2 * Copyright (c) 2003-2009 Tim Kientzle
3 * Copyright (c) 2016 Martin Matuska
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 __FBSDID("$FreeBSD$");
30 * Verify reading entries with POSIX.1e and NFSv4 ACLs from archives created
33 * This should work on all systems, regardless of whether local filesystems
34 * support ACLs or not.
37 static struct archive_test_acl_t acls0[] = {
38 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE |
39 ARCHIVE_ENTRY_ACL_READ,
40 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
41 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
42 ARCHIVE_ENTRY_ACL_USER, 71, "lp" },
43 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
44 ARCHIVE_ENTRY_ACL_USER, 666, "666" },
45 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
46 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
47 ARCHIVE_ENTRY_ACL_USER, 1000, "1000" },
48 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
49 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
50 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
51 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
52 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
53 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
56 static struct archive_test_acl_t acls1[] = {
57 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
58 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
59 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
60 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
61 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
62 ARCHIVE_ENTRY_ACL_USER, 2, "bin" },
63 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
64 ARCHIVE_ENTRY_ACL_READ,
65 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
66 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
67 ARCHIVE_ENTRY_ACL_READ,
68 ARCHIVE_ENTRY_ACL_GROUP, 3, "sys" },
69 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE |
70 ARCHIVE_ENTRY_ACL_READ,
71 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
72 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
73 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
76 static struct archive_test_acl_t acls2[] = {
77 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE |
78 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
79 ARCHIVE_ENTRY_ACL_USER_OBJ, -1 ,"" },
80 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE |
81 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
82 ARCHIVE_ENTRY_ACL_USER, 2, "bin" },
83 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE |
84 ARCHIVE_ENTRY_ACL_READ,
85 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
86 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE |
87 ARCHIVE_ENTRY_ACL_READ,
88 ARCHIVE_ENTRY_ACL_GROUP, 3, "sys" },
89 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE |
90 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ,
91 ARCHIVE_ENTRY_ACL_MASK, -1, ""},
92 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0,
93 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
96 static struct archive_test_acl_t acls3[] = {
97 { ARCHIVE_ENTRY_ACL_TYPE_DENY,
98 ARCHIVE_ENTRY_ACL_EXECUTE |
99 ARCHIVE_ENTRY_ACL_READ_DATA |
100 ARCHIVE_ENTRY_ACL_WRITE_DATA |
101 ARCHIVE_ENTRY_ACL_APPEND_DATA |
102 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
103 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
104 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
105 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
106 ARCHIVE_ENTRY_ACL_READ_ACL |
107 ARCHIVE_ENTRY_ACL_WRITE_ACL |
108 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
109 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
110 ARCHIVE_ENTRY_ACL_GROUP, 12, "daemon" },
111 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
112 ARCHIVE_ENTRY_ACL_EXECUTE |
113 ARCHIVE_ENTRY_ACL_READ_DATA |
114 ARCHIVE_ENTRY_ACL_WRITE_DATA |
115 ARCHIVE_ENTRY_ACL_APPEND_DATA |
116 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
117 ARCHIVE_ENTRY_ACL_GROUP, 2, "bin" },
118 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
119 ARCHIVE_ENTRY_ACL_READ_DATA |
120 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
121 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
122 ARCHIVE_ENTRY_ACL_READ_ACL |
123 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
124 ARCHIVE_ENTRY_ACL_USER, 4, "adm" },
125 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
126 ARCHIVE_ENTRY_ACL_READ_DATA |
127 ARCHIVE_ENTRY_ACL_WRITE_DATA |
128 ARCHIVE_ENTRY_ACL_APPEND_DATA |
129 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
130 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
131 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
132 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
133 ARCHIVE_ENTRY_ACL_READ_ACL |
134 ARCHIVE_ENTRY_ACL_WRITE_ACL |
135 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
136 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
137 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
138 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
139 ARCHIVE_ENTRY_ACL_READ_DATA |
140 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
141 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
142 ARCHIVE_ENTRY_ACL_READ_ACL |
143 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
144 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
145 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
146 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
147 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
148 ARCHIVE_ENTRY_ACL_READ_ACL |
149 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
150 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
153 static struct archive_test_acl_t acls4[] = {
154 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
155 ARCHIVE_ENTRY_ACL_EXECUTE |
156 ARCHIVE_ENTRY_ACL_READ_DATA |
157 ARCHIVE_ENTRY_ACL_WRITE_DATA |
158 ARCHIVE_ENTRY_ACL_APPEND_DATA |
159 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
160 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
161 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
162 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
163 ARCHIVE_ENTRY_ACL_READ_ACL |
164 ARCHIVE_ENTRY_ACL_WRITE_ACL |
165 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
166 ARCHIVE_ENTRY_ACL_SYNCHRONIZE |
167 ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT |
168 ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT |
169 ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY,
170 ARCHIVE_ENTRY_ACL_USER, 1100, "1100" },
171 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
172 ARCHIVE_ENTRY_ACL_READ_DATA |
173 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
174 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
175 ARCHIVE_ENTRY_ACL_READ_ACL |
176 ARCHIVE_ENTRY_ACL_SYNCHRONIZE |
177 ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT |
178 ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT,
179 ARCHIVE_ENTRY_ACL_GROUP, 4, "adm" },
180 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
181 ARCHIVE_ENTRY_ACL_EXECUTE |
182 ARCHIVE_ENTRY_ACL_READ_DATA |
183 ARCHIVE_ENTRY_ACL_WRITE_DATA |
184 ARCHIVE_ENTRY_ACL_APPEND_DATA |
185 ARCHIVE_ENTRY_ACL_DELETE_CHILD |
186 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
187 ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES |
188 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
189 ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS |
190 ARCHIVE_ENTRY_ACL_READ_ACL |
191 ARCHIVE_ENTRY_ACL_WRITE_ACL |
192 ARCHIVE_ENTRY_ACL_WRITE_OWNER |
193 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
194 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
195 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
196 ARCHIVE_ENTRY_ACL_EXECUTE |
197 ARCHIVE_ENTRY_ACL_READ_DATA |
198 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
199 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
200 ARCHIVE_ENTRY_ACL_READ_ACL |
201 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
202 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
203 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW,
204 ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES |
205 ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS |
206 ARCHIVE_ENTRY_ACL_READ_ACL |
207 ARCHIVE_ENTRY_ACL_SYNCHRONIZE,
208 ARCHIVE_ENTRY_ACL_EVERYONE, 0, "" },
211 DEFINE_TEST(test_compat_solaris_tar_acl)
213 char name[] = "test_compat_solaris_tar_acl.tar";
215 struct archive_entry *ae;
217 /* Read archive file */
218 assert(NULL != (a = archive_read_new()));
219 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
220 assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
221 extract_reference_file(name);
222 assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, name,
225 /* First item has access ACLs */
226 assertA(0 == archive_read_next_header(a, &ae));
227 failure("One extended ACL should flag all ACLs to be returned.");
228 assertEqualInt(7, archive_entry_acl_reset(ae,
229 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
230 assertEntryCompareAcls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]),
231 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0644);
232 failure("Basic ACLs should set mode to 0644, not %04o",
233 archive_entry_mode(ae)&0777);
234 assert((archive_entry_mode(ae) & 0777) == 0644);
236 /* Second item has default and access ACLs */
237 assertA(0 == archive_read_next_header(a, &ae));
238 assertEqualInt(6, archive_entry_acl_reset(ae,
239 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
240 assertEntryCompareAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]),
241 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0750);
242 failure("Basic ACLs should set mode to 0750, not %04o",
243 archive_entry_mode(ae)&0777);
244 assert((archive_entry_mode(ae) & 0777) == 0750);
245 assertEqualInt(6, archive_entry_acl_reset(ae,
246 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT));
247 assertEntryCompareAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]),
248 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, 0750);
250 /* Third item has NFS4 ACLs */
251 assertA(0 == archive_read_next_header(a, &ae));
252 assertEqualInt(6, archive_entry_acl_reset(ae,
253 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
254 assertEntryCompareAcls(ae, acls3, sizeof(acls3)/sizeof(acls3[0]),
255 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
257 /* Fourth item has NFS4 ACLs and inheritance flags */
258 assertA(0 == archive_read_next_header(a, &ae));
259 assertEqualInt(5, archive_entry_acl_reset(ae,
260 ARCHIVE_ENTRY_ACL_TYPE_NFS4));
261 assertEntryCompareAcls(ae, acls4, sizeof(acls4)/sizeof(acls0[4]),
262 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0);
264 /* Close the archive. */
265 assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
266 assertEqualInt(ARCHIVE_OK, archive_read_free(a));