xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_xattr_002_pos.ksh (revision b6805bf78d2bbbeeaea8909a05623587b42d58b3) 
1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28. $STF_SUITE/tests/functional/acl/acl_common.kshlib
29
30#
31# DESCRIPTION:
32#	Verify that the write_xattr for remove the extended attributes of
33#	owner/group/everyone are correct.
34#
35# STRATEGY:
36# 1. Create file and  directory in zfs filesystem
37# 2. Set special write_xattr ACE to the file and directory
38# 3. Try to remove the extended attributes of the file and directory
39# 4. Verify above operation is successful.
40#
41
42verify_runnable "both"
43
44function cleanup
45{
46	cd $cwd
47
48	cleanup_test_files $TESTDIR/basedir
49
50	if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
51		log_must $RM -f $TESTDIR/$ARCHIVEFILE
52	fi
53
54	return 0
55}
56
57#	owner@	group	group_users		other_users
58set -A users \
59	"root"	"root"	"$ZFS_ACL_ADMIN"	"$ZFS_ACL_OTHER1" \
60	"$ZFS_ACL_STAFF1"	"$ZFS_ACL_STAFF_GROUP"	"$ZFS_ACL_STAFF2" \
61	"$ZFS_ACL_OTHER1"
62
63set -A a_access \
64	"write_xattr:allow" \
65	"write_xattr:deny"
66
67set -A a_flag "owner@" "group@" "everyone@"
68
69MYTESTFILE=/etc/passwd
70
71log_assert "Verify that the permission of write_xattr for " \
72	"owner/group/everyone while remove extended attributes are correct."
73log_onexit cleanup
74
75function operate_node #user node acl
76{
77	typeset user=$1
78	typeset node=$2
79	typeset acl_t=$3
80	typeset ret
81
82	if [[ $user == "" || $node == "" ]]; then
83		log_fail "user, node are not defined."
84	fi
85
86	chgusr_exec $user $RUNAT $node $RM -f attr.0 ; ret=$?
87
88	if [[ $ret -eq 0 ]]; then
89		log_must cleanup_test_files $TESTDIR/basedir
90		log_must $TAR xpf@ $TESTDIR/$ARCHIVEFILE
91	fi
92
93	return $ret
94}
95
96function logname #acl_target owner user
97{
98	typeset acl_target=$1
99	typeset owner=$2
100	typeset user=$3
101	typeset ret="log_mustnot"
102
103	# To super user, read and write deny permission was override.
104	if [[ $user == root || $owner == $user ]] then
105		ret="log_must"
106	fi
107
108	print $ret
109}
110
111function check_chmod_results #node flag acl_target owner g_usr o_usr
112{
113	typeset node=$1
114	typeset flag=$2
115	typeset acl_target=$2:$3
116	typeset owner=$4
117	typeset g_usr=$5
118	typeset o_usr=$6
119	typeset log
120
121	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
122		log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER)
123		$log operate_node $ZFS_ACL_CUR_USER $node $acl_target
124	fi
125	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
126		log=$(logname $acl_target $owner $g_usr)
127		$log operate_node $g_usr $node $acl_target
128	fi
129	if [[ $flag == "everyone@" ]]; then
130		log=$(logname $acl_target $owner $o_usr)
131		$log operate_node $o_usr $node $acl_target
132	fi
133}
134
135function test_chmod_basic_access #node owner g_usr o_usr
136{
137	typeset node=${1%/}
138	typeset owner=$2
139	typeset g_usr=$3
140	typeset o_usr=$4
141	typeset flag acl_p acl_t parent
142
143	parent=${node%/*}
144
145	for flag in ${a_flag[@]}; do
146		for acl_t in "${a_access[@]}"; do
147			log_must usr_exec $CHMOD A+$flag:$acl_t $node
148
149			log_must $TAR cpf@ $TESTDIR/$ARCHIVEFILE basedir
150
151			check_chmod_results "$node" "$flag" \
152				"$acl_t" "$owner" "$g_usr" "$o_usr"
153
154			log_must usr_exec $CHMOD A0- $node
155		done
156	done
157}
158
159function setup_test_files #base_node user group
160{
161	typeset base_node=$1
162	typeset user=$2
163	typeset group=$3
164
165	cleanup_test_files $base_node
166
167	log_must $MKDIR -p $base_node
168	log_must $CHOWN $user:$group $base_node
169
170	log_must set_cur_usr $user
171
172	# Prepare all files/sub-dirs for testing.
173
174	file0=$base_node/testfile_rm
175
176	dir0=$base_node/testdir_rm
177
178	log_must usr_exec $TOUCH $file0
179	log_must usr_exec $CHMOD 444 $file0
180
181	log_must usr_exec $RUNAT $file0 $CP $MYTESTFILE attr.0
182
183	log_must usr_exec $MKDIR -p $dir0
184	log_must usr_exec $CHMOD 555 $dir0
185
186	log_must usr_exec $RUNAT $dir0 $CP $MYTESTFILE attr.0
187
188	log_must usr_exec $CHMOD 555 $base_node
189	return 0
190}
191
192function cleanup_test_files #base_node
193{
194	typeset base_node=$1
195
196	if [[ -d $base_node ]]; then
197		log_must $RM -rf $base_node
198	elif [[ -e $base_node ]]; then
199		log_must $RM -f $base_node
200	fi
201
202	return 0
203}
204
205typeset cwd=$PWD
206typeset ARCHIVEFILE=archive.tar
207
208typeset -i i=0
209typeset -i j=0
210typeset target
211
212while (( i < ${#users[@]} )); do
213	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
214	cd $TESTDIR
215
216	j=0
217	while (( j < 1 )); do
218		eval target=\$file$j
219		test_chmod_basic_access $target ${users[i]} \
220			"${users[((i+2))]}" "${users[((i+3))]}"
221
222		eval target=\$dir$j
223		test_chmod_basic_access $target ${users[i]} \
224			"${users[((i+2))]}" "${users[((i+3))]}"
225
226		(( j = j + 1 ))
227	done
228
229	(( i += 4 ))
230done
231
232log_pass "Verify that the permission of write_xattr for " \
233	"owner/group/everyone while remove extended attributes are correct."
234