diff options
Diffstat (limited to 'libarchive/test/test_acl_freebsd_posix1e.c')
-rw-r--r-- | libarchive/test/test_acl_freebsd_posix1e.c | 265 |
1 files changed, 265 insertions, 0 deletions
diff --git a/libarchive/test/test_acl_freebsd_posix1e.c b/libarchive/test/test_acl_freebsd_posix1e.c new file mode 100644 index 0000000..36f9499 --- /dev/null +++ b/libarchive/test/test_acl_freebsd_posix1e.c @@ -0,0 +1,265 @@ +/*- + * Copyright (c) 2003-2008 Tim Kientzle + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD: head/lib/libarchive/test/test_acl_freebsd.c 189427 2009-03-06 04:21:23Z kientzle $"); + +#if defined(__FreeBSD__) && __FreeBSD__ > 4 +#include <sys/acl.h> + +struct myacl_t { + int type; /* Type of ACL: "access" or "default" */ + int permset; /* Permissions for this class of users. */ + int tag; /* Owner, User, Owning group, group, other, etc. */ + int qual; /* GID or UID of user/group, depending on tag. */ + const char *name; /* Name of user/group, depending on tag. */ +}; + +static struct myacl_t acls2[] = { + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ, + ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ, + ARCHIVE_ENTRY_ACL_USER, 77, "user77" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0, + ARCHIVE_ENTRY_ACL_USER, 78, "user78" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ, + ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007, + ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, + ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_OTHER, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, + ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_MASK, -1, "" }, + { 0, 0, 0, 0, NULL } +}; + +static void +set_acls(struct archive_entry *ae, struct myacl_t *acls) +{ + int i; + + archive_entry_acl_clear(ae); + for (i = 0; acls[i].name != NULL; i++) { + archive_entry_acl_add_entry(ae, + acls[i].type, acls[i].permset, acls[i].tag, acls[i].qual, + acls[i].name); + } +} + +static int +acl_match(acl_entry_t aclent, struct myacl_t *myacl) +{ + gid_t g, *gp; + uid_t u, *up; + acl_tag_t tag_type; + acl_permset_t opaque_ps; + int permset = 0; + + acl_get_tag_type(aclent, &tag_type); + + /* translate the silly opaque permset to a bitmap */ + acl_get_permset(aclent, &opaque_ps); + if (acl_get_perm_np(opaque_ps, ACL_EXECUTE)) + permset |= ARCHIVE_ENTRY_ACL_EXECUTE; + if (acl_get_perm_np(opaque_ps, ACL_WRITE)) + permset |= ARCHIVE_ENTRY_ACL_WRITE; + if (acl_get_perm_np(opaque_ps, ACL_READ)) + permset |= ARCHIVE_ENTRY_ACL_READ; + + if (permset != myacl->permset) + return (0); + + switch (tag_type) { + case ACL_USER_OBJ: + if (myacl->tag != ARCHIVE_ENTRY_ACL_USER_OBJ) return (0); + break; + case ACL_USER: + if (myacl->tag != ARCHIVE_ENTRY_ACL_USER) + return (0); + up = acl_get_qualifier(aclent); + u = *up; + acl_free(up); + if ((uid_t)myacl->qual != u) + return (0); + break; + case ACL_GROUP_OBJ: + if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP_OBJ) return (0); + break; + case ACL_GROUP: + if (myacl->tag != ARCHIVE_ENTRY_ACL_GROUP) + return (0); + gp = acl_get_qualifier(aclent); + g = *gp; + acl_free(gp); + if ((gid_t)myacl->qual != g) + return (0); + break; + case ACL_MASK: + if (myacl->tag != ARCHIVE_ENTRY_ACL_MASK) return (0); + break; + case ACL_OTHER: + if (myacl->tag != ARCHIVE_ENTRY_ACL_OTHER) return (0); + break; + } + return (1); +} + +static void +compare_acls(acl_t acl, struct myacl_t *myacls) +{ + int *marker; + int entry_id = ACL_FIRST_ENTRY; + int matched; + int i, n; + acl_entry_t acl_entry; + + /* Count ACL entries in myacls array and allocate an indirect array. */ + for (n = 0; myacls[n].name != NULL; ++n) + continue; + if (n) { + marker = malloc(sizeof(marker[0]) * n); + if (marker == NULL) + return; + for (i = 0; i < n; i++) + marker[i] = i; + } else + marker = NULL; + + /* + * Iterate over acls in system acl object, try to match each + * one with an item in the myacls array. + */ + while (1 == acl_get_entry(acl, entry_id, &acl_entry)) { + /* After the first time... */ + entry_id = ACL_NEXT_ENTRY; + + /* Search for a matching entry (tag and qualifier) */ + for (i = 0, matched = 0; i < n && !matched; i++) { + if (acl_match(acl_entry, &myacls[marker[i]])) { + /* We found a match; remove it. */ + marker[i] = marker[n - 1]; + n--; + matched = 1; + } + } + + /* TODO: Print out more details in this case. */ + failure("ACL entry on file that shouldn't be there"); + assert(matched == 1); + } + + /* Dump entries in the myacls array that weren't in the system acl. */ + for (i = 0; i < n; ++i) { + failure(" ACL entry missing from file: " + "type=%d,permset=%d,tag=%d,qual=%d,name=``%s''\n", + myacls[marker[i]].type, myacls[marker[i]].permset, + myacls[marker[i]].tag, myacls[marker[i]].qual, + myacls[marker[i]].name); + assert(0); /* Record this as a failure. */ + } + free(marker); +} + +#endif + + +/* + * Verify ACL restore-to-disk. This test is FreeBSD-specific. + */ + +DEFINE_TEST(test_acl_freebsd_posix1e) +{ +#if !defined(__FreeBSD__) + skipping("FreeBSD-specific ACL restore test"); +#elif __FreeBSD__ < 5 + skipping("ACL restore supported only on FreeBSD 5.0 and later"); +#else + struct stat st; + struct archive *a; + struct archive_entry *ae; + int n, fd; + acl_t acl; + + /* + * First, do a quick manual set/read of ACL data to + * verify that the local filesystem does support ACLs. + * If it doesn't, we'll simply skip the remaining tests. + */ + acl = acl_from_text("u::rwx,u:1:rw,g::rwx,g:15:rx,o::rwx,m::rwx"); + assert((void *)acl != NULL); + /* Create a test file and try to set an ACL on it. */ + fd = open("pretest", O_WRONLY | O_CREAT | O_EXCL, 0777); + failure("Could not create test file?!"); + if (!assert(fd >= 0)) { + acl_free(acl); + return; + } + + n = acl_set_fd(fd, acl); + acl_free(acl); + if (n != 0 && errno == EOPNOTSUPP) { + close(fd); + skipping("ACL tests require that ACL support be enabled on the filesystem"); + return; + } + if (n != 0 && errno == EINVAL) { + close(fd); + skipping("This filesystem does not support POSIX.1e ACLs"); + return; + } + failure("acl_set_fd(): errno = %d (%s)", + errno, strerror(errno)); + assertEqualInt(0, n); + close(fd); + + /* Create a write-to-disk object. */ + assert(NULL != (a = archive_write_disk_new())); + archive_write_disk_set_options(a, + ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_PERM | ARCHIVE_EXTRACT_ACL); + + /* Populate an archive entry with some metadata, including ACL info */ + ae = archive_entry_new(); + assert(ae != NULL); + archive_entry_set_pathname(ae, "test0"); + archive_entry_set_mtime(ae, 123456, 7890); + archive_entry_set_size(ae, 0); + set_acls(ae, acls2); + assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); + archive_entry_free(ae); + + /* Close the archive. */ + assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a)); + assertEqualInt(ARCHIVE_OK, archive_write_free(a)); + + /* Verify the data on disk. */ + assertEqualInt(0, stat("test0", &st)); + assertEqualInt(st.st_mtime, 123456); + acl = acl_get_file("test0", ACL_TYPE_ACCESS); + assert(acl != (acl_t)NULL); + compare_acls(acl, acls2); + acl_free(acl); +#endif +} |