1#!/bin/sh 2 3# Show all commands when run with environment variable VERBOSE=yes. 4test -z "$VERBOSE" || set -x 5 6test "$USE_ACL" = 0 && 7 { 8 echo "Skipping test: insufficient ACL support" 9 exit 77 10 } 11 12# func_tmpdir 13# creates a temporary directory. 14# Sets variable 15# - tmp pathname of freshly created temporary directory 16func_tmpdir () 17{ 18 # Use the environment variable TMPDIR, falling back to /tmp. This allows 19 # users to specify a different temporary directory, for example, if their 20 # /tmp is filled up or too small. 21 : ${TMPDIR=/tmp} 22 { 23 # Use the mktemp program if available. If not available, hide the error 24 # message. 25 tmp=`(umask 077 && mktemp -d "$TMPDIR/glXXXXXX") 2>/dev/null` && 26 test -n "$tmp" && test -d "$tmp" 27 } || 28 { 29 # Use a simple mkdir command. It is guaranteed to fail if the directory 30 # already exists. $RANDOM is bash specific and expands to empty in shells 31 # other than bash, ksh and zsh. Its use does not increase security; 32 # rather, it minimizes the probability of failure in a very cluttered /tmp 33 # directory. 34 tmp=$TMPDIR/gl$$-$RANDOM 35 (umask 077 && mkdir "$tmp") 36 } || 37 { 38 echo "$0: cannot create a temporary directory in $TMPDIR" >&2 39 exit 1 40 } 41} 42 43func_tmpdir 44# builddir may already be set by the script that invokes this one. 45case "$builddir" in 46 '') builddir=`pwd` ;; 47 /* | ?:*) ;; 48 *) builddir=`pwd`/$builddir ;; 49esac 50cd "$builddir" || 51 { 52 echo "$0: cannot determine build directory (unreadable parent dir?)" >&2 53 exit 1 54 } 55# Switch to a temporary directory, to increase the likelihood that ACLs are 56# supported on the current file system. (/tmp is usually locally mounted, 57# whereas the build dir is sometimes NFS-mounted.) 58( cd "$tmp" 59 60 # Prepare tmpfile0. 61 rm -f tmpfile[0-9] tmpaclout[0-2] 62 echo "Simple contents" > tmpfile0 63 chmod 600 tmpfile0 64 65 # Classification of the platform according to the programs available for 66 # manipulating ACLs. 67 # Possible values are: 68 # linux, cygwin, freebsd, solaris, hpux, hpuxjfs, osf1, aix, macosx, irix, none. 69 # TODO: Support also native Windows platforms (mingw). 70 acl_flavor=none 71 if (getfacl tmpfile0 >/dev/null) 2>/dev/null; then 72 # Platforms with the getfacl and setfacl programs. 73 # Linux, FreeBSD, Solaris, Cygwin. 74 if (setfacl --help >/dev/null) 2>/dev/null; then 75 # Linux, Cygwin. 76 if (LC_ALL=C setfacl --help | grep ' --set-file' >/dev/null) 2>/dev/null; then 77 # Linux. 78 acl_flavor=linux 79 else 80 acl_flavor=cygwin 81 fi 82 else 83 # FreeBSD, Solaris. 84 if (LC_ALL=C setfacl 2>&1 | grep '\-x entries' >/dev/null) 2>/dev/null; then 85 # FreeBSD. 86 acl_flavor=freebsd 87 else 88 # Solaris. 89 acl_flavor=solaris 90 fi 91 fi 92 else 93 if (lsacl / >/dev/null) 2>/dev/null; then 94 # Platforms with the lsacl and chacl programs. 95 # HP-UX, sometimes also IRIX. 96 if (getacl tmpfile0 >/dev/null) 2>/dev/null; then 97 # HP-UX 11.11 or newer. 98 acl_flavor=hpuxjfs 99 else 100 # HP-UX 11.00. 101 acl_flavor=hpux 102 fi 103 else 104 if (getacl tmpfile0 >/dev/null) 2>/dev/null; then 105 # Tru64, NonStop Kernel. 106 if (getacl -m tmpfile0 >/dev/null) 2>/dev/null; then 107 # Tru64. 108 acl_flavor=osf1 109 else 110 # NonStop Kernel. 111 acl_flavor=nsk 112 fi 113 else 114 if (aclget tmpfile0 >/dev/null) 2>/dev/null; then 115 # AIX. 116 acl_flavor=aix 117 else 118 if (fsaclctl -v >/dev/null) 2>/dev/null; then 119 # Mac OS X. 120 acl_flavor=macosx 121 else 122 if test -f /sbin/chacl; then 123 # IRIX. 124 acl_flavor=irix 125 fi 126 fi 127 fi 128 fi 129 fi 130 fi 131 132 # Define a function to test for the same ACLs, from the point of view of 133 # the programs. 134 # func_test_same_acls file1 file2 135 case $acl_flavor in 136 linux | cygwin | freebsd | solaris) 137 func_test_same_acls () 138 { 139 getfacl "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 140 getfacl "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 141 cmp tmpaclout1 tmpaclout2 > /dev/null 142 } 143 ;; 144 hpux) 145 func_test_same_acls () 146 { 147 lsacl "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 148 lsacl "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 149 cmp tmpaclout1 tmpaclout2 > /dev/null 150 } 151 ;; 152 hpuxjfs) 153 func_test_same_acls () 154 { 155 { lsacl "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 156 lsacl "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 157 cmp tmpaclout1 tmpaclout2 > /dev/null 158 } && 159 { getacl "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 160 getacl "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 161 cmp tmpaclout1 tmpaclout2 > /dev/null 162 } 163 } 164 ;; 165 osf1 | nsk) 166 func_test_same_acls () 167 { 168 getacl "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 169 getacl "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 170 cmp tmpaclout1 tmpaclout2 > /dev/null 171 } 172 ;; 173 aix) 174 func_test_same_acls () 175 { 176 aclget "$1" > tmpaclout1 177 aclget "$2" > tmpaclout2 178 cmp tmpaclout1 tmpaclout2 > /dev/null 179 } 180 ;; 181 macosx) 182 func_test_same_acls () 183 { 184 /bin/ls -le "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 185 /bin/ls -le "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 186 cmp tmpaclout1 tmpaclout2 > /dev/null 187 } 188 ;; 189 irix) 190 func_test_same_acls () 191 { 192 /bin/ls -lD "$1" | sed -e "s/$1/FILENAME/g" > tmpaclout1 193 /bin/ls -lD "$2" | sed -e "s/$2/FILENAME/g" > tmpaclout2 194 cmp tmpaclout1 tmpaclout2 > /dev/null 195 } 196 ;; 197 none) 198 func_test_same_acls () 199 { 200 : 201 } 202 ;; 203 esac 204 205 # func_test_copy file1 file2 206 # copies file1 to file2 and verifies the permissions and ACLs are the same 207 # on both. 208 func_test_copy () 209 { 210 echo "Simple contents" > "$2" 211 chmod 600 "$2" 212 ${CHECKER} "$builddir"/test-copy-acl${EXEEXT} "$1" "$2" || exit 1 213 ${CHECKER} "$builddir"/test-sameacls${EXEEXT} "$1" "$2" || exit 1 214 func_test_same_acls "$1" "$2" || exit 1 215 } 216 217 func_test_copy tmpfile0 tmpfile1 218 219 if test $acl_flavor != none; then 220 # A POSIX compliant 'id' program. 221 if test -f /usr/xpg4/bin/id; then 222 ID=/usr/xpg4/bin/id 223 else 224 ID=id 225 fi 226 # Use a user and group id different from the current one, to avoid 227 # redundant/ambiguous ACLs. 228 myuid=`$ID -u` 229 mygid=`$ID -g` 230 auid=1 231 if test "$auid" = "$myuid"; then auid=2; fi 232 agid=1 233 if test "$agid" = "$mygid"; then agid=2; fi 234 235 case $acl_flavor in 236 linux | freebsd | solaris) 237 238 # Set an ACL for a user. 239 setfacl -m user:$auid:1 tmpfile0 240 241 func_test_copy tmpfile0 tmpfile2 242 243 # Set an ACL for a group. 244 setfacl -m group:$agid:4 tmpfile0 245 246 func_test_copy tmpfile0 tmpfile3 247 248 # Set an ACL for other. 249 case $acl_flavor in 250 freebsd) setfacl -m other::4 tmpfile0 ;; 251 solaris) chmod o+r tmpfile0 ;; 252 *) setfacl -m other:4 tmpfile0 ;; 253 esac 254 255 func_test_copy tmpfile0 tmpfile4 256 257 # Remove the ACL for the user. 258 case $acl_flavor in 259 linux) setfacl -x user:$auid tmpfile0 ;; 260 freebsd) setfacl -x user:$auid:1 tmpfile0 ;; 261 *) setfacl -d user:$auid:1 tmpfile0 ;; 262 esac 263 264 func_test_copy tmpfile0 tmpfile5 265 266 # Remove the ACL for other. 267 case $acl_flavor in 268 linux | solaris) ;; # impossible 269 freebsd) setfacl -x other::4 tmpfile0 ;; 270 *) setfacl -d other:4 tmpfile0 ;; 271 esac 272 273 func_test_copy tmpfile0 tmpfile6 274 275 # Remove the ACL for the group. 276 case $acl_flavor in 277 linux) setfacl -x group:$agid tmpfile0 ;; 278 freebsd) setfacl -x group:$agid:4 tmpfile0 ;; 279 *) setfacl -d group:$agid:4 tmpfile0 ;; 280 esac 281 282 func_test_copy tmpfile0 tmpfile7 283 284 # Delete all optional ACLs. 285 case $acl_flavor in 286 linux | freebsd) 287 setfacl -m user:$auid:1 tmpfile0 288 setfacl -b tmpfile0 289 ;; 290 *) 291 setfacl -s user::6,group::0,other:0 tmpfile0 ;; 292 esac 293 294 func_test_copy tmpfile0 tmpfile8 295 296 # Copy ACLs from a file that has no ACLs. 297 echo > tmpfile9 298 chmod a+x tmpfile9 299 case $acl_flavor in 300 linux) getfacl tmpfile9 | setfacl --set-file=- tmpfile0 ;; 301 freebsd) ;; 302 *) getfacl tmpfile9 | setfacl -f - tmpfile0 ;; 303 esac 304 rm -f tmpfile9 305 306 func_test_copy tmpfile0 tmpfile9 307 308 ;; 309 310 cygwin) 311 312 # Set an ACL for a group. 313 setfacl -m group:0:1 tmpfile0 314 315 func_test_copy tmpfile0 tmpfile2 316 317 # Set an ACL for other. 318 setfacl -m other:4 tmpfile0 319 320 func_test_copy tmpfile0 tmpfile4 321 322 # Remove the ACL for the group. 323 setfacl -d group:0 tmpfile0 324 325 func_test_copy tmpfile0 tmpfile5 326 327 # Remove the ACL for other. 328 setfacl -d other:4 tmpfile0 329 330 func_test_copy tmpfile0 tmpfile6 331 332 # Delete all optional ACLs. 333 setfacl -s user::6,group::0,other:0 tmpfile0 334 335 func_test_copy tmpfile0 tmpfile8 336 337 # Copy ACLs from a file that has no ACLs. 338 echo > tmpfile9 339 chmod a+x tmpfile9 340 getfacl tmpfile9 | setfacl -f - tmpfile0 341 rm -f tmpfile9 342 343 func_test_copy tmpfile0 tmpfile9 344 345 ;; 346 347 hpux) 348 349 # Set an ACL for a user. 350 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 351 chacl -r "${orig}($auid.%,--x)" tmpfile0 352 353 func_test_copy tmpfile0 tmpfile2 354 355 # Set an ACL for a group. 356 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 357 chacl -r "${orig}(%.$agid,r--)" tmpfile0 358 359 func_test_copy tmpfile0 tmpfile3 360 361 # Set an ACL for other. 362 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 363 chacl -r "${orig}(%.%,r--)" tmpfile0 364 365 func_test_copy tmpfile0 tmpfile4 366 367 # Remove the ACL for the user. 368 chacl -d "($auid.%,--x)" tmpfile0 369 370 func_test_copy tmpfile0 tmpfile5 371 372 # Remove the ACL for the group. 373 chacl -d "(%.$agid,r--)" tmpfile0 374 375 func_test_copy tmpfile0 tmpfile6 376 377 # Delete all optional ACLs. 378 chacl -z tmpfile0 379 380 func_test_copy tmpfile0 tmpfile8 381 382 # Copy ACLs from a file that has no ACLs. 383 echo > tmpfile9 384 chmod a+x tmpfile9 385 orig=`lsacl tmpfile9 | sed -e 's/ tmpfile9$//'` 386 rm -f tmpfile9 387 chacl -r "${orig}" tmpfile0 388 389 func_test_copy tmpfile0 tmpfile9 390 391 ;; 392 393 hpuxjfs) 394 395 # Set an ACL for a user. 396 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 397 chacl -r "${orig}($auid.%,--x)" tmpfile0 \ 398 || setacl -m user:$auid:1 tmpfile0 399 400 func_test_copy tmpfile0 tmpfile2 401 402 # Set an ACL for a group. 403 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 404 chacl -r "${orig}(%.$agid,r--)" tmpfile0 \ 405 || setacl -m group:$agid:4 tmpfile0 406 407 func_test_copy tmpfile0 tmpfile3 408 409 # Set an ACL for other. 410 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` 411 chacl -r "${orig}(%.%,r--)" tmpfile0 \ 412 || setacl -m other:4 tmpfile0 413 414 func_test_copy tmpfile0 tmpfile4 415 416 # Remove the ACL for the user. 417 chacl -d "($auid.%,--x)" tmpfile0 \ 418 || setacl -d user:$auid tmpfile0 419 420 func_test_copy tmpfile0 tmpfile5 421 422 # Remove the ACL for the group. 423 chacl -d "(%.$agid,r--)" tmpfile0 \ 424 || setacl -d group:$agid tmpfile0 425 426 func_test_copy tmpfile0 tmpfile6 427 428 # Delete all optional ACLs. 429 chacl -z tmpfile0 \ 430 || { setacl -m user:$auid:1 tmpfile0 431 setacl -s user::6,group::0,class:7,other:0 tmpfile0 432 } 433 434 func_test_copy tmpfile0 tmpfile8 435 436 # Copy ACLs from a file that has no ACLs. 437 echo > tmpfile9 438 chmod a+x tmpfile9 439 orig=`lsacl tmpfile9 | sed -e 's/ tmpfile9$//'` 440 getacl tmpfile9 > tmpaclout0 441 rm -f tmpfile9 442 chacl -r "${orig}" tmpfile0 \ 443 || setacl -f tmpaclout0 tmpfile0 444 445 func_test_copy tmpfile0 tmpfile9 446 447 ;; 448 449 osf1) 450 451 # Set an ACL for a user. 452 setacl -u user:$auid:1 tmpfile0 453 454 func_test_copy tmpfile0 tmpfile2 455 456 # Set an ACL for a group. 457 setacl -u group:$agid:4 tmpfile0 458 459 func_test_copy tmpfile0 tmpfile3 460 461 # Set an ACL for other. 462 setacl -u other::4 tmpfile0 463 464 func_test_copy tmpfile0 tmpfile4 465 466 # Remove the ACL for the user. 467 setacl -x user:$auid:1 tmpfile0 468 469 func_test_copy tmpfile0 tmpfile5 470 471 if false; then # would give an error "can't set ACL: Invalid argument" 472 # Remove the ACL for other. 473 setacl -x other::4 tmpfile0 474 475 func_test_copy tmpfile0 tmpfile6 476 fi 477 478 # Remove the ACL for the group. 479 setacl -x group:$agid:4 tmpfile0 480 481 func_test_copy tmpfile0 tmpfile7 482 483 # Delete all optional ACLs. 484 setacl -u user:$auid:1 tmpfile0 485 setacl -b tmpfile0 486 487 func_test_copy tmpfile0 tmpfile8 488 489 # Copy ACLs from a file that has no ACLs. 490 echo > tmpfile9 491 chmod a+x tmpfile9 492 getacl tmpfile9 > tmpaclout0 493 setacl -b -U tmpaclout0 tmpfile0 494 rm -f tmpfile9 495 496 func_test_copy tmpfile0 tmpfile9 497 498 ;; 499 500 nsk) 501 502 # Set an ACL for a user. 503 setacl -m user:$auid:1 tmpfile0 504 505 func_test_copy tmpfile0 tmpfile2 506 507 # Set an ACL for a group. 508 setacl -m group:$agid:4 tmpfile0 509 510 func_test_copy tmpfile0 tmpfile3 511 512 # Set an ACL for other. 513 setacl -m other:4 tmpfile0 514 515 func_test_copy tmpfile0 tmpfile4 516 517 # Remove the ACL for the user. 518 setacl -d user:$auid tmpfile0 519 520 func_test_copy tmpfile0 tmpfile5 521 522 # Remove the ACL for the group. 523 setacl -d group:$agid tmpfile0 524 525 func_test_copy tmpfile0 tmpfile6 526 527 # Delete all optional ACLs. 528 setacl -m user:$auid:1 tmpfile0 529 setacl -s user::6,group::0,class:7,other:0 tmpfile0 530 531 func_test_copy tmpfile0 tmpfile8 532 533 # Copy ACLs from a file that has no ACLs. 534 echo > tmpfile9 535 chmod a+x tmpfile9 536 getacl tmpfile9 > tmpaclout0 537 setacl -f tmpaclout0 tmpfile0 538 rm -f tmpfile9 539 540 func_test_copy tmpfile0 tmpfile9 541 542 ;; 543 544 aix) 545 546 # Set an ACL for a user. 547 { aclget tmpfile0 | sed -e 's/disabled$/enabled/'; echo " permit --x u:$auid"; } | aclput tmpfile0 548 549 func_test_copy tmpfile0 tmpfile2 550 551 # Set an ACL for a group. 552 { aclget tmpfile0 | sed -e 's/disabled$/enabled/'; echo " permit r-- g:$agid"; } | aclput tmpfile0 553 554 func_test_copy tmpfile0 tmpfile3 555 556 # Set an ACL for other. 557 chmod o+r tmpfile0 558 559 func_test_copy tmpfile0 tmpfile4 560 561 # Remove the ACL for the user. 562 aclget tmpfile0 | grep -v ' u:[^ ]*$' | aclput tmpfile0 563 564 func_test_copy tmpfile0 tmpfile5 565 566 # Remove the ACL for the group. 567 aclget tmpfile0 | grep -v ' g:[^ ]*$' | aclput tmpfile0 568 569 func_test_copy tmpfile0 tmpfile7 570 571 # Delete all optional ACLs. 572 aclget tmpfile0 | sed -e 's/enabled$/disabled/' | sed -e '/disabled$/q' | aclput tmpfile0 573 574 func_test_copy tmpfile0 tmpfile8 575 576 # Copy ACLs from a file that has no ACLs. 577 echo > tmpfile9 578 chmod a+x tmpfile9 579 aclget tmpfile9 | aclput tmpfile0 580 rm -f tmpfile9 581 582 func_test_copy tmpfile0 tmpfile9 583 584 ;; 585 586 macosx) 587 588 # Set an ACL for a user. 589 /bin/chmod +a "user:daemon allow execute" tmpfile0 590 591 func_test_copy tmpfile0 tmpfile2 592 593 # Set an ACL for a group. 594 /bin/chmod +a "group:daemon allow read" tmpfile0 595 596 func_test_copy tmpfile0 tmpfile3 597 598 # Set an ACL for other. 599 chmod o+r tmpfile0 600 601 func_test_copy tmpfile0 tmpfile4 602 603 # Remove the ACL for the user. 604 /bin/chmod -a "user:daemon allow execute" tmpfile0 605 606 func_test_copy tmpfile0 tmpfile5 607 608 # Remove the ACL for the group. 609 /bin/chmod -a "group:daemon allow read" tmpfile0 610 611 func_test_copy tmpfile0 tmpfile7 612 613 # Delete all optional ACLs. 614 /bin/chmod -N tmpfile0 615 616 func_test_copy tmpfile0 tmpfile8 617 618 # Copy ACLs from a file that has no ACLs. 619 echo > tmpfile9 620 chmod a+x tmpfile9 621 { /bin/ls -le tmpfile9 | sed -n -e 's/^ [0-9][0-9]*: //p'; echo; } | /bin/chmod -E tmpfile0 622 rm -f tmpfile9 623 624 func_test_copy tmpfile0 tmpfile9 625 626 ;; 627 628 irix) 629 630 # Set an ACL for a user. 631 /sbin/chacl user::rw-,group::---,other::---,user:$auid:--x tmpfile0 632 633 func_test_copy tmpfile0 tmpfile2 634 635 # Set an ACL for a group. 636 /sbin/chacl user::rw-,group::---,other::---,user:$auid:--x,group:$agid:r-- tmpfile0 637 638 func_test_copy tmpfile0 tmpfile3 639 640 # Set an ACL for other. 641 /sbin/chacl user::rw-,group::---,user:$auid:--x,group:$agid:r--,other::r-- tmpfile0 642 643 func_test_copy tmpfile0 tmpfile4 644 645 # Remove the ACL for the user. 646 /sbin/chacl user::rw-,group::---,group:$agid:r--,other::r-- tmpfile0 647 648 func_test_copy tmpfile0 tmpfile5 649 650 # Remove the ACL for the group. 651 /sbin/chacl user::rw-,group::---,other::r-- tmpfile0 652 653 func_test_copy tmpfile0 tmpfile7 654 655 ;; 656 657 esac 658 fi 659 660 rm -f tmpfile[0-9] tmpaclout[0-2] 661) || exit 1 662 663rm -rf "$tmp" 664exit 0 665