1231200Smm/*- 2231200Smm * Copyright (c) 2003-2010 Tim Kientzle 3231200Smm * All rights reserved. 4231200Smm * 5231200Smm * Redistribution and use in source and binary forms, with or without 6231200Smm * modification, are permitted provided that the following conditions 7231200Smm * are met: 8231200Smm * 1. Redistributions of source code must retain the above copyright 9231200Smm * notice, this list of conditions and the following disclaimer. 10231200Smm * 2. Redistributions in binary form must reproduce the above copyright 11231200Smm * notice, this list of conditions and the following disclaimer in the 12231200Smm * documentation and/or other materials provided with the distribution. 13231200Smm * 14231200Smm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15231200Smm * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16231200Smm * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17231200Smm * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18231200Smm * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19231200Smm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20231200Smm * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21231200Smm * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22231200Smm * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23231200Smm * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24231200Smm */ 25231200Smm#include "test.h" 26231200Smm__FBSDID("$FreeBSD$"); 27231200Smm 28231200Smm/* 29231200Smm * Exercise the system-independent portion of the ACL support. 30231200Smm * Check that archive_entry objects can save and restore NFS4 ACL data. 31231200Smm * 32231200Smm * This should work on all systems, regardless of whether local 33231200Smm * filesystems support ACLs or not. 34231200Smm */ 35231200Smm 36313571Smmstatic struct archive_test_acl_t acls1[] = { 37231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 38231200Smm ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, 39231200Smm { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_READ_DATA, 40231200Smm ARCHIVE_ENTRY_ACL_USER, 77, "user77" }, 41231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, 42231200Smm ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, 43231200Smm { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_WRITE_DATA, 44231200Smm ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 45231200Smm}; 46231200Smm 47313571Smmstatic struct archive_test_acl_t acls2[] = { 48231200Smm /* An entry for each type. */ 49231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 0, 50231200Smm ARCHIVE_ENTRY_ACL_USER, 108, "user108" }, 51231200Smm { ARCHIVE_ENTRY_ACL_TYPE_DENY, 0, 52231200Smm ARCHIVE_ENTRY_ACL_USER, 109, "user109" }, 53231200Smm { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 0, 54231200Smm ARCHIVE_ENTRY_ACL_USER, 110, "user110" }, 55231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALARM, 0, 56231200Smm ARCHIVE_ENTRY_ACL_USER, 111, "user111" }, 57231200Smm 58231200Smm /* An entry for each permission. */ 59231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 60231200Smm ARCHIVE_ENTRY_ACL_USER, 112, "user112" }, 61231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, 62231200Smm ARCHIVE_ENTRY_ACL_USER, 113, "user113" }, 63231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, 64231200Smm ARCHIVE_ENTRY_ACL_USER, 114, "user114" }, 65231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_DATA, 66231200Smm ARCHIVE_ENTRY_ACL_USER, 115, "user115" }, 67231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_FILE, 68231200Smm ARCHIVE_ENTRY_ACL_USER, 116, "user116" }, 69231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_APPEND_DATA, 70231200Smm ARCHIVE_ENTRY_ACL_USER, 117, "user117" }, 71231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, 72231200Smm ARCHIVE_ENTRY_ACL_USER, 118, "user118" }, 73231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, 74231200Smm ARCHIVE_ENTRY_ACL_USER, 119, "user119" }, 75231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, 76231200Smm ARCHIVE_ENTRY_ACL_USER, 120, "user120" }, 77231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE_CHILD, 78231200Smm ARCHIVE_ENTRY_ACL_USER, 121, "user121" }, 79231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, 80231200Smm ARCHIVE_ENTRY_ACL_USER, 122, "user122" }, 81231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, 82231200Smm ARCHIVE_ENTRY_ACL_USER, 123, "user123" }, 83231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE, 84231200Smm ARCHIVE_ENTRY_ACL_USER, 124, "user124" }, 85231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ACL, 86231200Smm ARCHIVE_ENTRY_ACL_USER, 125, "user125" }, 87231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ACL, 88231200Smm ARCHIVE_ENTRY_ACL_USER, 126, "user126" }, 89231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_OWNER, 90231200Smm ARCHIVE_ENTRY_ACL_USER, 127, "user127" }, 91231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_SYNCHRONIZE, 92231200Smm ARCHIVE_ENTRY_ACL_USER, 128, "user128" }, 93231200Smm 94231200Smm /* One entry with each inheritance value. */ 95231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 96231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, 97231200Smm ARCHIVE_ENTRY_ACL_USER, 129, "user129" }, 98231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 99231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, 100231200Smm ARCHIVE_ENTRY_ACL_USER, 130, "user130" }, 101231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 102231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, 103231200Smm ARCHIVE_ENTRY_ACL_USER, 131, "user131" }, 104231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 105231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, 106231200Smm ARCHIVE_ENTRY_ACL_USER, 132, "user132" }, 107231200Smm { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 108231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS, 109231200Smm ARCHIVE_ENTRY_ACL_USER, 133, "user133" }, 110231200Smm { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 111231200Smm ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS, 112231200Smm ARCHIVE_ENTRY_ACL_USER, 134, "user134" }, 113231200Smm 114231200Smm /* One entry for each qualifier. */ 115231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 116231200Smm ARCHIVE_ENTRY_ACL_USER, 135, "user135" }, 117231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 118231200Smm ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, 119231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 120231200Smm ARCHIVE_ENTRY_ACL_GROUP, 136, "group136" }, 121231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 122231200Smm ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, 123231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 124231200Smm ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 125231200Smm}; 126231200Smm 127231200Smm/* 128231200Smm * Entries that should be rejected when we attempt to set them 129231200Smm * on an ACL that already has NFS4 entries. 130231200Smm */ 131313571Smmstatic struct archive_test_acl_t acls_bad[] = { 132231200Smm /* POSIX.1e ACL types */ 133231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE, 134231200Smm ARCHIVE_ENTRY_ACL_USER, 78, "" }, 135231200Smm { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE, 136231200Smm ARCHIVE_ENTRY_ACL_USER, 78, "" }, 137231200Smm 138231200Smm /* POSIX.1e tags */ 139231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 140231200Smm ARCHIVE_ENTRY_ACL_OTHER, -1, "" }, 141231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 142231200Smm ARCHIVE_ENTRY_ACL_MASK, -1, "" }, 143231200Smm 144231200Smm /* POSIX.1e permissions */ 145231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ, 146231200Smm ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 147231200Smm { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE, 148231200Smm ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 149231200Smm}; 150231200Smm 151231200SmmDEFINE_TEST(test_acl_nfs4) 152231200Smm{ 153231200Smm struct archive_entry *ae; 154231200Smm int i; 155231200Smm 156231200Smm /* Create a simple archive_entry. */ 157231200Smm assert((ae = archive_entry_new()) != NULL); 158231200Smm archive_entry_set_pathname(ae, "file"); 159231200Smm archive_entry_set_mode(ae, S_IFREG | 0777); 160231200Smm 161231200Smm /* Store and read back some basic ACL entries. */ 162315433Smm assertEntrySetAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); 163313571Smm 164313571Smm /* Check that entry contains only NFSv4 types */ 165313571Smm assert((archive_entry_acl_types(ae) & 166313571Smm ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) == 0); 167313571Smm assert((archive_entry_acl_types(ae) & 168313571Smm ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0); 169313571Smm 170231200Smm assertEqualInt(4, 171231200Smm archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 172315433Smm assertEntryCompareAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]), 173313571Smm ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0); 174231200Smm 175231200Smm /* A more extensive set of ACLs. */ 176315433Smm assertEntrySetAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); 177231200Smm assertEqualInt(32, 178231200Smm archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 179315433Smm assertEntryCompareAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]), 180313571Smm ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0); 181231200Smm 182231200Smm /* 183231200Smm * Check that clearing ACLs gets rid of them all by repeating 184231200Smm * the first test. 185231200Smm */ 186315433Smm assertEntrySetAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); 187231200Smm failure("Basic ACLs shouldn't be stored as extended ACLs"); 188231200Smm assertEqualInt(4, 189231200Smm archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 190231200Smm 191231200Smm /* 192231200Smm * Different types of malformed ACL entries that should 193231200Smm * fail when added to existing NFS4 ACLs. 194231200Smm */ 195315433Smm assertEntrySetAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); 196232153Smm for (i = 0; i < (int)(sizeof(acls_bad)/sizeof(acls_bad[0])); ++i) { 197313571Smm struct archive_test_acl_t *p = &acls_bad[i]; 198231200Smm failure("Malformed ACL test #%d", i); 199231200Smm assertEqualInt(ARCHIVE_FAILED, 200231200Smm archive_entry_acl_add_entry(ae, 201231200Smm p->type, p->permset, p->tag, p->qual, p->name)); 202231200Smm failure("Malformed ACL test #%d", i); 203231200Smm assertEqualInt(32, 204231200Smm archive_entry_acl_reset(ae, 205231200Smm ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 206231200Smm } 207231200Smm archive_entry_free(ae); 208231200Smm} 209