4 # The contents of this file are subject to the terms of the
5 # Common Development and Distribution License (the "License").
6 # You may not use this file except in compliance with the License.
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 # or http://www.opensolaris.org/os/licensing.
10 # See the License for the specific language governing permissions
11 # and limitations under the License.
13 # When distributing Covered Code, include this CDDL HEADER in each
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 # If applicable, add the following below this CDDL HEADER, with the
16 # fields enclosed by brackets "[]" replaced with your own identifying
17 # information: Portions Copyright [yyyy] [name of copyright owner]
23 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 # Use is subject to license terms.
28 # Copyright (c) 2013, 2016 by Delphix. All rights reserved.
29 # Copyright 2016 Nexenta Systems, Inc.
32 . $STF_SUITE/include/libtest.shlib
33 . $STF_SUITE/tests/functional/delegate/delegate.cfg
36 # Cleanup exist user/group.
38 function cleanup_user_group
41 for i in $STAFF1 $STAFF2 $OTHER1 $OTHER2 ; do
44 for i in $STAFF_GROUP $OTHER_GROUP ; do
52 # Restore test file system to the original status.
54 function restore_root_datasets
56 destroy_dataset "$ROOT_TESTFS" "-Rf"
57 log_must zfs create $ROOT_TESTFS
59 if is_global_zone ; then
60 destroy_dataset "$ROOT_TESTVOL" "-Rf"
61 log_must zfs create -V $VOLSIZE $ROOT_TESTVOL
69 # Verify the specified user have permission on the dataset
72 # $2 permissions which are separated by comma(,)
78 typeset permissions=$2
81 if [[ -z $@ || -z $permissions || -z $dtst ]]; then
85 typeset type=$(get_prop type $dtst)
86 permissions=$(echo $permissions | tr -s "," " ")
91 for perm in $permissions; do
93 if [[ $type == "filesystem" ]]; then
94 check_fs_perm $user $perm $dtst
96 elif [[ $type == "volume" ]]; then
97 check_vol_perm $user $perm $dtst
101 log_note "Check $type $user $perm $dtst"
102 if ((ret != 0)) ; then
103 log_note "Fail: $user should have $perm " \
114 # Verify the specified user have no permission on the dataset
117 # $2 permissions which are separated by comma(,)
120 function verify_noperm
123 typeset permissions=$2
126 if [[ -z $@ || -z $permissions || -z $dtst ]]; then
130 typeset type=$(get_prop type $dtst)
131 permissions=$(echo $permissions | tr -s "," " ")
136 for perm in $permissions; do
138 if [[ $type == "filesystem" ]]; then
139 check_fs_perm $user $perm $dtst
141 elif [[ $type == "volume" ]]; then
142 check_vol_perm $user $perm $dtst
146 if ((ret == 0)) ; then
147 log_note "Fail: $user should not have $perm " \
166 verify_send $user $perm $dtst
170 verify_allow $user $perm $dtst
174 verify_userprop $user $perm $dtst
177 compression|checksum|readonly)
178 verify_ccr $user $perm $dtst
182 verify_copies $user $perm $dtst
186 verify_reservation $user $perm $dtst
197 function check_fs_perm
206 verify_fs_create $user $perm $fs
210 verify_fs_destroy $user $perm $fs
214 verify_fs_snapshot $user $perm $fs
218 verify_fs_rollback $user $perm $fs
222 verify_fs_clone $user $perm $fs
226 verify_fs_rename $user $perm $fs
230 verify_fs_mount $user $perm $fs
234 verify_fs_share $user $perm $fs
238 verify_fs_mountpoint $user $perm $fs
242 verify_fs_promote $user $perm $fs
246 verify_fs_canmount $user $perm $fs
250 verify_fs_dnodesize $user $perm $fs
254 verify_fs_recordsize $user $perm $fs
258 verify_fs_quota $user $perm $fs
262 verify_fs_aclmode $user $perm $fs
266 verify_fs_aclinherit $user $perm $fs
270 verify_fs_snapdir $user $perm $fs
273 atime|exec|devices|setuid|xattr)
274 verify_fs_aedsx $user $perm $fs
278 verify_fs_zoned $user $perm $fs
282 verify_fs_sharenfs $user $perm $fs
286 verify_fs_receive $user $perm $fs
290 common_perm $user $perm $fs
298 function check_vol_perm
307 verify_vol_destroy $user $perm $vol
311 verify_vol_snapshot $user $perm $vol
315 verify_vol_rollback $user $perm $vol
319 verify_vol_clone $user $perm $vol
323 verify_vol_rename $user $perm $vol
327 verify_vol_promote $user $perm $vol
331 verify_vol_volsize $user $perm $vol
335 common_perm $user $perm $vol
343 function setup_unallow_testenv
345 log_must restore_root_datasets
347 log_must zfs create $SUBFS
349 for dtst in $DATASETS ; do
350 log_must zfs allow -l $STAFF1 $LOCAL_SET $dtst
351 log_must zfs allow -d $STAFF2 $DESC_SET $dtst
352 log_must zfs allow $OTHER1 $LOCAL_DESC_SET $dtst
353 log_must zfs allow $OTHER2 $LOCAL_DESC_SET $dtst
355 log_must verify_perm $dtst $LOCAL_SET $STAFF1
356 log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER1
357 log_must verify_perm $dtst $LOCAL_DESC_SET $OTHER2
358 if [[ $dtst == $ROOT_TESTFS ]]; then
359 log_must verify_perm $SUBFS $DESC_SET $STAFF2
360 log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER1
361 log_must verify_perm $SUBFS $LOCAL_DESC_SET $OTHER2
369 # Verify permission send for specified user on the dataset
381 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
382 typeset snap=$dtst@snap.$stamp
386 log_must zfs snapshot $snap
387 typeset bak_user=/tmp/bak.$user.$stamp
388 typeset bak_root=/tmp/bak.root.$stamp
390 user_run $user eval "zfs send $snap > $bak_user"
391 log_must eval "zfs send $snap > $bak_root"
393 if [[ $(checksum $bak_user) == $(checksum $bak_root) ]]; then
397 rm -rf $bak_user > /dev/null
398 rm -rf $bak_root > /dev/null
403 function verify_fs_receive
410 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
411 typeset newfs=$fs/newfs.$stamp
412 typeset newvol=$fs/newvol.$stamp
413 typeset bak_user=/tmp/bak.$user.$stamp
414 typeset bak_root=/tmp/bak.root.$stamp
416 log_must zfs create $newfs
417 typeset datasets="$newfs"
418 if is_global_zone ; then
419 log_must zfs create -V $VOLSIZE $newvol
421 datasets="$newfs $newvol"
424 for dtst in $datasets ; do
426 typeset dtstsnap=$dtst@snap.$stamp
427 log_must zfs snapshot $dtstsnap
429 log_must eval "zfs send $dtstsnap > $bak_root"
430 log_must_busy zfs destroy -rf $dtst
432 user_run $user eval "zfs receive $dtst < $bak_root"
433 if datasetexists $dtstsnap ; then
437 log_must zfs allow $user create $fs
438 user_run $user eval "zfs receive $dtst < $bak_root"
439 log_must zfs unallow $user create $fs
440 if datasetexists $dtstsnap ; then
444 log_must zfs allow $user mount $fs
445 user_run $user eval "zfs receive $dtst < $bak_root"
446 log_must zfs unallow $user mount $fs
447 if datasetexists $dtstsnap ; then
451 log_must zfs allow $user mount,create $fs
452 user_run $user eval "zfs receive $dtst < $bak_root"
453 log_must zfs unallow $user mount,create $fs
454 if ! datasetexists $dtstsnap ; then
458 # check the data integrity
459 log_must eval "zfs send $dtstsnap > $bak_user"
460 log_must_busy zfs destroy -rf $dtst
461 log_must eval "zfs receive $dtst < $bak_root"
462 log_must eval "zfs send $dtstsnap > $bak_root"
463 log_must_busy zfs destroy -rf $dtst
464 if [[ $(checksum $bak_user) != $(checksum $bak_root) ]]; then
468 rm -rf $bak_user > /dev/null
469 rm -rf $bak_root > /dev/null
476 function verify_userprop
482 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
484 user_run $user zfs set "$user:ts=$stamp" $dtst
485 if [[ $stamp != $(get_prop "$user:ts" $dtst) ]]; then
500 set -A modes "on" "off"
501 oldval=$(get_prop $perm $dtst)
502 if [[ $oldval == "on" ]]; then
504 elif [[ $oldval == "off" ]]; then
507 log_note "$user zfs set $perm=${modes[$n]} $dtst"
508 user_run $user zfs set $perm=${modes[$n]} $dtst
509 if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
516 function verify_copies
525 oldval=$(get_prop $perm $dtst)
526 if [[ $oldval -eq 1 ]]; then
528 elif [[ $oldval -eq 2 ]]; then
530 elif [[ $oldval -eq 3 ]]; then
533 log_note "$user zfs set $perm=${modes[$n]} $dtst"
534 user_run $user zfs set $perm=${modes[$n]} $dtst
535 if [[ ${modes[$n]} != $(get_prop $perm $dtst) ]]; then
542 function verify_reservation
548 typeset value32m=$(( 1024 * 1024 * 32 ))
549 typeset oldval=$(get_prop reservation $dtst)
550 user_run $user zfs set reservation=$value32m $dtst
551 if [[ $value32m != $(get_prop reservation $dtst) ]]; then
552 log_must zfs set reservation=$oldval $dtst
556 log_must zfs set reservation=$oldval $dtst
560 function verify_fs_create
566 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
567 typeset newfs=$fs/nfs.$stamp
568 typeset newvol=$fs/nvol.$stamp
570 user_run $user zfs create $newfs
571 if datasetexists $newfs ; then
575 log_must zfs allow $user mount $fs
576 user_run $user zfs create $newfs
577 log_must zfs unallow $user mount $fs
578 if ! datasetexists $newfs ; then
582 log_must zfs destroy $newfs
584 if is_global_zone ; then
585 # mount permission is required for sparse volume
586 user_run $user zfs create -V 150m -s $newvol
588 if datasetexists $newvol ; then
592 log_must zfs allow $user mount $fs
593 user_run $user zfs create -V 150m -s $newvol
594 log_must zfs unallow $user mount $fs
595 if ! datasetexists $newvol ; then
600 log_must zfs destroy $newvol
603 # mount and reserveration permission are
604 # required for normal volume
605 user_run $user zfs create -V 150m $newvol
607 if datasetexists $newvol ; then
611 log_must zfs allow $user mount $fs
612 user_run $user zfs create -V 150m $newvol
614 log_must zfs unallow $user mount $fs
615 if datasetexists $newvol ; then
619 log_must zfs allow $user reservation $fs
620 user_run $user zfs create -V 150m $newvol
622 log_must zfs unallow $user reservation $fs
623 if datasetexists $newvol ; then
627 log_must zfs allow $user refreservation $fs
628 user_run $user zfs create -V 150m $newvol
630 log_must zfs unallow $user refreservation $fs
631 if datasetexists $newvol ; then
635 log_must zfs allow $user mount $fs
636 log_must zfs allow $user reservation $fs
637 log_must zfs allow $user refreservation $fs
638 user_run $user zfs create -V 150m $newvol
639 log_must zfs unallow $user mount $fs
640 log_must zfs unallow $user reservation $fs
641 log_must zfs unallow $user refreservation $fs
642 if ! datasetexists $newvol ; then
647 log_must zfs destroy $newvol
654 function verify_fs_destroy
660 if ! ismounted $fs ; then
661 user_run $user zfs destroy $fs
662 if datasetexists $fs ; then
667 if ismounted $fs ; then
668 user_run $user zfs destroy $fs
669 if ! datasetexists $fs ; then
673 # mount permission is required
674 log_must zfs allow $user mount $fs
675 user_run $user zfs destroy $fs
676 if datasetexists $fs ; then
684 # Verify that given the correct delegation, a regular user can:
685 # Take a snapshot of an unmounted dataset
686 # Take a snapshot of an mounted dataset
687 # Create a snapshot by making a directory in the .zfs/snapshot directory
688 function verify_fs_snapshot
694 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
695 typeset snap=$fs@snap.$stamp
696 typeset mntpt=$(get_prop mountpoint $fs)
698 if [[ "yes" == $(get_prop mounted $fs) ]]; then
699 log_must zfs umount $fs
702 user_run $user zfs snapshot $snap
703 if ! datasetexists $snap ; then
706 log_must zfs destroy $snap
708 if [[ "no" == $(get_prop mounted $fs) ]]; then
709 log_must zfs mount $fs
712 user_run $user zfs snapshot $snap
713 if ! datasetexists $snap ; then
716 log_must zfs destroy $snap
718 typeset snapdir=${mntpt}/.zfs/snapshot/snap.$stamp
719 user_run $user mkdir $snapdir
720 if ! datasetexists $snap ; then
723 log_must zfs destroy $snap
728 function verify_fs_rollback
735 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
736 typeset snap=$fs@snap.$stamp
737 typeset mntpt=$(get_prop mountpoint $fs)
739 oldval=$(datasetcksum $fs)
740 log_must zfs snapshot $snap
742 if ! ismounted $fs; then
743 log_must zfs mount $fs
745 log_must touch $mntpt/testfile.$stamp
747 user_run $user zfs rollback -R $snap
748 if is_global_zone ; then
749 if [[ $oldval != $(datasetcksum $fs) ]]; then
753 # datasetcksum can not be used in local zone
754 if [[ -e $mntpt/testfile.$stamp ]]; then
762 function verify_fs_clone
768 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
769 typeset basefs=${fs%/*}
770 typeset snap=$fs@snap.$stamp
771 typeset clone=$basefs/cfs.$stamp
773 log_must zfs snapshot $snap
774 user_run $user zfs clone $snap $clone
775 if datasetexists $clone ; then
779 log_must zfs allow $user create $basefs
780 user_run $user zfs clone $snap $clone
781 log_must zfs unallow $user create $basefs
782 if datasetexists $clone ; then
786 log_must zfs allow $user mount $basefs
787 user_run $user zfs clone $snap $clone
788 log_must zfs unallow $user mount $basefs
789 if datasetexists $clone ; then
793 log_must zfs allow $user mount $basefs
794 log_must zfs allow $user create $basefs
795 user_run $user zfs clone $snap $clone
796 log_must zfs unallow $user create $basefs
797 log_must zfs unallow $user mount $basefs
798 if ! datasetexists $clone ; then
802 log_must zfs destroy -R $snap
807 function verify_fs_rename
813 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
814 typeset basefs=${fs%/*}
815 typeset snap=$fs@snap.$stamp
816 typeset renamefs=$basefs/nfs.$stamp
818 if ! ismounted $fs; then
819 log_must zfs mount $fs
823 user_run $user zfs rename $fs $renamefs
824 if datasetexists $renamefs ; then
829 log_must zfs allow $user create $basefs
830 user_run $user zfs rename $fs $renamefs
831 log_must zfs unallow $user create $basefs
832 if datasetexists $renamefs ; then
837 log_must zfs allow $user mount $basefs
838 user_run $user zfs rename $fs $renamefs
839 log_must zfs unallow $user mount $basefs
840 if datasetexists $renamefs ; then
845 log_must zfs allow $user mount $fs
846 user_run $user zfs rename $fs $renamefs
847 if datasetexists $renamefs ; then
848 log_must zfs unallow $user mount $renamefs
851 log_must zfs unallow $user mount $fs
854 log_must zfs allow $user create $basefs
855 log_must zfs allow $user mount $fs
856 user_run $user zfs rename $fs $renamefs
857 log_must zfs unallow $user create $basefs
858 if datasetexists $renamefs ; then
859 log_must zfs unallow $user mount $renamefs
862 log_must zfs unallow $user mount $fs
865 log_must zfs allow $user mount $basefs
866 log_must zfs allow $user mount $fs
867 user_run $user zfs rename $fs $renamefs
868 log_must zfs unallow $user mount $basefs
869 if datasetexists $renamefs ; then
870 log_must zfs unallow $user mount $renamefs
873 log_must zfs unallow $user mount $fs
876 log_must zfs allow $user create $basefs
877 log_must zfs allow $user mount $basefs
878 user_run $user zfs rename $fs $renamefs
879 log_must zfs unallow $user mount $basefs
880 log_must zfs unallow $user create $basefs
881 if ! datasetexists $renamefs ; then
885 log_must zfs rename $renamefs $fs
890 function verify_fs_mount
896 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
897 typeset mntpt=$(get_prop mountpoint $fs)
898 typeset newmntpt=/tmp/mnt.$stamp
900 if ismounted $fs ; then
901 user_run $user zfs unmount $fs
902 if ismounted $fs ; then
907 if ! ismounted $fs ; then
908 log_must zfs set mountpoint=$newmntpt $fs
909 log_must rm -rf $newmntpt
910 log_must mkdir $newmntpt
912 user_run $user zfs mount $fs
913 if ismounted $fs ; then
917 # mountpoint's owner must be the user
918 log_must chown $user $newmntpt
919 user_run $user zfs mount $fs
920 if ! ismounted $fs ; then
923 log_must zfs umount $fs
924 log_must rm -rf $newmntpt
925 log_must zfs set mountpoint=$mntpt $fs
931 function verify_fs_share
938 svcadm enable -rs nfs/server
939 typeset stat=$(svcs -H -o STA nfs/server:default)
940 if [[ $stat != "ON" ]]; then
941 log_fail "Could not enable nfs/server"
944 log_must zfs set sharenfs=on $fs
947 user_run $user zfs share $fs
948 if ! is_shared $fs; then
953 log_must zfs set sharenfs=off $fs
958 function verify_fs_mountpoint
964 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
965 typeset mntpt=$(get_prop mountpoint $fs)
966 typeset newmntpt=/tmp/mnt.$stamp
968 if ! ismounted $fs ; then
969 user_run $user zfs set mountpoint=$newmntpt $fs
971 $(get_prop mountpoint $fs) ]] ; then
974 log_must zfs set mountpoint=$mntpt $fs
977 if ismounted $fs ; then
978 user_run $user zfs set mountpoint=$newmntpt $fs
979 if [[ $mntpt != $(get_prop mountpoint $fs) ]]; then
983 # require mount permission when fs is mounted
984 log_must zfs allow $user mount $fs
985 user_run $user zfs set mountpoint=$newmntpt $fs
986 log_must zfs unallow $user mount $fs
988 $(get_prop mountpoint $fs) ]] ; then
991 log_must zfs set mountpoint=$mntpt $fs
997 function verify_fs_promote
1003 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
1004 typeset basefs=${fs%/*}
1005 typeset snap=$fs@snap.$stamp
1006 typeset clone=$basefs/cfs.$stamp
1008 log_must zfs snapshot $snap
1009 log_must zfs clone $snap $clone
1010 log_must zfs promote $clone
1012 typeset fs_orig=$(get_prop origin $fs)
1013 typeset clone_orig=$(get_prop origin $clone)
1015 user_run $user zfs promote $fs
1016 # promote should fail if original fs does not have
1017 # promote permission
1018 if [[ $fs_orig != $(get_prop origin $fs) || \
1019 $clone_orig != $(get_prop origin $clone) ]]; then
1023 log_must zfs allow $user promote $clone
1024 user_run $user zfs promote $fs
1025 log_must zfs unallow $user promote $clone
1026 if [[ $fs_orig != $(get_prop origin $fs) || \
1027 $clone_orig != $(get_prop origin $clone) ]]; then
1031 log_must zfs allow $user mount $fs
1032 user_run $user zfs promote $fs
1033 log_must zfs unallow $user mount $fs
1034 if [[ $fs_orig != $(get_prop origin $fs) || \
1035 $clone_orig != $(get_prop origin $clone) ]]; then
1039 log_must zfs allow $user mount $fs
1040 log_must zfs allow $user promote $clone
1041 user_run $user zfs promote $fs
1042 log_must zfs unallow $user promote $clone
1043 log_must zfs unallow $user mount $fs
1044 if [[ $snap != $(get_prop origin $clone) || \
1045 $clone_orig != $(get_prop origin $fs) ]]; then
1052 function verify_fs_canmount
1059 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
1061 if ! ismounted $fs ; then
1062 set -A modes "on" "off"
1063 oldval=$(get_prop $perm $fs)
1064 if [[ $oldval == "on" ]]; then
1066 elif [[ $oldval == "off" ]]; then
1069 log_note "$user zfs set $perm=${modes[$n]} $fs"
1070 user_run $user zfs set $perm=${modes[$n]} $fs
1071 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1078 if ismounted $fs ; then
1079 # property value does not change if
1080 # no mount permission
1081 set -A modes "on" "off"
1082 oldval=$(get_prop $perm $fs)
1083 if [[ $oldval == "on" ]]; then
1085 elif [[ $oldval == "off" ]]; then
1088 log_note "$user zfs set $perm=${modes[$n]} $fs"
1089 log_must zfs allow $user mount $fs
1090 user_run $user zfs set $perm=${modes[$n]} $fs
1091 log_must zfs unallow $user mount $fs
1092 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1100 function verify_fs_recordsize
1106 typeset value8k=$(( 1024 * 8 ))
1107 user_run $user zfs set recordsize=$value8k $fs
1108 if [[ $value8k != $(get_prop recordsize $fs) ]]; then
1115 function verify_fs_dnodesize
1122 user_run $user zfs set dnodesize=$value $fs
1123 if [[ $value != $(get_prop dnodesize $fs) ]]; then
1130 function verify_fs_quota
1136 typeset value32m=$(( 1024 * 1024 * 32 ))
1137 user_run $user zfs set quota=$value32m $fs
1138 if [[ $value32m != $(get_prop quota $fs) ]]; then
1145 function verify_fs_aclmode
1152 set -A modes "discard" "groupmask" "passthrough"
1153 oldval=$(get_prop $perm $fs)
1154 if [[ $oldval == "discard" ]]; then
1156 elif [[ $oldval == "groupmask" ]]; then
1158 elif [[ $oldval == "passthrough" ]]; then
1161 log_note "$user zfs set aclmode=${modes[$n]} $fs"
1162 user_run $user zfs set aclmode=${modes[$n]} $fs
1163 if [[ ${modes[$n]} != $(get_prop aclmode $fs) ]]; then
1170 function verify_fs_aclinherit
1177 # PSARC/2008/231 change the default value of aclinherit to "restricted"
1178 # but still keep the old interface of "secure"
1182 set -A modes "discard" "noallow" "secure" "passthrough"
1183 oldval=$(get_prop $perm $fs)
1184 if [[ $oldval == "discard" ]]; then
1186 elif [[ $oldval == "noallow" ]]; then
1188 elif [[ $oldval == "secure" || $oldval == "restricted" ]]; then
1190 elif [[ $oldval == "passthrough" ]]; then
1193 log_note "$user zfs set aclinherit=${modes[$n]} $fs"
1194 user_run $user zfs set aclinherit=${modes[$n]} $fs
1196 typeset newval=$(get_prop aclinherit $fs)
1197 if [[ ${modes[$n]} == "secure" && $newval == "restricted" ]]; then
1199 elif [[ ${modes[$n]} != $(get_prop aclinherit $fs) ]]; then
1206 function verify_fs_snapdir
1213 set -A modes "visible" "hidden"
1214 oldval=$(get_prop $perm $fs)
1215 if [[ $oldval == "visible" ]]; then
1217 elif [[ $oldval == "hidden" ]]; then
1220 log_note "$user zfs set snapdir=${modes[$n]} $fs"
1221 user_run $user zfs set snapdir=${modes[$n]} $fs
1222 if [[ ${modes[$n]} != $(get_prop snapdir $fs) ]]; then
1229 function verify_fs_aedsx
1236 set -A modes "on" "off"
1237 oldval=$(get_prop $perm $fs)
1238 if [[ $oldval == "on" ]]; then
1240 elif [[ $oldval == "off" ]]; then
1243 log_note "$user zfs set $perm=${modes[$n]} $fs"
1244 user_run $user zfs set $perm=${modes[$n]} $fs
1245 if [[ ${modes[$n]} != $(get_prop $perm $fs) ]]; then
1252 function verify_fs_zoned
1259 set -A modes "on" "off"
1260 oldval=$(get_prop $perm $fs)
1261 if [[ $oldval == "on" ]]; then
1263 elif [[ $oldval == "off" ]]; then
1266 log_note "$user zfs set $perm=${modes[$n]} $fs"
1267 if is_global_zone ; then
1268 if ! ismounted $fs ; then
1269 user_run $user zfs set \
1270 $perm=${modes[$n]} $fs
1271 if [[ ${modes[$n]} != \
1272 $(get_prop $perm $fs) ]]; then
1275 if [[ $n -eq 0 ]]; then
1276 log_mustnot zfs mount $fs
1278 log_must zfs mount $fs
1282 if ismounted $fs; then
1283 # n always is 1 in this case
1284 user_run $user zfs set \
1285 $perm=${modes[$n]} $fs
1287 $(get_prop $perm $fs) ]]; then
1291 # mount permission is needed
1293 log_must zfs allow $user mount $fs
1294 user_run $user zfs set \
1295 $perm=${modes[$n]} $fs
1296 log_must zfs unallow $user mount $fs
1297 if [[ ${modes[$n]} != \
1298 $(get_prop $perm $fs) ]]; then
1304 if ! is_global_zone; then
1305 user_run $user zfs set $perm=${modes[$n]} $fs
1306 if [[ $oldval != $(get_prop $perm $fs) ]]; then
1314 function verify_fs_sharenfs
1321 omode=$(get_prop $perm $fs)
1322 if [[ $omode == "off" ]]; then
1328 log_note "$user zfs set $perm=$nmode $fs"
1329 user_run $user zfs set $perm=$nmode $fs
1330 if [[ $(get_prop $perm $fs) != $nmode ]]; then
1334 log_note "$user zfs set $perm=$omode $fs"
1335 user_run $user zfs set $perm=$omode $fs
1336 if [[ $(get_prop $perm $fs) != $omode ]]; then
1343 function verify_vol_destroy
1349 user_run $user zfs destroy $vol
1350 if ! datasetexists $vol ; then
1354 # mount permission is required
1355 log_must zfs allow $user mount $vol
1356 user_run $user zfs destroy $vol
1357 if datasetexists $vol ; then
1364 function verify_vol_snapshot
1370 typeset stamp=${perm}.${user}.$(date +'%F-%T-%N')
1371 typeset basevol=${vol%/*}
1372 typeset snap=$vol@snap.$stamp
1374 user_run $user zfs snapshot $snap
1375 if datasetexists $snap ; then
1379 log_must zfs allow $user mount $vol
1380 user_run $user zfs snapshot $snap
1381 log_must zfs unallow $user mount $vol
1382 if ! datasetexists $snap ; then
1389 function verify_vol_rollback
1395 typeset stamp=${perm}.${user}.$(date+'%F-%T-%N')
1396 typeset basevol=${vol%/*}
1397 typeset snap=$vol@snap.$stamp
1400 log_must zfs snapshot $snap
1401 oldval=$(datasetcksum $vol)
1403 log_must dd if=/dev/urandom of=$ZVOL_RDEVDIR/$vol \
1406 user_run $user zfs rollback -R $snap
1408 if [[ $oldval == $(datasetcksum $vol) ]]; then
1412 # rollback on volume has to be with mount permission
1413 log_must zfs allow $user mount $vol
1414 user_run $user zfs rollback -R $snap
1416 log_must zfs unallow $user mount $vol
1417 if [[ $oldval != $(datasetcksum $vol) ]]; then
1424 function verify_vol_clone
1430 typeset stamp=${perm}.${user}.$(date+'%F-%T-%N')
1431 typeset basevol=${vol%/*}
1432 typeset snap=$vol@snap.$stamp
1433 typeset clone=$basevol/cvol.$stamp
1435 log_must zfs snapshot $snap
1437 user_run $user zfs clone $snap $clone
1438 if datasetexists $clone ; then
1442 log_must zfs allow $user create $basevol
1443 user_run $user zfs clone $snap $clone
1444 log_must zfs unallow $user create $basevol
1445 if datasetexists $clone ; then
1449 log_must zfs allow $user mount $basevol
1450 user_run $user zfs clone $snap $clone
1451 log_must zfs unallow $user mount $basevol
1452 if datasetexists $clone ; then
1456 # require create permission on parent and
1457 # mount permission on itself as well
1458 log_must zfs allow $user mount $basevol
1459 log_must zfs allow $user create $basevol
1460 user_run $user zfs clone $snap $clone
1461 log_must zfs unallow $user create $basevol
1462 log_must zfs unallow $user mount $basevol
1463 if ! datasetexists $clone ; then
1470 function verify_vol_rename
1476 typeset stamp=${perm}.${user}.$(date+'%F-%T-%N')
1477 typeset basevol=${vol%/*}
1478 typeset snap=$vol@snap.$stamp
1479 typeset clone=$basevol/cvol.$stamp
1480 typeset renamevol=$basevol/nvol.$stamp
1482 user_run $user zfs rename $vol $renamevol
1483 if datasetexists $renamevol ; then
1487 log_must zfs allow $user create $basevol
1488 user_run $user zfs rename $vol $renamevol
1489 log_must zfs unallow $user create $basevol
1490 if datasetexists $renamevol ; then
1494 log_must zfs allow $user mount $basevol
1495 user_run $user zfs rename $vol $renamevol
1496 log_must zfs unallow $user mount $basevol
1497 if datasetexists $renamevol ; then
1501 # require both create permission on parent and
1502 # mount permission on parent as well
1503 log_must zfs allow $user mount $basevol
1504 log_must zfs allow $user create $basevol
1505 user_run $user zfs rename $vol $renamevol
1506 log_must zfs unallow $user mount $basevol
1507 log_must zfs unallow $user create $basevol
1508 if ! datasetexists $renamevol ; then
1512 log_must zfs rename $renamevol $vol
1517 function verify_vol_promote
1523 typeset stamp=${perm}.${user}.$(date+'%F-%T-%N')
1524 typeset basevol=${vol%/*}
1525 typeset snap=$vol@snap.$stamp
1526 typeset clone=$basevol/cvol.$stamp
1528 log_must zfs snapshot $snap
1529 log_must zfs clone $snap $clone
1530 log_must zfs promote $clone
1532 typeset vol_orig=$(get_prop origin $vol)
1533 typeset clone_orig=$(get_prop origin $clone)
1535 # promote should fail if $vol and $clone
1536 # miss either mount or promote permission
1538 user_run $user zfs promote $vol
1539 if [[ $vol_orig != $(get_prop origin $vol) || \
1540 $clone_orig != $(get_prop origin $clone) ]];
1545 # promote should fail if $vol and $clone
1546 # miss either mount or promote permission
1548 log_must zfs allow $user promote $clone
1549 user_run $user zfs promote $vol
1550 log_must zfs unallow $user promote $clone
1551 if [[ $vol_orig != $(get_prop origin $vol) || \
1552 $clone_orig != $(get_prop origin $clone) ]];
1557 # promote should fail if $vol and $clone
1558 # miss either mount or promote permission
1560 log_must zfs allow $user mount $vol
1561 user_run $user zfs promote $vol
1562 log_must zfs unallow $user mount $vol
1563 if [[ $vol_orig != $(get_prop origin $vol) || \
1564 $clone_orig != $(get_prop origin $clone) ]];
1569 # promote should fail if $vol and $clone
1570 # miss either mount or promote permission
1572 log_must zfs allow $user mount $clone
1573 user_run $user zfs promote $vol
1574 log_must zfs unallow $user mount $clone
1575 if [[ $vol_orig != $(get_prop origin $vol) || \
1576 $clone_orig != $(get_prop origin $clone) ]];
1581 # promote should fail if $vol and $clone
1582 # miss either mount or promote permission
1584 log_must zfs allow $user promote $clone
1585 log_must zfs allow $user mount $vol
1586 user_run $user zfs promote $vol
1587 log_must zfs unallow $user promote $clone
1588 log_must zfs unallow $user mount $vol
1589 if [[ $vol_orig != $(get_prop origin $vol) || \
1590 $clone_orig != $(get_prop origin $clone) ]];
1595 # promote should fail if $vol and $clone
1596 # miss either mount or promote permission
1598 log_must zfs allow $user promote $clone
1599 log_must zfs allow $user mount $clone
1600 user_run $user zfs promote $vol
1601 log_must zfs unallow $user promote $clone
1602 log_must zfs unallow $user mount $vol
1603 if [[ $vol_orig != $(get_prop origin $vol) || \
1604 $clone_orig != $(get_prop origin $clone) ]];
1609 # promote should fail if $vol and $clone
1610 # miss either mount or promote permission
1612 log_must zfs allow $user mount $vol
1613 log_must zfs allow $user mount $clone
1614 user_run $user zfs promote $vol
1615 log_must zfs unallow $user mount $vol
1616 log_must zfs unallow $user mount $clone
1617 if [[ $vol_orig != $(get_prop origin $vol) || \
1618 $clone_orig != $(get_prop origin $clone) ]];
1623 # promote only succeeds when $vol and $clone
1624 # have both mount and promote permission
1626 log_must zfs allow $user promote $clone
1627 log_must zfs allow $user mount $vol
1628 log_must zfs allow $user mount $clone
1629 user_run $user zfs promote $vol
1630 log_must zfs unallow $user promote $clone
1631 log_must zfs unallow $user mount $vol
1632 log_must zfs unallow $user mount $clone
1633 if [[ $snap != $(get_prop origin $clone) || \
1634 $clone_orig != $(get_prop origin $vol) ]]; then
1641 function verify_vol_volsize
1648 oldval=$(get_prop volsize $vol)
1649 (( newval = oldval * 2 ))
1651 reserv_size=$(get_prop refreservation $vol)
1653 if [[ "0" == $reserv_size ]]; then
1655 user_run $user zfs set volsize=$newval $vol
1656 if [[ $oldval == $(get_prop volsize $vol) ]];
1662 # normal volume, reservation permission
1664 user_run $user zfs set volsize=$newval $vol
1665 if [[ $newval == $(get_prop volsize $vol) ]];
1670 log_must zfs allow $user reservation $vol
1671 log_must zfs allow $user refreservation $vol
1672 user_run $user zfs set volsize=$newval $vol
1673 log_must zfs unallow $user reservation $vol
1674 log_must zfs unallow $user refreservation $vol
1675 if [[ $oldval == $(get_prop volsize $vol) ]];
1684 function verify_allow
1692 user_run $user zfs allow $user allow $dtst
1694 if [[ $ret -eq 0 ]]; then
1698 log_must zfs allow $user copies $dtst
1699 user_run $user zfs allow $user copies $dtst
1701 log_must zfs unallow $user copies $dtst
1702 if [[ $ret -eq 1 ]]; then