search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
7290 ZFS test suite needs to control what utilities it can run
[unleashed.git] / usr / src / test / zfs-tests / tests / functional / acl / cifs / cifs_attr_003_pos.ksh
bloba47ad0277bf80dfafc2c84faa8e4eea00591627f
1 #!/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 #
29 # Copyright (c) 2012, 2016 by Delphix. All rights reserved.
30 #
31
32 . $STF_SUITE/tests/functional/acl/acl_common.kshlib
33 . $STF_SUITE/tests/functional/acl/cifs/cifs.kshlib
34
35 #
36 # DESCRIPTION:
37 # Verify the DOS attributes (Readonly, Hidden, Archive, System)
38 # and BSD'ish attributes (Immutable, nounlink, and appendonly)
39 # will provide the proper access limitation as expected.
40 #
41 # Readonly means that the content of a file can't be modified, but
42 # timestamps, mode and so on can.
43 #
44 # Archive - Indicates if a file should be included in the next backup
45 # of the file system. ZFS will set this bit whenever a file is
46 # modified.
47 #
48 # Hidden and System (ZFS does nothing special with these, other than
49 # letting a user/application set them.
50 #
51 # Immutable (The data can't, change nor can mode, ACL, size and so on)
52 # The only attribute that can be updated is the access time.
53 #
54 # Nonunlink - Sort of like immutable except that a file/dir can't be
55 # removed.
56 # This will also effect a rename operation, since that involes a
57 # remove.
58 #
59 # Appendonly - File can only be appended to.
60 #
61 # nodump, settable, opaque (These are for the MacOS port) we will
62 # allow them to be set, but have no semantics tied to them.
63 #
64 # STRATEGY:
65 # 1. Loop super user and non-super user to run the test case.
66 # 2. Create basedir and a set of subdirectores and files within it.
67 # 3. Set the file/dir with each kind of special attribute.
68 # 4. Verify the access limitation works as expected.
69 #
70
71 verify_runnable "both"
72
73 function cleanup
74 {
75 if [[ -n $gobject ]]; then
76 destroy_object $gobject
77 fi
78
79 for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do
80 mtpt=$(get_prop mountpoint $fs)
81 log_must rm -rf $mtpt/file.* $mtpt/dir.*
82 done
83
84 [[ -f $TESTFILE ]] && rm $TESTFILE
85 }
86
87 #
88 # Set the special attribute to the given node
89 #
90 # $1: The given node (file/dir)
91 # $2: The special attribute to be set
92 #
93 function set_attribute
94 {
95 typeset object=$1
96 typeset attr=$2
97
98 if [[ -z $attr ]]; then
99 attr="AHRSadimu"
100 if [[ -f $object ]]; then
101 attr="${attr}q"
102 fi
103 fi
104 chmod S+c${attr} $object
105 return $?
106 }
107
108 #
109 # Clear the special attribute to the given node
110 #
111 # $1: The given node (file/dir)
112 # $2: The special attribute to be cleared
113 #
114 function clear_attribute
115 {
116 typeset object=$1
117 typeset attr=$2
118
119 if [[ -z $attr ]]; then
120 if is_global_zone ; then
121 attr="AHRSadimu"
122 if [[ -f $object ]]; then
123 attr="${attr}q"
124 fi
125 else
126 attr="AHRS"
127 fi
128 fi
129
130 chmod S-c${attr} $object
131 return $?
132 }
133
134 #
135 # A wrapper function to call test function according to the given attr
136 #
137 # $1: The given node (file/dir)
138 # $2: The special attribute to be test
139 #
140 function test_wrapper
141 {
142 typeset object=$1
143 typeset attr=$2
144
145 if [[ -z $object || -z $attr ]]; then
146 log_fail "Object($object), Attr($attr) not defined."
147 fi
148
149 case $attr in
150 R) func=test_readonly
151 ;;
152 i) func=test_immutable
153 ;;
154 u) func=test_nounlink
155 ;;
156 a) func=test_appendonly
157 ;;
158 esac
159
160 if [[ -n $func ]]; then
161 $func $object
162 fi
163 }
164
165 #
166 # Invoke the function and verify whether its return code as expected
167 #
168 # $1: Expect value
169 # $2-$n: Function and args need to be invoked
170 #
171 function verify_expect
172 {
173 typeset -i expect=$1
174 typeset status
175
176 shift
177
178 "$@" > /dev/null 2>&1
179 status=$?
180 if [[ $status -eq 0 ]]; then
181 if ((expect != 0)); then
182 log_fail "$@ unexpect return 0"
183 fi
184 else
185 if ((expect == 0)); then
186 log_fail "$@ unexpect return $status"
187 fi
188 fi
189 }
190
191 #
192 # Unit testing function against overwrite file
193 #
194 # $1: The given file node
195 # $2: Execute user
196 # $3: Expect value, default to be zero
197 #
198 function unit_writefile
199 {
200 typeset object=$1
201 typeset user=$2
202 typeset expect=${3:-0}
203 if [[ -f $object ]]; then
204 verify_expect $expect chg_usr_exec $user \
205 cp $TESTFILE $object
206 verify_expect $expect chg_usr_exec $user \
207 "echo '$TESTSTR' > $object"
208 fi
209 }
210
211 #
212 # Unit testing function against write new stuffs into a directory
213 #
214 # $1: The given directory node
215 # $2: Execute user
216 # $3: Expect value, default to be zero
217 #
218 function unit_writedir
219 {
220 typeset object=$1
221 typeset user=$2
222 typeset expect=${3:-0}
223
224 if [[ -d $object ]]; then
225 verify_expect $expect chg_usr_exec $user \
226 cp $TESTFILE $object
227 verify_expect $expect chg_usr_exec $user \
228 mkdir -p $object/$TESTDIR
229 fi
230 }
231
232 function unit_appenddata
233 {
234 typeset object=$1
235 typeset user=$2
236 typeset expect=${3:-0}
237
238 if [[ ! -d $object ]]; then
239 verify_expect $expect chg_usr_exec $user \
240 "echo '$TESTSTR' >> $object"
241 fi
242 }
243
244 #
245 # Unit testing function against delete content from a directory
246 #
247 # $1: The given node, dir
248 # $2: Execute user
249 # $3: Expect value, default to be zero
250 #
251 function unit_deletecontent
252 {
253 typeset object=$1
254 typeset user=$2
255 typeset expect=${3:-0}
256
257 if [[ -d $object ]]; then
258 for target in $object/${TESTFILE##*/} $object/$TESTDIR ; do
259 if [[ -e $target ]]; then
260 verify_expect $expect chg_usr_exec $user \
261 "mv $target $target.new"
262 verify_expect $expect chg_usr_exec $user \
263 "echo y | rm -r $target.new"
264 fi
265 done
266 fi
267 }
268
269 #
270 # Unit testing function against delete a node
271 #
272 # $1: The given node, file/dir
273 # $2: Execute user
274 # $3: Expect value, default to be zero
275 #
276 function unit_deletedata
277 {
278 typeset object=$1
279 typeset user=$2
280 typeset expect=${3:-0}
281
282 verify_expect $expect chg_usr_exec $user \
283 "echo y | rm -r $object"
284
285 }
286
287 #
288 # Unit testing function against write xattr to a node
289 #
290 # $1: The given node, file/dir
291 # $2: Execute user
292 # $3: Expect value, default to be zero
293 #
294 function unit_writexattr
295 {
296 typeset object=$1
297 typeset user=$2
298 typeset expect=${3:-0}
299
300 verify_expect $expect chg_usr_exec $user \
301 runat $object "cp $TESTFILE $TESTATTR"
302 verify_expect $expect chg_usr_exec $user \
303 "runat $object \"echo '$TESTSTR' > $TESTATTR\""
304 verify_expect $expect chg_usr_exec $user \
305 "runat $object \"echo '$TESTSTR' >> $TESTATTR\""
306 if [[ $expect -eq 0 ]]; then
307 verify_expect $expect chg_usr_exec $user \
308 runat $object "rm -f $TESTATTR"
309 fi
310 }
311
312 #
313 # Unit testing function against modify accesstime of a node
314 #
315 # $1: The given node, file/dir
316 # $2: Execute user
317 # $3: Expect value, default to be zero
318 #
319 function unit_accesstime
320 {
321 typeset object=$1
322 typeset user=$2
323 typeset expect=${3:-0}
324
325 if [[ -d $object ]]; then
326 verify_expect $expect chg_usr_exec $user ls $object
327 else
328 verify_expect $expect chg_usr_exec $user cat $object
329 fi
330 }
331
332 #
333 # Unit testing function against modify updatetime of a node
334 #
335 # $1: The given node, file/dir
336 # $2: Execute user
337 # $3: Expect value, default to be zero
338 #
339 function unit_updatetime
340 {
341 typeset object=$1
342 typeset user=$2
343 typeset expect=${3:-0}
344 typeset immutable_expect=${4:-$expect}
345 verify_expect $expect chg_usr_exec $user touch $object
346 verify_expect $immutable_expect chg_usr_exec $user touch -a $object
347 verify_expect $expect chg_usr_exec $user touch -m $object
348 }
349
350 #
351 # Unit testing function against write acl of a node
352 #
353 # $1: The given node, file/dir
354 # $2: Execute user
355 # $3: Expect value, default to be zero
356 #
357 function unit_writeacl
358 {
359 typeset object=$1
360 typeset user=$2
361 typeset expect=${3:-0}
362
363 verify_expect $expect chg_usr_exec $user chmod A+$TESTACL $object
364 verify_expect $expect chg_usr_exec $user chmod A+$TESTACL $object
365 verify_expect $expect chg_usr_exec $user chmod A0- $object
366 verify_expect $expect chg_usr_exec $user chmod A0- $object
367 oldmode=$(get_mode $object)
368 verify_expect $expect chg_usr_exec $user chmod $TESTMODE $object
369 }
370
371 #
372 # Testing function to verify the given node is readonly
373 #
374 # $1: The given node, file/dir
375 #
376 function test_readonly
377 {
378 typeset object=$1
379
380 if [[ -z $object ]]; then
381 log_fail "Object($object) not defined."
382 fi
383
384 log_note "Testing readonly of $object"
385
386 for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do
387 if [[ -d $object ]]; then
388 log_must usr_exec chmod \
389 A+user:$user:${ace_dir}:allow $object
390 else
391 log_must usr_exec chmod \
392 A+user:$user:${ace_file}:allow $object
393 fi
394
395 log_must set_attribute $object "R"
396
397 unit_writefile $object $user 1
398 unit_writedir $object $user
399 unit_appenddata $object $user 1
400
401 if [[ -d $object ]]; then
402 unit_writexattr $object $user
403 else
404 unit_writexattr $object $user 1
405 fi
406
407 unit_accesstime $object $user
408 unit_updatetime $object $user
409 unit_writeacl $object $user
410 unit_deletecontent $object $user
411 unit_deletedata $object $user
412
413 if [[ -d $object ]] ;then
414 create_object "dir" $object $ZFS_ACL_CUR_USER
415 else
416 create_object "file" $object $ZFS_ACL_CUR_USER
417 fi
418 done
419 }
420
421 #
422 # Testing function to verify the given node is immutable
423 #
424 # $1: The given node, file/dir
425 #
426 function test_immutable
427 {
428 typeset object=$1
429
430 if [[ -z $object ]]; then
431 log_fail "Object($object) not defined."
432 fi
433
434 log_note "Testing immutable of $object"
435
436 for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do
437 if [[ -d $object ]]; then
438 log_must usr_exec chmod \
439 A+user:$user:${ace_dir}:allow $object
440 else
441 log_must usr_exec chmod \
442 A+user:$user:${ace_file}:allow $object
443 fi
444 log_must set_attribute $object "i"
445
446 unit_writefile $object $user 1
447 unit_writedir $object $user 1
448 unit_appenddata $object $user 1
449 unit_writexattr $object $user 1
450 unit_accesstime $object $user
451 unit_updatetime $object $user 1 0
452 unit_writeacl $object $user 1
453 unit_deletecontent $object $user 1
454 unit_deletedata $object $user 1
455
456 if [[ -d $object ]] ;then
457 create_object "dir" $object $ZFS_ACL_CUR_USER
458 else
459 create_object "file" $object $ZFS_ACL_CUR_USER
460 fi
461 done
462 }
463
464 #
465 # Testing function to verify the given node is nounlink
466 #
467 # $1: The given node, file/dir
468 #
469 function test_nounlink
470 {
471 typeset object=$1
472
473 if [[ -z $object ]]; then
474 log_fail "Object($object) not defined."
475 fi
476
477 echo "Testing nounlink of $object"
478
479 for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do
480 if [[ -d $object ]]; then
481 log_must usr_exec chmod \
482 A+user:$user:${ace_dir}:allow $object
483 else
484 log_must usr_exec chmod \
485 A+user:$user:${ace_file}:allow $object
486 fi
487 log_must set_attribute $object "u"
488
489 unit_writefile $object $user
490 unit_writedir $object $user
491 unit_appenddata $object $user
492 unit_writexattr $object $user
493 unit_accesstime $object $user
494 unit_updatetime $object $user
495 unit_writeacl $object $user
496 unit_deletecontent $object $user 1
497 unit_deletedata $object $user 1
498
499 if [[ -d $object ]] ;then
500 create_object "dir" $object $ZFS_ACL_CUR_USER
501 else
502 create_object "file" $object $ZFS_ACL_CUR_USER
503 fi
504 done
505 }
506
507 #
508 # Testing function to verify the given node is appendonly
509 #
510 # $1: The given node, file/dir
511 #
512 function test_appendonly
513 {
514 typeset object=$1
515
516 if [[ -z $object ]]; then
517 log_fail "Object($object) not defined."
518 fi
519
520 log_note "Testing appendonly of $object"
521
522 for user in $ZFS_ACL_CUR_USER root $ZFS_ACL_STAFF2; do
523 if [[ -d $object ]]; then
524 log_must usr_exec chmod \
525 A+user:$user:${ace_dir}:allow $object
526 else
527 log_must usr_exec chmod \
528 A+user:$user:${ace_file}:allow $object
529 fi
530 log_must set_attribute $object "a"
531
532 unit_writefile $object $user 1
533 unit_writedir $object $user
534 unit_appenddata $object $user
535 unit_writexattr $object $user
536 unit_accesstime $object $user
537 unit_updatetime $object $user
538 unit_writeacl $object $user
539 unit_deletecontent $object $user
540 unit_deletedata $object $user
541
542 if [[ -d $object ]] ;then
543 create_object "dir" $object $ZFS_ACL_CUR_USER
544 else
545 create_object "file" $object $ZFS_ACL_CUR_USER
546 fi
547 done
548 }
549
550 FILES="file.0 file.1"
551 DIRS="dir.0 dir.1"
552 XATTRS="attr.0 attr.1"
553 FS="$TESTPOOL $TESTPOOL/$TESTFS"
554
555 if is_global_zone ; then
556 ATTRS="R i u a"
557 else
558 ATTRS="R"
559 fi
560
561 TESTFILE=/tmp/tfile
562 TESTDIR=tdir
563 TESTATTR=tattr
564 TESTACL=user:$ZFS_ACL_OTHER1:write_data:allow
565 TESTMODE=777
566 TESTSTR="ZFS test suites"
567
568 ace_file="write_data/append_data/write_xattr/write_acl/write_attributes"
569 ace_dir="add_file/add_subdirectory/${ace_file}"
570
571 log_assert "Verify DOS & BSD'ish attributes will provide the " \
572 "access limitation as expected."
573 log_onexit cleanup
574
575 echo "$TESTSTR" > $TESTFILE
576
577 typeset gobject
578 typeset gattr
579 for gattr in $ATTRS ; do
580 for fs in $FS ; do
581 mtpt=$(get_prop mountpoint $fs)
582 chmod 777 $mtpt
583 for user in root $ZFS_ACL_STAFF1; do
584 log_must set_cur_usr $user
585 for file in $FILES ; do
586 gobject=$mtpt/$file
587 create_object "file" $gobject $ZFS_ACL_CUR_USER
588 test_wrapper $gobject $gattr
589 destroy_object $gobject
590 done
591
592 for dir in $DIRS ; do
593 gobject=$mtpt/$dir
594 create_object "dir" $gobject $ZFS_ACL_CUR_USER
595 test_wrapper $gobject $gattr
596 destroy_object $gobject
597 done
598 done
599 done
600 done
601
602 log_pass "DOS & BSD'ish attributes provide the access limitation as expected."
Unleashed OS