2 * Copyright (c) 2016 Martin Matuska
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
29 * Test converting ACLs to text, both wide and non-wide
31 * This should work on all systems, regardless of whether local
32 * filesystems support ACLs or not.
35 static struct archive_test_acl_t acls0[] = {
36 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
37 ARCHIVE_ENTRY_ACL_EXECUTE |
38 ARCHIVE_ENTRY_ACL_READ |
39 ARCHIVE_ENTRY_ACL_WRITE,
40 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
41 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
42 ARCHIVE_ENTRY_ACL_EXECUTE |
43 ARCHIVE_ENTRY_ACL_READ,
44 ARCHIVE_ENTRY_ACL_USER, 100, "user100" },
45 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
46 ARCHIVE_ENTRY_ACL_USER, 1000, "user1000" },
47 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
48 ARCHIVE_ENTRY_ACL_EXECUTE |
49 ARCHIVE_ENTRY_ACL_READ,
50 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
51 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
52 ARCHIVE_ENTRY_ACL_EXECUTE |
53 ARCHIVE_ENTRY_ACL_READ |
54 ARCHIVE_ENTRY_ACL_WRITE,
55 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
56 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
57 ARCHIVE_ENTRY_ACL_READ |
58 ARCHIVE_ENTRY_ACL_EXECUTE,
59 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
60 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT,
61 ARCHIVE_ENTRY_ACL_EXECUTE |
62 ARCHIVE_ENTRY_ACL_READ,
63 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
64 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT,
65 ARCHIVE_ENTRY_ACL_EXECUTE |
66 ARCHIVE_ENTRY_ACL_READ,
67 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
68 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0,
69 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
70 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT,
71 ARCHIVE_ENTRY_ACL_EXECUTE |
72 ARCHIVE_ENTRY_ACL_READ,
73 ARCHIVE_ENTRY_ACL_USER, 101, "user101"},
74 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT,
75 ARCHIVE_ENTRY_ACL_EXECUTE,
76 ARCHIVE_ENTRY_ACL_GROUP, 79, "group79" },
79 static struct archive_test_acl_t acls1[] = {
80 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
81 ARCHIVE_ENTRY_ACL_READ_DATA |
82 ARCHIVE_ENTRY_ACL_WRITE_DATA |
83 ARCHIVE_ENTRY_ACL_APPEND_DATA |
84 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
85 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
86 ARCHIVE_ENTRY_ACL_READ_ACL |
87 ARCHIVE_ENTRY_ACL_WRITE_OWNER,
88 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
89 { ARCHIVE_ENTRY_ACL_TYPE_DENY,
90 ARCHIVE_ENTRY_ACL_WRITE_DATA |
91 ARCHIVE_ENTRY_ACL_APPEND_DATA |
92 ARCHIVE_ENTRY_ACL_DELETE_CHILD |
93 ARCHIVE_ENTRY_ACL_DELETE |
94 ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT |
95 ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT |
96 ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY |
97 ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT,
98 ARCHIVE_ENTRY_ACL_USER, 101, "user101" },
99 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
100 ARCHIVE_ENTRY_ACL_READ_DATA |
101 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
102 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
103 ARCHIVE_ENTRY_ACL_READ_ACL |
104 ARCHIVE_ENTRY_ACL_ENTRY_INHERITED,
105 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
106 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
107 ARCHIVE_ENTRY_ACL_READ_DATA |
108 ARCHIVE_ENTRY_ACL_WRITE_DATA |
109 ARCHIVE_ENTRY_ACL_EXECUTE |
110 ARCHIVE_ENTRY_ACL_APPEND_DATA |
111 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
112 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
113 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
114 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
115 ARCHIVE_ENTRY_ACL_READ_ACL |
116 ARCHIVE_ENTRY_ACL_WRITE_ACL |
117 ARCHIVE_ENTRY_ACL_WRITE_OWNER,
118 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
119 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
120 ARCHIVE_ENTRY_ACL_READ_DATA |
121 ARCHIVE_ENTRY_ACL_WRITE_DATA |
122 ARCHIVE_ENTRY_ACL_APPEND_DATA |
123 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
124 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
125 ARCHIVE_ENTRY_ACL_READ_ACL,
126 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
127 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
128 ARCHIVE_ENTRY_ACL_READ_DATA |
129 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
130 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
131 ARCHIVE_ENTRY_ACL_READ_ACL |
132 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
133 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
136 const char* acltext[] = {
141 "user:user1000:---\n"
142 "group:group78:rwx\n"
143 "default:user::r-x\n"
144 "default:group::r-x\n"
145 "default:other::---\n"
146 "default:user:user101:r-x\n"
147 "default:group:group79:--x",
152 "user:user100:r-x:100\n"
153 "user:user1000:---:1000\n"
154 "group:group78:rwx:78\n"
155 "default:user::r-x\n"
156 "default:group::r-x\n"
157 "default:other::---\n"
158 "default:user:user101:r-x:101\n"
159 "default:group:group79:--x:79",
164 "u:user100:r-x:100\n"
165 "u:user1000:---:1000\n"
170 "d:user:user101:r-x:101\n"
171 "d:group:group79:--x:79",
177 "user:user1000:---\n"
190 "user:user100:r-x:100\n"
191 "user:user1000:---:1000\n"
192 "group:group78:rwx:78",
203 "user:user101:r-x:101\n"
204 "group:group79:--x:79",
206 "default:user::r-x\n"
207 "default:group::r-x\n"
208 "default:other::---\n"
209 "default:user:user101:r-x\n"
210 "default:group:group79:--x",
212 "user:user77:rw-p--a-R-c-o-:-------:allow\n"
213 "user:user101:-w-pdD--------:fdin---:deny\n"
214 "group:group78:r-----a-R-c---:------I:allow\n"
215 "owner@:rwxp--aARWcCo-:-------:allow\n"
216 "group@:rw-p--a-R-c---:-------:allow\n"
217 "everyone@:r-----a-R-c--s:-------:allow",
219 "user:user77:rw-p--a-R-c-o-:-------:allow:77\n"
220 "user:user101:-w-pdD--------:fdin---:deny:101\n"
221 "group:group78:r-----a-R-c---:------I:allow:78\n"
222 "owner@:rwxp--aARWcCo-:-------:allow\n"
223 "group@:rw-p--a-R-c---:-------:allow\n"
224 "everyone@:r-----a-R-c--s:-------:allow"
228 convert_s_to_ws(const char *s)
235 ws = malloc(len * sizeof(wchar_t));
236 assert(mbstowcs(ws, s, len) != (size_t)-1);
243 compare_acl_text(struct archive_entry *ae, int flags, const char *s)
246 const wchar_t *wtext;
250 ws = convert_s_to_ws(s);
252 text = archive_entry_acl_to_text(ae, &slen, flags);
253 assertEqualString(text, s);
255 assertEqualInt(strlen(text), slen);
256 wtext = archive_entry_acl_to_text_w(ae, &slen, flags);
257 assertEqualWString(wtext, ws);
259 assertEqualInt(wcslen(wtext), slen);
265 DEFINE_TEST(test_acl_from_text)
267 struct archive_entry *ae;
270 /* Create an empty archive_entry. */
271 assert((ae = archive_entry_new()) != NULL);
273 /* 1a. Read POSIX.1e access ACLs from text */
274 assertEqualInt(ARCHIVE_OK,
275 archive_entry_acl_from_text(ae, acltext[5],
276 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
277 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
278 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0755);
279 assertEqualInt(6, archive_entry_acl_reset(ae,
280 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
282 /* 1b. Now read POSIX.1e default ACLs and append them */
283 assertEqualInt(ARCHIVE_OK,
284 archive_entry_acl_from_text(ae, acltext[7],
285 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
286 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
287 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
288 assertEqualInt(11, archive_entry_acl_reset(ae,
289 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
290 archive_entry_acl_clear(ae);
292 /* 1a and 1b with wide strings */
293 ws = convert_s_to_ws(acltext[5]);
295 assertEqualInt(ARCHIVE_OK,
296 archive_entry_acl_from_text_w(ae, ws,
297 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
298 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
299 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0755);
300 assertEqualInt(6, archive_entry_acl_reset(ae,
301 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
304 ws = convert_s_to_ws(acltext[7]);
306 assertEqualInt(ARCHIVE_OK,
307 archive_entry_acl_from_text_w(ae, ws,
308 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
309 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
310 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
311 assertEqualInt(11, archive_entry_acl_reset(ae,
312 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
313 archive_entry_acl_clear(ae);
315 /* 2. Read POSIX.1e default ACLs from text */
316 assertEqualInt(ARCHIVE_OK,
317 archive_entry_acl_from_text(ae, acltext[7],
318 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
319 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
320 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0);
321 assertEqualInt(5, archive_entry_acl_reset(ae,
322 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
323 archive_entry_acl_clear(ae);
325 /* ws is still acltext[7] */
326 assertEqualInt(ARCHIVE_OK,
327 archive_entry_acl_from_text_w(ae, ws,
328 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
329 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
330 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0);
331 assertEqualInt(5, archive_entry_acl_reset(ae,
332 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
333 archive_entry_acl_clear(ae);
335 /* 3. Read POSIX.1e access and default ACLs from text */
336 assertEqualInt(ARCHIVE_OK,
337 archive_entry_acl_from_text(ae, acltext[1],
338 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
339 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
340 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
341 assertEqualInt(11, archive_entry_acl_reset(ae,
342 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
343 archive_entry_acl_clear(ae);
346 ws = convert_s_to_ws(acltext[1]);
347 assertEqualInt(ARCHIVE_OK,
348 archive_entry_acl_from_text_w(ae, ws,
349 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
350 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
351 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
352 assertEqualInt(11, archive_entry_acl_reset(ae,
353 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
354 archive_entry_acl_clear(ae);
356 /* 4. Read POSIX.1e access and default ACLs from text (short form) */
357 assertEqualInt(ARCHIVE_OK,
358 archive_entry_acl_from_text(ae, acltext[2],
359 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
360 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
361 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
362 assertEqualInt(11, archive_entry_acl_reset(ae,
363 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
364 archive_entry_acl_clear(ae);
367 ws = convert_s_to_ws(acltext[2]);
368 assertEqualInt(ARCHIVE_OK,
369 archive_entry_acl_from_text_w(ae, ws,
370 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
371 archive_test_compare_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
372 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, 0755);
373 assertEqualInt(11, archive_entry_acl_reset(ae,
374 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E));
375 archive_entry_acl_clear(ae);
377 /* 5. Read NFSv4 ACLs from text */
378 assertEqualInt(ARCHIVE_OK,
379 archive_entry_acl_from_text(ae, acltext[10],
380 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
381 archive_test_compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]),
382 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
383 assertEqualInt(6, archive_entry_acl_reset(ae,
384 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
385 archive_entry_acl_clear(ae);
388 ws = convert_s_to_ws(acltext[10]);
390 assertEqualInt(ARCHIVE_OK,
391 archive_entry_acl_from_text_w(ae, ws,
392 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
393 archive_test_compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]),
394 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
395 assertEqualInt(6, archive_entry_acl_reset(ae,
396 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
397 archive_entry_acl_clear(ae);
400 DEFINE_TEST(test_acl_to_text)
402 struct archive_entry *ae;
404 /* Create an empty archive_entry. */
405 assert((ae = archive_entry_new()) != NULL);
407 /* Write POSIX.1e ACLs */
408 archive_test_set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
410 /* No flags should give output like getfacl(1) on linux */
411 compare_acl_text(ae, 0, acltext[0]);
413 /* This should give the same output as previous test */
414 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
415 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, acltext[0]);
417 /* This should give the same output as previous two tests */
418 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
419 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT |
420 ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT, acltext[0]);
422 /* POSIX.1e access and default ACLs with appended ID */
423 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID, acltext[1]);
425 /* POSIX.1e access acls only, like getfacl(1) on FreeBSD */
426 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS, acltext[3]);
428 /* POSIX.1e access acls separated with comma */
429 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
430 ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA,
433 /* POSIX.1e access acls with appended user or group ID */
434 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
435 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID, acltext[5]);
437 /* POSIX.1e default acls */
438 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, acltext[6]);
440 /* POSIX.1e default acls with appended user or group ID */
441 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT |
442 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID, acltext[7]);
444 /* POSIX.1e default acls prefixed with default: */
445 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT |
446 ARCHIVE_ENTRY_ACL_STYLE_MARK_DEFAULT, acltext[8]);
448 /* Write NFSv4 ACLs */
449 archive_test_set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]));
451 /* NFSv4 ACLs like getfacl(1) on FreeBSD */
452 compare_acl_text(ae, 0, acltext[9]);
454 /* NFSv4 ACLs like "getfacl -i" on FreeBSD */
455 compare_acl_text(ae, ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID, acltext[10]);