[thirdparty/systemd.git] / src / test / test-acl-util.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <fcntl.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>

#include "acl-util.h"
#include "errno-util.h"
#include "fd-util.h"
#include "format-util.h"
#include "string-util.h"
#include "tests.h"
#include "tmpfile-util.h"
#include "user-util.h"

TEST_RET(add_acls_for_user) {
        char fn[] = "/tmp/test-empty.XXXXXX";
        _cleanup_close_ int fd = -EBADF;
        char *cmd;
        uid_t uid;
        int r;

        fd = mkostemp_safe(fn);
        assert_se(fd >= 0);

        /* Use the mode that user journal files use */
        assert_se(fchmod(fd, 0640) == 0);

        cmd = strjoina("ls -l ", fn);
        assert_se(system(cmd) == 0);

        cmd = strjoina("getfacl -p ", fn);
        assert_se(system(cmd) == 0);

        if (getuid() == 0) {
                const char *nobody = NOBODY_USER_NAME;
                r = get_user_creds(&nobody, &uid, NULL, NULL, NULL, 0);
                if (r < 0)
                        uid = 0;
        } else
                uid = getuid();

        r = fd_add_uid_acl_permission(fd, uid, ACL_READ);
        if (ERRNO_IS_NOT_SUPPORTED(r))
                return log_tests_skipped("no ACL support on /tmp");

        log_info_errno(r, "fd_add_uid_acl_permission(%i, "UID_FMT", ACL_READ): %m", fd, uid);
        assert_se(r >= 0);

        cmd = strjoina("ls -l ", fn);
        assert_se(system(cmd) == 0);

        cmd = strjoina("getfacl -p ", fn);
        assert_se(system(cmd) == 0);

        /* set the acls again */

        r = fd_add_uid_acl_permission(fd, uid, ACL_READ);
        assert_se(r >= 0);

        cmd = strjoina("ls -l ", fn);
        assert_se(system(cmd) == 0);

        cmd = strjoina("getfacl -p ", fn);
        assert_se(system(cmd) == 0);

        (void) unlink(fn);
        return 0;
}

DEFINE_TEST_MAIN(LOG_INFO);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
5bb5b236 ZJS	2
	3	#include <fcntl.h>
	4	#include <stdlib.h>
	5	#include <sys/stat.h>
	6	#include <unistd.h>
	7
	8	#include "acl-util.h"
e742ec6a	9	#include "errno-util.h"
5bb5b236	10	#include "fd-util.h"
c32c4352	11	#include "format-util.h"
5bb5b236	12	#include "string-util.h"
e742ec6a	13	#include "tests.h"
e4de7287	14	#include "tmpfile-util.h"
5bb5b236 ZJS	15	#include "user-util.h"
5bb5b236 ZJS	16
26e555cb	17	TEST_RET(add_acls_for_user) {
5bb5b236	18	char fn[] = "/tmp/test-empty.XXXXXX";
254d1313	19	_cleanup_close_ int fd = -EBADF;
5bb5b236 ZJS	20	char *cmd;
	21	uid_t uid;
	22	int r;
	23
646853bd	24	fd = mkostemp_safe(fn);
5bb5b236 ZJS	25	assert_se(fd >= 0);
	26
	27	/* Use the mode that user journal files use */
d879fca6	28	assert_se(fchmod(fd, 0640) == 0);
5bb5b236 ZJS	29
	30	cmd = strjoina("ls -l ", fn);
	31	assert_se(system(cmd) == 0);
	32
	33	cmd = strjoina("getfacl -p ", fn);
	34	assert_se(system(cmd) == 0);
	35
	36	if (getuid() == 0) {
a3d37fe9	37	const char *nobody = NOBODY_USER_NAME;
fafff8f1	38	r = get_user_creds(&nobody, &uid, NULL, NULL, NULL, 0);
5bb5b236 ZJS	39	if (r < 0)
	40	uid = 0;
	41	} else
	42	uid = getuid();
	43
567aeb58	44	r = fd_add_uid_acl_permission(fd, uid, ACL_READ);
e742ec6a LP	45	if (ERRNO_IS_NOT_SUPPORTED(r))
	46	return log_tests_skipped("no ACL support on /tmp");
	47
567aeb58	48	log_info_errno(r, "fd_add_uid_acl_permission(%i, "UID_FMT", ACL_READ): %m", fd, uid);
5bb5b236 ZJS	49	assert_se(r >= 0);
	50
	51	cmd = strjoina("ls -l ", fn);
	52	assert_se(system(cmd) == 0);
	53
	54	cmd = strjoina("getfacl -p ", fn);
	55	assert_se(system(cmd) == 0);
	56
	57	/* set the acls again */
	58
567aeb58	59	r = fd_add_uid_acl_permission(fd, uid, ACL_READ);
5bb5b236 ZJS	60	assert_se(r >= 0);
	61
	62	cmd = strjoina("ls -l ", fn);
	63	assert_se(system(cmd) == 0);
	64
	65	cmd = strjoina("getfacl -p ", fn);
	66	assert_se(system(cmd) == 0);
	67
e742ec6a LP	68	(void) unlink(fn);
e742ec6a LP	69	return 0;
5bb5b236 ZJS	70	}
5bb5b236 ZJS	71
26e555cb	72	DEFINE_TEST_MAIN(LOG_INFO);