1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28. $STF_SUITE/tests/functional/acl/acl_common.kshlib 29 30# 31# DESCRIPTION: 32# Verify that the write_xattr for remove the extended attributes of 33# owner/group/everyone are correct. 34# 35# STRATEGY: 36# 1. Create file and directory in zfs filesystem 37# 2. Set special write_xattr ACE to the file and directory 38# 3. Try to remove the extended attributes of the file and directory 39# 4. Verify above operation is successful. 40# 41 42verify_runnable "both" 43 44function cleanup 45{ 46 cd $cwd 47 48 cleanup_test_files $TESTDIR/basedir 49 50 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 51 log_must $RM -f $TESTDIR/$ARCHIVEFILE 52 fi 53 54 return 0 55} 56 57# owner@ group group_users other_users 58set -A users \ 59 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 60 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 61 "$ZFS_ACL_OTHER1" 62 63set -A a_access \ 64 "write_xattr:allow" \ 65 "write_xattr:deny" 66 67set -A a_flag "owner@" "group@" "everyone@" 68 69MYTESTFILE=/etc/passwd 70 71log_assert "Verify that the permission of write_xattr for " \ 72 "owner/group/everyone while remove extended attributes are correct." 73log_onexit cleanup 74 75function operate_node #user node acl 76{ 77 typeset user=$1 78 typeset node=$2 79 typeset acl_t=$3 80 typeset ret 81 82 if [[ $user == "" || $node == "" ]]; then 83 log_fail "user, node are not defined." 84 fi 85 86 chgusr_exec $user $RUNAT $node $RM -f attr.0 ; ret=$? 87 88 if [[ $ret -eq 0 ]]; then 89 log_must cleanup_test_files $TESTDIR/basedir 90 log_must $TAR xpf@ $TESTDIR/$ARCHIVEFILE 91 fi 92 93 return $ret 94} 95 96function logname #acl_target owner user 97{ 98 typeset acl_target=$1 99 typeset owner=$2 100 typeset user=$3 101 typeset ret="log_mustnot" 102 103 # To super user, read and write deny permission was override. 104 if [[ $user == root || $owner == $user ]] then 105 ret="log_must" 106 fi 107 108 print $ret 109} 110 111function check_chmod_results #node flag acl_target owner g_usr o_usr 112{ 113 typeset node=$1 114 typeset flag=$2 115 typeset acl_target=$2:$3 116 typeset owner=$4 117 typeset g_usr=$5 118 typeset o_usr=$6 119 typeset log 120 121 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 122 log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER) 123 $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 124 fi 125 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 126 log=$(logname $acl_target $owner $g_usr) 127 $log operate_node $g_usr $node $acl_target 128 fi 129 if [[ $flag == "everyone@" ]]; then 130 log=$(logname $acl_target $owner $o_usr) 131 $log operate_node $o_usr $node $acl_target 132 fi 133} 134 135function test_chmod_basic_access #node owner g_usr o_usr 136{ 137 typeset node=${1%/} 138 typeset owner=$2 139 typeset g_usr=$3 140 typeset o_usr=$4 141 typeset flag acl_p acl_t parent 142 143 parent=${node%/*} 144 145 for flag in ${a_flag[@]}; do 146 for acl_t in "${a_access[@]}"; do 147 log_must usr_exec $CHMOD A+$flag:$acl_t $node 148 149 log_must $TAR cpf@ $TESTDIR/$ARCHIVEFILE basedir 150 151 check_chmod_results "$node" "$flag" \ 152 "$acl_t" "$owner" "$g_usr" "$o_usr" 153 154 log_must usr_exec $CHMOD A0- $node 155 done 156 done 157} 158 159function setup_test_files #base_node user group 160{ 161 typeset base_node=$1 162 typeset user=$2 163 typeset group=$3 164 165 cleanup_test_files $base_node 166 167 log_must $MKDIR -p $base_node 168 log_must $CHOWN $user:$group $base_node 169 170 log_must set_cur_usr $user 171 172 # Prepare all files/sub-dirs for testing. 173 174 file0=$base_node/testfile_rm 175 176 dir0=$base_node/testdir_rm 177 178 log_must usr_exec $TOUCH $file0 179 log_must usr_exec $CHMOD 444 $file0 180 181 log_must usr_exec $RUNAT $file0 $CP $MYTESTFILE attr.0 182 183 log_must usr_exec $MKDIR -p $dir0 184 log_must usr_exec $CHMOD 555 $dir0 185 186 log_must usr_exec $RUNAT $dir0 $CP $MYTESTFILE attr.0 187 188 log_must usr_exec $CHMOD 555 $base_node 189 return 0 190} 191 192function cleanup_test_files #base_node 193{ 194 typeset base_node=$1 195 196 if [[ -d $base_node ]]; then 197 log_must $RM -rf $base_node 198 elif [[ -e $base_node ]]; then 199 log_must $RM -f $base_node 200 fi 201 202 return 0 203} 204 205typeset cwd=$PWD 206typeset ARCHIVEFILE=archive.tar 207 208typeset -i i=0 209typeset -i j=0 210typeset target 211 212while (( i < ${#users[@]} )); do 213 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 214 cd $TESTDIR 215 216 j=0 217 while (( j < 1 )); do 218 eval target=\$file$j 219 test_chmod_basic_access $target ${users[i]} \ 220 "${users[((i+2))]}" "${users[((i+3))]}" 221 222 eval target=\$dir$j 223 test_chmod_basic_access $target ${users[i]} \ 224 "${users[((i+2))]}" "${users[((i+3))]}" 225 226 (( j = j + 1 )) 227 done 228 229 (( i += 4 )) 230done 231 232log_pass "Verify that the permission of write_xattr for " \ 233 "owner/group/everyone while remove extended attributes are correct." 234