THIS IS NOT COMPLETE YET.  Still to come is another set of scripts to drive
this set.  It calls "runtests" with different user/group combinations, and
also sets up cross-realm tests.

==

This is a test suite for NFSv4 acls.  Each C program tests a single
operation by calling the corresponding system call, possibly preceded by an
open, and looking at the return code.

There is also a set of shell scripts to drive the tests.  For each test, the
corresponding acl rights bit is turned off, then the test is run to see
whether the operation succeeds.  If the acls are working, the operation
should fail.

A better test would be to look at the file system on the server to see
whether the operation has succeeded, rather than trusting the return code
from the system call on the client.  We do not (yet) do this.

The set of tests should be run several times for user, group, and other
aces, for all security types, and for cross-realm authentication.

We do not test the "x" bit on files, which is enforced only on the client.

The write_owner test is unreliable, because it is often denied by the
client.  It could be tested using pynfs but we have not done this.

The 4.1 spec says "x" controls lookup and you need both "d" and "D" to
delete.

Operation

If you see "*** FAIL ***" that means some operation succeeded when it should
have been disallowed by the acl.  "PASS" means the operation failed as
expected.  "errno X" means the operation failed, but did not return the
expected error code.  It would be prudent to investigate these.

==

fstab:
snoopy:/ /snoopy nfs4 rw,noac,noauto,intr 0 0
manhattan:/vol/citi1 /manhattan nfs4 rw,noac,intr 0 0

./runtests -d /snoopy/home/rees
./runtests -d /manhattan/nobody

Acl definitions:

        r - NFS4_ACE_READ_DATA
        w - NFS4_ACE_WRITE_DATA
        a - NFS4_ACE_APPEND_DATA
        x - NFS4_ACE_EXECUTE
        d - NFS4_ACE_DELETE
        l - NFS4_ACE_LIST_DIRECTORY
        f - NFS4_ACE_ADD_FILE
        s - NFS4_ACE_ADD_SUBDIRECTORY
        n - NFS4_ACE_READ_NAMED_ATTRS
        N - NFS4_ACE_WRITE_NAMED_ATTRS
        D - NFS4_ACE_DELETE_CHILD
        t - NFS4_ACE_READ_ATTRIBUTES
        T - NFS4_ACE_WRITE_ATTRIBUTES
        c - NFS4_ACE_READ_ACL
        C - NFS4_ACE_WRITE_ACL
        o - NFS4_ACE_WRITE_OWNER
        y - NFS4_ACE_SYNCHRONIZE

   READ_DATA              Permission to read the data of the file
   LIST_DIRECTORY         Permission to list the contents of a
                          directory
   WRITE_DATA             Permission to modify the file's data
   ADD_FILE               Permission to add a new file to a
                          directory
   APPEND_DATA            Permission to append data to a file
   ADD_SUBDIRECTORY       Permission to create a subdirectory to a
                          directory
   READ_NAMED_ATTRS       Permission to read the named attributes
                          of a file
   WRITE_NAMED_ATTRS      Permission to write the named attributes
                          of a file
   EXECUTE                Permission to execute a file
   DELETE_CHILD           Permission to delete a file or directory
                          within a directory
   READ_ATTRIBUTES        The ability to read basic attributes
                          (non-acls) of a file
   WRITE_ATTRIBUTES       Permission to change basic attributes
   DELETE                 Permission to Delete the file
   READ_ACL               Permission to Read the ACL
   WRITE_ACL              Permission to Write the ACL
   WRITE_OWNER            Permission to change the owner

   "OWNER"                The owner of the file.
   "GROUP"                The group associated with the file.
   "EVERYONE"             The world.
   "INTERACTIVE"          Accessed from an interactive terminal.
   "NETWORK"              Accessed via the network.
   "DIALUP"               Accessed as a dialup user to the server.
   "BATCH"                Accessed from a batch job.
   "ANONYMOUS"            Accessed without any authentication.
   "AUTHENTICATED"        Any authenticated user (opposite of
                          ANONYMOUS)
   "SERVICE"              Access from a system service.
