2 * Copyright (c) 2003-2008 Tim Kientzle
3 * Copyright (c) 2017 Martin Matuska
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 __FBSDID("$FreeBSD: head/lib/libarchive/test/test_acl_freebsd.c 189427 2009-03-06 04:21:23Z kientzle $");
29 #if ARCHIVE_ACL_POSIX1E
32 #include <acl/libacl.h>
33 #define ACL_GET_PERM acl_get_perm
34 #elif HAVE_ACL_GET_PERM_NP
35 #define ACL_GET_PERM acl_get_perm_np
38 static struct archive_test_acl_t acls2[] = {
39 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
40 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
41 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
42 ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
43 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
44 ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
45 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
46 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
47 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
48 ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
49 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
50 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
51 ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
52 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
53 ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_EXECUTE,
54 ARCHIVE_ENTRY_ACL_MASK, -1, "" },
59 acl_entry_get_perm(aclent_t *aclent)
61 acl_entry_get_perm(acl_entry_t aclent)
65 #if ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
66 acl_permset_t opaque_ps;
70 if (aclent->a_perm & 1)
71 permset |= ARCHIVE_ENTRY_ACL_EXECUTE;
72 if (aclent->a_perm & 2)
73 permset |= ARCHIVE_ENTRY_ACL_WRITE;
74 if (aclent->a_perm & 4)
75 permset |= ARCHIVE_ENTRY_ACL_READ;
77 /* translate the silly opaque permset to a bitmap */
78 acl_get_permset(aclent, &opaque_ps);
79 if (ACL_GET_PERM(opaque_ps, ACL_EXECUTE))
80 permset |= ARCHIVE_ENTRY_ACL_EXECUTE;
81 if (ACL_GET_PERM(opaque_ps, ACL_WRITE))
82 permset |= ARCHIVE_ENTRY_ACL_WRITE;
83 if (ACL_GET_PERM(opaque_ps, ACL_READ))
84 permset |= ARCHIVE_ENTRY_ACL_READ;
91 acl_get_specific_entry(acl_t acl, acl_tag_t requested_tag_type, int requested_tag) {
92 int entry_id = ACL_FIRST_ENTRY;
93 acl_entry_t acl_entry;
94 acl_tag_t acl_tag_type;
96 while (1 == acl_get_entry(acl, entry_id, &acl_entry)) {
97 /* After the first time... */
98 entry_id = ACL_NEXT_ENTRY;
100 /* If this matches, return perm mask */
101 acl_get_tag_type(acl_entry, &acl_tag_type);
102 if (acl_tag_type == requested_tag_type) {
103 switch (acl_tag_type) {
105 if ((uid_t)requested_tag == *(uid_t *)(acl_get_qualifier(acl_entry))) {
106 return acl_entry_get_perm(acl_entry);
110 if ((gid_t)requested_tag == *(gid_t *)(acl_get_qualifier(acl_entry))) {
111 return acl_entry_get_perm(acl_entry);
117 return acl_entry_get_perm(acl_entry);
119 failure("Unexpected ACL tag type");
130 #if ARCHIVE_ACL_SUNOS
132 acl_match(aclent_t *aclent, struct archive_test_acl_t *myacl)
135 if (myacl->permset != acl_entry_get_perm(aclent))
138 switch (aclent->a_type) {
141 if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ) return (0);
143 if (myacl->tag != ARCHIVE_ENTRY_ACL_USER)
145 if ((uid_t)myacl->qual != aclent->a_id)
150 if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP_OBJ) return (0);
154 if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP)
156 if ((gid_t)myacl->qual != aclent->a_id)
161 if (myacl->tag != ARCHIVE_ENTRY_ACL_MASK) return (0);
165 if (myacl->tag != ARCHIVE_ENTRY_ACL_OTHER) return (0);
171 #else /* ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL */
173 acl_match(acl_entry_t aclent, struct archive_test_acl_t *myacl)
179 if (myacl->permset != acl_entry_get_perm(aclent))
182 acl_get_tag_type(aclent, &tag_type);
185 if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ) return (0);
188 if (myacl->tag != ARCHIVE_ENTRY_ACL_USER)
190 up = acl_get_qualifier(aclent);
193 if ((uid_t)myacl->qual != u)
197 if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP_OBJ) return (0);
200 if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP)
202 gp = acl_get_qualifier(aclent);
205 if ((gid_t)myacl->qual != g)
209 if (myacl->tag != ARCHIVE_ENTRY_ACL_MASK) return (0);
212 if (myacl->tag != ARCHIVE_ENTRY_ACL_OTHER) return (0);
221 #if ARCHIVE_ACL_SUNOS
222 void *aclp, int aclcnt,
226 struct archive_test_acl_t *myacls, int n)
231 #if ARCHIVE_ACL_SUNOS
235 int entry_id = ACL_FIRST_ENTRY;
236 acl_entry_t acl_entry;
239 /* Count ACL entries in myacls array and allocate an indirect array. */
240 marker = malloc(sizeof(marker[0]) * n);
243 for (i = 0; i < n; i++)
247 * Iterate over acls in system acl object, try to match each
248 * one with an item in the myacls array.
250 #if ARCHIVE_ACL_SUNOS
251 for(e = 0; e < aclcnt; e++) {
252 acl_entry = &((aclent_t *)aclp)[e];
254 while (1 == acl_get_entry(acl, entry_id, &acl_entry)) {
255 /* After the first time... */
256 entry_id = ACL_NEXT_ENTRY;
259 /* Search for a matching entry (tag and qualifier) */
260 for (i = 0, matched = 0; i < n && !matched; i++) {
261 if (acl_match(acl_entry, &myacls[marker[i]])) {
262 /* We found a match; remove it. */
263 marker[i] = marker[n - 1];
269 /* TODO: Print out more details in this case. */
270 failure("ACL entry on file that shouldn't be there");
271 assert(matched == 1);
274 /* Dump entries in the myacls array that weren't in the system acl. */
275 for (i = 0; i < n; ++i) {
276 failure(" ACL entry missing from file: "
277 "type=%#010x,permset=%#010x,tag=%d,qual=%d,name=``%s''\n",
278 myacls[marker[i]].type, myacls[marker[i]].permset,
279 myacls[marker[i]].tag, myacls[marker[i]].qual,
280 myacls[marker[i]].name);
281 assert(0); /* Record this as a failure. */
288 * Verify ACL restore-to-disk. This test is Platform-specific.
291 DEFINE_TEST(test_acl_platform_posix1e_restore)
293 #if !ARCHIVE_ACL_POSIX1E
294 skipping("POSIX.1e ACLs are not supported on this platform");
295 #else /* ARCHIVE_ACL_POSIX1E */
298 struct archive_entry *ae;
299 #if ARCHIVE_ACL_SUNOS
306 assertMakeFile("pretest", 0644, "a");
308 if (setTestAcl("pretest") != ARCHIVE_TEST_ACL_TYPE_POSIX1E) {
309 skipping("POSIX.1e ACLs are not writable on this filesystem");
313 /* Create a write-to-disk object. */
314 assert(NULL != (a = archive_write_disk_new()));
315 archive_write_disk_set_options(a,
316 ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL);
318 /* Populate an archive entry with some metadata, including ACL info */
319 ae = archive_entry_new();
321 archive_entry_set_pathname(ae, "test0");
322 archive_entry_set_mtime(ae, 123456, 7890);
323 archive_entry_set_size(ae, 0);
324 assertEntrySetAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
325 assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
326 archive_entry_free(ae);
328 /* Close the archive. */
329 assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a));
330 assertEqualInt(ARCHIVE_OK, archive_write_free(a));
332 /* Verify the data on disk. */
333 assertEqualInt(0, stat("test0", &st));
334 assertEqualInt(st.st_mtime, 123456);
335 #if ARCHIVE_ACL_SUNOS
336 aclp = sunacl_get(GETACL, &aclcnt, 0, "test0");
337 failure("acl(): errno = %d (%s)", errno, strerror(errno));
338 assert(aclp != NULL);
340 acl = acl_get_file("test0", ACL_TYPE_ACCESS);
341 failure("acl_get_file(): errno = %d (%s)", errno, strerror(errno));
342 assert(acl != (acl_t)NULL);
344 #if ARCHIVE_ACL_SUNOS
345 compare_acls(aclp, aclcnt, acls2, sizeof(acls2)/sizeof(acls2[0]));
349 compare_acls(acl, acls2, sizeof(acls2)/sizeof(acls2[0]));
353 #endif /* ARCHIVE_ACL_POSIX1E */
357 * Verify ACL read-from-disk. This test is Platform-specific.
359 DEFINE_TEST(test_acl_platform_posix1e_read)
361 #if !ARCHIVE_ACL_POSIX1E
362 skipping("POSIX.1e ACLs are not supported on this platform");
363 #else /* ARCHIVE_ACL_POSIX1E */
365 struct archive_entry *ae;
366 int n, fd, flags, dflags;
368 const char *func, *acl1_text, *acl2_text, *acl3_text;
369 #if ARCHIVE_ACL_SUNOS
373 acl_t acl1, acl2, acl3;
377 * Manually construct a directory and two files with
378 * different ACLs. This also serves to verify that ACLs
379 * are supported on the local filesystem.
382 /* Create a test file f1 with acl1 */
383 #if ARCHIVE_ACL_SUNOS
384 acl1_text = "user::rwx,"
391 { USER_OBJ, -1, 4 | 2 | 1 },
393 { GROUP_OBJ, -1, 4 | 2 | 1 },
394 { GROUP, 15, 4 | 1 },
395 { CLASS_OBJ, -1, 4 | 2 | 1 },
396 { OTHER_OBJ, -1, 4 | 2 | 1 }
399 acl1_text = "user::rwx\n"
405 acl1 = acl_from_text(acl1_text);
406 failure("acl_from_text(): errno = %d (%s)", errno, strerror(errno));
407 assert((void *)acl1 != NULL);
409 fd = open("f1", O_WRONLY | O_CREAT | O_EXCL, 0777);
410 failure("Could not create test file?!");
411 if (!assert(fd >= 0)) {
412 #if !ARCHIVE_ACL_SUNOS
417 #if ARCHIVE_ACL_SUNOS
418 /* Check if Solaris filesystem supports POSIX.1e ACLs */
419 aclp = sunacl_get(GETACL, &aclcnt, fd, NULL);
422 if (errno == ENOSYS || errno == ENOTSUP) {
423 skipping("POSIX.1e ACLs are not supported on this filesystem");
426 failure("facl(): errno = %d (%s)", errno, strerror(errno));
427 assert(aclp != NULL);
430 n = facl(fd, SETACL, (int)(sizeof(aclp1)/sizeof(aclp1[0])), aclp1);
432 func = "acl_set_fd()";
433 n = acl_set_fd(fd, acl1);
435 #if !ARCHIVE_ACL_SUNOS
440 #if ARCHIVE_ACL_SUNOS
441 if (errno == ENOSYS || errno == ENOTSUP)
443 if (errno == EOPNOTSUPP || errno == EINVAL)
447 skipping("POSIX.1e ACLs are not supported on this filesystem");
451 failure("%s: errno = %d (%s)", func, errno, strerror(errno));
452 assertEqualInt(0, n);
456 assertMakeDir("d", 0700);
459 * Create file d/f1 with acl2
461 * This differs from acl1 in the u:1: and g:15: permissions.
463 * This file deliberately has the same name but a different ACL.
464 * Github Issue #777 explains how libarchive's directory traversal
465 * did not always correctly enter directories before attempting
466 * to read ACLs, resulting in reading the ACL from a like-named
467 * file in the wrong directory.
469 #if ARCHIVE_ACL_SUNOS
470 acl2_text = "user::rwx,"
477 { USER_OBJ, -1, 4 | 2 | 1 },
479 { GROUP_OBJ, -1, 4 | 2 | 1},
481 { CLASS_OBJ, -1, 4 | 2 | 1},
485 acl2_text = "user::rwx\n"
491 acl2 = acl_from_text(acl2_text);
492 failure("acl_from_text(): errno = %d (%s)", errno, strerror(errno));
493 assert((void *)acl2 != NULL);
495 fd = open("d/f1", O_WRONLY | O_CREAT | O_EXCL, 0777);
496 failure("Could not create test file?!");
497 if (!assert(fd >= 0)) {
498 #if !ARCHIVE_ACL_SUNOS
503 #if ARCHIVE_ACL_SUNOS
505 n = facl(fd, SETACL, (int)(sizeof(aclp2) / sizeof(aclp2[0])), aclp2);
507 func = "acl_set_fd()";
508 n = acl_set_fd(fd, acl2);
513 failure("%s: errno = %d (%s)", func, errno, strerror(errno));
514 assertEqualInt(0, n);
517 /* Create nested directory d2 with default ACLs */
518 assertMakeDir("d/d2", 0755);
520 #if ARCHIVE_ACL_SUNOS
521 acl3_text = "user::rwx,"
528 "default:user:1:r--,"
529 "default:group::r-x,"
530 "default:group:15:r--,"
534 { USER_OBJ, -1, 4 | 2 | 1 },
536 { GROUP_OBJ, -1, 4 | 1 },
538 { CLASS_OBJ, -1, 4 | 2 | 1 },
539 { OTHER_OBJ, -1, 4 | 1 },
540 { USER_OBJ | ACL_DEFAULT, -1, 4 | 2 | 1 },
541 { USER | ACL_DEFAULT, 1, 4 },
542 { GROUP_OBJ | ACL_DEFAULT, -1, 4 | 1 },
543 { GROUP | ACL_DEFAULT, 15, 4 },
544 { CLASS_OBJ | ACL_DEFAULT, -1, 4 | 2 | 1},
545 { OTHER_OBJ | ACL_DEFAULT, -1, 4 | 1 }
548 acl3_text = "user::rwx\n"
554 acl3 = acl_from_text(acl3_text);
555 failure("acl_from_text(): errno = %d (%s)", errno, strerror(errno));
556 assert((void *)acl3 != NULL);
559 #if ARCHIVE_ACL_SUNOS
561 n = acl("d/d2", SETACL, (int)(sizeof(aclp3) / sizeof(aclp3[0])), aclp3);
563 func = "acl_set_file()";
564 n = acl_set_file("d/d2", ACL_TYPE_DEFAULT, acl3);
567 failure("%s: errno = %d (%s)", func, errno, strerror(errno));
568 assertEqualInt(0, n);
570 /* Create a read-from-disk object. */
571 assert(NULL != (a = archive_read_disk_new()));
572 assertEqualIntA(a, ARCHIVE_OK, archive_read_disk_open(a, "."));
573 assert(NULL != (ae = archive_entry_new()));
575 #if ARCHIVE_ACL_SUNOS
576 flags = ARCHIVE_ENTRY_ACL_TYPE_POSIX1E
577 | ARCHIVE_ENTRY_ACL_STYLE_SEPARATOR_COMMA
578 | ARCHIVE_ENTRY_ACL_STYLE_SOLARIS;
581 flags = ARCHIVE_ENTRY_ACL_TYPE_ACCESS;
582 dflags = ARCHIVE_ENTRY_ACL_TYPE_DEFAULT;
585 /* Walk the dir until we see both of the files */
586 while (ARCHIVE_OK == archive_read_next_header2(a, ae)) {
587 archive_read_disk_descend(a);
588 if (strcmp(archive_entry_pathname(ae), "./f1") == 0) {
589 acl_text = archive_entry_acl_to_text(ae, NULL, flags);
590 assertEqualString(acl_text, acl1_text);
592 } else if (strcmp(archive_entry_pathname(ae), "./d/f1") == 0) {
593 acl_text = archive_entry_acl_to_text(ae, NULL, flags);
594 assertEqualString(acl_text, acl2_text);
596 } else if (strcmp(archive_entry_pathname(ae), "./d/d2") == 0) {
597 acl_text = archive_entry_acl_to_text(ae, NULL, dflags);
598 assertEqualString(acl_text, acl3_text);
603 archive_entry_free(ae);
604 assertEqualInt(ARCHIVE_OK, archive_free(a));
605 #endif /* ARCHIVE_ACL_POSIX1E */
projects / FreeBSD / stable / 10.git / blob