1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28#
29# Copyright (c) 2016 by Delphix. All rights reserved.
30#
31
32. $STF_SUITE/tests/functional/acl/acl_common.kshlib
33
34#
35# DESCRIPTION:
36#	Verify  1) Illegal options to chmod should fail.
37#		2) Delete all the ACE will lead to fail.
38#		3) Add ACE exceed 1024 will cause to fail.
39#
40# STRATEGY:
41#	1. Loop root and non-root users
42#	2. Verify all kinds of illegal option will lead to chmod failed.
43#	3. Verify 'chmod A0-' will fail when try to delete all the ACE.
44#	4. Verify 'chmod A+' will succeed when the ACE number exceed 1024.
45#
46
47verify_runnable "both"
48
49log_assert "Verify illegal operating to ACL, it will fail."
50log_onexit cleanup
51
52function err_opts #node
53{
54	typeset A_opts="+A@ -A#- +A% =A^ =A# =A@ +A#\ asd \
55			A+@ A-#- A+% A=^ A=# A=@ A+#"
56
57	log_note "Illegal option to chmod should fail."
58	for A in ${A_opts[@]}; do
59		log_mustnot usr_exec chmod ${A}owner@:read_data:allow $node
60		log_mustnot usr_exec chmod A+ asd owner@:execute:deny $node
61	done
62
63	typeset type_opts="everyone groups owner user@ users"
64	for tp in ${type_opts[@]}; do
65		log_mustnot usr_exec chmod A+$tp:read_data:deny $node
66	done
67
68	return 0
69}
70
71function del_all_ACE #node
72{
73	typeset node=$1
74	typeset -i cnt
75
76	cnt=$(count_ACE $node)
77	while (( cnt > 0 )); do
78		if (( cnt == 1 )); then
79			log_mustnot chmod A0- $node
80		else
81			log_must chmod A0- $node
82		fi
83
84		(( cnt -= 1 ))
85	done
86
87	return 0
88}
89
90function exceed_max_ACE #node
91{
92	typeset node=$1
93	typeset -i max=1024
94	typeset -i cnt
95
96	cnt=$(count_ACE $node)
97
98	# One more ACE exceed the max limitation.
99	(( max = max - cnt + 1 ))
100	while (( max > 0 )); do
101		if (( max == 1 )); then
102			log_mustnot chmod A+owner@:read_data:allow $node
103		else
104			chmod A+owner@:read_data:allow $node
105			if (($? != 0)); then
106				((cnt = 1024 - max))
107				log_fail "Add No.$cnt ACL item failed."
108			fi
109		fi
110
111		(( max -= 1 ))
112	done
113
114	return 0
115}
116
117typeset node
118typeset func_name="err_opts del_all_ACE exceed_max_ACE"
119
120for usr in "root" "$ZFS_ACL_STAFF1"; do
121	log_must set_cur_usr $usr
122
123	for node in $testfile $testdir; do
124		log_must usr_exec touch $testfile
125		log_must usr_exec mkdir $testdir
126
127		for func in $func_name; do
128			log_must eval "$func $node"
129		done
130
131		log_must usr_exec rm -rf $testfile $testdir
132	done
133done
134
135log_pass "Verify illegal operating to ACL passed."
136