1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2016 by Delphix. All rights reserved.
30#
31
32. $STF_SUITE/tests/functional/acl/acl_common.kshlib
33
34#
35# DESCRIPTION:
36#	Verify that the read_xattr/write_xattr for
37#	owner/group/everyone are correct.
38#
39# STRATEGY:
40# 1. Create file and  directory in zfs filesystem
41# 2. Set special read_xattr ACE to the file and directory
42# 3. Try to list the extended attributes of the file and directory
43# 4. Set special write_xattr ACE to the file and directory
44# 5. Try to add new extended attributes to the file and directory
45# 6. Verify above operation is successful.
46#
47
48verify_runnable "both"
49
50function cleanup
51{
52	cd $cwd
53
54	cleanup_test_files $TESTDIR/basedir
55
56	if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
57		log_must rm -f $TESTDIR/$ARCHIVEFILE
58	fi
59
60	return 0
61}
62
63#   owner@	group	group_users		other_users
64set -A users \
65    "root"	"root"	"$ZFS_ACL_ADMIN"	"$ZFS_ACL_OTHER1" \
66    "$ZFS_ACL_STAFF1"	"$ZFS_ACL_STAFF_GROUP"	"$ZFS_ACL_STAFF2" \
67    "$ZFS_ACL_OTHER1"
68
69set -A a_access \
70	"read_xattr:allow" \
71	"read_xattr:deny" \
72	"write_xattr:allow" \
73	"write_xattr:deny"
74
75set -A a_flag "owner@" "group@" "everyone@"
76
77MYTESTFILE=/etc/passwd
78
79log_assert "Verify that the permission of read_xattr/write_xattr for " \
80	"owner/group/everyone are correct."
81log_onexit cleanup
82
83function operate_node #user node acl
84{
85	typeset user=$1
86	typeset node=$2
87	typeset acl_t=$3
88	typeset ret
89
90	if [[ $user == "" || $node == "" ]]; then
91		log_fail "user, node are not defined."
92	fi
93
94	if [[ $acl_t == *read_xattr* ]]; then
95		chgusr_exec $user runat $node ls > /dev/null 2>&1; ret=$?
96	elif [[ $acl_t == *write_xattr* ]]; then
97		chgusr_exec $user runat $node cp $MYTESTFILE attr.1 ; ret=$?
98
99		if [[ $ret -eq 0 ]]; then
100			log_must cleanup_test_files $TESTDIR/basedir
101			log_must tar xpf@ $TESTDIR/$ARCHIVEFILE
102		fi
103	fi
104
105	return $ret
106}
107
108function logname #acl_target user
109{
110	typeset acl_target=$1
111	typeset user=$2
112	typeset ret="log_mustnot"
113
114	# To super user, read and write deny permission was override.
115	if [[ $user == root || $acl_target == *:allow ]] then
116		ret="log_must"
117	fi
118
119	print $ret
120}
121
122function check_chmod_results #node flag acl_target g_usr o_usr
123{
124	typeset node=$1
125	typeset flag=$2
126	typeset acl_target=$2:$3
127	typeset g_usr=$4
128	typeset o_usr=$5
129	typeset log
130
131	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
132		log=$(logname $acl_target $ZFS_ACL_CUR_USER)
133		$log operate_node $ZFS_ACL_CUR_USER $node $acl_target
134	fi
135	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
136		log=$(logname $acl_target $g_usr)
137		$log operate_node $g_usr $node $acl_target
138	fi
139	if [[ $flag == "everyone@" ]]; then
140		log=$(logname $acl_target $o_usr)
141		$log operate_node $o_usr $node $acl_target
142	fi
143}
144
145function test_chmod_basic_access #node g_usr o_usr
146{
147	typeset node=${1%/}
148	typeset g_usr=$2
149	typeset o_usr=$3
150	typeset flag acl_p acl_t parent
151
152	parent=${node%/*}
153
154	for flag in ${a_flag[@]}; do
155		for acl_t in "${a_access[@]}"; do
156			log_must usr_exec chmod A+$flag:$acl_t $node
157
158			log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir
159
160			check_chmod_results "$node" "$flag" \
161				"$acl_t" "$g_usr" "$o_usr"
162
163			log_must usr_exec chmod A0- $node
164		done
165	done
166}
167
168function setup_test_files #base_node user group
169{
170	typeset base_node=$1
171	typeset user=$2
172	typeset group=$3
173
174	cleanup_test_files $base_node
175
176	log_must mkdir -p $base_node
177	log_must chown $user:$group $base_node
178
179	log_must set_cur_usr $user
180
181	# Prepare all files/sub-dirs for testing.
182
183	file0=$base_node/testfile_rm
184
185	dir0=$base_node/testdir_rm
186
187	log_must usr_exec touch $file0
188	log_must usr_exec chmod 444 $file0
189
190	log_must usr_exec runat $file0 cp $MYTESTFILE attr.0
191
192	log_must usr_exec mkdir -p $dir0
193	log_must usr_exec chmod 555 $dir0
194
195	log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0
196
197	log_must usr_exec chmod 777 $base_node
198	return 0
199}
200
201function cleanup_test_files #base_node
202{
203	typeset base_node=$1
204
205	if [[ -d $base_node ]]; then
206		log_must rm -rf $base_node
207	elif [[ -e $base_node ]]; then
208		log_must rm -f $base_node
209	fi
210
211	return 0
212}
213
214typeset cwd=$PWD
215typeset ARCHIVEFILE=archive.tar
216
217typeset -i i=0
218typeset -i j=0
219typeset target
220
221while (( i < ${#users[@]} )); do
222	setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]}
223	cd $TESTDIR
224
225	j=0
226	while (( j < 1 )); do
227		eval target=\$file$j
228		test_chmod_basic_access $target \
229			"${users[((i+2))]}" "${users[((i+3))]}"
230
231		eval target=\$dir$j
232		test_chmod_basic_access $target \
233			"${users[((i+2))]}" "${users[((i+3))]}"
234
235		(( j = j + 1 ))
236	done
237
238	(( i += 4 ))
239done
240
241log_pass "Verify that the permission of read_xattr/write_xattr for " \
242	"owner/group/everyone are correct."
243