run-tests.sh: add regression test for bug with multiple named entities.

Michał Bartoszkiewicz just reported a very bad bug in the latest
release. When multiple named-user and named-group entries exist, the
later entries clobber earlier ones in the list. So if there are two
default ACL entries on a parent directory for group:bar and group:foo,
then apply-default-acl will create two entries on a child but both
wind up with the permissions of the group:foo entry. The full test
case he provided is as follows:

  $ getfacl -n .
  # file: .
  # owner: 1000
  # group: 1000
  user::rwx
  group::r-x
  other::r-x
  default:user::rwx
  default:group::r-x
  default:group:1:---
  default:group:2:rw-
  default:mask::rwx
  default:other::r-x

  $ touch foo
  $ getfacl -n foo
  # file: foo
  # owner: 1000
  # group: 1000
  user::rw-
  group::r-x            #effective:r--
  group:1:---
  group:2:rw-
  mask::rw-
  other::r--

  $ apply-default-acl foo
  $ getfacl -n foo
  # file: foo
  # owner: 1000
  # group: 1000
  user::rw-
  group::r--
  group:1:rw-
  group:2:rw-
  mask::rw-
  other::r--

This commit adds a new regression test that creates multiple default
named-user and named-group entries at once (with different
permissions!) and checks that they get applied correctly.

diff --git a/run-tests.sh b/run-tests.sh
index cb04d47cf759f1d44205eb4fab66e4725320f9ad..d6e72bf6f46639cda021f0a65c6a887ad7b9a681 100755 (executable)
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -13,13 +13,16 @@ EXIT_FAILURE=1
 # present, we exit with a different (non-EXIT_FAILURE).
 EXIT_MISSING_USERS=2
 
 # present, we exit with a different (non-EXIT_FAILURE).
 EXIT_MISSING_USERS=2
 

-# Define the users that we'll use in the tests below. We store the
-# names as variables to avoid repeating them everywhere.
+# Define the users and groups that we'll use in the tests below. We
+# store the names as variables to avoid repeating them everywhere.
+# Since GROUPS is already part of everyone's environment, we need
+# a different name.

 #
 # WARNING: These must be in alphabetical order; otherwise the getfacl
 # output will not match.
 #
 USERS=( bin daemon )
 #
 # WARNING: These must be in alphabetical order; otherwise the getfacl
 # output will not match.
 #
 USERS=( bin daemon )

+TESTGROUPS=( bin daemon )

 
 # Check to see if the above users exist. If not, bail.
 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
 
 # Check to see if the above users exist. If not, bail.
 for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do


@@ -951,3 +954,32 @@ pushd "${TARGET}/bar/baz" > /dev/null
 ACTUAL=$( getfacl --omit-header "../" )
 popd > /dev/null
 compare
 ACTUAL=$( getfacl --omit-header "../" )
 popd > /dev/null
 compare

+
+
+# Ensure that multiple named-user and named-group entries all get
+# applied individually rather than the last one taking precedence.
+# This is a regression test against a bug that made it into a release
+# and was reported by Michał Bartoszkiewicz.
+((TESTNUM++))
+TARGET="${TESTDIR}"
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rw- "${TESTDIR}"
+setfacl -d -m group:${TESTGROUPS[0]}:rw- "${TESTDIR}"
+setfacl -d -m user:${USERS[1]}:--- "${TESTDIR}"
+setfacl -d -m group:${TESTGROUPS[1]}:--- "${TESTDIR}"
+"${BIN}" "${TARGET}"
+EXPECTED=$(cat <<EOF
+user::rw-
+user:${USERS[0]}:rw-
+user:${USERS[1]}:---
+group::r--
+group:${TESTGROUPS[0]}:rw-
+group:${TESTGROUPS[1]}:---
+mask::rw-
+other::r--
+
+EOF
+)
+ACTUAL=$( getfacl --omit-header "${TARGET}" )
+compare