1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33 34# 35# DESCRIPTION: 36# Verify that the write_xattr for remove the extended attributes of 37# owner/group/everyone are correct. 38# 39# STRATEGY: 40# 1. Create file and directory in zfs filesystem 41# 2. Set special write_xattr ACE to the file and directory 42# 3. Try to remove the extended attributes of the file and directory 43# 4. Verify above operation is successful. 44# 45 46verify_runnable "both" 47 48function cleanup 49{ 50 cd $cwd 51 52 cleanup_test_files $TESTDIR/basedir 53 54 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then 55 log_must rm -f $TESTDIR/$ARCHIVEFILE 56 fi 57 58 return 0 59} 60 61# owner@ group group_users other_users 62set -A users \ 63 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 64 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" \ 65 "$ZFS_ACL_OTHER1" 66 67set -A a_access \ 68 "write_xattr:allow" \ 69 "write_xattr:deny" 70 71set -A a_flag "owner@" "group@" "everyone@" 72 73MYTESTFILE=/etc/passwd 74 75log_assert "Verify that the permission of write_xattr for " \ 76 "owner/group/everyone while remove extended attributes are correct." 77log_onexit cleanup 78 79function operate_node #user node acl 80{ 81 typeset user=$1 82 typeset node=$2 83 typeset acl_t=$3 84 typeset ret 85 86 if [[ $user == "" || $node == "" ]]; then 87 log_fail "user, node are not defined." 88 fi 89 90 chgusr_exec $user runat $node rm -f attr.0 ; ret=$? 91 92 if [[ $ret -eq 0 ]]; then 93 log_must cleanup_test_files $TESTDIR/basedir 94 log_must tar xpf@ $TESTDIR/$ARCHIVEFILE 95 fi 96 97 return $ret 98} 99 100function logname #acl_target owner user 101{ 102 typeset acl_target=$1 103 typeset owner=$2 104 typeset user=$3 105 typeset ret="log_mustnot" 106 107 # To super user, read and write deny permission was override. 108 if [[ $user == root || $owner == $user ]] then 109 ret="log_must" 110 fi 111 112 print $ret 113} 114 115function check_chmod_results #node flag acl_target owner g_usr o_usr 116{ 117 typeset node=$1 118 typeset flag=$2 119 typeset acl_target=$2:$3 120 typeset owner=$4 121 typeset g_usr=$5 122 typeset o_usr=$6 123 typeset log 124 125 if [[ $flag == "owner@" || $flag == "everyone@" ]]; then 126 log=$(logname $acl_target $owner $ZFS_ACL_CUR_USER) 127 $log operate_node $ZFS_ACL_CUR_USER $node $acl_target 128 fi 129 if [[ $flag == "group@" || $flag == "everyone@" ]]; then 130 log=$(logname $acl_target $owner $g_usr) 131 $log operate_node $g_usr $node $acl_target 132 fi 133 if [[ $flag == "everyone@" ]]; then 134 log=$(logname $acl_target $owner $o_usr) 135 $log operate_node $o_usr $node $acl_target 136 fi 137} 138 139function test_chmod_basic_access #node owner g_usr o_usr 140{ 141 typeset node=${1%/} 142 typeset owner=$2 143 typeset g_usr=$3 144 typeset o_usr=$4 145 typeset flag acl_p acl_t parent 146 147 parent=${node%/*} 148 149 for flag in ${a_flag[@]}; do 150 for acl_t in "${a_access[@]}"; do 151 log_must usr_exec chmod A+$flag:$acl_t $node 152 153 log_must tar cpf@ $TESTDIR/$ARCHIVEFILE basedir 154 155 check_chmod_results "$node" "$flag" \ 156 "$acl_t" "$owner" "$g_usr" "$o_usr" 157 158 log_must usr_exec chmod A0- $node 159 done 160 done 161} 162 163function setup_test_files #base_node user group 164{ 165 typeset base_node=$1 166 typeset user=$2 167 typeset group=$3 168 169 cleanup_test_files $base_node 170 171 log_must mkdir -p $base_node 172 log_must chown $user:$group $base_node 173 174 log_must set_cur_usr $user 175 176 # Prepare all files/sub-dirs for testing. 177 178 file0=$base_node/testfile_rm 179 180 dir0=$base_node/testdir_rm 181 182 log_must usr_exec touch $file0 183 log_must usr_exec chmod 444 $file0 184 185 log_must usr_exec runat $file0 cp $MYTESTFILE attr.0 186 187 log_must usr_exec mkdir -p $dir0 188 log_must usr_exec chmod 555 $dir0 189 190 log_must usr_exec runat $dir0 cp $MYTESTFILE attr.0 191 192 log_must usr_exec chmod 555 $base_node 193 return 0 194} 195 196function cleanup_test_files #base_node 197{ 198 typeset base_node=$1 199 200 if [[ -d $base_node ]]; then 201 log_must rm -rf $base_node 202 elif [[ -e $base_node ]]; then 203 log_must rm -f $base_node 204 fi 205 206 return 0 207} 208 209typeset cwd=$PWD 210typeset ARCHIVEFILE=archive.tar 211 212typeset -i i=0 213typeset -i j=0 214typeset target 215 216while (( i < ${#users[@]} )); do 217 setup_test_files $TESTDIR/basedir ${users[i]} ${users[((i+1))]} 218 cd $TESTDIR 219 220 j=0 221 while (( j < 1 )); do 222 eval target=\$file$j 223 test_chmod_basic_access $target ${users[i]} \ 224 "${users[((i+2))]}" "${users[((i+3))]}" 225 226 eval target=\$dir$j 227 test_chmod_basic_access $target ${users[i]} \ 228 "${users[((i+2))]}" "${users[((i+3))]}" 229 230 (( j = j + 1 )) 231 done 232 233 (( i += 4 )) 234done 235 236log_pass "Verify that the permission of write_xattr for " \ 237 "owner/group/everyone while remove extended attributes are correct." 238