xref: /freebsd/contrib/pjdfstest/tests/granular/05.t (revision 40a8ac8f62b535d30349faf28cf47106b7041b83) 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/05.t 211352 2010-08-15 21:24:17Z pjd $
3
4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD with directories"
5
6dir=`dirname $0`
7. ${dir}/../misc.sh
8
9[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit
10
11echo "1..68"
12
13n0=`namegen`
14n1=`namegen`
15n2=`namegen`
16n3=`namegen`
17
18expect 0 mkdir ${n2} 0755
19expect 0 mkdir ${n3} 0777
20cdir=`pwd`
21cd ${n2}
22
23# Unlink allowed on writable directory.
24expect 0 mkdir ${n0} 0755
25expect EACCES -u 65534 -g 65534 rmdir ${n0}
26expect 0 prependacl . user:65534:write_data::allow
27expect 0 -u 65534 -g 65534 rmdir ${n0}
28
29# Moving directory elsewhere allowed on writable directory.
30expect 0 mkdir ${n0} 0777
31expect 0 prependacl . user:65534:write_data::deny
32expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
33expect 0 prependacl . user:65534:write_data::allow
34expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
35
36# 12
37# Moving directory from elsewhere allowed on writable directory.
38expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
39expect 0 prependacl . user:65534:append_data::allow
40expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
41expect 0 -u 65534 -g 65534 rmdir ${n0}
42
43# Moving directory from elsewhere overwriting local directory allowed
44# on writable directory.
45expect 0 mkdir ${n0} 0755
46expect 0 mkdir ../${n3}/${n0} 0777
47expect 0 prependacl . user:65534:write_data::deny
48expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
49expect 0 prependacl . user:65534:write_data::allow
50expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
51expect 0 -u 65534 -g 65534 rmdir ${n0}
52
53# 23
54# Denied DELETE changes nothing wrt removing.
55expect 0 mkdir ${n0} 0755
56expect 0 prependacl ${n0} user:65534:delete::deny
57expect 0 -u 65534 -g 65534 rmdir ${n0}
58
59# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
60expect 0 mkdir ${n0} 0777
61expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
62expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
63expect 0 -u 65534 -g 65534 rmdir ${n0}
64
65# DELETE_CHILD denies unlink on writable directory.
66expect 0 mkdir ${n0} 0755
67expect 0 prependacl . user:65534:delete_child::deny
68expect EPERM -u 65534 -g 65534 rmdir ${n0}
69expect 0 rmdir ${n0}
70
71# 35
72# DELETE_CHILD denies moving directory elsewhere.
73expect 0 mkdir ${n0} 0777
74expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
75expect 0 rename ${n0} ../${n3}/${n0}
76
77# DELETE_CHILD does not deny moving directory from elsewhere
78# to a writable directory.
79expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
80
81# DELETE_CHILD denies moving directory from elsewhere
82# to a writable directory overwriting local directory.
83expect 0 mkdir ../${n3}/${n0} 0755
84expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
85
86# DELETE allowed on directory allows for unlinking, no matter
87# what permissions on containing directory are.
88expect 0 prependacl ${n0} user:65534:delete::allow
89expect 0 -u 65534 -g 65534 rmdir ${n0}
90
91# Same for moving the directory elsewhere.
92expect 0 mkdir ${n0} 0777
93expect 0 prependacl ${n0} user:65534:delete::allow
94expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
95
96# 46
97# Same for moving the directory from elsewhere into a writable
98# directory with DELETE_CHILD denied.
99expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
100expect 0 rmdir ${n0}
101
102# DELETE does not allow for overwriting a directory in a unwritable
103# directory with DELETE_CHILD denied.
104expect 0 mkdir ${n0} 0755
105expect 0 mkdir ../${n3}/${n0} 0777
106expect 0 prependacl . user:65534:write_data::deny
107expect 0 prependacl . user:65534:delete_child::deny
108expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
109expect 0 prependacl ${n0} user:65534:delete::allow
110# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
111expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
112
113# 54
114# But it allows for plain deletion.
115# XXX: expect 0 -u 65534 -g 65534 rmdir ${n0}
116expect 0 rmdir ${n0}
117
118# DELETE_CHILD allowed on unwritable directory.
119expect 0 mkdir ${n0} 0755
120expect 0 prependacl . user:65534:delete_child::allow
121expect 0 -u 65534 -g 65534 rmdir ${n0}
122
123# Moving things elsewhere is allowed.
124expect 0 mkdir ${n0} 0777
125expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
126
127# 60
128# Moving things back is not.
129# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
130expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
131
132# Even if we're overwriting.
133# XXX: expect 0 mkdir ${n0} 0755
134expect 0 mkdir ../${n3}/${n0} 0777
135# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
136expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
137expect 0 mkdir ../${n3}/${n0} 0777
138
139# Even if we have DELETE on the existing directory.
140expect 0 prependacl ${n0} user:65534:delete::allow
141# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
142expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
143
144# Denied DELETE changes nothing wrt removing.
145expect 0 prependacl ${n0} user:65534:delete::deny
146expect 0 -u 65534 -g 65534 rmdir ${n0}
147
148cd ${cdir}
149expect 0 rmdir ${n2}
150