a: Test server accepts ACE4_READ_NAMED_ATTRS but doesn't return it - expect OK.
76
77 set tag "$TNAME{a}"
78 set ASSERTION "Test server accepts ACE4_READ_NAMED_ATTRS but doesn't return it - expect $expcode"
79 putmsg stdout 0 "$tag: $ASSERTION"
80
81 set sid {1 1}
82
83 set owner_allow_mask [ aclmask [ concat "ACE4_READ_NAMED_ATTRS" $OWNER_ALLOW_ACL $POSIX_READ_ACL \
84 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
85
86 set owner_deny_mask 0
87
88 # Access Mask expected back from server
89 set server_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
90 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
91
92
93 # get the initial ACL settings.
94 set initial_acl [compound {Putfh $tfh; \
95 Getattr acl }]
96
97 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
98
99 #
100 # Break the string returned from the Geattr acl command into
101 # a list and then extract the actual ACL settings.
102 #
103 set acl_list [extract_acl_list $initial_acl]
104 putmsg stderr 1 "$tag: initial ACL : $acl_list"
105
106 # Create the new ACL settings by replacing the appropriate entries.
107 #
108 # Order of entries in the list is as follows:
109 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
110 #
111 set mod_acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
112 set mod_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
113 putmsg stderr 1 "$tag: modified ACL : $mod_acl_list"
114
115 #
116 # Generate the ACL list we expect to see back from the server
117 set srv_acl_list [lreplace $acl_list 0 0 "0 0 $server_allow_mask OWNER\@"]
118 set srv_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
119 putmsg stderr 1 "$tag: server ACL : $srv_acl_list"
120
121 # Set the new ACL values.
122 set res [compound {Putfh $tfh; \
123 Setattr $sid { {acl \
124 { $mod_acl_list } } } } ]
125
126 ckres "Setattr acl" $status $expcode $res $FAIL
127
128 # Re-read ACL values
129 set res2 [compound {Putfh $tfh; \
130 Getattr acl }]
131
132 ckres "Getattr acl again" $status $expcode $res2 $FAIL
133
134 if { $status == "OK" } {
135 set new_acl_list [extract_acl_list $res2]
136 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
137
138 if { [compare_acl_lists $new_acl_list $srv_acl_list] != 0} {
139 putmsg stderr 0 \
140 "\t Test FAIL: lists do not match."
141 } else {
142 putmsg stdout 0 "\t Test PASS"
143 }
144 }
145
146 puts ""
147
148 # ------------------------------------------------------------------------
149 # b: Test restoring file owner perms - expect OK
150
151 set tag "$TNAME{b}"
152 set ASSERTION "Test restoring file owner perms - expect $expcode"
153 putmsg stdout 0 "$tag: $ASSERTION"
154
155 restore_perms $tfh OWNER FILE
156
157
158 # ------------------------------------------------------------------------
159 # c: Test server accepts ACE4_WRITE_NAMED_ATTRS but doesn't return it - expect OK.
160
161 set tag "$TNAME{c}"
162 set ASSERTION "Test server accepts ACE4_WRITE_NAMED_ATTRS but doesn't return it - expect $expcode"
163 putmsg stdout 0 "$tag: $ASSERTION"
164
165 set sid {1 1}
166
167 set owner_allow_mask [ aclmask [ concat "ACE4_WRITE_NAMED_ATTRS" $OWNER_ALLOW_ACL $POSIX_READ_ACL \
168 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
169
170 set owner_deny_mask 0
171
172 # Access Mask expected back from server
173 set server_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
174 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
175
176
177 # get the initial ACL settings.
178 set initial_acl [compound {Putfh $tfh; \
179 Getattr acl }]
180
181 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
182
183 #
184 # Break the string returned from the Geattr acl command into
185 # a list and then extract the actual ACL settings.
186 #
187 set acl_list [extract_acl_list $initial_acl]
188 putmsg stderr 1 "$tag: initial ACL : $acl_list"
189
190 # Create the new ACL settings by replacing the appropriate entries.
191 #
192 # Order of entries in the list is as follows:
193 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
194 #
195 set mod_acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
196 set mod_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
197 putmsg stderr 1 "$tag: modified ACL : $mod_acl_list"
198
199 #
200 # Generate the ACL list we expect to see back from the server
201 set srv_acl_list [lreplace $acl_list 0 0 "0 0 $server_allow_mask OWNER\@"]
202 set srv_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
203 putmsg stderr 1 "$tag: server ACL : $srv_acl_list"
204
205 # Set the new ACL values.
206 set res [compound {Putfh $tfh; \
207 Setattr $sid { {acl \
208 { $mod_acl_list } } } } ]
209
210 ckres "Setattr acl" $status $expcode $res $FAIL
211
212 # Re-read ACL values
213 set res2 [compound {Putfh $tfh; \
214 Getattr acl }]
215
216 ckres "Getattr acl again" $status $expcode $res2 $FAIL
217
218 if { $status == "OK" } {
219 set new_acl_list [extract_acl_list $res2]
220 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
221
222 if { [compare_acl_lists $new_acl_list $srv_acl_list] != 0} {
223 putmsg stderr 0 \
224 "\t Test FAIL: lists do not match."
225 } else {
226 putmsg stdout 0 "\t Test PASS"
227 }
228 }
229
230 puts ""
231
232 # ------------------------------------------------------------------------
233 # d: Test restoring file owner perms - expect OK
234
235 set tag "$TNAME{d}"
236 set ASSERTION "Test restoring file owner perms - expect $expcode"
237 putmsg stdout 0 "$tag: $ASSERTION"
238
239 restore_perms $tfh OWNER FILE
240
241 # ------------------------------------------------------------------------
242 # e: Test server accepts ACE4_DELETE but doesn't return it - expect OK.
243
244 set tag "$TNAME{e}"
245 set ASSERTION "Test server accepts ACE4_DELETE but doesn't return it - expect $expcode"
246 putmsg stdout 0 "$tag: $ASSERTION"
247
248 set sid {1 1}
249
250 set owner_allow_mask [ aclmask [ concat "ACE4_DELETE" $OWNER_ALLOW_ACL $POSIX_READ_ACL \
251 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
252
253 set owner_deny_mask 0
254
255 # Access Mask expected back from server
256 set server_allow_mask [ aclmask [ concat $OWNER_ALLOW_ACL $POSIX_READ_ACL \
257 $POSIX_WRITE_ACL $POSIX_EXECUTE_ACL ] ]
258
259
260 # get the initial ACL settings.
261 set initial_acl [compound {Putfh $tfh; \
262 Getattr acl }]
263
264 ckres "Getattr acl" $status $expcode $initial_acl $FAIL
265
266 #
267 # Break the string returned from the Geattr acl command into
268 # a list and then extract the actual ACL settings.
269 #
270 set acl_list [extract_acl_list $initial_acl]
271 putmsg stderr 1 "$tag: initial ACL : $acl_list"
272
273 # Create the new ACL settings by replacing the appropriate entries.
274 #
275 # Order of entries in the list is as follows:
276 # <OWNER><OWNER><GROUP><GROUP><GROUP><EVERYONE><EVERYONE>
277 #
278 set mod_acl_list [lreplace $acl_list 0 0 "0 0 $owner_allow_mask OWNER\@"]
279 set mod_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
280 putmsg stderr 1 "$tag: modified ACL : $mod_acl_list"
281
282 #
283 # Generate the ACL list we expect to see back from the server
284 set srv_acl_list [lreplace $acl_list 0 0 "0 0 $server_allow_mask OWNER\@"]
285 set srv_acl_list [lreplace $acl_list 1 1 "1 0 $owner_deny_mask OWNER\@"]
286 putmsg stderr 1 "$tag: server ACL : $srv_acl_list"
287
288 # Set the new ACL values.
289 set res [compound {Putfh $tfh; \
290 Setattr $sid { {acl \
291 { $mod_acl_list } } } } ]
292
293 ckres "Setattr acl" $status $expcode $res $FAIL
294
295 # Re-read ACL values
296 set res2 [compound {Putfh $tfh; \
297 Getattr acl }]
298
299 ckres "Getattr acl again" $status $expcode $res2 $FAIL
300
301 if { $status == "OK" } {
302 set new_acl_list [extract_acl_list $res2]
303 putmsg stderr 1 "$tag: re-read ACL : $new_acl_list"
304
305 if { [compare_acl_lists $new_acl_list $srv_acl_list] != 0} {
306 putmsg stderr 0 \
307 "\t Test FAIL: lists do not match."
308 } else {
309 putmsg stdout 0 "\t Test PASS"
310 }
311 }
312
313 puts ""
314
315 # ------------------------------------------------------------------------
316 # f: Test restoring file owner perms - expect OK
317
318 set tag "$TNAME{f}"
319 set ASSERTION "Test restoring file owner perms - expect $expcode"
320 putmsg stdout 0 "$tag: $ASSERTION"
321
322 restore_perms $tfh OWNER FILE
323
324 puts ""
325
326 # ------------------------------------------------------------------------
327 # Cleanup
328 #
329 set tag "$TNAME-cleanup"
330 set res3 [compound {Putfh $bfh; Remove $tfile}]
331 if {$status != "OK"} {
332 putmsg stderr 0 "\t WARNING: cleanup to remove created tmp file failed"
333 putmsg stderr 0 "\t status=$status; please cleanup manually."
334 putmsg stderr 1 "\t res=($res3)"
335 putmsg stderr 1 " "
336 }
337
338 Disconnect
339 exit $PASS