1d583b39bSJohn Wren Kennedy#!/bin/ksh -p 2d583b39bSJohn Wren Kennedy# 3d583b39bSJohn Wren Kennedy# CDDL HEADER START 4d583b39bSJohn Wren Kennedy# 5d583b39bSJohn Wren Kennedy# The contents of this file are subject to the terms of the 6d583b39bSJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7d583b39bSJohn Wren Kennedy# You may not use this file except in compliance with the License. 8d583b39bSJohn Wren Kennedy# 9d583b39bSJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10d583b39bSJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11d583b39bSJohn Wren Kennedy# See the License for the specific language governing permissions 12d583b39bSJohn Wren Kennedy# and limitations under the License. 13d583b39bSJohn Wren Kennedy# 14d583b39bSJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15d583b39bSJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16d583b39bSJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17d583b39bSJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18d583b39bSJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19d583b39bSJohn Wren Kennedy# 20d583b39bSJohn Wren Kennedy# CDDL HEADER END 21d583b39bSJohn Wren Kennedy# 22d583b39bSJohn Wren Kennedy 23d583b39bSJohn Wren Kennedy# 24d583b39bSJohn Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25d583b39bSJohn Wren Kennedy# Use is subject to license terms. 26d583b39bSJohn Wren Kennedy# 27d583b39bSJohn Wren Kennedy 28*1d32ba66SJohn Wren Kennedy# 29*1d32ba66SJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved. 30*1d32ba66SJohn Wren Kennedy# 31*1d32ba66SJohn Wren Kennedy 32d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33d583b39bSJohn Wren Kennedy 34d583b39bSJohn Wren Kennedy# 35d583b39bSJohn Wren Kennedy# DESCRIPTION: 36d583b39bSJohn Wren Kennedy# Verify chmod have correct behaviour to directory and file when setting 37d583b39bSJohn Wren Kennedy# different inherit strategy to them. 38d583b39bSJohn Wren Kennedy# 39d583b39bSJohn Wren Kennedy# STRATEGY: 40d583b39bSJohn Wren Kennedy# 1. Loop super user and non-super user to run the test case. 41d583b39bSJohn Wren Kennedy# 2. Create basedir and a set of subdirectores and files within it. 42d583b39bSJohn Wren Kennedy# 3. Separately chmod basedir with different inherite options. 43d583b39bSJohn Wren Kennedy# 4. Then create nested directories and files like the following. 44d583b39bSJohn Wren Kennedy# 45d583b39bSJohn Wren Kennedy# _ odir4 46d583b39bSJohn Wren Kennedy# |_ ofile4 47d583b39bSJohn Wren Kennedy# _ odir3 _| 48d583b39bSJohn Wren Kennedy# |_ ofile3 49d583b39bSJohn Wren Kennedy# _ odir1 _| 50d583b39bSJohn Wren Kennedy# |_ ofile2 51d583b39bSJohn Wren Kennedy# basefile | 52d583b39bSJohn Wren Kennedy# chmod --> basedir -| 53d583b39bSJohn Wren Kennedy# |_ nfile1 54d583b39bSJohn Wren Kennedy# |_ ndir1 _ 55d583b39bSJohn Wren Kennedy# |_ nfile2 56d583b39bSJohn Wren Kennedy# |_ ndir2 _ 57d583b39bSJohn Wren Kennedy# |_ nfile3 58d583b39bSJohn Wren Kennedy# |_ ndir3 59d583b39bSJohn Wren Kennedy# 60d583b39bSJohn Wren Kennedy# 5. Verify each directories and files have the correct access control 61d583b39bSJohn Wren Kennedy# capability. 62d583b39bSJohn Wren Kennedy# 63d583b39bSJohn Wren Kennedy 64d583b39bSJohn Wren Kennedyverify_runnable "both" 65d583b39bSJohn Wren Kennedy 66d583b39bSJohn Wren Kennedyfunction cleanup 67d583b39bSJohn Wren Kennedy{ 68d583b39bSJohn Wren Kennedy if [[ -f $basefile ]]; then 69*1d32ba66SJohn Wren Kennedy log_must rm -f $basefile 70d583b39bSJohn Wren Kennedy fi 71d583b39bSJohn Wren Kennedy if [[ -d $basedir ]]; then 72*1d32ba66SJohn Wren Kennedy log_must rm -rf $basedir 73d583b39bSJohn Wren Kennedy fi 74d583b39bSJohn Wren Kennedy} 75d583b39bSJohn Wren Kennedy 76d583b39bSJohn Wren Kennedylog_assert "Verify chmod have correct behaviour to directory and file when " \ 77d583b39bSJohn Wren Kennedy "setting different inherit strategies to them." 78d583b39bSJohn Wren Kennedylog_onexit cleanup 79d583b39bSJohn Wren Kennedy 80d583b39bSJohn Wren Kennedy# Define inherit flag 81d583b39bSJohn Wren Kennedyset -A object_flag file_inherit dir_inherit file_inherit/dir_inherit 82d583b39bSJohn Wren Kennedyset -A strategy_flag "" inherit_only no_propagate inherit_only/no_propagate 83d583b39bSJohn Wren Kennedy 84d583b39bSJohn Wren Kennedy# Defile the based directory and file 85d583b39bSJohn Wren Kennedybasedir=$TESTDIR/basedir; basefile=$TESTDIR/basefile 86d583b39bSJohn Wren Kennedy 87d583b39bSJohn Wren Kennedy# Define the existed files and directories before chmod 88d583b39bSJohn Wren Kennedyodir1=$basedir/odir1; odir2=$odir1/odir2; odir3=$odir2/odir3 89d583b39bSJohn Wren Kennedyofile1=$basedir/ofile1; ofile2=$odir1/ofile2; ofile3=$odir2/ofile3 90d583b39bSJohn Wren Kennedy 91d583b39bSJohn Wren Kennedy# Define the files and directories will be created after chmod 92d583b39bSJohn Wren Kennedyndir1=$basedir/ndir1; ndir2=$ndir1/ndir2; ndir3=$ndir2/ndir3 93d583b39bSJohn Wren Kennedynfile1=$basedir/nfile1; nfile2=$ndir1/nfile2; nfile3=$ndir2/nfile3 94d583b39bSJohn Wren Kennedy 95d583b39bSJohn Wren Kennedy# Verify all the node have expected correct access control 96d583b39bSJohn Wren Kennedyallnodes="$basedir $ndir1 $ndir2 $ndir3 $nfile1 $nfile2 $nfile3" 97d583b39bSJohn Wren Kennedyallnodes="$allnodes $odir1 $odir2 $odir3 $ofile1 $ofile2 $ofile3" 98d583b39bSJohn Wren Kennedy 99d583b39bSJohn Wren Kennedy# 100d583b39bSJohn Wren Kennedy# According to inherited flag, verify subdirectories and files within it has 101d583b39bSJohn Wren Kennedy# correct inherited access control. 102d583b39bSJohn Wren Kennedy# 103d583b39bSJohn Wren Kennedyfunction verify_inherit #<object> [strategy] 104d583b39bSJohn Wren Kennedy{ 105d583b39bSJohn Wren Kennedy # Define the nodes which will be affected by inherit. 106d583b39bSJohn Wren Kennedy typeset inherit_nodes 107d583b39bSJohn Wren Kennedy typeset obj=$1 108d583b39bSJohn Wren Kennedy typeset str=$2 109d583b39bSJohn Wren Kennedy 110*1d32ba66SJohn Wren Kennedy log_must usr_exec mkdir -p $ndir3 111*1d32ba66SJohn Wren Kennedy log_must usr_exec touch $nfile1 $nfile2 $nfile3 112d583b39bSJohn Wren Kennedy 113d583b39bSJohn Wren Kennedy # Except for inherit_only, the basedir was affected always. 114d583b39bSJohn Wren Kennedy if [[ $str != *"inherit_only"* ]]; then 115d583b39bSJohn Wren Kennedy inherit_nodes="$inherit_nodes $basedir" 116d583b39bSJohn Wren Kennedy fi 117d583b39bSJohn Wren Kennedy # Get the files which inherited ACE. 118d583b39bSJohn Wren Kennedy if [[ $obj == *"file_inherit"* ]]; then 119d583b39bSJohn Wren Kennedy inherit_nodes="$inherit_nodes $nfile1" 120d583b39bSJohn Wren Kennedy 121d583b39bSJohn Wren Kennedy if [[ $str != *"no_propagate"* ]]; then 122d583b39bSJohn Wren Kennedy inherit_nodes="$inherit_nodes $nfile2 $nfile3" 123d583b39bSJohn Wren Kennedy fi 124d583b39bSJohn Wren Kennedy fi 125d583b39bSJohn Wren Kennedy # Get the directores which inherited ACE. 126d583b39bSJohn Wren Kennedy if [[ $obj == *"dir_inherit"* ]]; then 127d583b39bSJohn Wren Kennedy inherit_nodes="$inherit_nodes $ndir1" 128d583b39bSJohn Wren Kennedy 129d583b39bSJohn Wren Kennedy if [[ $str != *"no_propagate"* ]]; then 130d583b39bSJohn Wren Kennedy inherit_nodes="$inherit_nodes $ndir2 $ndir3" 131d583b39bSJohn Wren Kennedy fi 132d583b39bSJohn Wren Kennedy fi 133d583b39bSJohn Wren Kennedy 134d583b39bSJohn Wren Kennedy for node in $allnodes; do 135d583b39bSJohn Wren Kennedy if [[ " $inherit_nodes " == *" $node "* ]]; then 136*1d32ba66SJohn Wren Kennedy log_mustnot chgusr_exec $ZFS_ACL_OTHER1 ls -vd $node \ 137d583b39bSJohn Wren Kennedy > /dev/null 2>&1 138d583b39bSJohn Wren Kennedy else 139*1d32ba66SJohn Wren Kennedy log_must chgusr_exec $ZFS_ACL_OTHER1 ls -vd $node \ 140d583b39bSJohn Wren Kennedy > /dev/null 2>&1 141d583b39bSJohn Wren Kennedy fi 142d583b39bSJohn Wren Kennedy done 143d583b39bSJohn Wren Kennedy} 144d583b39bSJohn Wren Kennedy 145d583b39bSJohn Wren Kennedyfor user in root $ZFS_ACL_STAFF1; do 146d583b39bSJohn Wren Kennedy log_must set_cur_usr $user 147d583b39bSJohn Wren Kennedy 148d583b39bSJohn Wren Kennedy for obj in "${object_flag[@]}"; do 149d583b39bSJohn Wren Kennedy for str in "${strategy_flag[@]}"; do 150d583b39bSJohn Wren Kennedy typeset inh_opt=$obj 151d583b39bSJohn Wren Kennedy (( ${#str} != 0 )) && inh_opt=$inh_opt/$str 152d583b39bSJohn Wren Kennedy aclspec="A+user:$ZFS_ACL_OTHER1:read_acl:$inh_opt:deny" 153d583b39bSJohn Wren Kennedy 154*1d32ba66SJohn Wren Kennedy log_must usr_exec mkdir $basedir 155*1d32ba66SJohn Wren Kennedy log_must usr_exec touch $basefile 156*1d32ba66SJohn Wren Kennedy log_must usr_exec mkdir -p $odir3 157*1d32ba66SJohn Wren Kennedy log_must usr_exec touch $ofile1 $ofile2 $ofile3 158d583b39bSJohn Wren Kennedy 159d583b39bSJohn Wren Kennedy # 160d583b39bSJohn Wren Kennedy # Inherit flag can only be placed on a directory, 161d583b39bSJohn Wren Kennedy # otherwise it will fail. 162d583b39bSJohn Wren Kennedy # 163*1d32ba66SJohn Wren Kennedy log_must usr_exec chmod $aclspec $basefile 164d583b39bSJohn Wren Kennedy 165d583b39bSJohn Wren Kennedy # 166d583b39bSJohn Wren Kennedy # Place on a directory should succeed. 167d583b39bSJohn Wren Kennedy # 168*1d32ba66SJohn Wren Kennedy log_must usr_exec chmod $aclspec $basedir 169d583b39bSJohn Wren Kennedy 170d583b39bSJohn Wren Kennedy verify_inherit $obj $str 171d583b39bSJohn Wren Kennedy 172*1d32ba66SJohn Wren Kennedy log_must usr_exec rm -rf $basefile $basedir 173d583b39bSJohn Wren Kennedy done 174d583b39bSJohn Wren Kennedy done 175d583b39bSJohn Wren Kennedydone 176d583b39bSJohn Wren Kennedy 177d583b39bSJohn Wren Kennedylog_pass "Verify chmod inherit behaviour passed." 178