diff options
Diffstat (limited to 'contrib/libarchive/libarchive/test/test_acl_nfs4.c')
-rw-r--r-- | contrib/libarchive/libarchive/test/test_acl_nfs4.c | 291 |
1 files changed, 291 insertions, 0 deletions
diff --git a/contrib/libarchive/libarchive/test/test_acl_nfs4.c b/contrib/libarchive/libarchive/test/test_acl_nfs4.c new file mode 100644 index 0000000..ebf9a46 --- /dev/null +++ b/contrib/libarchive/libarchive/test/test_acl_nfs4.c @@ -0,0 +1,291 @@ +/*- + * Copyright (c) 2003-2010 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +/* + * Exercise the system-independent portion of the ACL support. + * Check that archive_entry objects can save and restore NFS4 ACL data. + * + * This should work on all systems, regardless of whether local + * filesystems support ACLs or not. + */ + +struct acl_t { + int type; /* Type of entry: "allow" or "deny" */ + int permset; /* Permissions for this class of users. */ + int tag; /* Owner, User, Owning group, group, everyone, etc. */ + int qual; /* GID or UID of user/group, depending on tag. */ + const char *name; /* Name of user/group, depending on tag. */ +}; + +static struct acl_t acls1[] = { + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_READ_DATA, + ARCHIVE_ENTRY_ACL_USER, 77, "user77" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, + ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_DENY, ARCHIVE_ENTRY_ACL_WRITE_DATA, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, +}; + +static struct acl_t acls2[] = { + /* An entry for each type. */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, 0, + ARCHIVE_ENTRY_ACL_USER, 108, "user108" }, + { ARCHIVE_ENTRY_ACL_TYPE_DENY, 0, + ARCHIVE_ENTRY_ACL_USER, 109, "user109" }, + { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, 0, + ARCHIVE_ENTRY_ACL_USER, 110, "user110" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALARM, 0, + ARCHIVE_ENTRY_ACL_USER, 111, "user111" }, + + /* An entry for each permission. */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER, 112, "user112" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_DATA, + ARCHIVE_ENTRY_ACL_USER, 113, "user113" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, + ARCHIVE_ENTRY_ACL_USER, 114, "user114" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_DATA, + ARCHIVE_ENTRY_ACL_USER, 115, "user115" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_FILE, + ARCHIVE_ENTRY_ACL_USER, 116, "user116" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_APPEND_DATA, + ARCHIVE_ENTRY_ACL_USER, 117, "user117" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, + ARCHIVE_ENTRY_ACL_USER, 118, "user118" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, + ARCHIVE_ENTRY_ACL_USER, 119, "user119" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, + ARCHIVE_ENTRY_ACL_USER, 120, "user120" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE_CHILD, + ARCHIVE_ENTRY_ACL_USER, 121, "user121" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, + ARCHIVE_ENTRY_ACL_USER, 122, "user122" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, + ARCHIVE_ENTRY_ACL_USER, 123, "user123" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_DELETE, + ARCHIVE_ENTRY_ACL_USER, 124, "user124" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ_ACL, + ARCHIVE_ENTRY_ACL_USER, 125, "user125" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_ACL, + ARCHIVE_ENTRY_ACL_USER, 126, "user126" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE_OWNER, + ARCHIVE_ENTRY_ACL_USER, 127, "user127" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_SYNCHRONIZE, + ARCHIVE_ENTRY_ACL_USER, 128, "user128" }, + + /* One entry with each inheritance value. */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, + ARCHIVE_ENTRY_ACL_USER, 129, "user129" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, + ARCHIVE_ENTRY_ACL_USER, 130, "user130" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, + ARCHIVE_ENTRY_ACL_USER, 131, "user131" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, + ARCHIVE_ENTRY_ACL_USER, 132, "user132" }, + { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_SUCCESSFUL_ACCESS, + ARCHIVE_ENTRY_ACL_USER, 133, "user133" }, + { ARCHIVE_ENTRY_ACL_TYPE_AUDIT, + ARCHIVE_ENTRY_ACL_READ_DATA | ARCHIVE_ENTRY_ACL_ENTRY_FAILED_ACCESS, + ARCHIVE_ENTRY_ACL_USER, 134, "user134" }, + + /* One entry for each qualifier. */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER, 135, "user135" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_GROUP, 136, "group136" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, +}; + +/* + * Entries that should be rejected when we attempt to set them + * on an ACL that already has NFS4 entries. + */ +static struct acl_t acls_bad[] = { + /* POSIX.1e ACL types */ + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER, 78, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_USER, 78, "" }, + + /* POSIX.1e tags */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_OTHER, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_MASK, -1, "" }, + + /* POSIX.1e permissions */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_READ, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, +}; + +static void +set_acls(struct archive_entry *ae, struct acl_t *acls, int n) +{ + int i; + + archive_entry_acl_clear(ae); + for (i = 0; i < n; i++) { + failure("type=%d, permset=%d, tag=%d, qual=%d name=%s", + acls[i].type, acls[i].permset, acls[i].tag, + acls[i].qual, acls[i].name); + assertEqualInt(ARCHIVE_OK, + archive_entry_acl_add_entry(ae, + acls[i].type, acls[i].permset, acls[i].tag, + acls[i].qual, acls[i].name)); + } +} + +static int +acl_match(struct acl_t *acl, int type, int permset, int tag, int qual, const char *name) +{ + if (type != acl->type) + return (0); + if (permset != acl->permset) + return (0); + if (tag != acl->tag) + return (0); + if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ) + return (1); + if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ) + return (1); + if (tag == ARCHIVE_ENTRY_ACL_EVERYONE) + return (1); + if (qual != acl->qual) + return (0); + if (name == NULL) { + if (acl->name == NULL || acl->name[0] == '\0') + return (1); + } + if (acl->name == NULL) { + if (name[0] == '\0') + return (1); + } + return (0 == strcmp(name, acl->name)); +} + +static void +compare_acls(struct archive_entry *ae, struct acl_t *acls, int n) +{ + int *marker = malloc(sizeof(marker[0]) * n); + int i; + int r; + int type, permset, tag, qual; + int matched; + const char *name; + + for (i = 0; i < n; i++) + marker[i] = i; + + while (0 == (r = archive_entry_acl_next(ae, + ARCHIVE_ENTRY_ACL_TYPE_NFS4, + &type, &permset, &tag, &qual, &name))) { + for (i = 0, matched = 0; i < n && !matched; i++) { + if (acl_match(&acls[marker[i]], type, permset, + tag, qual, name)) { + /* We found a match; remove it. */ + marker[i] = marker[n - 1]; + n--; + matched = 1; + } + } + failure("Could not find match for ACL " + "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')", + type, permset, tag, qual, name); + assertEqualInt(1, matched); + } + assertEqualInt(ARCHIVE_EOF, r); + failure("Could not find match for ACL " + "(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')", + acls[marker[0]].type, acls[marker[0]].permset, + acls[marker[0]].tag, acls[marker[0]].qual, acls[marker[0]].name); + assertEqualInt(0, n); /* Number of ACLs not matched should == 0 */ + free(marker); +} + +DEFINE_TEST(test_acl_nfs4) +{ + struct archive_entry *ae; + int i; + + /* Create a simple archive_entry. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_set_pathname(ae, "file"); + archive_entry_set_mode(ae, S_IFREG | 0777); + + /* Store and read back some basic ACL entries. */ + set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); + assertEqualInt(4, + archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); + compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); + + /* A more extensive set of ACLs. */ + set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); + assertEqualInt(32, + archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); + compare_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); + + /* + * Check that clearing ACLs gets rid of them all by repeating + * the first test. + */ + set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0])); + failure("Basic ACLs shouldn't be stored as extended ACLs"); + assertEqualInt(4, + archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_NFS4)); + + /* + * Different types of malformed ACL entries that should + * fail when added to existing NFS4 ACLs. + */ + set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0])); + for (i = 0; i < (int)(sizeof(acls_bad)/sizeof(acls_bad[0])); ++i) { + struct acl_t *p = &acls_bad[i]; + failure("Malformed ACL test #%d", i); + assertEqualInt(ARCHIVE_FAILED, + archive_entry_acl_add_entry(ae, + p->type, p->permset, p->tag, p->qual, p->name)); + failure("Malformed ACL test #%d", i); + assertEqualInt(32, + archive_entry_acl_reset(ae, + ARCHIVE_ENTRY_ACL_TYPE_NFS4)); + } + archive_entry_free(ae); +} |