summaryrefslogtreecommitdiffstats
path: root/contrib/pjdfstest/tests/granular/05.t
blob: c42f51a90987f24a0746cd3addef86bc5f4e86a7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

#!/bin/sh
# $FreeBSD: head/tools/regression/pjdfstest/tests/granular/05.t 211352 2010-08-15 21:24:17Z pjd $

desc="NFSv4 granular permissions checking - DELETE and DELETE_CHILD with directories"

dir=`dirname $0`
. ${dir}/../misc.sh

[ "${os}:${fs}" = "FreeBSD:ZFS" ] || quick_exit

echo "1..68"

n0=`namegen`
n1=`namegen`
n2=`namegen`
n3=`namegen`

expect 0 mkdir ${n2} 0755
expect 0 mkdir ${n3} 0777
cdir=`pwd`
cd ${n2}

# Unlink allowed on writable directory.
expect 0 mkdir ${n0} 0755
expect EACCES -u 65534 -g 65534 rmdir ${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 rmdir ${n0}

# Moving directory elsewhere allowed on writable directory.
expect 0 mkdir ${n0} 0777
expect 0 prependacl . user:65534:write_data::deny
expect EACCES -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# 12
# Moving directory from elsewhere allowed on writable directory.
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 prependacl . user:65534:append_data::allow
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rmdir ${n0}

# Moving directory from elsewhere overwriting local directory allowed
# on writable directory.
expect 0 mkdir ${n0} 0755
expect 0 mkdir ../${n3}/${n0} 0777
expect 0 prependacl . user:65534:write_data::deny
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 prependacl . user:65534:write_data::allow
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rmdir ${n0}

# 23
# Denied DELETE changes nothing wrt removing.
expect 0 mkdir ${n0} 0755
expect 0 prependacl ${n0} user:65534:delete::deny
expect 0 -u 65534 -g 65534 rmdir ${n0}

# Denied DELETE changes nothing wrt moving elsewhere or from elsewhere.
expect 0 mkdir ${n0} 0777
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rmdir ${n0}

# DELETE_CHILD denies unlink on writable directory.
expect 0 mkdir ${n0} 0755
expect 0 prependacl . user:65534:delete_child::deny
expect EPERM -u 65534 -g 65534 rmdir ${n0}
expect 0 rmdir ${n0}

# 35
# DELETE_CHILD denies moving directory elsewhere.
expect 0 mkdir ${n0} 0777
expect EPERM -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}
expect 0 rename ${n0} ../${n3}/${n0}

# DELETE_CHILD does not deny moving directory from elsewhere
# to a writable directory.
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# DELETE_CHILD denies moving directory from elsewhere
# to a writable directory overwriting local directory.
expect 0 mkdir ../${n3}/${n0} 0755
expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# DELETE allowed on directory allows for unlinking, no matter
# what permissions on containing directory are.
expect 0 prependacl ${n0} user:65534:delete::allow
expect 0 -u 65534 -g 65534 rmdir ${n0}

# Same for moving the directory elsewhere.
expect 0 mkdir ${n0} 0777
expect 0 prependacl ${n0} user:65534:delete::allow
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# 46
# Same for moving the directory from elsewhere into a writable
# directory with DELETE_CHILD denied.
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 rmdir ${n0}

# DELETE does not allow for overwriting a directory in a unwritable
# directory with DELETE_CHILD denied.
expect 0 mkdir ${n0} 0755
expect 0 mkdir ../${n3}/${n0} 0777
expect 0 prependacl . user:65534:write_data::deny
expect 0 prependacl . user:65534:delete_child::deny
expect EPERM -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 prependacl ${n0} user:65534:delete::allow
# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# 54
# But it allows for plain deletion.
# XXX: expect 0 -u 65534 -g 65534 rmdir ${n0}
expect 0 rmdir ${n0}

# DELETE_CHILD allowed on unwritable directory.
expect 0 mkdir ${n0} 0755
expect 0 prependacl . user:65534:delete_child::allow
expect 0 -u 65534 -g 65534 rmdir ${n0}

# Moving things elsewhere is allowed.
expect 0 mkdir ${n0} 0777
expect 0 -u 65534 -g 65534 rename ${n0} ../${n3}/${n0}

# 60
# Moving things back is not.
# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# Even if we're overwriting.
# XXX: expect 0 mkdir ${n0} 0755
expect 0 mkdir ../${n3}/${n0} 0777
# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 mkdir ../${n3}/${n0} 0777

# Even if we have DELETE on the existing directory.
expect 0 prependacl ${n0} user:65534:delete::allow
# XXX: expect EACCES -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}
expect 0 -u 65534 -g 65534 rename ../${n3}/${n0} ${n0}

# Denied DELETE changes nothing wrt removing.
expect 0 prependacl ${n0} user:65534:delete::deny
expect 0 -u 65534 -g 65534 rmdir ${n0}

cd ${cdir}
expect 0 rmdir ${n2}
OpenPOWER on IntegriCloud