1/*- 2 * Copyright (c) 2003-2010 Tim Kientzle 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25#include "test.h" 26 27/* 28 * Exercise the system-independent portion of the ACL support. 29 * Check that archive_entry objects can save and restore NFS4 ACL data. 30 * 31 * This should work on all systems, regardless of whether local 32 * filesystems support ACLs or not. 33 */ 34 35static struct archive_test_acl_t acls1[] = { 36 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 37 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, 38 { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_READ_DATA, 39 ARCHIVE_ENTRY_ACL_USER, 77, "user77" }, 40 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, 41 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, 42 { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_WRITE_DATA, 43 ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 44}; 45 46static struct archive_test_acl_t acls2[] = { 47 /* An entry for each type. */ 48 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 0, 49 ARCHIVE_ENTRY_ACL_USER, 108, "user108" }, 50 { ARCHIVE_ENTRY_ACL_TYPE_DENY, 0, 51 ARCHIVE_ENTRY_ACL_USER, 109, "user109" }, 52 { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 0, 53 ARCHIVE_ENTRY_ACL_USER, 110, "user110" }, 54 { ARCHIVE_ENTRY_ACL_TYPE_ALARM, 0, 55 ARCHIVE_ENTRY_ACL_USER, 111, "user111" }, 56 57 /* An entry for each permission. */ 58 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 59 ARCHIVE_ENTRY_ACL_USER, 112, "user112" }, 60 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, 61 ARCHIVE_ENTRY_ACL_USER, 113, "user113" }, 62 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, 63 ARCHIVE_ENTRY_ACL_USER, 114, "user114" }, 64 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_DATA, 65 ARCHIVE_ENTRY_ACL_USER, 115, "user115" }, 66 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_FILE, 67 ARCHIVE_ENTRY_ACL_USER, 116, "user116" }, 68 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_APPEND_DATA, 69 ARCHIVE_ENTRY_ACL_USER, 117, "user117" }, 70 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, 71 ARCHIVE_ENTRY_ACL_USER, 118, "user118" }, 72 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, 73 ARCHIVE_ENTRY_ACL_USER, 119, "user119" }, 74 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, 75 ARCHIVE_ENTRY_ACL_USER, 120, "user120" }, 76 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE_CHILD, 77 ARCHIVE_ENTRY_ACL_USER, 121, "user121" }, 78 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, 79 ARCHIVE_ENTRY_ACL_USER, 122, "user122" }, 80 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, 81 ARCHIVE_ENTRY_ACL_USER, 123, "user123" }, 82 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE, 83 ARCHIVE_ENTRY_ACL_USER, 124, "user124" }, 84 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ACL, 85 ARCHIVE_ENTRY_ACL_USER, 125, "user125" }, 86 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ACL, 87 ARCHIVE_ENTRY_ACL_USER, 126, "user126" }, 88 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_OWNER, 89 ARCHIVE_ENTRY_ACL_USER, 127, "user127" }, 90 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_SYNCHRONIZE, 91 ARCHIVE_ENTRY_ACL_USER, 128, "user128" }, 92 93 /* One entry with each inheritance value. */ 94 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 95 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, 96 ARCHIVE_ENTRY_ACL_USER, 129, "user129" }, 97 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 98 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, 99 ARCHIVE_ENTRY_ACL_USER, 130, "user130" }, 100 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 101 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, 102 ARCHIVE_ENTRY_ACL_USER, 131, "user131" }, 103 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 104 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, 105 ARCHIVE_ENTRY_ACL_USER, 132, "user132" }, 106 { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 107 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS, 108 ARCHIVE_ENTRY_ACL_USER, 133, "user133" }, 109 { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 110 ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS, 111 ARCHIVE_ENTRY_ACL_USER, 134, "user134" }, 112 113 /* One entry for each qualifier. */ 114 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 115 ARCHIVE_ENTRY_ACL_USER, 135, "user135" }, 116 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 117 ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, 118 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 119 ARCHIVE_ENTRY_ACL_GROUP, 136, "group136" }, 120 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 121 ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, 122 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 123 ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 124}; 125 126/* 127 * Entries that should be rejected when we attempt to set them 128 * on an ACL that already has NFS4 entries. 129 */ 130static struct archive_test_acl_t acls_bad[] = { 131 /* POSIX.1e ACL types */ 132 { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE, 133 ARCHIVE_ENTRY_ACL_USER, 78, "" }, 134 { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE, 135 ARCHIVE_ENTRY_ACL_USER, 78, "" }, 136 137 /* POSIX.1e tags */ 138 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 139 ARCHIVE_ENTRY_ACL_OTHER, -1, "" }, 140 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, 141 ARCHIVE_ENTRY_ACL_MASK, -1, "" }, 142 143 /* POSIX.1e permissions */ 144 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ, 145 ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 146 { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE, 147 ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, 148}; 149 150DEFINE_TEST(test_acl_nfs4) 151{ 152 struct archive_entry *ae; 153 int i; 154 155 /* Create a simple archive_entry. */ 156 assert((ae = archive_entry_new()) != NULL); 157 archive_entry_set_pathname(ae, "file"); 158 archive_entry_set_mode(ae, S_IFREG | 0777); 159 160 /* Store and read back some basic ACL entries. */ 161 assertEntrySetAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); 162 163 /* Check that entry contains only NFSv4 types */ 164 assert((archive_entry_acl_types(ae) & 165 ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) == 0); 166 assert((archive_entry_acl_types(ae) & 167 ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0); 168 169 assertEqualInt(4, 170 archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 171 assertEntryCompareAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]), 172 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0); 173 174 /* A more extensive set of ACLs. */ 175 assertEntrySetAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); 176 assertEqualInt(32, 177 archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 178 assertEntryCompareAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]), 179 ARCHIVE_ENTRY_ACL_TYPE_NFS4, 0); 180 181 /* 182 * Check that clearing ACLs gets rid of them all by repeating 183 * the first test. 184 */ 185 assertEntrySetAcls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); 186 failure("Basic ACLs shouldn't be stored as extended ACLs"); 187 assertEqualInt(4, 188 archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 189 190 /* 191 * Different types of malformed ACL entries that should 192 * fail when added to existing NFS4 ACLs. 193 */ 194 assertEntrySetAcls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); 195 for (i = 0; i < (int)(sizeof(acls_bad)/sizeof(acls_bad[0])); ++i) { 196 struct archive_test_acl_t *p = &acls_bad[i]; 197 failure("Malformed ACL test #%d", i); 198 assertEqualInt(ARCHIVE_FAILED, 199 archive_entry_acl_add_entry(ae, 200 p->type, p->permset, p->tag, p->qual, p->name)); 201 failure("Malformed ACL test #%d", i); 202 assertEqualInt(32, 203 archive_entry_acl_reset(ae, 204 ARCHIVE_ENTRY_ACL_TYPE_NFS4)); 205 } 206 archive_entry_free(ae); 207} 208