xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/delegate/delegate_common.kshlib (revision 14b24e2b79293068c8e016a69ef1d872fb5e2fd5)
1#
2# CDDL HEADER START
3#
4# The contents of this file are subject to the terms of the
5# Common Development and Distribution License (the "License").
6# You may not use this file except in compliance with the License.
7#
8# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9# or http://www.opensolaris.org/os/licensing.
10# See the License for the specific language governing permissions
11# and limitations under the License.
12#
13# When distributing Covered Code, include this CDDL HEADER in each
14# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15# If applicable, add the following below this CDDL HEADER, with the
16# fields enclosed by brackets "[]" replaced with your own identifying
17# information: Portions Copyright [yyyy] [name of copyright owner]
18#
19# CDDL HEADER END
20#
21
22#
23# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26
27#
28# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
29# Copyright 2016 Nexenta Systems, Inc.
30#
31
32. $STF_SUITE/include/libtest.shlib
33. $STF_SUITE/tests/functional/delegate/delegate.cfg
34
35#
36# Cleanup exist user/group.
37#
38function cleanup_user_group
39{
40	typeset i
41	for i in $STAFF1 $STAFF2 $OTHER1 $OTHER2 ; do
42		del_user $i
43	done
44	for i in $STAFF_GROUP $OTHER_GROUP ; do
45		del_group $i
46	done
47
48	return 0
49}
50
51#
52# Restore test file system to the original status.
53#
54function restore_root_datasets
55{
56	if datasetexists $ROOT_TESTFS ; then
57		log_must zfs destroy -Rf $ROOT_TESTFS
58	fi
59	log_must zfs create $ROOT_TESTFS
60
61	if is_global_zone ; then
62		if datasetexists $ROOT_TESTVOL ; then
63			log_must zfs destroy -Rf $ROOT_TESTVOL
64		fi
65		log_must zfs create -V $VOLSIZE $ROOT_TESTVOL
66	fi
67
68	return 0
69}
70
71#
72# Verify the specified user have permission on the dataset
73#
74# $1 dataset
75# $2 permissions which are separated by comma(,)
76# $3-n users
77#
78function verify_perm
79{
80	typeset dtst=$1
81	typeset permissions=$2
82	shift 2
83
84	if [[ -z $@ || -z $permissions || -z $dtst ]]; then
85		return 1
86	fi
87
88	typeset type=$(get_prop type $dtst)
89	permissions=$(echo $permissions | tr -s "," " ")
90
91	typeset user
92	for user in $@; do
93		typeset perm
94		for perm in $permissions; do
95			typeset -i ret=1
96			if [[ $type == "filesystem" ]]; then
97				check_fs_perm $user $perm $dtst
98				ret=$?
99			elif [[ $type == "volume" ]]; then
100				check_vol_perm $user $perm $dtst
101				ret=$?
102			fi
103
104			if ((ret != 0)) ; then
105				log_note "Fail: $user should have $perm " \
106					"on $dtst"
107				return 1
108			fi
109		done
110	done
111
112	return 0
113}
114
115#
116# Verify the specified user have no permission on the dataset
117#
118# $1 dataset
119# $2 permissions which are separated by comma(,)
120# $3-n users
121#
122function verify_noperm
123{
124	typeset dtst=$1
125	typeset permissions=$2
126	shift 2
127
128	if [[ -z $@ || -z $permissions || -z $dtst ]]; then
129		return 1
130	fi
131
132	typeset type=$(get_prop type $dtst)
133	permissions=$(echo $permissions | tr -s "," " ")
134
135	typeset user
136	for user in $@; do
137		typeset perm
138		for perm in $permissions; do
139			typeset -i ret=1
140			if [[ $type == "filesystem" ]]; then
141				check_fs_perm $user $perm $dtst
142				ret=$?
143			elif [[ $type == "volume" ]]; then
144				check_vol_perm $user $perm $dtst
145				ret=$?
146			fi
147
148			if ((ret == 0)) ; then
149				log_note "Fail: $user should not have $perm " \
150					"on $dtst"
151				return 1
152			fi
153		done
154	done
155
156	return 0
157}
158
159function common_perm
160{
161	typeset user=$1
162	typeset perm=$2
163	typeset dtst=$3
164
165	typeset -i ret=1
166	case $perm in
167		send)
168			verify_send $user $perm $dtst
169			ret=$?
170			;;
171		allow)
172			verify_allow $user $perm $dtst
173			ret=$?
174			;;
175		userprop)
176			verify_userprop $user $perm $dtst
177			ret=$?
178			;;
179		compression|checksum|readonly)
180			verify_ccr $user $perm $dtst
181			ret=$?
182			;;
183		copies)
184			verify_copies $user $perm $dtst
185			ret=$?
186			;;
187		reservation)
188			verify_reservation $user $perm $dtst
189			ret=$?
190			;;
191		*)
192			ret=1
193			;;
194	esac
195
196	return $ret
197}
198
199function check_fs_perm
200{
201	typeset user=$1
202	typeset perm=$2
203	typeset fs=$3
204
205	typeset -i ret=1
206	case $perm in
207		create)
208			verify_fs_create $user $perm $fs
209			ret=$?
210			;;
211		destroy)
212			verify_fs_destroy $user $perm $fs
213			ret=$?
214			;;
215		snapshot)
216			verify_fs_snapshot $user $perm $fs
217			ret=$?
218			;;
219		rollback)
220			verify_fs_rollback $user $perm $fs
221			ret=$?
222			;;
223		clone)
224			verify_fs_clone $user $perm $fs
225			ret=$?
226			;;
227		rename)
228			verify_fs_rename $user $perm $fs
229			ret=$?
230			;;
231		mount)
232			verify_fs_mount $user $perm $fs
233			ret=$?
234			;;
235		share)
236			verify_fs_share $user $perm $fs
237			ret=$?
238			;;
239		mountpoint)
240			verify_fs_mountpoint $user $perm $fs
241			ret=$?
242			;;
243		promote)
244			verify_fs_promote $user $perm $fs
245			ret=$?
246			;;
247		canmount)
248			verify_fs_canmount $user $perm $fs
249			ret=$?
250			;;
251		recordsize)
252			verify_fs_recordsize $user $perm $fs
253			ret=$?
254			;;
255		quota)
256			verify_fs_quota $user $perm $fs
257			ret=$?
258			;;
259		aclmode)
260			verify_fs_aclmode $user $perm $fs
261			ret=$?
262			;;
263		aclinherit)
264			verify_fs_aclinherit $user $perm $fs
265			ret=$?
266			;;
267		snapdir)
268			verify_fs_snapdir $user $perm $fs
269			ret=$?
270			;;
271		atime|exec|devices|setuid|xattr)
272			verify_fs_aedsx $user $perm $fs
273			ret=$?
274			;;
275		zoned)
276			verify_fs_zoned $user $perm $fs
277			ret=$?
278			;;
279		sharenfs)
280			verify_fs_sharenfs $user $perm $fs
281			ret=$?
282			;;
283		receive)
284			verify_fs_receive $user $perm $fs
285			ret=$?
286			;;
287		*)
288			common_perm $user $perm $fs
289			ret=$?
290			;;
291	esac
292
293	return $ret
294}
295
296function check_vol_perm
297{
298	typeset user=$1
299	typeset perm=$2
300	typeset vol=$3
301
302	typeset -i ret=1
303	case $perm in
304		destroy)
305			verify_vol_destroy $user $perm $vol
306			ret=$?
307			;;
308		snapshot)
309			verify_vol_snapshot $user $perm $vol
310			ret=$?
311			;;
312		rollback)
313			verify_vol_rollback $user $perm $vol
314			ret=$?
315			;;
316		clone)
317			verify_vol_clone $user $perm $vol
318			ret=$?
319			;;
320		rename)
321			verify_vol_rename $user $perm $vol
322			ret=$?
323			;;
324		promote)
325			verify_vol_promote $user $perm $vol
326			ret=$?
327			;;
328		volsize)
329			verify_vol_volsize $user $perm $vol
330			ret=$?
331			;;
332		*)
333			common_perm $user $perm $vol
334			ret=$?
335			;;
336	esac
337
338	return $ret
339}
340
341function setup_unallow_testenv
342{
343	log_must restore_root_datasets
344
345	log_must zfs create $SUBFS
346
347	for dtst in $DATASETS ; do
348		log_must zfs allow -l $STAFF1 $LOCAL_SET $dtst
349		log_must zfs allow -d $STAFF2 $DESC_SET  $dtst
350		log_must zfs allow $OTHER1 $LOCAL_DESC_SET $dtst
351		log_must zfs allow $OTHER2 $LOCAL_DESC_SET $dtst
352
353		log_must verify_perm $dtst $LOCAL_SET $STAFF1
354		log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER1
355		log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2
356		if [[ $dtst == $ROOT_TESTFS ]]; then
357			log_must verify_perm $SUBFS $DESC_SET $STAFF2
358			log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER1
359			log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER2
360		fi
361	done
362
363	return 0
364}
365
366#
367# Verify permission send for specified user on the dataset
368# $1 user
369# $2 permission
370# $3 dataset
371#
372function verify_send
373{
374	typeset user=$1
375	typeset perm=$2
376	typeset dtst=$3
377
378	typeset oldval
379	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
380	typeset snap=$dtst@snap.$stamp
381
382	typeset -i ret=1
383
384	log_must zfs snapshot $snap
385	typeset bak_user=/tmp/bak.$user.$stamp
386	typeset bak_root=/tmp/bak.root.$stamp
387
388	user_run $user eval "zfs send $snap > $bak_user"
389	log_must eval "zfs send $snap > $bak_root"
390
391	if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
392		ret=0
393	fi
394
395	rm -rf $bak_user > /dev/null
396	rm -rf $bak_root > /dev/null
397
398	return $ret
399}
400
401function verify_fs_receive
402{
403	typeset user=$1
404	typeset perm=$2
405	typeset fs=$3
406
407	typeset dtst
408	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
409	typeset newfs=$fs/newfs.$stamp
410	typeset newvol=$fs/newvol.$stamp
411	typeset bak_user=/tmp/bak.$user.$stamp
412	typeset bak_root=/tmp/bak.root.$stamp
413
414	log_must zfs create $newfs
415	typeset datasets="$newfs"
416	if is_global_zone ; then
417		log_must zfs create -V $VOLSIZE $newvol
418		datasets="$newfs $newvol"
419	fi
420
421	for dtst in $datasets ; do
422
423		typeset dtstsnap=$dtst@snap.$stamp
424		log_must zfs snapshot $dtstsnap
425
426		log_must eval "zfs send $dtstsnap > $bak_root"
427		log_must zfs destroy -rf $dtst
428
429		user_run $user eval "zfs receive $dtst < $bak_root"
430		if datasetexists $dtstsnap ; then
431			return 1
432		fi
433
434		log_must zfs allow $user create $fs
435		user_run $user eval "zfs receive $dtst < $bak_root"
436		log_must zfs unallow $user create $fs
437		if datasetexists $dtstsnap ; then
438			return 1
439		fi
440
441		log_must zfs allow $user mount $fs
442		user_run $user eval "zfs receive $dtst < $bak_root"
443		log_must zfs unallow $user mount $fs
444		if datasetexists $dtstsnap ; then
445			return 1
446		fi
447
448		log_must zfs allow $user mount,create $fs
449		user_run $user eval "zfs receive $dtst < $bak_root"
450		log_must zfs unallow $user mount,create $fs
451		if ! datasetexists $dtstsnap ; then
452			return 1
453		fi
454
455		# check the data integrity
456		log_must eval "zfs send $dtstsnap > $bak_user"
457		log_must zfs destroy -rf $dtst
458		log_must eval "zfs receive $dtst < $bak_root"
459		log_must eval "zfs send $dtstsnap > $bak_root"
460		log_must zfs destroy -rf $dtst
461		if [[ $(checksum $bak_user) != $(checksum $bak_root) ]]; then
462			return 1
463		fi
464
465		rm -rf $bak_user > /dev/null
466		rm -rf $bak_root > /dev/null
467
468	done
469
470	return 0
471}
472
473function verify_userprop
474{
475	typeset user=$1
476	typeset perm=$2
477	typeset dtst=$3
478
479	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
480
481	user_run $user zfs set "$user:ts=$stamp" $dtst
482	if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
483		return 1
484	fi
485
486	return 0
487}
488
489function verify_ccr
490{
491	typeset user=$1
492	typeset perm=$2
493	typeset dtst=$3
494
495	typeset oldval
496
497	set -A modes "on" "off"
498	oldval=$(get_prop $perm $dtst)
499	if [[ $oldval == "on" ]]; then
500		n=1
501	elif [[ $oldval == "off" ]]; then
502		n=0
503	fi
504	log_note "$user zfs set $perm=${modes[$n]} $dtst"
505	user_run $user zfs set $perm=${modes[$n]} $dtst
506	if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
507		return 1
508	fi
509
510	return 0
511}
512
513function verify_copies
514{
515	typeset user=$1
516	typeset perm=$2
517	typeset dtst=$3
518
519	typeset oldval
520
521	set -A modes 1 2 3
522	oldval=$(get_prop $perm $dtst)
523	if [[ $oldval -eq 1 ]]; then
524		n=1
525	elif [[ $oldval -eq 2 ]]; then
526		n=2
527	elif [[ $oldval -eq 3 ]]; then
528		n=0
529	fi
530	log_note "$user zfs set $perm=${modes[$n]} $dtst"
531	user_run $user zfs set $perm=${modes[$n]} $dtst
532	if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
533		return 1
534	fi
535
536	return 0
537}
538
539function verify_reservation
540{
541	typeset user=$1
542	typeset perm=$2
543	typeset dtst=$3
544
545	typeset value32m=$(( 1024 * 1024 * 32 ))
546	typeset oldval=$(get_prop reservation $dtst)
547	user_run $user zfs set reservation=$value32m $dtst
548	if [[ $value32m != $(get_prop reservation $dtst) ]]; then
549		log_must zfs set reservation=$oldval $dtst
550		return 1
551	fi
552
553	log_must zfs set reservation=$oldval $dtst
554	return 0
555}
556
557function verify_fs_create
558{
559	typeset user=$1
560	typeset perm=$2
561	typeset fs=$3
562
563	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
564	typeset newfs=$fs/nfs.$stamp
565	typeset newvol=$fs/nvol.$stamp
566
567	user_run $user zfs create $newfs
568	if datasetexists $newfs ; then
569		return 1
570	fi
571
572	log_must zfs allow $user mount $fs
573	user_run $user zfs create $newfs
574	log_must zfs unallow $user mount $fs
575	if ! datasetexists $newfs ; then
576		return 1
577	fi
578
579	log_must zfs destroy $newfs
580
581	if is_global_zone ; then
582		# mount permission is required for sparse volume
583		user_run $user zfs create -V 150m -s $newvol
584		if datasetexists $newvol ; then
585			return 1
586		fi
587
588		log_must zfs allow $user mount $fs
589		user_run $user zfs create -V 150m -s $newvol
590		log_must zfs unallow $user mount $fs
591		if ! datasetexists $newvol ; then
592			return 1
593		fi
594		log_must zfs destroy $newvol
595
596		# mount and reserveration permission are
597		# required for normal volume
598		user_run $user zfs create -V 150m $newvol
599		if datasetexists $newvol ; then
600			return 1
601		fi
602
603		log_must zfs allow $user mount $fs
604		user_run $user zfs create -V 150m $newvol
605		log_must zfs unallow $user mount $fs
606		if datasetexists $newvol ; then
607			return 1
608		fi
609
610		log_must zfs allow $user reservation $fs
611		user_run $user zfs create -V 150m $newvol
612		log_must zfs unallow $user reservation $fs
613		if datasetexists $newvol ; then
614			return 1
615		fi
616
617		log_must zfs allow $user refreservation $fs
618		user_run $user zfs create -V 150m $newvol
619		log_must zfs unallow $user refreservation $fs
620		if datasetexists $newvol ; then
621			return 1
622		fi
623
624		log_must zfs allow $user mount $fs
625		log_must zfs allow $user reservation $fs
626		log_must zfs allow $user refreservation $fs
627		user_run $user zfs create -V 150m $newvol
628		log_must zfs unallow $user mount $fs
629		log_must zfs unallow $user reservation $fs
630		log_must zfs unallow $user refreservation $fs
631		if ! datasetexists $newvol ; then
632			return 1
633		fi
634		log_must zfs destroy $newvol
635	fi
636
637	return 0
638}
639
640function verify_fs_destroy
641{
642	typeset user=$1
643	typeset perm=$2
644	typeset fs=$3
645
646	if ! ismounted $fs ; then
647		user_run $user zfs destroy $fs
648		if datasetexists $fs ; then
649			return 1
650		fi
651	fi
652
653	if ismounted $fs ; then
654		user_run $user zfs destroy $fs
655		if ! datasetexists $fs ; then
656			return 1
657		fi
658
659		# mount permission is required
660		log_must zfs allow $user mount $fs
661		user_run $user zfs destroy $fs
662		if datasetexists $fs ; then
663			return 1
664		fi
665	fi
666
667	return 0
668}
669
670# Verify that given the correct delegation, a regular user can:
671#	Take a snapshot of an unmounted dataset
672#	Take a snapshot of an mounted dataset
673#	Create a snapshot by making a directory in the .zfs/snapshot directory
674function verify_fs_snapshot
675{
676	typeset user=$1
677	typeset perm=$2
678	typeset fs=$3
679
680	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
681	typeset snap=$fs@snap.$stamp
682	typeset mntpt=$(get_prop mountpoint $fs)
683
684	if [[ "yes" == $(get_prop mounted $fs) ]]; then
685		log_must zfs umount $fs
686	fi
687
688	user_run $user zfs snapshot $snap
689	if ! datasetexists $snap ; then
690		return 1
691	fi
692	log_must zfs destroy $snap
693
694	if [[ "no" == $(get_prop mounted $fs) ]]; then
695		log_must zfs mount $fs
696	fi
697
698	user_run $user zfs snapshot $snap
699	if ! datasetexists $snap ; then
700		return 1
701	fi
702	log_must zfs destroy $snap
703
704	typeset snapdir=${mntpt}/.zfs/snapshot/snap.$stamp
705	user_run $user mkdir $snapdir
706	if ! datasetexists $snap ; then
707		return 1
708	fi
709	log_must zfs destroy $snap
710
711	return 0
712}
713
714function verify_fs_rollback
715{
716	typeset user=$1
717	typeset perm=$2
718	typeset fs=$3
719
720	typeset oldval
721	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
722	typeset snap=$fs@snap.$stamp
723	typeset mntpt=$(get_prop mountpoint $fs)
724
725	oldval=$(datasetcksum $fs)
726	log_must zfs snapshot $snap
727
728	if ! ismounted $fs; then
729		log_must zfs mount $fs
730	fi
731	log_must touch $mntpt/testfile.$stamp
732
733	user_run $user zfs rollback -R $snap
734	if is_global_zone ; then
735		if [[ $oldval != $(datasetcksum $fs) ]]; then
736			return 1
737		fi
738	else
739		# datasetcksum can not be used in local zone
740		if [[ -e $mntpt/testfile.$stamp ]]; then
741			return 1
742		fi
743	fi
744
745	return 0
746}
747
748function verify_fs_clone
749{
750	typeset user=$1
751	typeset perm=$2
752	typeset fs=$3
753
754	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
755        typeset basefs=${fs%/*}
756	typeset snap=$fs@snap.$stamp
757	typeset clone=$basefs/cfs.$stamp
758
759	log_must zfs snapshot $snap
760	user_run $user zfs clone $snap $clone
761	if datasetexists $clone ; then
762		return 1
763	fi
764
765	log_must zfs allow $user create $basefs
766	user_run $user zfs clone $snap $clone
767	log_must zfs unallow $user create $basefs
768	if datasetexists $clone ; then
769		return 1
770	fi
771
772	log_must zfs allow $user mount $basefs
773	user_run $user zfs clone $snap $clone
774	log_must zfs unallow $user mount $basefs
775	if datasetexists $clone ; then
776		return 1
777	fi
778
779	log_must zfs allow $user mount $basefs
780	log_must zfs allow $user create $basefs
781	user_run $user zfs clone $snap $clone
782	log_must zfs unallow $user create $basefs
783	log_must zfs unallow $user mount $basefs
784	if ! datasetexists $clone ; then
785		return 1
786	fi
787
788	log_must zfs destroy -R $snap
789
790	return 0
791}
792
793function verify_fs_rename
794{
795	typeset user=$1
796	typeset perm=$2
797	typeset fs=$3
798
799	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
800        typeset basefs=${fs%/*}
801	typeset snap=$fs@snap.$stamp
802	typeset renamefs=$basefs/nfs.$stamp
803
804	if ! ismounted $fs; then
805		log_must zfs mount $fs
806	fi
807
808	# case 1
809	user_run $user zfs rename $fs $renamefs
810	if datasetexists $renamefs ; then
811		return 1
812	fi
813
814	# case 2
815	log_must zfs allow $user create $basefs
816	user_run $user zfs rename $fs $renamefs
817	log_must zfs unallow $user create $basefs
818	if datasetexists $renamefs ; then
819		return 1
820	fi
821
822	# case 3
823	log_must zfs allow $user mount $basefs
824	user_run $user zfs rename $fs $renamefs
825	log_must zfs unallow $user mount $basefs
826	if datasetexists $renamefs ; then
827		return 1
828	fi
829
830	# case 4
831	log_must zfs allow $user mount $fs
832	user_run $user zfs rename $fs $renamefs
833	if datasetexists $renamefs ; then
834		log_must zfs unallow $user mount $renamefs
835		return 1
836	fi
837	log_must zfs unallow $user mount $fs
838
839	# case 5
840	log_must zfs allow $user create $basefs
841	log_must zfs allow $user mount $fs
842	user_run $user zfs rename $fs $renamefs
843	log_must zfs unallow $user create $basefs
844	if datasetexists $renamefs ; then
845		log_must zfs unallow $user mount $renamefs
846		return 1
847	fi
848	log_must zfs unallow $user mount $fs
849
850	# case 6
851	log_must zfs allow $user mount $basefs
852	log_must zfs allow $user mount $fs
853	user_run $user zfs rename $fs $renamefs
854	log_must zfs unallow $user mount $basefs
855	if datasetexists $renamefs ; then
856		log_must zfs unallow $user mount $renamefs
857		return 1
858	fi
859	log_must zfs unallow $user mount $fs
860
861	# case 7
862	log_must zfs allow $user create $basefs
863	log_must zfs allow $user mount $basefs
864	user_run $user zfs rename $fs $renamefs
865	log_must zfs unallow $user mount $basefs
866	log_must zfs unallow $user create $basefs
867	if ! datasetexists $renamefs ; then
868		return 1
869	fi
870
871	log_must zfs rename $renamefs $fs
872
873	return 0
874}
875
876function verify_fs_mount
877{
878	typeset user=$1
879	typeset perm=$2
880	typeset fs=$3
881
882	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
883	typeset mntpt=$(get_prop mountpoint $fs)
884	typeset newmntpt=/tmp/mnt.$stamp
885
886	if ismounted $fs ; then
887		user_run $user zfs unmount $fs
888		if ismounted $fs ; then
889			return 1
890		fi
891	fi
892
893	if ! ismounted $fs ; then
894		log_must zfs set mountpoint=$newmntpt $fs
895		log_must rm -rf $newmntpt
896		log_must mkdir $newmntpt
897
898		user_run $user zfs mount $fs
899		if ismounted $fs ; then
900			return 1
901		fi
902
903		# mountpoint's owner must be the user
904		log_must chown $user $newmntpt
905		user_run $user zfs mount $fs
906		if ! ismounted $fs ; then
907			return 1
908		fi
909		log_must zfs umount $fs
910		log_must rm -rf $newmntpt
911		log_must zfs set mountpoint=$mntpt $fs
912	fi
913
914	return 0
915}
916
917function verify_fs_share
918{
919	typeset user=$1
920	typeset perm=$2
921	typeset fs=$3
922	typeset -i ret=0
923
924	svcadm enable -rs nfs/server
925	typeset stat=$(svcs -H -o STA nfs/server:default)
926	if [[ $stat != "ON" ]]; then
927		log_fail "Could not enable nfs/server"
928	fi
929
930	log_must zfs set sharenfs=on $fs
931	zfs unshare $fs
932
933	user_run $user zfs share $fs
934	if ! is_shared $fs; then
935		ret=1
936	fi
937
938	zfs unshare $fs
939	log_must zfs set sharenfs=off $fs
940
941	return $ret
942}
943
944function verify_fs_mountpoint
945{
946	typeset user=$1
947	typeset perm=$2
948	typeset fs=$3
949
950	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
951	typeset mntpt=$(get_prop mountpoint $fs)
952	typeset newmntpt=/tmp/mnt.$stamp
953
954	if ! ismounted $fs ; then
955		user_run $user zfs set mountpoint=$newmntpt $fs
956		if [[ $newmntpt != \
957			$(get_prop mountpoint $fs) ]] ; then
958			return 1
959		fi
960		log_must zfs set mountpoint=$mntpt $fs
961	fi
962
963	if ismounted $fs ; then
964		user_run $user zfs set mountpoint=$newmntpt $fs
965		if [[ $mntpt != $(get_prop mountpoint $fs) ]]; then
966			return 1
967		fi
968
969		# require mount permission when fs is mounted
970		log_must zfs allow $user mount $fs
971		user_run $user zfs set mountpoint=$newmntpt $fs
972		log_must zfs unallow $user mount $fs
973		if [[ $newmntpt != \
974			$(get_prop mountpoint $fs) ]] ; then
975			return 1
976		fi
977		log_must zfs set mountpoint=$mntpt $fs
978	fi
979
980	return 0
981}
982
983function verify_fs_promote
984{
985	typeset user=$1
986	typeset perm=$2
987	typeset fs=$3
988
989	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
990        typeset basefs=${fs%/*}
991	typeset snap=$fs@snap.$stamp
992	typeset clone=$basefs/cfs.$stamp
993
994	log_must zfs snapshot $snap
995	log_must zfs clone $snap $clone
996	log_must zfs promote $clone
997
998	typeset fs_orig=$(get_prop origin $fs)
999	typeset clone_orig=$(get_prop origin $clone)
1000
1001	user_run $user zfs promote $fs
1002	# promote should fail if original fs does not have
1003	# promote permission
1004	if [[ $fs_orig != $(get_prop origin $fs) || \
1005		$clone_orig != $(get_prop origin $clone) ]]; then
1006		return 1
1007	fi
1008
1009	log_must zfs allow $user promote $clone
1010	user_run $user zfs promote $fs
1011	log_must zfs unallow $user promote $clone
1012	if [[ $fs_orig != $(get_prop origin $fs) || \
1013		$clone_orig != $(get_prop origin $clone) ]]; then
1014		return 1
1015	fi
1016
1017	log_must zfs allow $user mount $fs
1018	user_run $user zfs promote $fs
1019	log_must zfs unallow $user mount $fs
1020	if [[ $fs_orig != $(get_prop origin $fs) || \
1021		$clone_orig != $(get_prop origin $clone) ]]; then
1022		return 1
1023	fi
1024
1025	log_must zfs allow $user mount $fs
1026	log_must zfs allow $user promote $clone
1027	user_run $user zfs promote $fs
1028	log_must zfs unallow $user promote $clone
1029	log_must zfs unallow $user mount $fs
1030	if [[ $snap != $(get_prop origin $clone) || \
1031		$clone_orig != $(get_prop origin $fs) ]]; then
1032		return 1
1033	fi
1034
1035	return 0
1036}
1037
1038function verify_fs_canmount
1039{
1040	typeset user=$1
1041	typeset perm=$2
1042	typeset fs=$3
1043
1044	typeset oldval
1045	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1046
1047	if ! ismounted $fs ; then
1048		set -A modes "on" "off"
1049		oldval=$(get_prop $perm $fs)
1050		if [[ $oldval == "on" ]]; then
1051			n=1
1052		elif [[ $oldval == "off" ]]; then
1053			n=0
1054		fi
1055		log_note "$user zfs set $perm=${modes[$n]} $fs"
1056		user_run $user zfs set $perm=${modes[$n]} $fs
1057		if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1058			return 1
1059		fi
1060	fi
1061
1062
1063	# fs is mounted
1064	if ismounted $fs ; then
1065		# property value does not change if
1066		# no mount permission
1067		set -A modes "on" "off"
1068		oldval=$(get_prop $perm $fs)
1069		if [[ $oldval == "on" ]]; then
1070			n=1
1071		elif [[ $oldval == "off" ]]; then
1072			n=0
1073		fi
1074		log_note "$user zfs set $perm=${modes[$n]} $fs"
1075		log_must zfs allow $user mount $fs
1076		user_run $user zfs set $perm=${modes[$n]} $fs
1077		log_must zfs unallow $user mount $fs
1078		if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1079			return 1
1080		fi
1081	fi
1082
1083	return 0
1084}
1085
1086function verify_fs_recordsize
1087{
1088	typeset user=$1
1089	typeset perm=$2
1090	typeset fs=$3
1091
1092	typeset value8k=$(( 1024 * 8 ))
1093	user_run $user zfs set recordsize=$value8k $fs
1094	if [[ $value8k != $(get_prop recordsize $fs) ]]; then
1095		return 1
1096	fi
1097
1098	return 0
1099}
1100
1101function verify_fs_quota
1102{
1103	typeset user=$1
1104	typeset perm=$2
1105	typeset fs=$3
1106
1107	typeset value32m=$(( 1024 * 1024 * 32 ))
1108	user_run $user zfs set quota=$value32m $fs
1109	if [[ $value32m != $(get_prop quota $fs) ]]; then
1110		return 1
1111	fi
1112
1113	return 0
1114}
1115
1116function verify_fs_aclmode
1117{
1118	typeset user=$1
1119	typeset perm=$2
1120	typeset fs=$3
1121
1122	typeset oldval
1123	set -A modes "discard" "groupmask" "passthrough"
1124	oldval=$(get_prop $perm $fs)
1125	if [[ $oldval == "discard" ]]; then
1126		n=1
1127	elif [[ $oldval == "groupmask" ]]; then
1128		n=2
1129	elif [[ $oldval == "passthrough" ]]; then
1130		n=0
1131	fi
1132	log_note "$user zfs set aclmode=${modes[$n]} $fs"
1133	user_run $user zfs set aclmode=${modes[$n]} $fs
1134	if [[ ${modes[$n]} != $(get_prop aclmode $fs) ]]; then
1135		return 1
1136	fi
1137
1138	return 0
1139}
1140
1141function verify_fs_aclinherit
1142{
1143	typeset user=$1
1144	typeset perm=$2
1145	typeset fs=$3
1146
1147	#
1148	# PSARC/2008/231 change the default value of aclinherit to "restricted"
1149	# but still keep the old interface of "secure"
1150	#
1151
1152	typeset oldval
1153	set -A modes "discard" "noallow" "secure" "passthrough"
1154	oldval=$(get_prop $perm $fs)
1155	if [[ $oldval == "discard" ]]; then
1156		n=1
1157	elif [[ $oldval == "noallow" ]]; then
1158		n=2
1159	elif [[ $oldval == "secure" || $oldval == "restricted" ]]; then
1160		n=3
1161	elif [[ $oldval == "passthrough" ]]; then
1162		n=0
1163	fi
1164	log_note "$user zfs set aclinherit=${modes[$n]} $fs"
1165	user_run $user zfs set aclinherit=${modes[$n]} $fs
1166
1167	typeset newval=$(get_prop aclinherit $fs)
1168	if [[ ${modes[$n]} == "secure" && $newval == "restricted" ]]; then
1169		return 0
1170	elif [[ ${modes[$n]} != $(get_prop aclinherit $fs) ]]; then
1171		return 1
1172	fi
1173
1174	return 0
1175}
1176
1177function verify_fs_snapdir
1178{
1179	typeset user=$1
1180	typeset perm=$2
1181	typeset fs=$3
1182
1183	typeset oldval
1184	set -A modes "visible" "hidden"
1185	oldval=$(get_prop $perm $fs)
1186	if [[ $oldval == "visible" ]]; then
1187		n=1
1188	elif [[ $oldval == "hidden" ]]; then
1189		n=0
1190	fi
1191	log_note "$user zfs set snapdir=${modes[$n]} $fs"
1192	user_run $user zfs set snapdir=${modes[$n]} $fs
1193	if [[ ${modes[$n]} != $(get_prop snapdir $fs) ]]; then
1194		return 1
1195	fi
1196
1197	return 0
1198}
1199
1200function verify_fs_aedsx
1201{
1202	typeset user=$1
1203	typeset perm=$2
1204	typeset fs=$3
1205
1206	typeset oldval
1207	set -A modes "on" "off"
1208	oldval=$(get_prop $perm $fs)
1209	if [[ $oldval == "on" ]]; then
1210		n=1
1211	elif [[ $oldval == "off" ]]; then
1212		n=0
1213	fi
1214	log_note "$user zfs set $perm=${modes[$n]} $fs"
1215	user_run $user zfs set $perm=${modes[$n]} $fs
1216	if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1217		return 1
1218	fi
1219
1220	return 0
1221}
1222
1223function verify_fs_zoned
1224{
1225	typeset user=$1
1226	typeset perm=$2
1227	typeset fs=$3
1228
1229	typeset oldval
1230	set -A modes "on" "off"
1231	oldval=$(get_prop $perm $fs)
1232	if [[ $oldval == "on" ]]; then
1233		n=1
1234	elif [[ $oldval == "off" ]]; then
1235		n=0
1236	fi
1237	log_note "$user zfs set $perm=${modes[$n]} $fs"
1238	if is_global_zone ; then
1239		if ! ismounted $fs ; then
1240			user_run $user zfs set \
1241				$perm=${modes[$n]} $fs
1242			if [[ ${modes[$n]} != \
1243				$(get_prop $perm $fs) ]]; then
1244				return 1
1245			fi
1246			if [[ $n -eq 0 ]]; then
1247				log_mustnot zfs mount $fs
1248			else
1249				log_must zfs mount $fs
1250			fi
1251		fi
1252
1253		if ismounted $fs; then
1254			# n always is 1 in this case
1255			user_run $user zfs set \
1256				$perm=${modes[$n]} $fs
1257			if [[ $oldval != \
1258				$(get_prop $perm $fs) ]]; then
1259				return 1
1260			fi
1261
1262			# mount permission is needed
1263			# to make zoned=on
1264			log_must zfs allow $user mount $fs
1265			user_run $user zfs set \
1266				$perm=${modes[$n]} $fs
1267			log_must zfs unallow $user mount $fs
1268			if [[ ${modes[$n]} != \
1269				$(get_prop $perm $fs) ]]; then
1270				return 1
1271			fi
1272		fi
1273	fi
1274
1275	if ! is_global_zone; then
1276		user_run $user zfs set $perm=${modes[$n]} $fs
1277		if [[ $oldval != $(get_prop $perm $fs) ]]; then
1278			return 1
1279		fi
1280	fi
1281
1282	return 0
1283}
1284
1285function verify_fs_sharenfs
1286{
1287	typeset user=$1
1288	typeset perm=$2
1289	typeset fs=$3
1290	typeset nmode omode
1291
1292	omode=$(get_prop $perm $fs)
1293	if [[ $omode == "off" ]]; then
1294		nmode="on"
1295	else
1296		nmode="off"
1297	fi
1298
1299	log_note "$user zfs set $perm=$nmode $fs"
1300	user_run $user zfs set $perm=$nmode $fs
1301	if [[ $(get_prop $perm $fs) != $nmode ]]; then
1302		return 1
1303	fi
1304
1305	log_note "$user zfs set $perm=$omode $fs"
1306	user_run $user zfs set $perm=$omode $fs
1307	if [[ $(get_prop $perm $fs) != $omode ]]; then
1308		return 1
1309	fi
1310
1311	return 0
1312}
1313
1314function verify_vol_destroy
1315{
1316	typeset user=$1
1317	typeset perm=$2
1318	typeset vol=$3
1319
1320	user_run $user zfs destroy $vol
1321	if ! datasetexists $vol ; then
1322		return 1
1323	fi
1324
1325	# mount permission is required
1326	log_must zfs allow $user mount $vol
1327	user_run $user zfs destroy $vol
1328	if datasetexists $vol ; then
1329		return 1
1330	fi
1331
1332	return 0
1333}
1334
1335function verify_vol_snapshot
1336{
1337	typeset user=$1
1338	typeset perm=$2
1339	typeset vol=$3
1340
1341	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1342        typeset basevol=${vol%/*}
1343	typeset snap=$vol@snap.$stamp
1344
1345	user_run $user zfs snapshot $snap
1346	if datasetexists $snap ; then
1347		return 1
1348	fi
1349
1350	log_must zfs allow $user mount $vol
1351	user_run $user zfs snapshot $snap
1352	log_must zfs unallow $user mount $vol
1353	if ! datasetexists $snap ; then
1354		return 1
1355	fi
1356
1357	return 0
1358}
1359
1360function verify_vol_rollback
1361{
1362	typeset user=$1
1363	typeset perm=$2
1364	typeset vol=$3
1365
1366	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1367        typeset basevol=${vol%/*}
1368	typeset snap=$vol@snap.$stamp
1369
1370	typeset oldval
1371	log_must zfs snapshot $snap
1372	oldval=$(datasetcksum $vol)
1373
1374	log_must dd if=/dev/random of=/dev/zvol/rdsk/$vol \
1375		bs=512 count=1
1376
1377	user_run $user zfs rollback -R $snap
1378	sleep 10
1379	if [[ $oldval == $(datasetcksum $vol) ]]; then
1380		return 1
1381	fi
1382
1383	# rollback on volume has to be with mount permission
1384	log_must zfs allow $user mount $vol
1385	user_run $user zfs rollback -R $snap
1386	sleep 10
1387	log_must zfs unallow $user mount $vol
1388	if [[ $oldval != $(datasetcksum $vol) ]]; then
1389		return 1
1390	fi
1391
1392	return 0
1393}
1394
1395function verify_vol_clone
1396{
1397	typeset user=$1
1398	typeset perm=$2
1399	typeset vol=$3
1400
1401	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1402        typeset basevol=${vol%/*}
1403	typeset snap=$vol@snap.$stamp
1404	typeset clone=$basevol/cvol.$stamp
1405
1406	log_must zfs snapshot $snap
1407
1408	user_run $user zfs clone $snap $clone
1409	if datasetexists $clone ; then
1410		return 1
1411	fi
1412
1413	log_must zfs allow $user create $basevol
1414	user_run $user zfs clone $snap $clone
1415	log_must zfs unallow $user create $basevol
1416	if datasetexists $clone ; then
1417		return 1
1418	fi
1419
1420	log_must zfs allow $user mount $basevol
1421	user_run $user zfs clone $snap $clone
1422	log_must zfs unallow $user mount $basevol
1423	if datasetexists $clone ; then
1424		return 1
1425	fi
1426
1427	# require create permission on parent and
1428	# mount permission on itself as well
1429	log_must zfs allow $user mount $basevol
1430	log_must zfs allow $user create $basevol
1431	user_run $user zfs clone $snap $clone
1432	log_must zfs unallow $user create $basevol
1433	log_must zfs unallow $user mount $basevol
1434	if ! datasetexists $clone ; then
1435		return 1
1436	fi
1437
1438	return 0
1439}
1440
1441function verify_vol_rename
1442{
1443	typeset user=$1
1444	typeset perm=$2
1445	typeset vol=$3
1446
1447	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1448        typeset basevol=${vol%/*}
1449	typeset snap=$vol@snap.$stamp
1450	typeset clone=$basevol/cvol.$stamp
1451	typeset renamevol=$basevol/nvol.$stamp
1452
1453	user_run $user zfs rename $vol $renamevol
1454	if datasetexists $renamevol ; then
1455		return 1
1456	fi
1457
1458	log_must zfs allow $user create $basevol
1459	user_run $user zfs rename $vol $renamevol
1460	log_must zfs unallow $user create $basevol
1461	if datasetexists $renamevol ; then
1462		return 1
1463	fi
1464
1465	log_must zfs allow $user mount $basevol
1466	user_run $user zfs rename $vol $renamevol
1467	log_must zfs unallow $user mount $basevol
1468	if datasetexists $renamevol ; then
1469		return 1
1470	fi
1471
1472	# require both create permission on parent and
1473	# mount permission on parent as well
1474	log_must zfs allow $user mount $basevol
1475	log_must zfs allow $user create $basevol
1476	user_run $user zfs rename $vol $renamevol
1477	log_must zfs unallow $user mount $basevol
1478	log_must zfs unallow $user create $basevol
1479	if ! datasetexists $renamevol ; then
1480		return 1
1481	fi
1482
1483	log_must zfs rename $renamevol $vol
1484
1485	return 0
1486}
1487
1488function verify_vol_promote
1489{
1490	typeset user=$1
1491	typeset perm=$2
1492	typeset vol=$3
1493
1494	typeset stamp=${perm}.${user}.$(date +'%F-%H%M%S')
1495        typeset basevol=${vol%/*}
1496	typeset snap=$vol@snap.$stamp
1497	typeset clone=$basevol/cvol.$stamp
1498
1499	log_must zfs snapshot $snap
1500	log_must zfs clone $snap $clone
1501	log_must zfs promote $clone
1502
1503	typeset vol_orig=$(get_prop origin $vol)
1504	typeset clone_orig=$(get_prop origin $clone)
1505
1506	# promote should fail if $vol and $clone
1507	# miss either mount or promote permission
1508	# case 1
1509	user_run $user zfs promote $vol
1510	if [[ $vol_orig != $(get_prop origin $vol) || \
1511		$clone_orig != $(get_prop origin $clone) ]];
1512	then
1513		return 1
1514	fi
1515
1516	# promote should fail if $vol and $clone
1517	# miss either mount or promote permission
1518	# case 2
1519	log_must zfs allow $user promote $clone
1520	user_run $user zfs promote $vol
1521	log_must zfs unallow $user promote $clone
1522	if [[ $vol_orig != $(get_prop origin $vol) || \
1523		$clone_orig != $(get_prop origin $clone) ]];
1524	then
1525		return 1
1526	fi
1527
1528	# promote should fail if $vol and $clone
1529	# miss either mount or promote permission
1530	# case 3
1531	log_must zfs allow $user mount $vol
1532	user_run $user zfs promote $vol
1533	log_must zfs unallow $user mount $vol
1534	if [[ $vol_orig != $(get_prop origin $vol) || \
1535		$clone_orig != $(get_prop origin $clone) ]];
1536	then
1537		return 1
1538	fi
1539
1540	# promote should fail if $vol and $clone
1541	# miss either mount or promote permission
1542	# case 4
1543	log_must zfs allow $user mount $clone
1544	user_run $user zfs promote $vol
1545	log_must zfs unallow $user mount $clone
1546	if [[ $vol_orig != $(get_prop origin $vol) || \
1547		$clone_orig != $(get_prop origin $clone) ]];
1548	then
1549		return 1
1550	fi
1551
1552	# promote should fail if $vol and $clone
1553	# miss either mount or promote permission
1554	# case 5
1555	log_must zfs allow $user promote $clone
1556	log_must zfs allow $user mount $vol
1557	user_run $user zfs promote $vol
1558	log_must zfs unallow $user promote $clone
1559	log_must zfs unallow $user mount $vol
1560	if [[ $vol_orig != $(get_prop origin $vol) || \
1561		$clone_orig != $(get_prop origin $clone) ]];
1562	then
1563		return 1
1564	fi
1565
1566	# promote should fail if $vol and $clone
1567	# miss either mount or promote permission
1568	# case 6
1569	log_must zfs allow $user promote $clone
1570	log_must zfs allow $user mount $clone
1571	user_run $user zfs promote $vol
1572	log_must zfs unallow $user promote $clone
1573	log_must zfs unallow $user mount $vol
1574	if [[ $vol_orig != $(get_prop origin $vol) || \
1575		$clone_orig != $(get_prop origin $clone) ]];
1576	then
1577		return 1
1578	fi
1579
1580	# promote should fail if $vol and $clone
1581	# miss either mount or promote permission
1582	# case 7
1583	log_must zfs allow $user mount $vol
1584	log_must zfs allow $user mount $clone
1585	user_run $user zfs promote $vol
1586	log_must zfs unallow $user mount $vol
1587	log_must zfs unallow $user mount $clone
1588	if [[ $vol_orig != $(get_prop origin $vol) || \
1589		$clone_orig != $(get_prop origin $clone) ]];
1590	then
1591		return 1
1592	fi
1593
1594	# promote only succeeds when $vol and $clone
1595	# have both mount and promote permission
1596	# case 8
1597	log_must zfs allow $user promote $clone
1598	log_must zfs allow $user mount $vol
1599	log_must zfs allow $user mount $clone
1600	user_run $user zfs promote $vol
1601	log_must zfs unallow $user promote $clone
1602	log_must zfs unallow $user mount $vol
1603	log_must zfs unallow $user mount $clone
1604	if [[ $snap != $(get_prop origin $clone) || \
1605		$clone_orig != $(get_prop origin $vol) ]]; then
1606		return 1
1607	fi
1608
1609	return 0
1610}
1611
1612function verify_vol_volsize
1613{
1614	typeset user=$1
1615	typeset perm=$2
1616	typeset vol=$3
1617
1618	typeset oldval
1619	oldval=$(get_prop volsize $vol)
1620	(( newval = oldval * 2 ))
1621
1622	reserv_size=$(get_prop refreservation $vol)
1623
1624	if [[ "0" == $reserv_size ]]; then
1625		# sparse volume
1626		user_run $user zfs set volsize=$newval $vol
1627		if [[ $oldval == $(get_prop volsize $vol) ]];
1628		then
1629			return 1
1630		fi
1631
1632	else
1633		# normal volume, reservation permission
1634		# is required
1635		user_run $user zfs set volsize=$newval $vol
1636		if [[ $newval == $(get_prop volsize $vol) ]];
1637		then
1638			return 1
1639		fi
1640
1641		log_must zfs allow $user reservation $vol
1642		log_must zfs allow $user refreservation $vol
1643		user_run $user zfs set volsize=$newval $vol
1644		log_must zfs unallow $user reservation $vol
1645		log_must zfs unallow $user refreservation $vol
1646		if [[ $oldval == $(get_prop volsize $vol) ]];
1647		then
1648			return 1
1649		fi
1650	fi
1651
1652	return 0
1653}
1654
1655function verify_allow
1656{
1657	typeset user=$1
1658	typeset perm=$2
1659	typeset dtst=$3
1660
1661	typeset -i ret
1662
1663	user_run $user zfs allow $user allow $dtst
1664	ret=$?
1665	if [[ $ret -eq 0 ]]; then
1666		return 1
1667	fi
1668
1669	log_must zfs allow $user copies $dtst
1670	user_run $user zfs allow $user copies $dtst
1671	ret=$?
1672	log_must zfs unallow $user copies $dtst
1673	if [[ $ret -eq 1 ]]; then
1674		return 1
1675	fi
1676
1677	return 0
1678
1679}
1680