05.t revision 196948 
1#!/bin/sh
2# $FreeBSD: head/tools/regression/fstest/tests/granular/05.t 196948 2009-09-07 19:40:22Z trasz $
3
4desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD with directories"
5
6dir=`dirname $0`
7. ${dir}/../misc.sh
8
9echo "1..68"
10
11n0=`namegen`
12n1=`namegen`
13n2=`namegen`
14n3=`namegen`
15
16expect 0 mkdir ${n2} 0755
17expect 0 mkdir ${n3} 0777
18cdir=`pwd`
19cd ${n2}
20
21# Unlink allowed on writable directory.
22expect 0 mkdir ${n0} 0755
23expect EACCES -u 65534 -g 65534 rmdir ${n0}
24expect 0 prependacl . user:65534:write_data::allow
25expect 0 -u 65534 -g 65534 rmdir ${n0}
26
27# Moving directory elsewhere allowed on writable directory.
28expect 0 mkdir ${n0} 0777
29expect 0 prependacl . user:65534:write_data::deny
30expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
31expect 0 prependacl . user:65534:write_data::allow
32expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
33
34# 12
35# Moving directory from elsewhere allowed on writable directory.
36expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
37expect 0 prependacl . user:65534:append_data::allow
38expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
39expect 0 -u 65534 -g 65534 rmdir ${n0}
40
41# Moving directory from elsewhere overwriting local directory allowed
42# on writable directory.
43expect 0 mkdir ${n0} 0755
44expect 0 mkdir ../${n3}/${n0} 0777
45expect 0 prependacl . user:65534:write_data::deny
46expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
47expect 0 prependacl . user:65534:write_data::allow
48expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
49expect 0 -u 65534 -g 65534 rmdir ${n0}
50
51# 23
52# Denied DELETE changes nothing wrt removing.
53expect 0 mkdir ${n0} 0755
54expect 0 prependacl ${n0} user:65534:delete::deny
55expect 0 -u 65534 -g 65534 rmdir ${n0}
56
57# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
58expect 0 mkdir ${n0} 0777
59expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
60expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
61expect 0 -u 65534 -g 65534 rmdir ${n0}
62
63# DELETE_CHILD denies unlink on writable directory.
64expect 0 mkdir ${n0} 0755
65expect 0 prependacl . user:65534:delete_child::deny
66expect EPERM -u 65534 -g 65534 rmdir ${n0}
67expect 0 rmdir ${n0}
68
69# 35
70# DELETE_CHILD denies moving directory elsewhere.
71expect 0 mkdir ${n0} 0777
72expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
73expect 0 rename ${n0} ../${n3}/${n0}
74
75# DELETE_CHILD does not deny moving directory from elsewhere
76# to a writable directory.
77expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
78
79# DELETE_CHILD denies moving directory from elsewhere
80# to a writable directory overwriting local directory.
81expect 0 mkdir ../${n3}/${n0} 0755
82expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
83
84# DELETE allowed on directory allows for unlinking, no matter
85# what permissions on containing directory are.
86expect 0 prependacl ${n0} user:65534:delete::allow
87expect 0 -u 65534 -g 65534 rmdir ${n0}
88
89# Same for moving the directory elsewhere.
90expect 0 mkdir ${n0} 0777
91expect 0 prependacl ${n0} user:65534:delete::allow
92expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
93
94# 46
95# Same for moving the directory from elsewhere into a writable
96# directory with DELETE_CHILD denied.
97expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
98expect 0 rmdir ${n0}
99
100# DELETE does not allow for overwriting a directory in a unwritable
101# directory with DELETE_CHILD denied.
102expect 0 mkdir ${n0} 0755
103expect 0 mkdir ../${n3}/${n0} 0777
104expect 0 prependacl . user:65534:write_data::deny
105expect 0 prependacl . user:65534:delete_child::deny
106expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
107expect 0 prependacl ${n0} user:65534:delete::allow
108# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
109expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
110
111# 54
112# But it allows for plain deletion.
113# XXX: expect 0 -u 65534 -g 65534 rmdir ${n0}
114expect 0 rmdir ${n0}
115
116# DELETE_CHILD allowed on unwritable directory.
117expect 0 mkdir ${n0} 0755
118expect 0 prependacl . user:65534:delete_child::allow
119expect 0 -u 65534 -g 65534 rmdir ${n0}
120
121# Moving things elsewhere is allowed.
122expect 0 mkdir ${n0} 0777
123expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
124
125# 60
126# Moving things back is not.
127# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
128expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
129
130# Even if we're overwriting.
131# XXX: expect 0 mkdir ${n0} 0755
132expect 0 mkdir ../${n3}/${n0} 0777
133# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
134expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
135expect 0 mkdir ../${n3}/${n0} 0777
136
137# Even if we have DELETE on the existing directory.
138expect 0 prependacl ${n0} user:65534:delete::allow
139# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
140expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
141
142# Denied DELETE changes nothing wrt removing.
143expect 0 prependacl ${n0} user:65534:delete::deny
144expect 0 -u 65534 -g 65534 rmdir ${n0}
145
146cd ${cdir}
147expect 0 rmdir ${n2}
148