1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2016 by Delphix. All rights reserved. 30# Copyright 2023 RackTop Systems, Inc. 31# 32 33. $STF_SUITE/tests/functional/acl/acl_common.kshlib 34 35# 36# DESCRIPTION: 37# Verify that the read_xattr/write_xattr for 38# owner/group/everyone are correct. 39# 40# STRATEGY: 41# 1. Create file and directory in zfs filesystem 42# 2. Set special read_xattr ACE to the file and directory 43# 3. Try to list the extended attributes of the file and directory 44# 4. Set special write_xattr ACE to the file and directory 45# 5. Try to add new extended attributes to the file and directory 46# 6. Verify above operation is successful. 47# 48 49verify_runnable "both" 50 51function cleanup 52{ 53 cd $cwd 54 55 cleanup_test_files $TESTDIR/basedir 56 57 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 58 log_must rm -f $TESTDIR/$ARCHIVEFILE 59 fi 60 61 return 0 62} 63 64# owner@ group group_users other_users 65set -A users \ 66 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 67 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 68 "$ZFS_ACL_OTHER1" 69 70set -A a_access \ 71 "read_xattr:allow" \ 72 "read_xattr:deny" \ 73 "write_xattr:allow" \ 74 "write_xattr:deny" 75 76set -A a_flag "owner@" "group@" "everyone@" 77 78MYTESTFILE=/etc/passwd 79 80log_assert "Verify that the permission of read_xattr/write_xattr for " \ 81 "owner/group/everyone are correct." 82log_onexit cleanup 83 84function operate_node #user node acl 85{ 86 typeset user=$1 87 typeset node=$2 88 typeset acl_t=$3 89 typeset ret 90 91 if [[ $user == "" || $node == "" ]]; then 92 log_fail "user, node are not defined." 93 fi 94 95 if [[ $acl_t == *read_xattr* ]]; then 96 chgusr_exec $user runat $node ls > /dev/null 2>&1; ret=$? 97 elif [[ $acl_t == *write_xattr* ]]; then 98 chgusr_exec $user runat $node cp $MYTESTFILE attr.1 ; ret=$? 99 100 if [[ $ret -eq 0 ]]; then 101 log_must cleanup_test_files $TESTDIR/basedir 102 log_must tar xpf@ $TESTDIR/$ARCHIVEFILE 103 fi 104 fi 105 106 return $ret 107} 108 109function logname #acl_target user 110{ 111 typeset acl_target=$1 112 typeset user=$2 113 typeset ret="log_mustnot" 114 115 # To super user, read and write deny permission was override. 116 if [[ $user == root || $acl_target == *:allow ]] then 117 ret="log_must" 118 fi 119 120 print $ret 121} 122 123function check_chmod_results #node flag acl_target g_usr o_usr 124{ 125 typeset node=$1 126 typeset flag=$2 127 typeset acl_target=$2:$3 128 typeset g_usr=$4 129 typeset o_usr=$5 130 typeset log 131 132 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 133 log=$(logname $acl_target $ZFS_ACL_CUR_USER) 134 $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 135 fi 136 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 137 log=$(logname $acl_target $g_usr) 138 $log operate_node $g_usr $node $acl_target 139 fi 140 if [[ $flag == "everyone@" ]]; then 141 log=$(logname $acl_target $o_usr) 142 $log operate_node $o_usr $node $acl_target 143 fi 144} 145 146function test_chmod_basic_access #node g_usr o_usr 147{ 148 typeset node=${1%/} 149 typeset g_usr=$2 150 typeset o_usr=$3 151 typeset flag acl_p acl_t parent 152 153 parent=${node%/*} 154 155 for flag in ${a_flag[@]}; do 156 for acl_t in "${a_access[@]}"; do 157 log_must usr_exec chmod A+$flag:$acl_t $node 158 159 log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir 160 161 check_chmod_results "$node" "$flag" \ 162 "$acl_t" "$g_usr" "$o_usr" 163 164 log_pos usr_exec chmod A-$flag:$acl_t $node 165 done 166 done 167} 168 169function setup_test_files #base_node user group 170{ 171 typeset base_node=$1 172 typeset user=$2 173 typeset group=$3 174 175 cleanup_test_files $base_node 176 177 log_must mkdir -p $base_node 178 log_must chown $user:$group $base_node 179 180 log_must set_cur_usr $user 181 182 # Prepare all files/sub-dirs for testing. 183 184 file0=$base_node/testfile_rm 185 186 dir0=$base_node/testdir_rm 187 188 log_must usr_exec touch $file0 189 log_must usr_exec chmod 444 $file0 190 191 log_must usr_exec runat $file0 cp $MYTESTFILE attr.0 192 193 log_must usr_exec mkdir -p $dir0 194 log_must usr_exec chmod 555 $dir0 195 196 log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0 197 198 log_must usr_exec chmod 777 $base_node 199 return 0 200} 201 202function cleanup_test_files #base_node 203{ 204 typeset base_node=$1 205 206 if [[ -d $base_node ]]; then 207 log_must rm -rf $base_node 208 elif [[ -e $base_node ]]; then 209 log_must rm -f $base_node 210 fi 211 212 return 0 213} 214 215typeset cwd=$PWD 216typeset ARCHIVEFILE=archive.tar 217 218typeset -i i=0 219typeset -i j=0 220typeset target 221 222while (( i < ${#users[@]} )); do 223 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 224 cd $TESTDIR 225 226 j=0 227 while (( j < 1 )); do 228 eval target=\$file$j 229 test_chmod_basic_access $target \ 230 "${users[((i+2))]}" "${users[((i+3))]}" 231 232 eval target=\$dir$j 233 test_chmod_basic_access $target \ 234 "${users[((i+2))]}" "${users[((i+3))]}" 235 236 (( j = j + 1 )) 237 done 238 239 (( i += 4 )) 240done 241 242log_pass "Verify that the permission of read_xattr/write_xattr for " \ 243 "owner/group/everyone are correct." 244