CVE-2023-0614 ldb: Centralise checking for inaccessible matches
[Samba.git] / source3 / modules / test_vfs_posixacl.c
blob19e7d9842771302397b7871c39e7eac342f0564b
1 /*
2 * Unix SMB/CIFS implementation.
4 * Unit test for vfs_posixacl
6 * Copyright (C) Christof Schmitt 2020
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
22 #include "vfs_posixacl.c"
23 #include <cmocka.h>
25 static void smb_acl_add_entry(struct smb_acl_t * smb_acl,
26 SMB_ACL_TAG_T tag, uint32_t id,
27 bool read, bool write, bool execute)
29 int ret;
30 struct smb_acl_entry *smb_acl_entry = NULL;
31 SMB_ACL_PERMSET_T smb_permset = NULL;
33 ret = sys_acl_create_entry(&smb_acl, &smb_acl_entry);
34 assert_int_equal(ret, 0);
36 ret = sys_acl_set_tag_type(smb_acl_entry, tag);
37 assert_int_equal(ret, 0);
39 if (tag == SMB_ACL_USER || tag == SMB_ACL_GROUP) {
40 ret = sys_acl_set_qualifier(smb_acl_entry, &id);
41 assert_int_equal(ret, 0);
44 ret = sys_acl_get_permset(smb_acl_entry, &smb_permset);
45 assert_int_equal(ret, 0);
47 if (read) {
48 ret = sys_acl_add_perm(smb_permset, SMB_ACL_READ);
49 assert_int_equal(ret, 0);
52 if (write) {
53 ret = sys_acl_add_perm(smb_permset, SMB_ACL_WRITE);
54 assert_int_equal(ret, 0);
57 if (execute) {
58 ret = sys_acl_add_perm(smb_permset, SMB_ACL_EXECUTE);
59 assert_int_equal(ret, 0);
62 ret = sys_acl_set_permset(smb_acl_entry, smb_permset);
63 assert_int_equal(ret, 0);
66 static void acl_check_entry(acl_entry_t acl_entry, SMB_ACL_TAG_T tag,
67 uint32_t id,
68 bool read, bool write, bool execute)
70 int ret;
71 acl_permset_t acl_permset = NULL;
72 acl_tag_t acl_tag;
74 ret = acl_get_permset(acl_entry, &acl_permset);
75 assert_int_equal(ret, 0);
77 ret = acl_get_tag_type(acl_entry, &acl_tag);
78 assert_int_equal(ret, 0);
79 assert_int_equal(acl_tag, tag);
81 if (tag == ACL_USER || tag == ACL_GROUP) {
82 uint32_t *id_p;
84 id_p = acl_get_qualifier(acl_entry);
85 assert_non_null(id_p);
86 assert_int_equal(*id_p, id);
89 #ifdef HAVE_ACL_GET_PERM_NP
90 ret = acl_get_perm_np(acl_permset, ACL_READ);
91 #else
92 ret = acl_get_perm(acl_permset, ACL_READ);
93 #endif
94 assert_int_equal(ret, read ? 1 : 0);
96 #ifdef HAVE_ACL_GET_PERM_NP
97 ret = acl_get_perm_np(acl_permset, ACL_WRITE);
98 #else
99 ret = acl_get_perm(acl_permset, ACL_WRITE);
100 #endif
101 assert_int_equal(ret, write ? 1 : 0);
103 #ifdef HAVE_ACL_GET_PERM_NP
104 ret = acl_get_perm_np(acl_permset, ACL_EXECUTE);
105 #else
106 ret = acl_get_perm(acl_permset, ACL_EXECUTE);
107 #endif
108 assert_int_equal(ret, execute ? 1 : 0);
111 static void test_smb_acl_to_posix_simple_acl(void **state)
113 TALLOC_CTX *mem_ctx = talloc_stackframe();
114 struct smb_acl_t *smb_acl = NULL;
115 acl_t acl = NULL;
116 acl_entry_t acl_entry = NULL;
117 int ret;
119 smb_acl = sys_acl_init(mem_ctx);
120 assert_non_null(smb_acl);
122 smb_acl_add_entry(smb_acl, SMB_ACL_USER_OBJ, 0, false, true, false);
123 smb_acl_add_entry(smb_acl, SMB_ACL_GROUP_OBJ, 0, true, false, false);
124 smb_acl_add_entry(smb_acl, SMB_ACL_OTHER, 0, false, false, true);
126 acl = smb_acl_to_posix(smb_acl);
127 assert_non_null(acl);
129 ret = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
130 assert_int_equal(ret, 1);
131 acl_check_entry(acl_entry, ACL_USER_OBJ, 0, false, true, false);
133 ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
134 assert_int_equal(ret, 1);
135 acl_check_entry(acl_entry, ACL_GROUP_OBJ, 0, true, false, false);
137 ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
138 assert_int_equal(ret, 1);
139 acl_check_entry(acl_entry, ACL_OTHER, 0, false, false, true);
141 ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
142 assert_int_equal(ret, 0);
144 ret = acl_free(acl);
145 assert_int_equal(ret, 0);
147 TALLOC_FREE(mem_ctx);
150 int main(int argc, char **argv)
152 const struct CMUnitTest tests[] = {
153 cmocka_unit_test(test_smb_acl_to_posix_simple_acl),
156 cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
158 if (argc != 2) {
159 print_error("Usage: %s smb.conf\n", argv[0]);
160 exit(1);
164 * Initialize enough of the Samba internals to have the
165 * mappings tests work.
167 talloc_stackframe();
168 lp_load_global(argv[1]);
170 return cmocka_run_group_tests(tests, NULL, NULL);