03.t revision 196948 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/fstest/tests/granular/03.t 196948 2009-09-07 19:40:22Z trasz $
3
4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD"
5
6dir=`dirname $0`
7. ${dir}/../misc.sh
8
9echo "1..65"
10
11n0=`namegen`
12n1=`namegen`
13n2=`namegen`
14n3=`namegen`
15
16expect 0 mkdir ${n2} 0755
17expect 0 mkdir ${n3} 0777
18cdir=`pwd`
19cd ${n2}
20
21# Unlink allowed on writable directory.
22expect 0 create ${n0} 0644
23expect EACCES -u 65534 -g 65534 unlink ${n0}
24expect 0 prependacl . user:65534:write_data::allow
25expect 0 -u 65534 -g 65534 unlink ${n0}
26
27# Moving file elsewhere allowed on writable directory.
28expect 0 create ${n0} 0644
29expect 0 prependacl . user:65534:write_data::deny
30expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
31expect 0 prependacl . user:65534:write_data::allow
32expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
33
34# Moving file from elsewhere allowed on writable directory.
35expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
36expect 0 -u 65534 -g 65534 unlink ${n0}
37
38# Moving file from elsewhere overwriting local file allowed
39# on writable directory.
40expect 0 create ${n0} 0644
41expect 0 create ../${n3}/${n0} 0644
42expect 0 prependacl . user:65534:write_data::deny
43expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
44expect 0 prependacl . user:65534:write_data::allow
45expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
46expect 0 -u 65534 -g 65534 unlink ${n0}
47
48# Denied DELETE changes nothing wrt removing.
49expect 0 create ${n0} 0644
50expect 0 prependacl ${n0} user:65534:delete::deny
51expect 0 -u 65534 -g 65534 unlink ${n0}
52
53# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
54expect 0 create ${n0} 0644
55expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
56expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
57expect 0 -u 65534 -g 65534 unlink ${n0}
58
59# DELETE_CHILD denies unlink on writable directory.
60expect 0 create ${n0} 0644
61expect 0 prependacl . user:65534:delete_child::deny
62expect EPERM -u 65534 -g 65534 unlink ${n0}
63expect 0 unlink ${n0}
64
65# DELETE_CHILD denies moving file elsewhere.
66expect 0 create ${n0} 0644
67expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
68expect 0 rename ${n0} ../${n3}/${n0}
69
70# DELETE_CHILD does not deny moving file from elsewhere
71# to a writable directory.
72expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
73
74# DELETE_CHILD denies moving file from elsewhere
75# to a writable directory overwriting local file.
76expect 0 create ../${n3}/${n0} 0644
77expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
78
79# DELETE allowed on file allows for unlinking, no matter
80# what permissions on containing directory are.
81expect 0 prependacl ${n0} user:65534:delete::allow
82expect 0 -u 65534 -g 65534 unlink ${n0}
83
84# Same for moving the file elsewhere.
85expect 0 create ${n0} 0644
86expect 0 prependacl ${n0} user:65534:delete::allow
87expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
88
89# Same for moving the file from elsewhere into a writable
90# directory with DELETE_CHILD denied.
91expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
92expect 0 unlink ${n0}
93
94# DELETE does not allow for overwriting a file in a unwritable
95# directory with DELETE_CHILD denied.
96expect 0 create ${n0} 0644
97expect 0 create ../${n3}/${n0} 0644
98expect 0 prependacl . user:65534:write_data::deny
99expect 0 prependacl . user:65534:delete_child::deny
100expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
101expect 0 prependacl ${n0} user:65534:delete::allow
102expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
103
104# But it allows for plain deletion.
105expect 0 -u 65534 -g 65534 unlink ${n0}
106
107# DELETE_CHILD allowed on unwritable directory.
108expect 0 create ${n0} 0644
109expect 0 prependacl . user:65534:delete_child::allow
110expect 0 -u 65534 -g 65534 unlink ${n0}
111
112# Moving things elsewhere is allowed.
113expect 0 create ${n0} 0644
114expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
115
116# Moving things back is not.
117expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
118
119# Even if we're overwriting.
120expect 0 create ${n0} 0644
121expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
122
123# Even if we have DELETE on the existing file.
124expect 0 prependacl ${n0} user:65534:delete::allow
125expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
126
127# Denied DELETE changes nothing wrt removing.
128expect 0 prependacl ${n0} user:65534:delete::deny
129expect 0 -u 65534 -g 65534 unlink ${n0}
130
131cd ${cdir}
132expect 0 rmdir ${n2}
133