2 * Copyright (c) 2003-2007 Tim Kientzle
3 * Copyright (c) 2016 Martin Matuska
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 __FBSDID("$FreeBSD$");
30 * Verify reading entries with POSIX.1e and NFSv4 ACLs from archives created
33 * This should work on all systems, regardless of whether local filesystems
34 * support ACLs or not.
37 static struct archive_test_acl_t acls0[] = {
38 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
39 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
40 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
41 ARCHIVE_ENTRY_ACL_USER, -1, "user77" },
42 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
43 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
44 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
45 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
46 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
47 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
50 static struct archive_test_acl_t acls1[] = {
51 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
52 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
53 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
54 ARCHIVE_ENTRY_ACL_USER, -1, "user77" },
55 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
56 ARCHIVE_ENTRY_ACL_USER, -1, "user78" },
57 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
58 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
59 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
60 ARCHIVE_ENTRY_ACL_GROUP, -1, "group78" },
61 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
62 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
63 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
64 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
67 static struct archive_test_acl_t acls2[] = {
68 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE,
69 ARCHIVE_ENTRY_ACL_USER_OBJ, -1 ,"" },
70 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_READ,
71 ARCHIVE_ENTRY_ACL_USER, -1, "user77" },
72 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_READ,
73 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
74 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE,
75 ARCHIVE_ENTRY_ACL_GROUP, -1, "group78" },
76 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_EXECUTE,
77 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
78 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_WRITE,
79 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
82 static struct archive_test_acl_t acls3[] = {
83 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
84 ARCHIVE_ENTRY_ACL_READ_DATA |
85 ARCHIVE_ENTRY_ACL_WRITE_DATA |
86 ARCHIVE_ENTRY_ACL_EXECUTE |
87 ARCHIVE_ENTRY_ACL_APPEND_DATA |
88 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
89 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
90 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
91 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
92 ARCHIVE_ENTRY_ACL_READ_ACL |
93 ARCHIVE_ENTRY_ACL_WRITE_ACL |
94 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
95 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
96 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
97 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
98 ARCHIVE_ENTRY_ACL_READ_DATA |
99 ARCHIVE_ENTRY_ACL_WRITE_DATA |
100 ARCHIVE_ENTRY_ACL_APPEND_DATA |
101 ARCHIVE_ENTRY_ACL_READ_ACL |
102 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
103 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
104 ARCHIVE_ENTRY_ACL_READ_ACL |
105 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
106 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
107 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
108 ARCHIVE_ENTRY_ACL_READ_DATA |
109 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
110 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
111 ARCHIVE_ENTRY_ACL_READ_ACL |
112 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
113 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
116 static struct archive_test_acl_t acls4[] = {
117 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
118 ARCHIVE_ENTRY_ACL_READ_DATA |
119 ARCHIVE_ENTRY_ACL_WRITE_DATA |
120 ARCHIVE_ENTRY_ACL_APPEND_DATA |
121 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
122 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
123 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
124 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
125 ARCHIVE_ENTRY_ACL_READ_ACL |
126 ARCHIVE_ENTRY_ACL_WRITE_ACL |
127 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
128 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
129 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
130 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
131 ARCHIVE_ENTRY_ACL_READ_DATA |
132 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
133 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
134 ARCHIVE_ENTRY_ACL_READ_ACL |
135 ARCHIVE_ENTRY_ACL_SYNCHRONIZE |
136 ARCHIVE_ENTRY_ACL_ENTRY_INHERITED,
137 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
138 { ARCHIVE_ENTRY_ACL_TYPE_DENY,
139 ARCHIVE_ENTRY_ACL_READ_DATA |
140 ARCHIVE_ENTRY_ACL_WRITE_DATA |
141 ARCHIVE_ENTRY_ACL_EXECUTE,
142 ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
143 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
144 ARCHIVE_ENTRY_ACL_READ_DATA |
145 ARCHIVE_ENTRY_ACL_WRITE_DATA |
146 ARCHIVE_ENTRY_ACL_APPEND_DATA |
147 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
148 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
149 ARCHIVE_ENTRY_ACL_READ_ACL |
150 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
151 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
152 { ARCHIVE_ENTRY_ACL_TYPE_DENY,
153 ARCHIVE_ENTRY_ACL_WRITE_DATA |
154 ARCHIVE_ENTRY_ACL_APPEND_DATA |
155 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
156 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
157 ARCHIVE_ENTRY_ACL_WRITE_ACL |
158 ARCHIVE_ENTRY_ACL_WRITE_OWNER,
159 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
160 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
161 ARCHIVE_ENTRY_ACL_READ_DATA |
162 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
163 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
164 ARCHIVE_ENTRY_ACL_READ_ACL |
165 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
166 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
169 static struct archive_test_acl_t acls5[] = {
170 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
171 ARCHIVE_ENTRY_ACL_READ_DATA |
172 ARCHIVE_ENTRY_ACL_WRITE_DATA |
173 ARCHIVE_ENTRY_ACL_EXECUTE |
174 ARCHIVE_ENTRY_ACL_APPEND_DATA |
175 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
176 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
177 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
178 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
179 ARCHIVE_ENTRY_ACL_READ_ACL |
180 ARCHIVE_ENTRY_ACL_WRITE_ACL |
181 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
182 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
183 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
184 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
185 ARCHIVE_ENTRY_ACL_READ_DATA |
186 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
187 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
188 ARCHIVE_ENTRY_ACL_READ_ACL |
189 ARCHIVE_ENTRY_ACL_SYNCHRONIZE |
190 ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT |
191 ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT,
192 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
193 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
194 ARCHIVE_ENTRY_ACL_READ_DATA |
195 ARCHIVE_ENTRY_ACL_WRITE_DATA |
196 ARCHIVE_ENTRY_ACL_EXECUTE |
197 ARCHIVE_ENTRY_ACL_APPEND_DATA |
198 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
199 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
200 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
201 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
202 ARCHIVE_ENTRY_ACL_READ_ACL |
203 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
204 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
205 { ARCHIVE_ENTRY_ACL_TYPE_DENY,
206 ARCHIVE_ENTRY_ACL_READ_DATA |
207 ARCHIVE_ENTRY_ACL_WRITE_DATA |
208 ARCHIVE_ENTRY_ACL_APPEND_DATA |
209 ARCHIVE_ENTRY_ACL_EXECUTE |
210 ARCHIVE_ENTRY_ACL_DELETE |
211 ARCHIVE_ENTRY_ACL_DELETE_CHILD |
212 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
213 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
214 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
215 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
216 ARCHIVE_ENTRY_ACL_READ_ACL |
217 ARCHIVE_ENTRY_ACL_WRITE_ACL |
218 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
219 ARCHIVE_ENTRY_ACL_SYNCHRONIZE |
220 ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT |
221 ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT,
222 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
223 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
224 ARCHIVE_ENTRY_ACL_READ_DATA |
225 ARCHIVE_ENTRY_ACL_EXECUTE |
226 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
227 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
228 ARCHIVE_ENTRY_ACL_READ_ACL |
229 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
230 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
233 DEFINE_TEST(test_compat_star_acl_posix1e)
235 char name[] = "test_compat_star_acl_posix1e.tar";
237 struct archive_entry *ae;
239 /* Read archive file */
240 assert(NULL != (a = archive_read_new()));
241 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
242 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
243 extract_reference_file(name);
244 assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, name,
247 /* First item has a few ACLs */
248 assertA(0 == archive_read_next_header(a, &ae));
249 failure("One extended ACL should flag all ACLs to be returned.");
250 assertEqualInt(5, archive_entry_acl_reset(ae,
251 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
252 assertEntryCompareAcls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
253 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0142);
254 failure("Basic ACLs should set mode to 0142, not %04o",
255 archive_entry_mode(ae)&0777);
256 assert((archive_entry_mode(ae) & 0777) == 0142);
258 /* Second item has pretty extensive ACLs */
259 assertA(0 == archive_read_next_header(a, &ae));
260 assertEqualInt(7, archive_entry_acl_reset(ae,
261 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
262 assertEntryCompareAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]),
263 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0543);
264 failure("Basic ACLs should set mode to 0543, not %04o",
265 archive_entry_mode(ae)&0777);
266 assert((archive_entry_mode(ae) & 0777) == 0543);
268 /* Third item has default ACLs */
269 assertA(0 == archive_read_next_header(a, &ae));
270 assertEqualInt(6, archive_entry_acl_reset(ae,
271 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
272 assertEntryCompareAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]),
273 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0142);
274 failure("Basic ACLs should set mode to 0142, not %04o",
275 archive_entry_mode(ae)&0777);
276 assert((archive_entry_mode(ae) & 0777) == 0142);
278 /* Close the archive. */
279 assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
280 assertEqualInt(ARCHIVE_OK, archive_read_free(a));
283 DEFINE_TEST(test_compat_star_acl_nfs4)
285 char name[] = "test_compat_star_acl_nfs4.tar";
287 struct archive_entry *ae;
289 /* Read archive file */
290 assert(NULL != (a = archive_read_new()));
291 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
292 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
293 extract_reference_file(name);
294 assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, name, 10240
297 /* First item has NFS4 ACLs mirroring file mode */
298 assertA(0 == archive_read_next_header(a, &ae));
299 assertEqualInt(3, archive_entry_acl_reset(ae,
300 ARCHIVE_ENTRY_ACL_TYPE_ALLOW));
301 assertEntryCompareAcls(ae, acls3, sizeof(acls3)/sizeof(acls3[0]),
302 ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 0);
304 /* Second item has has fine-grained NFS4 ACLs */
305 assertA(0 == archive_read_next_header(a, &ae));
306 assertEqualInt(6, archive_entry_acl_reset(ae,
307 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
308 assertEntryCompareAcls(ae, acls4, sizeof(acls4)/sizeof(acls0[4]),
309 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
311 /* Third item has file and directory inheritance NFS4 ACLs */
312 assertA(0 == archive_read_next_header(a, &ae));
313 assertEqualInt(5, archive_entry_acl_reset(ae,
314 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
315 assertEntryCompareAcls(ae, acls5, sizeof(acls5)/sizeof(acls5[0]),
316 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
318 /* Close the archive. */
319 assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
320 assertEqualInt(ARCHIVE_OK, archive_read_free(a));