xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_xattr_002_pos.ksh (revision 5f82aa32fbc5dc2c59bca6ff315f44a4c4c9ea86) 
1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2016 by Delphix. All rights reserved.
30#
31
32. $STF_SUITE/tests/functional/acl/acl_common.kshlib
33
34#
35# DESCRIPTION:
36#	Verify that the write_xattr for remove the extended attributes of
37#	owner/group/everyone are correct.
38#
39# STRATEGY:
40# 1. Create file and  directory in zfs filesystem
41# 2. Set special write_xattr ACE to the file and directory
42# 3. Try to remove the extended attributes of the file and directory
43# 4. Verify above operation is successful.
44#
45
46verify_runnable "both"
47
48function cleanup
49{
50	cd $cwd
51
52	cleanup_test_files $TESTDIR/basedir
53
54	if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
55		log_must rm -f $TESTDIR/$ARCHIVEFILE
56	fi
57
58	return 0
59}
60
61#	owner@	group	group_users		other_users
62set -A users \
63	"root"	"root"	"$ZFS_ACL_ADMIN"	"$ZFS_ACL_OTHER1" \
64	"$ZFS_ACL_STAFF1"	"$ZFS_ACL_STAFF_GROUP"	"$ZFS_ACL_STAFF2" \
65	"$ZFS_ACL_OTHER1"
66
67set -A a_access \
68	"write_xattr:allow" \
69	"write_xattr:deny"
70
71set -A a_flag "owner@" "group@" "everyone@"
72
73MYTESTFILE=/etc/passwd
74
75log_assert "Verify that the permission of write_xattr for " \
76	"owner/group/everyone while remove extended attributes are correct."
77log_onexit cleanup
78
79function operate_node #user node acl
80{
81	typeset user=$1
82	typeset node=$2
83	typeset acl_t=$3
84	typeset ret
85
86	if [[ $user == "" || $node == "" ]]; then
87		log_fail "user, node are not defined."
88	fi
89
90	chgusr_exec $user runat $node rm -f attr.0 ; ret=$?
91
92	if [[ $ret -eq 0 ]]; then
93		log_must cleanup_test_files $TESTDIR/basedir
94		log_must tar xpf@ $TESTDIR/$ARCHIVEFILE
95	fi
96
97	return $ret
98}
99
100function logname #acl_target owner user
101{
102	typeset acl_target=$1
103	typeset owner=$2
104	typeset user=$3
105	typeset ret="log_mustnot"
106
107	# To super user, read and write deny permission was override.
108	if [[ $user == root || $owner == $user ]] then
109		ret="log_must"
110	fi
111
112	print $ret
113}
114
115function check_chmod_results #node flag acl_target owner g_usr o_usr
116{
117	typeset node=$1
118	typeset flag=$2
119	typeset acl_target=$2:$3
120	typeset owner=$4
121	typeset g_usr=$5
122	typeset o_usr=$6
123	typeset log
124
125	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
126		log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER)
127		$log operate_node $ZFS_ACL_CUR_USER $node $acl_target
128	fi
129	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
130		log=$(logname $acl_target $owner $g_usr)
131		$log operate_node $g_usr $node $acl_target
132	fi
133	if [[ $flag == "everyone@" ]]; then
134		log=$(logname $acl_target $owner $o_usr)
135		$log operate_node $o_usr $node $acl_target
136	fi
137}
138
139function test_chmod_basic_access #node owner g_usr o_usr
140{
141	typeset node=${1%/}
142	typeset owner=$2
143	typeset g_usr=$3
144	typeset o_usr=$4
145	typeset flag acl_p acl_t parent
146
147	parent=${node%/*}
148
149	for flag in ${a_flag[@]}; do
150		for acl_t in "${a_access[@]}"; do
151			log_must usr_exec chmod A+$flag:$acl_t $node
152
153			log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir
154
155			check_chmod_results "$node" "$flag" \
156				"$acl_t" "$owner" "$g_usr" "$o_usr"
157
158			log_must usr_exec chmod A0- $node
159		done
160	done
161}
162
163function setup_test_files #base_node user group
164{
165	typeset base_node=$1
166	typeset user=$2
167	typeset group=$3
168
169	cleanup_test_files $base_node
170
171	log_must mkdir -p $base_node
172	log_must chown $user:$group $base_node
173
174	log_must set_cur_usr $user
175
176	# Prepare all files/sub-dirs for testing.
177
178	file0=$base_node/testfile_rm
179
180	dir0=$base_node/testdir_rm
181
182	log_must usr_exec touch $file0
183	log_must usr_exec chmod 444 $file0
184
185	log_must usr_exec runat $file0 cp $MYTESTFILE attr.0
186
187	log_must usr_exec mkdir -p $dir0
188	log_must usr_exec chmod 555 $dir0
189
190	log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0
191
192	log_must usr_exec chmod 555 $base_node
193	return 0
194}
195
196function cleanup_test_files #base_node
197{
198	typeset base_node=$1
199
200	if [[ -d $base_node ]]; then
201		log_must rm -rf $base_node
202	elif [[ -e $base_node ]]; then
203		log_must rm -f $base_node
204	fi
205
206	return 0
207}
208
209typeset cwd=$PWD
210typeset ARCHIVEFILE=archive.tar
211
212typeset -i i=0
213typeset -i j=0
214typeset target
215
216while (( i < ${#users[@]} )); do
217	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
218	cd $TESTDIR
219
220	j=0
221	while (( j < 1 )); do
222		eval target=\$file$j
223		test_chmod_basic_access $target ${users[i]} \
224			"${users[((i+2))]}" "${users[((i+3))]}"
225
226		eval target=\$dir$j
227		test_chmod_basic_access $target ${users[i]} \
228			"${users[((i+2))]}" "${users[((i+3))]}"
229
230		(( j = j + 1 ))
231	done
232
233	(( i += 4 ))
234done
235
236log_pass "Verify that the permission of write_xattr for " \
237	"owner/group/everyone while remove extended attributes are correct."
238