1d583b39bSJohn Wren Kennedy#!/bin/ksh -p 2d583b39bSJohn Wren Kennedy# 3d583b39bSJohn Wren Kennedy# CDDL HEADER START 4d583b39bSJohn Wren Kennedy# 5d583b39bSJohn Wren Kennedy# The contents of this file are subject to the terms of the 6d583b39bSJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7d583b39bSJohn Wren Kennedy# You may not use this file except in compliance with the License. 8d583b39bSJohn Wren Kennedy# 9d583b39bSJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10d583b39bSJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11d583b39bSJohn Wren Kennedy# See the License for the specific language governing permissions 12d583b39bSJohn Wren Kennedy# and limitations under the License. 13d583b39bSJohn Wren Kennedy# 14d583b39bSJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15d583b39bSJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16d583b39bSJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17d583b39bSJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18d583b39bSJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19d583b39bSJohn Wren Kennedy# 20d583b39bSJohn Wren Kennedy# CDDL HEADER END 21d583b39bSJohn Wren Kennedy# 22d583b39bSJohn Wren Kennedy 23d583b39bSJohn Wren Kennedy# 24d583b39bSJohn Wren Kennedy# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25d583b39bSJohn Wren Kennedy# Use is subject to license terms. 26d583b39bSJohn Wren Kennedy# 27d583b39bSJohn Wren Kennedy 28*1d32ba66SJohn Wren Kennedy# 29*1d32ba66SJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved. 30*1d32ba66SJohn Wren Kennedy# 31*1d32ba66SJohn Wren Kennedy 32d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33d583b39bSJohn Wren Kennedy 34d583b39bSJohn Wren Kennedy# 35d583b39bSJohn Wren Kennedy# DESCRIPTION: 36d583b39bSJohn Wren Kennedy# Verify that the read_data/write_data/execute permission for 37d583b39bSJohn Wren Kennedy# owner/group/everyone are correct. 38d583b39bSJohn Wren Kennedy# 39d583b39bSJohn Wren Kennedy# STRATEGY: 40d583b39bSJohn Wren Kennedy# 1. Loop root and non-root user. 41d583b39bSJohn Wren Kennedy# 2. Separated verify type@:access:allow|deny to file and directory 42d583b39bSJohn Wren Kennedy# 3. To super user, read and write deny was override. 43d583b39bSJohn Wren Kennedy# 4. According to ACE list and override rule, expect that 44d583b39bSJohn Wren Kennedy# read/write/execute file or directory succeed or fail. 45d583b39bSJohn Wren Kennedy# 46d583b39bSJohn Wren Kennedy 47d583b39bSJohn Wren Kennedyverify_runnable "both" 48d583b39bSJohn Wren Kennedy 49d583b39bSJohn Wren Kennedy# owner@ group_users other_users 50d583b39bSJohn Wren Kennedyset -A users \ 51d583b39bSJohn Wren Kennedy "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 52d583b39bSJohn Wren Kennedy "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1" 53d583b39bSJohn Wren Kennedy 54d583b39bSJohn Wren Kennedy# In order to test execute permission, read_data was need firstly. 55d583b39bSJohn Wren Kennedyset -A a_access "read_data" "write_data" "read_data/execute" 56d583b39bSJohn Wren Kennedyset -A a_flag "owner@" "group@" "everyone@" 57d583b39bSJohn Wren Kennedy 58d583b39bSJohn Wren Kennedylog_assert "Verify that the read_data/write_data/execute permission for" \ 59d583b39bSJohn Wren Kennedy "owner/group/everyone are correct." 60d583b39bSJohn Wren Kennedylog_onexit cleanup 61d583b39bSJohn Wren Kennedy 62d583b39bSJohn Wren Kennedyfunction logname #node acl_spec user 63d583b39bSJohn Wren Kennedy{ 64d583b39bSJohn Wren Kennedy typeset node=$1 65d583b39bSJohn Wren Kennedy typeset acl_spec=$2 66d583b39bSJohn Wren Kennedy typeset user=$3 67d583b39bSJohn Wren Kennedy 68d583b39bSJohn Wren Kennedy # To super user, read and write deny permission was override. 69d583b39bSJohn Wren Kennedy if [[ $acl_spec == *:allow ]] || \ 70d583b39bSJohn Wren Kennedy [[ $user == root && -d $node ]] || \ 71d583b39bSJohn Wren Kennedy [[ $user == root && $acl_spec != *"execute"* ]] 72d583b39bSJohn Wren Kennedy then 73d583b39bSJohn Wren Kennedy print "log_must" 74d583b39bSJohn Wren Kennedy elif [[ $acl_spec == *:deny ]]; then 75d583b39bSJohn Wren Kennedy print "log_mustnot" 76d583b39bSJohn Wren Kennedy fi 77d583b39bSJohn Wren Kennedy} 78d583b39bSJohn Wren Kennedy 79d583b39bSJohn Wren Kennedyfunction check_chmod_results #node acl_spec g_usr o_usr 80d583b39bSJohn Wren Kennedy{ 81d583b39bSJohn Wren Kennedy typeset node=$1 82d583b39bSJohn Wren Kennedy typeset acl_spec=$2 83d583b39bSJohn Wren Kennedy typeset g_usr=$3 84d583b39bSJohn Wren Kennedy typeset o_usr=$4 85d583b39bSJohn Wren Kennedy typeset log 86d583b39bSJohn Wren Kennedy 87d583b39bSJohn Wren Kennedy if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then 88d583b39bSJohn Wren Kennedy log=$(logname $node $acl_spec $ZFS_ACL_CUR_USER) 89d583b39bSJohn Wren Kennedy $log rwx_node $ZFS_ACL_CUR_USER $node $acl_spec 90d583b39bSJohn Wren Kennedy fi 91d583b39bSJohn Wren Kennedy if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then 92d583b39bSJohn Wren Kennedy log=$(logname $node $acl_spec $g_usr) 93d583b39bSJohn Wren Kennedy $log rwx_node $g_usr $node $acl_spec 94d583b39bSJohn Wren Kennedy fi 95d583b39bSJohn Wren Kennedy if [[ $acl_spec == "everyone@"* ]]; then 96d583b39bSJohn Wren Kennedy log=$(logname $node $acl_spec $o_usr) 97d583b39bSJohn Wren Kennedy $log rwx_node $o_usr $node $acl_spec 98d583b39bSJohn Wren Kennedy fi 99d583b39bSJohn Wren Kennedy} 100d583b39bSJohn Wren Kennedy 101d583b39bSJohn Wren Kennedyfunction test_chmod_basic_access #node group_user other_user 102d583b39bSJohn Wren Kennedy{ 103d583b39bSJohn Wren Kennedy typeset node=$1 104d583b39bSJohn Wren Kennedy typeset g_usr=$2 105d583b39bSJohn Wren Kennedy typeset o_usr=$3 106d583b39bSJohn Wren Kennedy typeset flag access acl_spec 107d583b39bSJohn Wren Kennedy 108d583b39bSJohn Wren Kennedy for flag in ${a_flag[@]}; do 109d583b39bSJohn Wren Kennedy for access in ${a_access[@]}; do 110d583b39bSJohn Wren Kennedy for tp in allow deny; do 111d583b39bSJohn Wren Kennedy acl_spec="$flag:$access:$tp" 112*1d32ba66SJohn Wren Kennedy log_must usr_exec chmod A+$acl_spec $node 113d583b39bSJohn Wren Kennedy check_chmod_results \ 114d583b39bSJohn Wren Kennedy $node $acl_spec $g_usr $o_usr 115*1d32ba66SJohn Wren Kennedy log_must usr_exec chmod A0- $node 116d583b39bSJohn Wren Kennedy done 117d583b39bSJohn Wren Kennedy done 118d583b39bSJohn Wren Kennedy done 119d583b39bSJohn Wren Kennedy} 120d583b39bSJohn Wren Kennedy 121d583b39bSJohn Wren Kennedytypeset -i i=0 122d583b39bSJohn Wren Kennedywhile (( i < ${#users[@]} )); do 123d583b39bSJohn Wren Kennedy log_must set_cur_usr ${users[i]} 124d583b39bSJohn Wren Kennedy 125*1d32ba66SJohn Wren Kennedy log_must usr_exec touch $testfile 126d583b39bSJohn Wren Kennedy test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]} 127*1d32ba66SJohn Wren Kennedy log_must usr_exec mkdir $testdir 128d583b39bSJohn Wren Kennedy test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]} 129d583b39bSJohn Wren Kennedy 130*1d32ba66SJohn Wren Kennedy log_must usr_exec rm -rf $testfile $testdir 131d583b39bSJohn Wren Kennedy 132d583b39bSJohn Wren Kennedy (( i += 3 )) 133d583b39bSJohn Wren Kennedydone 134d583b39bSJohn Wren Kennedy 135d583b39bSJohn Wren Kennedylog_pass "Verify that the read_data/write_data/execute permission for" \ 136d583b39bSJohn Wren Kennedy "owner/group/everyone passed." 137