| Message ID | 5358EEAD.4090501@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Apr 24, 2014 at 06:59:57PM +0800, Kinglong Mee wrote: > +def doTestGetACL(t, env, path): > + c = env.c1 > + ops = c.use_obj(path) + [c.getattr([FATTR4_ACL])] > + res = c.compound(ops) > + check(res) > + > + attrs = res.resarray[-1].obj_attributes > + if FATTR4_ACL not in attrs.keys(): > + t.fail("Attributes not contains FATTR4_ACL") ... > +def testGetACLLink(t, env): > + """ Get ACL of symlink file > + > + FLAGS: acl getattr symlink all > + DEPEND: ACLSUPP LOOKLINK > + CODE: ACL1a > + """ > + doTestGetACL(t, env, env.opts.uselink) Dumb question: does that actually work? Looks like a good set of tests to have, in any case. What are the results against a Linux server? --b. > + > +def testGetACLSocket(t, env): > + """ Get ACL of socket file > + > + FLAGS: acl getattr socket all > + DEPEND: ACLSUPP LOOKSOCK > + CODE: ACL1s > + """ > + doTestGetACL(t, env, env.opts.usesocket) > + > +def testGetACLChar(t, env): > + """ Get ACL of char file > + > + FLAGS: acl getattr char all > + DEPEND: ACLSUPP LOOKCHAR > + CODE: ACL1c > + """ > + doTestGetACL(t, env, env.opts.usechar) > + > +def testGetACLBlock(t, env): > + """ Get ACL of block file > + > + FLAGS: acl getattr block all > + DEPEND: ACLSUPP LOOKBLK > + CODE: ACL1b > + """ > + doTestGetACL(t, env, env.opts.useblock) > + > +def doCheckACL(t, c, file, acl): > + res = c.compound(c.use_obj(file) + [c.getattr([FATTR4_ACL])]) > + check(res) > + > + attrs = res.resarray[-1].obj_attributes > + if FATTR4_ACL not in attrs.keys(): > + t.fail("Attributes not contains FATTR4_ACL") > + > +# print printableacl(acl) > +# print printableacl(attrs[FATTR4_ACL]) > + > +def doSetACLEnv(t, env, type = NF4REG): > + c = env.c1 > + path = c.homedir + [t.code] > + res = c.create_obj(path, attrs={FATTR4_MODE:0777}) > + check(res) > + > + c1 = clientWithSys(env, 9999, 9999); > + c1.init_connection() > + > + path += [t.code] > + attrs = {FATTR4_MODE: 0777} > + > + if type == NF4REG: > + fh, stateid = c1.create_confirm(t.code, path, attrs=attrs, > + deny=OPEN4_SHARE_DENY_NONE) > + return (c1, path, fh, stateid) > + else: > + res = c1.create_obj(path, attrs=attrs) > + check(res) > + return (c1, path) > + > +def testWriteFileWithoutACL(t, env): > + """ Check write file without write ACL > + > + FLAGS: acl file all > + DEPEND: ACLSUPP MKFILE > + CODE: ACL2 > + """ > + c1, path, fh, stateid = doSetACLEnv(t, env) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_DATA, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, fh, testacl) > + > + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) > + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without write ACL") > + > +def testReadFileWithoutACL(t, env): > + """ Check read file without read ACL > + > + FLAGS: acl file all > + DEPEND: ACLSUPP MKFILE > + CODE: ACL3 > + """ > + c1, path, fh, stateid = doSetACLEnv(t, env) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_READ_DATA, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, fh, testacl) > + > + res = c1.open_file(t.code, path, deny = OPEN4_SHARE_DENY_READ) > + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without read ACL") > + > +def testAppendFileWithoutACL(t, env): > + """ Check write file without append ACL > + > + FLAGS: acl file all > + DEPEND: ACLSUPP MKFILE > + CODE: ACL4 > + """ > + c1, path, fh, stateid = doSetACLEnv(t, env) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_APPEND_DATA, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, fh, testacl) > + > + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) > + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without append ACL") > + > +def testChownWithoutACL(t, env): > + """ Check change file's owner without WRITE OWNER ACL > + > + FLAGS: acl file all > + DEPEND: ACLSUPP MKFILE > + CODE: ACL5 > + """ > + c1, path, fh, stateid = doSetACLEnv(t, env) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_OWNER, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, fh, testacl) > + > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_OWNER: "6666"})]) > + check(res, NFS4ERR_PERM, "Trying to change file's owner without ACL") > + > +def testSetACLWithoutACL(t, env): > + """ Check set ACL without SETACL ACL > + > + FLAGS: acl file all > + DEPEND: ACLSUPP MKFILE > + CODE: ACL6 > + """ > + c1, path, fh, stateid = doSetACLEnv(t, env) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_ACL, "OWNER@")] > + ops = c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})] > + res = c1.compound(ops) > + check(res) > + > + doCheckACL(t, c1, fh, testacl) > + > + res = c1.compound(ops) > + check(res, NFS4ERR_PERM, "Trying to set acl without ACL") > + > +def testCreateFileWithoutACL(t, env): > + """ Check create file in directory without ACL > + > + FLAGS: acl dir all > + DEPEND: ACLSUPP MKDIR > + CODE: ACL7 > + """ > + c1, path = doSetACLEnv(t, env, type = NF4DIR) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_FILE, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, path, testacl) > + > + path += [t.code] > + res = c1.create_obj(path) > + # NFSD's shortage, can not create sub-directory > + check(res, NFS4ERR_ACCESS) > + > + res = c1.create_file(t.code, path) > + check(res, NFS4ERR_ACCESS, "Trying to create file without ACL") > + > +def testListDirWithoutACL(t, env): > + """ Check list directory without ACL > + > + FLAGS: acl dir all > + DEPEND: ACLSUPP MKDIR > + CODE: ACL8 > + """ > + c1, path = doSetACLEnv(t, env, type = NF4DIR) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_LIST_DIRECTORY, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, path, testacl) > + > + res = c1.compound(c1.use_obj(path) + [c1.readdir()]) > + check(res, NFS4ERR_ACCESS, "Trying to list directory without ACL") > + > +def testMkdirWithoutACL(t, env): > + """ Check creat sub-directory without ACL > + > + FLAGS: acl dir all > + DEPEND: ACLSUPP MKDIR > + CODE: ACL9 > + """ > + c1, path = doSetACLEnv(t, env, type = NF4DIR) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_SUBDIRECTORY, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, path, testacl) > + > + path += [t.code] > + res = c1.create_file(t.code, path) > + # NFSD's shortage, can not create file > + check(res, NFS4ERR_ACCESS) > + > + res = c1.create_obj(path) > + check(res, NFS4ERR_ACCESS, "Trying to create sub-directory without ACL") > + > +def testLookupFileWithoutACL(t, env): > + """ Check lookup file without ACL > + > + FLAGS: acl dir all > + DEPEND: ACLSUPP MKDIR > + CODE: ACL10 > + """ > + c1, path = doSetACLEnv(t, env, type = NF4DIR) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_EXECUTE, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, path, testacl) > + > + res = c1.compound(c1.use_obj(path) + c1.lookup_path([t.code])) > + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL") > + > +def testUnlinkFileWithoutACL(t, env): > + """ Check unlink sub-file without ACL > + > + FLAGS: acl dir all > + DEPEND: ACLSUPP MKDIR > + CODE: ACL11 > + """ > + c1, path = doSetACLEnv(t, env, type = NF4DIR) > + > + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_DELETE_CHILD, "OWNER@")] > + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) > + check(res) > + > + doCheckACL(t, c1, path, testacl) > + > + res = c1.compound(c1.use_obj(path) + [c1.remove_op(t.code)]) > + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL") > -- > 1.9.0 > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 5/7/2014 04:24, J. Bruce Fields wrote: > On Thu, Apr 24, 2014 at 06:59:57PM +0800, Kinglong Mee wrote: >> +def doTestGetACL(t, env, path): >> + c = env.c1 >> + ops = c.use_obj(path) + [c.getattr([FATTR4_ACL])] >> + res = c.compound(ops) >> + check(res) >> + >> + attrs = res.resarray[-1].obj_attributes >> + if FATTR4_ACL not in attrs.keys(): >> + t.fail("Attributes not contains FATTR4_ACL") > ... >> +def testGetACLLink(t, env): >> + """ Get ACL of symlink file >> + >> + FLAGS: acl getattr symlink all >> + DEPEND: ACLSUPP LOOKLINK >> + CODE: ACL1a >> + """ >> + doTestGetACL(t, env, env.opts.uselink) > > Dumb question: does that actually work? Yes, it is. > > Looks like a good set of tests to have, in any case. What are the > results against a Linux server? With my last fix of BUG() for ACL, and exports as #cat /etc/exports /nfstest *(rw,no_root_squash,no_subtree_check,insecure,fsid=0) #./testserver.py 127.0.0.1:/ --maketree --rundeps acl ************************************************** ACL1a st_acl.testGetACLLink : PASS ACL1b st_acl.testGetACLBlock : PASS ACL1c st_acl.testGetACLChar : PASS ACL1d st_acl.testGetACLDir : PASS ACL1f st_acl.testGetACLFifo : PASS ACL1r st_acl.testGetACLFile : PASS ACL1s st_acl.testGetACLSocket : PASS ACL2 st_acl.testWriteFileWithoutACL : PASS ACL3 st_acl.testReadFileWithoutACL : PASS ACL4 st_acl.testAppendFileWithoutACL : PASS ACL5 st_acl.testChownWithoutACL : PASS ACL6 st_acl.testSetACLWithoutACL : FAILURE Trying to set acl without ACL should return NFS4ERR_PERM, instead got NFS4_OK ACL7 st_acl.testCreateFileWithoutACL : PASS ACL8 st_acl.testListDirWithoutACL : PASS ACL9 st_acl.testMkdirWithoutACL : PASS ACL10 st_acl.testLookupFileWithoutACL : PASS ACL11 st_acl.testUnlinkFileWithoutACL : PASS ACLSUPP st_acl.testCheckSupportedACL : PASS INIT st_setclientid.testValid : PASS LOOKBLK st_lookup.testBlock : PASS LOOKCHAR st_lookup.testChar : PASS LOOKDIR st_lookup.testDir : PASS LOOKFIFO st_lookup.testFifo : PASS LOOKFILE st_lookup.testFile : PASS LOOKLINK st_lookup.testLink : PASS LOOKSOCK st_lookup.testSocket : PASS MKDIR st_create.testDir : PASS MKFILE st_open.testOpen : PASS ************************************************** thanks, Kinglong Mee > > --b. > >> + >> +def testGetACLSocket(t, env): >> + """ Get ACL of socket file >> + >> + FLAGS: acl getattr socket all >> + DEPEND: ACLSUPP LOOKSOCK >> + CODE: ACL1s >> + """ >> + doTestGetACL(t, env, env.opts.usesocket) >> + >> +def testGetACLChar(t, env): >> + """ Get ACL of char file >> + >> + FLAGS: acl getattr char all >> + DEPEND: ACLSUPP LOOKCHAR >> + CODE: ACL1c >> + """ >> + doTestGetACL(t, env, env.opts.usechar) >> + >> +def testGetACLBlock(t, env): >> + """ Get ACL of block file >> + >> + FLAGS: acl getattr block all >> + DEPEND: ACLSUPP LOOKBLK >> + CODE: ACL1b >> + """ >> + doTestGetACL(t, env, env.opts.useblock) >> + >> +def doCheckACL(t, c, file, acl): >> + res = c.compound(c.use_obj(file) + [c.getattr([FATTR4_ACL])]) >> + check(res) >> + >> + attrs = res.resarray[-1].obj_attributes >> + if FATTR4_ACL not in attrs.keys(): >> + t.fail("Attributes not contains FATTR4_ACL") >> + >> +# print printableacl(acl) >> +# print printableacl(attrs[FATTR4_ACL]) >> + >> +def doSetACLEnv(t, env, type = NF4REG): >> + c = env.c1 >> + path = c.homedir + [t.code] >> + res = c.create_obj(path, attrs={FATTR4_MODE:0777}) >> + check(res) >> + >> + c1 = clientWithSys(env, 9999, 9999); >> + c1.init_connection() >> + >> + path += [t.code] >> + attrs = {FATTR4_MODE: 0777} >> + >> + if type == NF4REG: >> + fh, stateid = c1.create_confirm(t.code, path, attrs=attrs, >> + deny=OPEN4_SHARE_DENY_NONE) >> + return (c1, path, fh, stateid) >> + else: >> + res = c1.create_obj(path, attrs=attrs) >> + check(res) >> + return (c1, path) >> + >> +def testWriteFileWithoutACL(t, env): >> + """ Check write file without write ACL >> + >> + FLAGS: acl file all >> + DEPEND: ACLSUPP MKFILE >> + CODE: ACL2 >> + """ >> + c1, path, fh, stateid = doSetACLEnv(t, env) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_DATA, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, fh, testacl) >> + >> + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) >> + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without write ACL") >> + >> +def testReadFileWithoutACL(t, env): >> + """ Check read file without read ACL >> + >> + FLAGS: acl file all >> + DEPEND: ACLSUPP MKFILE >> + CODE: ACL3 >> + """ >> + c1, path, fh, stateid = doSetACLEnv(t, env) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_READ_DATA, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, fh, testacl) >> + >> + res = c1.open_file(t.code, path, deny = OPEN4_SHARE_DENY_READ) >> + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without read ACL") >> + >> +def testAppendFileWithoutACL(t, env): >> + """ Check write file without append ACL >> + >> + FLAGS: acl file all >> + DEPEND: ACLSUPP MKFILE >> + CODE: ACL4 >> + """ >> + c1, path, fh, stateid = doSetACLEnv(t, env) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_APPEND_DATA, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, fh, testacl) >> + >> + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) >> + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without append ACL") >> + >> +def testChownWithoutACL(t, env): >> + """ Check change file's owner without WRITE OWNER ACL >> + >> + FLAGS: acl file all >> + DEPEND: ACLSUPP MKFILE >> + CODE: ACL5 >> + """ >> + c1, path, fh, stateid = doSetACLEnv(t, env) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_OWNER, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, fh, testacl) >> + >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_OWNER: "6666"})]) >> + check(res, NFS4ERR_PERM, "Trying to change file's owner without ACL") >> + >> +def testSetACLWithoutACL(t, env): >> + """ Check set ACL without SETACL ACL >> + >> + FLAGS: acl file all >> + DEPEND: ACLSUPP MKFILE >> + CODE: ACL6 >> + """ >> + c1, path, fh, stateid = doSetACLEnv(t, env) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_ACL, "OWNER@")] >> + ops = c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})] >> + res = c1.compound(ops) >> + check(res) >> + >> + doCheckACL(t, c1, fh, testacl) >> + >> + res = c1.compound(ops) >> + check(res, NFS4ERR_PERM, "Trying to set acl without ACL") >> + >> +def testCreateFileWithoutACL(t, env): >> + """ Check create file in directory without ACL >> + >> + FLAGS: acl dir all >> + DEPEND: ACLSUPP MKDIR >> + CODE: ACL7 >> + """ >> + c1, path = doSetACLEnv(t, env, type = NF4DIR) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_FILE, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, path, testacl) >> + >> + path += [t.code] >> + res = c1.create_obj(path) >> + # NFSD's shortage, can not create sub-directory >> + check(res, NFS4ERR_ACCESS) >> + >> + res = c1.create_file(t.code, path) >> + check(res, NFS4ERR_ACCESS, "Trying to create file without ACL") >> + >> +def testListDirWithoutACL(t, env): >> + """ Check list directory without ACL >> + >> + FLAGS: acl dir all >> + DEPEND: ACLSUPP MKDIR >> + CODE: ACL8 >> + """ >> + c1, path = doSetACLEnv(t, env, type = NF4DIR) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_LIST_DIRECTORY, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, path, testacl) >> + >> + res = c1.compound(c1.use_obj(path) + [c1.readdir()]) >> + check(res, NFS4ERR_ACCESS, "Trying to list directory without ACL") >> + >> +def testMkdirWithoutACL(t, env): >> + """ Check creat sub-directory without ACL >> + >> + FLAGS: acl dir all >> + DEPEND: ACLSUPP MKDIR >> + CODE: ACL9 >> + """ >> + c1, path = doSetACLEnv(t, env, type = NF4DIR) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_SUBDIRECTORY, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, path, testacl) >> + >> + path += [t.code] >> + res = c1.create_file(t.code, path) >> + # NFSD's shortage, can not create file >> + check(res, NFS4ERR_ACCESS) >> + >> + res = c1.create_obj(path) >> + check(res, NFS4ERR_ACCESS, "Trying to create sub-directory without ACL") >> + >> +def testLookupFileWithoutACL(t, env): >> + """ Check lookup file without ACL >> + >> + FLAGS: acl dir all >> + DEPEND: ACLSUPP MKDIR >> + CODE: ACL10 >> + """ >> + c1, path = doSetACLEnv(t, env, type = NF4DIR) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_EXECUTE, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, path, testacl) >> + >> + res = c1.compound(c1.use_obj(path) + c1.lookup_path([t.code])) >> + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL") >> + >> +def testUnlinkFileWithoutACL(t, env): >> + """ Check unlink sub-file without ACL >> + >> + FLAGS: acl dir all >> + DEPEND: ACLSUPP MKDIR >> + CODE: ACL11 >> + """ >> + c1, path = doSetACLEnv(t, env, type = NF4DIR) >> + >> + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_DELETE_CHILD, "OWNER@")] >> + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) >> + check(res) >> + >> + doCheckACL(t, c1, path, testacl) >> + >> + res = c1.compound(c1.use_obj(path) + [c1.remove_op(t.code)]) >> + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL") >> -- >> 1.9.0 >> > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/nfs4.0/servertests/__init__.py b/nfs4.0/servertests/__init__.py index b0b77c4..90da169 100644 --- a/nfs4.0/servertests/__init__.py +++ b/nfs4.0/servertests/__init__.py @@ -40,4 +40,5 @@ __all__ = [ "st_access.py", "st_reboot.py", "st_delegation.py", # Not Done at all "st_spoof.py", + "st_acl.py", ] diff --git a/nfs4.0/servertests/st_acl.py b/nfs4.0/servertests/st_acl.py new file mode 100644 index 0000000..01a1e51 --- /dev/null +++ b/nfs4.0/servertests/st_acl.py @@ -0,0 +1,322 @@ +from nfs4_const import * +from environment import check, checklist, clientWithSys +from nfs4lib import get_attr_name +from nfs4acl import * + +MASK_ALL_FILE = ACE4_READ_DATA | ACE4_WRITE_DATA | ACE4_APPEND_DATA | \ + ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \ + ACE4_EXECUTE | ACE4_READ_ATTRIBUTES | ACE4_WRITE_ATTRIBUTES | \ + ACE4_DELETE | ACE4_READ_ACL | ACE4_WRITE_ACL | \ + ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE +MASK_ALL_DIR = ACE4_LIST_DIRECTORY | ACE4_ADD_FILE | ACE4_ADD_SUBDIRECTORY | \ + ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \ + ACE4_EXECUTE | ACE4_DELETE_CHILD | ACE4_READ_ATTRIBUTES | \ + ACE4_WRITE_ATTRIBUTES | ACE4_READ_ACL | ACE4_WRITE_ACL | \ + ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE + +def doTestGetACL(t, env, path): + c = env.c1 + ops = c.use_obj(path) + [c.getattr([FATTR4_ACL])] + res = c.compound(ops) + check(res) + + attrs = res.resarray[-1].obj_attributes + if FATTR4_ACL not in attrs.keys(): + t.fail("Attributes not contains FATTR4_ACL") + +# print printableacl(attrs[FATTR4_ACL]) + +def testCheckSupportedACL(t, env): + """ Check whether attributes contains FATTR4_ACLSUPPORT + + FLAGS: getattr all + CODE: ACLSUPP + """ + if not FATTR4_ACLSUPPORT & env.c1.supportedAttrs(): + t.fail_support("Server does not support FATTR4_ACL") + +def testGetACLFile(t, env): + """ Get ACL of reg file + + FLAGS: acl getattr file all + DEPEND: ACLSUPP LOOKFILE + CODE: ACL1r + """ + doTestGetACL(t, env, env.opts.usefile) + +def testGetACLDir(t, env): + """ Get ACL of dir file + + FLAGS: acl getattr dir all + DEPEND: ACLSUPP LOOKDIR + CODE: ACL1d + """ + doTestGetACL(t, env, env.opts.usedir) + +def testGetACLFifo(t, env): + """ Get ACL of fifo file + + FLAGS: acl getattr fifo all + DEPEND: ACLSUPP LOOKFIFO + CODE: ACL1f + """ + doTestGetACL(t, env, env.opts.usefifo) + +def testGetACLLink(t, env): + """ Get ACL of symlink file + + FLAGS: acl getattr symlink all + DEPEND: ACLSUPP LOOKLINK + CODE: ACL1a + """ + doTestGetACL(t, env, env.opts.uselink) + +def testGetACLSocket(t, env): + """ Get ACL of socket file + + FLAGS: acl getattr socket all + DEPEND: ACLSUPP LOOKSOCK + CODE: ACL1s + """ + doTestGetACL(t, env, env.opts.usesocket) + +def testGetACLChar(t, env): + """ Get ACL of char file + + FLAGS: acl getattr char all + DEPEND: ACLSUPP LOOKCHAR + CODE: ACL1c + """ + doTestGetACL(t, env, env.opts.usechar) + +def testGetACLBlock(t, env): + """ Get ACL of block file + + FLAGS: acl getattr block all + DEPEND: ACLSUPP LOOKBLK + CODE: ACL1b + """ + doTestGetACL(t, env, env.opts.useblock) + +def doCheckACL(t, c, file, acl): + res = c.compound(c.use_obj(file) + [c.getattr([FATTR4_ACL])]) + check(res) + + attrs = res.resarray[-1].obj_attributes + if FATTR4_ACL not in attrs.keys(): + t.fail("Attributes not contains FATTR4_ACL") + +# print printableacl(acl) +# print printableacl(attrs[FATTR4_ACL]) + +def doSetACLEnv(t, env, type = NF4REG): + c = env.c1 + path = c.homedir + [t.code] + res = c.create_obj(path, attrs={FATTR4_MODE:0777}) + check(res) + + c1 = clientWithSys(env, 9999, 9999); + c1.init_connection() + + path += [t.code] + attrs = {FATTR4_MODE: 0777} + + if type == NF4REG: + fh, stateid = c1.create_confirm(t.code, path, attrs=attrs, + deny=OPEN4_SHARE_DENY_NONE) + return (c1, path, fh, stateid) + else: + res = c1.create_obj(path, attrs=attrs) + check(res) + return (c1, path) + +def testWriteFileWithoutACL(t, env): + """ Check write file without write ACL + + FLAGS: acl file all + DEPEND: ACLSUPP MKFILE + CODE: ACL2 + """ + c1, path, fh, stateid = doSetACLEnv(t, env) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_DATA, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, fh, testacl) + + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without write ACL") + +def testReadFileWithoutACL(t, env): + """ Check read file without read ACL + + FLAGS: acl file all + DEPEND: ACLSUPP MKFILE + CODE: ACL3 + """ + c1, path, fh, stateid = doSetACLEnv(t, env) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_READ_DATA, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, fh, testacl) + + res = c1.open_file(t.code, path, deny = OPEN4_SHARE_DENY_READ) + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without read ACL") + +def testAppendFileWithoutACL(t, env): + """ Check write file without append ACL + + FLAGS: acl file all + DEPEND: ACLSUPP MKFILE + CODE: ACL4 + """ + c1, path, fh, stateid = doSetACLEnv(t, env) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_APPEND_DATA, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, fh, testacl) + + res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE) + check(res, NFS4ERR_ACCESS, "Trying to OPEN file without append ACL") + +def testChownWithoutACL(t, env): + """ Check change file's owner without WRITE OWNER ACL + + FLAGS: acl file all + DEPEND: ACLSUPP MKFILE + CODE: ACL5 + """ + c1, path, fh, stateid = doSetACLEnv(t, env) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_OWNER, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, fh, testacl) + + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_OWNER: "6666"})]) + check(res, NFS4ERR_PERM, "Trying to change file's owner without ACL") + +def testSetACLWithoutACL(t, env): + """ Check set ACL without SETACL ACL + + FLAGS: acl file all + DEPEND: ACLSUPP MKFILE + CODE: ACL6 + """ + c1, path, fh, stateid = doSetACLEnv(t, env) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_ACL, "OWNER@")] + ops = c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})] + res = c1.compound(ops) + check(res) + + doCheckACL(t, c1, fh, testacl) + + res = c1.compound(ops) + check(res, NFS4ERR_PERM, "Trying to set acl without ACL") + +def testCreateFileWithoutACL(t, env): + """ Check create file in directory without ACL + + FLAGS: acl dir all + DEPEND: ACLSUPP MKDIR + CODE: ACL7 + """ + c1, path = doSetACLEnv(t, env, type = NF4DIR) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_FILE, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, path, testacl) + + path += [t.code] + res = c1.create_obj(path) + # NFSD's shortage, can not create sub-directory + check(res, NFS4ERR_ACCESS) + + res = c1.create_file(t.code, path) + check(res, NFS4ERR_ACCESS, "Trying to create file without ACL") + +def testListDirWithoutACL(t, env): + """ Check list directory without ACL + + FLAGS: acl dir all + DEPEND: ACLSUPP MKDIR + CODE: ACL8 + """ + c1, path = doSetACLEnv(t, env, type = NF4DIR) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_LIST_DIRECTORY, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, path, testacl) + + res = c1.compound(c1.use_obj(path) + [c1.readdir()]) + check(res, NFS4ERR_ACCESS, "Trying to list directory without ACL") + +def testMkdirWithoutACL(t, env): + """ Check creat sub-directory without ACL + + FLAGS: acl dir all + DEPEND: ACLSUPP MKDIR + CODE: ACL9 + """ + c1, path = doSetACLEnv(t, env, type = NF4DIR) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_SUBDIRECTORY, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, path, testacl) + + path += [t.code] + res = c1.create_file(t.code, path) + # NFSD's shortage, can not create file + check(res, NFS4ERR_ACCESS) + + res = c1.create_obj(path) + check(res, NFS4ERR_ACCESS, "Trying to create sub-directory without ACL") + +def testLookupFileWithoutACL(t, env): + """ Check lookup file without ACL + + FLAGS: acl dir all + DEPEND: ACLSUPP MKDIR + CODE: ACL10 + """ + c1, path = doSetACLEnv(t, env, type = NF4DIR) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_EXECUTE, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, path, testacl) + + res = c1.compound(c1.use_obj(path) + c1.lookup_path([t.code])) + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL") + +def testUnlinkFileWithoutACL(t, env): + """ Check unlink sub-file without ACL + + FLAGS: acl dir all + DEPEND: ACLSUPP MKDIR + CODE: ACL11 + """ + c1, path = doSetACLEnv(t, env, type = NF4DIR) + + testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_DELETE_CHILD, "OWNER@")] + res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]) + check(res) + + doCheckACL(t, c1, path, testacl) + + res = c1.compound(c1.use_obj(path) + [c1.remove_op(t.code)]) + check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL")
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com> --- nfs4.0/servertests/__init__.py | 1 + nfs4.0/servertests/st_acl.py | 322 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 323 insertions(+) create mode 100644 nfs4.0/servertests/st_acl.py