You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
230 lines
8.8 KiB
230 lines
8.8 KiB
15 years ago
|
/*-
|
||
|
* Copyright (c) 2003-2007 Tim Kientzle
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* Redistribution and use in source and binary forms, with or without
|
||
|
* modification, are permitted provided that the following conditions
|
||
|
* are met:
|
||
|
* 1. Redistributions of source code must retain the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer.
|
||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer in the
|
||
|
* documentation and/or other materials provided with the distribution.
|
||
|
*
|
||
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
|
||
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||
|
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||
|
*/
|
||
|
#include "test.h"
|
||
|
__FBSDID("$FreeBSD: src/lib/libarchive/test/test_acl_basic.c,v 1.6 2008/10/19 00:13:57 kientzle Exp $");
|
||
|
|
||
|
/*
|
||
|
* Exercise the system-independent portion of the ACL support.
|
||
|
* Check that archive_entry objects can save and restore ACL data.
|
||
|
*
|
||
|
* This should work on all systems, regardless of whether local
|
||
|
* filesystems support ACLs or not.
|
||
|
*/
|
||
|
|
||
|
struct acl_t {
|
||
|
int type; /* Type of ACL: "access" or "default" */
|
||
|
int permset; /* Permissions for this class of users. */
|
||
|
int tag; /* Owner, User, Owning group, group, other, etc. */
|
||
|
int qual; /* GID or UID of user/group, depending on tag. */
|
||
|
const char *name; /* Name of user/group, depending on tag. */
|
||
|
};
|
||
|
|
||
|
static struct acl_t acls0[] = {
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
|
||
|
ARCHIVE_ENTRY_ACL_USER_OBJ, 0, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_GROUP_OBJ, 0, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
|
||
|
ARCHIVE_ENTRY_ACL_OTHER, 0, "" },
|
||
|
};
|
||
|
|
||
|
static struct acl_t acls1[] = {
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE,
|
||
|
ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE,
|
||
|
ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
|
||
|
};
|
||
|
|
||
|
static struct acl_t acls2[] = {
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_EXECUTE | ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_USER, 77, "user77" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0,
|
||
|
ARCHIVE_ENTRY_ACL_USER, 78, "user78" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ,
|
||
|
ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, 0007,
|
||
|
ARCHIVE_ENTRY_ACL_GROUP, 78, "group78" },
|
||
|
{ ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_WRITE | ARCHIVE_ENTRY_ACL_EXECUTE,
|
||
|
ARCHIVE_ENTRY_ACL_OTHER, -1, "" },
|
||
|
};
|
||
|
|
||
|
static void
|
||
|
set_acls(struct archive_entry *ae, struct acl_t *acls, int n)
|
||
|
{
|
||
|
int i;
|
||
|
|
||
|
archive_entry_acl_clear(ae);
|
||
|
for (i = 0; i < n; i++) {
|
||
|
archive_entry_acl_add_entry(ae,
|
||
|
acls[i].type, acls[i].permset, acls[i].tag, acls[i].qual,
|
||
|
acls[i].name);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
static int
|
||
|
acl_match(struct acl_t *acl, int type, int permset, int tag, int qual, const char *name)
|
||
|
{
|
||
|
if (type != acl->type)
|
||
|
return (0);
|
||
|
if (permset != acl->permset)
|
||
|
return (0);
|
||
|
if (tag != acl->tag)
|
||
|
return (0);
|
||
|
if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ)
|
||
|
return (1);
|
||
|
if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ)
|
||
|
return (1);
|
||
|
if (tag == ARCHIVE_ENTRY_ACL_OTHER)
|
||
|
return (1);
|
||
|
if (qual != acl->qual)
|
||
|
return (0);
|
||
|
if (name == NULL) {
|
||
|
if (acl->name == NULL || acl->name[0] == '\0')
|
||
|
return (1);
|
||
|
}
|
||
|
if (acl->name == NULL) {
|
||
|
if (name[0] == '\0')
|
||
|
return (1);
|
||
|
}
|
||
|
return (0 == strcmp(name, acl->name));
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
compare_acls(struct archive_entry *ae, struct acl_t *acls, int n, int mode)
|
||
|
{
|
||
|
int *marker = malloc(sizeof(marker[0]) * n);
|
||
|
int i;
|
||
|
int r;
|
||
|
int type, permset, tag, qual;
|
||
|
int matched;
|
||
|
const char *name;
|
||
|
|
||
|
for (i = 0; i < n; i++)
|
||
|
marker[i] = i;
|
||
|
|
||
|
while (0 == (r = archive_entry_acl_next(ae,
|
||
|
ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
|
||
|
&type, &permset, &tag, &qual, &name))) {
|
||
|
for (i = 0, matched = 0; i < n && !matched; i++) {
|
||
|
if (acl_match(&acls[marker[i]], type, permset,
|
||
|
tag, qual, name)) {
|
||
|
/* We found a match; remove it. */
|
||
|
marker[i] = marker[n - 1];
|
||
|
n--;
|
||
|
matched = 1;
|
||
|
}
|
||
|
}
|
||
|
if (tag == ARCHIVE_ENTRY_ACL_USER_OBJ) {
|
||
|
if (!matched) printf("No match for user_obj perm\n");
|
||
|
failure("USER_OBJ permset (%02o) != user mode (%02o)",
|
||
|
permset, 07 & (mode >> 6));
|
||
|
assert((permset << 6) == (mode & 0700));
|
||
|
} else if (tag == ARCHIVE_ENTRY_ACL_GROUP_OBJ) {
|
||
|
if (!matched) printf("No match for group_obj perm\n");
|
||
|
failure("GROUP_OBJ permset %02o != group mode %02o",
|
||
|
permset, 07 & (mode >> 3));
|
||
|
assert((permset << 3) == (mode & 0070));
|
||
|
} else if (tag == ARCHIVE_ENTRY_ACL_OTHER) {
|
||
|
if (!matched) printf("No match for other perm\n");
|
||
|
failure("OTHER permset (%02o) != other mode (%02o)",
|
||
|
permset, mode & 07);
|
||
|
assert((permset << 0) == (mode & 0007));
|
||
|
} else {
|
||
|
failure("Could not find match for ACL "
|
||
|
"(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
|
||
|
type, permset, tag, qual, name);
|
||
|
assert(matched == 1);
|
||
|
}
|
||
|
}
|
||
|
#if ARCHIVE_VERSION_NUMBER < 1009000
|
||
|
/* Known broken before 1.9.0. */
|
||
|
skipping("archive_entry_acl_next() exits with ARCHIVE_EOF");
|
||
|
#else
|
||
|
assertEqualInt(ARCHIVE_EOF, r);
|
||
|
#endif
|
||
|
assert((mode & 0777) == (archive_entry_mode(ae) & 0777));
|
||
|
failure("Could not find match for ACL "
|
||
|
"(type=%d,permset=%d,tag=%d,qual=%d,name=``%s'')",
|
||
|
acls[marker[0]].type, acls[marker[0]].permset,
|
||
|
acls[marker[0]].tag, acls[marker[0]].qual, acls[marker[0]].name);
|
||
|
assert(n == 0); /* Number of ACLs not matched should == 0 */
|
||
|
free(marker);
|
||
|
}
|
||
|
|
||
|
DEFINE_TEST(test_acl_basic)
|
||
|
{
|
||
|
struct archive_entry *ae;
|
||
|
|
||
|
/* Create a simple archive_entry. */
|
||
|
assert((ae = archive_entry_new()) != NULL);
|
||
|
archive_entry_set_pathname(ae, "file");
|
||
|
archive_entry_set_mode(ae, S_IFREG | 0777);
|
||
|
|
||
|
/* Basic owner/owning group should just update mode bits. */
|
||
|
set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
|
||
|
failure("Basic ACLs shouldn't be stored as extended ACLs");
|
||
|
assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
|
||
|
failure("Basic ACLs should set mode to 0142, not %04o",
|
||
|
archive_entry_mode(ae)&0777);
|
||
|
assert((archive_entry_mode(ae) & 0777) == 0142);
|
||
|
|
||
|
|
||
|
/* With any extended ACL entry, we should read back a full set. */
|
||
|
set_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]));
|
||
|
failure("One extended ACL should flag all ACLs to be returned.");
|
||
|
assert(4 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
|
||
|
compare_acls(ae, acls1, sizeof(acls1)/sizeof(acls1[0]), 0142);
|
||
|
failure("Basic ACLs should set mode to 0142, not %04o",
|
||
|
archive_entry_mode(ae)&0777);
|
||
|
assert((archive_entry_mode(ae) & 0777) == 0142);
|
||
|
|
||
|
|
||
|
/* A more extensive set of ACLs. */
|
||
|
set_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]));
|
||
|
assertEqualInt(6, archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
|
||
|
compare_acls(ae, acls2, sizeof(acls2)/sizeof(acls2[0]), 0543);
|
||
|
failure("Basic ACLs should set mode to 0543, not %04o",
|
||
|
archive_entry_mode(ae)&0777);
|
||
|
assert((archive_entry_mode(ae) & 0777) == 0543);
|
||
|
|
||
|
/*
|
||
|
* Check that clearing ACLs gets rid of them all by repeating
|
||
|
* the first test.
|
||
|
*/
|
||
|
set_acls(ae, acls0, sizeof(acls0)/sizeof(acls0[0]));
|
||
|
failure("Basic ACLs shouldn't be stored as extended ACLs");
|
||
|
assert(0 == archive_entry_acl_reset(ae, ARCHIVE_ENTRY_ACL_TYPE_ACCESS));
|
||
|
failure("Basic ACLs should set mode to 0142, not %04o",
|
||
|
archive_entry_mode(ae)&0777);
|
||
|
assert((archive_entry_mode(ae) & 0777) == 0142);
|
||
|
archive_entry_free(ae);
|
||
|
}
|