2 * Copyright (c) 2003-2007 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
29 * Exercise the system-independent portion of the ACL support.
30 * Check that pax archive can save and restore ACL data.
32 * This should work on all systems, regardless of whether local
33 * filesystems support ACLs or not.
36 static unsigned char buff[16384];
39 int type; /* Type of ACL: "access" or "default" */
40 int permset; /* Permissions for this class of users. */
41 int tag; /* Owner, User, Owning group, group, other, etc. */
42 int qual; /* GID or UID of user/group, depending on tag. */
43 const char *name; /* Name of user/group, depending on tag. */
46 static struct acl_t acls0[] = {
47 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
48 ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
49 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
50 ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
51 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
52 ARCHIVE_ENTRY_ACL_OTHER, 0, "" },
55 static struct acl_t acls1[] = {
56 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
57 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
58 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
59 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
60 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
61 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
62 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
63 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
66 static struct acl_t acls2[] = {
67 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
68 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
69 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
70 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
71 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
72 ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
73 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
74 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
75 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
76 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
77 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
78 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
82 set_acls(struct archive_entry *ae, struct acl_t *acls, int n)
86 archive_entry_acl_clear(ae);
87 for (i = 0; i < n; i++) {
88 archive_entry_acl_add_entry(ae,
89 acls[i].type, acls[i].permset, acls[i].tag, acls[i].qual,
95 acl_match(struct acl_t *acl, int type, int permset, int tag, int qual, const char *name)
97 if (type != acl->type)
99 if (permset != acl->permset)
103 if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ)
105 if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ)
107 if (tag == ARCHIVE_ENTRY_ACL_OTHER)
109 if (qual != acl->qual)
112 return (acl->name == NULL || acl->name[0] == '\0');
113 if (acl->name == NULL)
114 return (name == NULL || name[0] == '\0');
115 return (0 == strcmp(name, acl->name));
119 compare_acls(struct archive_entry *ae, struct acl_t *acls, int n, int mode)
121 int *marker = malloc(sizeof(marker[0]) * n);
124 int type, permset, tag, qual;
128 for (i = 0; i < n; i++)
131 while (0 == (r = archive_entry_acl_next(ae,
132 ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
133 &type, &permset, &tag, &qual, &name))) {
134 for (i = 0, matched = 0; i < n && !matched; i++) {
135 if (acl_match(&acls[marker[i]], type, permset,
137 /* We found a match; remove it. */
138 marker[i] = marker[n - 1];
143 if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ) {
144 if (!matched) printf("No match for user_obj perm\n");
145 failure("USER_OBJ permset (%02o) != user mode (%02o)",
146 permset, 07 & (mode >> 6));
147 assert((permset << 6) == (mode & 0700));
148 } else if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ) {
149 if (!matched) printf("No match for group_obj perm\n");
150 failure("GROUP_OBJ permset %02o != group mode %02o",
151 permset, 07 & (mode >> 3));
152 assert((permset << 3) == (mode & 0070));
153 } else if (tag == ARCHIVE_ENTRY_ACL_OTHER) {
154 if (!matched) printf("No match for other perm\n");
155 failure("OTHER permset (%02o) != other mode (%02o)",
157 assert((permset << 0) == (mode & 0007));
159 failure("Could not find match for ACL "
160 "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
161 type, permset, tag, qual, name);
162 assert(matched == 1);
165 assertEqualInt(ARCHIVE_EOF, r);
166 assert((mode_t)(mode & 0777) == (archive_entry_mode(ae) & 0777));
167 failure("Could not find match for ACL "
168 "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
169 acls[marker[0]].type, acls[marker[0]].permset,
170 acls[marker[0]].tag, acls[marker[0]].qual, acls[marker[0]].name);
171 assert(n == 0); /* Number of ACLs not matched should == 0 */
175 DEFINE_TEST(test_acl_pax)
178 struct archive_entry *ae;
182 size_t reference_size;
184 /* Write an archive to memory. */
185 assert(NULL != (a = archive_write_new()));
186 assertA(0 == archive_write_set_format_pax(a));
187 assertA(0 == archive_write_add_filter_none(a));
188 assertA(0 == archive_write_set_bytes_per_block(a, 1));
189 assertA(0 == archive_write_set_bytes_in_last_block(a, 1));
190 assertA(0 == archive_write_open_memory(a, buff, sizeof(buff), &used));
192 /* Write a series of files to the archive with different ACL info. */
194 /* Create a simple archive_entry. */
195 assert((ae = archive_entry_new()) != NULL);
196 archive_entry_set_pathname(ae, "file");
197 archive_entry_set_mode(ae, S_IFREG | 0777);
199 /* Basic owner/owning group should just update mode bits. */
200 set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
201 assertA(0 == archive_write_header(a, ae));
203 /* With any extended ACL entry, we should read back a full set. */
204 set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]));
205 assertA(0 == archive_write_header(a, ae));
208 /* A more extensive set of ACLs. */
209 set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
210 assertA(0 == archive_write_header(a, ae));
213 * Check that clearing ACLs gets rid of them all by repeating
216 set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
217 assertA(0 == archive_write_header(a, ae));
218 archive_entry_free(ae);
220 /* Close out the archive. */
221 assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a));
222 assertEqualInt(ARCHIVE_OK, archive_write_free(a));
224 /* Write out the data we generated to a file for manual inspection. */
225 assert(NULL != (f = fopen("testout", "wb")));
226 assertEqualInt(used, (size_t)fwrite(buff, 1, (unsigned int)used, f));
229 /* Write out the reference data to a file for manual inspection. */
230 extract_reference_file("test_acl_pax.tar");
231 reference = slurpfile(&reference_size, "test_acl_pax.tar");
233 /* Assert that the generated data matches the built-in reference data.*/
234 failure("Generated pax archive does not match reference; compare 'testout' to 'test_acl_pax.tar' reference file.");
235 assertEqualMem(buff, reference, reference_size);
236 failure("Generated pax archive does not match reference; compare 'testout' to 'test_acl_pax.tar' reference file.");
237 assertEqualInt((int)used, reference_size);
240 /* Read back each entry and check that the ACL data is right. */
241 assert(NULL != (a = archive_read_new()));
242 assertA(0 == archive_read_support_format_all(a));
243 assertA(0 == archive_read_support_filter_all(a));
244 assertA(0 == archive_read_open_memory(a, buff, used));
246 /* First item has no ACLs */
247 assertA(0 == archive_read_next_header(a, &ae));
248 failure("Basic ACLs shouldn't be stored as extended ACLs");
249 assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
250 failure("Basic ACLs should set mode to 0142, not %04o",
251 archive_entry_mode(ae)&0777);
252 assert((archive_entry_mode(ae) & 0777) == 0142);
254 /* Second item has a few ACLs */
255 assertA(0 == archive_read_next_header(a, &ae));
256 failure("One extended ACL should flag all ACLs to be returned.");
257 assert(4 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
258 compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]), 0142);
259 failure("Basic ACLs should set mode to 0142, not %04o",
260 archive_entry_mode(ae)&0777);
261 assert((archive_entry_mode(ae) & 0777) == 0142);
263 /* Third item has pretty extensive ACLs */
264 assertA(0 == archive_read_next_header(a, &ae));
265 assertEqualInt(6, archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
266 compare_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]), 0543);
267 failure("Basic ACLs should set mode to 0543, not %04o",
268 archive_entry_mode(ae)&0777);
269 assert((archive_entry_mode(ae) & 0777) == 0543);
271 /* Fourth item has no ACLs */
272 assertA(0 == archive_read_next_header(a, &ae));
273 failure("Basic ACLs shouldn't be stored as extended ACLs");
274 assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
275 failure("Basic ACLs should set mode to 0142, not %04o",
276 archive_entry_mode(ae)&0777);
277 assert((archive_entry_mode(ae) & 0777) == 0142);
279 /* Close the archive. */
280 assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
281 assertEqualInt(ARCHIVE_OK, archive_read_free(a));
projects / FreeBSD / releng / 10.0.git / blob