1d583b39bSJohn Wren Kennedy#!/bin/ksh -p 2d583b39bSJohn Wren Kennedy# 3d583b39bSJohn Wren Kennedy# CDDL HEADER START 4d583b39bSJohn Wren Kennedy# 5d583b39bSJohn Wren Kennedy# The contents of this file are subject to the terms of the 6d583b39bSJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7d583b39bSJohn Wren Kennedy# You may not use this file except in compliance with the License. 8d583b39bSJohn Wren Kennedy# 9d583b39bSJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10d583b39bSJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11d583b39bSJohn Wren Kennedy# See the License for the specific language governing permissions 12d583b39bSJohn Wren Kennedy# and limitations under the License. 13d583b39bSJohn Wren Kennedy# 14d583b39bSJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15d583b39bSJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16d583b39bSJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17d583b39bSJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18d583b39bSJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19d583b39bSJohn Wren Kennedy# 20d583b39bSJohn Wren Kennedy# CDDL HEADER END 21d583b39bSJohn Wren Kennedy# 22d583b39bSJohn Wren Kennedy 23d583b39bSJohn Wren Kennedy# 24d583b39bSJohn Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25d583b39bSJohn Wren Kennedy# Use is subject to license terms. 26d583b39bSJohn Wren Kennedy# 27d583b39bSJohn Wren Kennedy 28d583b39bSJohn Wren Kennedy# 291d32ba66SJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved. 30d583b39bSJohn Wren Kennedy# 31d583b39bSJohn Wren Kennedy 32d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/cifs/cifs.kshlib 34d583b39bSJohn Wren Kennedy 35d583b39bSJohn Wren Kennedy# 36d583b39bSJohn Wren Kennedy# DESCRIPTION: 37d583b39bSJohn Wren Kennedy# Verify the DOS attributes (Readonly, Hidden, Archive, System) 38d583b39bSJohn Wren Kennedy# and BSD'ish attributes (Immutable, nounlink, and appendonly) 39d583b39bSJohn Wren Kennedy# will provide the proper access limitation as expected. 40d583b39bSJohn Wren Kennedy# 41d583b39bSJohn Wren Kennedy# Readonly means that the content of a file can't be modified, but 42d583b39bSJohn Wren Kennedy# timestamps, mode and so on can. 43d583b39bSJohn Wren Kennedy# 44d583b39bSJohn Wren Kennedy# Archive - Indicates if a file should be included in the next backup 45d583b39bSJohn Wren Kennedy# of the file system. ZFS will set this bit whenever a file is 46d583b39bSJohn Wren Kennedy# modified. 47d583b39bSJohn Wren Kennedy# 48d583b39bSJohn Wren Kennedy# Hidden and System (ZFS does nothing special with these, other than 49d583b39bSJohn Wren Kennedy# letting a user/application set them. 50d583b39bSJohn Wren Kennedy# 51d583b39bSJohn Wren Kennedy# Immutable (The data can't, change nor can mode, ACL, size and so on) 52d583b39bSJohn Wren Kennedy# The only attribute that can be updated is the access time. 53d583b39bSJohn Wren Kennedy# 54d583b39bSJohn Wren Kennedy# Nonunlink - Sort of like immutable except that a file/dir can't be 55d583b39bSJohn Wren Kennedy# removed. 56d583b39bSJohn Wren Kennedy# This will also effect a rename operation, since that involes a 57d583b39bSJohn Wren Kennedy# remove. 58d583b39bSJohn Wren Kennedy# 59d583b39bSJohn Wren Kennedy# Appendonly - File can only be appended to. 60d583b39bSJohn Wren Kennedy# 61d583b39bSJohn Wren Kennedy# nodump, settable, opaque (These are for the MacOS port) we will 62d583b39bSJohn Wren Kennedy# allow them to be set, but have no semantics tied to them. 63d583b39bSJohn Wren Kennedy# 64d583b39bSJohn Wren Kennedy# STRATEGY: 65d583b39bSJohn Wren Kennedy# 1. Loop super user and non-super user to run the test case. 66d583b39bSJohn Wren Kennedy# 2. Create basedir and a set of subdirectores and files within it. 67d583b39bSJohn Wren Kennedy# 3. Set the file/dir with each kind of special attribute. 68d583b39bSJohn Wren Kennedy# 4. Verify the access limitation works as expected. 69d583b39bSJohn Wren Kennedy# 70d583b39bSJohn Wren Kennedy 71d583b39bSJohn Wren Kennedyverify_runnable "both" 72d583b39bSJohn Wren Kennedy 73d583b39bSJohn Wren Kennedyfunction cleanup 74d583b39bSJohn Wren Kennedy{ 75d583b39bSJohn Wren Kennedy if [[ -n $gobject ]]; then 76d583b39bSJohn Wren Kennedy destroy_object $gobject 77d583b39bSJohn Wren Kennedy fi 78d583b39bSJohn Wren Kennedy 79d583b39bSJohn Wren Kennedy for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do 80d583b39bSJohn Wren Kennedy mtpt=$(get_prop mountpoint $fs) 811d32ba66SJohn Wren Kennedy log_must rm -rf $mtpt/file.* $mtpt/dir.* 82d583b39bSJohn Wren Kennedy done 83d583b39bSJohn Wren Kennedy 841d32ba66SJohn Wren Kennedy [[ -f $TESTFILE ]] && rm $TESTFILE 85d583b39bSJohn Wren Kennedy} 86d583b39bSJohn Wren Kennedy 87d583b39bSJohn Wren Kennedy# 88d583b39bSJohn Wren Kennedy# Set the special attribute to the given node 89d583b39bSJohn Wren Kennedy# 90d583b39bSJohn Wren Kennedy# $1: The given node (file/dir) 91d583b39bSJohn Wren Kennedy# $2: The special attribute to be set 92d583b39bSJohn Wren Kennedy# 93d583b39bSJohn Wren Kennedyfunction set_attribute 94d583b39bSJohn Wren Kennedy{ 95d583b39bSJohn Wren Kennedy typeset object=$1 96d583b39bSJohn Wren Kennedy typeset attr=$2 97d583b39bSJohn Wren Kennedy 98d583b39bSJohn Wren Kennedy if [[ -z $attr ]]; then 99d583b39bSJohn Wren Kennedy attr="AHRSadimu" 100d583b39bSJohn Wren Kennedy if [[ -f $object ]]; then 101d583b39bSJohn Wren Kennedy attr="${attr}q" 102d583b39bSJohn Wren Kennedy fi 103d583b39bSJohn Wren Kennedy fi 1041d32ba66SJohn Wren Kennedy chmod S+c${attr} $object 105d583b39bSJohn Wren Kennedy return $? 106d583b39bSJohn Wren Kennedy} 107d583b39bSJohn Wren Kennedy 108d583b39bSJohn Wren Kennedy# 109d583b39bSJohn Wren Kennedy# Clear the special attribute to the given node 110d583b39bSJohn Wren Kennedy# 111d583b39bSJohn Wren Kennedy# $1: The given node (file/dir) 112d583b39bSJohn Wren Kennedy# $2: The special attribute to be cleared 113d583b39bSJohn Wren Kennedy# 114d583b39bSJohn Wren Kennedyfunction clear_attribute 115d583b39bSJohn Wren Kennedy{ 116d583b39bSJohn Wren Kennedy typeset object=$1 117d583b39bSJohn Wren Kennedy typeset attr=$2 118d583b39bSJohn Wren Kennedy 119d583b39bSJohn Wren Kennedy if [[ -z $attr ]]; then 120d583b39bSJohn Wren Kennedy if is_global_zone ; then 121d583b39bSJohn Wren Kennedy attr="AHRSadimu" 122d583b39bSJohn Wren Kennedy if [[ -f $object ]]; then 123d583b39bSJohn Wren Kennedy attr="${attr}q" 124d583b39bSJohn Wren Kennedy fi 125d583b39bSJohn Wren Kennedy else 126d583b39bSJohn Wren Kennedy attr="AHRS" 127d583b39bSJohn Wren Kennedy fi 128d583b39bSJohn Wren Kennedy fi 129d583b39bSJohn Wren Kennedy 1301d32ba66SJohn Wren Kennedy chmod S-c${attr} $object 131d583b39bSJohn Wren Kennedy return $? 132d583b39bSJohn Wren Kennedy} 133d583b39bSJohn Wren Kennedy 134d583b39bSJohn Wren Kennedy# 135d583b39bSJohn Wren Kennedy# A wrapper function to call test function according to the given attr 136d583b39bSJohn Wren Kennedy# 137d583b39bSJohn Wren Kennedy# $1: The given node (file/dir) 138d583b39bSJohn Wren Kennedy# $2: The special attribute to be test 139d583b39bSJohn Wren Kennedy# 140d583b39bSJohn Wren Kennedyfunction test_wrapper 141d583b39bSJohn Wren Kennedy{ 142d583b39bSJohn Wren Kennedy typeset object=$1 143d583b39bSJohn Wren Kennedy typeset attr=$2 144d583b39bSJohn Wren Kennedy 145d583b39bSJohn Wren Kennedy if [[ -z $object || -z $attr ]]; then 146d583b39bSJohn Wren Kennedy log_fail "Object($object), Attr($attr) not defined." 147d583b39bSJohn Wren Kennedy fi 148d583b39bSJohn Wren Kennedy 149d583b39bSJohn Wren Kennedy case $attr in 150d583b39bSJohn Wren Kennedy R) func=test_readonly 151d583b39bSJohn Wren Kennedy ;; 152d583b39bSJohn Wren Kennedy i) func=test_immutable 153d583b39bSJohn Wren Kennedy ;; 154d583b39bSJohn Wren Kennedy u) func=test_nounlink 155d583b39bSJohn Wren Kennedy ;; 156d583b39bSJohn Wren Kennedy a) func=test_appendonly 157d583b39bSJohn Wren Kennedy ;; 158d583b39bSJohn Wren Kennedy esac 159d583b39bSJohn Wren Kennedy 160d583b39bSJohn Wren Kennedy if [[ -n $func ]]; then 161d583b39bSJohn Wren Kennedy $func $object 162d583b39bSJohn Wren Kennedy fi 163d583b39bSJohn Wren Kennedy} 164d583b39bSJohn Wren Kennedy 165d583b39bSJohn Wren Kennedy# 166d583b39bSJohn Wren Kennedy# Invoke the function and verify whether its return code as expected 167d583b39bSJohn Wren Kennedy# 168d583b39bSJohn Wren Kennedy# $1: Expect value 169d583b39bSJohn Wren Kennedy# $2-$n: Function and args need to be invoked 170d583b39bSJohn Wren Kennedy# 171d583b39bSJohn Wren Kennedyfunction verify_expect 172d583b39bSJohn Wren Kennedy{ 173d583b39bSJohn Wren Kennedy typeset -i expect=$1 174d583b39bSJohn Wren Kennedy typeset status 175d583b39bSJohn Wren Kennedy 176d583b39bSJohn Wren Kennedy shift 177d583b39bSJohn Wren Kennedy 178d583b39bSJohn Wren Kennedy "$@" > /dev/null 2>&1 179d583b39bSJohn Wren Kennedy status=$? 180d583b39bSJohn Wren Kennedy if [[ $status -eq 0 ]]; then 181d583b39bSJohn Wren Kennedy if ((expect != 0)); then 182d583b39bSJohn Wren Kennedy log_fail "$@ unexpect return 0" 183d583b39bSJohn Wren Kennedy fi 184d583b39bSJohn Wren Kennedy else 185d583b39bSJohn Wren Kennedy if ((expect == 0)); then 186d583b39bSJohn Wren Kennedy log_fail "$@ unexpect return $status" 187d583b39bSJohn Wren Kennedy fi 188d583b39bSJohn Wren Kennedy fi 189d583b39bSJohn Wren Kennedy} 190d583b39bSJohn Wren Kennedy 191d583b39bSJohn Wren Kennedy# 192d583b39bSJohn Wren Kennedy# Unit testing function against overwrite file 193d583b39bSJohn Wren Kennedy# 194d583b39bSJohn Wren Kennedy# $1: The given file node 195d583b39bSJohn Wren Kennedy# $2: Execute user 196d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 197d583b39bSJohn Wren Kennedy# 198d583b39bSJohn Wren Kennedyfunction unit_writefile 199d583b39bSJohn Wren Kennedy{ 200d583b39bSJohn Wren Kennedy typeset object=$1 201d583b39bSJohn Wren Kennedy typeset user=$2 202d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 203d583b39bSJohn Wren Kennedy if [[ -f $object ]]; then 2041d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2051d32ba66SJohn Wren Kennedy cp $TESTFILE $object 2061d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2071d32ba66SJohn Wren Kennedy "echo '$TESTSTR' > $object" 208d583b39bSJohn Wren Kennedy fi 209d583b39bSJohn Wren Kennedy} 210d583b39bSJohn Wren Kennedy 211d583b39bSJohn Wren Kennedy# 212d583b39bSJohn Wren Kennedy# Unit testing function against write new stuffs into a directory 213d583b39bSJohn Wren Kennedy# 214d583b39bSJohn Wren Kennedy# $1: The given directory node 215d583b39bSJohn Wren Kennedy# $2: Execute user 216d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 217d583b39bSJohn Wren Kennedy# 218d583b39bSJohn Wren Kennedyfunction unit_writedir 219d583b39bSJohn Wren Kennedy{ 220d583b39bSJohn Wren Kennedy typeset object=$1 221d583b39bSJohn Wren Kennedy typeset user=$2 222d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 223d583b39bSJohn Wren Kennedy 224d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 2251d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2261d32ba66SJohn Wren Kennedy cp $TESTFILE $object 2271d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2281d32ba66SJohn Wren Kennedy mkdir -p $object/$TESTDIR 229d583b39bSJohn Wren Kennedy fi 230d583b39bSJohn Wren Kennedy} 231d583b39bSJohn Wren Kennedy 232d583b39bSJohn Wren Kennedyfunction unit_appenddata 233d583b39bSJohn Wren Kennedy{ 234d583b39bSJohn Wren Kennedy typeset object=$1 235d583b39bSJohn Wren Kennedy typeset user=$2 236d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 237d583b39bSJohn Wren Kennedy 238d583b39bSJohn Wren Kennedy if [[ ! -d $object ]]; then 2391d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2401d32ba66SJohn Wren Kennedy "echo '$TESTSTR' >> $object" 241d583b39bSJohn Wren Kennedy fi 242d583b39bSJohn Wren Kennedy} 243d583b39bSJohn Wren Kennedy 244d583b39bSJohn Wren Kennedy# 245d583b39bSJohn Wren Kennedy# Unit testing function against delete content from a directory 246d583b39bSJohn Wren Kennedy# 247d583b39bSJohn Wren Kennedy# $1: The given node, dir 248d583b39bSJohn Wren Kennedy# $2: Execute user 249d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 250d583b39bSJohn Wren Kennedy# 251d583b39bSJohn Wren Kennedyfunction unit_deletecontent 252d583b39bSJohn Wren Kennedy{ 253d583b39bSJohn Wren Kennedy typeset object=$1 254d583b39bSJohn Wren Kennedy typeset user=$2 255d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 256d583b39bSJohn Wren Kennedy 257d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 258d583b39bSJohn Wren Kennedy for target in $object/${TESTFILE##*/} $object/$TESTDIR ; do 259d583b39bSJohn Wren Kennedy if [[ -e $target ]]; then 2601d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2611d32ba66SJohn Wren Kennedy "mv $target $target.new" 2621d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2631d32ba66SJohn Wren Kennedy "echo y | rm -r $target.new" 264d583b39bSJohn Wren Kennedy fi 265d583b39bSJohn Wren Kennedy done 266d583b39bSJohn Wren Kennedy fi 267d583b39bSJohn Wren Kennedy} 268d583b39bSJohn Wren Kennedy 269d583b39bSJohn Wren Kennedy# 270d583b39bSJohn Wren Kennedy# Unit testing function against delete a node 271d583b39bSJohn Wren Kennedy# 272d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 273d583b39bSJohn Wren Kennedy# $2: Execute user 274d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 275d583b39bSJohn Wren Kennedy# 276d583b39bSJohn Wren Kennedyfunction unit_deletedata 277d583b39bSJohn Wren Kennedy{ 278d583b39bSJohn Wren Kennedy typeset object=$1 279d583b39bSJohn Wren Kennedy typeset user=$2 280d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 281d583b39bSJohn Wren Kennedy 2821d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 2831d32ba66SJohn Wren Kennedy "echo y | rm -r $object" 284d583b39bSJohn Wren Kennedy 285d583b39bSJohn Wren Kennedy} 286d583b39bSJohn Wren Kennedy 287d583b39bSJohn Wren Kennedy# 288d583b39bSJohn Wren Kennedy# Unit testing function against write xattr to a node 289d583b39bSJohn Wren Kennedy# 290d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 291d583b39bSJohn Wren Kennedy# $2: Execute user 292d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 293d583b39bSJohn Wren Kennedy# 294d583b39bSJohn Wren Kennedyfunction unit_writexattr 295d583b39bSJohn Wren Kennedy{ 296d583b39bSJohn Wren Kennedy typeset object=$1 297d583b39bSJohn Wren Kennedy typeset user=$2 298d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 299d583b39bSJohn Wren Kennedy 3001d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 3011d32ba66SJohn Wren Kennedy runat $object "cp $TESTFILE $TESTATTR" 3021d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 3031d32ba66SJohn Wren Kennedy "runat $object \"echo '$TESTSTR' > $TESTATTR\"" 3041d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 3051d32ba66SJohn Wren Kennedy "runat $object \"echo '$TESTSTR' >> $TESTATTR\"" 306d583b39bSJohn Wren Kennedy if [[ $expect -eq 0 ]]; then 3071d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user \ 3081d32ba66SJohn Wren Kennedy runat $object "rm -f $TESTATTR" 309d583b39bSJohn Wren Kennedy fi 310d583b39bSJohn Wren Kennedy} 311d583b39bSJohn Wren Kennedy 312d583b39bSJohn Wren Kennedy# 313d583b39bSJohn Wren Kennedy# Unit testing function against modify accesstime of a node 314d583b39bSJohn Wren Kennedy# 315d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 316d583b39bSJohn Wren Kennedy# $2: Execute user 317d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 318d583b39bSJohn Wren Kennedy# 319d583b39bSJohn Wren Kennedyfunction unit_accesstime 320d583b39bSJohn Wren Kennedy{ 321d583b39bSJohn Wren Kennedy typeset object=$1 322d583b39bSJohn Wren Kennedy typeset user=$2 323d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 324d583b39bSJohn Wren Kennedy 325d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 3261d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user ls $object 327d583b39bSJohn Wren Kennedy else 3281d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user cat $object 329d583b39bSJohn Wren Kennedy fi 330d583b39bSJohn Wren Kennedy} 331d583b39bSJohn Wren Kennedy 332d583b39bSJohn Wren Kennedy# 333d583b39bSJohn Wren Kennedy# Unit testing function against modify updatetime of a node 334d583b39bSJohn Wren Kennedy# 335d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 336d583b39bSJohn Wren Kennedy# $2: Execute user 337d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 338d583b39bSJohn Wren Kennedy# 339d583b39bSJohn Wren Kennedyfunction unit_updatetime 340d583b39bSJohn Wren Kennedy{ 341d583b39bSJohn Wren Kennedy typeset object=$1 342d583b39bSJohn Wren Kennedy typeset user=$2 343d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 344d583b39bSJohn Wren Kennedy typeset immutable_expect=${4:-$expect} 3451d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user touch $object 3461d32ba66SJohn Wren Kennedy verify_expect $immutable_expect chg_usr_exec $user touch -a $object 3471d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user touch -m $object 348d583b39bSJohn Wren Kennedy} 349d583b39bSJohn Wren Kennedy 350d583b39bSJohn Wren Kennedy# 351d583b39bSJohn Wren Kennedy# Unit testing function against write acl of a node 352d583b39bSJohn Wren Kennedy# 353d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 354d583b39bSJohn Wren Kennedy# $2: Execute user 355d583b39bSJohn Wren Kennedy# $3: Expect value, default to be zero 356d583b39bSJohn Wren Kennedy# 357d583b39bSJohn Wren Kennedyfunction unit_writeacl 358d583b39bSJohn Wren Kennedy{ 359d583b39bSJohn Wren Kennedy typeset object=$1 360d583b39bSJohn Wren Kennedy typeset user=$2 361d583b39bSJohn Wren Kennedy typeset expect=${3:-0} 362d583b39bSJohn Wren Kennedy 3631d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user chmod A+$TESTACL $object 3641d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user chmod A+$TESTACL $object 3651d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user chmod A0- $object 3661d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user chmod A0- $object 367d583b39bSJohn Wren Kennedy oldmode=$(get_mode $object) 3681d32ba66SJohn Wren Kennedy verify_expect $expect chg_usr_exec $user chmod $TESTMODE $object 369d583b39bSJohn Wren Kennedy} 370d583b39bSJohn Wren Kennedy 371d583b39bSJohn Wren Kennedy# 372d583b39bSJohn Wren Kennedy# Testing function to verify the given node is readonly 373d583b39bSJohn Wren Kennedy# 374d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 375d583b39bSJohn Wren Kennedy# 376d583b39bSJohn Wren Kennedyfunction test_readonly 377d583b39bSJohn Wren Kennedy{ 378d583b39bSJohn Wren Kennedy typeset object=$1 379*2889ec41SGordon Ross typeset exp 380d583b39bSJohn Wren Kennedy 381d583b39bSJohn Wren Kennedy if [[ -z $object ]]; then 382d583b39bSJohn Wren Kennedy log_fail "Object($object) not defined." 383d583b39bSJohn Wren Kennedy fi 384d583b39bSJohn Wren Kennedy 385d583b39bSJohn Wren Kennedy log_note "Testing readonly of $object" 386d583b39bSJohn Wren Kennedy 387d583b39bSJohn Wren Kennedy for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do 388d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 3891d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 390d583b39bSJohn Wren Kennedy A+user:$user:${ace_dir}:allow $object 391d583b39bSJohn Wren Kennedy else 3921d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 393d583b39bSJohn Wren Kennedy A+user:$user:${ace_file}:allow $object 394d583b39bSJohn Wren Kennedy fi 395d583b39bSJohn Wren Kennedy 396d583b39bSJohn Wren Kennedy log_must set_attribute $object "R" 397d583b39bSJohn Wren Kennedy 398*2889ec41SGordon Ross # As with mode bits, root can bypass. 399*2889ec41SGordon Ross if [[ "$user" == "root" ]]; then 400*2889ec41SGordon Ross exp=0 401*2889ec41SGordon Ross else 402*2889ec41SGordon Ross exp=1 403*2889ec41SGordon Ross fi 404*2889ec41SGordon Ross 405*2889ec41SGordon Ross unit_writefile $object $user $exp 406d583b39bSJohn Wren Kennedy unit_writedir $object $user 407*2889ec41SGordon Ross unit_appenddata $object $user $exp 408d583b39bSJohn Wren Kennedy 409d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 410d583b39bSJohn Wren Kennedy unit_writexattr $object $user 411d583b39bSJohn Wren Kennedy else 412*2889ec41SGordon Ross unit_writexattr $object $user $exp 413d583b39bSJohn Wren Kennedy fi 414d583b39bSJohn Wren Kennedy 415d583b39bSJohn Wren Kennedy unit_accesstime $object $user 416d583b39bSJohn Wren Kennedy unit_updatetime $object $user 417d583b39bSJohn Wren Kennedy unit_writeacl $object $user 418d583b39bSJohn Wren Kennedy unit_deletecontent $object $user 419d583b39bSJohn Wren Kennedy unit_deletedata $object $user 420d583b39bSJohn Wren Kennedy 421d583b39bSJohn Wren Kennedy if [[ -d $object ]] ;then 422d583b39bSJohn Wren Kennedy create_object "dir" $object $ZFS_ACL_CUR_USER 423d583b39bSJohn Wren Kennedy else 424d583b39bSJohn Wren Kennedy create_object "file" $object $ZFS_ACL_CUR_USER 425d583b39bSJohn Wren Kennedy fi 426d583b39bSJohn Wren Kennedy done 427d583b39bSJohn Wren Kennedy} 428d583b39bSJohn Wren Kennedy 429d583b39bSJohn Wren Kennedy# 430d583b39bSJohn Wren Kennedy# Testing function to verify the given node is immutable 431d583b39bSJohn Wren Kennedy# 432d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 433d583b39bSJohn Wren Kennedy# 434d583b39bSJohn Wren Kennedyfunction test_immutable 435d583b39bSJohn Wren Kennedy{ 436d583b39bSJohn Wren Kennedy typeset object=$1 437d583b39bSJohn Wren Kennedy 438d583b39bSJohn Wren Kennedy if [[ -z $object ]]; then 439d583b39bSJohn Wren Kennedy log_fail "Object($object) not defined." 440d583b39bSJohn Wren Kennedy fi 441d583b39bSJohn Wren Kennedy 442d583b39bSJohn Wren Kennedy log_note "Testing immutable of $object" 443d583b39bSJohn Wren Kennedy 444d583b39bSJohn Wren Kennedy for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do 445d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 4461d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 447d583b39bSJohn Wren Kennedy A+user:$user:${ace_dir}:allow $object 448d583b39bSJohn Wren Kennedy else 4491d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 450d583b39bSJohn Wren Kennedy A+user:$user:${ace_file}:allow $object 451d583b39bSJohn Wren Kennedy fi 452d583b39bSJohn Wren Kennedy log_must set_attribute $object "i" 453d583b39bSJohn Wren Kennedy 454d583b39bSJohn Wren Kennedy unit_writefile $object $user 1 455d583b39bSJohn Wren Kennedy unit_writedir $object $user 1 456d583b39bSJohn Wren Kennedy unit_appenddata $object $user 1 457d583b39bSJohn Wren Kennedy unit_writexattr $object $user 1 458d583b39bSJohn Wren Kennedy unit_accesstime $object $user 459d583b39bSJohn Wren Kennedy unit_updatetime $object $user 1 0 460d583b39bSJohn Wren Kennedy unit_writeacl $object $user 1 461d583b39bSJohn Wren Kennedy unit_deletecontent $object $user 1 462d583b39bSJohn Wren Kennedy unit_deletedata $object $user 1 463d583b39bSJohn Wren Kennedy 464d583b39bSJohn Wren Kennedy if [[ -d $object ]] ;then 465d583b39bSJohn Wren Kennedy create_object "dir" $object $ZFS_ACL_CUR_USER 466d583b39bSJohn Wren Kennedy else 467d583b39bSJohn Wren Kennedy create_object "file" $object $ZFS_ACL_CUR_USER 468d583b39bSJohn Wren Kennedy fi 469d583b39bSJohn Wren Kennedy done 470d583b39bSJohn Wren Kennedy} 471d583b39bSJohn Wren Kennedy 472d583b39bSJohn Wren Kennedy# 473d583b39bSJohn Wren Kennedy# Testing function to verify the given node is nounlink 474d583b39bSJohn Wren Kennedy# 475d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 476d583b39bSJohn Wren Kennedy# 477d583b39bSJohn Wren Kennedyfunction test_nounlink 478d583b39bSJohn Wren Kennedy{ 479d583b39bSJohn Wren Kennedy typeset object=$1 480d583b39bSJohn Wren Kennedy 481d583b39bSJohn Wren Kennedy if [[ -z $object ]]; then 482d583b39bSJohn Wren Kennedy log_fail "Object($object) not defined." 483d583b39bSJohn Wren Kennedy fi 484d583b39bSJohn Wren Kennedy 4851d32ba66SJohn Wren Kennedy echo "Testing nounlink of $object" 486d583b39bSJohn Wren Kennedy 487d583b39bSJohn Wren Kennedy for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do 488d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 4891d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 490d583b39bSJohn Wren Kennedy A+user:$user:${ace_dir}:allow $object 491d583b39bSJohn Wren Kennedy else 4921d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 493d583b39bSJohn Wren Kennedy A+user:$user:${ace_file}:allow $object 494d583b39bSJohn Wren Kennedy fi 495d583b39bSJohn Wren Kennedy log_must set_attribute $object "u" 496d583b39bSJohn Wren Kennedy 497d583b39bSJohn Wren Kennedy unit_writefile $object $user 498d583b39bSJohn Wren Kennedy unit_writedir $object $user 499d583b39bSJohn Wren Kennedy unit_appenddata $object $user 500d583b39bSJohn Wren Kennedy unit_writexattr $object $user 501d583b39bSJohn Wren Kennedy unit_accesstime $object $user 502d583b39bSJohn Wren Kennedy unit_updatetime $object $user 503d583b39bSJohn Wren Kennedy unit_writeacl $object $user 504d583b39bSJohn Wren Kennedy unit_deletecontent $object $user 1 505d583b39bSJohn Wren Kennedy unit_deletedata $object $user 1 506d583b39bSJohn Wren Kennedy 507d583b39bSJohn Wren Kennedy if [[ -d $object ]] ;then 508d583b39bSJohn Wren Kennedy create_object "dir" $object $ZFS_ACL_CUR_USER 509d583b39bSJohn Wren Kennedy else 510d583b39bSJohn Wren Kennedy create_object "file" $object $ZFS_ACL_CUR_USER 511d583b39bSJohn Wren Kennedy fi 512d583b39bSJohn Wren Kennedy done 513d583b39bSJohn Wren Kennedy} 514d583b39bSJohn Wren Kennedy 515d583b39bSJohn Wren Kennedy# 516d583b39bSJohn Wren Kennedy# Testing function to verify the given node is appendonly 517d583b39bSJohn Wren Kennedy# 518d583b39bSJohn Wren Kennedy# $1: The given node, file/dir 519d583b39bSJohn Wren Kennedy# 520d583b39bSJohn Wren Kennedyfunction test_appendonly 521d583b39bSJohn Wren Kennedy{ 522d583b39bSJohn Wren Kennedy typeset object=$1 523d583b39bSJohn Wren Kennedy 524d583b39bSJohn Wren Kennedy if [[ -z $object ]]; then 525d583b39bSJohn Wren Kennedy log_fail "Object($object) not defined." 526d583b39bSJohn Wren Kennedy fi 527d583b39bSJohn Wren Kennedy 528d583b39bSJohn Wren Kennedy log_note "Testing appendonly of $object" 529d583b39bSJohn Wren Kennedy 530d583b39bSJohn Wren Kennedy for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do 531d583b39bSJohn Wren Kennedy if [[ -d $object ]]; then 5321d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 533d583b39bSJohn Wren Kennedy A+user:$user:${ace_dir}:allow $object 534d583b39bSJohn Wren Kennedy else 5351d32ba66SJohn Wren Kennedy log_must usr_exec chmod \ 536d583b39bSJohn Wren Kennedy A+user:$user:${ace_file}:allow $object 537d583b39bSJohn Wren Kennedy fi 538d583b39bSJohn Wren Kennedy log_must set_attribute $object "a" 539d583b39bSJohn Wren Kennedy 540d583b39bSJohn Wren Kennedy unit_writefile $object $user 1 541d583b39bSJohn Wren Kennedy unit_writedir $object $user 542d583b39bSJohn Wren Kennedy unit_appenddata $object $user 543d583b39bSJohn Wren Kennedy unit_writexattr $object $user 544d583b39bSJohn Wren Kennedy unit_accesstime $object $user 545d583b39bSJohn Wren Kennedy unit_updatetime $object $user 546d583b39bSJohn Wren Kennedy unit_writeacl $object $user 547d583b39bSJohn Wren Kennedy unit_deletecontent $object $user 548d583b39bSJohn Wren Kennedy unit_deletedata $object $user 549d583b39bSJohn Wren Kennedy 550d583b39bSJohn Wren Kennedy if [[ -d $object ]] ;then 551d583b39bSJohn Wren Kennedy create_object "dir" $object $ZFS_ACL_CUR_USER 552d583b39bSJohn Wren Kennedy else 553d583b39bSJohn Wren Kennedy create_object "file" $object $ZFS_ACL_CUR_USER 554d583b39bSJohn Wren Kennedy fi 555d583b39bSJohn Wren Kennedy done 556d583b39bSJohn Wren Kennedy} 557d583b39bSJohn Wren Kennedy 558d583b39bSJohn Wren KennedyFILES="file.0 file.1" 559d583b39bSJohn Wren KennedyDIRS="dir.0 dir.1" 560d583b39bSJohn Wren KennedyXATTRS="attr.0 attr.1" 561d583b39bSJohn Wren KennedyFS="$TESTPOOL $TESTPOOL/$TESTFS" 562d583b39bSJohn Wren Kennedy 563d583b39bSJohn Wren Kennedyif is_global_zone ; then 564d583b39bSJohn Wren Kennedy ATTRS="R i u a" 565d583b39bSJohn Wren Kennedyelse 566d583b39bSJohn Wren Kennedy ATTRS="R" 567d583b39bSJohn Wren Kennedyfi 568d583b39bSJohn Wren Kennedy 569d583b39bSJohn Wren KennedyTESTFILE=/tmp/tfile 570d583b39bSJohn Wren KennedyTESTDIR=tdir 571d583b39bSJohn Wren KennedyTESTATTR=tattr 572d583b39bSJohn Wren KennedyTESTACL=user:$ZFS_ACL_OTHER1:write_data:allow 573d583b39bSJohn Wren KennedyTESTMODE=777 574d583b39bSJohn Wren KennedyTESTSTR="ZFS test suites" 575d583b39bSJohn Wren Kennedy 576d583b39bSJohn Wren Kennedyace_file="write_data/append_data/write_xattr/write_acl/write_attributes" 577d583b39bSJohn Wren Kennedyace_dir="add_file/add_subdirectory/${ace_file}" 578d583b39bSJohn Wren Kennedy 579d583b39bSJohn Wren Kennedylog_assert "Verify DOS & BSD'ish attributes will provide the " \ 580d583b39bSJohn Wren Kennedy "access limitation as expected." 581d583b39bSJohn Wren Kennedylog_onexit cleanup 582d583b39bSJohn Wren Kennedy 5831d32ba66SJohn Wren Kennedyecho "$TESTSTR" > $TESTFILE 584d583b39bSJohn Wren Kennedy 585d583b39bSJohn Wren Kennedytypeset gobject 586d583b39bSJohn Wren Kennedytypeset gattr 587d583b39bSJohn Wren Kennedyfor gattr in $ATTRS ; do 588d583b39bSJohn Wren Kennedy for fs in $FS ; do 589d583b39bSJohn Wren Kennedy mtpt=$(get_prop mountpoint $fs) 5901d32ba66SJohn Wren Kennedy chmod 777 $mtpt 591d583b39bSJohn Wren Kennedy for user in root $ZFS_ACL_STAFF1; do 592d583b39bSJohn Wren Kennedy log_must set_cur_usr $user 593d583b39bSJohn Wren Kennedy for file in $FILES ; do 594d583b39bSJohn Wren Kennedy gobject=$mtpt/$file 595d583b39bSJohn Wren Kennedy create_object "file" $gobject $ZFS_ACL_CUR_USER 596d583b39bSJohn Wren Kennedy test_wrapper $gobject $gattr 597d583b39bSJohn Wren Kennedy destroy_object $gobject 598d583b39bSJohn Wren Kennedy done 599d583b39bSJohn Wren Kennedy 600d583b39bSJohn Wren Kennedy for dir in $DIRS ; do 601d583b39bSJohn Wren Kennedy gobject=$mtpt/$dir 602d583b39bSJohn Wren Kennedy create_object "dir" $gobject $ZFS_ACL_CUR_USER 603d583b39bSJohn Wren Kennedy test_wrapper $gobject $gattr 604d583b39bSJohn Wren Kennedy destroy_object $gobject 605d583b39bSJohn Wren Kennedy done 606d583b39bSJohn Wren Kennedy done 607d583b39bSJohn Wren Kennedy done 608d583b39bSJohn Wren Kennedydone 609d583b39bSJohn Wren Kennedy 610d583b39bSJohn Wren Kennedylog_pass "DOS & BSD'ish attributes provide the access limitation as expected." 611