1 #
2 # CDDL HEADER START
3 #
4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
7 #
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
12 #
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
18 #
19 # CDDL HEADER END
20 #
21
22 #
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
25 #
26
27 #
28 # Copyright (c) 2013 by Delphix. All rights reserved.
29 # Copyright 2016 Nexenta Systems, Inc.
30 #
31
32 . $STF_SUITE/include/libtest.shlib
33 . $STF_SUITE/tests/functional/delegate/delegate.cfg
34
35 #
36 # Cleanup exist user/group.
37 #
38 function cleanup_user_group
39 {
40 typeset i
41 for i in $STAFF1 $STAFF2 $OTHER1 $OTHER2 ; do
42 del_user $i
43 done
44 for i in $STAFF_GROUP $OTHER_GROUP ; do
45 del_group $i
46 done
47
48 return 0
49 }
50
51 #
52 # Restore test file system to the original status.
53 #
54 function restore_root_datasets
55 {
56 if datasetexists $ROOT_TESTFS ; then
57 log_must $ZFS destroy -Rf $ROOT_TESTFS
58 fi
59 log_must $ZFS create $ROOT_TESTFS
60
61 if is_global_zone ; then
62 if datasetexists $ROOT_TESTVOL ; then
63 log_must $ZFS destroy -Rf $ROOT_TESTVOL
64 fi
65 log_must $ZFS create -V $VOLSIZE $ROOT_TESTVOL
66 fi
67
68 return 0
69 }
70
71 #
72 # Verify the specified user have permission on the dataset
73 #
74 # $1 dataset
75 # $2 permissions which are separated by comma(,)
76 # $3-n users
77 #
78 function verify_perm
79 {
80 typeset dtst=$1
81 typeset permissions=$2
82 shift 2
83
84 if [[ -z $@ || -z $permissions || -z $dtst ]]; then
85 return 1
86 fi
87
88 typeset type=$(get_prop type $dtst)
89 permissions=$($ECHO $permissions | $TR -s "," " ")
90
91 typeset user
92 for user in $@; do
93 typeset perm
94 for perm in $permissions; do
95 typeset -i ret=1
96 if [[ $type == "filesystem" ]]; then
97 check_fs_perm $user $perm $dtst
98 ret=$?
99 elif [[ $type == "volume" ]]; then
100 check_vol_perm $user $perm $dtst
101 ret=$?
102 fi
103
104 if ((ret != 0)) ; then
105 log_note "Fail: $user should have $perm " \
106 "on $dtst"
107 return 1
108 fi
109 done
110 done
111
112 return 0
113 }
114
115 #
116 # Verify the specified user have no permission on the dataset
117 #
118 # $1 dataset
119 # $2 permissions which are separated by comma(,)
120 # $3-n users
121 #
122 function verify_noperm
123 {
124 typeset dtst=$1
125 typeset permissions=$2
126 shift 2
127
128 if [[ -z $@ || -z $permissions || -z $dtst ]]; then
129 return 1
130 fi
131
132 typeset type=$(get_prop type $dtst)
133 permissions=$($ECHO $permissions | $TR -s "," " ")
134
135 typeset user
136 for user in $@; do
137 typeset perm
138 for perm in $permissions; do
139 typeset -i ret=1
140 if [[ $type == "filesystem" ]]; then
141 check_fs_perm $user $perm $dtst
142 ret=$?
143 elif [[ $type == "volume" ]]; then
144 check_vol_perm $user $perm $dtst
145 ret=$?
146 fi
147
148 if ((ret == 0)) ; then
149 log_note "Fail: $user should not have $perm " \
150 "on $dtst"
151 return 1
152 fi
153 done
154 done
155
156 return 0
157 }
158
159 function common_perm
160 {
161 typeset user=$1
162 typeset perm=$2
163 typeset dtst=$3
164
165 typeset -i ret=1
166 case $perm in
167 send)
168 verify_send $user $perm $dtst
169 ret=$?
170 ;;
171 allow)
172 verify_allow $user $perm $dtst
173 ret=$?
174 ;;
175 userprop)
176 verify_userprop $user $perm $dtst
177 ret=$?
178 ;;
179 compression|checksum|readonly)
180 verify_ccr $user $perm $dtst
181 ret=$?
182 ;;
183 copies)
184 verify_copies $user $perm $dtst
185 ret=$?
186 ;;
187 reservation)
188 verify_reservation $user $perm $dtst
189 ret=$?
190 ;;
191 *)
192 ret=1
193 ;;
194 esac
195
196 return $ret
197 }
198
199 function check_fs_perm
200 {
201 typeset user=$1
202 typeset perm=$2
203 typeset fs=$3
204
205 typeset -i ret=1
206 case $perm in
207 create)
208 verify_fs_create $user $perm $fs
209 ret=$?
210 ;;
211 destroy)
212 verify_fs_destroy $user $perm $fs
213 ret=$?
214 ;;
215 snapshot)
216 verify_fs_snapshot $user $perm $fs
217 ret=$?
218 ;;
219 rollback)
220 verify_fs_rollback $user $perm $fs
221 ret=$?
222 ;;
223 clone)
224 verify_fs_clone $user $perm $fs
225 ret=$?
226 ;;
227 rename)
228 verify_fs_rename $user $perm $fs
229 ret=$?
230 ;;
231 mount)
232 verify_fs_mount $user $perm $fs
233 ret=$?
234 ;;
235 share)
236 verify_fs_share $user $perm $fs
237 ret=$?
238 ;;
239 mountpoint)
240 verify_fs_mountpoint $user $perm $fs
241 ret=$?
242 ;;
243 promote)
244 verify_fs_promote $user $perm $fs
245 ret=$?
246 ;;
247 canmount)
248 verify_fs_canmount $user $perm $fs
249 ret=$?
250 ;;
251 recordsize)
252 verify_fs_recordsize $user $perm $fs
253 ret=$?
254 ;;
255 quota)
256 verify_fs_quota $user $perm $fs
257 ret=$?
258 ;;
259 aclmode)
260 verify_fs_aclmode $user $perm $fs
261 ret=$?
262 ;;
263 aclinherit)
264 verify_fs_aclinherit $user $perm $fs
265 ret=$?
266 ;;
267 snapdir)
268 verify_fs_snapdir $user $perm $fs
269 ret=$?
270 ;;
271 atime|exec|devices|setuid|xattr)
272 verify_fs_aedsx $user $perm $fs
273 ret=$?
274 ;;
275 zoned)
276 verify_fs_zoned $user $perm $fs
277 ret=$?
278 ;;
279 sharenfs)
280 verify_fs_sharenfs $user $perm $fs
281 ret=$?
282 ;;
283 receive)
284 verify_fs_receive $user $perm $fs
285 ret=$?
286 ;;
287 *)
288 common_perm $user $perm $fs
289 ret=$?
290 ;;
291 esac
292
293 return $ret
294 }
295
296 function check_vol_perm
297 {
298 typeset user=$1
299 typeset perm=$2
300 typeset vol=$3
301
302 typeset -i ret=1
303 case $perm in
304 destroy)
305 verify_vol_destroy $user $perm $vol
306 ret=$?
307 ;;
308 snapshot)
309 verify_vol_snapshot $user $perm $vol
310 ret=$?
311 ;;
312 rollback)
313 verify_vol_rollback $user $perm $vol
314 ret=$?
315 ;;
316 clone)
317 verify_vol_clone $user $perm $vol
318 ret=$?
319 ;;
320 rename)
321 verify_vol_rename $user $perm $vol
322 ret=$?
323 ;;
324 promote)
325 verify_vol_promote $user $perm $vol
326 ret=$?
327 ;;
328 volsize)
329 verify_vol_volsize $user $perm $vol
330 ret=$?
331 ;;
332 *)
333 common_perm $user $perm $vol
334 ret=$?
335 ;;
336 esac
337
338 return $ret
339 }
340
341 function setup_unallow_testenv
342 {
343 log_must restore_root_datasets
344
345 log_must $ZFS create $SUBFS
346
347 for dtst in $DATASETS ; do
348 log_must $ZFS allow -l $STAFF1 $LOCAL_SET $dtst
349 log_must $ZFS allow -d $STAFF2 $DESC_SET $dtst
350 log_must $ZFS allow $OTHER1 $LOCAL_DESC_SET $dtst
351 log_must $ZFS allow $OTHER2 $LOCAL_DESC_SET $dtst
352
353 log_must verify_perm $dtst $LOCAL_SET $STAFF1
354 log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER1
355 log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2
356 if [[ $dtst == $ROOT_TESTFS ]]; then
357 log_must verify_perm $SUBFS $DESC_SET $STAFF2
358 log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER1
359 log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER2
360 fi
361 done
362
363 return 0
364 }
365
366 #
367 # Verify permission send for specified user on the dataset
368 # $1 user
369 # $2 permission
370 # $3 dataset
371 #
372 function verify_send
373 {
374 typeset user=$1
375 typeset perm=$2
376 typeset dtst=$3
377
378 typeset oldval
379 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
380 typeset snap=$dtst@snap.$stamp
381
382 typeset -i ret=1
383
384 log_must $ZFS snapshot $snap
385 typeset bak_user=/tmp/bak.$user.$stamp
386 typeset bak_root=/tmp/bak.root.$stamp
387
388 user_run $user eval "$ZFS send $snap > $bak_user"
389 log_must eval "$ZFS send $snap > $bak_root"
390
391 if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
392 ret=0
393 fi
394
395 $RM -rf $bak_user > /dev/null
396 $RM -rf $bak_root > /dev/null
397
398 return $ret
399 }
400
401 function verify_fs_receive
402 {
403 typeset user=$1
404 typeset perm=$2
405 typeset fs=$3
406
407 typeset dtst
408 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
409 typeset newfs=$fs/newfs.$stamp
410 typeset newvol=$fs/newvol.$stamp
411 typeset bak_user=/tmp/bak.$user.$stamp
412 typeset bak_root=/tmp/bak.root.$stamp
413
414 log_must $ZFS create $newfs
415 typeset datasets="$newfs"
416 if is_global_zone ; then
417 log_must $ZFS create -V $VOLSIZE $newvol
418 datasets="$newfs $newvol"
419 fi
420
421 for dtst in $datasets ; do
422
423 typeset dtstsnap=$dtst@snap.$stamp
424 log_must $ZFS snapshot $dtstsnap
425
426 log_must eval "$ZFS send $dtstsnap > $bak_root"
427 log_must $ZFS destroy -rf $dtst
428
429 user_run $user eval "$ZFS receive $dtst < $bak_root"
430 if datasetexists $dtstsnap ; then
431 return 1
432 fi
433
434 log_must $ZFS allow $user create $fs
435 user_run $user eval "$ZFS receive $dtst < $bak_root"
436 log_must $ZFS unallow $user create $fs
437 if datasetexists $dtstsnap ; then
438 return 1
439 fi
440
441 log_must $ZFS allow $user mount $fs
442 user_run $user eval "$ZFS receive $dtst < $bak_root"
443 log_must $ZFS unallow $user mount $fs
444 if datasetexists $dtstsnap ; then
445 return 1
446 fi
447
448 log_must $ZFS allow $user mount,create $fs
449 user_run $user eval "$ZFS receive $dtst < $bak_root"
450 log_must $ZFS unallow $user mount,create $fs
451 if ! datasetexists $dtstsnap ; then
452 return 1
453 fi
454
455 # check the data integrity
456 log_must eval "$ZFS send $dtstsnap > $bak_user"
457 log_must $ZFS destroy -rf $dtst
458 log_must eval "$ZFS receive $dtst < $bak_root"
459 log_must eval "$ZFS send $dtstsnap > $bak_root"
460 log_must $ZFS destroy -rf $dtst
461 if [[ $(checksum $bak_user) != $(checksum $bak_root) ]]; then
462 return 1
463 fi
464
465 $RM -rf $bak_user > /dev/null
466 $RM -rf $bak_root > /dev/null
467
468 done
469
470 return 0
471 }
472
473 function verify_userprop
474 {
475 typeset user=$1
476 typeset perm=$2
477 typeset dtst=$3
478
479 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
480
481 user_run $user $ZFS set "$user:ts=$stamp" $dtst
482 if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
483 return 1
484 fi
485
486 return 0
487 }
488
489 function verify_ccr
490 {
491 typeset user=$1
492 typeset perm=$2
493 typeset dtst=$3
494
495 typeset oldval
496
497 set -A modes "on" "off"
498 oldval=$(get_prop $perm $dtst)
499 if [[ $oldval == "on" ]]; then
500 n=1
501 elif [[ $oldval == "off" ]]; then
502 n=0
503 fi
504 log_note "$user $ZFS set $perm=${modes[$n]} $dtst"
505 user_run $user $ZFS set $perm=${modes[$n]} $dtst
506 if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
507 return 1
508 fi
509
510 return 0
511 }
512
513 function verify_copies
514 {
515 typeset user=$1
516 typeset perm=$2
517 typeset dtst=$3
518
519 typeset oldval
520
521 set -A modes 1 2 3
522 oldval=$(get_prop $perm $dtst)
523 if [[ $oldval -eq 1 ]]; then
524 n=1
525 elif [[ $oldval -eq 2 ]]; then
526 n=2
527 elif [[ $oldval -eq 3 ]]; then
528 n=0
529 fi
530 log_note "$user $ZFS set $perm=${modes[$n]} $dtst"
531 user_run $user $ZFS set $perm=${modes[$n]} $dtst
532 if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
533 return 1
534 fi
535
536 return 0
537 }
538
539 function verify_reservation
540 {
541 typeset user=$1
542 typeset perm=$2
543 typeset dtst=$3
544
545 typeset value32m=$(( 1024 * 1024 * 32 ))
546 typeset oldval=$(get_prop reservation $dtst)
547 user_run $user $ZFS set reservation=$value32m $dtst
548 if [[ $value32m != $(get_prop reservation $dtst) ]]; then
549 log_must $ZFS set reservation=$oldval $dtst
550 return 1
551 fi
552
553 log_must $ZFS set reservation=$oldval $dtst
554 return 0
555 }
556
557 function verify_fs_create
558 {
559 typeset user=$1
560 typeset perm=$2
561 typeset fs=$3
562
563 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
564 typeset newfs=$fs/nfs.$stamp
565 typeset newvol=$fs/nvol.$stamp
566
567 user_run $user $ZFS create $newfs
568 if datasetexists $newfs ; then
569 return 1
570 fi
571
572 log_must $ZFS allow $user mount $fs
573 user_run $user $ZFS create $newfs
574 log_must $ZFS unallow $user mount $fs
575 if ! datasetexists $newfs ; then
576 return 1
577 fi
578
579 log_must $ZFS destroy $newfs
580
581 if is_global_zone ; then
582 # mount permission is required for sparse volume
583 user_run $user $ZFS create -V 150m -s $newvol
584 if datasetexists $newvol ; then
585 return 1
586 fi
587
588 log_must $ZFS allow $user mount $fs
589 user_run $user $ZFS create -V 150m -s $newvol
590 log_must $ZFS unallow $user mount $fs
591 if ! datasetexists $newvol ; then
592 return 1
593 fi
594 log_must $ZFS destroy $newvol
595
596 # mount and reserveration permission are
597 # required for normal volume
598 user_run $user $ZFS create -V 150m $newvol
599 if datasetexists $newvol ; then
600 return 1
601 fi
602
603 log_must $ZFS allow $user mount $fs
604 user_run $user $ZFS create -V 150m $newvol
605 log_must $ZFS unallow $user mount $fs
606 if datasetexists $newvol ; then
607 return 1
608 fi
609
610 log_must $ZFS allow $user reservation $fs
611 user_run $user $ZFS create -V 150m $newvol
612 log_must $ZFS unallow $user reservation $fs
613 if datasetexists $newvol ; then
614 return 1
615 fi
616
617 log_must $ZFS allow $user refreservation $fs
618 user_run $user $ZFS create -V 150m $newvol
619 log_must $ZFS unallow $user refreservation $fs
620 if datasetexists $newvol ; then
621 return 1
622 fi
623
624 log_must $ZFS allow $user mount $fs
625 log_must $ZFS allow $user reservation $fs
626 log_must $ZFS allow $user refreservation $fs
627 user_run $user $ZFS create -V 150m $newvol
628 log_must $ZFS unallow $user mount $fs
629 log_must $ZFS unallow $user reservation $fs
630 log_must $ZFS unallow $user refreservation $fs
631 if ! datasetexists $newvol ; then
632 return 1
633 fi
634 log_must $ZFS destroy $newvol
635 fi
636
637 return 0
638 }
639
640 function verify_fs_destroy
641 {
642 typeset user=$1
643 typeset perm=$2
644 typeset fs=$3
645
646 if ! ismounted $fs ; then
647 user_run $user $ZFS destroy $fs
648 if datasetexists $fs ; then
649 return 1
650 fi
651 fi
652
653 if ismounted $fs ; then
654 user_run $user $ZFS destroy $fs
655 if ! datasetexists $fs ; then
656 return 1
657 fi
658
659 # mount permission is required
660 log_must $ZFS allow $user mount $fs
661 user_run $user $ZFS destroy $fs
662 if datasetexists $fs ; then
663 return 1
664 fi
665 fi
666
667 return 0
668 }
669
670 # Verify that given the correct delegation, a regular user can:
671 # Take a snapshot of an unmounted dataset
672 # Take a snapshot of an mounted dataset
673 # Create a snapshot by making a directory in the .zfs/snapshot directory
674 function verify_fs_snapshot
675 {
676 typeset user=$1
677 typeset perm=$2
678 typeset fs=$3
679
680 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
681 typeset snap=$fs@snap.$stamp
682 typeset mntpt=$(get_prop mountpoint $fs)
683
684 if [[ "yes" == $(get_prop mounted $fs) ]]; then
685 log_must $ZFS umount $fs
686 fi
687
688 user_run $user $ZFS snapshot $snap
689 if ! datasetexists $snap ; then
690 return 1
691 fi
692 log_must $ZFS destroy $snap
693
694 if [[ "no" == $(get_prop mounted $fs) ]]; then
695 log_must $ZFS mount $fs
696 fi
697
698 user_run $user $ZFS snapshot $snap
699 if ! datasetexists $snap ; then
700 return 1
701 fi
702 log_must $ZFS destroy $snap
703
704 typeset snapdir=${mntpt}/.zfs/snapshot/snap.$stamp
705 user_run $user $MKDIR $snapdir
706 if ! datasetexists $snap ; then
707 return 1
708 fi
709 log_must $ZFS destroy $snap
710
711 return 0
712 }
713
714 function verify_fs_rollback
715 {
716 typeset user=$1
717 typeset perm=$2
718 typeset fs=$3
719
720 typeset oldval
721 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
722 typeset snap=$fs@snap.$stamp
723 typeset mntpt=$(get_prop mountpoint $fs)
724
725 oldval=$(datasetcksum $fs)
726 log_must $ZFS snapshot $snap
727
728 if ! ismounted $fs; then
729 log_must $ZFS mount $fs
730 fi
731 log_must $TOUCH $mntpt/testfile.$stamp
732
733 user_run $user $ZFS rollback -R $snap
734 if is_global_zone ; then
735 if [[ $oldval != $(datasetcksum $fs) ]]; then
736 return 1
737 fi
738 else
739 # datasetcksum can not be used in local zone
740 if [[ -e $mntpt/testfile.$stamp ]]; then
741 return 1
742 fi
743 fi
744
745 return 0
746 }
747
748 function verify_fs_clone
749 {
750 typeset user=$1
751 typeset perm=$2
752 typeset fs=$3
753
754 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
755 typeset basefs=${fs%/*}
756 typeset snap=$fs@snap.$stamp
757 typeset clone=$basefs/cfs.$stamp
758
759 log_must $ZFS snapshot $snap
760 user_run $user $ZFS clone $snap $clone
761 if datasetexists $clone ; then
762 return 1
763 fi
764
765 log_must $ZFS allow $user create $basefs
766 user_run $user $ZFS clone $snap $clone
767 log_must $ZFS unallow $user create $basefs
768 if datasetexists $clone ; then
769 return 1
770 fi
771
772 log_must $ZFS allow $user mount $basefs
773 user_run $user $ZFS clone $snap $clone
774 log_must $ZFS unallow $user mount $basefs
775 if datasetexists $clone ; then
776 return 1
777 fi
778
779 log_must $ZFS allow $user mount $basefs
780 log_must $ZFS allow $user create $basefs
781 user_run $user $ZFS clone $snap $clone
782 log_must $ZFS unallow $user create $basefs
783 log_must $ZFS unallow $user mount $basefs
784 if ! datasetexists $clone ; then
785 return 1
786 fi
787
788 log_must $ZFS destroy -R $snap
789
790 return 0
791 }
792
793 function verify_fs_rename
794 {
795 typeset user=$1
796 typeset perm=$2
797 typeset fs=$3
798
799 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
800 typeset basefs=${fs%/*}
801 typeset snap=$fs@snap.$stamp
802 typeset renamefs=$basefs/nfs.$stamp
803
804 if ! ismounted $fs; then
805 log_must $ZFS mount $fs
806 fi
807
808 # case 1
809 user_run $user $ZFS rename $fs $renamefs
810 if datasetexists $renamefs ; then
811 return 1
812 fi
813
814 # case 2
815 log_must $ZFS allow $user create $basefs
816 user_run $user $ZFS rename $fs $renamefs
817 log_must $ZFS unallow $user create $basefs
818 if datasetexists $renamefs ; then
819 return 1
820 fi
821
822 # case 3
823 log_must $ZFS allow $user mount $basefs
824 user_run $user $ZFS rename $fs $renamefs
825 log_must $ZFS unallow $user mount $basefs
826 if datasetexists $renamefs ; then
827 return 1
828 fi
829
830 # case 4
831 log_must $ZFS allow $user mount $fs
832 user_run $user $ZFS rename $fs $renamefs
833 if datasetexists $renamefs ; then
834 log_must $ZFS unallow $user mount $renamefs
835 return 1
836 fi
837 log_must $ZFS unallow $user mount $fs
838
839 # case 5
840 log_must $ZFS allow $user create $basefs
841 log_must $ZFS allow $user mount $fs
842 user_run $user $ZFS rename $fs $renamefs
843 log_must $ZFS unallow $user create $basefs
844 if datasetexists $renamefs ; then
845 log_must $ZFS unallow $user mount $renamefs
846 return 1
847 fi
848 log_must $ZFS unallow $user mount $fs
849
850 # case 6
851 log_must $ZFS allow $user mount $basefs
852 log_must $ZFS allow $user mount $fs
853 user_run $user $ZFS rename $fs $renamefs
854 log_must $ZFS unallow $user mount $basefs
855 if datasetexists $renamefs ; then
856 log_must $ZFS unallow $user mount $renamefs
857 return 1
858 fi
859 log_must $ZFS unallow $user mount $fs
860
861 # case 7
862 log_must $ZFS allow $user create $basefs
863 log_must $ZFS allow $user mount $basefs
864 user_run $user $ZFS rename $fs $renamefs
865 log_must $ZFS unallow $user mount $basefs
866 log_must $ZFS unallow $user create $basefs
867 if ! datasetexists $renamefs ; then
868 return 1
869 fi
870
871 log_must $ZFS rename $renamefs $fs
872
873 return 0
874 }
875
876 function verify_fs_mount
877 {
878 typeset user=$1
879 typeset perm=$2
880 typeset fs=$3
881
882 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
883 typeset mntpt=$(get_prop mountpoint $fs)
884 typeset newmntpt=/tmp/mnt.$stamp
885
886 if ismounted $fs ; then
887 user_run $user $ZFS unmount $fs
888 if ismounted $fs ; then
889 return 1
890 fi
891 fi
892
893 if ! ismounted $fs ; then
894 log_must $ZFS set mountpoint=$newmntpt $fs
895 log_must $RM -rf $newmntpt
896 log_must $MKDIR $newmntpt
897
898 user_run $user $ZFS mount $fs
899 if ismounted $fs ; then
900 return 1
901 fi
902
903 # mountpoint's owner must be the user
904 log_must $CHOWN $user $newmntpt
905 user_run $user $ZFS mount $fs
906 if ! ismounted $fs ; then
907 return 1
908 fi
909 log_must $ZFS umount $fs
910 log_must $RM -rf $newmntpt
911 log_must $ZFS set mountpoint=$mntpt $fs
912 fi
913
914 return 0
915 }
916
917 function verify_fs_share
918 {
919 typeset user=$1
920 typeset perm=$2
921 typeset fs=$3
922 typeset -i ret=0
923
924 $SVCADM enable -rs nfs/server
925 typeset stat=$($SVCS -H -o STA nfs/server:default)
926 if [[ $stat != "ON" ]]; then
927 log_fail "Could not enable nfs/server"
928 fi
929
930 log_must $ZFS set sharenfs=on $fs
931 $ZFS unshare $fs
932
933 user_run $user $ZFS share $fs
934 if ! is_shared $fs; then
935 ret=1
936 fi
937
938 $ZFS unshare $fs
939 log_must $ZFS set sharenfs=off $fs
940
941 return $ret
942 }
943
944 function verify_fs_mountpoint
945 {
946 typeset user=$1
947 typeset perm=$2
948 typeset fs=$3
949
950 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
951 typeset mntpt=$(get_prop mountpoint $fs)
952 typeset newmntpt=/tmp/mnt.$stamp
953
954 if ! ismounted $fs ; then
955 user_run $user $ZFS set mountpoint=$newmntpt $fs
956 if [[ $newmntpt != \
957 $(get_prop mountpoint $fs) ]] ; then
958 return 1
959 fi
960 log_must $ZFS set mountpoint=$mntpt $fs
961 fi
962
963 if ismounted $fs ; then
964 user_run $user $ZFS set mountpoint=$newmntpt $fs
965 if [[ $mntpt != $(get_prop mountpoint $fs) ]]; then
966 return 1
967 fi
968
969 # require mount permission when fs is mounted
970 log_must $ZFS allow $user mount $fs
971 user_run $user $ZFS set mountpoint=$newmntpt $fs
972 log_must $ZFS unallow $user mount $fs
973 if [[ $newmntpt != \
974 $(get_prop mountpoint $fs) ]] ; then
975 return 1
976 fi
977 log_must $ZFS set mountpoint=$mntpt $fs
978 fi
979
980 return 0
981 }
982
983 function verify_fs_promote
984 {
985 typeset user=$1
986 typeset perm=$2
987 typeset fs=$3
988
989 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
990 typeset basefs=${fs%/*}
991 typeset snap=$fs@snap.$stamp
992 typeset clone=$basefs/cfs.$stamp
993
994 log_must $ZFS snapshot $snap
995 log_must $ZFS clone $snap $clone
996 log_must $ZFS promote $clone
997
998 typeset fs_orig=$(get_prop origin $fs)
999 typeset clone_orig=$(get_prop origin $clone)
1000
1001 user_run $user $ZFS promote $fs
1002 # promote should fail if original fs does not have
1003 # promote permission
1004 if [[ $fs_orig != $(get_prop origin $fs) || \
1005 $clone_orig != $(get_prop origin $clone) ]]; then
1006 return 1
1007 fi
1008
1009 log_must $ZFS allow $user promote $clone
1010 user_run $user $ZFS promote $fs
1011 log_must $ZFS unallow $user promote $clone
1012 if [[ $fs_orig != $(get_prop origin $fs) || \
1013 $clone_orig != $(get_prop origin $clone) ]]; then
1014 return 1
1015 fi
1016
1017 log_must $ZFS allow $user mount $fs
1018 user_run $user $ZFS promote $fs
1019 log_must $ZFS unallow $user mount $fs
1020 if [[ $fs_orig != $(get_prop origin $fs) || \
1021 $clone_orig != $(get_prop origin $clone) ]]; then
1022 return 1
1023 fi
1024
1025 log_must $ZFS allow $user mount $fs
1026 log_must $ZFS allow $user promote $clone
1027 user_run $user $ZFS promote $fs
1028 log_must $ZFS unallow $user promote $clone
1029 log_must $ZFS unallow $user mount $fs
1030 if [[ $snap != $(get_prop origin $clone) || \
1031 $clone_orig != $(get_prop origin $fs) ]]; then
1032 return 1
1033 fi
1034
1035 return 0
1036 }
1037
1038 function verify_fs_canmount
1039 {
1040 typeset user=$1
1041 typeset perm=$2
1042 typeset fs=$3
1043
1044 typeset oldval
1045 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1046
1047 if ! ismounted $fs ; then
1048 set -A modes "on" "off"
1049 oldval=$(get_prop $perm $fs)
1050 if [[ $oldval == "on" ]]; then
1051 n=1
1052 elif [[ $oldval == "off" ]]; then
1053 n=0
1054 fi
1055 log_note "$user $ZFS set $perm=${modes[$n]} $fs"
1056 user_run $user $ZFS set $perm=${modes[$n]} $fs
1057 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1058 return 1
1059 fi
1060 fi
1061
1062
1063 # fs is mounted
1064 if ismounted $fs ; then
1065 # property value does not change if
1066 # no mount permission
1067 set -A modes "on" "off"
1068 oldval=$(get_prop $perm $fs)
1069 if [[ $oldval == "on" ]]; then
1070 n=1
1071 elif [[ $oldval == "off" ]]; then
1072 n=0
1073 fi
1074 log_note "$user $ZFS set $perm=${modes[$n]} $fs"
1075 log_must $ZFS allow $user mount $fs
1076 user_run $user $ZFS set $perm=${modes[$n]} $fs
1077 log_must $ZFS unallow $user mount $fs
1078 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1079 return 1
1080 fi
1081 fi
1082
1083 return 0
1084 }
1085
1086 function verify_fs_recordsize
1087 {
1088 typeset user=$1
1089 typeset perm=$2
1090 typeset fs=$3
1091
1092 typeset value8k=$(( 1024 * 8 ))
1093 user_run $user $ZFS set recordsize=$value8k $fs
1094 if [[ $value8k != $(get_prop recordsize $fs) ]]; then
1095 return 1
1096 fi
1097
1098 return 0
1099 }
1100
1101 function verify_fs_quota
1102 {
1103 typeset user=$1
1104 typeset perm=$2
1105 typeset fs=$3
1106
1107 typeset value32m=$(( 1024 * 1024 * 32 ))
1108 user_run $user $ZFS set quota=$value32m $fs
1109 if [[ $value32m != $(get_prop quota $fs) ]]; then
1110 return 1
1111 fi
1112
1113 return 0
1114 }
1115
1116 function verify_fs_aclmode
1117 {
1118 typeset user=$1
1119 typeset perm=$2
1120 typeset fs=$3
1121
1122 typeset oldval
1123 set -A modes "discard" "groupmask" "passthrough"
1124 oldval=$(get_prop $perm $fs)
1125 if [[ $oldval == "discard" ]]; then
1126 n=1
1127 elif [[ $oldval == "groupmask" ]]; then
1128 n=2
1129 elif [[ $oldval == "passthrough" ]]; then
1130 n=0
1131 fi
1132 log_note "$user $ZFS set aclmode=${modes[$n]} $fs"
1133 user_run $user $ZFS set aclmode=${modes[$n]} $fs
1134 if [[ ${modes[$n]} != $(get_prop aclmode $fs) ]]; then
1135 return 1
1136 fi
1137
1138 return 0
1139 }
1140
1141 function verify_fs_aclinherit
1142 {
1143 typeset user=$1
1144 typeset perm=$2
1145 typeset fs=$3
1146
1147 #
1148 # PSARC/2008/231 change the default value of aclinherit to "restricted"
1149 # but still keep the old interface of "secure"
1150 #
1151
1152 typeset oldval
1153 set -A modes "discard" "noallow" "secure" "passthrough"
1154 oldval=$(get_prop $perm $fs)
1155 if [[ $oldval == "discard" ]]; then
1156 n=1
1157 elif [[ $oldval == "noallow" ]]; then
1158 n=2
1159 elif [[ $oldval == "secure" || $oldval == "restricted" ]]; then
1160 n=3
1161 elif [[ $oldval == "passthrough" ]]; then
1162 n=0
1163 fi
1164 log_note "$user $ZFS set aclinherit=${modes[$n]} $fs"
1165 user_run $user $ZFS set aclinherit=${modes[$n]} $fs
1166
1167 typeset newval=$(get_prop aclinherit $fs)
1168 if [[ ${modes[$n]} == "secure" && $newval == "restricted" ]]; then
1169 return 0
1170 elif [[ ${modes[$n]} != $(get_prop aclinherit $fs) ]]; then
1171 return 1
1172 fi
1173
1174 return 0
1175 }
1176
1177 function verify_fs_snapdir
1178 {
1179 typeset user=$1
1180 typeset perm=$2
1181 typeset fs=$3
1182
1183 typeset oldval
1184 set -A modes "visible" "hidden"
1185 oldval=$(get_prop $perm $fs)
1186 if [[ $oldval == "visible" ]]; then
1187 n=1
1188 elif [[ $oldval == "hidden" ]]; then
1189 n=0
1190 fi
1191 log_note "$user $ZFS set snapdir=${modes[$n]} $fs"
1192 user_run $user $ZFS set snapdir=${modes[$n]} $fs
1193 if [[ ${modes[$n]} != $(get_prop snapdir $fs) ]]; then
1194 return 1
1195 fi
1196
1197 return 0
1198 }
1199
1200 function verify_fs_aedsx
1201 {
1202 typeset user=$1
1203 typeset perm=$2
1204 typeset fs=$3
1205
1206 typeset oldval
1207 set -A modes "on" "off"
1208 oldval=$(get_prop $perm $fs)
1209 if [[ $oldval == "on" ]]; then
1210 n=1
1211 elif [[ $oldval == "off" ]]; then
1212 n=0
1213 fi
1214 log_note "$user $ZFS set $perm=${modes[$n]} $fs"
1215 user_run $user $ZFS set $perm=${modes[$n]} $fs
1216 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1217 return 1
1218 fi
1219
1220 return 0
1221 }
1222
1223 function verify_fs_zoned
1224 {
1225 typeset user=$1
1226 typeset perm=$2
1227 typeset fs=$3
1228
1229 typeset oldval
1230 set -A modes "on" "off"
1231 oldval=$(get_prop $perm $fs)
1232 if [[ $oldval == "on" ]]; then
1233 n=1
1234 elif [[ $oldval == "off" ]]; then
1235 n=0
1236 fi
1237 log_note "$user $ZFS set $perm=${modes[$n]} $fs"
1238 if is_global_zone ; then
1239 if ! ismounted $fs ; then
1240 user_run $user $ZFS set \
1241 $perm=${modes[$n]} $fs
1242 if [[ ${modes[$n]} != \
1243 $(get_prop $perm $fs) ]]; then
1244 return 1
1245 fi
1246 if [[ $n -eq 0 ]]; then
1247 log_mustnot $ZFS mount $fs
1248 else
1249 log_must $ZFS mount $fs
1250 fi
1251 fi
1252
1253 if ismounted $fs; then
1254 # n always is 1 in this case
1255 user_run $user $ZFS set \
1256 $perm=${modes[$n]} $fs
1257 if [[ $oldval != \
1258 $(get_prop $perm $fs) ]]; then
1259 return 1
1260 fi
1261
1262 # mount permission is needed
1263 # to make zoned=on
1264 log_must $ZFS allow $user mount $fs
1265 user_run $user $ZFS set \
1266 $perm=${modes[$n]} $fs
1267 log_must $ZFS unallow $user mount $fs
1268 if [[ ${modes[$n]} != \
1269 $(get_prop $perm $fs) ]]; then
1270 return 1
1271 fi
1272 fi
1273 fi
1274
1275 if ! is_global_zone; then
1276 user_run $user $ZFS set $perm=${modes[$n]} $fs
1277 if [[ $oldval != $(get_prop $perm $fs) ]]; then
1278 return 1
1279 fi
1280 fi
1281
1282 return 0
1283 }
1284
1285 function verify_fs_sharenfs
1286 {
1287 typeset user=$1
1288 typeset perm=$2
1289 typeset fs=$3
1290 typeset nmode omode
1291
1292 omode=$(get_prop $perm $fs)
1293 if [[ $omode == "off" ]]; then
1294 nmode="on"
1295 else
1296 nmode="off"
1297 fi
1298
1299 log_note "$user $ZFS set $perm=$nmode $fs"
1300 user_run $user $ZFS set $perm=$nmode $fs
1301 if [[ $(get_prop $perm $fs) != $nmode ]]; then
1302 return 1
1303 fi
1304
1305 log_note "$user $ZFS set $perm=$omode $fs"
1306 user_run $user $ZFS set $perm=$omode $fs
1307 if [[ $(get_prop $perm $fs) != $omode ]]; then
1308 return 1
1309 fi
1310
1311 return 0
1312 }
1313
1314 function verify_vol_destroy
1315 {
1316 typeset user=$1
1317 typeset perm=$2
1318 typeset vol=$3
1319
1320 user_run $user $ZFS destroy $vol
1321 if ! datasetexists $vol ; then
1322 return 1
1323 fi
1324
1325 # mount permission is required
1326 log_must $ZFS allow $user mount $vol
1327 user_run $user $ZFS destroy $vol
1328 if datasetexists $vol ; then
1329 return 1
1330 fi
1331
1332 return 0
1333 }
1334
1335 function verify_vol_snapshot
1336 {
1337 typeset user=$1
1338 typeset perm=$2
1339 typeset vol=$3
1340
1341 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1342 typeset basevol=${vol%/*}
1343 typeset snap=$vol@snap.$stamp
1344
1345 user_run $user $ZFS snapshot $snap
1346 if datasetexists $snap ; then
1347 return 1
1348 fi
1349
1350 log_must $ZFS allow $user mount $vol
1351 user_run $user $ZFS snapshot $snap
1352 log_must $ZFS unallow $user mount $vol
1353 if ! datasetexists $snap ; then
1354 return 1
1355 fi
1356
1357 return 0
1358 }
1359
1360 function verify_vol_rollback
1361 {
1362 typeset user=$1
1363 typeset perm=$2
1364 typeset vol=$3
1365
1366 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1367 typeset basevol=${vol%/*}
1368 typeset snap=$vol@snap.$stamp
1369
1370 typeset oldval
1371 log_must $ZFS snapshot $snap
1372 oldval=$(datasetcksum $vol)
1373
1374 log_must $DD if=/dev/random of=/dev/zvol/rdsk/$vol \
1375 bs=512 count=1
1376
1377 user_run $user $ZFS rollback -R $snap
1378 $SLEEP 10
1379 if [[ $oldval == $(datasetcksum $vol) ]]; then
1380 return 1
1381 fi
1382
1383 # rollback on volume has to be with mount permission
1384 log_must $ZFS allow $user mount $vol
1385 user_run $user $ZFS rollback -R $snap
1386 $SLEEP 10
1387 log_must $ZFS unallow $user mount $vol
1388 if [[ $oldval != $(datasetcksum $vol) ]]; then
1389 return 1
1390 fi
1391
1392 return 0
1393 }
1394
1395 function verify_vol_clone
1396 {
1397 typeset user=$1
1398 typeset perm=$2
1399 typeset vol=$3
1400
1401 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1402 typeset basevol=${vol%/*}
1403 typeset snap=$vol@snap.$stamp
1404 typeset clone=$basevol/cvol.$stamp
1405
1406 log_must $ZFS snapshot $snap
1407
1408 user_run $user $ZFS clone $snap $clone
1409 if datasetexists $clone ; then
1410 return 1
1411 fi
1412
1413 log_must $ZFS allow $user create $basevol
1414 user_run $user $ZFS clone $snap $clone
1415 log_must $ZFS unallow $user create $basevol
1416 if datasetexists $clone ; then
1417 return 1
1418 fi
1419
1420 log_must $ZFS allow $user mount $basevol
1421 user_run $user $ZFS clone $snap $clone
1422 log_must $ZFS unallow $user mount $basevol
1423 if datasetexists $clone ; then
1424 return 1
1425 fi
1426
1427 # require create permission on parent and
1428 # mount permission on itself as well
1429 log_must $ZFS allow $user mount $basevol
1430 log_must $ZFS allow $user create $basevol
1431 user_run $user $ZFS clone $snap $clone
1432 log_must $ZFS unallow $user create $basevol
1433 log_must $ZFS unallow $user mount $basevol
1434 if ! datasetexists $clone ; then
1435 return 1
1436 fi
1437
1438 return 0
1439 }
1440
1441 function verify_vol_rename
1442 {
1443 typeset user=$1
1444 typeset perm=$2
1445 typeset vol=$3
1446
1447 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1448 typeset basevol=${vol%/*}
1449 typeset snap=$vol@snap.$stamp
1450 typeset clone=$basevol/cvol.$stamp
1451 typeset renamevol=$basevol/nvol.$stamp
1452
1453 user_run $user $ZFS rename $vol $renamevol
1454 if datasetexists $renamevol ; then
1455 return 1
1456 fi
1457
1458 log_must $ZFS allow $user create $basevol
1459 user_run $user $ZFS rename $vol $renamevol
1460 log_must $ZFS unallow $user create $basevol
1461 if datasetexists $renamevol ; then
1462 return 1
1463 fi
1464
1465 log_must $ZFS allow $user mount $basevol
1466 user_run $user $ZFS rename $vol $renamevol
1467 log_must $ZFS unallow $user mount $basevol
1468 if datasetexists $renamevol ; then
1469 return 1
1470 fi
1471
1472 # require both create permission on parent and
1473 # mount permission on parent as well
1474 log_must $ZFS allow $user mount $basevol
1475 log_must $ZFS allow $user create $basevol
1476 user_run $user $ZFS rename $vol $renamevol
1477 log_must $ZFS unallow $user mount $basevol
1478 log_must $ZFS unallow $user create $basevol
1479 if ! datasetexists $renamevol ; then
1480 return 1
1481 fi
1482
1483 log_must $ZFS rename $renamevol $vol
1484
1485 return 0
1486 }
1487
1488 function verify_vol_promote
1489 {
1490 typeset user=$1
1491 typeset perm=$2
1492 typeset vol=$3
1493
1494 typeset stamp=${perm}.${user}.$($DATE +'%F-%H%M%S')
1495 typeset basevol=${vol%/*}
1496 typeset snap=$vol@snap.$stamp
1497 typeset clone=$basevol/cvol.$stamp
1498
1499 log_must $ZFS snapshot $snap
1500 log_must $ZFS clone $snap $clone
1501 log_must $ZFS promote $clone
1502
1503 typeset vol_orig=$(get_prop origin $vol)
1504 typeset clone_orig=$(get_prop origin $clone)
1505
1506 # promote should fail if $vol and $clone
1507 # miss either mount or promote permission
1508 # case 1
1509 user_run $user $ZFS promote $vol
1510 if [[ $vol_orig != $(get_prop origin $vol) || \
1511 $clone_orig != $(get_prop origin $clone) ]];
1512 then
1513 return 1
1514 fi
1515
1516 # promote should fail if $vol and $clone
1517 # miss either mount or promote permission
1518 # case 2
1519 log_must $ZFS allow $user promote $clone
1520 user_run $user $ZFS promote $vol
1521 log_must $ZFS unallow $user promote $clone
1522 if [[ $vol_orig != $(get_prop origin $vol) || \
1523 $clone_orig != $(get_prop origin $clone) ]];
1524 then
1525 return 1
1526 fi
1527
1528 # promote should fail if $vol and $clone
1529 # miss either mount or promote permission
1530 # case 3
1531 log_must $ZFS allow $user mount $vol
1532 user_run $user $ZFS promote $vol
1533 log_must $ZFS unallow $user mount $vol
1534 if [[ $vol_orig != $(get_prop origin $vol) || \
1535 $clone_orig != $(get_prop origin $clone) ]];
1536 then
1537 return 1
1538 fi
1539
1540 # promote should fail if $vol and $clone
1541 # miss either mount or promote permission
1542 # case 4
1543 log_must $ZFS allow $user mount $clone
1544 user_run $user $ZFS promote $vol
1545 log_must $ZFS unallow $user mount $clone
1546 if [[ $vol_orig != $(get_prop origin $vol) || \
1547 $clone_orig != $(get_prop origin $clone) ]];
1548 then
1549 return 1
1550 fi
1551
1552 # promote should fail if $vol and $clone
1553 # miss either mount or promote permission
1554 # case 5
1555 log_must $ZFS allow $user promote $clone
1556 log_must $ZFS allow $user mount $vol
1557 user_run $user $ZFS promote $vol
1558 log_must $ZFS unallow $user promote $clone
1559 log_must $ZFS unallow $user mount $vol
1560 if [[ $vol_orig != $(get_prop origin $vol) || \
1561 $clone_orig != $(get_prop origin $clone) ]];
1562 then
1563 return 1
1564 fi
1565
1566 # promote should fail if $vol and $clone
1567 # miss either mount or promote permission
1568 # case 6
1569 log_must $ZFS allow $user promote $clone
1570 log_must $ZFS allow $user mount $clone
1571 user_run $user $ZFS promote $vol
1572 log_must $ZFS unallow $user promote $clone
1573 log_must $ZFS unallow $user mount $vol
1574 if [[ $vol_orig != $(get_prop origin $vol) || \
1575 $clone_orig != $(get_prop origin $clone) ]];
1576 then
1577 return 1
1578 fi
1579
1580 # promote should fail if $vol and $clone
1581 # miss either mount or promote permission
1582 # case 7
1583 log_must $ZFS allow $user mount $vol
1584 log_must $ZFS allow $user mount $clone
1585 user_run $user $ZFS promote $vol
1586 log_must $ZFS unallow $user mount $vol
1587 log_must $ZFS unallow $user mount $clone
1588 if [[ $vol_orig != $(get_prop origin $vol) || \
1589 $clone_orig != $(get_prop origin $clone) ]];
1590 then
1591 return 1
1592 fi
1593
1594 # promote only succeeds when $vol and $clone
1595 # have both mount and promote permission
1596 # case 8
1597 log_must $ZFS allow $user promote $clone
1598 log_must $ZFS allow $user mount $vol
1599 log_must $ZFS allow $user mount $clone
1600 user_run $user $ZFS promote $vol
1601 log_must $ZFS unallow $user promote $clone
1602 log_must $ZFS unallow $user mount $vol
1603 log_must $ZFS unallow $user mount $clone
1604 if [[ $snap != $(get_prop origin $clone) || \
1605 $clone_orig != $(get_prop origin $vol) ]]; then
1606 return 1
1607 fi
1608
1609 return 0
1610 }
1611
1612 function verify_vol_volsize
1613 {
1614 typeset user=$1
1615 typeset perm=$2
1616 typeset vol=$3
1617
1618 typeset oldval
1619 oldval=$(get_prop volsize $vol)
1620 (( newval = oldval * 2 ))
1621
1622 reserv_size=$(get_prop refreservation $vol)
1623
1624 if [[ "0" == $reserv_size ]]; then
1625 # sparse volume
1626 user_run $user $ZFS set volsize=$newval $vol
1627 if [[ $oldval == $(get_prop volsize $vol) ]];
1628 then
1629 return 1
1630 fi
1631
1632 else
1633 # normal volume, reservation permission
1634 # is required
1635 user_run $user $ZFS set volsize=$newval $vol
1636 if [[ $newval == $(get_prop volsize $vol) ]];
1637 then
1638 return 1
1639 fi
1640
1641 log_must $ZFS allow $user reservation $vol
1642 log_must $ZFS allow $user refreservation $vol
1643 user_run $user $ZFS set volsize=$newval $vol
1644 log_must $ZFS unallow $user reservation $vol
1645 log_must $ZFS unallow $user refreservation $vol
1646 if [[ $oldval == $(get_prop volsize $vol) ]];
1647 then
1648 return 1
1649 fi
1650 fi
1651
1652 return 0
1653 }
1654
1655 function verify_allow
1656 {
1657 typeset user=$1
1658 typeset perm=$2
1659 typeset dtst=$3
1660
1661 typeset -i ret
1662
1663 user_run $user $ZFS allow $user allow $dtst
1664 ret=$?
1665 if [[ $ret -eq 0 ]]; then
1666 return 1
1667 fi
1668
1669 log_must $ZFS allow $user copies $dtst
1670 user_run $user $ZFS allow $user copies $dtst
1671 ret=$?
1672 log_must $ZFS unallow $user copies $dtst
1673 if [[ $ret -eq 1 ]]; then
1674 return 1
1675 fi
1676
1677 return 0
1678
1679 }