1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2017 Martin Matuska 5 * All rights reserved. 6 */ 7 #include "test.h" 8 9 #if ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL 10 static const acl_perm_t acl_perms[] = { 11 #if ARCHIVE_ACL_DARWIN 12 ACL_READ_DATA, 13 ACL_LIST_DIRECTORY, 14 ACL_WRITE_DATA, 15 ACL_ADD_FILE, 16 ACL_EXECUTE, 17 ACL_SEARCH, 18 ACL_DELETE, 19 ACL_APPEND_DATA, 20 ACL_ADD_SUBDIRECTORY, 21 ACL_DELETE_CHILD, 22 ACL_READ_ATTRIBUTES, 23 ACL_WRITE_ATTRIBUTES, 24 ACL_READ_EXTATTRIBUTES, 25 ACL_WRITE_EXTATTRIBUTES, 26 ACL_READ_SECURITY, 27 ACL_WRITE_SECURITY, 28 ACL_CHANGE_OWNER, 29 ACL_SYNCHRONIZE 30 #else /* !ARCHIVE_ACL_DARWIN */ 31 ACL_EXECUTE, 32 ACL_WRITE, 33 ACL_READ, 34 #if ARCHIVE_ACL_FREEBSD_NFS4 35 ACL_READ_DATA, 36 ACL_LIST_DIRECTORY, 37 ACL_WRITE_DATA, 38 ACL_ADD_FILE, 39 ACL_APPEND_DATA, 40 ACL_ADD_SUBDIRECTORY, 41 ACL_READ_NAMED_ATTRS, 42 ACL_WRITE_NAMED_ATTRS, 43 ACL_DELETE_CHILD, 44 ACL_READ_ATTRIBUTES, 45 ACL_WRITE_ATTRIBUTES, 46 ACL_DELETE, 47 ACL_READ_ACL, 48 ACL_WRITE_ACL, 49 ACL_WRITE_OWNER, 50 ACL_SYNCHRONIZE 51 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */ 52 #endif /* !ARCHIVE_ACL_DARWIN */ 53 }; 54 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4 55 static const acl_flag_t acl_flags[] = { 56 #if ARCHIVE_ACL_DARWIN 57 ACL_ENTRY_INHERITED, 58 ACL_ENTRY_FILE_INHERIT, 59 ACL_ENTRY_DIRECTORY_INHERIT, 60 ACL_ENTRY_LIMIT_INHERIT, 61 ACL_ENTRY_ONLY_INHERIT 62 #else /* ARCHIVE_ACL_FREEBSD_NFS4 */ 63 ACL_ENTRY_FILE_INHERIT, 64 ACL_ENTRY_DIRECTORY_INHERIT, 65 ACL_ENTRY_NO_PROPAGATE_INHERIT, 66 ACL_ENTRY_INHERIT_ONLY, 67 ACL_ENTRY_SUCCESSFUL_ACCESS, 68 ACL_ENTRY_FAILED_ACCESS, 69 #ifdef ACL_ENTRY_INHERITED 70 ACL_ENTRY_INHERITED 71 #endif 72 #endif /* ARCHIVE_ACL_FREEBSD_NFS4 */ 73 }; 74 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD_NFS4 */ 75 76 /* 77 * Compare two ACL entries on FreeBSD or on Mac OS X 78 */ 79 static int 80 compare_acl_entry(acl_entry_t ae_a, acl_entry_t ae_b, int is_nfs4) 81 { 82 acl_tag_t tag_a, tag_b; 83 acl_permset_t permset_a, permset_b; 84 int perm_a, perm_b, perm_start, perm_end; 85 void *qual_a, *qual_b; 86 #if ARCHIVE_ACL_FREEBSD_NFS4 87 acl_entry_type_t type_a, type_b; 88 #endif 89 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN 90 acl_flagset_t flagset_a, flagset_b; 91 int flag_a, flag_b; 92 #endif 93 int i, r; 94 95 96 /* Compare ACL tag */ 97 r = acl_get_tag_type(ae_a, &tag_a); 98 failure("acl_get_tag_type() error: %s", strerror(errno)); 99 if (assertEqualInt(r, 0) == 0) 100 return (-1); 101 r = acl_get_tag_type(ae_b, &tag_b); 102 failure("acl_get_tag_type() error: %s", strerror(errno)); 103 if (assertEqualInt(r, 0) == 0) 104 return (-1); 105 if (tag_a != tag_b) 106 return (0); 107 108 /* Compare ACL qualifier */ 109 #if ARCHIVE_ACL_DARWIN 110 if (tag_a == ACL_EXTENDED_ALLOW || tag_b == ACL_EXTENDED_DENY) 111 #else 112 if (tag_a == ACL_USER || tag_a == ACL_GROUP) 113 #endif 114 { 115 qual_a = acl_get_qualifier(ae_a); 116 failure("acl_get_qualifier() error: %s", strerror(errno)); 117 if (assert(qual_a != NULL) == 0) 118 return (-1); 119 qual_b = acl_get_qualifier(ae_b); 120 failure("acl_get_qualifier() error: %s", strerror(errno)); 121 if (assert(qual_b != NULL) == 0) { 122 acl_free(qual_a); 123 return (-1); 124 } 125 #if ARCHIVE_ACL_DARWIN 126 if (memcmp(((guid_t *)qual_a)->g_guid, 127 ((guid_t *)qual_b)->g_guid, KAUTH_GUID_SIZE) != 0) 128 #else 129 if ((tag_a == ACL_USER && 130 (*(uid_t *)qual_a != *(uid_t *)qual_b)) || 131 (tag_a == ACL_GROUP && 132 (*(gid_t *)qual_a != *(gid_t *)qual_b))) 133 #endif 134 { 135 acl_free(qual_a); 136 acl_free(qual_b); 137 return (0); 138 } 139 acl_free(qual_a); 140 acl_free(qual_b); 141 } 142 143 #if ARCHIVE_ACL_FREEBSD_NFS4 144 if (is_nfs4) { 145 /* Compare NFS4 ACL type */ 146 r = acl_get_entry_type_np(ae_a, &type_a); 147 failure("acl_get_entry_type_np() error: %s", strerror(errno)); 148 if (assertEqualInt(r, 0) == 0) 149 return (-1); 150 r = acl_get_entry_type_np(ae_b, &type_b); 151 failure("acl_get_entry_type_np() error: %s", strerror(errno)); 152 if (assertEqualInt(r, 0) == 0) 153 return (-1); 154 if (type_a != type_b) 155 return (0); 156 } 157 #endif 158 159 /* Compare ACL perms */ 160 r = acl_get_permset(ae_a, &permset_a); 161 failure("acl_get_permset() error: %s", strerror(errno)); 162 if (assertEqualInt(r, 0) == 0) 163 return (-1); 164 r = acl_get_permset(ae_b, &permset_b); 165 failure("acl_get_permset() error: %s", strerror(errno)); 166 if (assertEqualInt(r, 0) == 0) 167 return (-1); 168 169 perm_start = 0; 170 perm_end = (int)(sizeof(acl_perms) / sizeof(acl_perms[0])); 171 #if ARCHIVE_ACL_FREEBSD_NFS4 172 if (is_nfs4) 173 perm_start = 3; 174 else 175 perm_end = 3; 176 #endif 177 /* Cycle through all perms and compare their value */ 178 for (i = perm_start; i < perm_end; i++) { 179 #if ARCHIVE_ACL_LIBACL 180 perm_a = acl_get_perm(permset_a, acl_perms[i]); 181 perm_b = acl_get_perm(permset_b, acl_perms[i]); 182 #else 183 perm_a = acl_get_perm_np(permset_a, acl_perms[i]); 184 perm_b = acl_get_perm_np(permset_b, acl_perms[i]); 185 #endif 186 if (perm_a == -1 || perm_b == -1) 187 return (-1); 188 if (perm_a != perm_b) 189 return (0); 190 } 191 192 #if ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN 193 if (is_nfs4) { 194 r = acl_get_flagset_np(ae_a, &flagset_a); 195 failure("acl_get_flagset_np() error: %s", strerror(errno)); 196 if (assertEqualInt(r, 0) == 0) 197 return (-1); 198 r = acl_get_flagset_np(ae_b, &flagset_b); 199 failure("acl_get_flagset_np() error: %s", strerror(errno)); 200 if (assertEqualInt(r, 0) == 0) 201 return (-1); 202 /* Cycle through all flags and compare their status */ 203 for (i = 0; i < (int)(sizeof(acl_flags) / sizeof(acl_flags[0])); 204 i++) { 205 flag_a = acl_get_flag_np(flagset_a, acl_flags[i]); 206 flag_b = acl_get_flag_np(flagset_b, acl_flags[i]); 207 if (flag_a == -1 || flag_b == -1) 208 return (-1); 209 if (flag_a != flag_b) 210 return (0); 211 } 212 } 213 #else /* ARCHIVE_ACL_FREEBSD_NFS4 || ARCHIVE_ACL_DARWIN */ 214 (void)is_nfs4; /* UNUSED */ 215 #endif 216 return (1); 217 } 218 #endif /* ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBACL */ 219 220 #if ARCHIVE_ACL_SUPPORT 221 /* 222 * Clear default ACLs or inheritance flags 223 */ 224 static void 225 clear_inheritance_flags(const char *path, int type) 226 { 227 switch (type) { 228 case ARCHIVE_TEST_ACL_TYPE_POSIX1E: 229 #if ARCHIVE_ACL_POSIX1E 230 #if !ARCHIVE_ACL_SUNOS 231 acl_delete_def_file(path); 232 #else 233 /* Solaris */ 234 setTestAcl(path); 235 #endif 236 #endif /* ARCHIVE_ACL_POSIX1E */ 237 break; 238 case ARCHIVE_TEST_ACL_TYPE_NFS4: 239 #if ARCHIVE_ACL_NFS4 240 setTestAcl(path); 241 #endif 242 break; 243 default: 244 (void)path; /* UNUSED */ 245 break; 246 } 247 } 248 249 static int 250 compare_acls(const char *path_a, const char *path_b) 251 { 252 int ret = 1; 253 int is_nfs4 = 0; 254 #if ARCHIVE_ACL_SUNOS 255 void *acl_a, *acl_b; 256 int aclcnt_a, aclcnt_b; 257 aclent_t *aclent_a, *aclent_b; 258 ace_t *ace_a, *ace_b; 259 int e; 260 #elif ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL 261 acl_t acl_a, acl_b; 262 acl_entry_t aclent_a, aclent_b; 263 int a, b, r; 264 #endif 265 #if ARCHIVE_ACL_LIBRICHACL 266 struct richacl *richacl_a, *richacl_b; 267 268 richacl_a = NULL; 269 richacl_b = NULL; 270 #endif 271 272 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL || \ 273 ARCHIVE_ACL_SUNOS 274 acl_a = NULL; 275 acl_b = NULL; 276 #endif 277 #if ARCHIVE_ACL_SUNOS 278 acl_a = sunacl_get(GETACL, &aclcnt_a, 0, path_a); 279 if (acl_a == NULL) { 280 #if ARCHIVE_ACL_SUNOS_NFS4 281 is_nfs4 = 1; 282 acl_a = sunacl_get(ACE_GETACL, &aclcnt_a, 0, path_a); 283 #endif 284 failure("acl_get() error: %s", strerror(errno)); 285 if (assert(acl_a != NULL) == 0) 286 return (-1); 287 #if ARCHIVE_ACL_SUNOS_NFS4 288 acl_b = sunacl_get(ACE_GETACL, &aclcnt_b, 0, path_b); 289 #endif 290 } else 291 acl_b = sunacl_get(GETACL, &aclcnt_b, 0, path_b); 292 if (acl_b == NULL && (errno == ENOSYS || errno == ENOTSUP)) { 293 free(acl_a); 294 return (0); 295 } 296 failure("acl_get() error: %s", strerror(errno)); 297 if (assert(acl_b != NULL) == 0) { 298 free(acl_a); 299 return (-1); 300 } 301 302 if (aclcnt_a != aclcnt_b) { 303 ret = 0; 304 goto exit_free; 305 } 306 307 for (e = 0; e < aclcnt_a; e++) { 308 if (!is_nfs4) { 309 aclent_a = &((aclent_t *)acl_a)[e]; 310 aclent_b = &((aclent_t *)acl_b)[e]; 311 if (aclent_a->a_type != aclent_b->a_type || 312 aclent_a->a_id != aclent_b->a_id || 313 aclent_a->a_perm != aclent_b->a_perm) { 314 ret = 0; 315 goto exit_free; 316 } 317 } 318 #if ARCHIVE_ACL_SUNOS_NFS4 319 else { 320 ace_a = &((ace_t *)acl_a)[e]; 321 ace_b = &((ace_t *)acl_b)[e]; 322 if (ace_a->a_who != ace_b->a_who || 323 ace_a->a_access_mask != ace_b->a_access_mask || 324 ace_a->a_flags != ace_b->a_flags || 325 ace_a->a_type != ace_b->a_type) { 326 ret = 0; 327 goto exit_free; 328 } 329 } 330 #endif 331 } 332 #else /* !ARCHIVE_ACL_SUNOS */ 333 #if ARCHIVE_ACL_LIBRICHACL 334 richacl_a = richacl_get_file(path_a); 335 #if !ARCHIVE_ACL_LIBACL 336 if (richacl_a == NULL && 337 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS)) 338 return (0); 339 failure("richacl_get_file() error: %s (%s)", path_a, strerror(errno)); 340 if (assert(richacl_a != NULL) == 0) 341 return (-1); 342 #endif 343 if (richacl_a != NULL) { 344 richacl_b = richacl_get_file(path_b); 345 if (richacl_b == NULL && 346 (errno == ENODATA || errno == ENOTSUP || errno == ENOSYS)) { 347 richacl_free(richacl_a); 348 return (0); 349 } 350 failure("richacl_get_file() error: %s (%s)", path_b, 351 strerror(errno)); 352 if (assert(richacl_b != NULL) == 0) { 353 richacl_free(richacl_a); 354 return (-1); 355 } 356 if (richacl_compare(richacl_a, richacl_b) == 0) 357 ret = 0; 358 richacl_free(richacl_a); 359 richacl_free(richacl_b); 360 return (ret); 361 } 362 #endif /* ARCHIVE_ACL_LIBRICHACL */ 363 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL 364 #if ARCHIVE_ACL_DARWIN 365 is_nfs4 = 1; 366 acl_a = acl_get_file(path_a, ACL_TYPE_EXTENDED); 367 #elif ARCHIVE_ACL_FREEBSD_NFS4 368 acl_a = acl_get_file(path_a, ACL_TYPE_NFS4); 369 if (acl_a != NULL) 370 is_nfs4 = 1; 371 #endif 372 if (acl_a == NULL) 373 acl_a = acl_get_file(path_a, ACL_TYPE_ACCESS); 374 failure("acl_get_file() error: %s (%s)", path_a, strerror(errno)); 375 if (assert(acl_a != NULL) == 0) 376 return (-1); 377 #if ARCHIVE_ACL_DARWIN 378 acl_b = acl_get_file(path_b, ACL_TYPE_EXTENDED); 379 #elif ARCHIVE_ACL_FREEBSD_NFS4 380 acl_b = acl_get_file(path_b, ACL_TYPE_NFS4); 381 #endif 382 #if !ARCHIVE_ACL_DARWIN 383 if (acl_b == NULL) { 384 #if ARCHIVE_ACL_FREEBSD_NFS4 385 if (is_nfs4) { 386 acl_free(acl_a); 387 return (0); 388 } 389 #endif 390 acl_b = acl_get_file(path_b, ACL_TYPE_ACCESS); 391 } 392 failure("acl_get_file() error: %s (%s)", path_b, strerror(errno)); 393 if (assert(acl_b != NULL) == 0) { 394 acl_free(acl_a); 395 return (-1); 396 } 397 #endif 398 a = acl_get_entry(acl_a, ACL_FIRST_ENTRY, &aclent_a); 399 if (a == -1) { 400 ret = 0; 401 goto exit_free; 402 } 403 b = acl_get_entry(acl_b, ACL_FIRST_ENTRY, &aclent_b); 404 if (b == -1) { 405 ret = 0; 406 goto exit_free; 407 } 408 #if ARCHIVE_ACL_DARWIN 409 while (a == 0 && b == 0) 410 #else /* FreeBSD, Linux */ 411 while (a == 1 && b == 1) 412 #endif 413 { 414 r = compare_acl_entry(aclent_a, aclent_b, is_nfs4); 415 if (r != 1) { 416 ret = r; 417 goto exit_free; 418 } 419 a = acl_get_entry(acl_a, ACL_NEXT_ENTRY, &aclent_a); 420 b = acl_get_entry(acl_b, ACL_NEXT_ENTRY, &aclent_b); 421 } 422 /* Entry count must match */ 423 if (a != b) 424 ret = 0; 425 #endif /* ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_FREEBSD || ARCHIVE_ACL_LIBACL */ 426 #endif /* !ARCHIVE_ACL_SUNOS */ 427 exit_free: 428 #if ARCHIVE_ACL_SUNOS 429 free(acl_a); 430 free(acl_b); 431 #else 432 acl_free(acl_a); 433 acl_free(acl_b); 434 #endif 435 return (ret); 436 } 437 #endif /* ARCHIVE_ACL_SUPPORT */ 438 439 DEFINE_TEST(test_option_acls) 440 { 441 #if !ARCHIVE_ACL_SUPPORT 442 skipping("ACLs are not supported on this platform"); 443 #else /* ARCHIVE_ACL_SUPPORT */ 444 int acltype, r; 445 446 assertMakeFile("f", 0644, "a"); 447 acltype = setTestAcl("f"); 448 if (acltype == 0) { 449 skipping("Can't write ACLs on the filesystem"); 450 return; 451 } 452 453 /* Archive it with acls */ 454 r = systemf("%s -c --no-mac-metadata --acls -f acls.tar f >acls.out 2>acls.err", testprog); 455 assertEqualInt(r, 0); 456 457 /* Archive it without acls */ 458 r = systemf("%s -c --no-mac-metadata --no-acls -f noacls.tar f >noacls.out 2>noacls.err", testprog); 459 assertEqualInt(r, 0); 460 461 /* Extract acls with acls */ 462 assertMakeDir("acls_acls", 0755); 463 clear_inheritance_flags("acls_acls", acltype); 464 r = systemf("%s -x -C acls_acls --no-same-permissions --acls -f acls.tar >acls_acls.out 2>acls_acls.err", testprog); 465 assertEqualInt(r, 0); 466 r = compare_acls("f", "acls_acls/f"); 467 assertEqualInt(r, 1); 468 469 /* Extract acls without acls */ 470 assertMakeDir("acls_noacls", 0755); 471 clear_inheritance_flags("acls_noacls", acltype); 472 r = systemf("%s -x -C acls_noacls -p --no-acls -f acls.tar >acls_noacls.out 2>acls_noacls.err", testprog); 473 assertEqualInt(r, 0); 474 r = compare_acls("f", "acls_noacls/f"); 475 assertEqualInt(r, 0); 476 477 /* Extract noacls with acls flag */ 478 assertMakeDir("noacls_acls", 0755); 479 clear_inheritance_flags("noacls_acls", acltype); 480 r = systemf("%s -x -C noacls_acls --no-same-permissions --acls -f noacls.tar >noacls_acls.out 2>noacls_acls.err", testprog); 481 assertEqualInt(r, 0); 482 r = compare_acls("f", "noacls_acls/f"); 483 assertEqualInt(r, 0); 484 485 /* Extract noacls with noacls */ 486 assertMakeDir("noacls_noacls", 0755); 487 clear_inheritance_flags("noacls_noacls", acltype); 488 r = systemf("%s -x -C noacls_noacls -p --no-acls -f noacls.tar >noacls_noacls.out 2>noacls_noacls.err", testprog); 489 assertEqualInt(r, 0); 490 r = compare_acls("f", "noacls_noacls/f"); 491 assertEqualInt(r, 0); 492 #endif /* ARCHIVE_ACL_SUPPORT */ 493 } 494