1 #! /usr/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 . $STF_SUITE/tests/acl/acl_common.kshlib
29
30 #################################################################################
31 #
32 # __stc_assertion_start
33 #
34 # ID: acl_chmod_neg001
35 #
36 # DESCRIPTION:
37 # Verify 1) Illegal options to chmod should fail.
38 # 2) Delete all the ACE will lead to fail.
39 # 3) Add ACE exceed 1024 will cause to fail.
40 #
41 # STRATEGY:
42 # 1. Loop root and non-root users
43 # 2. Verify all kinds of illegal option will lead to chmod failed.
44 # 3. Verify 'chmod A0-' will fail when try to delete all the ACE.
45 # 4. Verify 'chmod A+' will succeed when the ACE number exceed 1024.
46 #
47 # TESTABILITY: explicit
48 #
49 # TEST_AUTOMATION_LEVEL: automated
50 #
51 # __stc_assertion_end
52 #
53 ################################################################################
54
55 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
56 && set -x
57
58 echo "ASSERTION: Verify illegal operating to ACL, it will fail."
59
60 function err_opts #node
61 {
62 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
63 && set -x
64
65 typeset A_opts="+A@ -A#- +A% =A^ =A# =A@ +A#\ asd \
66 A+@ A-#- A+% A=^ A=# A=@ A+#"
67
68 # Illegal option to chmod should fail
69 for A in ${A_opts[@]}; do
70 RUN_CHECKNEG usr_exec $CHMOD ${A}owner@:read_data:allow $node \
71 || cleanup $STF_FAIL
72 RUN_CHECKNEG usr_exec $CHMOD A+ asd owner@:execute:deny $node \
73 || cleanup $STF_FAIL
74 done
75
76 typeset type_opts="everyone groups owner user@ users"
77 for tp in ${type_opts[@]}; do
78 RUN_CHECKNEG usr_exec $CHMOD A+$tp:read_data:deny $node \
79 || cleanup $STF_FAIL
80 done
81
82 return 0
83 }
84
85 function del_all_ACE #node
86 {
87 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
88 && set -x
89
90 typeset node=$1
91 typeset -i cnt
92
93 eval "cnt=$(count_ACE $node)" || cleanup $STF_FAIL
94 while (( cnt > 0 )); do
95 if (( cnt == 1 )); then
96 RUN_CHECKNEG $CHMOD A0- $node \
97 || cleanup $STF_FAIL
98 else
99 RUN_CHECK $CHMOD A0- $node \
100 || cleanup $STF_FAIL
101 fi
102
103 (( cnt -= 1 ))
104 done
105
106 return 0
107 }
108
109 function exceed_max_ACE #node
110 {
111 [[ :$NFSGEN_DEBUG: = *:${NAME}:* || :${NFSGEN_DEBUG}: = *:all:* ]] \
112 && set -x
113
114 typeset node=$1
115 typeset -i max=1024
116 typeset -i cnt
117
118 eval "cnt=$(count_ACE $node)" || cleanup $STF_FAIL
119
120 # One more ACE exceed the max limitation.
121 (( max = max - cnt + 1 ))
122 while (( max > 0 )); do
123 if (( max == 1 )); then
124 RUN_CHECKNEG $CHMOD A+owner@:read_data:allow $node \
125 || cleanup $STF_FAIL
126 else
127 $CHMOD A+owner@:read_data:allow $node
128 if (($? != 0)); then
129 ((cnt = 1024 - max))
130 echo "Add No.$cnt ACL item failed."
131 cleanup $STF_FAIL
132 fi
133 fi
134
135 (( max -= 1 ))
136 done
137
138 return 0
139 }
140
141 typeset node
142 typeset func_name="err_opts del_all_ACE exceed_max_ACE"
143
144 for usr in "root" "$ACL_STAFF1"; do
145 RUN_CHECK set_cur_usr $usr || cleanup $STF_FAIL
146
147 for node in $testfile $testdir; do
148 RUN_CHECK usr_exec $TOUCH $testfile || cleanup $STF_FAIL
149 RUN_CHECK usr_exec $MKDIR $testdir || cleanup $STF_FAIL
150
151 for func in $func_name; do
152 eval "$func $node" || cleanup $STF_FAIL
153 done
154
155 RUN_CHECK usr_exec $RM -rf $testfile $testdir \
156 || cleanup $STF_FAIL
157 done
158 done
159
160 # Verify illegal operating to ACL passed.
161 cleanup $STF_PASS