From fdfaa849f8ea2fc6687aa13a7057b5088e3c65e5 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sat, 29 Feb 2020 20:38:48 +0100
Subject: tests: test xattr acls

Fixes https://github.com/rfjakob/gocryptfs/issues/453
---
 README.md                             |  1 +
 tests/xattr/xattr_integration_test.go | 34 ++++++++++++++++++++++++++++------
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index f18c2ea..76b5102 100644
--- a/README.md
+++ b/README.md
@@ -191,6 +191,7 @@ vNEXT, in progress
 * Fix [#367](https://github.com/rfjakob/gocryptfs/issues/431)
 * Fix [#435](https://github.com/rfjakob/gocryptfs/issues/435)
 * Fix [#440](https://github.com/rfjakob/gocryptfs/pull/440)
+* Enable ACL support ([#453](https://github.com/rfjakob/gocryptfs/issues/453))
 
 v1.7.1, 2019-10-06
 * Support wild cards in reverse mode via `--exclude-wildcard`
diff --git a/tests/xattr/xattr_integration_test.go b/tests/xattr/xattr_integration_test.go
index b091830..b7b6e69 100644
--- a/tests/xattr/xattr_integration_test.go
+++ b/tests/xattr/xattr_integration_test.go
@@ -44,6 +44,10 @@ func TestMain(m *testing.M) {
 }
 
 func setGetRmList(fn string) error {
+	return setGetRmList3(fn, "user.foo", []byte("123456789"))
+}
+
+func setGetRmList3(fn string, attr string, val []byte) error {
 	// List
 	list, err := xattr.LList(fn)
 	if err != nil {
@@ -52,10 +56,7 @@ func setGetRmList(fn string) error {
 	if len(list) > 0 {
 		return fmt.Errorf("Should have gotten empty result, got %v", list)
 	}
-	attr := "user.foo"
-	// Set
-	val1 := []byte("123456789")
-	err = xattr.LSet(fn, attr, val1)
+	err = xattr.LSet(fn, attr, val)
 	if err != nil {
 		return err
 	}
@@ -64,8 +65,8 @@ func setGetRmList(fn string) error {
 	if err != nil {
 		return err
 	}
-	if !bytes.Equal(val1, val2) {
-		return fmt.Errorf("wrong readback value: %v != %v", val1, val2)
+	if !bytes.Equal(val, val2) {
+		return fmt.Errorf("wrong readback value: %v != %v", val, val2)
 	}
 	// Remove
 	err = xattr.LRemove(fn, attr)
@@ -338,3 +339,24 @@ func TestSet0200Dir(t *testing.T) {
 		t.Error(err)
 	}
 }
+
+func TestAcl(t *testing.T) {
+	fn := test_helpers.DefaultPlainDir + "/TestAcl"
+	err := ioutil.WriteFile(fn, nil, 0600)
+	if err != nil {
+		t.Fatalf("creating empty file failed: %v", err)
+	}
+	// ACLs are blobs generated in userspace, let's steal a valid ACL from
+	// setfacl using strace:
+	//
+	//   $ strace -e setxattr setfacl -m u:root:r file
+	//   setxattr("file", "system.posix_acl_access", "\2\0\0\0\1\0\6\0\377\377\377\377\2\0\4\0\0\0\0\0\4\0\4\0\377\377\377\377\20\0\4", 44, 0) = 0
+	//
+	// The ACL gives user root additional read rights, in other words, it should
+	// have no effect at all.
+	acl := "\002\000\000\000\001\000\006\000\377\377\377\377\002\000\004\000\000\000\000\000\004\000\004\000\377\377\377\377\020\000\004"
+	err = setGetRmList3(fn, "system.posix_acl_access", []byte(acl))
+	if err != nil {
+		t.Error(err)
+	}
+}
-- 
cgit v1.2.3