test_vfs_posixacl: Add unit test for Linux POSIX ACL mapping

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/modules/test_vfs_posixacl.c b/source3/modules/test_vfs_posixacl.c
new file mode 100644 (file)
index 0000000..e5a3333
--- /dev/null
+++ b/source3/modules/test_vfs_posixacl.c
@@ -0,0 +1,159 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Unit test for vfs_posixacl
+ *
+ *  Copyright (C) Christof Schmitt 2020
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "vfs_posixacl.c"
+#include <cmocka.h>
+
+static void smb_acl_add_entry(struct smb_acl_t * smb_acl,
+                             SMB_ACL_TAG_T tag, uint32_t id,
+                             bool read, bool write, bool execute)
+{
+       int ret;
+       struct smb_acl_entry *smb_acl_entry = NULL;
+       SMB_ACL_PERMSET_T smb_permset = NULL;
+
+       ret = sys_acl_create_entry(&smb_acl, &smb_acl_entry);
+       assert_int_equal(ret, 0);
+
+       ret = sys_acl_set_tag_type(smb_acl_entry, tag);
+       assert_int_equal(ret, 0);
+
+       if (tag == SMB_ACL_USER || tag == SMB_ACL_GROUP) {
+               ret = sys_acl_set_qualifier(smb_acl_entry, &id);
+               assert_int_equal(ret, 0);
+       }
+
+       ret = sys_acl_get_permset(smb_acl_entry, &smb_permset);
+       assert_int_equal(ret, 0);
+
+       if (read) {
+               ret = sys_acl_add_perm(smb_permset, SMB_ACL_READ);
+               assert_int_equal(ret, 0);
+       }
+
+       if (write) {
+               ret = sys_acl_add_perm(smb_permset, SMB_ACL_WRITE);
+               assert_int_equal(ret, 0);
+       }
+
+       if (execute) {
+               ret = sys_acl_add_perm(smb_permset, SMB_ACL_EXECUTE);
+               assert_int_equal(ret, 0);
+       }
+
+       ret = sys_acl_set_permset(smb_acl_entry, smb_permset);
+       assert_int_equal(ret, 0);
+}
+
+static void acl_check_entry(acl_entry_t acl_entry, SMB_ACL_TAG_T tag,
+                           uint32_t id,
+                           bool read, bool write, bool execute)
+{
+       int ret;
+       acl_permset_t acl_permset = NULL;
+       acl_tag_t acl_tag;
+
+       ret = acl_get_permset(acl_entry, &acl_permset);
+       assert_int_equal(ret, 0);
+
+       ret = acl_get_tag_type(acl_entry, &acl_tag);
+       assert_int_equal(ret, 0);
+       assert_int_equal(acl_tag, tag);
+
+       if (tag == ACL_USER || tag == ACL_GROUP) {
+               uint32_t *id_p;
+
+               id_p = acl_get_qualifier(acl_entry);
+               assert_non_null(id_p);
+               assert_int_equal(*id_p, id);
+       }
+
+       ret = acl_get_perm(acl_permset, ACL_READ);
+       assert_int_equal(ret, read ? 1 : 0);
+
+       ret = acl_get_perm(acl_permset, ACL_WRITE);
+       assert_int_equal(ret, write ? 1 : 0);
+
+       ret = acl_get_perm(acl_permset, ACL_EXECUTE);
+       assert_int_equal(ret, execute ? 1 : 0);
+}
+
+static void test_smb_acl_to_posix_simple_acl(void **state)
+{
+       TALLOC_CTX *mem_ctx = talloc_stackframe();
+       struct smb_acl_t *smb_acl = NULL;
+       acl_t acl = NULL;
+       acl_entry_t acl_entry = NULL;
+       int ret;
+
+       smb_acl = sys_acl_init(mem_ctx);
+       assert_non_null(smb_acl);
+
+       smb_acl_add_entry(smb_acl, SMB_ACL_USER_OBJ, 0, false, true, false);
+       smb_acl_add_entry(smb_acl, SMB_ACL_GROUP_OBJ, 0, true, false, false);
+       smb_acl_add_entry(smb_acl, SMB_ACL_OTHER, 0, false, false, true);
+
+       acl = smb_acl_to_posix(smb_acl);
+       assert_non_null(acl);
+
+       ret = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
+       assert_int_equal(ret, 1);
+       acl_check_entry(acl_entry, ACL_USER_OBJ, 0, false, true, false);
+
+       ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+       assert_int_equal(ret, 1);
+       acl_check_entry(acl_entry, ACL_GROUP_OBJ, 0, true, false, false);
+
+       ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+       assert_int_equal(ret, 1);
+       acl_check_entry(acl_entry, ACL_OTHER, 0, false, false, true);
+
+       ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+       assert_int_equal(ret, 0);
+
+       ret = acl_free(acl);
+       assert_int_equal(ret, 0);
+
+       TALLOC_FREE(mem_ctx);
+}
+
+int main(int argc, char **argv)
+{
+       const struct CMUnitTest tests[] = {
+               cmocka_unit_test(test_smb_acl_to_posix_simple_acl),
+       };
+
+       cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+       if (argc != 2) {
+               print_error("Usage: %s smb.conf\n", argv[0]);
+               exit(1);
+       }
+
+       /*
+        * Initialize enough of the Samba internals to have the
+        * mappings tests work.
+        */
+       talloc_stackframe();
+       lp_load_global(argv[1]);
+
+       return cmocka_run_group_tests(tests, NULL, NULL);
+}

diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 09528f38070e9442d6b126066a3a29cd4f507bcf..2b1f264bab52f10248e3a2c4e3972287b76f2ead 100644 (file)
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -218,6 +218,11 @@ bld.SAMBA3_MODULE('vfs_posixacl',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_posixacl'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_posixacl'))
 
+bld.SAMBA3_BINARY('test_vfs_posixacl',
+                  source='test_vfs_posixacl.c',
+                  deps='smbd_base cmocka',
+                  for_selftest=True)
+
 bld.SAMBA3_MODULE('vfs_aixacl',
                  subsystem='vfs',
                  source='vfs_aixacl.c',

diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index e2aebdcb6e2b671c2694fd5c1d5afb8e6f51c23d..5e4fbf8a60352a29aa975f3f69b1c3e56af8c1eb 100755 (executable)
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -561,6 +561,10 @@ plantestsuite("samba3.test_vfs_full_audit", "none",
               [os.path.join(bindir(), "test_vfs_full_audit"),
                "$SMB_CONF_PATH"])
 
+plantestsuite("samba3.test_vfs_posixacl", "none",
+              [os.path.join(bindir(), "test_vfs_posixacl"),
+               "$SMB_CONF_PATH"])
+
 plantestsuite(
     "samba3.resolvconf", "none",
     [os.path.join(samba3srcdir, "script/tests/test_resolvconf.sh")])