1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33 34# 35# DESCRIPTION: 36# Verify that the read_xattr/write_xattr for 37# owner/group/everyone are correct. 38# 39# STRATEGY: 40# 1. Create file and directory in zfs filesystem 41# 2. Set special read_xattr ACE to the file and directory 42# 3. Try to list the extended attributes of the file and directory 43# 4. Set special write_xattr ACE to the file and directory 44# 5. Try to add new extended attributes to the file and directory 45# 6. Verify above operation is successful. 46# 47 48verify_runnable "both" 49 50function cleanup 51{ 52 cd $cwd 53 54 cleanup_test_files $TESTDIR/basedir 55 56 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 57 log_must rm -f $TESTDIR/$ARCHIVEFILE 58 fi 59 60 return 0 61} 62 63# owner@ group group_users other_users 64set -A users \ 65 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 66 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 67 "$ZFS_ACL_OTHER1" 68 69set -A a_access \ 70 "read_xattr:allow" \ 71 "read_xattr:deny" \ 72 "write_xattr:allow" \ 73 "write_xattr:deny" 74 75set -A a_flag "owner@" "group@" "everyone@" 76 77MYTESTFILE=/etc/passwd 78 79log_assert "Verify that the permission of read_xattr/write_xattr for " \ 80 "owner/group/everyone are correct." 81log_onexit cleanup 82 83function operate_node #user node acl 84{ 85 typeset user=$1 86 typeset node=$2 87 typeset acl_t=$3 88 typeset ret 89 90 if [[ $user == "" || $node == "" ]]; then 91 log_fail "user, node are not defined." 92 fi 93 94 if [[ $acl_t == *read_xattr* ]]; then 95 chgusr_exec $user runat $node ls > /dev/null 2>&1; ret=$? 96 elif [[ $acl_t == *write_xattr* ]]; then 97 chgusr_exec $user runat $node cp $MYTESTFILE attr.1 ; ret=$? 98 99 if [[ $ret -eq 0 ]]; then 100 log_must cleanup_test_files $TESTDIR/basedir 101 log_must tar xpf@ $TESTDIR/$ARCHIVEFILE 102 fi 103 fi 104 105 return $ret 106} 107 108function logname #acl_target user 109{ 110 typeset acl_target=$1 111 typeset user=$2 112 typeset ret="log_mustnot" 113 114 # To super user, read and write deny permission was override. 115 if [[ $user == root || $acl_target == *:allow ]] then 116 ret="log_must" 117 fi 118 119 print $ret 120} 121 122function check_chmod_results #node flag acl_target g_usr o_usr 123{ 124 typeset node=$1 125 typeset flag=$2 126 typeset acl_target=$2:$3 127 typeset g_usr=$4 128 typeset o_usr=$5 129 typeset log 130 131 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 132 log=$(logname $acl_target $ZFS_ACL_CUR_USER) 133 $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 134 fi 135 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 136 log=$(logname $acl_target $g_usr) 137 $log operate_node $g_usr $node $acl_target 138 fi 139 if [[ $flag == "everyone@" ]]; then 140 log=$(logname $acl_target $o_usr) 141 $log operate_node $o_usr $node $acl_target 142 fi 143} 144 145function test_chmod_basic_access #node g_usr o_usr 146{ 147 typeset node=${1%/} 148 typeset g_usr=$2 149 typeset o_usr=$3 150 typeset flag acl_p acl_t parent 151 152 parent=${node%/*} 153 154 for flag in ${a_flag[@]}; do 155 for acl_t in "${a_access[@]}"; do 156 log_must usr_exec chmod A+$flag:$acl_t $node 157 158 log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir 159 160 check_chmod_results "$node" "$flag" \ 161 "$acl_t" "$g_usr" "$o_usr" 162 163 log_must usr_exec chmod A0- $node 164 done 165 done 166} 167 168function setup_test_files #base_node user group 169{ 170 typeset base_node=$1 171 typeset user=$2 172 typeset group=$3 173 174 cleanup_test_files $base_node 175 176 log_must mkdir -p $base_node 177 log_must chown $user:$group $base_node 178 179 log_must set_cur_usr $user 180 181 # Prepare all files/sub-dirs for testing. 182 183 file0=$base_node/testfile_rm 184 185 dir0=$base_node/testdir_rm 186 187 log_must usr_exec touch $file0 188 log_must usr_exec chmod 444 $file0 189 190 log_must usr_exec runat $file0 cp $MYTESTFILE attr.0 191 192 log_must usr_exec mkdir -p $dir0 193 log_must usr_exec chmod 555 $dir0 194 195 log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0 196 197 log_must usr_exec chmod 777 $base_node 198 return 0 199} 200 201function cleanup_test_files #base_node 202{ 203 typeset base_node=$1 204 205 if [[ -d $base_node ]]; then 206 log_must rm -rf $base_node 207 elif [[ -e $base_node ]]; then 208 log_must rm -f $base_node 209 fi 210 211 return 0 212} 213 214typeset cwd=$PWD 215typeset ARCHIVEFILE=archive.tar 216 217typeset -i i=0 218typeset -i j=0 219typeset target 220 221while (( i < ${#users[@]} )); do 222 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 223 cd $TESTDIR 224 225 j=0 226 while (( j < 1 )); do 227 eval target=\$file$j 228 test_chmod_basic_access $target \ 229 "${users[((i+2))]}" "${users[((i+3))]}" 230 231 eval target=\$dir$j 232 test_chmod_basic_access $target \ 233 "${users[((i+2))]}" "${users[((i+3))]}" 234 235 (( j = j + 1 )) 236 done 237 238 (( i += 4 )) 239done 240 241log_pass "Verify that the permission of read_xattr/write_xattr for " \ 242 "owner/group/everyone are correct." 243