test_option_acls.c revision 353376 
1/*-
2 * Copyright (c) 2017 Martin Matuska
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25#include "test.h"
26__FBSDID("$FreeBSD: stable/11/contrib/libarchive/tar/test/test_option_acls.c 353376 2019-10-09 22:19:06Z mm $");
27
28#if ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL
29static const acl_perm_t acl_perms[] = {
30#if ARCHIVE_ACL_DARWIN
31    ACL_READ_DATA,
32    ACL_LIST_DIRECTORY,
33    ACL_WRITE_DATA,
34    ACL_ADD_FILE,
35    ACL_EXECUTE,
36    ACL_SEARCH,
37    ACL_DELETE,
38    ACL_APPEND_DATA,
39    ACL_ADD_SUBDIRECTORY,
40    ACL_DELETE_CHILD,
41    ACL_READ_ATTRIBUTES,
42    ACL_WRITE_ATTRIBUTES,
43    ACL_READ_EXTATTRIBUTES,
44    ACL_WRITE_EXTATTRIBUTES,
45    ACL_READ_SECURITY,
46    ACL_WRITE_SECURITY,
47    ACL_CHANGE_OWNER,
48    ACL_SYNCHRONIZE
49#else /* !ARCHIVE_ACL_DARWIN */
50    ACL_EXECUTE,
51    ACL_WRITE,
52    ACL_READ,
53#if ARCHIVE_ACL_FREEBSD_NFS4
54    ACL_READ_DATA,
55    ACL_LIST_DIRECTORY,
56    ACL_WRITE_DATA,
57    ACL_ADD_FILE,
58    ACL_APPEND_DATA,
59    ACL_ADD_SUBDIRECTORY,
60    ACL_READ_NAMED_ATTRS,
61    ACL_WRITE_NAMED_ATTRS,
62    ACL_DELETE_CHILD,
63    ACL_READ_ATTRIBUTES,
64    ACL_WRITE_ATTRIBUTES,
65    ACL_DELETE,
66    ACL_READ_ACL,
67    ACL_WRITE_ACL,
68    ACL_WRITE_OWNER,
69    ACL_SYNCHRONIZE
70#endif	/* ARCHIVE_ACL_FREEBSD_NFS4 */
71#endif /* !ARCHIVE_ACL_DARWIN */
72};
73#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4
74static const acl_flag_t acl_flags[] = {
75#if ARCHIVE_ACL_DARWIN
76    ACL_ENTRY_INHERITED,
77    ACL_ENTRY_FILE_INHERIT,
78    ACL_ENTRY_DIRECTORY_INHERIT,
79    ACL_ENTRY_LIMIT_INHERIT,
80    ACL_ENTRY_ONLY_INHERIT
81#else	/* ARCHIVE_ACL_FREEBSD_NFS4 */
82    ACL_ENTRY_FILE_INHERIT,
83    ACL_ENTRY_DIRECTORY_INHERIT,
84    ACL_ENTRY_NO_PROPAGATE_INHERIT,
85    ACL_ENTRY_INHERIT_ONLY,
86    ACL_ENTRY_SUCCESSFUL_ACCESS,
87    ACL_ENTRY_FAILED_ACCESS,
88#ifdef ACL_ENTRY_INHERITED
89    ACL_ENTRY_INHERITED
90#endif
91#endif	/* ARCHIVE_ACL_FREEBSD_NFS4 */
92};
93#endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4 */
94
95/*
96 * Compare two ACL entries on FreeBSD or on Mac OS X
97 */
98static int
99compare_acl_entry(acl_entry_t ae_a, acl_entry_t ae_b, int is_nfs4)
100{
101	acl_tag_t tag_a, tag_b;
102	acl_permset_t permset_a, permset_b;
103	int perm_a, perm_b, perm_start, perm_end;
104	void *qual_a, *qual_b;
105#if ARCHIVE_ACL_FREEBSD_NFS4
106	acl_entry_type_t type_a, type_b;
107#endif
108#if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
109	acl_flagset_t flagset_a, flagset_b;
110	int flag_a, flag_b;
111#endif
112	int i, r;
113
114
115	/* Compare ACL tag */
116	r = acl_get_tag_type(ae_a, &tag_a);
117	failure("acl_get_tag_type() error: %s", strerror(errno));
118	if (assertEqualInt(r, 0) == 0)
119		return (-1);
120	r = acl_get_tag_type(ae_b, &tag_b);
121	failure("acl_get_tag_type() error: %s", strerror(errno));
122	if (assertEqualInt(r, 0) == 0)
123		return (-1);
124	if (tag_a != tag_b)
125		return (0);
126
127	/* Compare ACL qualifier */
128#if ARCHIVE_ACL_DARWIN
129	if (tag_a == ACL_EXTENDED_ALLOW || tag_b == ACL_EXTENDED_DENY)
130#else
131	if (tag_a == ACL_USER || tag_a == ACL_GROUP)
132#endif
133	{
134		qual_a = acl_get_qualifier(ae_a);
135		failure("acl_get_qualifier() error: %s", strerror(errno));
136		if (assert(qual_a != NULL) == 0)
137			return (-1);
138		qual_b = acl_get_qualifier(ae_b);
139		failure("acl_get_qualifier() error: %s", strerror(errno));
140		if (assert(qual_b != NULL) == 0) {
141			acl_free(qual_a);
142			return (-1);
143		}
144#if ARCHIVE_ACL_DARWIN
145		if (memcmp(((guid_t *)qual_a)->g_guid,
146		    ((guid_t *)qual_b)->g_guid, KAUTH_GUID_SIZE) != 0)
147#else
148		if ((tag_a == ACL_USER &&
149		    (*(uid_t *)qual_a != *(uid_t *)qual_b)) ||
150		    (tag_a == ACL_GROUP &&
151		    (*(gid_t *)qual_a != *(gid_t *)qual_b)))
152#endif
153		{
154			acl_free(qual_a);
155			acl_free(qual_b);
156			return (0);
157		}
158		acl_free(qual_a);
159		acl_free(qual_b);
160	}
161
162#if ARCHIVE_ACL_FREEBSD_NFS4
163	if (is_nfs4) {
164		/* Compare NFS4 ACL type */
165		r = acl_get_entry_type_np(ae_a, &type_a);
166		failure("acl_get_entry_type_np() error: %s", strerror(errno));
167		if (assertEqualInt(r, 0) == 0)
168			return (-1);
169		r = acl_get_entry_type_np(ae_b, &type_b);
170		failure("acl_get_entry_type_np() error: %s", strerror(errno));
171		if (assertEqualInt(r, 0) == 0)
172			return (-1);
173		if (type_a != type_b)
174			return (0);
175	}
176#endif
177
178	/* Compare ACL perms */
179	r = acl_get_permset(ae_a, &permset_a);
180	failure("acl_get_permset() error: %s", strerror(errno));
181	if (assertEqualInt(r, 0) == 0)
182		return (-1);
183	r = acl_get_permset(ae_b, &permset_b);
184	failure("acl_get_permset() error: %s", strerror(errno));
185	if (assertEqualInt(r, 0) == 0)
186		return (-1);
187
188	perm_start = 0;
189	perm_end = (int)(sizeof(acl_perms) / sizeof(acl_perms[0]));
190#if ARCHIVE_ACL_FREEBSD_NFS4
191	if (is_nfs4)
192		perm_start = 3;
193	else
194		perm_end = 3;
195#endif
196	/* Cycle through all perms and compare their value */
197	for (i = perm_start; i < perm_end; i++) {
198#if ARCHIVE_ACL_LIBACL
199		perm_a = acl_get_perm(permset_a, acl_perms[i]);
200		perm_b = acl_get_perm(permset_b, acl_perms[i]);
201#else
202		perm_a = acl_get_perm_np(permset_a, acl_perms[i]);
203		perm_b = acl_get_perm_np(permset_b, acl_perms[i]);
204#endif
205		if (perm_a == -1 || perm_b == -1)
206			return (-1);
207		if (perm_a != perm_b)
208			return (0);
209	}
210
211#if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
212	if (is_nfs4) {
213		r = acl_get_flagset_np(ae_a, &flagset_a);
214		failure("acl_get_flagset_np() error: %s", strerror(errno));
215		if (assertEqualInt(r, 0) == 0)
216			return (-1);
217		r = acl_get_flagset_np(ae_b, &flagset_b);
218		failure("acl_get_flagset_np() error: %s", strerror(errno));
219		if (assertEqualInt(r, 0) == 0)
220			return (-1);
221		/* Cycle through all flags and compare their status */
222		for (i = 0; i < (int)(sizeof(acl_flags) / sizeof(acl_flags[0]));
223		    i++) {
224			flag_a = acl_get_flag_np(flagset_a, acl_flags[i]);
225			flag_b = acl_get_flag_np(flagset_b, acl_flags[i]);
226			if (flag_a == -1 || flag_b == -1)
227				return (-1);
228			if (flag_a != flag_b)
229				return (0);
230		}
231	}
232#else	/* ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN */
233	(void)is_nfs4;	/* UNUSED */
234#endif
235	return (1);
236}
237#endif	/* ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL */
238
239#if ARCHIVE_ACL_SUPPORT
240/*
241 * Clear default ACLs or inheritance flags
242 */
243static void
244clear_inheritance_flags(const char *path, int type)
245{
246	switch (type) {
247	case ARCHIVE_TEST_ACL_TYPE_POSIX1E:
248#if ARCHIVE_ACL_POSIX1E
249#if !ARCHIVE_ACL_SUNOS
250		acl_delete_def_file(path);
251#else
252		/* Solaris */
253		setTestAcl(path);
254#endif
255#endif	/* ARCHIVE_ACL_POSIX1E */
256		break;
257	case ARCHIVE_TEST_ACL_TYPE_NFS4:
258#if ARCHIVE_ACL_NFS4
259		setTestAcl(path);
260#endif
261		break;
262	default:
263		(void)path;	/* UNUSED */
264		break;
265	}
266}
267
268static int
269compare_acls(const char *path_a, const char *path_b)
270{
271	int ret = 1;
272	int is_nfs4 = 0;
273#if ARCHIVE_ACL_SUNOS
274	void *acl_a, *acl_b;
275	int aclcnt_a, aclcnt_b;
276        aclent_t *aclent_a, *aclent_b;
277        ace_t *ace_a, *ace_b;
278	int e;
279#elif ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
280	acl_t acl_a, acl_b;
281	acl_entry_t aclent_a, aclent_b;
282	int a, b, r;
283#endif
284#if ARCHIVE_ACL_LIBRICHACL
285	struct richacl *richacl_a, *richacl_b;
286
287	richacl_a = NULL;
288	richacl_b = NULL;
289#endif
290
291#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL || \
292    ARCHIVE_ACL_SUNOS
293	acl_a = NULL;
294	acl_b = NULL;
295#endif
296#if ARCHIVE_ACL_SUNOS
297	acl_a = sunacl_get(GETACL, &aclcnt_a, 0, path_a);
298	if (acl_a == NULL) {
299#if ARCHIVE_ACL_SUNOS_NFS4
300		is_nfs4 = 1;
301		acl_a = sunacl_get(ACE_GETACL, &aclcnt_a, 0, path_a);
302#endif
303		failure("acl_get() error: %s", strerror(errno));
304		if (assert(acl_a != NULL) == 0)
305			return (-1);
306#if ARCHIVE_ACL_SUNOS_NFS4
307		acl_b = sunacl_get(ACE_GETACL, &aclcnt_b, 0, path_b);
308#endif
309	} else
310		acl_b = sunacl_get(GETACL, &aclcnt_b, 0, path_b);
311	if (acl_b == NULL && (errno == ENOSYS || errno == ENOTSUP)) {
312		free(acl_a);
313		return (0);
314	}
315	failure("acl_get() error: %s", strerror(errno));
316	if (assert(acl_b != NULL) == 0) {
317		free(acl_a);
318		return (-1);
319	}
320
321	if (aclcnt_a != aclcnt_b) {
322		ret = 0;
323		goto exit_free;
324	}
325
326	for (e = 0; e < aclcnt_a; e++) {
327		if (!is_nfs4) {
328			aclent_a = &((aclent_t *)acl_a)[e];
329			aclent_b = &((aclent_t *)acl_b)[e];
330			if (aclent_a->a_type != aclent_b->a_type ||
331			    aclent_a->a_id != aclent_b->a_id ||
332			    aclent_a->a_perm != aclent_b->a_perm) {
333				ret = 0;
334				goto exit_free;
335			}
336		}
337#if ARCHIVE_ACL_SUNOS_NFS4
338		else {
339			ace_a = &((ace_t *)acl_a)[e];
340			ace_b = &((ace_t *)acl_b)[e];
341			if (ace_a->a_who != ace_b->a_who ||
342			    ace_a->a_access_mask != ace_b->a_access_mask ||
343			    ace_a->a_flags != ace_b->a_flags ||
344			    ace_a->a_type != ace_b->a_type) {
345				ret = 0;
346				goto exit_free;
347			}
348		}
349#endif
350	}
351#else	/* !ARCHIVE_ACL_SUNOS */
352#if ARCHIVE_ACL_LIBRICHACL
353	richacl_a = richacl_get_file(path_a);
354#if !ARCHIVE_ACL_LIBACL
355	if (richacl_a == NULL &&
356	    (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS))
357		return (0);
358	failure("richacl_get_file() error: %s (%s)", path_a, strerror(errno));
359	if (assert(richacl_a != NULL) == 0)
360		return (-1);
361#endif
362	if (richacl_a != NULL) {
363		richacl_b = richacl_get_file(path_b);
364		if (richacl_b == NULL &&
365		    (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS)) {
366			richacl_free(richacl_a);
367			return (0);
368		}
369		failure("richacl_get_file() error: %s (%s)", path_b,
370		    strerror(errno));
371		if (assert(richacl_b != NULL) == 0) {
372			richacl_free(richacl_a);
373			return (-1);
374		}
375		if (richacl_compare(richacl_a, richacl_b) == 0)
376			ret = 0;
377		richacl_free(richacl_a);
378		richacl_free(richacl_b);
379		return (ret);
380        }
381#endif /* ARCHIVE_ACL_LIBRICHACL */
382#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
383#if ARCHIVE_ACL_DARWIN
384	is_nfs4 = 1;
385	acl_a = acl_get_file(path_a, ACL_TYPE_EXTENDED);
386#elif ARCHIVE_ACL_FREEBSD_NFS4
387	acl_a = acl_get_file(path_a, ACL_TYPE_NFS4);
388	if (acl_a != NULL)
389		is_nfs4 = 1;
390#endif
391	if (acl_a == NULL)
392		acl_a = acl_get_file(path_a, ACL_TYPE_ACCESS);
393	failure("acl_get_file() error: %s (%s)", path_a, strerror(errno));
394	if (assert(acl_a != NULL) == 0)
395		return (-1);
396#if ARCHIVE_ACL_DARWIN
397	acl_b = acl_get_file(path_b, ACL_TYPE_EXTENDED);
398#elif ARCHIVE_ACL_FREEBSD_NFS4
399	acl_b = acl_get_file(path_b, ACL_TYPE_NFS4);
400#endif
401#if !ARCHIVE_ACL_DARWIN
402	if (acl_b == NULL) {
403#if ARCHIVE_ACL_FREEBSD_NFS4
404		if (is_nfs4) {
405			acl_free(acl_a);
406			return (0);
407		}
408#endif
409		acl_b = acl_get_file(path_b, ACL_TYPE_ACCESS);
410	}
411	failure("acl_get_file() error: %s (%s)", path_b, strerror(errno));
412	if (assert(acl_b != NULL) == 0) {
413		acl_free(acl_a);
414		return (-1);
415	}
416#endif
417	a = acl_get_entry(acl_a, ACL_FIRST_ENTRY, &aclent_a);
418	if (a == -1) {
419		ret = 0;
420		goto exit_free;
421	}
422	b = acl_get_entry(acl_b, ACL_FIRST_ENTRY, &aclent_b);
423	if (b == -1) {
424		ret = 0;
425		goto exit_free;
426	}
427#if ARCHIVE_ACL_DARWIN
428	while (a == 0 && b == 0)
429#else	/* FreeBSD, Linux */
430	while (a == 1 && b == 1)
431#endif
432	{
433		r = compare_acl_entry(aclent_a, aclent_b, is_nfs4);
434		if (r != 1) {
435			ret = r;
436			goto exit_free;
437		}
438		a = acl_get_entry(acl_a, ACL_NEXT_ENTRY, &aclent_a);
439		b = acl_get_entry(acl_b, ACL_NEXT_ENTRY, &aclent_b);
440	}
441	/* Entry count must match */
442	if (a != b)
443		ret = 0;
444#endif	/* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL */
445#endif	/* !ARCHIVE_ACL_SUNOS */
446exit_free:
447#if ARCHIVE_ACL_SUNOS
448	free(acl_a);
449	free(acl_b);
450#else
451	acl_free(acl_a);
452	acl_free(acl_b);
453#endif
454	return (ret);
455}
456#endif	/* ARCHIVE_ACL_SUPPORT */
457
458DEFINE_TEST(test_option_acls)
459{
460#if !ARCHIVE_ACL_SUPPORT
461        skipping("ACLs are not supported on this platform");
462#else   /* ARCHIVE_ACL_SUPPORT */
463	int acltype, r;
464
465	assertMakeFile("f", 0644, "a");
466	acltype = setTestAcl("f");
467	if (acltype == 0) {
468		skipping("Can't write ACLs on the filesystem");
469		return;
470	}
471
472	/* Archive it with acls */
473        r = systemf("%s -c --no-mac-metadata --acls -f acls.tar f >acls.out 2>acls.err", testprog);
474        assertEqualInt(r, 0);
475
476	/* Archive it without acls */
477	r = systemf("%s -c --no-mac-metadata --no-acls -f noacls.tar f >noacls.out 2>noacls.err", testprog);
478	assertEqualInt(r, 0);
479
480	/* Extract acls with acls */
481	assertMakeDir("acls_acls", 0755);
482	clear_inheritance_flags("acls_acls", acltype);
483	r = systemf("%s -x -C acls_acls --no-same-permissions --acls -f acls.tar >acls_acls.out 2>acls_acls.err", testprog);
484	assertEqualInt(r, 0);
485	r = compare_acls("f", "acls_acls/f");
486	assertEqualInt(r, 1);
487
488	/* Extract acls without acls */
489	assertMakeDir("acls_noacls", 0755);
490	clear_inheritance_flags("acls_noacls", acltype);
491	r = systemf("%s -x -C acls_noacls -p --no-acls -f acls.tar >acls_noacls.out 2>acls_noacls.err", testprog);
492	assertEqualInt(r, 0);
493	r = compare_acls("f", "acls_noacls/f");
494	assertEqualInt(r, 0);
495
496	/* Extract noacls with acls flag */
497	assertMakeDir("noacls_acls", 0755);
498	clear_inheritance_flags("noacls_acls", acltype);
499	r = systemf("%s -x -C noacls_acls --no-same-permissions --acls -f noacls.tar >noacls_acls.out 2>noacls_acls.err", testprog);
500	assertEqualInt(r, 0);
501	r = compare_acls("f", "noacls_acls/f");
502	assertEqualInt(r, 0);
503
504	/* Extract noacls with noacls */
505	assertMakeDir("noacls_noacls", 0755);
506	clear_inheritance_flags("noacls_noacls", acltype);
507	r = systemf("%s -x -C noacls_noacls -p --no-acls -f noacls.tar >noacls_noacls.out 2>noacls_noacls.err", testprog);
508	assertEqualInt(r, 0);
509	r = compare_acls("f", "noacls_noacls/f");
510	assertEqualInt(r, 0);
511#endif	/* ARCHIVE_ACL_SUPPORT */
512}
513