1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28. $STF_SUITE/tests/functional/acl/acl_common.kshlib 29 30# 31# DESCRIPTION: 32# Verify assigned read_acl/write_acl to owner@/group@/everyone@, 33# specificied user and group. File have the correct access permission. 34# 35# STRATEGY: 36# 1. Separatedly verify file and directory was assigned read_acl/write_acl 37# by root and non-root user. 38# 2. Verify owner always can read and write acl, even deny. 39# 3. Verify group access permission, when group was assigned 40# read_acl/write_acl. 41# 4. Verify access permission, after everyone was assigned read_acl/write. 42# 5. Verify everyone@ was deny except specificied user, this user can read 43# and write acl. 44# 6. Verify the group was deny except specified user, this user can read 45# and write acl 46# 47 48verify_runnable "both" 49 50log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \ 51 "behaviour to access permission." 52log_onexit cleanup 53 54function read_ACL #<node> <user1> <user2> ... 55{ 56 typeset node=$1 57 typeset user 58 typeset -i ret 59 60 shift 61 for user in $@; do 62 chgusr_exec $user $LS -vd $node > /dev/null 2>&1 63 ret=$? 64 (( ret != 0 )) && return $ret 65 66 shift 67 done 68 69 return 0 70} 71 72function write_ACL #<node> <user1> <user2> ... 73{ 74 typeset node=$1 75 typeset user 76 typeset -i ret before_cnt after_cnt 77 78 shift 79 for user in "$@"; do 80 before_cnt=$(count_ACE $node) 81 ret=$?; 82 (( ret != 0 )) && return $ret 83 84 chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node 85 ret=$? 86 (( ret != 0 )) && return $ret 87 88 after_cnt=$(count_ACE $node) 89 ret=$? 90 (( ret != 0 )) && return $ret 91 92 chgusr_exec $user $CHMOD A0- $node 93 ret=$? 94 (( ret != 0 )) && return $ret 95 96 if (( after_cnt - before_cnt != 1 )); then 97 return 1 98 fi 99 100 shift 101 done 102 103 return 0 104} 105 106function check_owner #<node> 107{ 108 typeset node=$1 109 110 for acc in allow deny; do 111 log_must usr_exec \ 112 $CHMOD A0+owner@:read_acl/write_acl:$acc $node 113 log_must read_ACL $node $ZFS_ACL_CUR_USER 114 log_must write_ACL $node $ZFS_ACL_CUR_USER 115 log_must usr_exec $CHMOD A0- $node 116 done 117} 118 119function check_group #<node> 120{ 121 typeset node=$1 122 123 typeset grp_usr="" 124 if [[ $ZFS_ACL_CUR_USER == root ]]; then 125 grp_usr=$ZFS_ACL_ADMIN 126 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then 127 grp_usr=$ZFS_ACL_STAFF2 128 fi 129 130 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node 131 log_must read_ACL $node $grp_usr 132 log_must write_ACL $node $grp_usr 133 log_must usr_exec $CHMOD A0- $node 134 135 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node 136 log_mustnot read_ACL $node $grp_usr 137 log_mustnot write_ACL $node $grp_usr 138 log_must usr_exec $CHMOD A0- $node 139} 140 141function check_everyone #<node> 142{ 143 typeset node=$1 144 145 typeset flag 146 for flag in allow deny; do 147 if [[ $flag == allow ]]; then 148 log=log_must 149 else 150 log=log_mustnot 151 fi 152 153 log_must usr_exec \ 154 $CHMOD A0+everyone@:read_acl/write_acl:$flag $node 155 156 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 157 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 158 159 log_must usr_exec $CHMOD A0- $node 160 done 161} 162 163function check_spec_user #<node> 164{ 165 typeset node=$1 166 167 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 168 log_must usr_exec \ 169 $CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 170 171 # The specified user can read and write acl 172 log_must read_ACL $node $ZFS_ACL_OTHER1 173 log_must write_ACL $node $ZFS_ACL_OTHER1 174 175 # All the other user can't read and write acl 176 log_mustnot \ 177 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 178 log_mustnot \ 179 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 180 181 log_must usr_exec $CHMOD A0- $node 182 log_must usr_exec $CHMOD A0- $node 183} 184 185function check_spec_group #<node> 186{ 187 typeset node=$1 188 189 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node 190 log_must usr_exec $CHMOD \ 191 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node 192 193 # The specified group can read and write acl 194 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 195 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 196 197 # All the other user can't read and write acl 198 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 199 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 200} 201 202function check_user_in_group #<node> 203{ 204 typeset node=$1 205 206 log_must usr_exec $CHMOD \ 207 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node 208 log_must usr_exec $CHMOD \ 209 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node 210 log_must read_ACL $node $ZFS_ACL_OTHER1 211 log_must write_ACL $node $ZFS_ACL_OTHER1 212 log_mustnot read_ACL $node $ZFS_ACL_OTHER2 213 log_mustnot write_ACL $node $ZFS_ACL_OTHER2 214 215 log_must usr_exec $CHMOD A0- $node 216 log_must usr_exec $CHMOD A0- $node 217} 218 219set -A func_name check_owner \ 220 check_group \ 221 check_everyone \ 222 check_spec_user \ 223 check_spec_group \ 224 check_user_in_group 225 226for user in root $ZFS_ACL_STAFF1; do 227 log_must set_cur_usr $user 228 229 log_must usr_exec $TOUCH $testfile 230 log_must usr_exec $MKDIR $testdir 231 232 typeset func node 233 for func in ${func_name[@]}; do 234 for node in $testfile $testdir; do 235 eval $func \$node 236 done 237 done 238 239 log_must usr_exec $RM -rf $testfile $testdir 240done 241 242log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed." 243