File Manager

003 File Manager

Current Path: /usr/src/tests/sys/cddl/zfs/tests/acl/nontrivial

usr / src / tests / sys / cddl / zfs / tests / acl / nontrivial /

📁 ..
📄 Makefile(1.45 KB)
📄 nontrivial_test.sh(20.26 KB)
📄 zfs_acl_chmod_001_neg.ksh(3.48 KB)
📄 zfs_acl_chmod_002_pos.ksh(2.28 KB)
📄 zfs_acl_chmod_aclmode_001_pos.ksh(10.95 KB)
📄 zfs_acl_chmod_compact_001_pos.ksh(6.76 KB)
📄 zfs_acl_chmod_delete_001_pos.ksh(8.19 KB)
📄 zfs_acl_chmod_inherit_001_pos.ksh(5.66 KB)
📄 zfs_acl_chmod_inherit_002_pos.ksh(10.05 KB)
📄 zfs_acl_chmod_inherit_003_pos.ksh(11.05 KB)
📄 zfs_acl_chmod_inherit_004_pos.ksh(4.66 KB)
📄 zfs_acl_chmod_owner_001_pos.ksh(8.73 KB)
📄 zfs_acl_chmod_rwacl_001_pos.ksh(6.36 KB)
📄 zfs_acl_chmod_rwx_001_pos.ksh(3.74 KB)
📄 zfs_acl_chmod_rwx_002_pos.ksh(6.52 KB)
📄 zfs_acl_chmod_rwx_003_pos.ksh(4.1 KB)
📄 zfs_acl_chmod_rwx_004_pos.ksh(4.13 KB)
📄 zfs_acl_chmod_xattr_001_pos.ksh(5.8 KB)
📄 zfs_acl_chmod_xattr_002_pos.ksh(5.65 KB)
📄 zfs_acl_cp_001_pos.ksh(3.26 KB)
📄 zfs_acl_cp_002_pos.ksh(3.54 KB)
📄 zfs_acl_cpio_001_pos.ksh(3.89 KB)
📄 zfs_acl_cpio_002_pos.ksh(4.08 KB)
📄 zfs_acl_find_001_pos.ksh(3.3 KB)
📄 zfs_acl_ls_001_pos.ksh(3 KB)
📄 zfs_acl_mv_001_pos.ksh(4.9 KB)
📄 zfs_acl_tar_001_pos.ksh(3.28 KB)
📄 zfs_acl_tar_002_pos.ksh(3.78 KB)

Editing: zfs_acl_chmod_inherit_003_pos.ksh

#!/usr/local/bin/ksh93 -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

# $FreeBSD$

#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"@(#)zfs_acl_chmod_inherit_003_pos.ksh	1.1	08/08/15 SMI"
#

. $STF_SUITE/tests/acl/acl_common.kshlib
. $STF_SUITE/tests/acl/cifs/cifs.kshlib

#################################################################################
#
# __stc_assertion_start
#
# ID: zfs_acl_chmod_inherit_003_pos
#
# DESCRIPTION:
#	Verify chmod have correct behaviour to directory and file when
#	filesystem has the different aclinherit setting
#	
# STRATEGY:
#	1. Loop super user and non-super user to run the test case.
#	2. Create basedir and a set of subdirectores and files within it.
#	3. Separately chmod basedir with different inherite options,
#	 	combine with the variable setting of aclinherit:
#		"discard", "noallow", "secure" or "passthrough".
#	4. Then create nested directories and files like the following.
#	
#                     ofile    
#                     odir     	
#          chmod -->  basedir -| 
#                              |_ nfile1
#                              |_ ndir1 _ 
#                                        |_ nfile2
#                                        |_ ndir2 _
#                                                  |_ nfile3
#                                                  |_ ndir3
#
#	5. Verify each directories and files have the correct access control
#	   capability.
#	
# TESTABILITY: explicit
#
# TEST_AUTOMATION_LEVEL: automated
#
# CODING_STATUS: COMPLETED (2008-07-04)
#
# __stc_assertion_end
#
################################################################################

verify_runnable "both"

function cleanup
{
	typeset dir

# Cleanup basedir, compared file and dir.

if [[ -f $ofile ]]; then
		log_must $RM -f $ofile
	fi

for dir in $odir $basedir ; do
		if [[ -d $dir ]]; then
			log_must $RM -rf $dir
		fi
	done		
}

log_assert "Verify chmod have correct behaviour to directory and file when " \
	"filesystem has the different aclinherit setting."
log_onexit cleanup

# Define inherit flag
set -A aclinherit_flag discard noallow secure passthrough
set -A object_flag "f-" "-d" "fd"
set -A strategy_flag "--" "i-" "-n" "in"

typeset ace_prefix1="owner@" 
typeset ace_prefix2="group@"
typeset ace_prefix3="everyone@" 
typeset ace_discard ace_noallow ace_secure ace_passthrough
typeset ace_secure_new

# Defile the based directory and file
basedir=$TESTDIR/basedir;  ofile=$TESTDIR/ofile; odir=$TESTDIR/odir

test_requires ZFS_ACL

# Define the files and directories will be created after chmod
ndir1=$basedir/ndir1; ndir2=$ndir1/ndir2; ndir3=$ndir2/ndir3
nfile1=$basedir/nfile1; nfile2=$ndir1/nfile2; nfile3=$ndir2/nfile3

# Verify all the node have expected correct access control
allnodes="$ndir1 $ndir2 $ndir3 $nfile1 $nfile2 $nfile3"

typeset cifs=""
if cifs_supported ; then
	cifs="true"
fi

#
# According to inherited flag, verify subdirectories and files within it has
# correct inherited access control.
#
function verify_inherit #<aclinherit> <object> [strategy]
{
	# Define the nodes which will be affected by inherit.
	typeset inherit_nodes
	typeset inherit=$1
	typeset obj=$2
	typeset str=$3

# count: the ACE item to fetch
	# pass: to mark if the current ACE should apply to the target
	# maxnumber: predefine as 4
	# passcnt: counter, if it achieves to maxnumber, 
	#	then no additional ACE should apply.
	# isinherit: indicate if the current target is in the inherit list.
	# step: indicate if the ACE be split during inherit.

typeset -i count=0 pass=0 passcnt=0 isinherit=0 maxnumber=4 step=0

log_must usr_exec $MKDIR -p $ndir3
	log_must usr_exec $TOUCH $nfile1 $nfile2 $nfile3

# Get the files which inherited ACE.
	if [[ $(get_substr $obj 1 1) == f ]]; then
		inherit_nodes="$inherit_nodes $nfile1"

if [[ $(get_substr $str 2 1) != n ]]; then
			inherit_nodes="$inherit_nodes $nfile2 $nfile3"
		fi
	fi
	# Get the directores which inherited ACE.
	if [[ $(get_substr $obj 2 1) == d ]]; then
		inherit_nodes="$inherit_nodes $ndir1"

if [[ $(get_substr $str 2 1) != n ]]; then
			inherit_nodes="$inherit_nodes $ndir2 $ndir3"
		fi
	fi
	
	for node in $allnodes; do
		step=0
		if [[ " $inherit_nodes " == *" $node "* ]]; then
			isinherit=1
			if [[ -d $node ]] ; then
				step=1
			fi
		else
			isinherit=0
		fi

i=0
		count=0
		passcnt=0
		while (( i < maxnumber )); do
			pass=0
			eval expect1=\$acl$i
			expect2=$expect1

#
		# aclinherit=passthrough,
		# inherit all inheritable ACL entries without any 
		# modifications made to the ACL entries when they
		# are inherited.
		#
		# aclinherit=secure,
		# any inheritable ACL entries will remove
		# write_acl and write_owner permissions when the ACL entry is
		# inherited.
		#
		# aclinherit=noallow,
		# only inherit inheritable ACE that specify "deny" permissions
		#
		# aclinherit=discard
		# will not inherit any ACL entries
		#

case $inherit in
				passthrough)
					if [[ -z $cifs ]]; then
						break
					fi

action=${expect1##*:}
					expect1=${expect1%:$action}
					expect1=${expect1%-}
					expect1=${expect1%I}
					expect1=${expect1}I:$action
					;;
				secure)
					eval expect2=\$acls$i
					;;
				noallow)
					if [[ $expect1 == *":allow" ]] ; then
						pass=1
						(( passcnt = passcnt + 1 ))
					else
						eval expect2=\$acls$i
					fi
					;;	
				discard)
					passcnt=maxnumber
					break
					;;
			esac

if (( pass == 0 )) ; then
				acltemp=${expect2%:*}
				acltemp=${acltemp%:*}
				aclaction=${expect2##*:}

if [[ -n $cifs ]]; then
					expect2=${acltemp}:------I:${aclaction}
				else
					expect2=${acltemp}:------:${aclaction}
				fi

acltemp=${expect1%:*}
				inh=${acltemp##*:}

if [[ -d $node ]]; then
					if [[ $(get_substr $inh 4 1) == n ]]; then

#
						# if no_propagate is set,
						# then clear all inherit flags,
						# only one ACE should left.
						#

step=0
						expect1=""
							
					elif [[ $(get_substr $inh 3 1) != i ]]; then

#
						# directory should append 
						# "inherit_only" if not have
						#
						acltemp=${acltemp%i*}
						if [[ -n $cifs ]]; then

expect1=${acltemp}i---I:${aclaction}
						else
							expect1=${acltemp}i---:${aclaction}
						fi
					elif [[ -n $cifs ]]; then
						acltemp=${acltemp%-}
						acltemp=${acltemp%I}
						expect1=${acltemp}I:${aclaction}
					fi

#
					# cleanup the first ACE if the directory 
					# not in inherit list
					#

if (( isinherit == 0 )); then
						expect1=""
					fi
				elif [[ -f $node ]] ; then
					expect1=""
				fi

# Get the first ACE to do comparison

aclcur=$(get_ACE $node $count compact)
				aclcur=${aclcur#$count:}
				if [[ -n $expect1 && $expect1 != $aclcur ]]; then
					$LS -Vd $basedir
					$LS -Vd $node
					log_fail "$inherit $i #$count " \
						"ACE: $aclcur, expect to be " \
						"$expect1"
				fi

# Get the second ACE (if should have) to do comparison

if (( step > 0 )); then
					(( count = count + step ))

aclcur=$(get_ACE $node $count compact)
					aclcur=${aclcur#$count:}
					if [[ -n $expect2 && \
						$expect2 != $aclcur ]]; then

$LS -Vd $basedir
						$LS -Vd $node
						log_fail "$inherit $i #$count " \
							"ACE: $aclcur, expect to be " \
							"$expect2"
					fi
				fi
				(( count = count + 1 ))
			fi
			(( i = i + 1 ))
		done

#
		# If there's no any ACE be checked, it should be identify as
		# an normal file/dir, verify it.
		#
 
		if (( passcnt == maxnumber )); then
			if [[ -d $node ]]; then
				compare_acls $node $odir
			elif [[	-f $node ]]; then
				compare_acls $node $ofile
			fi

if [[ $? -ne 0 ]]; then
				$LS -Vd $basedir
				$LS -Vd $node
				log_fail "Unexpect acl: $node, $inherit ($str)"
			fi
		fi
	done
}

typeset -i i=0
typeset acl0 acl1 acl2 acl3
typeset acls0 acls1 acls2 acls3

#
# Set aclmode=passthrough to make sure
# the acl will not change during chmod.
# A general testing should verify the combination of 
# aclmode/aclinherit works well,
# here we just simple test them separately.
#

log_must $ZFS set aclmode=passthrough $TESTPOOL/$TESTFS

for inherit in "${aclinherit_flag[@]}"; do

#
	# Set different value of aclinherit
	#

log_must $ZFS set aclinherit=$inherit $TESTPOOL/$TESTFS

for user in root $ZFS_ACL_STAFF1; do
		log_must set_cur_usr $user

for obj in "${object_flag[@]}"; do
			for str in "${strategy_flag[@]}"; do
				typeset inh_opt=$obj
				(( ${#str} != 0 )) && inh_opt=${inh_opt}${str}--

if [[ -n $cifs ]]; then
					inh_a=${inh_opt}-
					inh_b=${inh_opt}I
				else
					inh_a=${inh_opt}
					inh_b=${inh_opt}
				fi

#
				# Prepare 4 ACES, which should include :
				# deny -> to verify "noallow"
				# write_acl/write_owner -> to verify "secure"
				#

acl0="$ace_prefix1:rwxp---A-W-Co-:${inh_a}:allow"
				acl1="$ace_prefix2:rwxp---A-W-Co-:${inh_a}:deny"
				acl2="$ace_prefix3:rwxp---A-W-Co-:${inh_a}:allow"
				acl3="$ace_prefix1:-------A-W----:${inh_a}:deny"
				acl4="$ace_prefix2:-------A-W----:${inh_a}:allow"
				acl5="$ace_prefix3:-------A-W----:${inh_a}:deny"

#
				# The ACE filtered by write_acl/write_owner
				#

if [[ $inheri == "passthrough" ]]; then
					acls0="$ace_prefix1:rwxp---A-W----:${inh_b}:allow"
					acls1="$ace_prefix2:rwxp---A-W----:${inh_b}:deny"
					acls2="$ace_prefix3:rwxp---A-W----:${inh_b}:allow"
					acls3="$ace_prefix1:rwxp---A-W----:${inh_b}:deny"
					acls4="$ace_prefix2:rwxp---A-W----:${inh_b}:allow"
					acls5="$ace_prefix3:rwxp---A-W----:${inh_b}:deny"
				else
					acls0="$ace_prefix1:-------A-W----:${inh_b}:allow"
					acls1="$ace_prefix2:-------A-W-Co-:${inh_b}:deny"
					acls2="$ace_prefix3:-------A-W----:${inh_b}:allow"
					acls3="$ace_prefix1:-------A-W----:${inh_b}:deny"
					acls4="$ace_prefix2:-------A-W----:${inh_b}:allow"
					acls5="$ace_prefix3:-------A-W----:${inh_b}:deny"
				fi

#
				# Create basedir and tmp dir/file
				# for comparison.
				#
				
				log_note "$user: $CHMOD $acl $basedir"
				log_must usr_exec $MKDIR $basedir
				log_must usr_exec $MKDIR $odir
				log_must usr_exec $TOUCH $ofile

i=5
				while (( i >= 0 )); do
					eval acl=\$acl$i

#
				# Place on a directory should succeed.
				#
					log_must usr_exec $CHMOD A+$acl $basedir

(( i = i - 1 ))
				done
			
				verify_inherit $inherit $obj $str
			
				log_must usr_exec $RM -rf $ofile $odir $basedir
			done
		done
	done
done

log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed."

003 File Manager

Editing: zfs_acl_chmod_inherit_003_pos.ksh

Upload File

Create Folder