2 * Copyright (c) 2017 Martin Matuska
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 __FBSDID("$FreeBSD$");
28 #if HAVE_POSIX_ACL || HAVE_DARWIN_ACL
29 static const acl_perm_t acl_perms[] = {
43 ACL_READ_EXTATTRIBUTES,
44 ACL_WRITE_EXTATTRIBUTES,
49 #else /* !HAVE_DARWIN_ACL */
53 #if HAVE_FREEBSD_NFS4_ACL
61 ACL_WRITE_NAMED_ATTRS,
70 #endif /* HAVE_FREEBSD_NFS4_ACL */
71 #endif /* !HAVE_DARWIN_ACL */
73 #if HAVE_DARWIN_ACL || HAVE_FREEBSD_NFS4_ACL
74 static const acl_flag_t acl_flags[] = {
76 ACL_FLAG_DEFER_INHERIT,
79 ACL_ENTRY_FILE_INHERIT,
80 ACL_ENTRY_DIRECTORY_INHERIT,
81 ACL_ENTRY_LIMIT_INHERIT,
82 ACL_ENTRY_ONLY_INHERIT
83 #else /* HAVE_FREEBSD_NFS4_ACL */
84 ACL_ENTRY_FILE_INHERIT,
85 ACL_ENTRY_DIRECTORY_INHERIT,
86 ACL_ENTRY_NO_PROPAGATE_INHERIT,
87 ACL_ENTRY_INHERIT_ONLY,
88 ACL_ENTRY_SUCCESSFUL_ACCESS,
89 ACL_ENTRY_FAILED_ACCESS,
91 #endif /* HAVE_FREEBSD_NFS4_ACL */
93 #endif /* HAVE_DARWIN_ACL || HAVE_FREEBSD_NFS4_ACL */
96 * Compare two ACL entries on FreeBSD or on Mac OS X
99 compare_acl_entry(acl_entry_t ae_a, acl_entry_t ae_b, int is_nfs4)
101 acl_tag_t tag_a, tag_b;
102 acl_permset_t permset_a, permset_b;
103 int perm_a, perm_b, perm_start, perm_end;
104 void *qual_a, *qual_b;
105 #if HAVE_FREEBSD_NFS4_ACL
106 acl_entry_type_t type_a, type_b;
108 #if HAVE_FREEBSD_NFS4_ACL || HAVE_DARWIN_ACL
109 acl_flagset_t flagset_a, flagset_b;
115 /* Compare ACL tag */
116 r = acl_get_tag_type(ae_a, &tag_a);
117 failure("acl_get_tag_type() error: %s", strerror(errno));
118 if (assertEqualInt(r, 0) == 0)
120 r = acl_get_tag_type(ae_b, &tag_b);
121 failure("acl_get_tag_type() error: %s", strerror(errno));
122 if (assertEqualInt(r, 0) == 0)
127 /* Compare ACL qualifier */
129 if (tag_a == ACL_EXTENDED_ALLOW || tag_b == ACL_EXTENDED_DENY)
131 if (tag_a == ACL_USER || tag_a == ACL_GROUP)
134 qual_a = acl_get_qualifier(ae_a);
135 failure("acl_get_qualifier() error: %s", strerror(errno));
136 if (assert(qual_a != NULL) == 0)
138 qual_b = acl_get_qualifier(ae_b);
139 failure("acl_get_qualifier() error: %s", strerror(errno));
140 if (assert(qual_b != NULL) == 0) {
145 if (memcmp(((guid_t *)qual_a)->g_guid,
146 ((guid_t *)qual_b)->g_guid, KAUTH_GUID_SIZE) != 0)
148 if ((tag_a == ACL_USER &&
149 (*(uid_t *)qual_a != *(uid_t *)qual_b)) ||
150 (tag_a == ACL_GROUP &&
151 (*(gid_t *)qual_a != *(gid_t *)qual_b)))
162 #if HAVE_FREEBSD_NFS4_ACL
164 /* Compare NFS4 ACL type */
165 r = acl_get_entry_type_np(ae_a, &type_a);
166 failure("acl_get_entry_type_np() error: %s", strerror(errno));
167 if (assertEqualInt(r, 0) == 0)
169 r = acl_get_entry_type_np(ae_b, &type_b);
170 failure("acl_get_entry_type_np() error: %s", strerror(errno));
171 if (assertEqualInt(r, 0) == 0)
173 if (type_a != type_b)
178 /* Compare ACL perms */
179 r = acl_get_permset(ae_a, &permset_a);
180 failure("acl_get_permset() error: %s", strerror(errno));
181 if (assertEqualInt(r, 0) == 0)
183 r = acl_get_permset(ae_b, &permset_b);
184 failure("acl_get_permset() error: %s", strerror(errno));
185 if (assertEqualInt(r, 0) == 0)
189 perm_end = (int)(sizeof(acl_perms) / sizeof(acl_perms[0]));
190 #if HAVE_FREEBSD_NFS4_ACL
196 /* Cycle through all perms and compare their value */
197 for (i = perm_start; i < perm_end; i++) {
199 perm_a = acl_get_perm(permset_a, acl_perms[i]);
200 perm_b = acl_get_perm(permset_b, acl_perms[i]);
202 perm_a = acl_get_perm_np(permset_a, acl_perms[i]);
203 perm_b = acl_get_perm_np(permset_b, acl_perms[i]);
205 if (perm_a == -1 || perm_b == -1)
207 if (perm_a != perm_b)
211 #if HAVE_FREEBSD_NFS4_ACL || HAVE_DARWIN_ACL
213 r = acl_get_flagset_np(ae_a, &flagset_a);
214 failure("acl_get_flagset_np() error: %s", strerror(errno));
215 if (assertEqualInt(r, 0) == 0)
217 r = acl_get_flagset_np(ae_b, &flagset_b);
218 failure("acl_get_flagset_np() error: %s", strerror(errno));
219 if (assertEqualInt(r, 0) == 0)
221 /* Cycle through all flags and compare their status */
222 for (i = 0; i < (int)(sizeof(acl_flags) / sizeof(acl_flags[0]));
224 flag_a = acl_get_flag_np(flagset_a, acl_flags[i]);
225 flag_b = acl_get_flag_np(flagset_b, acl_flags[i]);
226 if (flag_a == -1 || flag_b == -1)
228 if (flag_a != flag_b)
232 #else /* HAVE_FREEBSD_NFS4_ACL || HAVE_DARWIN_ACL*/
233 (void)is_nfs4; /* UNUSED */
237 #endif /* HAVE_POSIX_ACL || HAVE_DARWIN_ACL */
239 #if HAVE_SUN_ACL || HAVE_DARWIN_ACL || HAVE_POSIX_ACL
241 * Clear default ACLs or inheritance flags
244 clear_inheritance_flags(const char *path, int type)
247 case ARCHIVE_TEST_ACL_TYPE_POSIX1E:
249 acl_delete_def_file(path);
255 case ARCHIVE_TEST_ACL_TYPE_NFS4:
261 (void)path; /* UNUSED */
267 compare_acls(const char *path_a, const char *path_b)
273 int aclcnt_a, aclcnt_b;
274 aclent_t *aclent_a, *aclent_b;
275 ace_t *ace_a, *ace_b;
279 acl_entry_t aclent_a, aclent_b;
286 acl_a = sunacl_get(GETACL, &aclcnt_a, 0, path_a);
288 #if HAVE_SUN_NFS4_ACL
290 acl_a = sunacl_get(ACE_GETACL, &aclcnt_a, 0, path_a);
292 failure("acl_get() error: %s", strerror(errno));
293 if (assert(acl_a != NULL) == 0)
295 #if HAVE_SUN_NFS4_ACL
296 acl_b = sunacl_get(ACE_GETACL, &aclcnt_b, 0, path_b);
299 acl_b = sunacl_get(GETACL, &aclcnt_b, 0, path_b);
300 if (acl_b == NULL && (errno == ENOSYS || errno == ENOTSUP)) {
304 failure("acl_get() error: %s", strerror(errno));
305 if (assert(acl_b != NULL) == 0) {
310 if (aclcnt_a != aclcnt_b) {
315 for (e = 0; e < aclcnt_a; e++) {
317 aclent_a = &((aclent_t *)acl_a)[e];
318 aclent_b = &((aclent_t *)acl_b)[e];
319 if (aclent_a->a_type != aclent_b->a_type ||
320 aclent_a->a_id != aclent_b->a_id ||
321 aclent_a->a_perm != aclent_b->a_perm) {
326 #if HAVE_SUN_NFS4_ACL
328 ace_a = &((ace_t *)acl_a)[e];
329 ace_b = &((ace_t *)acl_b)[e];
330 if (ace_a->a_who != ace_b->a_who ||
331 ace_a->a_access_mask != ace_b->a_access_mask ||
332 ace_a->a_flags != ace_b->a_flags ||
333 ace_a->a_type != ace_b->a_type) {
340 #else /* !HAVE_SUN_ACL */
343 acl_a = acl_get_file(path_a, ACL_TYPE_EXTENDED);
344 #elif HAVE_FREEBSD_NFS4_ACL
345 acl_a = acl_get_file(path_a, ACL_TYPE_NFS4);
351 acl_a = acl_get_file(path_a, ACL_TYPE_ACCESS);
353 failure("acl_get_file() error: %s (%s)", path_a, strerror(errno));
354 if (assert(acl_a != NULL) == 0)
357 acl_b = acl_get_file(path_b, ACL_TYPE_EXTENDED);
358 #elif HAVE_FREEBSD_NFS4_ACL
359 acl_b = acl_get_file(path_b, ACL_TYPE_NFS4);
363 #if HAVE_FREEBSD_NFS4_ACL
369 acl_b = acl_get_file(path_b, ACL_TYPE_ACCESS);
371 failure("acl_get_file() error: %s (%s)", path_b, strerror(errno));
372 if (assert(acl_b != NULL) == 0) {
377 a = acl_get_entry(acl_a, ACL_FIRST_ENTRY, &aclent_a);
382 b = acl_get_entry(acl_b, ACL_FIRST_ENTRY, &aclent_b);
388 while (a == 0 && b == 0)
389 #else /* FreeBSD, Linux */
390 while (a == 1 && b == 1)
393 r = compare_acl_entry(aclent_a, aclent_b, is_nfs4);
398 a = acl_get_entry(acl_a, ACL_NEXT_ENTRY, &aclent_a);
399 b = acl_get_entry(acl_b, ACL_NEXT_ENTRY, &aclent_b);
401 /* Entry count must match */
404 #endif /* !HAVE_SUN_ACL */
415 #endif /* HAVE_SUN_ACL || HAVE_DARWIN_ACL || HAVE_POSIX_ACL */
417 DEFINE_TEST(test_option_acls)
419 #if !HAVE_SUN_ACL && !HAVE_DARWIN_ACL && !HAVE_POSIX_ACL
420 skipping("ACLs are not supported on this platform");
421 #else /* HAVE_SUN_ACL || HAVE_DARWIN_ACL || HAVE_POSIX_ACL */
424 assertMakeFile("f", 0644, "a");
425 acltype = setTestAcl("f");
427 skipping("Can't write ACLs on the filesystem");
431 /* Archive it with acls */
432 r = systemf("%s -c --no-mac-metadata --acls -f acls.tar f >acls.out 2>acls.err", testprog);
433 assertEqualInt(r, 0);
435 /* Archive it without acls */
436 r = systemf("%s -c --no-mac-metadata --no-acls -f noacls.tar f >noacls.out 2>noacls.err", testprog);
437 assertEqualInt(r, 0);
439 /* Extract acls with acls */
440 assertMakeDir("acls_acls", 0755);
441 clear_inheritance_flags("acls_acls", acltype);
442 r = systemf("%s -x -C acls_acls --no-same-permissions --acls -f acls.tar >acls_acls.out 2>acls_acls.err", testprog);
443 assertEqualInt(r, 0);
444 r = compare_acls("f", "acls_acls/f");
445 assertEqualInt(r, 1);
447 /* Extractl acls without acls */
448 assertMakeDir("acls_noacls", 0755);
449 clear_inheritance_flags("acls_noacls", acltype);
450 r = systemf("%s -x -C acls_noacls -p --no-acls -f acls.tar >acls_noacls.out 2>acls_noacls.err", testprog);
451 assertEqualInt(r, 0);
452 r = compare_acls("f", "acls_noacls/f");
453 assertEqualInt(r, 0);
455 /* Extract noacls with acls flag */
456 assertMakeDir("noacls_acls", 0755);
457 clear_inheritance_flags("noacls_acls", acltype);
458 r = systemf("%s -x -C noacls_acls --no-same-permissions --acls -f noacls.tar >noacls_acls.out 2>noacls_acls.err", testprog);
459 assertEqualInt(r, 0);
460 r = compare_acls("f", "noacls_acls/f");
461 assertEqualInt(r, 0);
463 /* Extract noacls with noacls */
464 assertMakeDir("noacls_noacls", 0755);
465 clear_inheritance_flags("noacls_noacls", acltype);
466 r = systemf("%s -x -C noacls_noacls -p --no-acls -f noacls.tar >noacls_noacls.out 2>noacls_noacls.err", testprog);
467 assertEqualInt(r, 0);
468 r = compare_acls("f", "noacls_noacls/f");
469 assertEqualInt(r, 0);
470 #endif /* HAVE_SUN_ACL || HAVE_DARWIN_ACL || HAVE_POSIX_ACL */