diff options
Diffstat (limited to 'tools/regression/acltools')
| -rw-r--r-- | tools/regression/acltools/00.t | 2 | ||||
| -rw-r--r-- | tools/regression/acltools/03.t | 110 | ||||
| -rwxr-xr-x | tools/regression/acltools/aclfuzzer.sh | 225 | ||||
| -rw-r--r-- | tools/regression/acltools/tools-crossfs.test | 178 |
4 files changed, 514 insertions, 1 deletions
diff --git a/tools/regression/acltools/00.t b/tools/regression/acltools/00.t index c76b39e..1f91de3 100644 --- a/tools/regression/acltools/00.t +++ b/tools/regression/acltools/00.t @@ -27,7 +27,7 @@ # $FreeBSD$ # -# This is a wrapper script to run tools-posix.test. +# This is a wrapper script to run tools-posix.test on UFS filesystem. # # If any of the tests fails, here is how to debug it: go to # the directory with problematic filesystem mounted on it, diff --git a/tools/regression/acltools/03.t b/tools/regression/acltools/03.t new file mode 100644 index 0000000..8e56af5 --- /dev/null +++ b/tools/regression/acltools/03.t @@ -0,0 +1,110 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-crossfs.test between UFS without +# ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. +# +# WARNING: It uses hardcoded ZFS pool name "acltools" +# +# Output should be obvious. + +echo "1..5" + +if [ `whoami` != "root" ]; then + echo "not ok 1 - you need to be root to run this test." + exit 1 +fi + +TESTDIR=`dirname $0` +MNTROOT=`mktemp -dt acltools` + +# Set up the test filesystems. +MD1=`mdconfig -at swap -s 64m` +MNT1=$MNTROOT/nfs4 +mkdir $MNT1 +zpool create -R $MNT1 acltools /dev/$MD1 +if [ $? -ne 0 ]; then + echo "not ok 1 - 'zpool create' failed." + exit 1 +fi + +echo "ok 1" + +MD2=`mdconfig -at swap -s 10m` +MNT2=$MNTROOT/posix +mkdir $MNT2 +newfs /dev/$MD2 > /dev/null +mount -o acls /dev/$MD2 $MNT2 +if [ $? -ne 0 ]; then + echo "not ok 2 - mount failed." + exit 1 +fi + +echo "ok 2" + +MD3=`mdconfig -at swap -s 10m` +MNT3=$MNTROOT/none +mkdir $MNT3 +newfs /dev/$MD3 > /dev/null +mount /dev/$MD3 $MNT3 +if [ $? -ne 0 ]; then + echo "not ok 3 - mount failed." + exit 1 +fi + +echo "ok 3" + +cd $MNTROOT + +perl $TESTDIR/run $TESTDIR/tools-crossfs.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 4" +else + echo "not ok 4" +fi + +cd / + +umount -f $MNT3 +rmdir $MNT3 +mdconfig -du $MD3 + +umount -f $MNT2 +rmdir $MNT2 +mdconfig -du $MD2 + +zpool destroy -f acltools +rmdir $MNT1 +mdconfig -du $MD1 + +rmdir $MNTROOT + +echo "ok 5" + diff --git a/tools/regression/acltools/aclfuzzer.sh b/tools/regression/acltools/aclfuzzer.sh new file mode 100755 index 0000000..dff07d8 --- /dev/null +++ b/tools/regression/acltools/aclfuzzer.sh @@ -0,0 +1,225 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch +# directory on a filesystem with NFSv4 ACLs support. Output it generates +# is expected to be fed to /usr/src/tools/regression/acltools/run script. + +NUMBER_OF_COMMANDS=300 + +run_command() +{ + echo "\$ $1" + eval $1 2>&1 | sed 's/^/> /' +} + +rnd_from_0_to() +{ + max=`expr $1 + 1` + rnd=`jot -r 1` + rnd=`expr $rnd % $max` + + echo $rnd +} + +rnd_path() +{ + rnd=`rnd_from_0_to 3` + case $rnd in + 0) echo "$TMP/aaa" ;; + 1) echo "$TMP/bbb" ;; + 2) echo "$TMP/aaa/ccc" ;; + 3) echo "$TMP/bbb/ddd" ;; + esac +} + +f_prepend_random_acl_on() +{ + rnd=`rnd_from_0_to 4` + case $rnd in + 0) u="owner@" ;; + 1) u="group@" ;; + 2) u="everyone@" ;; + 3) u="u:1138" ;; + 4) u="g:1138" ;; + esac + + p="" + while :; do + rnd=`rnd_from_0_to 30` + if [ -n "$p" -a $rnd -ge 14 ]; then + break; + fi + + case $rnd in + 0) p="${p}r" ;; + 1) p="${p}w" ;; + 2) p="${p}x" ;; + 3) p="${p}p" ;; + 4) p="${p}d" ;; + 5) p="${p}D" ;; + 6) p="${p}a" ;; + 7) p="${p}A" ;; + 8) p="${p}R" ;; + 9) p="${p}W" ;; + 10) p="${p}R" ;; + 11) p="${p}c" ;; + 12) p="${p}C" ;; + 13) p="${p}o" ;; + 14) p="${p}s" ;; + esac + done + + f="" + while :; do + rnd=`rnd_from_0_to 10` + if [ $rnd -ge 6 ]; then + break; + fi + + case $rnd in + 0) f="${f}f" ;; + 1) f="${f}d" ;; + 2) f="${f}n" ;; + 3) f="${f}i" ;; + esac + done + + rnd=`rnd_from_0_to 1` + case $rnd in + 0) x="allow" ;; + 1) x="deny" ;; + esac + + acl="$u:$p:$f:$x" + + file=`rnd_path` + run_command "setfacl -a0 $acl $file" +} + +f_getfacl() +{ + file=`rnd_path` + run_command "getfacl -qn $file" +} + +f_ls_mode() +{ + file=`rnd_path` + run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" +} + +f_chmod() +{ + b1=`rnd_from_0_to 7` + b2=`rnd_from_0_to 7` + b3=`rnd_from_0_to 7` + b4=`rnd_from_0_to 7` + file=`rnd_path` + + run_command "chmod $b1$b2$b3$b4 $file $2" +} + +f_touch() +{ + file=`rnd_path` + run_command "touch $file" +} + +f_rm() +{ + file=`rnd_path` + run_command "rm -f $file" +} + +f_mkdir() +{ + file=`rnd_path` + run_command "mkdir $file" +} + +f_rmdir() +{ + file=`rnd_path` + run_command "rmdir $file" +} + +f_mv() +{ + from=`rnd_path` + to=`rnd_path` + run_command "mv -f $from $to" +} + +# XXX: To be implemented: chown(8), setting times with touch(1). + +switch_to_random_user() +{ + # XXX: To be implemented. +} + +execute_random_command() +{ + rnd=`rnd_from_0_to 20` + + case $rnd in + 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; + 1) cmd=f_getfacl ;; + 2) cmd=f_ls_mode ;; + 3) cmd=f_chmod ;; + 4|18|19) cmd=f_touch ;; + 5) cmd=f_rm ;; + 6|16|17) cmd=f_mkdir ;; + 7) cmd=f_rmdir ;; + 8) cmd=f_mv ;; + esac + + $cmd "XXX" +} + +echo "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." +TMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" + +run_command "whoami" +umask 022 +run_command "umask 022" +run_command "mkdir $TMP" + +i=0; +while [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do + switch_to_random_user + execute_random_command + i=`expr $i + 1` +done + +run_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" +run_command "rm -rfv $TMP" + +echo "# Fuzzed, thank you." + diff --git a/tools/regression/acltools/tools-crossfs.test b/tools/regression/acltools/tools-crossfs.test new file mode 100644 index 0000000..f6c5ed4 --- /dev/null +++ b/tools/regression/acltools/tools-crossfs.test @@ -0,0 +1,178 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test intended to verify that cp(1) and mv(1) +# do the right thing with respect to ACLs. Run it as root using +# ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# You need to have three subdirectories, named nfs4, posix and none, +# with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, +# respectively, mounted on them, in your current directory. +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +$ touch nfs4/xxx +$ getfacl -nq nfs4/xxx +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ touch posix/xxx +$ getfacl -nq posix/xxx +> user::rw- +> group::r-- +> other::r-- + +$ rm posix/xxx + +# mv without any ACLs. +$ chmod 456 nfs4/xxx +$ mv nfs4/xxx posix/ +$ ls -l posix/xxx | cut -d' ' -f1 +> -r--r-xrw- + +# mv with POSIX.1e ACLs. +$ setfacl -m u:42:x,g:43:w posix/xxx +$ rm -f posix/yyy +$ mv posix/xxx posix/yyy +$ getfacl -nq posix/yyy +> user::r-- +> user:42:--x +> group::r-x +> group:43:-w- +> mask::rwx +> other::rw- + +# mv from POSIX.1e to NFSv4. +$ rm -f nfs4/xxx +$ mv posix/yyy nfs4/xxx +> mv: failed to set acl entries for nfs4/xxx: Invalid argument +$ getfacl -nq nfs4/xxx +> owner@:-wxp----------:------:deny +> owner@:r------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:rwxp----------:------:allow +> everyone@:--x----A-W-Co-:------:deny +> everyone@:rw-p--a-R-c--s:------:allow + +# mv with NFSv4 ACLs. +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ rm -f nfs4/yyy +$ mv nfs4/xxx nfs4/yyy +$ getfacl -nq nfs4/yyy +> user:42:--x-----------:------:allow +> group:43:-w------------:------:allow +> owner@:-wxp----------:------:deny +> owner@:r------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:rwxp----------:------:allow +> everyone@:--x----A-W-Co-:------:deny +> everyone@:rw-p--a-R-c--s:------:allow + +# mv from NFSv4 to POSIX.1e. +$ rm -f posix/xxx +$ mv nfs4/yyy posix/xxx +> mv: failed to set acl entries for posix/xxx: Invalid argument +$ ls -l posix/xxx | cut -d' ' -f1 +> -r--rwxrw- + +# mv from POSIX.1e to none. +$ setfacl -m u:42:x,g:43:w posix/xxx +$ mv posix/xxx none/xxx +> mv: failed to set acl entries for none/xxx: Operation not supported +$ ls -l none/xxx | cut -d' ' -f1 +> -r--rwxrw- + +# cp with POSIX.1e ACLs. +$ rm -f posix/xxx +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ getfacl -nq posix/xxx +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- + +$ rm -f posix/yyy +$ cp posix/xxx posix/yyy +$ getfacl -nq posix/yyy +> user::rw- +> group::r-x +> other::r-- + +$ rm -f posix/yyy +$ cp -p posix/xxx posix/yyy +$ getfacl -nq posix/yyy +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- + +# mv from POSIX.1e to NFSv4. +$ rm -f nfs4/xxx +$ cp -p posix/xxx nfs4/xxx +> cp: failed to set acl entries for nfs4/xxx: Invalid argument +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -rw-rwxr-- + +# cp with NFSv4 ACLs. +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ rm -f nfs4/yyy +$ cp -p nfs4/xxx nfs4/yyy +$ getfacl -nq nfs4/yyy +> user:42:--x-----------:------:allow +> group:43:-w------------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:rwxp----------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# cp from NFSv4 to POSIX.1e. +$ rm -f posix/xxx +$ cp -p nfs4/xxx posix/xxx +> cp: failed to set acl entries for posix/xxx: Invalid argument +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr-- + +$ cp -p nfs4/yyy none/xxx +> cp: failed to set acl entries for none/xxx: Operation not supported + |
