1d583b39bSJohn Wren Kennedy#!/bin/ksh -p 2d583b39bSJohn Wren Kennedy# 3d583b39bSJohn Wren Kennedy# CDDL HEADER START 4d583b39bSJohn Wren Kennedy# 5d583b39bSJohn Wren Kennedy# The contents of this file are subject to the terms of the 6d583b39bSJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7d583b39bSJohn Wren Kennedy# You may not use this file except in compliance with the License. 8d583b39bSJohn Wren Kennedy# 9d583b39bSJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10d583b39bSJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11d583b39bSJohn Wren Kennedy# See the License for the specific language governing permissions 12d583b39bSJohn Wren Kennedy# and limitations under the License. 13d583b39bSJohn Wren Kennedy# 14d583b39bSJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15d583b39bSJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16d583b39bSJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17d583b39bSJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18d583b39bSJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19d583b39bSJohn Wren Kennedy# 20d583b39bSJohn Wren Kennedy# CDDL HEADER END 21d583b39bSJohn Wren Kennedy# 22d583b39bSJohn Wren Kennedy 23d583b39bSJohn Wren Kennedy# 24d583b39bSJohn Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25d583b39bSJohn Wren Kennedy# Use is subject to license terms. 26d583b39bSJohn Wren Kennedy# 27d583b39bSJohn Wren Kennedy 28d583b39bSJohn Wren Kennedy# 291d32ba66SJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved. 30*6990962cSToomas Soome# Copyright 2023 RackTop Systems, Inc. 31d583b39bSJohn Wren Kennedy# 32d583b39bSJohn Wren Kennedy 33d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib 34d583b39bSJohn Wren Kennedy 35d583b39bSJohn Wren Kennedy# 36d583b39bSJohn Wren Kennedy# DESCRIPTION: 37d583b39bSJohn Wren Kennedy# chmod A{+|-|=} could set compact ACL correctly. 38d583b39bSJohn Wren Kennedy# 39d583b39bSJohn Wren Kennedy# STRATEGY: 40d583b39bSJohn Wren Kennedy# 1. Loop root and non-root user. 41d583b39bSJohn Wren Kennedy# 2. Get the random compact ACL string. 42d583b39bSJohn Wren Kennedy# 4. Separately chmod +|-|= 43d583b39bSJohn Wren Kennedy# 5. Check compact ACL display as expected 44d583b39bSJohn Wren Kennedy# 45d583b39bSJohn Wren Kennedy 46d583b39bSJohn Wren Kennedyverify_runnable "both" 47d583b39bSJohn Wren Kennedy 48d583b39bSJohn Wren Kennedylog_assert "chmod A{+|=} should set compact ACL correctly." 49d583b39bSJohn Wren Kennedylog_onexit cleanup 50d583b39bSJohn Wren Kennedy 51d583b39bSJohn Wren Kennedytypeset a_flag=('owner' 'group' 'everyone') 52d583b39bSJohn Wren Kennedytypeset a_access=('r' 'w' 'x' 'p' 'd' 'D' 'a' 'A' 'R' 'W' 'c' 'C' 'o' 's') 53d583b39bSJohn Wren Kennedytypeset a_inherit_object=('f' 'd') 54d583b39bSJohn Wren Kennedytypeset a_inherit_strategy=('i' 'n') 55d583b39bSJohn Wren Kennedytypeset a_type=('allow' 'deny') 56d583b39bSJohn Wren Kennedy 57d583b39bSJohn Wren Kennedy# 58d583b39bSJohn Wren Kennedy# Get a random item from an array. 59d583b39bSJohn Wren Kennedy# 60d583b39bSJohn Wren Kennedy# $1 the base set 61d583b39bSJohn Wren Kennedy# 62d583b39bSJohn Wren Kennedyfunction random_select 63d583b39bSJohn Wren Kennedy{ 64d583b39bSJohn Wren Kennedy typeset arr_name=$1 65d583b39bSJohn Wren Kennedy typeset -i ind 66d583b39bSJohn Wren Kennedy 67d583b39bSJohn Wren Kennedy eval typeset -i cnt=\${#${arr_name}[@]} 68d583b39bSJohn Wren Kennedy ((ind = $RANDOM % cnt)) 69d583b39bSJohn Wren Kennedy 70d583b39bSJohn Wren Kennedy eval print \${${arr_name}[$ind]} 71d583b39bSJohn Wren Kennedy} 72d583b39bSJohn Wren Kennedy 73d583b39bSJohn Wren Kennedy# 74d583b39bSJohn Wren Kennedy# Create a random string according to array name, the item number and 75d583b39bSJohn Wren Kennedy# separated tag. 76d583b39bSJohn Wren Kennedy# 77d583b39bSJohn Wren Kennedy# $1 array name where the function get the elements 78d583b39bSJohn Wren Kennedy# $2 the items number which you want to form the random string 79d583b39bSJohn Wren Kennedy# $3 the separated tag 80d583b39bSJohn Wren Kennedy# 81d583b39bSJohn Wren Kennedyfunction form_random_str 82d583b39bSJohn Wren Kennedy{ 83d583b39bSJohn Wren Kennedy typeset arr_name=$1 84d583b39bSJohn Wren Kennedy typeset -i count=${2:-1} 85d583b39bSJohn Wren Kennedy typeset sep=${3:-""} 86d583b39bSJohn Wren Kennedy 87d583b39bSJohn Wren Kennedy typeset str="" 88d583b39bSJohn Wren Kennedy while ((count > 0)); do 89d583b39bSJohn Wren Kennedy str="${str}$(random_select $arr_name)${sep}" 90d583b39bSJohn Wren Kennedy 91d583b39bSJohn Wren Kennedy ((count -= 1)) 92d583b39bSJohn Wren Kennedy done 93d583b39bSJohn Wren Kennedy 94d583b39bSJohn Wren Kennedy print $str 95d583b39bSJohn Wren Kennedy} 96d583b39bSJohn Wren Kennedy 97d583b39bSJohn Wren Kennedy# 98d583b39bSJohn Wren Kennedy# According to the input ACE access,ACE type, and inherit flags, return the 99d583b39bSJohn Wren Kennedy# expect compact ACE that could be used by chmod A0{+|=}'. 100d583b39bSJohn Wren Kennedy# 101d583b39bSJohn Wren Kennedy# $1 ACE flag which is owner, group, or everyone 102d583b39bSJohn Wren Kennedy# $2 ACE access generated by the element of a_access 103d583b39bSJohn Wren Kennedy# $3 ACE inherit_object generated by the element of a_inherit_object 104d583b39bSJohn Wren Kennedy# $4 ACE inherit_strategy generated by the element of a_inherit_strategy 105d583b39bSJohn Wren Kennedy# $5 ACE type which is allow or deny 106d583b39bSJohn Wren Kennedy# 107d583b39bSJohn Wren Kennedyfunction cal_ace 108d583b39bSJohn Wren Kennedy{ 109d583b39bSJohn Wren Kennedy typeset acl_flag=$1 110d583b39bSJohn Wren Kennedy typeset acl_access=$2 111d583b39bSJohn Wren Kennedy typeset acl_inherit_object=$3 112d583b39bSJohn Wren Kennedy typeset acl_inherit_strategy=$4 113d583b39bSJohn Wren Kennedy typeset acl_type=$5 114d583b39bSJohn Wren Kennedy 115d583b39bSJohn Wren Kennedy tmp_ace=${acl_flag}@: 116d583b39bSJohn Wren Kennedy 117d583b39bSJohn Wren Kennedy for element in ${a_access[@]} ; do 118d583b39bSJohn Wren Kennedy if [[ $acl_access == *"$element"* ]]; then 119d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}${element}" 120d583b39bSJohn Wren Kennedy else 121d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}-" 122d583b39bSJohn Wren Kennedy fi 123d583b39bSJohn Wren Kennedy done 124d583b39bSJohn Wren Kennedy tmp_ace=${tmp_ace}: 125d583b39bSJohn Wren Kennedy 126d583b39bSJohn Wren Kennedy for element in ${a_inherit_object[@]} ; do 127d583b39bSJohn Wren Kennedy if [[ $acl_inherit_object == *"$element"* ]]; then 128d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}${element}" 129d583b39bSJohn Wren Kennedy else 130d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}-" 131d583b39bSJohn Wren Kennedy fi 132d583b39bSJohn Wren Kennedy done 133d583b39bSJohn Wren Kennedy for element in ${a_inherit_strategy[@]} ; do 134d583b39bSJohn Wren Kennedy if [[ $acl_inherit_strategy == *"$element"* ]]; then 135d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}${element}" 136d583b39bSJohn Wren Kennedy else 137d583b39bSJohn Wren Kennedy tmp_ace="${tmp_ace}-" 138d583b39bSJohn Wren Kennedy fi 139d583b39bSJohn Wren Kennedy done 140d583b39bSJohn Wren Kennedy 141d583b39bSJohn Wren Kennedy tmp_ace=${tmp_ace}---:${acl_type} 142d583b39bSJohn Wren Kennedy 143d583b39bSJohn Wren Kennedy echo "${tmp_ace}" 144d583b39bSJohn Wren Kennedy} 145d583b39bSJohn Wren Kennedy 146d583b39bSJohn Wren Kennedy# 147d583b39bSJohn Wren Kennedy# Check if chmod set the compact ACE correctly. 148d583b39bSJohn Wren Kennedy# 149d583b39bSJohn Wren Kennedyfunction check_test_result 150d583b39bSJohn Wren Kennedy{ 151d583b39bSJohn Wren Kennedy typeset node=$1 152d583b39bSJohn Wren Kennedy typeset acl_flag=$2 153d583b39bSJohn Wren Kennedy typeset acl_access=$3 154d583b39bSJohn Wren Kennedy typeset acl_inherit_object=$4 155d583b39bSJohn Wren Kennedy typeset acl_inherit_strategy=$5 156d583b39bSJohn Wren Kennedy typeset acl_type=$6 157d583b39bSJohn Wren Kennedy 158d583b39bSJohn Wren Kennedy typeset expect_ace=$(cal_ace "$acl_flag" "$acl_access" \ 159d583b39bSJohn Wren Kennedy "$acl_inherit_object" "$acl_inherit_strategy" "$acl_type") 160d583b39bSJohn Wren Kennedy 161d583b39bSJohn Wren Kennedy typeset cur_ace=$(get_ACE $node 0 "compact") 162d583b39bSJohn Wren Kennedy 163d583b39bSJohn Wren Kennedy if [[ $cur_ace != $expect_ace ]]; then 164d583b39bSJohn Wren Kennedy log_fail "FAIL: Current map($cur_ace) != \ 165d583b39bSJohn Wren Kennedy expected ace($expect_ace)" 166d583b39bSJohn Wren Kennedy fi 167d583b39bSJohn Wren Kennedy} 168d583b39bSJohn Wren Kennedy 169d583b39bSJohn Wren Kennedyfunction test_chmod_map 170d583b39bSJohn Wren Kennedy{ 171d583b39bSJohn Wren Kennedy typeset node=$1 172d583b39bSJohn Wren Kennedy typeset acl_flag acl_access acl_inherit_object acl_inherit_strategy \ 173d583b39bSJohn Wren Kennedy acl_type 174d583b39bSJohn Wren Kennedy typeset -i cnt 175d583b39bSJohn Wren Kennedy 176d583b39bSJohn Wren Kennedy if ((${#node} == 0)); then 177d583b39bSJohn Wren Kennedy log_fail "FAIL: file name or directroy name is not defined." 178d583b39bSJohn Wren Kennedy fi 179d583b39bSJohn Wren Kennedy 180d583b39bSJohn Wren Kennedy # Get ACL flag, access & type 181d583b39bSJohn Wren Kennedy acl_flag=$(form_random_str a_flag) 182d583b39bSJohn Wren Kennedy ((cnt = ($RANDOM % ${#a_access[@]}) + 1)) 183d583b39bSJohn Wren Kennedy acl_access=$(form_random_str a_access $cnt) 184d583b39bSJohn Wren Kennedy acl_access=${acl_access%/} 185d583b39bSJohn Wren Kennedy acl_type=$(form_random_str a_type 1) 186d583b39bSJohn Wren Kennedy 187d583b39bSJohn Wren Kennedy acl_spec=${acl_flag}@:${acl_access} 188d583b39bSJohn Wren Kennedy if [[ -d $node ]]; then 189d583b39bSJohn Wren Kennedy # Get ACL inherit_object & inherit_strategy 190d583b39bSJohn Wren Kennedy ((cnt = ($RANDOM % ${#a_inherit_object[@]}) + 1)) 191d583b39bSJohn Wren Kennedy acl_inherit_object=$(form_random_str a_inherit_object $cnt) 192d583b39bSJohn Wren Kennedy ((cnt = ($RANDOM % ${#a_inherit_strategy[@]}) + 1)) 193d583b39bSJohn Wren Kennedy acl_inherit_strategy=$(form_random_str a_inherit_strategy $cnt) 194d583b39bSJohn Wren Kennedy acl_spec=${acl_spec}:${acl_inherit_object}${acl_inherit_strategy} 195d583b39bSJohn Wren Kennedy fi 196d583b39bSJohn Wren Kennedy acl_spec=${acl_spec}:${acl_type} 197d583b39bSJohn Wren Kennedy 198d583b39bSJohn Wren Kennedy # Set the initial map and back the initial ACEs 199d583b39bSJohn Wren Kennedy typeset orig_ace=/tmp/orig_ace.$$ 200d583b39bSJohn Wren Kennedy typeset cur_ace=/tmp/cur_ace.$$ 201d583b39bSJohn Wren Kennedy 202d583b39bSJohn Wren Kennedy for operator in "A0+" "A0="; do 2031d32ba66SJohn Wren Kennedy log_must usr_exec eval "ls -Vd $node > $orig_ace" 204d583b39bSJohn Wren Kennedy 205d583b39bSJohn Wren Kennedy # To "A=", firstly add one ACE which can't modify map 206d583b39bSJohn Wren Kennedy if [[ $operator == "A0=" ]]; then 2071d32ba66SJohn Wren Kennedy log_must chmod A0+user:$ZFS_ACL_OTHER1:execute:deny \ 208d583b39bSJohn Wren Kennedy $node 209d583b39bSJohn Wren Kennedy fi 2101d32ba66SJohn Wren Kennedy log_must usr_exec chmod ${operator}${acl_spec} $node 211d583b39bSJohn Wren Kennedy 212d583b39bSJohn Wren Kennedy check_test_result "$node" "$acl_flag" "$acl_access" \ 213d583b39bSJohn Wren Kennedy "$acl_inherit_object" "$acl_inherit_strategy" "$acl_type" 214d583b39bSJohn Wren Kennedy 215*6990962cSToomas Soome # Check "chmod A-". If write_acl is denied, use root. 216*6990962cSToomas Soome if [[ $acl_type == deny && $acl_access == *C* ]]; then 217*6990962cSToomas Soome log_must chgusr_exec root chmod A0- $node 218*6990962cSToomas Soome else 2191d32ba66SJohn Wren Kennedy log_must usr_exec chmod A0- $node 220*6990962cSToomas Soome fi 2211d32ba66SJohn Wren Kennedy log_must usr_exec eval "ls -Vd $node > $cur_ace" 222d583b39bSJohn Wren Kennedy 2231d32ba66SJohn Wren Kennedy diff $orig_ace $cur_ace 224d583b39bSJohn Wren Kennedy [[ $? -ne 0 ]] && log_fail "FAIL: 'chmod A-' failed." 225d583b39bSJohn Wren Kennedy done 226d583b39bSJohn Wren Kennedy 2271d32ba66SJohn Wren Kennedy [[ -f $orig_ace ]] && log_must usr_exec rm -f $orig_ace 2281d32ba66SJohn Wren Kennedy [[ -f $cur_ace ]] && log_must usr_exec rm -f $cur_ace 229d583b39bSJohn Wren Kennedy} 230d583b39bSJohn Wren Kennedy 231d583b39bSJohn Wren Kennedyfor user in root $ZFS_ACL_STAFF1; do 232d583b39bSJohn Wren Kennedy set_cur_usr $user 233d583b39bSJohn Wren Kennedy 234d583b39bSJohn Wren Kennedy typeset -i loop_cnt=2 235d583b39bSJohn Wren Kennedy while ((loop_cnt > 0)); do 2361d32ba66SJohn Wren Kennedy log_must usr_exec touch $testfile 237d583b39bSJohn Wren Kennedy test_chmod_map $testfile 2381d32ba66SJohn Wren Kennedy log_must rm -f $testfile 239d583b39bSJohn Wren Kennedy 2401d32ba66SJohn Wren Kennedy log_must usr_exec mkdir $testdir 241d583b39bSJohn Wren Kennedy test_chmod_map $testdir 2421d32ba66SJohn Wren Kennedy log_must rm -rf $testdir 243d583b39bSJohn Wren Kennedy 244d583b39bSJohn Wren Kennedy ((loop_cnt -= 1)) 245d583b39bSJohn Wren Kennedy done 246d583b39bSJohn Wren Kennedydone 247d583b39bSJohn Wren Kennedy 248d583b39bSJohn Wren Kennedylog_pass "chmod A{+|=} set compact ACL correctly." 249