1f38cb554SJohn Wren Kennedy# 2f38cb554SJohn Wren Kennedy# CDDL HEADER START 3f38cb554SJohn Wren Kennedy# 4f38cb554SJohn Wren Kennedy# The contents of this file are subject to the terms of the 5f38cb554SJohn Wren Kennedy# Common Development and Distribution License (the "License"). 6f38cb554SJohn Wren Kennedy# You may not use this file except in compliance with the License. 7f38cb554SJohn Wren Kennedy# 8f38cb554SJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9f38cb554SJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 10f38cb554SJohn Wren Kennedy# See the License for the specific language governing permissions 11f38cb554SJohn Wren Kennedy# and limitations under the License. 12f38cb554SJohn Wren Kennedy# 13f38cb554SJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 14f38cb554SJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15f38cb554SJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 16f38cb554SJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 17f38cb554SJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 18f38cb554SJohn Wren Kennedy# 19f38cb554SJohn Wren Kennedy# CDDL HEADER END 20f38cb554SJohn Wren Kennedy# 21f38cb554SJohn Wren Kennedy 22f38cb554SJohn Wren Kennedy# 23f38cb554SJohn Wren Kennedy# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24f38cb554SJohn Wren Kennedy# Use is subject to license terms. 25f38cb554SJohn Wren Kennedy# 26f38cb554SJohn Wren Kennedy 27f38cb554SJohn Wren Kennedy# 281d32ba66SJohn Wren Kennedy# Copyright (c) 2013, 2016 by Delphix. All rights reserved. 2975160947SYuri Pankov# Copyright 2016 Nexenta Systems, Inc. 3015cdaaa1SBill Sommerfeld# Copyright 2023 Bill Sommerfeld <sommerfeld@alum.mit.edu> 31f38cb554SJohn Wren Kennedy# 32f38cb554SJohn Wren Kennedy 33f38cb554SJohn Wren Kennedy. $STF_SUITE/include/libtest.shlib 34f38cb554SJohn Wren Kennedy. $STF_SUITE/tests/functional/delegate/delegate.cfg 35f38cb554SJohn Wren Kennedy 36f38cb554SJohn Wren Kennedy# 37f38cb554SJohn Wren Kennedy# Cleanup exist user/group. 38f38cb554SJohn Wren Kennedy# 39f38cb554SJohn Wren Kennedyfunction cleanup_user_group 40f38cb554SJohn Wren Kennedy{ 41f38cb554SJohn Wren Kennedy typeset i 42f38cb554SJohn Wren Kennedy for i in $STAFF1 $STAFF2 $OTHER1 $OTHER2 ; do 43f38cb554SJohn Wren Kennedy del_user $i 44f38cb554SJohn Wren Kennedy done 45f38cb554SJohn Wren Kennedy for i in $STAFF_GROUP $OTHER_GROUP ; do 46f38cb554SJohn Wren Kennedy del_group $i 47f38cb554SJohn Wren Kennedy done 48f38cb554SJohn Wren Kennedy 49f38cb554SJohn Wren Kennedy return 0 50f38cb554SJohn Wren Kennedy} 51f38cb554SJohn Wren Kennedy 52f38cb554SJohn Wren Kennedy# 53f38cb554SJohn Wren Kennedy# Restore test file system to the original status. 54f38cb554SJohn Wren Kennedy# 55f38cb554SJohn Wren Kennedyfunction restore_root_datasets 56f38cb554SJohn Wren Kennedy{ 57f38cb554SJohn Wren Kennedy if datasetexists $ROOT_TESTFS ; then 581d32ba66SJohn Wren Kennedy log_must zfs destroy -Rf $ROOT_TESTFS 59f38cb554SJohn Wren Kennedy fi 601d32ba66SJohn Wren Kennedy log_must zfs create $ROOT_TESTFS 61f38cb554SJohn Wren Kennedy 62f38cb554SJohn Wren Kennedy if is_global_zone ; then 63f38cb554SJohn Wren Kennedy if datasetexists $ROOT_TESTVOL ; then 641d32ba66SJohn Wren Kennedy log_must zfs destroy -Rf $ROOT_TESTVOL 65f38cb554SJohn Wren Kennedy fi 661d32ba66SJohn Wren Kennedy log_must zfs create -V $VOLSIZE $ROOT_TESTVOL 67f38cb554SJohn Wren Kennedy fi 68f38cb554SJohn Wren Kennedy 69f38cb554SJohn Wren Kennedy return 0 70f38cb554SJohn Wren Kennedy} 71f38cb554SJohn Wren Kennedy 72f38cb554SJohn Wren Kennedy# 73f38cb554SJohn Wren Kennedy# Verify the specified user have permission on the dataset 74f38cb554SJohn Wren Kennedy# 75f38cb554SJohn Wren Kennedy# $1 dataset 76f38cb554SJohn Wren Kennedy# $2 permissions which are separated by comma(,) 77f38cb554SJohn Wren Kennedy# $3-n users 78f38cb554SJohn Wren Kennedy# 79f38cb554SJohn Wren Kennedyfunction verify_perm 80f38cb554SJohn Wren Kennedy{ 81f38cb554SJohn Wren Kennedy typeset dtst=$1 82f38cb554SJohn Wren Kennedy typeset permissions=$2 83f38cb554SJohn Wren Kennedy shift 2 84f38cb554SJohn Wren Kennedy 85f38cb554SJohn Wren Kennedy if [[ -z $@ || -z $permissions || -z $dtst ]]; then 86f38cb554SJohn Wren Kennedy return 1 87f38cb554SJohn Wren Kennedy fi 88f38cb554SJohn Wren Kennedy 89f38cb554SJohn Wren Kennedy typeset type=$(get_prop type $dtst) 901d32ba66SJohn Wren Kennedy permissions=$(echo $permissions | tr -s "," " ") 91f38cb554SJohn Wren Kennedy 92f38cb554SJohn Wren Kennedy typeset user 93f38cb554SJohn Wren Kennedy for user in $@; do 94f38cb554SJohn Wren Kennedy typeset perm 95f38cb554SJohn Wren Kennedy for perm in $permissions; do 96f38cb554SJohn Wren Kennedy typeset -i ret=1 97f38cb554SJohn Wren Kennedy if [[ $type == "filesystem" ]]; then 98f38cb554SJohn Wren Kennedy check_fs_perm $user $perm $dtst 99f38cb554SJohn Wren Kennedy ret=$? 100f38cb554SJohn Wren Kennedy elif [[ $type == "volume" ]]; then 101f38cb554SJohn Wren Kennedy check_vol_perm $user $perm $dtst 102f38cb554SJohn Wren Kennedy ret=$? 103f38cb554SJohn Wren Kennedy fi 104f38cb554SJohn Wren Kennedy 105f38cb554SJohn Wren Kennedy if ((ret != 0)) ; then 106f38cb554SJohn Wren Kennedy log_note "Fail: $user should have $perm " \ 107f38cb554SJohn Wren Kennedy "on $dtst" 108f38cb554SJohn Wren Kennedy return 1 109f38cb554SJohn Wren Kennedy fi 110f38cb554SJohn Wren Kennedy done 111f38cb554SJohn Wren Kennedy done 112f38cb554SJohn Wren Kennedy 113f38cb554SJohn Wren Kennedy return 0 114f38cb554SJohn Wren Kennedy} 115f38cb554SJohn Wren Kennedy 116f38cb554SJohn Wren Kennedy# 117f38cb554SJohn Wren Kennedy# Verify the specified user have no permission on the dataset 118f38cb554SJohn Wren Kennedy# 119f38cb554SJohn Wren Kennedy# $1 dataset 120f38cb554SJohn Wren Kennedy# $2 permissions which are separated by comma(,) 121f38cb554SJohn Wren Kennedy# $3-n users 122f38cb554SJohn Wren Kennedy# 123f38cb554SJohn Wren Kennedyfunction verify_noperm 124f38cb554SJohn Wren Kennedy{ 125f38cb554SJohn Wren Kennedy typeset dtst=$1 126f38cb554SJohn Wren Kennedy typeset permissions=$2 127f38cb554SJohn Wren Kennedy shift 2 128f38cb554SJohn Wren Kennedy 129f38cb554SJohn Wren Kennedy if [[ -z $@ || -z $permissions || -z $dtst ]]; then 130f38cb554SJohn Wren Kennedy return 1 131f38cb554SJohn Wren Kennedy fi 132f38cb554SJohn Wren Kennedy 133f38cb554SJohn Wren Kennedy typeset type=$(get_prop type $dtst) 1341d32ba66SJohn Wren Kennedy permissions=$(echo $permissions | tr -s "," " ") 135f38cb554SJohn Wren Kennedy 136f38cb554SJohn Wren Kennedy typeset user 137f38cb554SJohn Wren Kennedy for user in $@; do 138f38cb554SJohn Wren Kennedy typeset perm 139f38cb554SJohn Wren Kennedy for perm in $permissions; do 140f38cb554SJohn Wren Kennedy typeset -i ret=1 141f38cb554SJohn Wren Kennedy if [[ $type == "filesystem" ]]; then 142f38cb554SJohn Wren Kennedy check_fs_perm $user $perm $dtst 143f38cb554SJohn Wren Kennedy ret=$? 144f38cb554SJohn Wren Kennedy elif [[ $type == "volume" ]]; then 145f38cb554SJohn Wren Kennedy check_vol_perm $user $perm $dtst 146f38cb554SJohn Wren Kennedy ret=$? 147f38cb554SJohn Wren Kennedy fi 148f38cb554SJohn Wren Kennedy 149f38cb554SJohn Wren Kennedy if ((ret == 0)) ; then 150f38cb554SJohn Wren Kennedy log_note "Fail: $user should not have $perm " \ 151f38cb554SJohn Wren Kennedy "on $dtst" 152f38cb554SJohn Wren Kennedy return 1 153f38cb554SJohn Wren Kennedy fi 154f38cb554SJohn Wren Kennedy done 155f38cb554SJohn Wren Kennedy done 156f38cb554SJohn Wren Kennedy 157f38cb554SJohn Wren Kennedy return 0 158f38cb554SJohn Wren Kennedy} 159f38cb554SJohn Wren Kennedy 160f38cb554SJohn Wren Kennedyfunction common_perm 161f38cb554SJohn Wren Kennedy{ 162f38cb554SJohn Wren Kennedy typeset user=$1 163f38cb554SJohn Wren Kennedy typeset perm=$2 164f38cb554SJohn Wren Kennedy typeset dtst=$3 165f38cb554SJohn Wren Kennedy 166f38cb554SJohn Wren Kennedy typeset -i ret=1 167f38cb554SJohn Wren Kennedy case $perm in 168f38cb554SJohn Wren Kennedy send) 169f38cb554SJohn Wren Kennedy verify_send $user $perm $dtst 170f38cb554SJohn Wren Kennedy ret=$? 171f38cb554SJohn Wren Kennedy ;; 172f38cb554SJohn Wren Kennedy allow) 173f38cb554SJohn Wren Kennedy verify_allow $user $perm $dtst 174f38cb554SJohn Wren Kennedy ret=$? 175f38cb554SJohn Wren Kennedy ;; 176f38cb554SJohn Wren Kennedy userprop) 177f38cb554SJohn Wren Kennedy verify_userprop $user $perm $dtst 178f38cb554SJohn Wren Kennedy ret=$? 179f38cb554SJohn Wren Kennedy ;; 180f38cb554SJohn Wren Kennedy compression|checksum|readonly) 181f38cb554SJohn Wren Kennedy verify_ccr $user $perm $dtst 182f38cb554SJohn Wren Kennedy ret=$? 183f38cb554SJohn Wren Kennedy ;; 184f38cb554SJohn Wren Kennedy copies) 185f38cb554SJohn Wren Kennedy verify_copies $user $perm $dtst 186f38cb554SJohn Wren Kennedy ret=$? 187f38cb554SJohn Wren Kennedy ;; 188f38cb554SJohn Wren Kennedy reservation) 189f38cb554SJohn Wren Kennedy verify_reservation $user $perm $dtst 190f38cb554SJohn Wren Kennedy ret=$? 191f38cb554SJohn Wren Kennedy ;; 192f38cb554SJohn Wren Kennedy *) 193f38cb554SJohn Wren Kennedy ret=1 194f38cb554SJohn Wren Kennedy ;; 195f38cb554SJohn Wren Kennedy esac 196f38cb554SJohn Wren Kennedy 197f38cb554SJohn Wren Kennedy return $ret 198f38cb554SJohn Wren Kennedy} 199f38cb554SJohn Wren Kennedy 200f38cb554SJohn Wren Kennedyfunction check_fs_perm 201f38cb554SJohn Wren Kennedy{ 202f38cb554SJohn Wren Kennedy typeset user=$1 203f38cb554SJohn Wren Kennedy typeset perm=$2 204f38cb554SJohn Wren Kennedy typeset fs=$3 205f38cb554SJohn Wren Kennedy 206f38cb554SJohn Wren Kennedy typeset -i ret=1 207f38cb554SJohn Wren Kennedy case $perm in 208f38cb554SJohn Wren Kennedy create) 209f38cb554SJohn Wren Kennedy verify_fs_create $user $perm $fs 210f38cb554SJohn Wren Kennedy ret=$? 211f38cb554SJohn Wren Kennedy ;; 212f38cb554SJohn Wren Kennedy destroy) 213f38cb554SJohn Wren Kennedy verify_fs_destroy $user $perm $fs 214f38cb554SJohn Wren Kennedy ret=$? 215f38cb554SJohn Wren Kennedy ;; 216f38cb554SJohn Wren Kennedy snapshot) 217f38cb554SJohn Wren Kennedy verify_fs_snapshot $user $perm $fs 218f38cb554SJohn Wren Kennedy ret=$? 219f38cb554SJohn Wren Kennedy ;; 220f38cb554SJohn Wren Kennedy rollback) 221f38cb554SJohn Wren Kennedy verify_fs_rollback $user $perm $fs 222f38cb554SJohn Wren Kennedy ret=$? 223f38cb554SJohn Wren Kennedy ;; 224f38cb554SJohn Wren Kennedy clone) 225f38cb554SJohn Wren Kennedy verify_fs_clone $user $perm $fs 226f38cb554SJohn Wren Kennedy ret=$? 227f38cb554SJohn Wren Kennedy ;; 228f38cb554SJohn Wren Kennedy rename) 229f38cb554SJohn Wren Kennedy verify_fs_rename $user $perm $fs 230f38cb554SJohn Wren Kennedy ret=$? 231f38cb554SJohn Wren Kennedy ;; 232f38cb554SJohn Wren Kennedy mount) 233f38cb554SJohn Wren Kennedy verify_fs_mount $user $perm $fs 234f38cb554SJohn Wren Kennedy ret=$? 235f38cb554SJohn Wren Kennedy ;; 236f38cb554SJohn Wren Kennedy share) 237f38cb554SJohn Wren Kennedy verify_fs_share $user $perm $fs 238f38cb554SJohn Wren Kennedy ret=$? 239f38cb554SJohn Wren Kennedy ;; 240f38cb554SJohn Wren Kennedy mountpoint) 241f38cb554SJohn Wren Kennedy verify_fs_mountpoint $user $perm $fs 242f38cb554SJohn Wren Kennedy ret=$? 243f38cb554SJohn Wren Kennedy ;; 244f38cb554SJohn Wren Kennedy promote) 245f38cb554SJohn Wren Kennedy verify_fs_promote $user $perm $fs 246f38cb554SJohn Wren Kennedy ret=$? 247f38cb554SJohn Wren Kennedy ;; 248f38cb554SJohn Wren Kennedy canmount) 249f38cb554SJohn Wren Kennedy verify_fs_canmount $user $perm $fs 250f38cb554SJohn Wren Kennedy ret=$? 251f38cb554SJohn Wren Kennedy ;; 2520774d909SNed Bass dnodesize) 2530774d909SNed Bass verify_fs_dnodesize $user $perm $fs 2540774d909SNed Bass ret=$? 2550774d909SNed Bass ;; 256f38cb554SJohn Wren Kennedy recordsize) 257f38cb554SJohn Wren Kennedy verify_fs_recordsize $user $perm $fs 258f38cb554SJohn Wren Kennedy ret=$? 259f38cb554SJohn Wren Kennedy ;; 260f38cb554SJohn Wren Kennedy quota) 261f38cb554SJohn Wren Kennedy verify_fs_quota $user $perm $fs 262f38cb554SJohn Wren Kennedy ret=$? 263f38cb554SJohn Wren Kennedy ;; 264f38cb554SJohn Wren Kennedy aclmode) 265f38cb554SJohn Wren Kennedy verify_fs_aclmode $user $perm $fs 266f38cb554SJohn Wren Kennedy ret=$? 267f38cb554SJohn Wren Kennedy ;; 268f38cb554SJohn Wren Kennedy aclinherit) 269f38cb554SJohn Wren Kennedy verify_fs_aclinherit $user $perm $fs 270f38cb554SJohn Wren Kennedy ret=$? 271f38cb554SJohn Wren Kennedy ;; 272f38cb554SJohn Wren Kennedy snapdir) 273f38cb554SJohn Wren Kennedy verify_fs_snapdir $user $perm $fs 274f38cb554SJohn Wren Kennedy ret=$? 275f38cb554SJohn Wren Kennedy ;; 276f38cb554SJohn Wren Kennedy atime|exec|devices|setuid|xattr) 277f38cb554SJohn Wren Kennedy verify_fs_aedsx $user $perm $fs 278f38cb554SJohn Wren Kennedy ret=$? 279f38cb554SJohn Wren Kennedy ;; 280f38cb554SJohn Wren Kennedy zoned) 281f38cb554SJohn Wren Kennedy verify_fs_zoned $user $perm $fs 282f38cb554SJohn Wren Kennedy ret=$? 283f38cb554SJohn Wren Kennedy ;; 284f38cb554SJohn Wren Kennedy sharenfs) 285f38cb554SJohn Wren Kennedy verify_fs_sharenfs $user $perm $fs 286f38cb554SJohn Wren Kennedy ret=$? 287f38cb554SJohn Wren Kennedy ;; 288f38cb554SJohn Wren Kennedy receive) 289f38cb554SJohn Wren Kennedy verify_fs_receive $user $perm $fs 290f38cb554SJohn Wren Kennedy ret=$? 291f38cb554SJohn Wren Kennedy ;; 292f38cb554SJohn Wren Kennedy *) 293f38cb554SJohn Wren Kennedy common_perm $user $perm $fs 294f38cb554SJohn Wren Kennedy ret=$? 295f38cb554SJohn Wren Kennedy ;; 296f38cb554SJohn Wren Kennedy esac 297f38cb554SJohn Wren Kennedy 298f38cb554SJohn Wren Kennedy return $ret 299f38cb554SJohn Wren Kennedy} 300f38cb554SJohn Wren Kennedy 301f38cb554SJohn Wren Kennedyfunction check_vol_perm 302f38cb554SJohn Wren Kennedy{ 303f38cb554SJohn Wren Kennedy typeset user=$1 304f38cb554SJohn Wren Kennedy typeset perm=$2 305f38cb554SJohn Wren Kennedy typeset vol=$3 306f38cb554SJohn Wren Kennedy 307f38cb554SJohn Wren Kennedy typeset -i ret=1 308f38cb554SJohn Wren Kennedy case $perm in 309f38cb554SJohn Wren Kennedy destroy) 310f38cb554SJohn Wren Kennedy verify_vol_destroy $user $perm $vol 311f38cb554SJohn Wren Kennedy ret=$? 312f38cb554SJohn Wren Kennedy ;; 313f38cb554SJohn Wren Kennedy snapshot) 314f38cb554SJohn Wren Kennedy verify_vol_snapshot $user $perm $vol 315f38cb554SJohn Wren Kennedy ret=$? 316f38cb554SJohn Wren Kennedy ;; 317f38cb554SJohn Wren Kennedy rollback) 318f38cb554SJohn Wren Kennedy verify_vol_rollback $user $perm $vol 319f38cb554SJohn Wren Kennedy ret=$? 320f38cb554SJohn Wren Kennedy ;; 321f38cb554SJohn Wren Kennedy clone) 322f38cb554SJohn Wren Kennedy verify_vol_clone $user $perm $vol 323f38cb554SJohn Wren Kennedy ret=$? 324f38cb554SJohn Wren Kennedy ;; 325f38cb554SJohn Wren Kennedy rename) 326f38cb554SJohn Wren Kennedy verify_vol_rename $user $perm $vol 327f38cb554SJohn Wren Kennedy ret=$? 328f38cb554SJohn Wren Kennedy ;; 329f38cb554SJohn Wren Kennedy promote) 330f38cb554SJohn Wren Kennedy verify_vol_promote $user $perm $vol 331f38cb554SJohn Wren Kennedy ret=$? 332f38cb554SJohn Wren Kennedy ;; 333f38cb554SJohn Wren Kennedy volsize) 334f38cb554SJohn Wren Kennedy verify_vol_volsize $user $perm $vol 335f38cb554SJohn Wren Kennedy ret=$? 336f38cb554SJohn Wren Kennedy ;; 337f38cb554SJohn Wren Kennedy *) 338f38cb554SJohn Wren Kennedy common_perm $user $perm $vol 339f38cb554SJohn Wren Kennedy ret=$? 340f38cb554SJohn Wren Kennedy ;; 341f38cb554SJohn Wren Kennedy esac 342f38cb554SJohn Wren Kennedy 343f38cb554SJohn Wren Kennedy return $ret 344f38cb554SJohn Wren Kennedy} 345f38cb554SJohn Wren Kennedy 346f38cb554SJohn Wren Kennedyfunction setup_unallow_testenv 347f38cb554SJohn Wren Kennedy{ 348f38cb554SJohn Wren Kennedy log_must restore_root_datasets 349f38cb554SJohn Wren Kennedy 3501d32ba66SJohn Wren Kennedy log_must zfs create $SUBFS 351f38cb554SJohn Wren Kennedy 352f38cb554SJohn Wren Kennedy for dtst in $DATASETS ; do 3531d32ba66SJohn Wren Kennedy log_must zfs allow -l $STAFF1 $LOCAL_SET $dtst 3541d32ba66SJohn Wren Kennedy log_must zfs allow -d $STAFF2 $DESC_SET $dtst 3551d32ba66SJohn Wren Kennedy log_must zfs allow $OTHER1 $LOCAL_DESC_SET $dtst 3561d32ba66SJohn Wren Kennedy log_must zfs allow $OTHER2 $LOCAL_DESC_SET $dtst 357f38cb554SJohn Wren Kennedy 358f38cb554SJohn Wren Kennedy log_must verify_perm $dtst $LOCAL_SET $STAFF1 359f38cb554SJohn Wren Kennedy log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER1 360f38cb554SJohn Wren Kennedy log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2 361f38cb554SJohn Wren Kennedy if [[ $dtst == $ROOT_TESTFS ]]; then 362f38cb554SJohn Wren Kennedy log_must verify_perm $SUBFS $DESC_SET $STAFF2 363f38cb554SJohn Wren Kennedy log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER1 364f38cb554SJohn Wren Kennedy log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER2 365f38cb554SJohn Wren Kennedy fi 366f38cb554SJohn Wren Kennedy done 367f38cb554SJohn Wren Kennedy 368f38cb554SJohn Wren Kennedy return 0 369f38cb554SJohn Wren Kennedy} 370f38cb554SJohn Wren Kennedy 371f38cb554SJohn Wren Kennedy# 372f38cb554SJohn Wren Kennedy# Verify permission send for specified user on the dataset 373f38cb554SJohn Wren Kennedy# $1 user 374f38cb554SJohn Wren Kennedy# $2 permission 375f38cb554SJohn Wren Kennedy# $3 dataset 376f38cb554SJohn Wren Kennedy# 377f38cb554SJohn Wren Kennedyfunction verify_send 378f38cb554SJohn Wren Kennedy{ 379f38cb554SJohn Wren Kennedy typeset user=$1 380f38cb554SJohn Wren Kennedy typeset perm=$2 381f38cb554SJohn Wren Kennedy typeset dtst=$3 382f38cb554SJohn Wren Kennedy 383f38cb554SJohn Wren Kennedy typeset oldval 384*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 385f38cb554SJohn Wren Kennedy typeset snap=$dtst@snap.$stamp 386f38cb554SJohn Wren Kennedy 387f38cb554SJohn Wren Kennedy typeset -i ret=1 388f38cb554SJohn Wren Kennedy 3891d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 390f38cb554SJohn Wren Kennedy typeset bak_user=/tmp/bak.$user.$stamp 391f38cb554SJohn Wren Kennedy typeset bak_root=/tmp/bak.root.$stamp 392f38cb554SJohn Wren Kennedy 3931d32ba66SJohn Wren Kennedy user_run $user eval "zfs send $snap > $bak_user" 3941d32ba66SJohn Wren Kennedy log_must eval "zfs send $snap > $bak_root" 395f38cb554SJohn Wren Kennedy 396f38cb554SJohn Wren Kennedy if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then 397f38cb554SJohn Wren Kennedy ret=0 398f38cb554SJohn Wren Kennedy fi 399f38cb554SJohn Wren Kennedy 4001d32ba66SJohn Wren Kennedy rm -rf $bak_user > /dev/null 4011d32ba66SJohn Wren Kennedy rm -rf $bak_root > /dev/null 402f38cb554SJohn Wren Kennedy 403f38cb554SJohn Wren Kennedy return $ret 404f38cb554SJohn Wren Kennedy} 405f38cb554SJohn Wren Kennedy 406f38cb554SJohn Wren Kennedyfunction verify_fs_receive 407f38cb554SJohn Wren Kennedy{ 408f38cb554SJohn Wren Kennedy typeset user=$1 409f38cb554SJohn Wren Kennedy typeset perm=$2 410f38cb554SJohn Wren Kennedy typeset fs=$3 411f38cb554SJohn Wren Kennedy 412f38cb554SJohn Wren Kennedy typeset dtst 413*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 414f38cb554SJohn Wren Kennedy typeset newfs=$fs/newfs.$stamp 415f38cb554SJohn Wren Kennedy typeset newvol=$fs/newvol.$stamp 416f38cb554SJohn Wren Kennedy typeset bak_user=/tmp/bak.$user.$stamp 417f38cb554SJohn Wren Kennedy typeset bak_root=/tmp/bak.root.$stamp 418f38cb554SJohn Wren Kennedy 4191d32ba66SJohn Wren Kennedy log_must zfs create $newfs 420f38cb554SJohn Wren Kennedy typeset datasets="$newfs" 421f38cb554SJohn Wren Kennedy if is_global_zone ; then 4221d32ba66SJohn Wren Kennedy log_must zfs create -V $VOLSIZE $newvol 423f38cb554SJohn Wren Kennedy datasets="$newfs $newvol" 424f38cb554SJohn Wren Kennedy fi 425f38cb554SJohn Wren Kennedy 426f38cb554SJohn Wren Kennedy for dtst in $datasets ; do 427f38cb554SJohn Wren Kennedy 428f38cb554SJohn Wren Kennedy typeset dtstsnap=$dtst@snap.$stamp 4291d32ba66SJohn Wren Kennedy log_must zfs snapshot $dtstsnap 430f38cb554SJohn Wren Kennedy 4311d32ba66SJohn Wren Kennedy log_must eval "zfs send $dtstsnap > $bak_root" 4321d32ba66SJohn Wren Kennedy log_must zfs destroy -rf $dtst 433f38cb554SJohn Wren Kennedy 4341d32ba66SJohn Wren Kennedy user_run $user eval "zfs receive $dtst < $bak_root" 435f38cb554SJohn Wren Kennedy if datasetexists $dtstsnap ; then 436f38cb554SJohn Wren Kennedy return 1 437f38cb554SJohn Wren Kennedy fi 438f38cb554SJohn Wren Kennedy 4391d32ba66SJohn Wren Kennedy log_must zfs allow $user create $fs 4401d32ba66SJohn Wren Kennedy user_run $user eval "zfs receive $dtst < $bak_root" 4411d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $fs 442f38cb554SJohn Wren Kennedy if datasetexists $dtstsnap ; then 443f38cb554SJohn Wren Kennedy return 1 444f38cb554SJohn Wren Kennedy fi 445f38cb554SJohn Wren Kennedy 4461d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 4471d32ba66SJohn Wren Kennedy user_run $user eval "zfs receive $dtst < $bak_root" 4481d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 449f38cb554SJohn Wren Kennedy if datasetexists $dtstsnap ; then 450f38cb554SJohn Wren Kennedy return 1 451f38cb554SJohn Wren Kennedy fi 452f38cb554SJohn Wren Kennedy 4531d32ba66SJohn Wren Kennedy log_must zfs allow $user mount,create $fs 4541d32ba66SJohn Wren Kennedy user_run $user eval "zfs receive $dtst < $bak_root" 4551d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount,create $fs 456f38cb554SJohn Wren Kennedy if ! datasetexists $dtstsnap ; then 457f38cb554SJohn Wren Kennedy return 1 458f38cb554SJohn Wren Kennedy fi 459f38cb554SJohn Wren Kennedy 460f38cb554SJohn Wren Kennedy # check the data integrity 4611d32ba66SJohn Wren Kennedy log_must eval "zfs send $dtstsnap > $bak_user" 4621d32ba66SJohn Wren Kennedy log_must zfs destroy -rf $dtst 4631d32ba66SJohn Wren Kennedy log_must eval "zfs receive $dtst < $bak_root" 4641d32ba66SJohn Wren Kennedy log_must eval "zfs send $dtstsnap > $bak_root" 4651d32ba66SJohn Wren Kennedy log_must zfs destroy -rf $dtst 466f38cb554SJohn Wren Kennedy if [[ $(checksum $bak_user) != $(checksum $bak_root) ]]; then 467f38cb554SJohn Wren Kennedy return 1 468f38cb554SJohn Wren Kennedy fi 469f38cb554SJohn Wren Kennedy 4701d32ba66SJohn Wren Kennedy rm -rf $bak_user > /dev/null 4711d32ba66SJohn Wren Kennedy rm -rf $bak_root > /dev/null 472f38cb554SJohn Wren Kennedy 473f38cb554SJohn Wren Kennedy done 474f38cb554SJohn Wren Kennedy 475f38cb554SJohn Wren Kennedy return 0 476f38cb554SJohn Wren Kennedy} 477f38cb554SJohn Wren Kennedy 478f38cb554SJohn Wren Kennedyfunction verify_userprop 479f38cb554SJohn Wren Kennedy{ 480f38cb554SJohn Wren Kennedy typeset user=$1 481f38cb554SJohn Wren Kennedy typeset perm=$2 482f38cb554SJohn Wren Kennedy typeset dtst=$3 483f38cb554SJohn Wren Kennedy 484*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 485f38cb554SJohn Wren Kennedy 4861d32ba66SJohn Wren Kennedy user_run $user zfs set "$user:ts=$stamp" $dtst 48709fbbb7dSAllan Jude sync_pool ${dtst%%/*} 488f38cb554SJohn Wren Kennedy if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then 489f38cb554SJohn Wren Kennedy return 1 490f38cb554SJohn Wren Kennedy fi 49115cdaaa1SBill Sommerfeld user_run $user zfs inherit "$user:ts" $dtst 492f38cb554SJohn Wren Kennedy 493f38cb554SJohn Wren Kennedy return 0 494f38cb554SJohn Wren Kennedy} 495f38cb554SJohn Wren Kennedy 496f38cb554SJohn Wren Kennedyfunction verify_ccr 497f38cb554SJohn Wren Kennedy{ 498f38cb554SJohn Wren Kennedy typeset user=$1 499f38cb554SJohn Wren Kennedy typeset perm=$2 500f38cb554SJohn Wren Kennedy typeset dtst=$3 501f38cb554SJohn Wren Kennedy 502f38cb554SJohn Wren Kennedy typeset oldval 503f38cb554SJohn Wren Kennedy 504f38cb554SJohn Wren Kennedy set -A modes "on" "off" 505f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $dtst) 506f38cb554SJohn Wren Kennedy if [[ $oldval == "on" ]]; then 507f38cb554SJohn Wren Kennedy n=1 508f38cb554SJohn Wren Kennedy elif [[ $oldval == "off" ]]; then 509f38cb554SJohn Wren Kennedy n=0 510f38cb554SJohn Wren Kennedy fi 5111d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $dtst" 5121d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $dtst 513f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then 514f38cb554SJohn Wren Kennedy return 1 515f38cb554SJohn Wren Kennedy fi 516f38cb554SJohn Wren Kennedy 517f38cb554SJohn Wren Kennedy return 0 518f38cb554SJohn Wren Kennedy} 519f38cb554SJohn Wren Kennedy 520f38cb554SJohn Wren Kennedyfunction verify_copies 521f38cb554SJohn Wren Kennedy{ 522f38cb554SJohn Wren Kennedy typeset user=$1 523f38cb554SJohn Wren Kennedy typeset perm=$2 524f38cb554SJohn Wren Kennedy typeset dtst=$3 525f38cb554SJohn Wren Kennedy 526f38cb554SJohn Wren Kennedy typeset oldval 527f38cb554SJohn Wren Kennedy 528f38cb554SJohn Wren Kennedy set -A modes 1 2 3 529f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $dtst) 530f38cb554SJohn Wren Kennedy if [[ $oldval -eq 1 ]]; then 531f38cb554SJohn Wren Kennedy n=1 532f38cb554SJohn Wren Kennedy elif [[ $oldval -eq 2 ]]; then 533f38cb554SJohn Wren Kennedy n=2 534f38cb554SJohn Wren Kennedy elif [[ $oldval -eq 3 ]]; then 535f38cb554SJohn Wren Kennedy n=0 536f38cb554SJohn Wren Kennedy fi 5371d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $dtst" 5381d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $dtst 539f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then 540f38cb554SJohn Wren Kennedy return 1 541f38cb554SJohn Wren Kennedy fi 542f38cb554SJohn Wren Kennedy 543f38cb554SJohn Wren Kennedy return 0 544f38cb554SJohn Wren Kennedy} 545f38cb554SJohn Wren Kennedy 546f38cb554SJohn Wren Kennedyfunction verify_reservation 547f38cb554SJohn Wren Kennedy{ 548f38cb554SJohn Wren Kennedy typeset user=$1 549f38cb554SJohn Wren Kennedy typeset perm=$2 550f38cb554SJohn Wren Kennedy typeset dtst=$3 551f38cb554SJohn Wren Kennedy 552f38cb554SJohn Wren Kennedy typeset value32m=$(( 1024 * 1024 * 32 )) 553f38cb554SJohn Wren Kennedy typeset oldval=$(get_prop reservation $dtst) 5541d32ba66SJohn Wren Kennedy user_run $user zfs set reservation=$value32m $dtst 555f38cb554SJohn Wren Kennedy if [[ $value32m != $(get_prop reservation $dtst) ]]; then 5561d32ba66SJohn Wren Kennedy log_must zfs set reservation=$oldval $dtst 557f38cb554SJohn Wren Kennedy return 1 558f38cb554SJohn Wren Kennedy fi 559f38cb554SJohn Wren Kennedy 5601d32ba66SJohn Wren Kennedy log_must zfs set reservation=$oldval $dtst 561f38cb554SJohn Wren Kennedy return 0 562f38cb554SJohn Wren Kennedy} 563f38cb554SJohn Wren Kennedy 564f38cb554SJohn Wren Kennedyfunction verify_fs_create 565f38cb554SJohn Wren Kennedy{ 566f38cb554SJohn Wren Kennedy typeset user=$1 567f38cb554SJohn Wren Kennedy typeset perm=$2 568f38cb554SJohn Wren Kennedy typeset fs=$3 569f38cb554SJohn Wren Kennedy 570*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 571f38cb554SJohn Wren Kennedy typeset newfs=$fs/nfs.$stamp 572f38cb554SJohn Wren Kennedy typeset newvol=$fs/nvol.$stamp 573f38cb554SJohn Wren Kennedy 5741d32ba66SJohn Wren Kennedy user_run $user zfs create $newfs 575f38cb554SJohn Wren Kennedy if datasetexists $newfs ; then 576f38cb554SJohn Wren Kennedy return 1 577f38cb554SJohn Wren Kennedy fi 578f38cb554SJohn Wren Kennedy 5791d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 5801d32ba66SJohn Wren Kennedy user_run $user zfs create $newfs 5811d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 582f38cb554SJohn Wren Kennedy if ! datasetexists $newfs ; then 583f38cb554SJohn Wren Kennedy return 1 584f38cb554SJohn Wren Kennedy fi 585f38cb554SJohn Wren Kennedy 5861d32ba66SJohn Wren Kennedy log_must zfs destroy $newfs 587f38cb554SJohn Wren Kennedy 588f38cb554SJohn Wren Kennedy if is_global_zone ; then 589f38cb554SJohn Wren Kennedy # mount permission is required for sparse volume 5901d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m -s $newvol 591f38cb554SJohn Wren Kennedy if datasetexists $newvol ; then 592f38cb554SJohn Wren Kennedy return 1 593f38cb554SJohn Wren Kennedy fi 594f38cb554SJohn Wren Kennedy 5951d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 5961d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m -s $newvol 5971d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 598f38cb554SJohn Wren Kennedy if ! datasetexists $newvol ; then 599f38cb554SJohn Wren Kennedy return 1 600f38cb554SJohn Wren Kennedy fi 6011d32ba66SJohn Wren Kennedy log_must zfs destroy $newvol 602f38cb554SJohn Wren Kennedy 603f38cb554SJohn Wren Kennedy # mount and reserveration permission are 604f38cb554SJohn Wren Kennedy # required for normal volume 6051d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m $newvol 606f38cb554SJohn Wren Kennedy if datasetexists $newvol ; then 607f38cb554SJohn Wren Kennedy return 1 608f38cb554SJohn Wren Kennedy fi 609f38cb554SJohn Wren Kennedy 6101d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 6111d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m $newvol 6121d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 613f38cb554SJohn Wren Kennedy if datasetexists $newvol ; then 614f38cb554SJohn Wren Kennedy return 1 615f38cb554SJohn Wren Kennedy fi 616f38cb554SJohn Wren Kennedy 6171d32ba66SJohn Wren Kennedy log_must zfs allow $user reservation $fs 6181d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m $newvol 6191d32ba66SJohn Wren Kennedy log_must zfs unallow $user reservation $fs 620f38cb554SJohn Wren Kennedy if datasetexists $newvol ; then 621f38cb554SJohn Wren Kennedy return 1 622f38cb554SJohn Wren Kennedy fi 623f38cb554SJohn Wren Kennedy 6241d32ba66SJohn Wren Kennedy log_must zfs allow $user refreservation $fs 6251d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m $newvol 6261d32ba66SJohn Wren Kennedy log_must zfs unallow $user refreservation $fs 627f38cb554SJohn Wren Kennedy if datasetexists $newvol ; then 628f38cb554SJohn Wren Kennedy return 1 629f38cb554SJohn Wren Kennedy fi 630f38cb554SJohn Wren Kennedy 6311d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 6321d32ba66SJohn Wren Kennedy log_must zfs allow $user reservation $fs 6331d32ba66SJohn Wren Kennedy log_must zfs allow $user refreservation $fs 6341d32ba66SJohn Wren Kennedy user_run $user zfs create -V 150m $newvol 6351d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 6361d32ba66SJohn Wren Kennedy log_must zfs unallow $user reservation $fs 6371d32ba66SJohn Wren Kennedy log_must zfs unallow $user refreservation $fs 638f38cb554SJohn Wren Kennedy if ! datasetexists $newvol ; then 639f38cb554SJohn Wren Kennedy return 1 640f38cb554SJohn Wren Kennedy fi 6411d32ba66SJohn Wren Kennedy log_must zfs destroy $newvol 642f38cb554SJohn Wren Kennedy fi 643f38cb554SJohn Wren Kennedy 644f38cb554SJohn Wren Kennedy return 0 645f38cb554SJohn Wren Kennedy} 646f38cb554SJohn Wren Kennedy 647f38cb554SJohn Wren Kennedyfunction verify_fs_destroy 648f38cb554SJohn Wren Kennedy{ 649f38cb554SJohn Wren Kennedy typeset user=$1 650f38cb554SJohn Wren Kennedy typeset perm=$2 651f38cb554SJohn Wren Kennedy typeset fs=$3 652f38cb554SJohn Wren Kennedy 653f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 6541d32ba66SJohn Wren Kennedy user_run $user zfs destroy $fs 655f38cb554SJohn Wren Kennedy if datasetexists $fs ; then 656f38cb554SJohn Wren Kennedy return 1 657f38cb554SJohn Wren Kennedy fi 658f38cb554SJohn Wren Kennedy fi 659f38cb554SJohn Wren Kennedy 660f38cb554SJohn Wren Kennedy if ismounted $fs ; then 6611d32ba66SJohn Wren Kennedy user_run $user zfs destroy $fs 662f38cb554SJohn Wren Kennedy if ! datasetexists $fs ; then 663f38cb554SJohn Wren Kennedy return 1 664f38cb554SJohn Wren Kennedy fi 665f38cb554SJohn Wren Kennedy 666f38cb554SJohn Wren Kennedy # mount permission is required 6671d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 6681d32ba66SJohn Wren Kennedy user_run $user zfs destroy $fs 669f38cb554SJohn Wren Kennedy if datasetexists $fs ; then 670f38cb554SJohn Wren Kennedy return 1 671f38cb554SJohn Wren Kennedy fi 672f38cb554SJohn Wren Kennedy fi 673f38cb554SJohn Wren Kennedy 674f38cb554SJohn Wren Kennedy return 0 675f38cb554SJohn Wren Kennedy} 676f38cb554SJohn Wren Kennedy 677f38cb554SJohn Wren Kennedy# Verify that given the correct delegation, a regular user can: 678f38cb554SJohn Wren Kennedy# Take a snapshot of an unmounted dataset 679f38cb554SJohn Wren Kennedy# Take a snapshot of an mounted dataset 680f38cb554SJohn Wren Kennedy# Create a snapshot by making a directory in the .zfs/snapshot directory 681f38cb554SJohn Wren Kennedyfunction verify_fs_snapshot 682f38cb554SJohn Wren Kennedy{ 683f38cb554SJohn Wren Kennedy typeset user=$1 684f38cb554SJohn Wren Kennedy typeset perm=$2 685f38cb554SJohn Wren Kennedy typeset fs=$3 686f38cb554SJohn Wren Kennedy 687*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 688f38cb554SJohn Wren Kennedy typeset snap=$fs@snap.$stamp 689f38cb554SJohn Wren Kennedy typeset mntpt=$(get_prop mountpoint $fs) 690f38cb554SJohn Wren Kennedy 691f38cb554SJohn Wren Kennedy if [[ "yes" == $(get_prop mounted $fs) ]]; then 6921d32ba66SJohn Wren Kennedy log_must zfs umount $fs 693f38cb554SJohn Wren Kennedy fi 694f38cb554SJohn Wren Kennedy 6951d32ba66SJohn Wren Kennedy user_run $user zfs snapshot $snap 696f38cb554SJohn Wren Kennedy if ! datasetexists $snap ; then 697f38cb554SJohn Wren Kennedy return 1 698f38cb554SJohn Wren Kennedy fi 6991d32ba66SJohn Wren Kennedy log_must zfs destroy $snap 700f38cb554SJohn Wren Kennedy 701f38cb554SJohn Wren Kennedy if [[ "no" == $(get_prop mounted $fs) ]]; then 7021d32ba66SJohn Wren Kennedy log_must zfs mount $fs 703f38cb554SJohn Wren Kennedy fi 704f38cb554SJohn Wren Kennedy 7051d32ba66SJohn Wren Kennedy user_run $user zfs snapshot $snap 706f38cb554SJohn Wren Kennedy if ! datasetexists $snap ; then 707f38cb554SJohn Wren Kennedy return 1 708f38cb554SJohn Wren Kennedy fi 7091d32ba66SJohn Wren Kennedy log_must zfs destroy $snap 710f38cb554SJohn Wren Kennedy 711f38cb554SJohn Wren Kennedy typeset snapdir=${mntpt}/.zfs/snapshot/snap.$stamp 7121d32ba66SJohn Wren Kennedy user_run $user mkdir $snapdir 713f38cb554SJohn Wren Kennedy if ! datasetexists $snap ; then 714f38cb554SJohn Wren Kennedy return 1 715f38cb554SJohn Wren Kennedy fi 7161d32ba66SJohn Wren Kennedy log_must zfs destroy $snap 717f38cb554SJohn Wren Kennedy 718f38cb554SJohn Wren Kennedy return 0 719f38cb554SJohn Wren Kennedy} 720f38cb554SJohn Wren Kennedy 721f38cb554SJohn Wren Kennedyfunction verify_fs_rollback 722f38cb554SJohn Wren Kennedy{ 723f38cb554SJohn Wren Kennedy typeset user=$1 724f38cb554SJohn Wren Kennedy typeset perm=$2 725f38cb554SJohn Wren Kennedy typeset fs=$3 726f38cb554SJohn Wren Kennedy 727f38cb554SJohn Wren Kennedy typeset oldval 728*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 729f38cb554SJohn Wren Kennedy typeset snap=$fs@snap.$stamp 730f38cb554SJohn Wren Kennedy typeset mntpt=$(get_prop mountpoint $fs) 731f38cb554SJohn Wren Kennedy 732f38cb554SJohn Wren Kennedy oldval=$(datasetcksum $fs) 7331d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 734f38cb554SJohn Wren Kennedy 735f38cb554SJohn Wren Kennedy if ! ismounted $fs; then 7361d32ba66SJohn Wren Kennedy log_must zfs mount $fs 737f38cb554SJohn Wren Kennedy fi 7381d32ba66SJohn Wren Kennedy log_must touch $mntpt/testfile.$stamp 739f38cb554SJohn Wren Kennedy 7401d32ba66SJohn Wren Kennedy user_run $user zfs rollback -R $snap 741f38cb554SJohn Wren Kennedy if is_global_zone ; then 742f38cb554SJohn Wren Kennedy if [[ $oldval != $(datasetcksum $fs) ]]; then 743f38cb554SJohn Wren Kennedy return 1 744f38cb554SJohn Wren Kennedy fi 745f38cb554SJohn Wren Kennedy else 746f38cb554SJohn Wren Kennedy # datasetcksum can not be used in local zone 747f38cb554SJohn Wren Kennedy if [[ -e $mntpt/testfile.$stamp ]]; then 748f38cb554SJohn Wren Kennedy return 1 749f38cb554SJohn Wren Kennedy fi 750f38cb554SJohn Wren Kennedy fi 751f38cb554SJohn Wren Kennedy 752f38cb554SJohn Wren Kennedy return 0 753f38cb554SJohn Wren Kennedy} 754f38cb554SJohn Wren Kennedy 755f38cb554SJohn Wren Kennedyfunction verify_fs_clone 756f38cb554SJohn Wren Kennedy{ 757f38cb554SJohn Wren Kennedy typeset user=$1 758f38cb554SJohn Wren Kennedy typeset perm=$2 759f38cb554SJohn Wren Kennedy typeset fs=$3 760f38cb554SJohn Wren Kennedy 761*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 762*fa4a7725SRyan Moeller typeset basefs=${fs%/*} 763f38cb554SJohn Wren Kennedy typeset snap=$fs@snap.$stamp 764f38cb554SJohn Wren Kennedy typeset clone=$basefs/cfs.$stamp 765f38cb554SJohn Wren Kennedy 7661d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 7671d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 768f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 769f38cb554SJohn Wren Kennedy return 1 770f38cb554SJohn Wren Kennedy fi 771f38cb554SJohn Wren Kennedy 7721d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basefs 7731d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 7741d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basefs 775f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 776f38cb554SJohn Wren Kennedy return 1 777f38cb554SJohn Wren Kennedy fi 778f38cb554SJohn Wren Kennedy 7791d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basefs 7801d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 7811d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basefs 782f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 783f38cb554SJohn Wren Kennedy return 1 784f38cb554SJohn Wren Kennedy fi 785f38cb554SJohn Wren Kennedy 7861d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basefs 7871d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basefs 7881d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 7891d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basefs 7901d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basefs 791f38cb554SJohn Wren Kennedy if ! datasetexists $clone ; then 792f38cb554SJohn Wren Kennedy return 1 793f38cb554SJohn Wren Kennedy fi 794f38cb554SJohn Wren Kennedy 7951d32ba66SJohn Wren Kennedy log_must zfs destroy -R $snap 796f38cb554SJohn Wren Kennedy 797f38cb554SJohn Wren Kennedy return 0 798f38cb554SJohn Wren Kennedy} 799f38cb554SJohn Wren Kennedy 800f38cb554SJohn Wren Kennedyfunction verify_fs_rename 801f38cb554SJohn Wren Kennedy{ 802f38cb554SJohn Wren Kennedy typeset user=$1 803f38cb554SJohn Wren Kennedy typeset perm=$2 804f38cb554SJohn Wren Kennedy typeset fs=$3 805f38cb554SJohn Wren Kennedy 806*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 807*fa4a7725SRyan Moeller typeset basefs=${fs%/*} 808f38cb554SJohn Wren Kennedy typeset snap=$fs@snap.$stamp 809f38cb554SJohn Wren Kennedy typeset renamefs=$basefs/nfs.$stamp 810f38cb554SJohn Wren Kennedy 811f38cb554SJohn Wren Kennedy if ! ismounted $fs; then 8121d32ba66SJohn Wren Kennedy log_must zfs mount $fs 813f38cb554SJohn Wren Kennedy fi 814f38cb554SJohn Wren Kennedy 815f38cb554SJohn Wren Kennedy # case 1 8161d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 817f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 818f38cb554SJohn Wren Kennedy return 1 819f38cb554SJohn Wren Kennedy fi 820f38cb554SJohn Wren Kennedy 821f38cb554SJohn Wren Kennedy # case 2 8221d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basefs 8231d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 8241d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basefs 825f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 826f38cb554SJohn Wren Kennedy return 1 827f38cb554SJohn Wren Kennedy fi 828f38cb554SJohn Wren Kennedy 829f38cb554SJohn Wren Kennedy # case 3 8301d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basefs 8311d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 8321d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basefs 833f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 834f38cb554SJohn Wren Kennedy return 1 835f38cb554SJohn Wren Kennedy fi 836f38cb554SJohn Wren Kennedy 837f38cb554SJohn Wren Kennedy # case 4 8381d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 8391d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 840f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 8411d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $renamefs 842f38cb554SJohn Wren Kennedy return 1 843f38cb554SJohn Wren Kennedy fi 8441d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 845f38cb554SJohn Wren Kennedy 846f38cb554SJohn Wren Kennedy # case 5 8471d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basefs 8481d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 8491d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 8501d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basefs 851f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 8521d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $renamefs 853f38cb554SJohn Wren Kennedy return 1 854f38cb554SJohn Wren Kennedy fi 8551d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 856f38cb554SJohn Wren Kennedy 857f38cb554SJohn Wren Kennedy # case 6 8581d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basefs 8591d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 8601d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 8611d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basefs 862f38cb554SJohn Wren Kennedy if datasetexists $renamefs ; then 8631d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $renamefs 864f38cb554SJohn Wren Kennedy return 1 865f38cb554SJohn Wren Kennedy fi 8661d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 867f38cb554SJohn Wren Kennedy 868f38cb554SJohn Wren Kennedy # case 7 8691d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basefs 8701d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basefs 8711d32ba66SJohn Wren Kennedy user_run $user zfs rename $fs $renamefs 8721d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basefs 8731d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basefs 874f38cb554SJohn Wren Kennedy if ! datasetexists $renamefs ; then 875f38cb554SJohn Wren Kennedy return 1 876f38cb554SJohn Wren Kennedy fi 877f38cb554SJohn Wren Kennedy 8781d32ba66SJohn Wren Kennedy log_must zfs rename $renamefs $fs 879f38cb554SJohn Wren Kennedy 880f38cb554SJohn Wren Kennedy return 0 881f38cb554SJohn Wren Kennedy} 882f38cb554SJohn Wren Kennedy 883f38cb554SJohn Wren Kennedyfunction verify_fs_mount 884f38cb554SJohn Wren Kennedy{ 885f38cb554SJohn Wren Kennedy typeset user=$1 886f38cb554SJohn Wren Kennedy typeset perm=$2 887f38cb554SJohn Wren Kennedy typeset fs=$3 888f38cb554SJohn Wren Kennedy 889*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 890f38cb554SJohn Wren Kennedy typeset mntpt=$(get_prop mountpoint $fs) 891f38cb554SJohn Wren Kennedy typeset newmntpt=/tmp/mnt.$stamp 892f38cb554SJohn Wren Kennedy 893f38cb554SJohn Wren Kennedy if ismounted $fs ; then 8941d32ba66SJohn Wren Kennedy user_run $user zfs unmount $fs 895f38cb554SJohn Wren Kennedy if ismounted $fs ; then 896f38cb554SJohn Wren Kennedy return 1 897f38cb554SJohn Wren Kennedy fi 898f38cb554SJohn Wren Kennedy fi 899f38cb554SJohn Wren Kennedy 900f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 9011d32ba66SJohn Wren Kennedy log_must zfs set mountpoint=$newmntpt $fs 9021d32ba66SJohn Wren Kennedy log_must rm -rf $newmntpt 9031d32ba66SJohn Wren Kennedy log_must mkdir $newmntpt 904f38cb554SJohn Wren Kennedy 9051d32ba66SJohn Wren Kennedy user_run $user zfs mount $fs 906f38cb554SJohn Wren Kennedy if ismounted $fs ; then 907f38cb554SJohn Wren Kennedy return 1 908f38cb554SJohn Wren Kennedy fi 909f38cb554SJohn Wren Kennedy 910f38cb554SJohn Wren Kennedy # mountpoint's owner must be the user 9111d32ba66SJohn Wren Kennedy log_must chown $user $newmntpt 9121d32ba66SJohn Wren Kennedy user_run $user zfs mount $fs 913f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 914f38cb554SJohn Wren Kennedy return 1 915f38cb554SJohn Wren Kennedy fi 9161d32ba66SJohn Wren Kennedy log_must zfs umount $fs 9171d32ba66SJohn Wren Kennedy log_must rm -rf $newmntpt 9181d32ba66SJohn Wren Kennedy log_must zfs set mountpoint=$mntpt $fs 919f38cb554SJohn Wren Kennedy fi 920f38cb554SJohn Wren Kennedy 921f38cb554SJohn Wren Kennedy return 0 922f38cb554SJohn Wren Kennedy} 923f38cb554SJohn Wren Kennedy 924f38cb554SJohn Wren Kennedyfunction verify_fs_share 925f38cb554SJohn Wren Kennedy{ 926f38cb554SJohn Wren Kennedy typeset user=$1 927f38cb554SJohn Wren Kennedy typeset perm=$2 928f38cb554SJohn Wren Kennedy typeset fs=$3 92975160947SYuri Pankov typeset -i ret=0 930f38cb554SJohn Wren Kennedy 9311d32ba66SJohn Wren Kennedy svcadm enable -rs nfs/server 9321d32ba66SJohn Wren Kennedy typeset stat=$(svcs -H -o STA nfs/server:default) 933f38cb554SJohn Wren Kennedy if [[ $stat != "ON" ]]; then 93475160947SYuri Pankov log_fail "Could not enable nfs/server" 935f38cb554SJohn Wren Kennedy fi 936f38cb554SJohn Wren Kennedy 9371d32ba66SJohn Wren Kennedy log_must zfs set sharenfs=on $fs 9381d32ba66SJohn Wren Kennedy zfs unshare $fs 93975160947SYuri Pankov 9401d32ba66SJohn Wren Kennedy user_run $user zfs share $fs 941f38cb554SJohn Wren Kennedy if ! is_shared $fs; then 94275160947SYuri Pankov ret=1 943f38cb554SJohn Wren Kennedy fi 944f38cb554SJohn Wren Kennedy 9451d32ba66SJohn Wren Kennedy zfs unshare $fs 9461d32ba66SJohn Wren Kennedy log_must zfs set sharenfs=off $fs 947f38cb554SJohn Wren Kennedy 94875160947SYuri Pankov return $ret 949f38cb554SJohn Wren Kennedy} 950f38cb554SJohn Wren Kennedy 951f38cb554SJohn Wren Kennedyfunction verify_fs_mountpoint 952f38cb554SJohn Wren Kennedy{ 953f38cb554SJohn Wren Kennedy typeset user=$1 954f38cb554SJohn Wren Kennedy typeset perm=$2 955f38cb554SJohn Wren Kennedy typeset fs=$3 956f38cb554SJohn Wren Kennedy 957*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 958f38cb554SJohn Wren Kennedy typeset mntpt=$(get_prop mountpoint $fs) 959f38cb554SJohn Wren Kennedy typeset newmntpt=/tmp/mnt.$stamp 960f38cb554SJohn Wren Kennedy 961f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 9621d32ba66SJohn Wren Kennedy user_run $user zfs set mountpoint=$newmntpt $fs 963f38cb554SJohn Wren Kennedy if [[ $newmntpt != \ 964f38cb554SJohn Wren Kennedy $(get_prop mountpoint $fs) ]] ; then 965f38cb554SJohn Wren Kennedy return 1 966f38cb554SJohn Wren Kennedy fi 9671d32ba66SJohn Wren Kennedy log_must zfs set mountpoint=$mntpt $fs 968f38cb554SJohn Wren Kennedy fi 969f38cb554SJohn Wren Kennedy 970f38cb554SJohn Wren Kennedy if ismounted $fs ; then 9711d32ba66SJohn Wren Kennedy user_run $user zfs set mountpoint=$newmntpt $fs 972f38cb554SJohn Wren Kennedy if [[ $mntpt != $(get_prop mountpoint $fs) ]]; then 973f38cb554SJohn Wren Kennedy return 1 974f38cb554SJohn Wren Kennedy fi 975f38cb554SJohn Wren Kennedy 976f38cb554SJohn Wren Kennedy # require mount permission when fs is mounted 9771d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 9781d32ba66SJohn Wren Kennedy user_run $user zfs set mountpoint=$newmntpt $fs 9791d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 980f38cb554SJohn Wren Kennedy if [[ $newmntpt != \ 981f38cb554SJohn Wren Kennedy $(get_prop mountpoint $fs) ]] ; then 982f38cb554SJohn Wren Kennedy return 1 983f38cb554SJohn Wren Kennedy fi 9841d32ba66SJohn Wren Kennedy log_must zfs set mountpoint=$mntpt $fs 985f38cb554SJohn Wren Kennedy fi 986f38cb554SJohn Wren Kennedy 987f38cb554SJohn Wren Kennedy return 0 988f38cb554SJohn Wren Kennedy} 989f38cb554SJohn Wren Kennedy 990f38cb554SJohn Wren Kennedyfunction verify_fs_promote 991f38cb554SJohn Wren Kennedy{ 992f38cb554SJohn Wren Kennedy typeset user=$1 993f38cb554SJohn Wren Kennedy typeset perm=$2 994f38cb554SJohn Wren Kennedy typeset fs=$3 995f38cb554SJohn Wren Kennedy 996*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 997*fa4a7725SRyan Moeller typeset basefs=${fs%/*} 998f38cb554SJohn Wren Kennedy typeset snap=$fs@snap.$stamp 999f38cb554SJohn Wren Kennedy typeset clone=$basefs/cfs.$stamp 1000f38cb554SJohn Wren Kennedy 10011d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 10021d32ba66SJohn Wren Kennedy log_must zfs clone $snap $clone 10031d32ba66SJohn Wren Kennedy log_must zfs promote $clone 1004f38cb554SJohn Wren Kennedy 1005f38cb554SJohn Wren Kennedy typeset fs_orig=$(get_prop origin $fs) 1006f38cb554SJohn Wren Kennedy typeset clone_orig=$(get_prop origin $clone) 1007f38cb554SJohn Wren Kennedy 10081d32ba66SJohn Wren Kennedy user_run $user zfs promote $fs 1009f38cb554SJohn Wren Kennedy # promote should fail if original fs does not have 1010f38cb554SJohn Wren Kennedy # promote permission 1011f38cb554SJohn Wren Kennedy if [[ $fs_orig != $(get_prop origin $fs) || \ 1012f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; then 1013f38cb554SJohn Wren Kennedy return 1 1014f38cb554SJohn Wren Kennedy fi 1015f38cb554SJohn Wren Kennedy 10161d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 10171d32ba66SJohn Wren Kennedy user_run $user zfs promote $fs 10181d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 1019f38cb554SJohn Wren Kennedy if [[ $fs_orig != $(get_prop origin $fs) || \ 1020f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; then 1021f38cb554SJohn Wren Kennedy return 1 1022f38cb554SJohn Wren Kennedy fi 1023f38cb554SJohn Wren Kennedy 10241d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 10251d32ba66SJohn Wren Kennedy user_run $user zfs promote $fs 10261d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 1027f38cb554SJohn Wren Kennedy if [[ $fs_orig != $(get_prop origin $fs) || \ 1028f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; then 1029f38cb554SJohn Wren Kennedy return 1 1030f38cb554SJohn Wren Kennedy fi 1031f38cb554SJohn Wren Kennedy 10321d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 10331d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 10341d32ba66SJohn Wren Kennedy user_run $user zfs promote $fs 10351d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 10361d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 1037f38cb554SJohn Wren Kennedy if [[ $snap != $(get_prop origin $clone) || \ 1038f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $fs) ]]; then 1039f38cb554SJohn Wren Kennedy return 1 1040f38cb554SJohn Wren Kennedy fi 1041f38cb554SJohn Wren Kennedy 1042f38cb554SJohn Wren Kennedy return 0 1043f38cb554SJohn Wren Kennedy} 1044f38cb554SJohn Wren Kennedy 1045f38cb554SJohn Wren Kennedyfunction verify_fs_canmount 1046f38cb554SJohn Wren Kennedy{ 1047f38cb554SJohn Wren Kennedy typeset user=$1 1048f38cb554SJohn Wren Kennedy typeset perm=$2 1049f38cb554SJohn Wren Kennedy typeset fs=$3 1050f38cb554SJohn Wren Kennedy 1051f38cb554SJohn Wren Kennedy typeset oldval 1052*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1053f38cb554SJohn Wren Kennedy 1054f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 1055f38cb554SJohn Wren Kennedy set -A modes "on" "off" 1056f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1057f38cb554SJohn Wren Kennedy if [[ $oldval == "on" ]]; then 1058f38cb554SJohn Wren Kennedy n=1 1059f38cb554SJohn Wren Kennedy elif [[ $oldval == "off" ]]; then 1060f38cb554SJohn Wren Kennedy n=0 1061f38cb554SJohn Wren Kennedy fi 10621d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $fs" 10631d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $fs 1064f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then 1065f38cb554SJohn Wren Kennedy return 1 1066f38cb554SJohn Wren Kennedy fi 1067f38cb554SJohn Wren Kennedy fi 1068f38cb554SJohn Wren Kennedy 1069f38cb554SJohn Wren Kennedy 1070f38cb554SJohn Wren Kennedy # fs is mounted 1071f38cb554SJohn Wren Kennedy if ismounted $fs ; then 1072f38cb554SJohn Wren Kennedy # property value does not change if 1073f38cb554SJohn Wren Kennedy # no mount permission 1074f38cb554SJohn Wren Kennedy set -A modes "on" "off" 1075f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1076f38cb554SJohn Wren Kennedy if [[ $oldval == "on" ]]; then 1077f38cb554SJohn Wren Kennedy n=1 1078f38cb554SJohn Wren Kennedy elif [[ $oldval == "off" ]]; then 1079f38cb554SJohn Wren Kennedy n=0 1080f38cb554SJohn Wren Kennedy fi 10811d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $fs" 10821d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 10831d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $fs 10841d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 1085f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then 1086f38cb554SJohn Wren Kennedy return 1 1087f38cb554SJohn Wren Kennedy fi 1088f38cb554SJohn Wren Kennedy fi 1089f38cb554SJohn Wren Kennedy 1090f38cb554SJohn Wren Kennedy return 0 1091f38cb554SJohn Wren Kennedy} 1092f38cb554SJohn Wren Kennedy 1093f38cb554SJohn Wren Kennedyfunction verify_fs_recordsize 1094f38cb554SJohn Wren Kennedy{ 1095f38cb554SJohn Wren Kennedy typeset user=$1 1096f38cb554SJohn Wren Kennedy typeset perm=$2 1097f38cb554SJohn Wren Kennedy typeset fs=$3 1098f38cb554SJohn Wren Kennedy 1099f38cb554SJohn Wren Kennedy typeset value8k=$(( 1024 * 8 )) 11001d32ba66SJohn Wren Kennedy user_run $user zfs set recordsize=$value8k $fs 1101f38cb554SJohn Wren Kennedy if [[ $value8k != $(get_prop recordsize $fs) ]]; then 1102f38cb554SJohn Wren Kennedy return 1 1103f38cb554SJohn Wren Kennedy fi 1104f38cb554SJohn Wren Kennedy 1105f38cb554SJohn Wren Kennedy return 0 1106f38cb554SJohn Wren Kennedy} 1107f38cb554SJohn Wren Kennedy 11080774d909SNed Bassfunction verify_fs_dnodesize 11090774d909SNed Bass{ 11100774d909SNed Bass typeset user=$1 11110774d909SNed Bass typeset perm=$2 11120774d909SNed Bass typeset fs=$3 11130774d909SNed Bass value="2k" 11140774d909SNed Bass 11150774d909SNed Bass user_run $user zfs set dnodesize=$value $fs 11160774d909SNed Bass if [[ $value != $(get_prop dnodesize $fs) ]]; then 11170774d909SNed Bass return 1 11180774d909SNed Bass fi 11190774d909SNed Bass 11200774d909SNed Bass return 0 11210774d909SNed Bass} 11220774d909SNed Bass 1123f38cb554SJohn Wren Kennedyfunction verify_fs_quota 1124f38cb554SJohn Wren Kennedy{ 1125f38cb554SJohn Wren Kennedy typeset user=$1 1126f38cb554SJohn Wren Kennedy typeset perm=$2 1127f38cb554SJohn Wren Kennedy typeset fs=$3 1128f38cb554SJohn Wren Kennedy 1129f38cb554SJohn Wren Kennedy typeset value32m=$(( 1024 * 1024 * 32 )) 11301d32ba66SJohn Wren Kennedy user_run $user zfs set quota=$value32m $fs 1131f38cb554SJohn Wren Kennedy if [[ $value32m != $(get_prop quota $fs) ]]; then 1132f38cb554SJohn Wren Kennedy return 1 1133f38cb554SJohn Wren Kennedy fi 1134f38cb554SJohn Wren Kennedy 1135f38cb554SJohn Wren Kennedy return 0 1136f38cb554SJohn Wren Kennedy} 1137f38cb554SJohn Wren Kennedy 1138f38cb554SJohn Wren Kennedyfunction verify_fs_aclmode 1139f38cb554SJohn Wren Kennedy{ 1140f38cb554SJohn Wren Kennedy typeset user=$1 1141f38cb554SJohn Wren Kennedy typeset perm=$2 1142f38cb554SJohn Wren Kennedy typeset fs=$3 1143f38cb554SJohn Wren Kennedy 1144f38cb554SJohn Wren Kennedy typeset oldval 1145f38cb554SJohn Wren Kennedy set -A modes "discard" "groupmask" "passthrough" 1146f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1147f38cb554SJohn Wren Kennedy if [[ $oldval == "discard" ]]; then 1148f38cb554SJohn Wren Kennedy n=1 1149f38cb554SJohn Wren Kennedy elif [[ $oldval == "groupmask" ]]; then 1150f38cb554SJohn Wren Kennedy n=2 1151f38cb554SJohn Wren Kennedy elif [[ $oldval == "passthrough" ]]; then 1152f38cb554SJohn Wren Kennedy n=0 1153f38cb554SJohn Wren Kennedy fi 11541d32ba66SJohn Wren Kennedy log_note "$user zfs set aclmode=${modes[$n]} $fs" 11551d32ba66SJohn Wren Kennedy user_run $user zfs set aclmode=${modes[$n]} $fs 1156f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop aclmode $fs) ]]; then 1157f38cb554SJohn Wren Kennedy return 1 1158f38cb554SJohn Wren Kennedy fi 1159f38cb554SJohn Wren Kennedy 1160f38cb554SJohn Wren Kennedy return 0 1161f38cb554SJohn Wren Kennedy} 1162f38cb554SJohn Wren Kennedy 1163f38cb554SJohn Wren Kennedyfunction verify_fs_aclinherit 1164f38cb554SJohn Wren Kennedy{ 1165f38cb554SJohn Wren Kennedy typeset user=$1 1166f38cb554SJohn Wren Kennedy typeset perm=$2 1167f38cb554SJohn Wren Kennedy typeset fs=$3 1168f38cb554SJohn Wren Kennedy 1169f38cb554SJohn Wren Kennedy # 1170f38cb554SJohn Wren Kennedy # PSARC/2008/231 change the default value of aclinherit to "restricted" 1171f38cb554SJohn Wren Kennedy # but still keep the old interface of "secure" 1172f38cb554SJohn Wren Kennedy # 1173f38cb554SJohn Wren Kennedy 1174f38cb554SJohn Wren Kennedy typeset oldval 1175f38cb554SJohn Wren Kennedy set -A modes "discard" "noallow" "secure" "passthrough" 1176f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1177f38cb554SJohn Wren Kennedy if [[ $oldval == "discard" ]]; then 1178f38cb554SJohn Wren Kennedy n=1 1179f38cb554SJohn Wren Kennedy elif [[ $oldval == "noallow" ]]; then 1180f38cb554SJohn Wren Kennedy n=2 1181f38cb554SJohn Wren Kennedy elif [[ $oldval == "secure" || $oldval == "restricted" ]]; then 1182f38cb554SJohn Wren Kennedy n=3 1183f38cb554SJohn Wren Kennedy elif [[ $oldval == "passthrough" ]]; then 1184f38cb554SJohn Wren Kennedy n=0 1185f38cb554SJohn Wren Kennedy fi 11861d32ba66SJohn Wren Kennedy log_note "$user zfs set aclinherit=${modes[$n]} $fs" 11871d32ba66SJohn Wren Kennedy user_run $user zfs set aclinherit=${modes[$n]} $fs 1188f38cb554SJohn Wren Kennedy 1189f38cb554SJohn Wren Kennedy typeset newval=$(get_prop aclinherit $fs) 1190f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} == "secure" && $newval == "restricted" ]]; then 1191f38cb554SJohn Wren Kennedy return 0 1192f38cb554SJohn Wren Kennedy elif [[ ${modes[$n]} != $(get_prop aclinherit $fs) ]]; then 1193f38cb554SJohn Wren Kennedy return 1 1194f38cb554SJohn Wren Kennedy fi 1195f38cb554SJohn Wren Kennedy 1196f38cb554SJohn Wren Kennedy return 0 1197f38cb554SJohn Wren Kennedy} 1198f38cb554SJohn Wren Kennedy 1199f38cb554SJohn Wren Kennedyfunction verify_fs_snapdir 1200f38cb554SJohn Wren Kennedy{ 1201f38cb554SJohn Wren Kennedy typeset user=$1 1202f38cb554SJohn Wren Kennedy typeset perm=$2 1203f38cb554SJohn Wren Kennedy typeset fs=$3 1204f38cb554SJohn Wren Kennedy 1205f38cb554SJohn Wren Kennedy typeset oldval 1206f38cb554SJohn Wren Kennedy set -A modes "visible" "hidden" 1207f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1208f38cb554SJohn Wren Kennedy if [[ $oldval == "visible" ]]; then 1209f38cb554SJohn Wren Kennedy n=1 1210f38cb554SJohn Wren Kennedy elif [[ $oldval == "hidden" ]]; then 1211f38cb554SJohn Wren Kennedy n=0 1212f38cb554SJohn Wren Kennedy fi 12131d32ba66SJohn Wren Kennedy log_note "$user zfs set snapdir=${modes[$n]} $fs" 12141d32ba66SJohn Wren Kennedy user_run $user zfs set snapdir=${modes[$n]} $fs 1215f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop snapdir $fs) ]]; then 1216f38cb554SJohn Wren Kennedy return 1 1217f38cb554SJohn Wren Kennedy fi 1218f38cb554SJohn Wren Kennedy 1219f38cb554SJohn Wren Kennedy return 0 1220f38cb554SJohn Wren Kennedy} 1221f38cb554SJohn Wren Kennedy 1222f38cb554SJohn Wren Kennedyfunction verify_fs_aedsx 1223f38cb554SJohn Wren Kennedy{ 1224f38cb554SJohn Wren Kennedy typeset user=$1 1225f38cb554SJohn Wren Kennedy typeset perm=$2 1226f38cb554SJohn Wren Kennedy typeset fs=$3 1227f38cb554SJohn Wren Kennedy 1228f38cb554SJohn Wren Kennedy typeset oldval 1229f38cb554SJohn Wren Kennedy set -A modes "on" "off" 1230f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1231f38cb554SJohn Wren Kennedy if [[ $oldval == "on" ]]; then 1232f38cb554SJohn Wren Kennedy n=1 1233f38cb554SJohn Wren Kennedy elif [[ $oldval == "off" ]]; then 1234f38cb554SJohn Wren Kennedy n=0 1235f38cb554SJohn Wren Kennedy fi 12361d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $fs" 12371d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $fs 1238f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then 1239f38cb554SJohn Wren Kennedy return 1 1240f38cb554SJohn Wren Kennedy fi 1241f38cb554SJohn Wren Kennedy 1242f38cb554SJohn Wren Kennedy return 0 1243f38cb554SJohn Wren Kennedy} 1244f38cb554SJohn Wren Kennedy 1245f38cb554SJohn Wren Kennedyfunction verify_fs_zoned 1246f38cb554SJohn Wren Kennedy{ 1247f38cb554SJohn Wren Kennedy typeset user=$1 1248f38cb554SJohn Wren Kennedy typeset perm=$2 1249f38cb554SJohn Wren Kennedy typeset fs=$3 1250f38cb554SJohn Wren Kennedy 1251f38cb554SJohn Wren Kennedy typeset oldval 1252f38cb554SJohn Wren Kennedy set -A modes "on" "off" 1253f38cb554SJohn Wren Kennedy oldval=$(get_prop $perm $fs) 1254f38cb554SJohn Wren Kennedy if [[ $oldval == "on" ]]; then 1255f38cb554SJohn Wren Kennedy n=1 1256f38cb554SJohn Wren Kennedy elif [[ $oldval == "off" ]]; then 1257f38cb554SJohn Wren Kennedy n=0 1258f38cb554SJohn Wren Kennedy fi 12591d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=${modes[$n]} $fs" 1260f38cb554SJohn Wren Kennedy if is_global_zone ; then 1261f38cb554SJohn Wren Kennedy if ! ismounted $fs ; then 12621d32ba66SJohn Wren Kennedy user_run $user zfs set \ 1263f38cb554SJohn Wren Kennedy $perm=${modes[$n]} $fs 1264f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != \ 1265f38cb554SJohn Wren Kennedy $(get_prop $perm $fs) ]]; then 1266f38cb554SJohn Wren Kennedy return 1 1267f38cb554SJohn Wren Kennedy fi 1268f38cb554SJohn Wren Kennedy if [[ $n -eq 0 ]]; then 12691d32ba66SJohn Wren Kennedy log_mustnot zfs mount $fs 1270f38cb554SJohn Wren Kennedy else 12711d32ba66SJohn Wren Kennedy log_must zfs mount $fs 1272f38cb554SJohn Wren Kennedy fi 1273f38cb554SJohn Wren Kennedy fi 1274f38cb554SJohn Wren Kennedy 1275f38cb554SJohn Wren Kennedy if ismounted $fs; then 1276f38cb554SJohn Wren Kennedy # n always is 1 in this case 12771d32ba66SJohn Wren Kennedy user_run $user zfs set \ 1278f38cb554SJohn Wren Kennedy $perm=${modes[$n]} $fs 1279f38cb554SJohn Wren Kennedy if [[ $oldval != \ 1280f38cb554SJohn Wren Kennedy $(get_prop $perm $fs) ]]; then 1281f38cb554SJohn Wren Kennedy return 1 1282f38cb554SJohn Wren Kennedy fi 1283f38cb554SJohn Wren Kennedy 1284f38cb554SJohn Wren Kennedy # mount permission is needed 1285f38cb554SJohn Wren Kennedy # to make zoned=on 12861d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $fs 12871d32ba66SJohn Wren Kennedy user_run $user zfs set \ 1288f38cb554SJohn Wren Kennedy $perm=${modes[$n]} $fs 12891d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $fs 1290f38cb554SJohn Wren Kennedy if [[ ${modes[$n]} != \ 1291f38cb554SJohn Wren Kennedy $(get_prop $perm $fs) ]]; then 1292f38cb554SJohn Wren Kennedy return 1 1293f38cb554SJohn Wren Kennedy fi 1294f38cb554SJohn Wren Kennedy fi 1295f38cb554SJohn Wren Kennedy fi 1296f38cb554SJohn Wren Kennedy 1297f38cb554SJohn Wren Kennedy if ! is_global_zone; then 12981d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=${modes[$n]} $fs 1299f38cb554SJohn Wren Kennedy if [[ $oldval != $(get_prop $perm $fs) ]]; then 1300f38cb554SJohn Wren Kennedy return 1 1301f38cb554SJohn Wren Kennedy fi 1302f38cb554SJohn Wren Kennedy fi 1303f38cb554SJohn Wren Kennedy 1304f38cb554SJohn Wren Kennedy return 0 1305f38cb554SJohn Wren Kennedy} 1306f38cb554SJohn Wren Kennedy 1307f38cb554SJohn Wren Kennedyfunction verify_fs_sharenfs 1308f38cb554SJohn Wren Kennedy{ 1309f38cb554SJohn Wren Kennedy typeset user=$1 1310f38cb554SJohn Wren Kennedy typeset perm=$2 1311f38cb554SJohn Wren Kennedy typeset fs=$3 131275160947SYuri Pankov typeset nmode omode 1313f38cb554SJohn Wren Kennedy 131475160947SYuri Pankov omode=$(get_prop $perm $fs) 131575160947SYuri Pankov if [[ $omode == "off" ]]; then 131675160947SYuri Pankov nmode="on" 131775160947SYuri Pankov else 131875160947SYuri Pankov nmode="off" 1319f38cb554SJohn Wren Kennedy fi 1320f38cb554SJohn Wren Kennedy 13211d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=$nmode $fs" 13221d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=$nmode $fs 132375160947SYuri Pankov if [[ $(get_prop $perm $fs) != $nmode ]]; then 1324f38cb554SJohn Wren Kennedy return 1 1325f38cb554SJohn Wren Kennedy fi 1326f38cb554SJohn Wren Kennedy 13271d32ba66SJohn Wren Kennedy log_note "$user zfs set $perm=$omode $fs" 13281d32ba66SJohn Wren Kennedy user_run $user zfs set $perm=$omode $fs 132975160947SYuri Pankov if [[ $(get_prop $perm $fs) != $omode ]]; then 1330f38cb554SJohn Wren Kennedy return 1 1331f38cb554SJohn Wren Kennedy fi 1332f38cb554SJohn Wren Kennedy 1333f38cb554SJohn Wren Kennedy return 0 1334f38cb554SJohn Wren Kennedy} 1335f38cb554SJohn Wren Kennedy 1336f38cb554SJohn Wren Kennedyfunction verify_vol_destroy 1337f38cb554SJohn Wren Kennedy{ 1338f38cb554SJohn Wren Kennedy typeset user=$1 1339f38cb554SJohn Wren Kennedy typeset perm=$2 1340f38cb554SJohn Wren Kennedy typeset vol=$3 1341f38cb554SJohn Wren Kennedy 13421d32ba66SJohn Wren Kennedy user_run $user zfs destroy $vol 1343f38cb554SJohn Wren Kennedy if ! datasetexists $vol ; then 1344f38cb554SJohn Wren Kennedy return 1 1345f38cb554SJohn Wren Kennedy fi 1346f38cb554SJohn Wren Kennedy 1347f38cb554SJohn Wren Kennedy # mount permission is required 13481d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 13491d32ba66SJohn Wren Kennedy user_run $user zfs destroy $vol 1350f38cb554SJohn Wren Kennedy if datasetexists $vol ; then 1351f38cb554SJohn Wren Kennedy return 1 1352f38cb554SJohn Wren Kennedy fi 1353f38cb554SJohn Wren Kennedy 1354f38cb554SJohn Wren Kennedy return 0 1355f38cb554SJohn Wren Kennedy} 1356f38cb554SJohn Wren Kennedy 1357f38cb554SJohn Wren Kennedyfunction verify_vol_snapshot 1358f38cb554SJohn Wren Kennedy{ 1359f38cb554SJohn Wren Kennedy typeset user=$1 1360f38cb554SJohn Wren Kennedy typeset perm=$2 1361f38cb554SJohn Wren Kennedy typeset vol=$3 1362f38cb554SJohn Wren Kennedy 1363*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1364*fa4a7725SRyan Moeller typeset basevol=${vol%/*} 1365f38cb554SJohn Wren Kennedy typeset snap=$vol@snap.$stamp 1366f38cb554SJohn Wren Kennedy 13671d32ba66SJohn Wren Kennedy user_run $user zfs snapshot $snap 1368f38cb554SJohn Wren Kennedy if datasetexists $snap ; then 1369f38cb554SJohn Wren Kennedy return 1 1370f38cb554SJohn Wren Kennedy fi 1371f38cb554SJohn Wren Kennedy 13721d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 13731d32ba66SJohn Wren Kennedy user_run $user zfs snapshot $snap 13741d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 1375f38cb554SJohn Wren Kennedy if ! datasetexists $snap ; then 1376f38cb554SJohn Wren Kennedy return 1 1377f38cb554SJohn Wren Kennedy fi 1378f38cb554SJohn Wren Kennedy 1379f38cb554SJohn Wren Kennedy return 0 1380f38cb554SJohn Wren Kennedy} 1381f38cb554SJohn Wren Kennedy 1382f38cb554SJohn Wren Kennedyfunction verify_vol_rollback 1383f38cb554SJohn Wren Kennedy{ 1384f38cb554SJohn Wren Kennedy typeset user=$1 1385f38cb554SJohn Wren Kennedy typeset perm=$2 1386f38cb554SJohn Wren Kennedy typeset vol=$3 1387f38cb554SJohn Wren Kennedy 1388*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1389*fa4a7725SRyan Moeller typeset basevol=${vol%/*} 1390f38cb554SJohn Wren Kennedy typeset snap=$vol@snap.$stamp 1391f38cb554SJohn Wren Kennedy 1392f38cb554SJohn Wren Kennedy typeset oldval 13931d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 1394f38cb554SJohn Wren Kennedy oldval=$(datasetcksum $vol) 1395f38cb554SJohn Wren Kennedy 13961d32ba66SJohn Wren Kennedy log_must dd if=/dev/random of=/dev/zvol/rdsk/$vol \ 1397f38cb554SJohn Wren Kennedy bs=512 count=1 1398f38cb554SJohn Wren Kennedy 13991d32ba66SJohn Wren Kennedy user_run $user zfs rollback -R $snap 14001d32ba66SJohn Wren Kennedy sleep 10 1401f38cb554SJohn Wren Kennedy if [[ $oldval == $(datasetcksum $vol) ]]; then 1402f38cb554SJohn Wren Kennedy return 1 1403f38cb554SJohn Wren Kennedy fi 1404f38cb554SJohn Wren Kennedy 1405f38cb554SJohn Wren Kennedy # rollback on volume has to be with mount permission 14061d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 14071d32ba66SJohn Wren Kennedy user_run $user zfs rollback -R $snap 14081d32ba66SJohn Wren Kennedy sleep 10 14091d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 1410f38cb554SJohn Wren Kennedy if [[ $oldval != $(datasetcksum $vol) ]]; then 1411f38cb554SJohn Wren Kennedy return 1 1412f38cb554SJohn Wren Kennedy fi 1413f38cb554SJohn Wren Kennedy 1414f38cb554SJohn Wren Kennedy return 0 1415f38cb554SJohn Wren Kennedy} 1416f38cb554SJohn Wren Kennedy 1417f38cb554SJohn Wren Kennedyfunction verify_vol_clone 1418f38cb554SJohn Wren Kennedy{ 1419f38cb554SJohn Wren Kennedy typeset user=$1 1420f38cb554SJohn Wren Kennedy typeset perm=$2 1421f38cb554SJohn Wren Kennedy typeset vol=$3 1422f38cb554SJohn Wren Kennedy 1423*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1424*fa4a7725SRyan Moeller typeset basevol=${vol%/*} 1425f38cb554SJohn Wren Kennedy typeset snap=$vol@snap.$stamp 1426f38cb554SJohn Wren Kennedy typeset clone=$basevol/cvol.$stamp 1427f38cb554SJohn Wren Kennedy 14281d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 1429f38cb554SJohn Wren Kennedy 14301d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 1431f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 1432f38cb554SJohn Wren Kennedy return 1 1433f38cb554SJohn Wren Kennedy fi 1434f38cb554SJohn Wren Kennedy 14351d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basevol 14361d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 14371d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basevol 1438f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 1439f38cb554SJohn Wren Kennedy return 1 1440f38cb554SJohn Wren Kennedy fi 1441f38cb554SJohn Wren Kennedy 14421d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basevol 14431d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 14441d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basevol 1445f38cb554SJohn Wren Kennedy if datasetexists $clone ; then 1446f38cb554SJohn Wren Kennedy return 1 1447f38cb554SJohn Wren Kennedy fi 1448f38cb554SJohn Wren Kennedy 1449f38cb554SJohn Wren Kennedy # require create permission on parent and 1450f38cb554SJohn Wren Kennedy # mount permission on itself as well 14511d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basevol 14521d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basevol 14531d32ba66SJohn Wren Kennedy user_run $user zfs clone $snap $clone 14541d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basevol 14551d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basevol 1456f38cb554SJohn Wren Kennedy if ! datasetexists $clone ; then 1457f38cb554SJohn Wren Kennedy return 1 1458f38cb554SJohn Wren Kennedy fi 1459f38cb554SJohn Wren Kennedy 1460f38cb554SJohn Wren Kennedy return 0 1461f38cb554SJohn Wren Kennedy} 1462f38cb554SJohn Wren Kennedy 1463f38cb554SJohn Wren Kennedyfunction verify_vol_rename 1464f38cb554SJohn Wren Kennedy{ 1465f38cb554SJohn Wren Kennedy typeset user=$1 1466f38cb554SJohn Wren Kennedy typeset perm=$2 1467f38cb554SJohn Wren Kennedy typeset vol=$3 1468f38cb554SJohn Wren Kennedy 1469*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1470*fa4a7725SRyan Moeller typeset basevol=${vol%/*} 1471f38cb554SJohn Wren Kennedy typeset snap=$vol@snap.$stamp 1472f38cb554SJohn Wren Kennedy typeset clone=$basevol/cvol.$stamp 1473f38cb554SJohn Wren Kennedy typeset renamevol=$basevol/nvol.$stamp 1474f38cb554SJohn Wren Kennedy 14751d32ba66SJohn Wren Kennedy user_run $user zfs rename $vol $renamevol 1476f38cb554SJohn Wren Kennedy if datasetexists $renamevol ; then 1477f38cb554SJohn Wren Kennedy return 1 1478f38cb554SJohn Wren Kennedy fi 1479f38cb554SJohn Wren Kennedy 14801d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basevol 14811d32ba66SJohn Wren Kennedy user_run $user zfs rename $vol $renamevol 14821d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basevol 1483f38cb554SJohn Wren Kennedy if datasetexists $renamevol ; then 1484f38cb554SJohn Wren Kennedy return 1 1485f38cb554SJohn Wren Kennedy fi 1486f38cb554SJohn Wren Kennedy 14871d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basevol 14881d32ba66SJohn Wren Kennedy user_run $user zfs rename $vol $renamevol 14891d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basevol 1490f38cb554SJohn Wren Kennedy if datasetexists $renamevol ; then 1491f38cb554SJohn Wren Kennedy return 1 1492f38cb554SJohn Wren Kennedy fi 1493f38cb554SJohn Wren Kennedy 1494f38cb554SJohn Wren Kennedy # require both create permission on parent and 1495f38cb554SJohn Wren Kennedy # mount permission on parent as well 14961d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $basevol 14971d32ba66SJohn Wren Kennedy log_must zfs allow $user create $basevol 14981d32ba66SJohn Wren Kennedy user_run $user zfs rename $vol $renamevol 14991d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $basevol 15001d32ba66SJohn Wren Kennedy log_must zfs unallow $user create $basevol 1501f38cb554SJohn Wren Kennedy if ! datasetexists $renamevol ; then 1502f38cb554SJohn Wren Kennedy return 1 1503f38cb554SJohn Wren Kennedy fi 1504f38cb554SJohn Wren Kennedy 15051d32ba66SJohn Wren Kennedy log_must zfs rename $renamevol $vol 1506f38cb554SJohn Wren Kennedy 1507f38cb554SJohn Wren Kennedy return 0 1508f38cb554SJohn Wren Kennedy} 1509f38cb554SJohn Wren Kennedy 1510f38cb554SJohn Wren Kennedyfunction verify_vol_promote 1511f38cb554SJohn Wren Kennedy{ 1512f38cb554SJohn Wren Kennedy typeset user=$1 1513f38cb554SJohn Wren Kennedy typeset perm=$2 1514f38cb554SJohn Wren Kennedy typeset vol=$3 1515f38cb554SJohn Wren Kennedy 1516*fa4a7725SRyan Moeller typeset stamp=${perm}.${user}.$RANDOM 1517*fa4a7725SRyan Moeller typeset basevol=${vol%/*} 1518f38cb554SJohn Wren Kennedy typeset snap=$vol@snap.$stamp 1519f38cb554SJohn Wren Kennedy typeset clone=$basevol/cvol.$stamp 1520f38cb554SJohn Wren Kennedy 15211d32ba66SJohn Wren Kennedy log_must zfs snapshot $snap 15221d32ba66SJohn Wren Kennedy log_must zfs clone $snap $clone 15231d32ba66SJohn Wren Kennedy log_must zfs promote $clone 1524f38cb554SJohn Wren Kennedy 1525f38cb554SJohn Wren Kennedy typeset vol_orig=$(get_prop origin $vol) 1526f38cb554SJohn Wren Kennedy typeset clone_orig=$(get_prop origin $clone) 1527f38cb554SJohn Wren Kennedy 1528f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1529f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1530f38cb554SJohn Wren Kennedy # case 1 15311d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 1532f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1533f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1534f38cb554SJohn Wren Kennedy then 1535f38cb554SJohn Wren Kennedy return 1 1536f38cb554SJohn Wren Kennedy fi 1537f38cb554SJohn Wren Kennedy 1538f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1539f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1540f38cb554SJohn Wren Kennedy # case 2 15411d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 15421d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 15431d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 1544f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1545f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1546f38cb554SJohn Wren Kennedy then 1547f38cb554SJohn Wren Kennedy return 1 1548f38cb554SJohn Wren Kennedy fi 1549f38cb554SJohn Wren Kennedy 1550f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1551f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1552f38cb554SJohn Wren Kennedy # case 3 15531d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 15541d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 15551d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 1556f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1557f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1558f38cb554SJohn Wren Kennedy then 1559f38cb554SJohn Wren Kennedy return 1 1560f38cb554SJohn Wren Kennedy fi 1561f38cb554SJohn Wren Kennedy 1562f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1563f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1564f38cb554SJohn Wren Kennedy # case 4 15651d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $clone 15661d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 15671d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $clone 1568f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1569f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1570f38cb554SJohn Wren Kennedy then 1571f38cb554SJohn Wren Kennedy return 1 1572f38cb554SJohn Wren Kennedy fi 1573f38cb554SJohn Wren Kennedy 1574f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1575f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1576f38cb554SJohn Wren Kennedy # case 5 15771d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 15781d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 15791d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 15801d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 15811d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 1582f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1583f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1584f38cb554SJohn Wren Kennedy then 1585f38cb554SJohn Wren Kennedy return 1 1586f38cb554SJohn Wren Kennedy fi 1587f38cb554SJohn Wren Kennedy 1588f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1589f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1590f38cb554SJohn Wren Kennedy # case 6 15911d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 15921d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $clone 15931d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 15941d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 15951d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 1596f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1597f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1598f38cb554SJohn Wren Kennedy then 1599f38cb554SJohn Wren Kennedy return 1 1600f38cb554SJohn Wren Kennedy fi 1601f38cb554SJohn Wren Kennedy 1602f38cb554SJohn Wren Kennedy # promote should fail if $vol and $clone 1603f38cb554SJohn Wren Kennedy # miss either mount or promote permission 1604f38cb554SJohn Wren Kennedy # case 7 16051d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 16061d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $clone 16071d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 16081d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 16091d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $clone 1610f38cb554SJohn Wren Kennedy if [[ $vol_orig != $(get_prop origin $vol) || \ 1611f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $clone) ]]; 1612f38cb554SJohn Wren Kennedy then 1613f38cb554SJohn Wren Kennedy return 1 1614f38cb554SJohn Wren Kennedy fi 1615f38cb554SJohn Wren Kennedy 1616f38cb554SJohn Wren Kennedy # promote only succeeds when $vol and $clone 1617f38cb554SJohn Wren Kennedy # have both mount and promote permission 1618f38cb554SJohn Wren Kennedy # case 8 16191d32ba66SJohn Wren Kennedy log_must zfs allow $user promote $clone 16201d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $vol 16211d32ba66SJohn Wren Kennedy log_must zfs allow $user mount $clone 16221d32ba66SJohn Wren Kennedy user_run $user zfs promote $vol 16231d32ba66SJohn Wren Kennedy log_must zfs unallow $user promote $clone 16241d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $vol 16251d32ba66SJohn Wren Kennedy log_must zfs unallow $user mount $clone 1626f38cb554SJohn Wren Kennedy if [[ $snap != $(get_prop origin $clone) || \ 1627f38cb554SJohn Wren Kennedy $clone_orig != $(get_prop origin $vol) ]]; then 1628f38cb554SJohn Wren Kennedy return 1 1629f38cb554SJohn Wren Kennedy fi 1630f38cb554SJohn Wren Kennedy 1631f38cb554SJohn Wren Kennedy return 0 1632f38cb554SJohn Wren Kennedy} 1633f38cb554SJohn Wren Kennedy 1634f38cb554SJohn Wren Kennedyfunction verify_vol_volsize 1635f38cb554SJohn Wren Kennedy{ 1636f38cb554SJohn Wren Kennedy typeset user=$1 1637f38cb554SJohn Wren Kennedy typeset perm=$2 1638f38cb554SJohn Wren Kennedy typeset vol=$3 1639f38cb554SJohn Wren Kennedy 1640f38cb554SJohn Wren Kennedy typeset oldval 1641f38cb554SJohn Wren Kennedy oldval=$(get_prop volsize $vol) 1642f38cb554SJohn Wren Kennedy (( newval = oldval * 2 )) 1643f38cb554SJohn Wren Kennedy 1644f38cb554SJohn Wren Kennedy reserv_size=$(get_prop refreservation $vol) 1645f38cb554SJohn Wren Kennedy 1646f38cb554SJohn Wren Kennedy if [[ "0" == $reserv_size ]]; then 1647f38cb554SJohn Wren Kennedy # sparse volume 16481d32ba66SJohn Wren Kennedy user_run $user zfs set volsize=$newval $vol 1649f38cb554SJohn Wren Kennedy if [[ $oldval == $(get_prop volsize $vol) ]]; 1650f38cb554SJohn Wren Kennedy then 1651f38cb554SJohn Wren Kennedy return 1 1652f38cb554SJohn Wren Kennedy fi 1653f38cb554SJohn Wren Kennedy 1654f38cb554SJohn Wren Kennedy else 1655f38cb554SJohn Wren Kennedy # normal volume, reservation permission 1656f38cb554SJohn Wren Kennedy # is required 16571d32ba66SJohn Wren Kennedy user_run $user zfs set volsize=$newval $vol 1658f38cb554SJohn Wren Kennedy if [[ $newval == $(get_prop volsize $vol) ]]; 1659f38cb554SJohn Wren Kennedy then 1660f38cb554SJohn Wren Kennedy return 1 1661f38cb554SJohn Wren Kennedy fi 1662f38cb554SJohn Wren Kennedy 16631d32ba66SJohn Wren Kennedy log_must zfs allow $user reservation $vol 16641d32ba66SJohn Wren Kennedy log_must zfs allow $user refreservation $vol 16651d32ba66SJohn Wren Kennedy user_run $user zfs set volsize=$newval $vol 16661d32ba66SJohn Wren Kennedy log_must zfs unallow $user reservation $vol 16671d32ba66SJohn Wren Kennedy log_must zfs unallow $user refreservation $vol 1668f38cb554SJohn Wren Kennedy if [[ $oldval == $(get_prop volsize $vol) ]]; 1669f38cb554SJohn Wren Kennedy then 1670f38cb554SJohn Wren Kennedy return 1 1671f38cb554SJohn Wren Kennedy fi 1672f38cb554SJohn Wren Kennedy fi 1673f38cb554SJohn Wren Kennedy 1674f38cb554SJohn Wren Kennedy return 0 1675f38cb554SJohn Wren Kennedy} 1676f38cb554SJohn Wren Kennedy 1677f38cb554SJohn Wren Kennedyfunction verify_allow 1678f38cb554SJohn Wren Kennedy{ 1679f38cb554SJohn Wren Kennedy typeset user=$1 1680f38cb554SJohn Wren Kennedy typeset perm=$2 1681f38cb554SJohn Wren Kennedy typeset dtst=$3 1682f38cb554SJohn Wren Kennedy 1683f38cb554SJohn Wren Kennedy typeset -i ret 1684f38cb554SJohn Wren Kennedy 16851d32ba66SJohn Wren Kennedy user_run $user zfs allow $user allow $dtst 1686f38cb554SJohn Wren Kennedy ret=$? 1687f38cb554SJohn Wren Kennedy if [[ $ret -eq 0 ]]; then 1688f38cb554SJohn Wren Kennedy return 1 1689f38cb554SJohn Wren Kennedy fi 1690f38cb554SJohn Wren Kennedy 16911d32ba66SJohn Wren Kennedy log_must zfs allow $user copies $dtst 16921d32ba66SJohn Wren Kennedy user_run $user zfs allow $user copies $dtst 1693f38cb554SJohn Wren Kennedy ret=$? 16941d32ba66SJohn Wren Kennedy log_must zfs unallow $user copies $dtst 1695f38cb554SJohn Wren Kennedy if [[ $ret -eq 1 ]]; then 1696f38cb554SJohn Wren Kennedy return 1 1697f38cb554SJohn Wren Kennedy fi 1698f38cb554SJohn Wren Kennedy 1699f38cb554SJohn Wren Kennedy return 0 1700f38cb554SJohn Wren Kennedy 1701f38cb554SJohn Wren Kennedy} 170251463258SBill Sommerfeld 170351463258SBill Sommerfeldfunction verify_allow_output 170451463258SBill Sommerfeld{ 170551463258SBill Sommerfeld typeset dtst=$1 170651463258SBill Sommerfeld 170751463258SBill Sommerfeld shift 170851463258SBill Sommerfeld cat >>/tmp/allow_template.$$ <<EOF 170951463258SBill Sommerfeld---- Permissions on $dtst 171051463258SBill SommerfeldEOF 171151463258SBill Sommerfeld 171251463258SBill Sommerfeld while (( $# > 0 )); do 171351463258SBill Sommerfeld typeset section=$1 171451463258SBill Sommerfeld typeset content=$2 171551463258SBill Sommerfeld 171651463258SBill Sommerfeld cat >>/tmp/allow_template.$$ <<EOF 171751463258SBill Sommerfeld${section}: 171851463258SBill Sommerfeld $content 171951463258SBill SommerfeldEOF 172051463258SBill Sommerfeld shift 2 172151463258SBill Sommerfeld done 172251463258SBill Sommerfeld 172351463258SBill Sommerfeld # chop variable-length trailing dashes 172451463258SBill Sommerfeld zfs allow $dtst | sed 's/ --*$//' >/tmp/allow_output.$$ 172551463258SBill Sommerfeld 172651463258SBill Sommerfeld typeset -i ret 172751463258SBill Sommerfeld log_must diff -u /tmp/allow_template.$$ /tmp/allow_output.$$ 172851463258SBill Sommerfeld ret=$? 172951463258SBill Sommerfeld rm -f /tmp/allow_template.$$ /tmp/allow_output.$$ 173051463258SBill Sommerfeld 173151463258SBill Sommerfeld if [[ $ret -eq 0 ]]; then 173251463258SBill Sommerfeld return 0 173351463258SBill Sommerfeld fi 173451463258SBill Sommerfeld 173551463258SBill Sommerfeld return 1 173651463258SBill Sommerfeld} 1737