1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
30#
31
32. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
33
34#
35# DESCRIPTION:
36#	Scan the following permissions one by one to verify privileged user
37#	has correct permission delegation in datasets.
38#
39# STRATEGY:
40#	1. Delegate all the permission one by one to user on dataset.
41#	2. Verify privileged user has correct permission without any other
42#	   permissions allowed.
43#
44
45verify_runnable "both"
46
47log_assert "Verify privileged user has correct permissions once which was "\
48	"delegated to him in datasets"
49log_onexit restore_root_datasets
50
51#
52#				Results in	Results in
53#		Permission	Filesystem	Volume
54#
55set -A perms	create		true		false	\
56		snapshot	true		true	\
57		mount		true		false	\
58		send		true		true	\
59		allow		true		true	\
60		quota		true		false	\
61		reservation	true		true	\
62		dnodesize	true		false	\
63		recordsize	true		false	\
64		mountpoint	true		false	\
65		checksum	true		true	\
66		compression	true		true	\
67		canmount	true		false	\
68		atime		true		false	\
69		devices		true		false	\
70		exec		true		false	\
71		volsize		false		true	\
72		setuid		true		false	\
73		readonly	true		true	\
74		snapdir		true		false	\
75		userprop	true		true	\
76		aclmode		true		false	\
77		aclinherit	true		false	\
78		rollback	true		true	\
79		clone		true		true	\
80		rename		true		true	\
81		promote		true		true	\
82		zoned		true		false	\
83		xattr		true		false	\
84		receive		true		false	\
85		destroy		true		true
86if is_global_zone; then
87	typeset -i n=${#perms[@]}
88	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
89	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
90fi
91
92for dtst in $DATASETS; do
93	typeset -i k=1
94	typeset type=$(get_prop type $dtst)
95	[[ $type == "volume" ]] && k=2
96
97	typeset -i i=0
98	while (( i < ${#perms[@]} )); do
99		log_must zfs allow $STAFF1 ${perms[$i]} $dtst
100
101		if [[ ${perms[((i+k))]} == "true" ]]; then
102			log_must verify_perm $dtst ${perms[$i]} $STAFF1
103		else
104			log_must verify_noperm $dtst ${perms[$i]} $STAFF1
105		fi
106
107		log_must restore_root_datasets
108
109		((i += 3))
110	done
111done
112
113log_pass "Verify privileged user has correct permissions " \
114	"in datasets passed."
115