1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26 27. $STF_SUITE/tests/acl/acl_common.kshlib 28. $STF_SUITE/tests/acl/cifs/cifs.kshlib 29 30################################################################################# 31# 32# __stc_assertion_start 33# 34# ID: cifs_attr_001_pos 35# 36# DESCRIPTION: 37# Verify the user with write_attributes permission or 38# PRIV_FILE_OWNER privilege could set/clear DOS attributes. 39# (Readonly, Hidden, Archive, System) 40# 41# STRATEGY: 42# 1. Loop super user and non-super user to run the test case. 43# 2. Create basedir and a set of subdirectores and files within it. 44# 3. Grant user has write_attributes permission or 45# PRIV_FILE_OWNER privilege 46# 4. Verify set/clear DOS attributes should succeed. 47# 48# TESTABILITY: explicit 49# 50# TEST_AUTOMATION_LEVEL: automated 51# 52# CODING_STATUS: COMPLETED (2007-11-05) 53# 54# __stc_assertion_end 55# 56################################################################################ 57 58verify_runnable "both" 59 60if ! cifs_supported ; then 61 log_unsupported "CIFS not supported on current system." 62fi 63 64test_requires ZFS_ACL ZFS_XATTR 65 66function cleanup 67{ 68 for fs in $TESTPOOL/$TESTFS $TESTPOOL ; do 69 mtpt=$(get_prop mountpoint $fs) 70 log_must $RM -rf $mtpt/file.* $mtpt/dir.* 71 done 72} 73 74# 75# Set the special attribute to the given node 76# 77# $1: The given node (file/dir) 78# $2: The special attribute to be set 79# $3: Execute username 80# 81function set_attribute 82{ 83 typeset object=$1 84 typeset attr=${2:-AHRS} 85 typeset user=$3 86 typeset ret=0 87 88 if [[ -z $object ]]; then 89 log_fail "Object not defined." 90 fi 91 92 if [[ -n $user ]]; then 93 $RUNWATTR -u $user "$CHMOD S+c${attr} $object" 94 ret=$? 95 else 96 $CHMOD S+c${attr} $object 97 ret=$? 98 fi 99 100 return $ret 101} 102 103# 104# Clear the special attribute to the given node 105# 106# $1: The given node (file/dir) 107# $2: The special attribute to be cleared 108# $3: Execute username 109# 110function clear_attribute 111{ 112 typeset object=$1 113 typeset attr=${2:-AHRS} 114 typeset user=$3 115 typeset ret=0 116 117 if [[ -z $object ]]; then 118 log_fail "Object not defined." 119 fi 120 121 if [[ -n $user ]]; then 122 $RUNWATTR -u $user "$CHMOD S-c${attr} $object" 123 ret=$? 124 else 125 $CHMOD S-c${attr} $object 126 ret=$? 127 fi 128 129 return $ret 130} 131 132# 133# Grant the ace of write_attributes to the given user 134# 135# $1: The given user 136# $2: The given node (file/dir) 137# 138function grant_attr 139{ 140 typeset user=$1 141 typeset object=$2 142 143 if [[ -z $user || -z $object ]]; then 144 log_fail "User($user), Object($object) not defined." 145 fi 146 147 # To increase the coverage, here we set 'deny' against 148 # superuser and owner. 149 # Only grant the user explicitly while it's not root neither owner. 150 151 if [[ $user == "root" ]]; then 152 log_must chmod A+user:root:write_attributes:deny $object 153 elif [[ $user == $(get_owner $object) ]]; then 154 if (( ( RANDOM % 2 ) == 0 )); then 155 log_must chmod A+owner@:write_attributes:deny $object 156 else 157 log_must chmod A+user:$user:write_attributes:deny \ 158 $object 159 fi 160 else 161 log_must chmod A+user:$user:write_attributes:allow $object 162 fi 163 attr_mod="write_attributes" 164} 165 166# 167# Revoke the ace of write_attributes from the given user 168# 169# $1: The given user 170# $2: The given node (file/dir) 171# 172function revoke_attr 173{ 174 typeset user=$1 175 typeset object=$2 176 177 if [[ -z $user || -z $object ]]; then 178 log_fail "User($user), Object($object) not defined." 179 fi 180 181 log_must chmod A0- $object 182 attr_mod= 183} 184 185# 186# Invoke the function and verify whether its return code as expected 187# 188# $1: Function be invoked 189# $2: The given node (file/dir) 190# $3: Execute user 191# $4: Option 192# 193function verify_attr 194{ 195 typeset func=$1 196 typeset object=$2 197 typeset opt=$3 198 typeset user=$4 199 typeset expect="log_mustnot" 200 201 if [[ -z $func || -z $object ]]; then 202 log_fail "Func($func), Object($object), User($user), \ 203 Opt($opt) not defined." 204 fi 205 206 # If user is superuser or has write_attributes permission or 207 # PRIV_FILE_OWNER privilege, it should log_must, 208 # otherwise log_mustnot. 209 210 if [[ -z $user || $user == "root" || \ 211 $user == $(get_owner $object) || \ 212 $attr_mod == *"write_attributes"* ]] ; then 213 expect="log_must" 214 fi 215 216 $expect $func $object $opt $user 217} 218 219log_assert "Verify set/clear DOS attributes will succeed while user has " \ 220 "write_attributes permission or PRIV_FILE_OWNER privilege" 221log_onexit cleanup 222 223file="file.0" 224dir="dir.0" 225XATTROPTIONS="H S R A" 226 227for fs in $TESTPOOL $TESTPOOL/$TESTFS ; do 228 mtpt=$(get_prop mountpoint $fs) 229 for owner in root $ZFS_ACL_STAFF1 ; do 230 231 create_object "file" $mtpt/$file $owner 232 create_object "dir" $mtpt/$dir $owner 233 234 for object in $mtpt/$file $mtpt/$dir ; do 235 for user in root $ZFS_ACL_STAFF2 ; do 236 for opt in $XATTROPTIONS ; do 237 verify_attr set_attribute \ 238 $object $opt $user 239 verify_attr clear_attribute \ 240 $object $opt $user 241 done 242 log_must grant_attr $user $object 243 for opt in $XATTROPTIONS ; do 244 verify_attr set_attribute \ 245 $object $opt $user 246 verify_attr clear_attribute \ 247 $object $opt $user 248 done 249 log_must revoke_attr $user $object 250 done 251 done 252 destroy_object $mtpt/$file $mtpt/$dir 253 done 254done 255 256log_pass "Set/Clear DOS attributes succeed while user has " \ 257 "write_attributes permission or PRIV_FILE_OWNER privilege" 258