From: Kinglong Mee <kinglongmee@gmail.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 3/3] NFS4.0: Add some test cases for nfsv4 acl
Date: Thu, 24 Apr 2014 18:59:57 +0800 [thread overview]
Message-ID: <5358EEAD.4090501@gmail.com> (raw)
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
nfs4.0/servertests/__init__.py | 1 +
nfs4.0/servertests/st_acl.py | 322 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 323 insertions(+)
create mode 100644 nfs4.0/servertests/st_acl.py
diff --git a/nfs4.0/servertests/__init__.py b/nfs4.0/servertests/__init__.py
index b0b77c4..90da169 100644
--- a/nfs4.0/servertests/__init__.py
+++ b/nfs4.0/servertests/__init__.py
@@ -40,4 +40,5 @@ __all__ = [ "st_access.py",
"st_reboot.py",
"st_delegation.py", # Not Done at all
"st_spoof.py",
+ "st_acl.py",
]
diff --git a/nfs4.0/servertests/st_acl.py b/nfs4.0/servertests/st_acl.py
new file mode 100644
index 0000000..01a1e51
--- /dev/null
+++ b/nfs4.0/servertests/st_acl.py
@@ -0,0 +1,322 @@
+from nfs4_const import *
+from environment import check, checklist, clientWithSys
+from nfs4lib import get_attr_name
+from nfs4acl import *
+
+MASK_ALL_FILE = ACE4_READ_DATA | ACE4_WRITE_DATA | ACE4_APPEND_DATA | \
+ ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \
+ ACE4_EXECUTE | ACE4_READ_ATTRIBUTES | ACE4_WRITE_ATTRIBUTES | \
+ ACE4_DELETE | ACE4_READ_ACL | ACE4_WRITE_ACL | \
+ ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE
+MASK_ALL_DIR = ACE4_LIST_DIRECTORY | ACE4_ADD_FILE | ACE4_ADD_SUBDIRECTORY | \
+ ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \
+ ACE4_EXECUTE | ACE4_DELETE_CHILD | ACE4_READ_ATTRIBUTES | \
+ ACE4_WRITE_ATTRIBUTES | ACE4_READ_ACL | ACE4_WRITE_ACL | \
+ ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE
+
+def doTestGetACL(t, env, path):
+ c = env.c1
+ ops = c.use_obj(path) + [c.getattr([FATTR4_ACL])]
+ res = c.compound(ops)
+ check(res)
+
+ attrs = res.resarray[-1].obj_attributes
+ if FATTR4_ACL not in attrs.keys():
+ t.fail("Attributes not contains FATTR4_ACL")
+
+# print printableacl(attrs[FATTR4_ACL])
+
+def testCheckSupportedACL(t, env):
+ """ Check whether attributes contains FATTR4_ACLSUPPORT
+
+ FLAGS: getattr all
+ CODE: ACLSUPP
+ """
+ if not FATTR4_ACLSUPPORT & env.c1.supportedAttrs():
+ t.fail_support("Server does not support FATTR4_ACL")
+
+def testGetACLFile(t, env):
+ """ Get ACL of reg file
+
+ FLAGS: acl getattr file all
+ DEPEND: ACLSUPP LOOKFILE
+ CODE: ACL1r
+ """
+ doTestGetACL(t, env, env.opts.usefile)
+
+def testGetACLDir(t, env):
+ """ Get ACL of dir file
+
+ FLAGS: acl getattr dir all
+ DEPEND: ACLSUPP LOOKDIR
+ CODE: ACL1d
+ """
+ doTestGetACL(t, env, env.opts.usedir)
+
+def testGetACLFifo(t, env):
+ """ Get ACL of fifo file
+
+ FLAGS: acl getattr fifo all
+ DEPEND: ACLSUPP LOOKFIFO
+ CODE: ACL1f
+ """
+ doTestGetACL(t, env, env.opts.usefifo)
+
+def testGetACLLink(t, env):
+ """ Get ACL of symlink file
+
+ FLAGS: acl getattr symlink all
+ DEPEND: ACLSUPP LOOKLINK
+ CODE: ACL1a
+ """
+ doTestGetACL(t, env, env.opts.uselink)
+
+def testGetACLSocket(t, env):
+ """ Get ACL of socket file
+
+ FLAGS: acl getattr socket all
+ DEPEND: ACLSUPP LOOKSOCK
+ CODE: ACL1s
+ """
+ doTestGetACL(t, env, env.opts.usesocket)
+
+def testGetACLChar(t, env):
+ """ Get ACL of char file
+
+ FLAGS: acl getattr char all
+ DEPEND: ACLSUPP LOOKCHAR
+ CODE: ACL1c
+ """
+ doTestGetACL(t, env, env.opts.usechar)
+
+def testGetACLBlock(t, env):
+ """ Get ACL of block file
+
+ FLAGS: acl getattr block all
+ DEPEND: ACLSUPP LOOKBLK
+ CODE: ACL1b
+ """
+ doTestGetACL(t, env, env.opts.useblock)
+
+def doCheckACL(t, c, file, acl):
+ res = c.compound(c.use_obj(file) + [c.getattr([FATTR4_ACL])])
+ check(res)
+
+ attrs = res.resarray[-1].obj_attributes
+ if FATTR4_ACL not in attrs.keys():
+ t.fail("Attributes not contains FATTR4_ACL")
+
+# print printableacl(acl)
+# print printableacl(attrs[FATTR4_ACL])
+
+def doSetACLEnv(t, env, type = NF4REG):
+ c = env.c1
+ path = c.homedir + [t.code]
+ res = c.create_obj(path, attrs={FATTR4_MODE:0777})
+ check(res)
+
+ c1 = clientWithSys(env, 9999, 9999);
+ c1.init_connection()
+
+ path += [t.code]
+ attrs = {FATTR4_MODE: 0777}
+
+ if type == NF4REG:
+ fh, stateid = c1.create_confirm(t.code, path, attrs=attrs,
+ deny=OPEN4_SHARE_DENY_NONE)
+ return (c1, path, fh, stateid)
+ else:
+ res = c1.create_obj(path, attrs=attrs)
+ check(res)
+ return (c1, path)
+
+def testWriteFileWithoutACL(t, env):
+ """ Check write file without write ACL
+
+ FLAGS: acl file all
+ DEPEND: ACLSUPP MKFILE
+ CODE: ACL2
+ """
+ c1, path, fh, stateid = doSetACLEnv(t, env)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_DATA, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, fh, testacl)
+
+ res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE)
+ check(res, NFS4ERR_ACCESS, "Trying to OPEN file without write ACL")
+
+def testReadFileWithoutACL(t, env):
+ """ Check read file without read ACL
+
+ FLAGS: acl file all
+ DEPEND: ACLSUPP MKFILE
+ CODE: ACL3
+ """
+ c1, path, fh, stateid = doSetACLEnv(t, env)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_READ_DATA, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, fh, testacl)
+
+ res = c1.open_file(t.code, path, deny = OPEN4_SHARE_DENY_READ)
+ check(res, NFS4ERR_ACCESS, "Trying to OPEN file without read ACL")
+
+def testAppendFileWithoutACL(t, env):
+ """ Check write file without append ACL
+
+ FLAGS: acl file all
+ DEPEND: ACLSUPP MKFILE
+ CODE: ACL4
+ """
+ c1, path, fh, stateid = doSetACLEnv(t, env)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_APPEND_DATA, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, fh, testacl)
+
+ res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE)
+ check(res, NFS4ERR_ACCESS, "Trying to OPEN file without append ACL")
+
+def testChownWithoutACL(t, env):
+ """ Check change file's owner without WRITE OWNER ACL
+
+ FLAGS: acl file all
+ DEPEND: ACLSUPP MKFILE
+ CODE: ACL5
+ """
+ c1, path, fh, stateid = doSetACLEnv(t, env)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_OWNER, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, fh, testacl)
+
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_OWNER: "6666"})])
+ check(res, NFS4ERR_PERM, "Trying to change file's owner without ACL")
+
+def testSetACLWithoutACL(t, env):
+ """ Check set ACL without SETACL ACL
+
+ FLAGS: acl file all
+ DEPEND: ACLSUPP MKFILE
+ CODE: ACL6
+ """
+ c1, path, fh, stateid = doSetACLEnv(t, env)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_ACL, "OWNER@")]
+ ops = c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]
+ res = c1.compound(ops)
+ check(res)
+
+ doCheckACL(t, c1, fh, testacl)
+
+ res = c1.compound(ops)
+ check(res, NFS4ERR_PERM, "Trying to set acl without ACL")
+
+def testCreateFileWithoutACL(t, env):
+ """ Check create file in directory without ACL
+
+ FLAGS: acl dir all
+ DEPEND: ACLSUPP MKDIR
+ CODE: ACL7
+ """
+ c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_FILE, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, path, testacl)
+
+ path += [t.code]
+ res = c1.create_obj(path)
+ # NFSD's shortage, can not create sub-directory
+ check(res, NFS4ERR_ACCESS)
+
+ res = c1.create_file(t.code, path)
+ check(res, NFS4ERR_ACCESS, "Trying to create file without ACL")
+
+def testListDirWithoutACL(t, env):
+ """ Check list directory without ACL
+
+ FLAGS: acl dir all
+ DEPEND: ACLSUPP MKDIR
+ CODE: ACL8
+ """
+ c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_LIST_DIRECTORY, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, path, testacl)
+
+ res = c1.compound(c1.use_obj(path) + [c1.readdir()])
+ check(res, NFS4ERR_ACCESS, "Trying to list directory without ACL")
+
+def testMkdirWithoutACL(t, env):
+ """ Check creat sub-directory without ACL
+
+ FLAGS: acl dir all
+ DEPEND: ACLSUPP MKDIR
+ CODE: ACL9
+ """
+ c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_SUBDIRECTORY, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, path, testacl)
+
+ path += [t.code]
+ res = c1.create_file(t.code, path)
+ # NFSD's shortage, can not create file
+ check(res, NFS4ERR_ACCESS)
+
+ res = c1.create_obj(path)
+ check(res, NFS4ERR_ACCESS, "Trying to create sub-directory without ACL")
+
+def testLookupFileWithoutACL(t, env):
+ """ Check lookup file without ACL
+
+ FLAGS: acl dir all
+ DEPEND: ACLSUPP MKDIR
+ CODE: ACL10
+ """
+ c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_EXECUTE, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, path, testacl)
+
+ res = c1.compound(c1.use_obj(path) + c1.lookup_path([t.code]))
+ check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL")
+
+def testUnlinkFileWithoutACL(t, env):
+ """ Check unlink sub-file without ACL
+
+ FLAGS: acl dir all
+ DEPEND: ACLSUPP MKDIR
+ CODE: ACL11
+ """
+ c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+ testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_DELETE_CHILD, "OWNER@")]
+ res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+ check(res)
+
+ doCheckACL(t, c1, path, testacl)
+
+ res = c1.compound(c1.use_obj(path) + [c1.remove_op(t.code)])
+ check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL")
--
1.9.0
next reply other threads:[~2014-04-24 11:00 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-24 10:59 Kinglong Mee [this message]
2014-05-06 20:24 ` [PATCH 3/3] NFS4.0: Add some test cases for nfsv4 acl J. Bruce Fields
2014-05-07 15:00 ` Kinglong Mee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5358EEAD.4090501@gmail.com \
--to=kinglongmee@gmail.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.