1 #!/bin/ksh -p
   2 #
   3 # CDDL HEADER START
   4 #
   5 # The contents of this file are subject to the terms of the
   6 # Common Development and Distribution License (the "License").
   7 # You may not use this file except in compliance with the License.
   8 #
   9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10 # or http://www.opensolaris.org/os/licensing.
  11 # See the License for the specific language governing permissions
  12 # and limitations under the License.
  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 
  23 #
  24 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  25 # Use is subject to license terms.
  26 #
  27 
  28 #
  29 # Copyright (c) 2013 by Delphix. All rights reserved.
  30 #
  31 
  32 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib
  33 
  34 #
  35 # DESCRIPTION:
  36 #       Verify the permissions set will be masked on its descendent
  37 #       datasets by same name set.
  38 #
  39 # STRATEGY:
  40 #       1. Create $ROOT_TESTFS/childfs
  41 #       2. Set permission $perms1 to @set on $ROOT_TESTFS
  42 #       3. Reset permission $perms2 to @set on $ROOT_TESTFS/childfs
  43 #       4. Allow @set to $STAFF1 on $ROOT_TESTFS/childfs
  44 #       5. Verify $perms2 is delegated on $ROOT_TESTFS/childfs and its
  45 #          descendent.
  46 #       6. Allow @set to $STAFF1 on $ROOT_TESTFS
  47 #       7. Verify $perms1 is not appended to $STAFF1 on $ROOT_TESTFS/childfs and
  48 #          its descendent since it is masked
  49 #
  50 
  51 verify_runnable "both"
  52 
  53 log_assert "Verify permission set can be masked on descendent dataset."
  54 log_onexit restore_root_datasets
  55 
  56 typeset perms1="snapshot,reservation,compression"
  57 eval set -A dataset $DATASETS
  58 typeset perms2="checksum,send,userprop"
  59 
  60 #
  61 # Define three level filesystems
  62 #
  63 childfs=$ROOT_TESTFS/childfs
  64 grandchild=$childfs/grandchild
  65 log_must $ZFS create $childfs
  66 log_must $ZFS create $grandchild
  67 
  68 #
  69 # Setting different permissions to the same set on two level.
  70 # But only assign the user at one level.
  71 #
  72 log_must $ZFS allow -s @set $perms1 $ROOT_TESTFS
  73 log_must $ZFS allow -s @set $perms2 $childfs
  74 log_must $ZFS allow $STAFF1 @set $childfs
  75 
  76 #
  77 # Verify only perms2 is valid to user on the level which he was assigned.
  78 #
  79 log_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1
  80 for fs in $childfs $grandchild ; do
  81         log_must verify_noperm $fs $perms1 $STAFF1
  82         log_must verify_perm $fs $perms2 $STAFF1
  83 done
  84 
  85 #
  86 # Delegate @set to STAFF1 on ROOT_TESTFS, verify $perms1 will not be appended
  87 # to its descendent datasets since it is masked
  88 #
  89 log_must $ZFS allow $STAFF1 @set $ROOT_TESTFS
  90 log_must verify_perm $ROOT_TESTFS $perms1 $STAFF1
  91 for fs in $childfs $grandchild ; do
  92         log_must verify_noperm $fs $perms1 $STAFF1
  93         log_must verify_perm $fs $perms2 $STAFF1
  94 done
  95 
  96 # Remove the mask, $perms1 will be allowed to its descendent datasets
  97 log_must $ZFS unallow -s @set $childfs
  98 for fs in $childfs $grandchild ; do
  99         log_must verify_noperm $fs $perms2 $STAFF1
 100         log_must verify_perm $fs $perms1 $STAFF1
 101 done
 102 
 103 log_pass "Verify permission set can be masked on descendent dataset pass."