summaryrefslogtreecommitdiffstats
path: root/lib/libarchive/test/test_write_disk_perms.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libarchive/test/test_write_disk_perms.c')
-rw-r--r--lib/libarchive/test/test_write_disk_perms.c457
1 files changed, 0 insertions, 457 deletions
diff --git a/lib/libarchive/test/test_write_disk_perms.c b/lib/libarchive/test/test_write_disk_perms.c
deleted file mode 100644
index f53ce19..0000000
--- a/lib/libarchive/test/test_write_disk_perms.c
+++ /dev/null
@@ -1,457 +0,0 @@
-/*-
- * Copyright (c) 2003-2007 Tim Kientzle
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "test.h"
-__FBSDID("$FreeBSD$");
-
-#if ARCHIVE_VERSION_NUMBER >= 1009000 && (!defined(_WIN32) || defined(__CYGWIN__))
-
-#define UMASK 022
-
-static long _default_gid = -1;
-static long _invalid_gid = -1;
-static long _alt_gid = -1;
-
-/*
- * To fully test SGID restores, we need three distinct GIDs to work
- * with:
- * * the GID that files are created with by default (for the
- * current user in the current directory)
- * * An "alt gid" that this user can create files with
- * * An "invalid gid" that this user is not permitted to create
- * files with.
- * The second fails if this user doesn't belong to at least two groups;
- * the third fails if the current user is root.
- */
-static void
-searchgid(void)
-{
- static int _searched = 0;
- uid_t uid = getuid();
- gid_t gid = 0;
- unsigned int n;
- struct stat st;
- int fd;
-
- /* If we've already looked this up, we're done. */
- if (_searched)
- return;
- _searched = 1;
-
- /* Create a file on disk in the current default dir. */
- fd = open("test_gid", O_CREAT | O_BINARY, 0664);
- failure("Couldn't create a file for gid testing.");
- assert(fd > 0);
-
- /* See what GID it ended up with. This is our "valid" GID. */
- assert(fstat(fd, &st) == 0);
- _default_gid = st.st_gid;
-
- /* Find a GID for which fchown() fails. This is our "invalid" GID. */
- _invalid_gid = -1;
- /* This loop stops when we wrap the gid or examine 10,000 gids. */
- for (gid = 1, n = 1; gid == n && n < 10000 ; n++, gid++) {
- if (fchown(fd, uid, gid) != 0) {
- _invalid_gid = gid;
- break;
- }
- }
-
- /*
- * Find a GID for which fchown() succeeds, but which isn't the
- * default. This is the "alternate" gid.
- */
- _alt_gid = -1;
- for (gid = 0, n = 0; gid == n && n < 10000 ; n++, gid++) {
- /* _alt_gid must be different than _default_gid */
- if (gid == (gid_t)_default_gid)
- continue;
- if (fchown(fd, uid, gid) == 0) {
- _alt_gid = gid;
- break;
- }
- }
- close(fd);
-}
-
-static int
-altgid(void)
-{
- searchgid();
- return (_alt_gid);
-}
-
-static int
-invalidgid(void)
-{
- searchgid();
- return (_invalid_gid);
-}
-
-static int
-defaultgid(void)
-{
- searchgid();
- return (_default_gid);
-}
-#endif
-
-/*
- * Exercise permission and ownership restores.
- * In particular, try to exercise a bunch of border cases related
- * to files/dirs that already exist, SUID/SGID bits, etc.
- */
-
-DEFINE_TEST(test_write_disk_perms)
-{
-#if ARCHIVE_VERSION_NUMBER < 1009000 || (defined(_WIN32) && !defined(__CYGWIN__))
- skipping("archive_write_disk interface");
-#else
- struct archive *a;
- struct archive_entry *ae;
- struct stat st;
-
- assertUmask(UMASK);
-
- /*
- * Set ownership of the current directory to the group of this
- * process. Otherwise, the SGID tests below fail if the
- * /tmp directory is owned by a group to which we don't belong
- * and we're on a system where group ownership is inherited.
- * (Because we're not allowed to SGID files with defaultgid().)
- */
- assertEqualInt(0, chown(".", getuid(), getgid()));
-
- /* Create an archive_write_disk object. */
- assert((a = archive_write_disk_new()) != NULL);
-
- /* Write a regular file to it. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "file_0755");
- archive_entry_set_mode(ae, S_IFREG | 0777);
- assert(0 == archive_write_header(a, ae));
- assert(0 == archive_write_finish_entry(a));
- archive_entry_free(ae);
-
- /* Write a regular file, then write over it. */
- /* For files, the perms should get updated. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "file_overwrite_0144");
- archive_entry_set_mode(ae, S_IFREG | 0777);
- assert(0 == archive_write_header(a, ae));
- archive_entry_free(ae);
- assert(0 == archive_write_finish_entry(a));
- /* Check that file was created with different perms. */
- assert(0 == stat("file_overwrite_0144", &st));
- failure("file_overwrite_0144: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) != 0144);
- /* Overwrite, this should change the perms. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "file_overwrite_0144");
- archive_entry_set_mode(ae, S_IFREG | 0144);
- assert(0 == archive_write_header(a, ae));
- archive_entry_free(ae);
- assert(0 == archive_write_finish_entry(a));
-
- /* Write a regular dir. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "dir_0514");
- archive_entry_set_mode(ae, S_IFDIR | 0514);
- assert(0 == archive_write_header(a, ae));
- archive_entry_free(ae);
- assert(0 == archive_write_finish_entry(a));
-
- /* Overwrite an existing dir. */
- /* For dir, the first perms should get left. */
- assertMakeDir("dir_overwrite_0744", 0744);
- /* Check original perms. */
- assert(0 == stat("dir_overwrite_0744", &st));
- failure("dir_overwrite_0744: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 0777) == 0744);
- /* Overwrite shouldn't edit perms. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "dir_overwrite_0744");
- archive_entry_set_mode(ae, S_IFDIR | 0777);
- assert(0 == archive_write_header(a, ae));
- archive_entry_free(ae);
- assert(0 == archive_write_finish_entry(a));
- /* Make sure they're unchanged. */
- assert(0 == stat("dir_overwrite_0744", &st));
- failure("dir_overwrite_0744: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 0777) == 0744);
-
- /* Write a regular file with SUID bit, but don't use _EXTRACT_PERM. */
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, "file_no_suid");
- archive_entry_set_mode(ae, S_IFREG | S_ISUID | 0777);
- archive_write_disk_set_options(a, 0);
- assert(0 == archive_write_header(a, ae));
- assert(0 == archive_write_finish_entry(a));
-
- /* Write a regular file with ARCHIVE_EXTRACT_PERM. */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_0777");
- archive_entry_set_mode(ae, S_IFREG | 0777);
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assert(0 == archive_write_header(a, ae));
- assert(0 == archive_write_finish_entry(a));
-
- /* Write a regular file with ARCHIVE_EXTRACT_PERM & SUID bit */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_4742");
- archive_entry_set_mode(ae, S_IFREG | S_ISUID | 0742);
- archive_entry_set_uid(ae, getuid());
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assert(0 == archive_write_header(a, ae));
- assert(0 == archive_write_finish_entry(a));
-
- /*
- * Write a regular file with ARCHIVE_EXTRACT_PERM & SUID bit,
- * but wrong uid. POSIX says you shouldn't restore SUID bit
- * unless the UID could be restored.
- */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_bad_suid");
- archive_entry_set_mode(ae, S_IFREG | S_ISUID | 0742);
- archive_entry_set_uid(ae, getuid() + 1);
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assertA(0 == archive_write_header(a, ae));
- /*
- * Because we didn't ask for owner, the failure to
- * restore SUID shouldn't return a failure.
- * We check below to make sure SUID really wasn't set.
- * See more detailed comments below.
- */
- failure("Opportunistic SUID failure shouldn't return error.");
- assertEqualInt(0, archive_write_finish_entry(a));
-
- if (getuid() != 0) {
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_bad_suid2");
- archive_entry_set_mode(ae, S_IFREG | S_ISUID | 0742);
- archive_entry_set_uid(ae, getuid() + 1);
- archive_write_disk_set_options(a,
- ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_OWNER);
- assertA(0 == archive_write_header(a, ae));
- /* Owner change should fail here. */
- failure("Non-opportunistic SUID failure should return error.");
- assertEqualInt(ARCHIVE_WARN, archive_write_finish_entry(a));
- }
-
- /* Write a regular file with ARCHIVE_EXTRACT_PERM & SGID bit */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_perm_sgid");
- archive_entry_set_mode(ae, S_IFREG | S_ISGID | 0742);
- archive_entry_set_gid(ae, defaultgid());
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assert(0 == archive_write_header(a, ae));
- failure("Setting SGID bit should succeed here.");
- assertEqualIntA(a, 0, archive_write_finish_entry(a));
-
- if (altgid() == -1) {
- /*
- * Current user must belong to at least two groups or
- * else we can't test setting the GID to another group.
- */
- skipping("Current user can't test gid restore: must belong to more than one group.");
- } else {
- /*
- * Write a regular file with ARCHIVE_EXTRACT_PERM & SGID bit
- * but without ARCHIVE_EXTRACT_OWNER.
- */
- /*
- * This is a weird case: The user has asked for permissions to
- * be restored but not asked for ownership to be restored. As
- * a result, the default file creation will create a file with
- * the wrong group. There are several possible behaviors for
- * libarchive in this scenario:
- * = Set the SGID bit. It is wrong and a security hole to
- * set SGID with the wrong group. Even POSIX thinks so.
- * = Implicitly set the group. I don't like this.
- * = drop the SGID bit and warn (the old libarchive behavior)
- * = drop the SGID bit and don't warn (the current libarchive
- * behavior).
- * The current behavior sees SGID/SUID restore when you
- * don't ask for owner restore as an "opportunistic"
- * action. That is, libarchive should do it if it can,
- * but if it can't, it's not an error.
- */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_alt_sgid");
- archive_entry_set_mode(ae, S_IFREG | S_ISGID | 0742);
- archive_entry_set_uid(ae, getuid());
- archive_entry_set_gid(ae, altgid());
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assert(0 == archive_write_header(a, ae));
- failure("Setting SGID bit should fail because of group mismatch but the failure should be silent because we didn't ask for the group to be set.");
- assertEqualIntA(a, 0, archive_write_finish_entry(a));
-
- /*
- * As above, but add _EXTRACT_OWNER to verify that it
- * does succeed.
- */
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_alt_sgid_owner");
- archive_entry_set_mode(ae, S_IFREG | S_ISGID | 0742);
- archive_entry_set_uid(ae, getuid());
- archive_entry_set_gid(ae, altgid());
- archive_write_disk_set_options(a,
- ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_OWNER);
- assert(0 == archive_write_header(a, ae));
- failure("Setting SGID bit should succeed here.");
- assertEqualIntA(a, ARCHIVE_OK, archive_write_finish_entry(a));
- }
-
- /*
- * Write a regular file with ARCHIVE_EXTRACT_PERM & SGID bit,
- * but wrong GID. POSIX says you shouldn't restore SGID bit
- * unless the GID could be restored.
- */
- if (invalidgid() == -1) {
- /* This test always fails for root. */
- printf("Running as root: Can't test SGID failures.\n");
- } else {
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_bad_sgid");
- archive_entry_set_mode(ae, S_IFREG | S_ISGID | 0742);
- archive_entry_set_gid(ae, invalidgid());
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_PERM);
- assertA(0 == archive_write_header(a, ae));
- failure("This SGID restore should fail without an error.");
- assertEqualIntA(a, 0, archive_write_finish_entry(a));
-
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_bad_sgid2");
- archive_entry_set_mode(ae, S_IFREG | S_ISGID | 0742);
- archive_entry_set_gid(ae, invalidgid());
- archive_write_disk_set_options(a,
- ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_OWNER);
- assertA(0 == archive_write_header(a, ae));
- failure("This SGID restore should fail with an error.");
- assertEqualIntA(a, ARCHIVE_WARN, archive_write_finish_entry(a));
- }
-
- /* Set ownership should fail if we're not root. */
- if (getuid() == 0) {
- printf("Running as root: Can't test setuid failures.\n");
- } else {
- assert(archive_entry_clear(ae) != NULL);
- archive_entry_copy_pathname(ae, "file_bad_owner");
- archive_entry_set_mode(ae, S_IFREG | 0744);
- archive_entry_set_uid(ae, getuid() + 1);
- archive_write_disk_set_options(a, ARCHIVE_EXTRACT_OWNER);
- assertA(0 == archive_write_header(a, ae));
- assertEqualIntA(a,ARCHIVE_WARN,archive_write_finish_entry(a));
- }
-
-#if ARCHIVE_VERSION_NUMBER < 2000000
- archive_write_finish(a);
-#else
- assert(0 == archive_write_finish(a));
-#endif
- archive_entry_free(ae);
-
- /* Test the entries on disk. */
- assert(0 == stat("file_0755", &st));
- failure("file_0755: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == 0755);
-
- assert(0 == stat("file_overwrite_0144", &st));
- failure("file_overwrite_0144: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == 0144);
-
- assert(0 == stat("dir_0514", &st));
- failure("dir_0514: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == 0514);
-
- assert(0 == stat("dir_overwrite_0744", &st));
- failure("dir_overwrite_0744: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 0777) == 0744);
-
- assert(0 == stat("file_no_suid", &st));
- failure("file_0755: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == 0755);
-
- assert(0 == stat("file_0777", &st));
- failure("file_0777: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == 0777);
-
- /* SUID bit should get set here. */
- assert(0 == stat("file_4742", &st));
- failure("file_4742: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (S_ISUID | 0742));
-
- /* SUID bit should NOT have been set here. */
- assert(0 == stat("file_bad_suid", &st));
- failure("file_bad_suid: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0742));
-
- /* Some things don't fail if you're root, so suppress this. */
- if (getuid() != 0) {
- /* SUID bit should NOT have been set here. */
- assert(0 == stat("file_bad_suid2", &st));
- failure("file_bad_suid2: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0742));
- }
-
- /* SGID should be set here. */
- assert(0 == stat("file_perm_sgid", &st));
- failure("file_perm_sgid: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (S_ISGID | 0742));
-
- if (altgid() != -1) {
- /* SGID should not be set here. */
- assert(0 == stat("file_alt_sgid", &st));
- failure("file_alt_sgid: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0742));
-
- /* SGID should be set here. */
- assert(0 == stat("file_alt_sgid_owner", &st));
- failure("file_alt_sgid: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (S_ISGID | 0742));
- }
-
- if (invalidgid() != -1) {
- /* SGID should NOT be set here. */
- assert(0 == stat("file_bad_sgid", &st));
- failure("file_bad_sgid: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0742));
- /* SGID should NOT be set here. */
- assert(0 == stat("file_bad_sgid2", &st));
- failure("file_bad_sgid2: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0742));
- }
-
- if (getuid() != 0) {
- assert(0 == stat("file_bad_owner", &st));
- failure("file_bad_owner: st.st_mode=%o", st.st_mode);
- assert((st.st_mode & 07777) == (0744));
- failure("file_bad_owner: st.st_uid=%d getuid()=%d",
- st.st_uid, getuid());
- /* The entry had getuid()+1, but because we're
- * not root, we should not have been able to set that. */
- assert(st.st_uid == getuid());
- }
-#endif
-}
OpenPOWER on IntegriCloud