2 * Copyright (c) 2003-2007 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD: src/lib/libarchive/test/test_acl_basic.c,v 1.6 2008/10/19 00:13:57 kientzle Exp $");
29 * Exercise the system-independent portion of the ACL support.
30 * Check that archive_entry objects can save and restore POSIX.1e-style ACL data.
32 * This should work on all systems, regardless of whether local
33 * filesystems support ACLs or not.
37 int type; /* Type of ACL: "access" or "default" */
38 int permset; /* Permissions for this class of users. */
39 int tag; /* Owner, User, Owning group, group, other, etc. */
40 int qual; /* GID or UID of user/group, depending on tag. */
41 const char *name; /* Name of user/group, depending on tag. */
44 static struct acl_t acls0[] = {
45 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
46 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
47 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
48 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
49 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
50 ARCHIVE_ENTRY_ACL_OTHER, 0, "" },
53 static struct acl_t acls1[] = {
54 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
55 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
56 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
57 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
58 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
59 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
60 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
61 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
64 static struct acl_t acls2[] = {
65 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
66 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
67 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
68 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
69 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
70 ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
71 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
72 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
73 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
74 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
75 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
76 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
80 * NFS4 entry types; attempts to set these on top of POSIX.1e
81 * attributes should fail.
83 static struct acl_t acls_nfs4[] = {
85 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ,
86 ARCHIVE_ENTRY_ACL_USER, 78, "" },
87 { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_READ,
88 ARCHIVE_ENTRY_ACL_USER, 78, "" },
89 { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, ARCHIVE_ENTRY_ACL_READ,
90 ARCHIVE_ENTRY_ACL_USER, 78, "" },
91 { ARCHIVE_ENTRY_ACL_TYPE_ALARM, ARCHIVE_ENTRY_ACL_READ,
92 ARCHIVE_ENTRY_ACL_USER, 78, "" },
95 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
96 ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
98 /* NFS4 inheritance markers */
99 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
100 ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT,
101 ARCHIVE_ENTRY_ACL_USER, 79, "" },
102 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
103 ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT,
104 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
108 set_acls(struct archive_entry *ae, struct acl_t *acls, int n)
112 archive_entry_acl_clear(ae);
113 for (i = 0; i < n; i++) {
114 archive_entry_acl_add_entry(ae,
115 acls[i].type, acls[i].permset, acls[i].tag, acls[i].qual,
121 acl_match(struct acl_t *acl, int type, int permset, int tag, int qual, const char *name)
123 if (type != acl->type)
125 if (permset != acl->permset)
129 if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ)
131 if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ)
133 if (tag == ARCHIVE_ENTRY_ACL_OTHER)
135 if (qual != acl->qual)
138 if (acl->name == NULL || acl->name[0] == '\0')
141 if (acl->name == NULL) {
145 return (0 == strcmp(name, acl->name));
149 compare_acls(struct archive_entry *ae, struct acl_t *acls, int n, int mode)
151 int *marker = malloc(sizeof(marker[0]) * n);
154 int type, permset, tag, qual;
158 for (i = 0; i < n; i++)
161 while (0 == (r = archive_entry_acl_next(ae,
162 ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
163 &type, &permset, &tag, &qual, &name))) {
164 for (i = 0, matched = 0; i < n && !matched; i++) {
165 if (acl_match(&acls[marker[i]], type, permset,
167 /* We found a match; remove it. */
168 marker[i] = marker[n - 1];
173 if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ) {
174 if (!matched) printf("No match for user_obj perm\n");
175 failure("USER_OBJ permset (%02o) != user mode (%02o)",
176 permset, 07 & (mode >> 6));
177 assert((permset << 6) == (mode & 0700));
178 } else if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ) {
179 if (!matched) printf("No match for group_obj perm\n");
180 failure("GROUP_OBJ permset %02o != group mode %02o",
181 permset, 07 & (mode >> 3));
182 assert((permset << 3) == (mode & 0070));
183 } else if (tag == ARCHIVE_ENTRY_ACL_OTHER) {
184 if (!matched) printf("No match for other perm\n");
185 failure("OTHER permset (%02o) != other mode (%02o)",
187 assert((permset << 0) == (mode & 0007));
189 failure("Could not find match for ACL "
190 "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
191 type, permset, tag, qual, name);
192 assert(matched == 1);
195 assertEqualInt(ARCHIVE_EOF, r);
196 assert((mode & 0777) == (archive_entry_mode(ae) & 0777));
197 failure("Could not find match for ACL "
198 "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
199 acls[marker[0]].type, acls[marker[0]].permset,
200 acls[marker[0]].tag, acls[marker[0]].qual, acls[marker[0]].name);
201 assert(n == 0); /* Number of ACLs not matched should == 0 */
205 DEFINE_TEST(test_acl_posix1e)
207 struct archive_entry *ae;
210 /* Create a simple archive_entry. */
211 assert((ae = archive_entry_new()) != NULL);
212 archive_entry_set_pathname(ae, "file");
213 archive_entry_set_mode(ae, S_IFREG | 0777);
215 /* Basic owner/owning group should just update mode bits. */
218 * Note: This features of libarchive's ACL implementation
219 * shouldn't be relied on and should probably be removed. It
220 * was done to identify trivial ACLs so we could avoid
221 * triggering unnecessary extensions. It's better to identify
222 * trivial ACLs at the point they are being read from disk.
224 set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
225 failure("Basic ACLs shouldn't be stored as extended ACLs");
226 assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
227 failure("Basic ACLs should set mode to 0142, not %04o",
228 archive_entry_mode(ae)&0777);
229 assert((archive_entry_mode(ae) & 0777) == 0142);
232 /* With any extended ACL entry, we should read back a full set. */
233 set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]));
234 failure("One extended ACL should flag all ACLs to be returned.");
235 assert(4 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
236 compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]), 0142);
237 failure("Basic ACLs should set mode to 0142, not %04o",
238 archive_entry_mode(ae)&0777);
239 assert((archive_entry_mode(ae) & 0777) == 0142);
242 /* A more extensive set of ACLs. */
243 set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
244 assertEqualInt(6, archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
245 compare_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]), 0543);
246 failure("Basic ACLs should set mode to 0543, not %04o",
247 archive_entry_mode(ae)&0777);
248 assert((archive_entry_mode(ae) & 0777) == 0543);
251 * Check that clearing ACLs gets rid of them all by repeating
254 set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
255 failure("Basic ACLs shouldn't be stored as extended ACLs");
256 assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
257 failure("Basic ACLs should set mode to 0142, not %04o",
258 archive_entry_mode(ae)&0777);
259 assert((archive_entry_mode(ae) & 0777) == 0142);
262 * Different types of malformed ACL entries that should
263 * fail when added to existing POSIX.1e ACLs.
265 set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
266 for (i = 0; i < sizeof(acls_nfs4)/sizeof(acls_nfs4[0]); ++i) {
267 struct acl_t *p = &acls_nfs4[i];
268 failure("Malformed ACL test #%d", i);
269 assertEqualInt(ARCHIVE_FAILED,
270 archive_entry_acl_add_entry(ae,
271 p->type, p->permset, p->tag, p->qual, p->name));
273 archive_entry_acl_reset(ae,
274 ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
276 archive_entry_free(ae);
projects / FreeBSD / FreeBSD.git / blob