test_vfs_posixacl: Add unit test for Linux POSIX ACL mapping

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

source3/modules/test_vfs_posixacl.c

@@ -0,0 +1,159 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Unit test for vfs_posixacl
+ *
+ *  Copyright (C) Christof Schmitt 2020
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "vfs_posixacl.c"
+#include <cmocka.h>
+
+static void smb_acl_add_entry(struct smb_acl_t * smb_acl,
+			      SMB_ACL_TAG_T tag, uint32_t id,
+			      bool read, bool write, bool execute)
+{
+	int ret;
+	struct smb_acl_entry *smb_acl_entry = NULL;
+	SMB_ACL_PERMSET_T smb_permset = NULL;
+
+	ret = sys_acl_create_entry(&smb_acl, &smb_acl_entry);
+	assert_int_equal(ret, 0);
+
+	ret = sys_acl_set_tag_type(smb_acl_entry, tag);
+	assert_int_equal(ret, 0);
+
+	if (tag == SMB_ACL_USER || tag == SMB_ACL_GROUP) {
+		ret = sys_acl_set_qualifier(smb_acl_entry, &id);
+		assert_int_equal(ret, 0);
+	}
+
+	ret = sys_acl_get_permset(smb_acl_entry, &smb_permset);
+	assert_int_equal(ret, 0);
+
+	if (read) {
+		ret = sys_acl_add_perm(smb_permset, SMB_ACL_READ);
+		assert_int_equal(ret, 0);
+	}
+
+	if (write) {
+		ret = sys_acl_add_perm(smb_permset, SMB_ACL_WRITE);
+		assert_int_equal(ret, 0);
+	}
+
+	if (execute) {
+		ret = sys_acl_add_perm(smb_permset, SMB_ACL_EXECUTE);
+		assert_int_equal(ret, 0);
+	}
+
+	ret = sys_acl_set_permset(smb_acl_entry, smb_permset);
+	assert_int_equal(ret, 0);
+}
+
+static void acl_check_entry(acl_entry_t acl_entry, SMB_ACL_TAG_T tag,
+			    uint32_t id,
+			    bool read, bool write, bool execute)
+{
+	int ret;
+	acl_permset_t acl_permset = NULL;
+	acl_tag_t acl_tag;
+
+	ret = acl_get_permset(acl_entry, &acl_permset);
+	assert_int_equal(ret, 0);
+
+	ret = acl_get_tag_type(acl_entry, &acl_tag);
+	assert_int_equal(ret, 0);
+	assert_int_equal(acl_tag, tag);
+
+	if (tag == ACL_USER || tag == ACL_GROUP) {
+		uint32_t *id_p;
+
+		id_p = acl_get_qualifier(acl_entry);
+		assert_non_null(id_p);
+		assert_int_equal(*id_p, id);
+	}
+
+	ret = acl_get_perm(acl_permset, ACL_READ);
+	assert_int_equal(ret, read ? 1 : 0);
+
+	ret = acl_get_perm(acl_permset, ACL_WRITE);
+	assert_int_equal(ret, write ? 1 : 0);
+
+	ret = acl_get_perm(acl_permset, ACL_EXECUTE);
+	assert_int_equal(ret, execute ? 1 : 0);
+}
+
+static void test_smb_acl_to_posix_simple_acl(void **state)
+{
+	TALLOC_CTX *mem_ctx = talloc_stackframe();
+	struct smb_acl_t *smb_acl = NULL;
+	acl_t acl = NULL;
+	acl_entry_t acl_entry = NULL;
+	int ret;
+
+	smb_acl = sys_acl_init(mem_ctx);
+	assert_non_null(smb_acl);
+
+	smb_acl_add_entry(smb_acl, SMB_ACL_USER_OBJ, 0, false, true, false);
+	smb_acl_add_entry(smb_acl, SMB_ACL_GROUP_OBJ, 0, true, false, false);
+	smb_acl_add_entry(smb_acl, SMB_ACL_OTHER, 0, false, false, true);
+
+	acl = smb_acl_to_posix(smb_acl);
+	assert_non_null(acl);
+
+	ret = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
+	assert_int_equal(ret, 1);
+	acl_check_entry(acl_entry, ACL_USER_OBJ, 0, false, true, false);
+
+	ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+	assert_int_equal(ret, 1);
+	acl_check_entry(acl_entry, ACL_GROUP_OBJ, 0, true, false, false);
+
+	ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+	assert_int_equal(ret, 1);
+	acl_check_entry(acl_entry, ACL_OTHER, 0, false, false, true);
+
+	ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
+	assert_int_equal(ret, 0);
+
+	ret = acl_free(acl);
+	assert_int_equal(ret, 0);
+
+	TALLOC_FREE(mem_ctx);
+}
+
+int main(int argc, char **argv)
+{
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_smb_acl_to_posix_simple_acl),
+	};
+
+	cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+	if (argc != 2) {
+		print_error("Usage: %s smb.conf\n", argv[0]);
+		exit(1);
+	}
+
+	/*
+	 * Initialize enough of the Samba internals to have the
+	 * mappings tests work.
+	 */
+	talloc_stackframe();
+	lp_load_global(argv[1]);
+
+	return cmocka_run_group_tests(tests, NULL, NULL);
+}

source3/modules/wscript_build

@@ -218,6 +218,11 @@ bld.SAMBA3_MODULE('vfs_posixacl',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_posixacl'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_posixacl'))
 
+bld.SAMBA3_BINARY('test_vfs_posixacl',
+                  source='test_vfs_posixacl.c',
+                  deps='smbd_base cmocka',
+                  for_selftest=True)
+
 bld.SAMBA3_MODULE('vfs_aixacl',
                  subsystem='vfs',
                  source='vfs_aixacl.c',

source3/selftest/tests.py

@@ -561,6 +561,10 @@ plantestsuite("samba3.test_vfs_full_audit", "none",
               [os.path.join(bindir(), "test_vfs_full_audit"),
                "$SMB_CONF_PATH"])
 
+plantestsuite("samba3.test_vfs_posixacl", "none",
+              [os.path.join(bindir(), "test_vfs_posixacl"),
+               "$SMB_CONF_PATH"])
+
 plantestsuite(
     "samba3.resolvconf", "none",
     [os.path.join(samba3srcdir, "script/tests/test_resolvconf.sh")])