X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=run-tests.sh;h=4cfea29007c13e091d0abd7af82b70b93f17f0d9;hb=941842c6bdda382c5b16124a55d2ab1cf2270d07;hp=68ae769104826e0e9c759900e116d7d8765e7b32;hpb=cd03e4e2f8afdbd2c9d70cb9b9e2ca7db07e826e;p=apply-default-acl.git

diff --git a/run-tests.sh b/run-tests.sh
index 68ae769..4cfea29 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -1,7 +1,31 @@
 #!/bin/bash
 
+#
+# Exit codes
+#
+
+# Exit with this when a test fails.
+EXIT_FAILURE=1
+
+# We use a few system users in the tests. If these users aren't
+# present, we exit with a different (non-EXIT_FAILURE).
+EXIT_MISSING_USERS=2
+
+# Define the users that we'll use in the tests below. We store the
+# names as variables to avoid repeating them everywhere.
+#
+# WARNING: These must be in alphabetical order; otherwise the getfacl
+# output will not match.
+#
+USERS=( bin daemon )
+
+# Check to see if the above users exist. If not, bail.
+for idx in $( seq 0 $((${#USERS[@]} - 1)) ); do
+    id ${USERS[idx]} >/dev/null 2>&1 || exit $EXIT_MISSING_USERS
+done
+
 # The program name.
-BIN=./src/apply-default-acl
+BIN=src/apply-default-acl
 
 # The directory where we'll do all the ACL manipulation.
 TESTDIR=test
@@ -27,7 +51,7 @@ compare() {
 	echo '================'
 	echo "${ACTUAL}"
 	echo '================'
-	exit 1
+	exit $EXIT_FAILURE
     fi
 }
 
@@ -40,11 +64,11 @@ mkdir "${TESTDIR}"
 # permissions should all be propagated to the mode bits.
 TESTNUM=1
 TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 777 "${TARGET}"
 setfacl -d -m user::r--  "${TESTDIR}"
 setfacl -d -m group::r-- "${TESTDIR}"
 setfacl -d -m other::r-- "${TESTDIR}"
-touch "${TARGET}"
-chmod 777 "${TARGET}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
@@ -63,14 +87,14 @@ TESTNUM=2
 setfacl -d -m user::r--     "${TESTDIR}"
 setfacl -d -m group::r--    "${TESTDIR}"
 setfacl -d -m other::r--    "${TESTDIR}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
 touch "${TARGET}"
 chmod 777 "${TARGET}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
 user::r--
-user:mail:rwx
+user:${USERS[0]}:rwx
 group::r--
 mask::rwx
 other::r--
@@ -81,29 +105,32 @@ EOF
 ACTUAL=`getfacl --omit-header "${TARGET}"`
 compare
 
+
 # A file shared by a group, should still be group-writable
 # afterwards.
 TESTNUM=3
 touch "${TARGET}"
 chmod 644 "${TARGET}"
-setfacl -d -m group:mail:rwx "${TESTDIR}"
+setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
 user::rw-
 group::r--
-group:mail:rwx	#effective:rw-
+group:${USERS[0]}:rwx	#effective:rw-
 mask::rw-
 other::r--
+
 EOF
 )
 
 ACTUAL=`getfacl --omit-header "${TARGET}"`
 compare
 
+
 # Same test as before except with a directory.
 TESTNUM=4
-setfacl -d -m group:mail:rwx "${TESTDIR}"
+setfacl -d -m group:${USERS[0]}:rwx "${TESTDIR}"
 mkdir "${TARGET}"
 chmod 755 "${TARGET}"
 $BIN "${TARGET}"
@@ -111,12 +138,12 @@ $BIN "${TARGET}"
 EXPECTED=$(cat <<EOF
 user::rwx
 group::r-x
-group:mail:rwx
+group:${USERS[0]}:rwx
 mask::rwx
 other::r-x
 default:user::rwx
 default:group::r-x
-default:group:mail:rwx
+default:group:${USERS[0]}:rwx
 default:mask::rwx
 default:other::r-x
 
@@ -152,13 +179,13 @@ compare
 TESTNUM=6
 touch "${TARGET}"
 chmod 744 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
 $BIN "${TARGET}"
 
 
 EXPECTED=$(cat <<EOF
 user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
 group::r-x
 mask::rwx
 other::r-x
@@ -175,16 +202,21 @@ compare
 TESTNUM=7
 touch "${TARGET}"
 chmod 744 "${TARGET}"
-setfacl -m user:news:rw "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
-setfacl -d -m user:news:rwx "${TESTDIR}"
+setfacl -m user:${USERS[1]}:rw "${TARGET}"
+# If we don't add 'x' to the mask here, nobody can execute the file.
+# setfacl will update the mask for us under most circumstances, but
+# note that we didn't create an entry with an 'x' bit using setfacl --
+# therefore, setfacl won't unmask 'x' for us.
+setfacl -m mask::rwx "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[1]}:rwx "${TESTDIR}"
 $BIN "${TARGET}"
 
 
 EXPECTED=$(cat <<EOF
 user::rwx
-user:mail:rwx
-user:news:rwx
+user:${USERS[0]}:rwx
+user:${USERS[1]}:rwx
 group::r-x
 mask::rwx
 other::r-x
@@ -200,14 +232,14 @@ compare
 TESTNUM=8
 touch "${TARGET}"
 chmod 644 "${TARGET}"
-setfacl -m user:news:rw "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -m user:${USERS[1]}:rw "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
 $BIN "${TARGET}"
 
 
 EXPECTED=$(cat <<EOF
 user::rw-
-user:mail:rwx	#effective:rw-
+user:${USERS[0]}:rwx	#effective:rw-
 group::r--
 mask::rw-
 other::r--
@@ -245,14 +277,14 @@ TESTNUM=10
 TARGET="${TESTDIR}"/foo
 touch "${TARGET}"
 chmod 777 "${TARGET}"
-setfacl -m user:mail:rwx "${TESTDIR}"
-setfacl -d -m user:mail:rwx  "${TESTDIR}"
+setfacl -m user:${USERS[0]}:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx  "${TESTDIR}"
 setfacl -d -m mask::rw-  "${TESTDIR}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
 user::rwx
-user:mail:rwx	#effective:rw-
+user:${USERS[0]}:rwx	#effective:rw-
 group::r-x	#effective:r--
 mask::rw-
 other::r-x
@@ -334,6 +366,7 @@ other::r--
 default:user::rwx
 default:group::r--
 default:other::r--
+
 EOF
 )
 
@@ -347,22 +380,23 @@ TESTNUM=14
 TARGET="${TESTDIR}"/baz
 mkdir "${TARGET}"
 chmod 644 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
 
 $BIN "${TARGET}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
 user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
 group::r-x
 mask::rwx
 other::r-x
 default:user::rwx
-default:user:mail:rwx
+default:user:${USERS[0]}:rwx
 default:group::r-x
 default:mask::rwx
 default:other::r-x
+
 EOF
 )
 
@@ -370,30 +404,175 @@ ACTUAL=`getfacl --omit-header "${TARGET}"`
 compare
 
 
-# Same as test #14, with 755 initial perms.
+# Same as previous test, with 755 initial perms.
 #
 TESTNUM=15
 TARGET="${TESTDIR}"/baz
 mkdir "${TARGET}"
 chmod 755 "${TARGET}"
-setfacl -d -m user:mail:rwx "${TESTDIR}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
 
 $BIN "${TARGET}"
 $BIN "${TARGET}"
 
 EXPECTED=$(cat <<EOF
 user::rwx
-user:mail:rwx
+user:${USERS[0]}:rwx
 group::r-x
 mask::rwx
 other::r-x
 default:user::rwx
-default:user:mail:rwx
+default:user:${USERS[0]}:rwx
 default:group::r-x
 default:mask::rwx
 default:other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Same as previous two tests, only with a file.
+#
+TESTNUM=16
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+
+$BIN "${TARGET}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rw-
+user:${USERS[0]}:rwx	#effective:rw-
+group::r--
+mask::rw-
+other::r--
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# User-executable files should not wind up exec-masked.
+TESTNUM=17
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 700 "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx  "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:${USERS[0]}:rwx
+group::r-x
+mask::rwx
+other::r-x
+
 EOF
 )
 
 ACTUAL=`getfacl --omit-header "${TARGET}"`
 compare
+
+
+# Group-executable files should not wind up exec-masked.
+TESTNUM=18
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 670 "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx  "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:${USERS[0]}:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+# Other-executable files should not wind up exec-masked.
+TESTNUM=19
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 607 "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx  "${TESTDIR}"
+$BIN "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:${USERS[0]}:rwx
+group::r-x
+mask::rwx
+other::r-x
+
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# Test #16's setup repeated with the --no-exec-mask flag.
+#
+TESTNUM=20
+TARGET="${TESTDIR}"/foo
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+# The directory allows execute for user, group, and other, so the file
+# should actually inherit them regardless of its initial mode when the
+# --no-exec-mask flag is passed.
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+
+$BIN --no-exec-mask "${TARGET}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:${USERS[0]}:rwx
+group::r-x
+mask::rwx
+other::r-x
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+
+
+
+# Test #20 repeated recursively to make sure the flags play nice
+# together.
+TESTNUM=21
+PARENT_DIR="${TESTDIR}"/foo
+TARGET="${PARENT_DIR}"/bar
+mkdir "${PARENT_DIR}"
+touch "${TARGET}"
+chmod 644 "${TARGET}"
+setfacl -d -m user:${USERS[0]}:rwx "${TESTDIR}"
+
+$BIN --recursive --no-exec-mask "${PARENT_DIR}"
+
+EXPECTED=$(cat <<EOF
+user::rwx
+user:${USERS[0]}:rwx
+group::r-x
+mask::rwx
+other::r-x
+EOF
+)
+
+ACTUAL=`getfacl --omit-header "${TARGET}"`
+compare
+