1 /*- 2 * Copyright (c) 2021 Gleb Popov 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/param.h> 28 #include <sys/acl.h> 29 #include <sys/stat.h> 30 31 #include <stdlib.h> 32 #include <errno.h> 33 34 #include <atf-c.h> 35 36 /* Compatibility shim to make it possible to run this test on Linux 37 * gcc -I/path/to/atf/include -L/path/to/atf/lib -latf-c -lacl acl-api-test.c 38 */ 39 #ifdef __linux__ 40 #include <acl/libacl.h> 41 #define acl_from_mode_np acl_from_mode 42 #define acl_equiv_mode_np acl_equiv_mode 43 #define acl_cmp_np acl_cmp 44 #endif 45 46 static const mode_t all_modes[] = { 47 S_IRUSR, 48 S_IWUSR, 49 S_IXUSR, 50 S_IRGRP, 51 S_IWGRP, 52 S_IXGRP, 53 S_IROTH, 54 S_IWOTH, 55 S_IXOTH 56 }; 57 58 static mode_t gen_random_mode(void) 59 { 60 mode_t mode = 0; 61 62 for (unsigned i = 0; i < sizeof(all_modes) / sizeof(mode_t); i++) { 63 if (rand() % 2) 64 mode |= all_modes[i]; 65 } 66 67 return (mode); 68 } 69 70 /* Generate a random mode_t, produce an acl_t from it, 71 * then use acl_equiv_mode_np to produce a mode_t again. 72 * The call should succeed and mode_t's should be equal 73 */ 74 ATF_TC_WITHOUT_HEAD(acl_mode_roundup); 75 ATF_TC_BODY(acl_mode_roundup, tc) 76 { 77 int num_tests = 100; 78 79 while (num_tests--) { 80 mode_t src_mode, equiv_mode; 81 acl_t acl; 82 83 src_mode = gen_random_mode(); 84 85 acl = acl_from_mode_np(src_mode); 86 ATF_REQUIRE(acl != NULL); 87 88 ATF_CHECK_EQ(0, acl_equiv_mode_np(acl, &equiv_mode)); 89 ATF_CHECK_EQ(src_mode, equiv_mode); 90 91 acl_free(acl); 92 } 93 } 94 95 /* Successfull acl_equiv_mode_np calls are tested in acl_mode_roundup. 96 * Here some specific cases are tested. 97 */ 98 ATF_TC_WITHOUT_HEAD(acl_equiv_mode_test); 99 ATF_TC_BODY(acl_equiv_mode_test, tc) 100 { 101 acl_t acl; 102 acl_entry_t entry; 103 mode_t mode; 104 int uid = 0; 105 106 acl = acl_init(1); 107 ATF_REQUIRE(acl != NULL); 108 109 /* empty acl maps to 0000 UNIX mode */ 110 ATF_CHECK_EQ(0, acl_equiv_mode_np(acl, &mode)); 111 ATF_CHECK_EQ(0, mode); 112 113 #ifndef __linux__ 114 /* NFS-branded acl's can't be converted to UNIX mode */ 115 ATF_REQUIRE_EQ(0, acl_create_entry(&acl, &entry)); 116 ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_EVERYONE)); 117 ATF_CHECK_EQ(1, acl_equiv_mode_np(acl, &mode)); 118 #endif 119 120 /* acl's with qualified user entries can't be converted to UNIX mode */ 121 acl_free(acl); 122 acl = acl_init(1); 123 ATF_REQUIRE(acl != NULL); 124 ATF_REQUIRE_EQ(0, acl_create_entry(&acl, &entry)); 125 ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_USER)); 126 ATF_REQUIRE_EQ(0, acl_set_qualifier(entry, &uid)); 127 ATF_CHECK_EQ(1, acl_equiv_mode_np(acl, &mode)); 128 129 /* passing NULL causes EINVAL */ 130 ATF_CHECK_ERRNO(EINVAL, acl_equiv_mode_np(NULL, &mode)); 131 } 132 133 ATF_TC_WITHOUT_HEAD(acl_cmp_test); 134 ATF_TC_BODY(acl_cmp_test, tc) 135 { 136 acl_t empty_acl, acl1, acl2; 137 acl_entry_t entry; 138 acl_permset_t perms; 139 140 empty_acl = acl_init(1); 141 ATF_REQUIRE(empty_acl != NULL); 142 143 acl1 = acl_init(3); 144 ATF_REQUIRE(acl1 != NULL); 145 146 /* first, check that two empty acls are equal */ 147 ATF_CHECK_EQ(0, acl_cmp_np(acl1, empty_acl)); 148 149 /* now create an entry and compare against empty acl */ 150 ATF_REQUIRE_EQ(0, acl_create_entry(&acl1, &entry)); 151 ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_USER_OBJ)); 152 ATF_REQUIRE_EQ(0, acl_get_permset(entry, &perms)); 153 ATF_REQUIRE_EQ(0, acl_clear_perms(perms)); 154 ATF_REQUIRE_EQ(0, acl_add_perm(perms, ACL_READ)); 155 ATF_CHECK_EQ(1, acl_cmp_np(empty_acl, acl1)); 156 157 /* make a dup of non-empty acl and check that they are equal */ 158 acl2 = acl_dup(acl1); 159 ATF_REQUIRE(acl2 != NULL); 160 ATF_CHECK_EQ(0, acl_cmp_np(acl1, acl2)); 161 162 /* change the tag type and compare */ 163 ATF_REQUIRE_EQ(1, acl_get_entry(acl1, ACL_FIRST_ENTRY, &entry)); 164 ATF_REQUIRE_EQ(0, acl_set_tag_type(entry, ACL_GROUP_OBJ)); 165 ATF_CHECK_EQ(1, acl_cmp_np(acl1, acl2)); 166 167 /* change the permset and compare */ 168 acl_free(acl2); 169 acl2 = acl_dup(acl1); 170 ATF_REQUIRE(acl2 != NULL); 171 ATF_REQUIRE_EQ(1, acl_get_entry(acl1, ACL_FIRST_ENTRY, &entry)); 172 ATF_REQUIRE_EQ(0, acl_get_permset(entry, &perms)); 173 ATF_REQUIRE_EQ(0, acl_clear_perms(perms)); 174 ATF_CHECK_EQ(1, acl_cmp_np(acl1, acl2)); 175 176 /* check that passing NULL yields EINVAL */ 177 ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(NULL, NULL)); 178 ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(acl1, NULL)); 179 ATF_CHECK_ERRNO(EINVAL, acl_cmp_np(NULL, acl1)); 180 181 acl_free(empty_acl); 182 acl_free(acl1); 183 acl_free(acl2); 184 } 185 186 ATF_TP_ADD_TCS(tp) 187 { 188 189 ATF_TP_ADD_TC(tp, acl_mode_roundup); 190 ATF_TP_ADD_TC(tp, acl_equiv_mode_test); 191 ATF_TP_ADD_TC(tp, acl_cmp_test); 192 193 return (atf_no_error()); 194 } 195