1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27 # uidmapping_pos05.ksh
28 # This file contains positive testcases for the setup that client domain
29 # is null. The testcases are divided into two groups, the first group
30 # are using chown/chgrp/ls to change user/group id and then verify it.
31 # They are:
32 #
33 # {a} - user is known to both client and server.
34 # {b} - group is known to both client and server.
35 # {c} - user is unknown to server
36 # {d} - user is unknown to client
37 #
38 # The second group are using setfacl/getfacl to modify acl entries and
39 # then verify it. They are:
40 #
41 # {e} - user is known to both client and server.
42 # {f} - group is known to both client and server.
43 # {g} - user is unknown to server
44
45 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
46
47 trap "cleanup" EXIT
48 trap "exit 1" HUP INT QUIT PIPE TERM
49
50 NAME=`basename $0`
51 UIDMAPENV="./uid_proc"
52 UNINITIATED=6
53
54 # set up script running environment
55 if [ ! -f $UIDMAPENV ]; then
56 echo "$NAME: UIDMAPENV[$UIDMAPENV] not found; test UNINITIATED."
57 exit $UNINITIATED
58 fi
59 . $UIDMAPENV
60
61 ASSERTIONS=${ASSERTIONS:-"a b c d e f g"}
62 DESC="client mapid domain is NULL, "
63
64 function setup
65 {
66 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
67
68 # get the IP address of SERVER
69 typeset srvipaddr=$(getent ipnodes $SERVER | head -1 | awk '{print $1}')
70
71 is_cipso "vers=4" $SERVER
72 if [ $? -eq $CIPSO_NFSV4 ]; then
73 return 0
74 fi
75
76 # run test cases on shared directory
77 cd $TESTDIR
78
79 # set up client domain
80 set_local_domain "" 2>$ERRLOG
81 ckreturn $? "could not set up domain $Sdomain on client" \
82 $ERRLOG "ERROR" || return 1
83
84 # create test file
85 touch $TESTFILE 2>$ERRLOG
86 ckreturn $? "could not create $TESTFILE" $ERRLOG "ERROR" || return 1
87
88 # when all naming services are down, there'll be no name->IP
89 # translation; so we will use SERVER's IP for testing.
90 SERVER=$srvipaddr
91 execute $SERVER root "echo SERVER=$SERVER" >$ERRLOG 2>&1
92 ckreturn $? "could not rsh to SERVER<$SERVER>" $ERRLOG "ERROR" || return 1
93 }
94
95 function cleanup
96 {
97 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
98
99 is_cipso "vers=4" $SERVER
100 if [ $? -eq $CIPSO_NFSV4 ]; then
101 return 0
102 fi
103
104 # we don't want user to interrupt cleanup procedure
105 trap '' HUP INT QUIT PIPE TERM
106
107 # remove testfile
108 rm -f $TESTFILE
109 ckreturn $? "could not remove $TESTFILE" $ERRLOG "WARNING"
110
111 # Change to other directory
112 cd $TESTROOT
113
114 restore_local_domain 2>$ERRLOG
115 ckreturn $? "could not restore local domain" $ERRLOG "WARNING"
116
117 # remove temporary file
118 rm -f $ERRLOG
119 ckreturn $? "could not remove $ERRLOG" /dev/null "WARNING"
120 }
121
122 #
123 # Assertions
124 #
125
126 # a: user known to both client and server. Stringlized UID is sent
127 # from client to server; user@domain is sent from server to client
128
129 function as_a
130 {
131 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
132
133 user=bin
134
135 exp=$user
136 desc="$DESC""user $user known to both client and server, "
137 desc="$desc""change file owner(chown), "
138 desc="$desc""check it on client and server(ls)"
139 assertion a "$desc" $exp
140
141 is_cipso "vers=4" $SERVER
142 if [ $? -eq $CIPSO_NFSV4 ]; then
143 echo "$NAME{a}: unsupported under CIPSO Trusted Extensions."
144 echo "\tTEST UNSUPPORTED"
145 return 1
146 fi
147
148 chown $user $TESTFILE 2>$ERRLOG
149 ckreturn $? "could not chown $TESTFILE" $ERRLOG "UNRESOLVED" \
150 || return 1
151
152 # check it on server side
153 res=$(execute $SERVER root "ls -l $ROOTDIR/$TESTFILE" | \
154 nawk '{print $3}')
155 if [ "$res" != "$exp" ]; then
156 ckres2 uidmapping "$res" $exp "incorrect user name on server side"
157 return 1
158 fi
159
160 # check it on client side
161 res=$(ls -l $TESTFILE | nawk '{print $3}')
162 ckres2 uidmapping "$res" $exp "incorrect user name on client side"
163 }
164
165 # b: group known to both client and server. Stringlized GID is sent
166 # from client to server, group@domain is sent from server to client.
167
168 function as_b
169 {
170 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
171
172 group=uucp
173
174 exp=$group
175 desc="$DESC""group $group known to both client and server, "
176 desc="$desc""change file owner_group(chgrp), "
177 desc="$desc""check it on client and server(ls)"
178 assertion b "$desc" $exp
179
180 is_cipso "vers=4" $SERVER
181 if [ $? -eq $CIPSO_NFSV4 ]; then
182 echo "$NAME{b}: unsupported under CIPSO Trusted Extensions."
183 echo "\tTEST UNSUPPORTED"
184 return 1
185 fi
186
187 chgrp $group $TESTFILE 2>$ERRLOG
188 ckreturn $? "could not chown $TESTFILE" $ERRLOG "UNRESOLVED" \
189 || return 1
190
191 # check it on server side
192 res=$(execute $SERVER root "ls -l $ROOTDIR/$TESTFILE" | \
193 nawk '{print $4}')
194 if [ "$res" != "$exp" ]; then
195 ckres2 uidmapping "$res" $exp "incorrect group name on server"
196 return 1
197 fi
198
199 # check it on client side
200 res=$(ls -l $TESTFILE | nawk '{print $4}')
201 ckres2 uidmapping "$res" $exp "incorrect group name on client"
202 }
203
204 # c: user unknown to server. Stringlized UID is sent from client to server,
205 # stringlized UID is sent from server to client.
206 function as_c
207 {
208 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
209
210 user=$TUSERC
211 userid=$TUSERCID
212
213 #
214 # Assertion c1
215 #
216
217 exp=$userid
218 desc="$DESC""user $user unknown to server, "
219 desc="$desc""change file owner(chown), "
220 desc="$desc""check it on server(ls)"
221 assertion c1 "$desc" $exp
222
223 is_cipso "vers=4" $SERVER
224 if [ $? -eq $CIPSO_NFSV4 ]; then
225 echo "$NAME{c1}: unsupported under CIPSO Trusted Extensions."
226 echo "\tTEST UNSUPPORTED"
227 return 1
228 fi
229
230 chown $user $TESTFILE 2>$ERRLOG
231 ckreturn $? "could not chown $TESTFILE" $ERRLOG "UNRESOLVED" \
232 || return 1
233
234 # Check it on server side
235 result=$(execute $SERVER root "ls -l $ROOTDIR/$TESTFILE" | \
236 nawk '{print $3}')
237 ckres2 uidmapping "$result" $exp "incorrect user name on server"
238
239 if [ "$result" != "$exp" ]; then
240 echo "$NAME{c2}: skipped because {c1} failed"
241 echo "\tTEST UNRESOLVED"
242 return 1
243 fi
244
245 #
246 # Assertion c2
247 #
248
249 exp=$user
250 desc="$DESC""user $user unknown to server, "
251 desc="$desc""change file owner(chown), "
252 desc="$desc""check it on client(ls)"
253 assertion c2 "$desc" $exp
254
255 # Check it on client side
256 res=$(ls -l $TESTFILE | nawk '{print $3}')
257 ckres2 uidmapping "$res" $exp "incorrect user name on client"
258 }
259
260 # d: userid unknown to client. Stringlized UID is sent from client to
261 # server, user@domain is sent from server to client.
262
263 function as_d
264 {
265 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
266
267 user=$TUSERS
268 userid=$TUSERSID
269
270 #
271 # Assertion d1
272 #
273
274 exp=$user
275 desc="$DESC""uid $userid unknown to client, "
276 desc="$desc""change file owner(chown), "
277 desc="$desc""check it on server(ls)"
278 assertion d1 "$desc" $exp
279
280 is_cipso "vers=4" $SERVER
281 if [ $? -eq $CIPSO_NFSV4 ]; then
282 echo "$NAME{d1}: unsupported under CIPSO Trusted Extensions."
283 echo "\tTEST UNSUPPORTED"
284 return 1
285 fi
286
287 chown $userid $TESTFILE 2>$ERRLOG
288 ckreturn $? "could not chown $TESTFILE" $ERRLOG "UNRESOLVED" \
289 || return 1
290
291 # Check it on server side
292 result=$(execute $SERVER root "ls -l $ROOTDIR/$TESTFILE" | \
293 nawk '{print $3}')
294 ckres2 uidmapping "$result" $exp "incorrect user name on server"
295
296 if [ "$result" != "$exp" ]; then
297 echo "$NAME{d2}: skipped because {d1} failed"
298 echo "\tTEST UNRESOLVED"
299 return 1
300 fi
301
302 #
303 # Assertion d2
304 #
305
306 exp="nobody"
307 desc="$DESC""uid $userid unknown to client, "
308 desc="$desc""change file owner(chown), "
309 desc="$desc""check it on client(ls)"
310 assertion d2 "$desc" $exp
311
312 is_cipso "vers=4" $SERVER
313 if [ $? -eq $CIPSO_NFSV4 ]; then
314 echo "$NAME{d2}: unsupported under CIPSO Trusted Extensions."
315 echo "\tTEST UNSUPPORTED"
316 return 1
317 fi
318
319 # Check it on client side
320 res=$(ls -l $TESTFILE | nawk '{print $3}')
321 ckres2 uidmapping "$res" $exp "incorrect user name on client"
322 }
323
324 # e: user known to both client and server. Stringlized UID is sent
325 # from client to server; user@domain is sent from server to client
326
327 function as_e
328 {
329 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
330
331 user=sys
332
333 exp=$user
334 desc="$DESC""user $user known to both client and server, "
335 desc="$desc""set user acl(setfacl), "
336 desc="$desc""check it on server and client(getfacl)"
337 assertion e "$desc" $exp
338
339 is_cipso "vers=4" $SERVER
340 if [ $? -eq $CIPSO_NFSV4 ]; then
341 echo "$NAME{e}: unsupported under CIPSO Trusted Extensions."
342 echo "\tTEST UNSUPPORTED"
343 return 1
344 fi
345
346 setfacl -m user:$user:rw- $TESTFILE 2>$ERRLOG
347 ckreturn $? "could not setfacal $TESTFILE" $ERRLOG "UNRESOLVED" \
348 || return 1
349
350 # check it on server side
351 if [ $TestZFS -eq 1 ]; then
352 # the remote file system is ZFS, using "ls -v" to get
353 # file ACL
354 res=$(execute $SERVER root "ls -v $ROOTDIR/$TESTFILE \
355 | grep user:$user | head -1 | cut -d: -f3")
356 else
357 # the remote file system is UFS, using getacl to get
358 # file ACL
359 res=$(execute $SERVER root "getfacl $ROOTDIR/$TESTFILE \
360 | grep user:$user | cut -d: -f2")
361 fi
362
363 if [ "$res" != "$exp" ]; then
364 ckres2 uidmapping "$res" $exp "incorrect user name on server"
365 return 1
366 fi
367
368
369 # check it on client side
370 res=$(get_acl_val user:$user $TESTFILE)
371 ckres2 uidmapping "$res" $exp "incorrect user name on client"
372 }
373
374 # f: group known to both client and server. Stringlized GID is sent
375 # from client to server; group@domain is sent from server to client
376
377 function as_f
378 {
379 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
380
381 group=nuucp
382
383 exp=$group
384 desc="$DESC""group $group known to both client and server, "
385 desc="$desc""set group acl(setfacl), "
386 desc="$desc""check it on server and client(getfacl)"
387 assertion f "$desc" $exp
388
389 is_cipso "vers=4" $SERVER
390 if [ $? -eq $CIPSO_NFSV4 ]; then
391 echo "$NAME{f}: unsupported under CIPSO Trusted Extensions."
392 echo "\tTEST UNSUPPORTED"
393 return 1
394 fi
395
396 setfacl -m group:$group:rw- $TESTFILE 2>$ERRLOG
397 ckreturn $? "could not setfacal $TESTFILE" $ERRLOG "UNRESOLVED" \
398 || return 1
399
400 # check it on server side
401 if [ $TestZFS -eq 1 ]; then
402 # the remote file system is ZFS, using "ls -v" to get
403 # file ACL
404 res=$(execute $SERVER root "ls -v $ROOTDIR/$TESTFILE \
405 | grep group:$group | head -1 | cut -d: -f3")
406 else
407 # the remote file system is UFS, using getacl to get
408 # file ACL
409 res=$(execute $SERVER root "getfacl $ROOTDIR/$TESTFILE \
410 | grep group:$group | cut -d: -f2")
411 fi
412
413 if [ "$res" != "$exp" ]; then
414 ckres2 uidmapping "$res" $exp "incorrect group name on server"
415 return 1
416 fi
417
418 # check it on client side
419 res=$(get_acl_val group:$group $TESTFILE)
420 ckres2 uidmapping "$res" $exp "incorrect group name on client"
421 }
422
423 # g: user unknown to server. Stringlized UID is sent from client to server
424 # and vice versa.
425
426 function as_g
427 {
428 [ -n "$DEBUG" ] && [ "$DEBUG" != "0" ] && set -x
429
430 user=$TUSERC
431 userid=$TUSERCID
432
433 #
434 # Assertion g1
435 #
436
437 exp=$userid
438 desc="$DESC""user $user unknown to server, "
439 desc="$desc""set user acl(setfacl), "
440 desc="$desc""check it on server(getfacl)"
441 assertion g1 "$desc" $exp
442
443 is_cipso "vers=4" $SERVER
444 if [ $? -eq $CIPSO_NFSV4 ]; then
445 echo "$NAME{g1}: unsupported under CIPSO Trusted Extensions."
446 echo "\tTEST UNSUPPORTED"
447 return 1
448 fi
449
450 setfacl -m user:$user:rw- $TESTFILE 2>$ERRLOG
451 ckreturn $? "could not setfacal $TESTFILE" $ERRLOG "UNRESOLVED" \
452 || return 1
453
454 # check it on server side
455 if [ $TestZFS -eq 1 ]; then
456 # the remote file system is ZFS, using "ls -v" to get
457 # file ACL
458 result=$(execute $SERVER root "ls -v $ROOTDIR/$TESTFILE \
459 | grep user:$userid | head -1 | cut -d: -f3")
460 else
461 # the remote file system is UFS, using getacl to get
462 # file ACL
463 result=$(execute $SERVER root "getfacl $ROOTDIR/$TESTFILE \
464 | grep user:$userid | cut -d: -f2")
465 fi
466
467 ckres2 uidmapping "$result" $exp "incorrect user name on server"
468
469 if [ "$result" != "$exp" ]; then
470 echo "$NAME{g2}: skipped because {g1} failed"
471 echo "\tTEST UNRESOLVED"
472 return 1
473 fi
474
475 #
476 # Assertion g2
477 #
478
479 exp=$user
480 desc="$DESC""user $user unknown to server, "
481 desc="$desc""set user acl(setfacl), "
482 desc="$desc""check it on client(getfacl)"
483 assertion g2 "$desc" $exp
484
485 # check it on client side
486 res=$(get_acl_val user:$user $TESTFILE)
487 ckres2 uidmapping "$res" $exp "incorrect user name on client"
488 }
489
490 # h: user id unknown to client. Stringlized UID is sent from client to server,
491 # and user@domain is sent from server to client.
492 #
493 # Note: Due to bug 6261858, the assertion couldn't pass. Since there is
494 # already a bug for it, to avoid unnecessary confusion, I didn't
495 # implement it at this time. The comment is used as placeholder for future
496 # development of this assertion.
497
498 # setup
499 setup || exit $UNINITIATED
500
501 # Main loop
502 for i in $ASSERTIONS
503 do
504 as_$i || print_state
505 done