2 * Copyright (c) 2017 Martin Matuska
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
28 #if ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL
29 static const acl_perm_t acl_perms[] = {
30 #if ARCHIVE_ACL_DARWIN
43 ACL_READ_EXTATTRIBUTES,
44 ACL_WRITE_EXTATTRIBUTES,
49 #else /* !ARCHIVE_ACL_DARWIN */
53 #if ARCHIVE_ACL_FREEBSD_NFS4
61 ACL_WRITE_NAMED_ATTRS,
70 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */
71 #endif /* !ARCHIVE_ACL_DARWIN */
73 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4
74 static const acl_flag_t acl_flags[] = {
75 #if ARCHIVE_ACL_DARWIN
77 ACL_ENTRY_FILE_INHERIT,
78 ACL_ENTRY_DIRECTORY_INHERIT,
79 ACL_ENTRY_LIMIT_INHERIT,
80 ACL_ENTRY_ONLY_INHERIT
81 #else /* ARCHIVE_ACL_FREEBSD_NFS4 */
82 ACL_ENTRY_FILE_INHERIT,
83 ACL_ENTRY_DIRECTORY_INHERIT,
84 ACL_ENTRY_NO_PROPAGATE_INHERIT,
85 ACL_ENTRY_INHERIT_ONLY,
86 ACL_ENTRY_SUCCESSFUL_ACCESS,
87 ACL_ENTRY_FAILED_ACCESS,
89 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */
91 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4 */
94 * Compare two ACL entries on FreeBSD or on Mac OS X
97 compare_acl_entry(acl_entry_t ae_a, acl_entry_t ae_b, int is_nfs4)
99 acl_tag_t tag_a, tag_b;
100 acl_permset_t permset_a, permset_b;
101 int perm_a, perm_b, perm_start, perm_end;
102 void *qual_a, *qual_b;
103 #if ARCHIVE_ACL_FREEBSD_NFS4
104 acl_entry_type_t type_a, type_b;
106 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
107 acl_flagset_t flagset_a, flagset_b;
113 /* Compare ACL tag */
114 r = acl_get_tag_type(ae_a, &tag_a);
115 failure("acl_get_tag_type() error: %s", strerror(errno));
116 if (assertEqualInt(r, 0) == 0)
118 r = acl_get_tag_type(ae_b, &tag_b);
119 failure("acl_get_tag_type() error: %s", strerror(errno));
120 if (assertEqualInt(r, 0) == 0)
125 /* Compare ACL qualifier */
126 #if ARCHIVE_ACL_DARWIN
127 if (tag_a == ACL_EXTENDED_ALLOW || tag_b == ACL_EXTENDED_DENY)
129 if (tag_a == ACL_USER || tag_a == ACL_GROUP)
132 qual_a = acl_get_qualifier(ae_a);
133 failure("acl_get_qualifier() error: %s", strerror(errno));
134 if (assert(qual_a != NULL) == 0)
136 qual_b = acl_get_qualifier(ae_b);
137 failure("acl_get_qualifier() error: %s", strerror(errno));
138 if (assert(qual_b != NULL) == 0) {
142 #if ARCHIVE_ACL_DARWIN
143 if (memcmp(((guid_t *)qual_a)->g_guid,
144 ((guid_t *)qual_b)->g_guid, KAUTH_GUID_SIZE) != 0)
146 if ((tag_a == ACL_USER &&
147 (*(uid_t *)qual_a != *(uid_t *)qual_b)) ||
148 (tag_a == ACL_GROUP &&
149 (*(gid_t *)qual_a != *(gid_t *)qual_b)))
160 #if ARCHIVE_ACL_FREEBSD_NFS4
162 /* Compare NFS4 ACL type */
163 r = acl_get_entry_type_np(ae_a, &type_a);
164 failure("acl_get_entry_type_np() error: %s", strerror(errno));
165 if (assertEqualInt(r, 0) == 0)
167 r = acl_get_entry_type_np(ae_b, &type_b);
168 failure("acl_get_entry_type_np() error: %s", strerror(errno));
169 if (assertEqualInt(r, 0) == 0)
171 if (type_a != type_b)
176 /* Compare ACL perms */
177 r = acl_get_permset(ae_a, &permset_a);
178 failure("acl_get_permset() error: %s", strerror(errno));
179 if (assertEqualInt(r, 0) == 0)
181 r = acl_get_permset(ae_b, &permset_b);
182 failure("acl_get_permset() error: %s", strerror(errno));
183 if (assertEqualInt(r, 0) == 0)
187 perm_end = (int)(sizeof(acl_perms) / sizeof(acl_perms[0]));
188 #if ARCHIVE_ACL_FREEBSD_NFS4
194 /* Cycle through all perms and compare their value */
195 for (i = perm_start; i < perm_end; i++) {
196 #if ARCHIVE_ACL_LIBACL
197 perm_a = acl_get_perm(permset_a, acl_perms[i]);
198 perm_b = acl_get_perm(permset_b, acl_perms[i]);
200 perm_a = acl_get_perm_np(permset_a, acl_perms[i]);
201 perm_b = acl_get_perm_np(permset_b, acl_perms[i]);
203 if (perm_a == -1 || perm_b == -1)
205 if (perm_a != perm_b)
209 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
211 r = acl_get_flagset_np(ae_a, &flagset_a);
212 failure("acl_get_flagset_np() error: %s", strerror(errno));
213 if (assertEqualInt(r, 0) == 0)
215 r = acl_get_flagset_np(ae_b, &flagset_b);
216 failure("acl_get_flagset_np() error: %s", strerror(errno));
217 if (assertEqualInt(r, 0) == 0)
219 /* Cycle through all flags and compare their status */
220 for (i = 0; i < (int)(sizeof(acl_flags) / sizeof(acl_flags[0]));
222 flag_a = acl_get_flag_np(flagset_a, acl_flags[i]);
223 flag_b = acl_get_flag_np(flagset_b, acl_flags[i]);
224 if (flag_a == -1 || flag_b == -1)
226 if (flag_a != flag_b)
230 #else /* ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN */
231 (void)is_nfs4; /* UNUSED */
235 #endif /* ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL */
237 #if ARCHIVE_ACL_SUPPORT
239 * Clear default ACLs or inheritance flags
242 clear_inheritance_flags(const char *path, int type)
245 case ARCHIVE_TEST_ACL_TYPE_POSIX1E:
246 #if ARCHIVE_ACL_POSIX1E
247 #if !ARCHIVE_ACL_SUNOS
248 acl_delete_def_file(path);
253 #endif /* ARCHIVE_ACL_POSIX1E */
255 case ARCHIVE_TEST_ACL_TYPE_NFS4:
261 (void)path; /* UNUSED */
267 compare_acls(const char *path_a, const char *path_b)
271 #if ARCHIVE_ACL_SUNOS
273 int aclcnt_a, aclcnt_b;
274 aclent_t *aclent_a, *aclent_b;
275 ace_t *ace_a, *ace_b;
277 #elif ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
279 acl_entry_t aclent_a, aclent_b;
282 #if ARCHIVE_ACL_LIBRICHACL
283 struct richacl *richacl_a, *richacl_b;
289 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL || \
294 #if ARCHIVE_ACL_SUNOS
295 acl_a = sunacl_get(GETACL, &aclcnt_a, 0, path_a);
297 #if ARCHIVE_ACL_SUNOS_NFS4
299 acl_a = sunacl_get(ACE_GETACL, &aclcnt_a, 0, path_a);
301 failure("acl_get() error: %s", strerror(errno));
302 if (assert(acl_a != NULL) == 0)
304 #if ARCHIVE_ACL_SUNOS_NFS4
305 acl_b = sunacl_get(ACE_GETACL, &aclcnt_b, 0, path_b);
308 acl_b = sunacl_get(GETACL, &aclcnt_b, 0, path_b);
309 if (acl_b == NULL && (errno == ENOSYS || errno == ENOTSUP)) {
313 failure("acl_get() error: %s", strerror(errno));
314 if (assert(acl_b != NULL) == 0) {
319 if (aclcnt_a != aclcnt_b) {
324 for (e = 0; e < aclcnt_a; e++) {
326 aclent_a = &((aclent_t *)acl_a)[e];
327 aclent_b = &((aclent_t *)acl_b)[e];
328 if (aclent_a->a_type != aclent_b->a_type ||
329 aclent_a->a_id != aclent_b->a_id ||
330 aclent_a->a_perm != aclent_b->a_perm) {
335 #if ARCHIVE_ACL_SUNOS_NFS4
337 ace_a = &((ace_t *)acl_a)[e];
338 ace_b = &((ace_t *)acl_b)[e];
339 if (ace_a->a_who != ace_b->a_who ||
340 ace_a->a_access_mask != ace_b->a_access_mask ||
341 ace_a->a_flags != ace_b->a_flags ||
342 ace_a->a_type != ace_b->a_type) {
349 #else /* !ARCHIVE_ACL_SUNOS */
350 #if ARCHIVE_ACL_LIBRICHACL
351 richacl_a = richacl_get_file(path_a);
352 #if !ARCHIVE_ACL_LIBACL
353 if (richacl_a == NULL &&
354 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS))
356 failure("richacl_get_file() error: %s (%s)", path_a, strerror(errno));
357 if (assert(richacl_a != NULL) == 0)
360 if (richacl_a != NULL) {
361 richacl_b = richacl_get_file(path_b);
362 if (richacl_b == NULL &&
363 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS))
365 failure("richacl_get_file() error: %s (%s)", path_b,
367 if (assert(richacl_b != NULL) == 0) {
368 richacl_free(richacl_a);
371 if (richacl_compare(richacl_a, richacl_b) == 0)
373 richacl_free(richacl_a);
374 richacl_free(richacl_b);
377 #endif /* ARCHIVE_ACL_LIBRICHACL */
378 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
379 #if ARCHIVE_ACL_DARWIN
381 acl_a = acl_get_file(path_a, ACL_TYPE_EXTENDED);
382 #elif ARCHIVE_ACL_FREEBSD_NFS4
383 acl_a = acl_get_file(path_a, ACL_TYPE_NFS4);
388 acl_a = acl_get_file(path_a, ACL_TYPE_ACCESS);
389 failure("acl_get_file() error: %s (%s)", path_a, strerror(errno));
390 if (assert(acl_a != NULL) == 0)
392 #if ARCHIVE_ACL_DARWIN
393 acl_b = acl_get_file(path_b, ACL_TYPE_EXTENDED);
394 #elif ARCHIVE_ACL_FREEBSD_NFS4
395 acl_b = acl_get_file(path_b, ACL_TYPE_NFS4);
397 #if !ARCHIVE_ACL_DARWIN
399 #if ARCHIVE_ACL_FREEBSD_NFS4
405 acl_b = acl_get_file(path_b, ACL_TYPE_ACCESS);
407 failure("acl_get_file() error: %s (%s)", path_b, strerror(errno));
408 if (assert(acl_b != NULL) == 0) {
413 a = acl_get_entry(acl_a, ACL_FIRST_ENTRY, &aclent_a);
418 b = acl_get_entry(acl_b, ACL_FIRST_ENTRY, &aclent_b);
423 #if ARCHIVE_ACL_DARWIN
424 while (a == 0 && b == 0)
425 #else /* FreeBSD, Linux */
426 while (a == 1 && b == 1)
429 r = compare_acl_entry(aclent_a, aclent_b, is_nfs4);
434 a = acl_get_entry(acl_a, ACL_NEXT_ENTRY, &aclent_a);
435 b = acl_get_entry(acl_b, ACL_NEXT_ENTRY, &aclent_b);
437 /* Entry count must match */
440 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL */
441 #endif /* !ARCHIVE_ACL_SUNOS */
443 #if ARCHIVE_ACL_SUNOS
452 #endif /* ARCHIVE_ACL_SUPPORT */
454 DEFINE_TEST(test_option_acls)
456 #if !ARCHIVE_ACL_SUPPORT
457 skipping("ACLs are not supported on this platform");
458 #else /* ARCHIVE_ACL_SUPPORT */
461 assertMakeFile("f", 0644, "a");
462 acltype = setTestAcl("f");
464 skipping("Can't write ACLs on the filesystem");
468 /* Archive it with acls */
469 r = systemf("%s -c --no-mac-metadata --acls -f acls.tar f >acls.out 2>acls.err", testprog);
470 assertEqualInt(r, 0);
472 /* Archive it without acls */
473 r = systemf("%s -c --no-mac-metadata --no-acls -f noacls.tar f >noacls.out 2>noacls.err", testprog);
474 assertEqualInt(r, 0);
476 /* Extract acls with acls */
477 assertMakeDir("acls_acls", 0755);
478 clear_inheritance_flags("acls_acls", acltype);
479 r = systemf("%s -x -C acls_acls --no-same-permissions --acls -f acls.tar >acls_acls.out 2>acls_acls.err", testprog);
480 assertEqualInt(r, 0);
481 r = compare_acls("f", "acls_acls/f");
482 assertEqualInt(r, 1);
484 /* Extractl acls without acls */
485 assertMakeDir("acls_noacls", 0755);
486 clear_inheritance_flags("acls_noacls", acltype);
487 r = systemf("%s -x -C acls_noacls -p --no-acls -f acls.tar >acls_noacls.out 2>acls_noacls.err", testprog);
488 assertEqualInt(r, 0);
489 r = compare_acls("f", "acls_noacls/f");
490 assertEqualInt(r, 0);
492 /* Extract noacls with acls flag */
493 assertMakeDir("noacls_acls", 0755);
494 clear_inheritance_flags("noacls_acls", acltype);
495 r = systemf("%s -x -C noacls_acls --no-same-permissions --acls -f noacls.tar >noacls_acls.out 2>noacls_acls.err", testprog);
496 assertEqualInt(r, 0);
497 r = compare_acls("f", "noacls_acls/f");
498 assertEqualInt(r, 0);
500 /* Extract noacls with noacls */
501 assertMakeDir("noacls_noacls", 0755);
502 clear_inheritance_flags("noacls_noacls", acltype);
503 r = systemf("%s -x -C noacls_noacls -p --no-acls -f noacls.tar >noacls_noacls.out 2>noacls_noacls.err", testprog);
504 assertEqualInt(r, 0);
505 r = compare_acls("f", "noacls_noacls/f");
506 assertEqualInt(r, 0);
507 #endif /* ARCHIVE_ACL_SUPPORT */