xref: /freebsd/contrib/pjdfstest/tests/granular/05.t (revision b9f654b163bce26de79705e77b872427c9f2afa1)
1#!/bin/sh
2# vim: filetype=sh noexpandtab ts=8 sw=8
3# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/05.t 211352 2010-08-15 21:24:17Z pjd $
4
5desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD with directories"
6
7dir=`dirname $0`
8. ${dir}/../misc.sh
9
10[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit
11
12echo "1..68"
13
14n0=`namegen`
15n1=`namegen`
16n2=`namegen`
17n3=`namegen`
18
19expect 0 mkdir ${n2} 0755
20expect 0 mkdir ${n3} 0777
21cdir=`pwd`
22cd ${n2}
23
24# Unlink allowed on writable directory.
25expect 0 mkdir ${n0} 0755
26expect EACCES -u 65534 -g 65534 rmdir ${n0}
27expect 0 prependacl . user:65534:write_data::allow
28expect 0 -u 65534 -g 65534 rmdir ${n0}
29
30# Moving directory elsewhere allowed on writable directory.
31expect 0 mkdir ${n0} 0777
32expect 0 prependacl . user:65534:write_data::deny
33expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
34expect 0 prependacl . user:65534:write_data::allow
35expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
36
37# 12
38# Moving directory from elsewhere allowed on writable directory.
39expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
40expect 0 prependacl . user:65534:append_data::allow
41expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
42expect 0 -u 65534 -g 65534 rmdir ${n0}
43
44# Moving directory from elsewhere overwriting local directory allowed
45# on writable directory.
46expect 0 mkdir ${n0} 0755
47expect 0 mkdir ../${n3}/${n0} 0777
48expect 0 prependacl . user:65534:write_data::deny
49expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
50expect 0 prependacl . user:65534:write_data::allow
51expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
52expect 0 -u 65534 -g 65534 rmdir ${n0}
53
54# 23
55# Denied DELETE changes nothing wrt removing.
56expect 0 mkdir ${n0} 0755
57expect 0 prependacl ${n0} user:65534:delete::deny
58expect 0 -u 65534 -g 65534 rmdir ${n0}
59
60# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
61expect 0 mkdir ${n0} 0777
62expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
63expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
64expect 0 -u 65534 -g 65534 rmdir ${n0}
65
66# DELETE_CHILD denies unlink on writable directory.
67expect 0 mkdir ${n0} 0755
68expect 0 prependacl . user:65534:delete_child::deny
69expect EPERM -u 65534 -g 65534 rmdir ${n0}
70expect 0 rmdir ${n0}
71
72# 35
73# DELETE_CHILD denies moving directory elsewhere.
74expect 0 mkdir ${n0} 0777
75expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
76expect 0 rename ${n0} ../${n3}/${n0}
77
78# DELETE_CHILD does not deny moving directory from elsewhere
79# to a writable directory.
80expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
81
82# DELETE_CHILD denies moving directory from elsewhere
83# to a writable directory overwriting local directory.
84expect 0 mkdir ../${n3}/${n0} 0755
85expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
86
87# DELETE allowed on directory allows for unlinking, no matter
88# what permissions on containing directory are.
89expect 0 prependacl ${n0} user:65534:delete::allow
90expect 0 -u 65534 -g 65534 rmdir ${n0}
91
92# Same for moving the directory elsewhere.
93expect 0 mkdir ${n0} 0777
94expect 0 prependacl ${n0} user:65534:delete::allow
95expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
96
97# 46
98# Same for moving the directory from elsewhere into a writable
99# directory with DELETE_CHILD denied.
100expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
101expect 0 rmdir ${n0}
102
103# DELETE does not allow for overwriting a directory in a unwritable
104# directory with DELETE_CHILD denied.
105expect 0 mkdir ${n0} 0755
106expect 0 mkdir ../${n3}/${n0} 0777
107expect 0 prependacl . user:65534:write_data::deny
108expect 0 prependacl . user:65534:delete_child::deny
109expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
110expect 0 prependacl ${n0} user:65534:delete::allow
111# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
112expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
113
114# 54
115# But it allows for plain deletion.
116# XXX: expect 0 -u 65534 -g 65534 rmdir ${n0}
117expect 0 rmdir ${n0}
118
119# DELETE_CHILD allowed on unwritable directory.
120expect 0 mkdir ${n0} 0755
121expect 0 prependacl . user:65534:delete_child::allow
122expect 0 -u 65534 -g 65534 rmdir ${n0}
123
124# Moving things elsewhere is allowed.
125expect 0 mkdir ${n0} 0777
126expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
127
128# 60
129# Moving things back is not.
130# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
131expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
132
133# Even if we're overwriting.
134# XXX: expect 0 mkdir ${n0} 0755
135expect 0 mkdir ../${n3}/${n0} 0777
136# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
137expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
138expect 0 mkdir ../${n3}/${n0} 0777
139
140# Even if we have DELETE on the existing directory.
141expect 0 prependacl ${n0} user:65534:delete::allow
142# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
143expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
144
145# Denied DELETE changes nothing wrt removing.
146expect 0 prependacl ${n0} user:65534:delete::deny
147expect 0 -u 65534 -g 65534 rmdir ${n0}
148
149cd ${cdir}
150expect 0 rmdir ${n2}
151