1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2017 Martin Matuska
5 * All rights reserved.
6 */
7 #include "test.h"
8
9 #if ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL
10 static const acl_perm_t acl_perms[] = {
11 #if ARCHIVE_ACL_DARWIN
12 ACL_READ_DATA,
13 ACL_LIST_DIRECTORY,
14 ACL_WRITE_DATA,
15 ACL_ADD_FILE,
16 ACL_EXECUTE,
17 ACL_SEARCH,
18 ACL_DELETE,
19 ACL_APPEND_DATA,
20 ACL_ADD_SUBDIRECTORY,
21 ACL_DELETE_CHILD,
22 ACL_READ_ATTRIBUTES,
23 ACL_WRITE_ATTRIBUTES,
24 ACL_READ_EXTATTRIBUTES,
25 ACL_WRITE_EXTATTRIBUTES,
26 ACL_READ_SECURITY,
27 ACL_WRITE_SECURITY,
28 ACL_CHANGE_OWNER,
29 ACL_SYNCHRONIZE
30 #else /* !ARCHIVE_ACL_DARWIN */
31 ACL_EXECUTE,
32 ACL_WRITE,
33 ACL_READ,
34 #if ARCHIVE_ACL_FREEBSD_NFS4
35 ACL_READ_DATA,
36 ACL_LIST_DIRECTORY,
37 ACL_WRITE_DATA,
38 ACL_ADD_FILE,
39 ACL_APPEND_DATA,
40 ACL_ADD_SUBDIRECTORY,
41 ACL_READ_NAMED_ATTRS,
42 ACL_WRITE_NAMED_ATTRS,
43 ACL_DELETE_CHILD,
44 ACL_READ_ATTRIBUTES,
45 ACL_WRITE_ATTRIBUTES,
46 ACL_DELETE,
47 ACL_READ_ACL,
48 ACL_WRITE_ACL,
49 ACL_WRITE_OWNER,
50 ACL_SYNCHRONIZE
51 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */
52 #endif /* !ARCHIVE_ACL_DARWIN */
53 };
54 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4
55 static const acl_flag_t acl_flags[] = {
56 #if ARCHIVE_ACL_DARWIN
57 ACL_ENTRY_INHERITED,
58 ACL_ENTRY_FILE_INHERIT,
59 ACL_ENTRY_DIRECTORY_INHERIT,
60 ACL_ENTRY_LIMIT_INHERIT,
61 ACL_ENTRY_ONLY_INHERIT
62 #else /* ARCHIVE_ACL_FREEBSD_NFS4 */
63 ACL_ENTRY_FILE_INHERIT,
64 ACL_ENTRY_DIRECTORY_INHERIT,
65 ACL_ENTRY_NO_PROPAGATE_INHERIT,
66 ACL_ENTRY_INHERIT_ONLY,
67 ACL_ENTRY_SUCCESSFUL_ACCESS,
68 ACL_ENTRY_FAILED_ACCESS,
69 #ifdef ACL_ENTRY_INHERITED
70 ACL_ENTRY_INHERITED
71 #endif
72 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */
73 };
74 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4 */
75
76 /*
77 * Compare two ACL entries on FreeBSD or on Mac OS X
78 */
79 static int
compare_acl_entry(acl_entry_t ae_a,acl_entry_t ae_b,int is_nfs4)80 compare_acl_entry(acl_entry_t ae_a, acl_entry_t ae_b, int is_nfs4)
81 {
82 acl_tag_t tag_a, tag_b;
83 acl_permset_t permset_a, permset_b;
84 int perm_a, perm_b, perm_start, perm_end;
85 void *qual_a, *qual_b;
86 #if ARCHIVE_ACL_FREEBSD_NFS4
87 acl_entry_type_t type_a, type_b;
88 #endif
89 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
90 acl_flagset_t flagset_a, flagset_b;
91 int flag_a, flag_b;
92 #endif
93 int i, r;
94
95
96 /* Compare ACL tag */
97 r = acl_get_tag_type(ae_a, &tag_a);
98 failure("acl_get_tag_type() error: %s", strerror(errno));
99 if (assertEqualInt(r, 0) == 0)
100 return (-1);
101 r = acl_get_tag_type(ae_b, &tag_b);
102 failure("acl_get_tag_type() error: %s", strerror(errno));
103 if (assertEqualInt(r, 0) == 0)
104 return (-1);
105 if (tag_a != tag_b)
106 return (0);
107
108 /* Compare ACL qualifier */
109 #if ARCHIVE_ACL_DARWIN
110 if (tag_a == ACL_EXTENDED_ALLOW || tag_b == ACL_EXTENDED_DENY)
111 #else
112 if (tag_a == ACL_USER || tag_a == ACL_GROUP)
113 #endif
114 {
115 qual_a = acl_get_qualifier(ae_a);
116 failure("acl_get_qualifier() error: %s", strerror(errno));
117 if (assert(qual_a != NULL) == 0)
118 return (-1);
119 qual_b = acl_get_qualifier(ae_b);
120 failure("acl_get_qualifier() error: %s", strerror(errno));
121 if (assert(qual_b != NULL) == 0) {
122 acl_free(qual_a);
123 return (-1);
124 }
125 #if ARCHIVE_ACL_DARWIN
126 if (memcmp(((guid_t *)qual_a)->g_guid,
127 ((guid_t *)qual_b)->g_guid, KAUTH_GUID_SIZE) != 0)
128 #else
129 if ((tag_a == ACL_USER &&
130 (*(uid_t *)qual_a != *(uid_t *)qual_b)) ||
131 (tag_a == ACL_GROUP &&
132 (*(gid_t *)qual_a != *(gid_t *)qual_b)))
133 #endif
134 {
135 acl_free(qual_a);
136 acl_free(qual_b);
137 return (0);
138 }
139 acl_free(qual_a);
140 acl_free(qual_b);
141 }
142
143 #if ARCHIVE_ACL_FREEBSD_NFS4
144 if (is_nfs4) {
145 /* Compare NFS4 ACL type */
146 r = acl_get_entry_type_np(ae_a, &type_a);
147 failure("acl_get_entry_type_np() error: %s", strerror(errno));
148 if (assertEqualInt(r, 0) == 0)
149 return (-1);
150 r = acl_get_entry_type_np(ae_b, &type_b);
151 failure("acl_get_entry_type_np() error: %s", strerror(errno));
152 if (assertEqualInt(r, 0) == 0)
153 return (-1);
154 if (type_a != type_b)
155 return (0);
156 }
157 #endif
158
159 /* Compare ACL perms */
160 r = acl_get_permset(ae_a, &permset_a);
161 failure("acl_get_permset() error: %s", strerror(errno));
162 if (assertEqualInt(r, 0) == 0)
163 return (-1);
164 r = acl_get_permset(ae_b, &permset_b);
165 failure("acl_get_permset() error: %s", strerror(errno));
166 if (assertEqualInt(r, 0) == 0)
167 return (-1);
168
169 perm_start = 0;
170 perm_end = (int)(sizeof(acl_perms) / sizeof(acl_perms[0]));
171 #if ARCHIVE_ACL_FREEBSD_NFS4
172 if (is_nfs4)
173 perm_start = 3;
174 else
175 perm_end = 3;
176 #endif
177 /* Cycle through all perms and compare their value */
178 for (i = perm_start; i < perm_end; i++) {
179 #if ARCHIVE_ACL_LIBACL
180 perm_a = acl_get_perm(permset_a, acl_perms[i]);
181 perm_b = acl_get_perm(permset_b, acl_perms[i]);
182 #else
183 perm_a = acl_get_perm_np(permset_a, acl_perms[i]);
184 perm_b = acl_get_perm_np(permset_b, acl_perms[i]);
185 #endif
186 if (perm_a == -1 || perm_b == -1)
187 return (-1);
188 if (perm_a != perm_b)
189 return (0);
190 }
191
192 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN
193 if (is_nfs4) {
194 r = acl_get_flagset_np(ae_a, &flagset_a);
195 failure("acl_get_flagset_np() error: %s", strerror(errno));
196 if (assertEqualInt(r, 0) == 0)
197 return (-1);
198 r = acl_get_flagset_np(ae_b, &flagset_b);
199 failure("acl_get_flagset_np() error: %s", strerror(errno));
200 if (assertEqualInt(r, 0) == 0)
201 return (-1);
202 /* Cycle through all flags and compare their status */
203 for (i = 0; i < (int)(sizeof(acl_flags) / sizeof(acl_flags[0]));
204 i++) {
205 flag_a = acl_get_flag_np(flagset_a, acl_flags[i]);
206 flag_b = acl_get_flag_np(flagset_b, acl_flags[i]);
207 if (flag_a == -1 || flag_b == -1)
208 return (-1);
209 if (flag_a != flag_b)
210 return (0);
211 }
212 }
213 #else /* ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN */
214 (void)is_nfs4; /* UNUSED */
215 #endif
216 return (1);
217 }
218 #endif /* ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL */
219
220 #if ARCHIVE_ACL_SUPPORT
221 /*
222 * Clear default ACLs or inheritance flags
223 */
224 static void
clear_inheritance_flags(const char * path,int type)225 clear_inheritance_flags(const char *path, int type)
226 {
227 switch (type) {
228 case ARCHIVE_TEST_ACL_TYPE_POSIX1E:
229 #if ARCHIVE_ACL_POSIX1E
230 #if !ARCHIVE_ACL_SUNOS
231 acl_delete_def_file(path);
232 #else
233 /* Solaris */
234 setTestAcl(path);
235 #endif
236 #endif /* ARCHIVE_ACL_POSIX1E */
237 break;
238 case ARCHIVE_TEST_ACL_TYPE_NFS4:
239 #if ARCHIVE_ACL_NFS4
240 setTestAcl(path);
241 #endif
242 break;
243 default:
244 (void)path; /* UNUSED */
245 break;
246 }
247 }
248
249 static int
compare_acls(const char * path_a,const char * path_b)250 compare_acls(const char *path_a, const char *path_b)
251 {
252 int ret = 1;
253 int is_nfs4 = 0;
254 #if ARCHIVE_ACL_SUNOS
255 void *acl_a, *acl_b;
256 int aclcnt_a, aclcnt_b;
257 aclent_t *aclent_a, *aclent_b;
258 ace_t *ace_a, *ace_b;
259 int e;
260 #elif ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
261 acl_t acl_a, acl_b;
262 acl_entry_t aclent_a, aclent_b;
263 int a, b, r;
264 #endif
265 #if ARCHIVE_ACL_LIBRICHACL
266 struct richacl *richacl_a, *richacl_b;
267
268 richacl_a = NULL;
269 richacl_b = NULL;
270 #endif
271
272 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL || \
273 ARCHIVE_ACL_SUNOS
274 acl_a = NULL;
275 acl_b = NULL;
276 #endif
277 #if ARCHIVE_ACL_SUNOS
278 acl_a = sunacl_get(GETACL, &aclcnt_a, 0, path_a);
279 if (acl_a == NULL) {
280 #if ARCHIVE_ACL_SUNOS_NFS4
281 is_nfs4 = 1;
282 acl_a = sunacl_get(ACE_GETACL, &aclcnt_a, 0, path_a);
283 #endif
284 failure("acl_get() error: %s", strerror(errno));
285 if (assert(acl_a != NULL) == 0)
286 return (-1);
287 #if ARCHIVE_ACL_SUNOS_NFS4
288 acl_b = sunacl_get(ACE_GETACL, &aclcnt_b, 0, path_b);
289 #endif
290 } else
291 acl_b = sunacl_get(GETACL, &aclcnt_b, 0, path_b);
292 if (acl_b == NULL && (errno == ENOSYS || errno == ENOTSUP)) {
293 free(acl_a);
294 return (0);
295 }
296 failure("acl_get() error: %s", strerror(errno));
297 if (assert(acl_b != NULL) == 0) {
298 free(acl_a);
299 return (-1);
300 }
301
302 if (aclcnt_a != aclcnt_b) {
303 ret = 0;
304 goto exit_free;
305 }
306
307 for (e = 0; e < aclcnt_a; e++) {
308 if (!is_nfs4) {
309 aclent_a = &((aclent_t *)acl_a)[e];
310 aclent_b = &((aclent_t *)acl_b)[e];
311 if (aclent_a->a_type != aclent_b->a_type ||
312 aclent_a->a_id != aclent_b->a_id ||
313 aclent_a->a_perm != aclent_b->a_perm) {
314 ret = 0;
315 goto exit_free;
316 }
317 }
318 #if ARCHIVE_ACL_SUNOS_NFS4
319 else {
320 ace_a = &((ace_t *)acl_a)[e];
321 ace_b = &((ace_t *)acl_b)[e];
322 if (ace_a->a_who != ace_b->a_who ||
323 ace_a->a_access_mask != ace_b->a_access_mask ||
324 ace_a->a_flags != ace_b->a_flags ||
325 ace_a->a_type != ace_b->a_type) {
326 ret = 0;
327 goto exit_free;
328 }
329 }
330 #endif
331 }
332 #else /* !ARCHIVE_ACL_SUNOS */
333 #if ARCHIVE_ACL_LIBRICHACL
334 richacl_a = richacl_get_file(path_a);
335 #if !ARCHIVE_ACL_LIBACL
336 if (richacl_a == NULL &&
337 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS))
338 return (0);
339 failure("richacl_get_file() error: %s (%s)", path_a, strerror(errno));
340 if (assert(richacl_a != NULL) == 0)
341 return (-1);
342 #endif
343 if (richacl_a != NULL) {
344 richacl_b = richacl_get_file(path_b);
345 if (richacl_b == NULL &&
346 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS)) {
347 richacl_free(richacl_a);
348 return (0);
349 }
350 failure("richacl_get_file() error: %s (%s)", path_b,
351 strerror(errno));
352 if (assert(richacl_b != NULL) == 0) {
353 richacl_free(richacl_a);
354 return (-1);
355 }
356 if (richacl_compare(richacl_a, richacl_b) == 0)
357 ret = 0;
358 richacl_free(richacl_a);
359 richacl_free(richacl_b);
360 return (ret);
361 }
362 #endif /* ARCHIVE_ACL_LIBRICHACL */
363 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL
364 #if ARCHIVE_ACL_DARWIN
365 is_nfs4 = 1;
366 acl_a = acl_get_file(path_a, ACL_TYPE_EXTENDED);
367 #elif ARCHIVE_ACL_FREEBSD_NFS4
368 acl_a = acl_get_file(path_a, ACL_TYPE_NFS4);
369 if (acl_a != NULL)
370 is_nfs4 = 1;
371 #endif
372 if (acl_a == NULL)
373 acl_a = acl_get_file(path_a, ACL_TYPE_ACCESS);
374 failure("acl_get_file() error: %s (%s)", path_a, strerror(errno));
375 if (assert(acl_a != NULL) == 0)
376 return (-1);
377 #if ARCHIVE_ACL_DARWIN
378 acl_b = acl_get_file(path_b, ACL_TYPE_EXTENDED);
379 #elif ARCHIVE_ACL_FREEBSD_NFS4
380 acl_b = acl_get_file(path_b, ACL_TYPE_NFS4);
381 #endif
382 #if !ARCHIVE_ACL_DARWIN
383 if (acl_b == NULL) {
384 #if ARCHIVE_ACL_FREEBSD_NFS4
385 if (is_nfs4) {
386 acl_free(acl_a);
387 return (0);
388 }
389 #endif
390 acl_b = acl_get_file(path_b, ACL_TYPE_ACCESS);
391 }
392 failure("acl_get_file() error: %s (%s)", path_b, strerror(errno));
393 if (assert(acl_b != NULL) == 0) {
394 acl_free(acl_a);
395 return (-1);
396 }
397 #endif
398 a = acl_get_entry(acl_a, ACL_FIRST_ENTRY, &aclent_a);
399 if (a == -1) {
400 ret = 0;
401 goto exit_free;
402 }
403 b = acl_get_entry(acl_b, ACL_FIRST_ENTRY, &aclent_b);
404 if (b == -1) {
405 ret = 0;
406 goto exit_free;
407 }
408 #if ARCHIVE_ACL_DARWIN
409 while (a == 0 && b == 0)
410 #else /* FreeBSD, Linux */
411 while (a == 1 && b == 1)
412 #endif
413 {
414 r = compare_acl_entry(aclent_a, aclent_b, is_nfs4);
415 if (r != 1) {
416 ret = r;
417 goto exit_free;
418 }
419 a = acl_get_entry(acl_a, ACL_NEXT_ENTRY, &aclent_a);
420 b = acl_get_entry(acl_b, ACL_NEXT_ENTRY, &aclent_b);
421 }
422 /* Entry count must match */
423 if (a != b)
424 ret = 0;
425 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL */
426 #endif /* !ARCHIVE_ACL_SUNOS */
427 exit_free:
428 #if ARCHIVE_ACL_SUNOS
429 free(acl_a);
430 free(acl_b);
431 #else
432 acl_free(acl_a);
433 acl_free(acl_b);
434 #endif
435 return (ret);
436 }
437 #endif /* ARCHIVE_ACL_SUPPORT */
438
DEFINE_TEST(test_option_acls)439 DEFINE_TEST(test_option_acls)
440 {
441 #if !ARCHIVE_ACL_SUPPORT
442 skipping("ACLs are not supported on this platform");
443 #else /* ARCHIVE_ACL_SUPPORT */
444 int acltype, r;
445
446 assertMakeFile("f", 0644, "a");
447 acltype = setTestAcl("f");
448 if (acltype == 0) {
449 skipping("Can't write ACLs on the filesystem");
450 return;
451 }
452
453 /* Archive it with acls */
454 r = systemf("%s -c --no-mac-metadata --acls -f acls.tar f >acls.out 2>acls.err", testprog);
455 assertEqualInt(r, 0);
456
457 /* Archive it without acls */
458 r = systemf("%s -c --no-mac-metadata --no-acls -f noacls.tar f >noacls.out 2>noacls.err", testprog);
459 assertEqualInt(r, 0);
460
461 /* Extract acls with acls */
462 assertMakeDir("acls_acls", 0755);
463 clear_inheritance_flags("acls_acls", acltype);
464 r = systemf("%s -x -C acls_acls --no-same-permissions --acls -f acls.tar >acls_acls.out 2>acls_acls.err", testprog);
465 assertEqualInt(r, 0);
466 r = compare_acls("f", "acls_acls/f");
467 assertEqualInt(r, 1);
468
469 /* Extract acls without acls */
470 assertMakeDir("acls_noacls", 0755);
471 clear_inheritance_flags("acls_noacls", acltype);
472 r = systemf("%s -x -C acls_noacls -p --no-acls -f acls.tar >acls_noacls.out 2>acls_noacls.err", testprog);
473 assertEqualInt(r, 0);
474 r = compare_acls("f", "acls_noacls/f");
475 assertEqualInt(r, 0);
476
477 /* Extract noacls with acls flag */
478 assertMakeDir("noacls_acls", 0755);
479 clear_inheritance_flags("noacls_acls", acltype);
480 r = systemf("%s -x -C noacls_acls --no-same-permissions --acls -f noacls.tar >noacls_acls.out 2>noacls_acls.err", testprog);
481 assertEqualInt(r, 0);
482 r = compare_acls("f", "noacls_acls/f");
483 assertEqualInt(r, 0);
484
485 /* Extract noacls with noacls */
486 assertMakeDir("noacls_noacls", 0755);
487 clear_inheritance_flags("noacls_noacls", acltype);
488 r = systemf("%s -x -C noacls_noacls -p --no-acls -f noacls.tar >noacls_noacls.out 2>noacls_noacls.err", testprog);
489 assertEqualInt(r, 0);
490 r = compare_acls("f", "noacls_noacls/f");
491 assertEqualInt(r, 0);
492 #endif /* ARCHIVE_ACL_SUPPORT */
493 }
494