test_acl_posix1e.c revision 313570 
1/*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "test.h"
26__FBSDID("$FreeBSD: src/lib/libarchive/test/test_acl_basic.c,v 1.6 2008/10/19 00:13:57 kientzle Exp $");
27
28/*
29 * Exercise the system-independent portion of the ACL support.
30 * Check that archive_entry objects can save and restore POSIX.1e-style
31 * ACL data.
32 *
33 * This should work on all systems, regardless of whether local
34 * filesystems support ACLs or not.
35 */
36
37static struct archive_test_acl_t acls0[] = {
38	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
39	  ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
40	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
41	  ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
42	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
43	  ARCHIVE_ENTRY_ACL_OTHER, 0, "" },
44};
45
46static struct archive_test_acl_t acls1[] = {
47	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
48	  ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
49	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
50	  ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
51	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
52	  ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
53	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
54	  ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
55};
56
57static struct archive_test_acl_t acls2[] = {
58	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
59	  ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
60	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
61	  ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
62	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
63	  ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
64	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
65	  ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
66	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
67	  ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
68	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
69	  ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
70};
71
72/*
73 * NFS4 entry types; attempts to set these on top of POSIX.1e
74 * attributes should fail.
75 */
76static struct archive_test_acl_t acls_nfs4[] = {
77	/* NFS4 types */
78	{ ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ,
79	  ARCHIVE_ENTRY_ACL_USER, 78, "" },
80	{ ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_READ,
81	  ARCHIVE_ENTRY_ACL_USER, 78, "" },
82	{ ARCHIVE_ENTRY_ACL_TYPE_AUDIT, ARCHIVE_ENTRY_ACL_READ,
83	  ARCHIVE_ENTRY_ACL_USER, 78, "" },
84	{ ARCHIVE_ENTRY_ACL_TYPE_ALARM, ARCHIVE_ENTRY_ACL_READ,
85	  ARCHIVE_ENTRY_ACL_USER, 78, "" },
86
87	/* NFS4 tags */
88	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
89	  ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
90
91	/* NFS4 inheritance markers */
92	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
93	  ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT,
94	  ARCHIVE_ENTRY_ACL_USER, 79, "" },
95	{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
96	  ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT,
97	  ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
98};
99
100DEFINE_TEST(test_acl_posix1e)
101{
102	struct archive_entry *ae;
103	int i;
104
105	/* Create a simple archive_entry. */
106	assert((ae = archive_entry_new()) != NULL);
107	archive_entry_set_pathname(ae, "file");
108        archive_entry_set_mode(ae, S_IFREG | 0777);
109
110	/* Basic owner/owning group should just update mode bits. */
111
112	/*
113	 * Note: This features of libarchive's ACL implementation
114	 * shouldn't be relied on and should probably be removed.  It
115	 * was done to identify trivial ACLs so we could avoid
116	 * triggering unnecessary extensions.  It's better to identify
117	 * trivial ACLs at the point they are being read from disk.
118	 */
119	archive_test_set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
120	failure("Basic ACLs shouldn't be stored as extended ACLs");
121	assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
122	failure("Basic ACLs should set mode to 0142, not %04o",
123	    archive_entry_mode(ae)&0777);
124	assert((archive_entry_mode(ae) & 0777) == 0142);
125
126
127	/* With any extended ACL entry, we should read back a full set. */
128	archive_test_set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]));
129	failure("One extended ACL should flag all ACLs to be returned.");
130
131	/* Check that entry contains only POSIX.1e types */
132	assert((archive_entry_acl_types(ae) &
133	    ARCHIVE_ENTRY_ACL_TYPE_NFS4) == 0);
134	assert((archive_entry_acl_types(ae) &
135	    ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0);
136
137	assert(4 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
138	archive_test_compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]),
139	    ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0142);
140	failure("Basic ACLs should set mode to 0142, not %04o",
141	    archive_entry_mode(ae)&0777);
142	assert((archive_entry_mode(ae) & 0777) == 0142);
143
144
145	/* A more extensive set of ACLs. */
146	archive_test_set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
147	assertEqualInt(6, archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
148	archive_test_compare_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]),
149	    ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0543);
150	failure("Basic ACLs should set mode to 0543, not %04o",
151	    archive_entry_mode(ae)&0777);
152	assert((archive_entry_mode(ae) & 0777) == 0543);
153
154	/*
155	 * Check that clearing ACLs gets rid of them all by repeating
156	 * the first test.
157	 */
158	archive_test_set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
159	failure("Basic ACLs shouldn't be stored as extended ACLs");
160	assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
161	failure("Basic ACLs should set mode to 0142, not %04o",
162	    archive_entry_mode(ae)&0777);
163	assert((archive_entry_mode(ae) & 0777) == 0142);
164
165	/*
166	 * Different types of malformed ACL entries that should
167	 * fail when added to existing POSIX.1e ACLs.
168	 */
169	archive_test_set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
170	for (i = 0; i < (int)(sizeof(acls_nfs4)/sizeof(acls_nfs4[0])); ++i) {
171		struct archive_test_acl_t *p = &acls_nfs4[i];
172		failure("Malformed ACL test #%d", i);
173		assertEqualInt(ARCHIVE_FAILED,
174		    archive_entry_acl_add_entry(ae,
175			p->type, p->permset, p->tag, p->qual, p->name));
176		assertEqualInt(6,
177		    archive_entry_acl_reset(ae,
178			ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
179	}
180	archive_entry_free(ae);
181}
182