xref: /freebsd/tests/sys/acl/acl-api-test.c (revision 179219ea046f46927d6478d43431e8b541703539)
1 /*-
2  * Copyright (c) 2021 Gleb Popov
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  */
26 
27 #include <sys/param.h>
28 #include <sys/acl.h>
29 #include <sys/stat.h>
30 
31 #include <stdlib.h>
32 #include <errno.h>
33 
34 #include <atf-c.h>
35 
36 /* Compatibility shim to make it possible to run this test on Linux
37  * gcc -I/path/to/atf/include -L/path/to/atf/lib -latf-c -lacl acl-api-test.c
38  */
39 #ifdef __linux__
40 #include <acl/libacl.h>
41 #define acl_from_mode_np acl_from_mode
42 #define acl_equiv_mode_np acl_equiv_mode
43 #define acl_cmp_np acl_cmp
44 #endif
45 
46 static const mode_t all_modes[] = {
47 	S_IRUSR,
48 	S_IWUSR,
49 	S_IXUSR,
50 	S_IRGRP,
51 	S_IWGRP,
52 	S_IXGRP,
53 	S_IROTH,
54 	S_IWOTH,
55 	S_IXOTH
56 };
57 
58 static mode_t gen_random_mode(void)
59 {
60 	mode_t mode = 0;
61 
62 	for (unsigned i = 0; i < sizeof(all_modes) / sizeof(mode_t); i++) {
63 		if (rand() % 2)
64 			mode |= all_modes[i];
65 	}
66 
67 	return (mode);
68 }
69 
70 /* Generate a random mode_t, produce an acl_t from it,
71  * then use acl_equiv_mode_np to produce a mode_t again.
72  * The call should succeed and mode_t's should be equal
73  */
74 ATF_TC_WITHOUT_HEAD(acl_mode_roundup);
75 ATF_TC_BODY(acl_mode_roundup, tc)
76 {
77 	int num_tests = 100;
78 
79 	while (num_tests--) {
80 		mode_t src_mode, equiv_mode;
81 		acl_t acl;
82 
83 		src_mode = gen_random_mode();
84 
85 		acl = acl_from_mode_np(src_mode);
86 		ATF_REQUIRE(acl != NULL);
87 
88 		ATF_CHECK_EQ(0, acl_equiv_mode_np(acl, &equiv_mode));
89 		ATF_CHECK_EQ(src_mode, equiv_mode);
90 
91 		acl_free(acl);
92 	}
93 }
94 
95 /* Successfull acl_equiv_mode_np calls are tested in acl_mode_roundup.
96  * Here some specific cases are tested.
97  */
98 ATF_TC_WITHOUT_HEAD(acl_equiv_mode_test);
99 ATF_TC_BODY(acl_equiv_mode_test, tc)
100 {
101 	acl_t acl;
102 	acl_entry_t entry;
103 	mode_t mode;
104 	int uid = 0;
105 
106 	acl = acl_init(1);
107 	ATF_REQUIRE(acl != NULL);
108 
109 	/* empty acl maps to 0000 UNIX mode */
110 	ATF_CHECK_EQ(0, acl_equiv_mode_np(acl, &mode));
111 	ATF_CHECK_EQ(0, mode);
112 
113 #ifndef __linux__
114 	/* NFS-branded acl's can't be converted to UNIX mode */
115 	ATF_REQUIRE_EQ(0, acl_create_entry(&acl, &entry));
116 	ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_EVERYONE));
117 	ATF_CHECK_EQ(1, acl_equiv_mode_np(acl, &mode));
118 #endif
119 
120 	/* acl's with qualified user entries can't be converted to UNIX mode */
121 	acl_free(acl);
122 	acl = acl_init(1);
123 	ATF_REQUIRE(acl != NULL);
124 	ATF_REQUIRE_EQ(0, acl_create_entry(&acl, &entry));
125 	ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_USER));
126 	ATF_REQUIRE_EQ(0, acl_set_qualifier(entry, &uid));
127 	ATF_CHECK_EQ(1, acl_equiv_mode_np(acl, &mode));
128 
129 	/* passing NULL causes EINVAL */
130 	ATF_CHECK_ERRNO(EINVAL, acl_equiv_mode_np(NULL, &mode));
131 }
132 
133 ATF_TC_WITHOUT_HEAD(acl_cmp_test);
134 ATF_TC_BODY(acl_cmp_test, tc)
135 {
136 	acl_t empty_acl, acl1, acl2;
137 	acl_entry_t entry;
138 	acl_permset_t perms;
139 
140 	empty_acl = acl_init(1);
141 	ATF_REQUIRE(empty_acl != NULL);
142 
143 	acl1 = acl_init(3);
144 	ATF_REQUIRE(acl1 != NULL);
145 
146 	/* first, check that two empty acls are equal */
147 	ATF_CHECK_EQ(0, acl_cmp_np(acl1, empty_acl));
148 
149 	/* now create an entry and compare against empty acl */
150 	ATF_REQUIRE_EQ(0, acl_create_entry(&acl1, &entry));
151 	ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_USER_OBJ));
152 	ATF_REQUIRE_EQ(0, acl_get_permset(entry, &perms));
153 	ATF_REQUIRE_EQ(0, acl_clear_perms(perms));
154 	ATF_REQUIRE_EQ(0, acl_add_perm(perms, ACL_READ));
155 	ATF_CHECK_EQ(1, acl_cmp_np(empty_acl, acl1));
156 
157 	/* make a dup of non-empty acl and check that they are equal */
158 	acl2 = acl_dup(acl1);
159 	ATF_REQUIRE(acl2 != NULL);
160 	ATF_CHECK_EQ(0, acl_cmp_np(acl1, acl2));
161 
162 	/* change the tag type and compare */
163 	ATF_REQUIRE_EQ(1, acl_get_entry(acl1, ACL_FIRST_ENTRY, &entry));
164 	ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_GROUP_OBJ));
165 	ATF_CHECK_EQ(1, acl_cmp_np(acl1, acl2));
166 
167 	/* change the permset and compare */
168 	acl_free(acl2);
169 	acl2 = acl_dup(acl1);
170 	ATF_REQUIRE(acl2 != NULL);
171 	ATF_REQUIRE_EQ(1, acl_get_entry(acl1, ACL_FIRST_ENTRY, &entry));
172 	ATF_REQUIRE_EQ(0, acl_get_permset(entry, &perms));
173 	ATF_REQUIRE_EQ(0, acl_clear_perms(perms));
174 	ATF_CHECK_EQ(1, acl_cmp_np(acl1, acl2));
175 
176 	/* check that passing NULL yields EINVAL */
177 	ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(NULL, NULL));
178 	ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(acl1, NULL));
179 	ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(NULL, acl1));
180 
181 	acl_free(empty_acl);
182 	acl_free(acl1);
183 	acl_free(acl2);
184 }
185 
186 ATF_TP_ADD_TCS(tp)
187 {
188 
189 	ATF_TP_ADD_TC(tp, acl_mode_roundup);
190 	ATF_TP_ADD_TC(tp, acl_equiv_mode_test);
191 	ATF_TP_ADD_TC(tp, acl_cmp_test);
192 
193 	return (atf_no_error());
194 }
195