1d583b39bSJohn Wren Kennedy#!/bin/ksh -p 2d583b39bSJohn Wren Kennedy# 3d583b39bSJohn Wren Kennedy# CDDL HEADER START 4d583b39bSJohn Wren Kennedy# 5d583b39bSJohn Wren Kennedy# The contents of this file are subject to the terms of the 6d583b39bSJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7d583b39bSJohn Wren Kennedy# You may not use this file except in compliance with the License. 8d583b39bSJohn Wren Kennedy# 9d583b39bSJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10d583b39bSJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11d583b39bSJohn Wren Kennedy# See the License for the specific language governing permissions 12d583b39bSJohn Wren Kennedy# and limitations under the License. 13d583b39bSJohn Wren Kennedy# 14d583b39bSJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15d583b39bSJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16d583b39bSJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17d583b39bSJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18d583b39bSJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19d583b39bSJohn Wren Kennedy# 20d583b39bSJohn Wren Kennedy# CDDL HEADER END 21d583b39bSJohn Wren Kennedy# 22d583b39bSJohn Wren Kennedy 23d583b39bSJohn Wren Kennedy# 24d583b39bSJohn Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25d583b39bSJohn Wren Kennedy# Use is subject to license terms. 26d583b39bSJohn Wren Kennedy# 27d583b39bSJohn Wren Kennedy 281d32ba66SJohn Wren Kennedy# 291d32ba66SJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved. 30*6990962cSToomas Soome# Copyright 2023 RackTop Systems, Inc. 311d32ba66SJohn Wren Kennedy# 321d32ba66SJohn Wren Kennedy 33d583b39bSJohn Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib 34d583b39bSJohn Wren Kennedy 35d583b39bSJohn Wren Kennedy# 36d583b39bSJohn Wren Kennedy# DESCRIPTION: 37d583b39bSJohn Wren Kennedy# Verify that the write_xattr for remove the extended attributes of 38d583b39bSJohn Wren Kennedy# owner/group/everyone are correct. 39d583b39bSJohn Wren Kennedy# 40d583b39bSJohn Wren Kennedy# STRATEGY: 41d583b39bSJohn Wren Kennedy# 1. Create file and directory in zfs filesystem 42d583b39bSJohn Wren Kennedy# 2. Set special write_xattr ACE to the file and directory 43d583b39bSJohn Wren Kennedy# 3. Try to remove the extended attributes of the file and directory 44d583b39bSJohn Wren Kennedy# 4. Verify above operation is successful. 45d583b39bSJohn Wren Kennedy# 46d583b39bSJohn Wren Kennedy 47d583b39bSJohn Wren Kennedyverify_runnable "both" 48d583b39bSJohn Wren Kennedy 49d583b39bSJohn Wren Kennedyfunction cleanup 50d583b39bSJohn Wren Kennedy{ 51d583b39bSJohn Wren Kennedy cd $cwd 52d583b39bSJohn Wren Kennedy 53d583b39bSJohn Wren Kennedy cleanup_test_files $TESTDIR/basedir 54d583b39bSJohn Wren Kennedy 55d583b39bSJohn Wren Kennedy if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 561d32ba66SJohn Wren Kennedy log_must rm -f $TESTDIR/$ARCHIVEFILE 57d583b39bSJohn Wren Kennedy fi 58d583b39bSJohn Wren Kennedy 59d583b39bSJohn Wren Kennedy return 0 60d583b39bSJohn Wren Kennedy} 61d583b39bSJohn Wren Kennedy 62d583b39bSJohn Wren Kennedy# owner@ group group_users other_users 63d583b39bSJohn Wren Kennedyset -A users \ 64d583b39bSJohn Wren Kennedy "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 65d583b39bSJohn Wren Kennedy "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 66d583b39bSJohn Wren Kennedy "$ZFS_ACL_OTHER1" 67d583b39bSJohn Wren Kennedy 68d583b39bSJohn Wren Kennedyset -A a_access \ 69d583b39bSJohn Wren Kennedy "write_xattr:allow" \ 70d583b39bSJohn Wren Kennedy "write_xattr:deny" 71d583b39bSJohn Wren Kennedy 72d583b39bSJohn Wren Kennedyset -A a_flag "owner@" "group@" "everyone@" 73d583b39bSJohn Wren Kennedy 74d583b39bSJohn Wren KennedyMYTESTFILE=/etc/passwd 75d583b39bSJohn Wren Kennedy 76d583b39bSJohn Wren Kennedylog_assert "Verify that the permission of write_xattr for " \ 77d583b39bSJohn Wren Kennedy "owner/group/everyone while remove extended attributes are correct." 78d583b39bSJohn Wren Kennedylog_onexit cleanup 79d583b39bSJohn Wren Kennedy 80d583b39bSJohn Wren Kennedyfunction operate_node #user node acl 81d583b39bSJohn Wren Kennedy{ 82d583b39bSJohn Wren Kennedy typeset user=$1 83d583b39bSJohn Wren Kennedy typeset node=$2 84d583b39bSJohn Wren Kennedy typeset acl_t=$3 85d583b39bSJohn Wren Kennedy typeset ret 86d583b39bSJohn Wren Kennedy 87d583b39bSJohn Wren Kennedy if [[ $user == "" || $node == "" ]]; then 88d583b39bSJohn Wren Kennedy log_fail "user, node are not defined." 89d583b39bSJohn Wren Kennedy fi 90d583b39bSJohn Wren Kennedy 911d32ba66SJohn Wren Kennedy chgusr_exec $user runat $node rm -f attr.0 ; ret=$? 92d583b39bSJohn Wren Kennedy 93d583b39bSJohn Wren Kennedy if [[ $ret -eq 0 ]]; then 94d583b39bSJohn Wren Kennedy log_must cleanup_test_files $TESTDIR/basedir 951d32ba66SJohn Wren Kennedy log_must tar xpf@ $TESTDIR/$ARCHIVEFILE 96d583b39bSJohn Wren Kennedy fi 97d583b39bSJohn Wren Kennedy 98d583b39bSJohn Wren Kennedy return $ret 99d583b39bSJohn Wren Kennedy} 100d583b39bSJohn Wren Kennedy 101d583b39bSJohn Wren Kennedyfunction logname #acl_target owner user 102d583b39bSJohn Wren Kennedy{ 103d583b39bSJohn Wren Kennedy typeset acl_target=$1 104d583b39bSJohn Wren Kennedy typeset owner=$2 105d583b39bSJohn Wren Kennedy typeset user=$3 106d583b39bSJohn Wren Kennedy typeset ret="log_mustnot" 107d583b39bSJohn Wren Kennedy 108d583b39bSJohn Wren Kennedy # To super user, read and write deny permission was override. 109d583b39bSJohn Wren Kennedy if [[ $user == root || $owner == $user ]] then 110d583b39bSJohn Wren Kennedy ret="log_must" 111d583b39bSJohn Wren Kennedy fi 112d583b39bSJohn Wren Kennedy 113d583b39bSJohn Wren Kennedy print $ret 114d583b39bSJohn Wren Kennedy} 115d583b39bSJohn Wren Kennedy 116d583b39bSJohn Wren Kennedyfunction check_chmod_results #node flag acl_target owner g_usr o_usr 117d583b39bSJohn Wren Kennedy{ 118d583b39bSJohn Wren Kennedy typeset node=$1 119d583b39bSJohn Wren Kennedy typeset flag=$2 120d583b39bSJohn Wren Kennedy typeset acl_target=$2:$3 121d583b39bSJohn Wren Kennedy typeset owner=$4 122d583b39bSJohn Wren Kennedy typeset g_usr=$5 123d583b39bSJohn Wren Kennedy typeset o_usr=$6 124d583b39bSJohn Wren Kennedy typeset log 125d583b39bSJohn Wren Kennedy 126d583b39bSJohn Wren Kennedy if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 127d583b39bSJohn Wren Kennedy log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER) 128d583b39bSJohn Wren Kennedy $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 129d583b39bSJohn Wren Kennedy fi 130d583b39bSJohn Wren Kennedy if [[ $flag == "group@" || $flag == "everyone@" ]]; then 131d583b39bSJohn Wren Kennedy log=$(logname $acl_target $owner $g_usr) 132d583b39bSJohn Wren Kennedy $log operate_node $g_usr $node $acl_target 133d583b39bSJohn Wren Kennedy fi 134d583b39bSJohn Wren Kennedy if [[ $flag == "everyone@" ]]; then 135d583b39bSJohn Wren Kennedy log=$(logname $acl_target $owner $o_usr) 136d583b39bSJohn Wren Kennedy $log operate_node $o_usr $node $acl_target 137d583b39bSJohn Wren Kennedy fi 138d583b39bSJohn Wren Kennedy} 139d583b39bSJohn Wren Kennedy 140d583b39bSJohn Wren Kennedyfunction test_chmod_basic_access #node owner g_usr o_usr 141d583b39bSJohn Wren Kennedy{ 142d583b39bSJohn Wren Kennedy typeset node=${1%/} 143d583b39bSJohn Wren Kennedy typeset owner=$2 144d583b39bSJohn Wren Kennedy typeset g_usr=$3 145d583b39bSJohn Wren Kennedy typeset o_usr=$4 146d583b39bSJohn Wren Kennedy typeset flag acl_p acl_t parent 147d583b39bSJohn Wren Kennedy 148d583b39bSJohn Wren Kennedy parent=${node%/*} 149d583b39bSJohn Wren Kennedy 150d583b39bSJohn Wren Kennedy for flag in ${a_flag[@]}; do 151d583b39bSJohn Wren Kennedy for acl_t in "${a_access[@]}"; do 1521d32ba66SJohn Wren Kennedy log_must usr_exec chmod A+$flag:$acl_t $node 153d583b39bSJohn Wren Kennedy 1541d32ba66SJohn Wren Kennedy log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir 155d583b39bSJohn Wren Kennedy 156d583b39bSJohn Wren Kennedy check_chmod_results "$node" "$flag" \ 157d583b39bSJohn Wren Kennedy "$acl_t" "$owner" "$g_usr" "$o_usr" 158d583b39bSJohn Wren Kennedy 159*6990962cSToomas Soome log_pos usr_exec chmod A-$flag:$acl_t $node 160d583b39bSJohn Wren Kennedy done 161d583b39bSJohn Wren Kennedy done 162d583b39bSJohn Wren Kennedy} 163d583b39bSJohn Wren Kennedy 164d583b39bSJohn Wren Kennedyfunction setup_test_files #base_node user group 165d583b39bSJohn Wren Kennedy{ 166d583b39bSJohn Wren Kennedy typeset base_node=$1 167d583b39bSJohn Wren Kennedy typeset user=$2 168d583b39bSJohn Wren Kennedy typeset group=$3 169d583b39bSJohn Wren Kennedy 170d583b39bSJohn Wren Kennedy cleanup_test_files $base_node 171d583b39bSJohn Wren Kennedy 1721d32ba66SJohn Wren Kennedy log_must mkdir -p $base_node 1731d32ba66SJohn Wren Kennedy log_must chown $user:$group $base_node 174d583b39bSJohn Wren Kennedy 175d583b39bSJohn Wren Kennedy log_must set_cur_usr $user 176d583b39bSJohn Wren Kennedy 177d583b39bSJohn Wren Kennedy # Prepare all files/sub-dirs for testing. 178d583b39bSJohn Wren Kennedy 179d583b39bSJohn Wren Kennedy file0=$base_node/testfile_rm 180d583b39bSJohn Wren Kennedy 181d583b39bSJohn Wren Kennedy dir0=$base_node/testdir_rm 182d583b39bSJohn Wren Kennedy 1831d32ba66SJohn Wren Kennedy log_must usr_exec touch $file0 1841d32ba66SJohn Wren Kennedy log_must usr_exec chmod 444 $file0 185d583b39bSJohn Wren Kennedy 1861d32ba66SJohn Wren Kennedy log_must usr_exec runat $file0 cp $MYTESTFILE attr.0 187d583b39bSJohn Wren Kennedy 1881d32ba66SJohn Wren Kennedy log_must usr_exec mkdir -p $dir0 1891d32ba66SJohn Wren Kennedy log_must usr_exec chmod 555 $dir0 190d583b39bSJohn Wren Kennedy 1911d32ba66SJohn Wren Kennedy log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0 192d583b39bSJohn Wren Kennedy 1931d32ba66SJohn Wren Kennedy log_must usr_exec chmod 555 $base_node 194d583b39bSJohn Wren Kennedy return 0 195d583b39bSJohn Wren Kennedy} 196d583b39bSJohn Wren Kennedy 197d583b39bSJohn Wren Kennedyfunction cleanup_test_files #base_node 198d583b39bSJohn Wren Kennedy{ 199d583b39bSJohn Wren Kennedy typeset base_node=$1 200d583b39bSJohn Wren Kennedy 201d583b39bSJohn Wren Kennedy if [[ -d $base_node ]]; then 2021d32ba66SJohn Wren Kennedy log_must rm -rf $base_node 203d583b39bSJohn Wren Kennedy elif [[ -e $base_node ]]; then 2041d32ba66SJohn Wren Kennedy log_must rm -f $base_node 205d583b39bSJohn Wren Kennedy fi 206d583b39bSJohn Wren Kennedy 207d583b39bSJohn Wren Kennedy return 0 208d583b39bSJohn Wren Kennedy} 209d583b39bSJohn Wren Kennedy 210d583b39bSJohn Wren Kennedytypeset cwd=$PWD 211d583b39bSJohn Wren Kennedytypeset ARCHIVEFILE=archive.tar 212d583b39bSJohn Wren Kennedy 213d583b39bSJohn Wren Kennedytypeset -i i=0 214d583b39bSJohn Wren Kennedytypeset -i j=0 215d583b39bSJohn Wren Kennedytypeset target 216d583b39bSJohn Wren Kennedy 217d583b39bSJohn Wren Kennedywhile (( i < ${#users[@]} )); do 218d583b39bSJohn Wren Kennedy setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 219d583b39bSJohn Wren Kennedy cd $TESTDIR 220d583b39bSJohn Wren Kennedy 221d583b39bSJohn Wren Kennedy j=0 222d583b39bSJohn Wren Kennedy while (( j < 1 )); do 223d583b39bSJohn Wren Kennedy eval target=\$file$j 224d583b39bSJohn Wren Kennedy test_chmod_basic_access $target ${users[i]} \ 225d583b39bSJohn Wren Kennedy "${users[((i+2))]}" "${users[((i+3))]}" 226d583b39bSJohn Wren Kennedy 227d583b39bSJohn Wren Kennedy eval target=\$dir$j 228d583b39bSJohn Wren Kennedy test_chmod_basic_access $target ${users[i]} \ 229d583b39bSJohn Wren Kennedy "${users[((i+2))]}" "${users[((i+3))]}" 230d583b39bSJohn Wren Kennedy 231d583b39bSJohn Wren Kennedy (( j = j + 1 )) 232d583b39bSJohn Wren Kennedy done 233d583b39bSJohn Wren Kennedy 234d583b39bSJohn Wren Kennedy (( i += 4 )) 235d583b39bSJohn Wren Kennedydone 236d583b39bSJohn Wren Kennedy 237d583b39bSJohn Wren Kennedylog_pass "Verify that the permission of write_xattr for " \ 238d583b39bSJohn Wren Kennedy "owner/group/everyone while remove extended attributes are correct." 239