1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28. $STF_SUITE/tests/functional/acl/acl_common.kshlib 29 30# 31# DESCRIPTION: 32# Verify that the read_xattr/write_xattr for 33# owner/group/everyone are correct. 34# 35# STRATEGY: 36# 1. Create file and directory in zfs filesystem 37# 2. Set special read_xattr ACE to the file and directory 38# 3. Try to list the extended attributes of the file and directory 39# 4. Set special write_xattr ACE to the file and directory 40# 5. Try to add new extended attributes to the file and directory 41# 6. Verify above operation is successful. 42# 43 44verify_runnable "both" 45 46function cleanup 47{ 48 cd $cwd 49 50 cleanup_test_files $TESTDIR/basedir 51 52 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 53 log_must $RM -f $TESTDIR/$ARCHIVEFILE 54 fi 55 56 return 0 57} 58 59# owner@ group group_users other_users 60set -A users \ 61 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 62 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 63 "$ZFS_ACL_OTHER1" 64 65set -A a_access \ 66 "read_xattr:allow" \ 67 "read_xattr:deny" \ 68 "write_xattr:allow" \ 69 "write_xattr:deny" 70 71set -A a_flag "owner@" "group@" "everyone@" 72 73MYTESTFILE=/etc/passwd 74 75log_assert "Verify that the permission of read_xattr/write_xattr for " \ 76 "owner/group/everyone are correct." 77log_onexit cleanup 78 79function operate_node #user node acl 80{ 81 typeset user=$1 82 typeset node=$2 83 typeset acl_t=$3 84 typeset ret 85 86 if [[ $user == "" || $node == "" ]]; then 87 log_fail "user, node are not defined." 88 fi 89 90 if [[ $acl_t == *read_xattr* ]]; then 91 chgusr_exec $user $RUNAT $node $LS > /dev/null 2>&1; ret=$? 92 elif [[ $acl_t == *write_xattr* ]]; then 93 chgusr_exec $user $RUNAT $node $CP $MYTESTFILE attr.1 ; ret=$? 94 95 if [[ $ret -eq 0 ]]; then 96 log_must cleanup_test_files $TESTDIR/basedir 97 log_must $TAR xpf@ $TESTDIR/$ARCHIVEFILE 98 fi 99 fi 100 101 return $ret 102} 103 104function logname #acl_target user 105{ 106 typeset acl_target=$1 107 typeset user=$2 108 typeset ret="log_mustnot" 109 110 # To super user, read and write deny permission was override. 111 if [[ $user == root || $acl_target == *:allow ]] then 112 ret="log_must" 113 fi 114 115 print $ret 116} 117 118function check_chmod_results #node flag acl_target g_usr o_usr 119{ 120 typeset node=$1 121 typeset flag=$2 122 typeset acl_target=$2:$3 123 typeset g_usr=$4 124 typeset o_usr=$5 125 typeset log 126 127 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 128 log=$(logname $acl_target $ZFS_ACL_CUR_USER) 129 $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 130 fi 131 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 132 log=$(logname $acl_target $g_usr) 133 $log operate_node $g_usr $node $acl_target 134 fi 135 if [[ $flag == "everyone@" ]]; then 136 log=$(logname $acl_target $o_usr) 137 $log operate_node $o_usr $node $acl_target 138 fi 139} 140 141function test_chmod_basic_access #node g_usr o_usr 142{ 143 typeset node=${1%/} 144 typeset g_usr=$2 145 typeset o_usr=$3 146 typeset flag acl_p acl_t parent 147 148 parent=${node%/*} 149 150 for flag in ${a_flag[@]}; do 151 for acl_t in "${a_access[@]}"; do 152 log_must usr_exec $CHMOD A+$flag:$acl_t $node 153 154 log_must $TAR cpf@ $TESTDIR/$ARCHIVEFILE basedir 155 156 check_chmod_results "$node" "$flag" \ 157 "$acl_t" "$g_usr" "$o_usr" 158 159 log_must usr_exec $CHMOD A0- $node 160 done 161 done 162} 163 164function setup_test_files #base_node user group 165{ 166 typeset base_node=$1 167 typeset user=$2 168 typeset group=$3 169 170 cleanup_test_files $base_node 171 172 log_must $MKDIR -p $base_node 173 log_must $CHOWN $user:$group $base_node 174 175 log_must set_cur_usr $user 176 177 # Prepare all files/sub-dirs for testing. 178 179 file0=$base_node/testfile_rm 180 181 dir0=$base_node/testdir_rm 182 183 log_must usr_exec $TOUCH $file0 184 log_must usr_exec $CHMOD 444 $file0 185 186 log_must usr_exec $RUNAT $file0 $CP $MYTESTFILE attr.0 187 188 log_must usr_exec $MKDIR -p $dir0 189 log_must usr_exec $CHMOD 555 $dir0 190 191 log_must usr_exec $RUNAT $dir0 $CP $MYTESTFILE attr.0 192 193 log_must usr_exec $CHMOD 777 $base_node 194 return 0 195} 196 197function cleanup_test_files #base_node 198{ 199 typeset base_node=$1 200 201 if [[ -d $base_node ]]; then 202 log_must $RM -rf $base_node 203 elif [[ -e $base_node ]]; then 204 log_must $RM -f $base_node 205 fi 206 207 return 0 208} 209 210typeset cwd=$PWD 211typeset ARCHIVEFILE=archive.tar 212 213typeset -i i=0 214typeset -i j=0 215typeset target 216 217while (( i < ${#users[@]} )); do 218 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 219 cd $TESTDIR 220 221 j=0 222 while (( j < 1 )); do 223 eval target=\$file$j 224 test_chmod_basic_access $target \ 225 "${users[((i+2))]}" "${users[((i+3))]}" 226 227 eval target=\$dir$j 228 test_chmod_basic_access $target \ 229 "${users[((i+2))]}" "${users[((i+3))]}" 230 231 (( j = j + 1 )) 232 done 233 234 (( i += 4 )) 235done 236 237log_pass "Verify that the permission of read_xattr/write_xattr for " \ 238 "owner/group/everyone are correct." 239