def preserve_xattrs(path, nofollow=False, namespace=None):
"""Context manager to save/restore extended attributes on |path|
If you want to rewrite a file (possibly replacing it with a new one), but
want to preserve the extended attributes, this will do the trick.
# First read all the extended attributes.
with save_xattrs('/some/file'):
... rewrite the file ...
# Now the extended attributes are restored as needed.
"""
kwargs = {
'nofollow': nofollow,
}
if namespace:
# Compiled xattr python module does not like it when namespace=None.
kwargs['namespace'] = namespace
old_attrs = dict(xattr.get_all(path, **kwargs))
try:
yield
finally:
new_attrs = dict(xattr.get_all(path, **kwargs))
for name, value in new_attrs.items():
if name not in old_attrs:
# Clear out new ones.
xattr.remove(path, name, **kwargs)
elif new_attrs[name] != old_attrs[name]:
# Update changed ones.
xattr.set(path, name, value, **kwargs)
for name, value in old_attrs.items():
if name not in new_attrs:
# Re-add missing ones.
xattr.set(path, name, value, **kwargs)
def preserve_xattrs(path, nofollow=False, namespace=None):
"""Context manager to save/restore extended attributes on |path|
If you want to rewrite a file (possibly replacing it with a new one), but
want to preserve the extended attributes, this will do the trick.
# First read all the extended attributes.
with save_xattrs('/some/file'):
... rewrite the file ...
# Now the extended attributes are restored as needed.
"""
kwargs = {'nofollow': nofollow,}
if namespace:
# Compiled xattr python module does not like it when namespace=None.
kwargs['namespace'] = namespace
old_attrs = dict(xattr.get_all(path, **kwargs))
try:
yield
finally:
new_attrs = dict(xattr.get_all(path, **kwargs))
for name, value in new_attrs.items():
if name not in old_attrs:
# Clear out new ones.
xattr.remove(path, name, **kwargs)
elif new_attrs[name] != old_attrs[name]:
# Update changed ones.
xattr.set(path, name, value, **kwargs)
for name, value in old_attrs.items():
if name not in new_attrs:
# Re-add missing ones.
xattr.set(path, name, value, **kwargs)
def _checkDeprecated(self, item, symlink=False):
"""check deprecated list, set, get operations against an item"""
self.checkList(xattr.listxattr(item, symlink), [])
self.assertRaises(EnvironmentError, xattr.setxattr, item,
self.USER_ATTR, self.USER_VAL, XATTR_REPLACE)
try:
xattr.setxattr(item, self.USER_ATTR, self.USER_VAL, 0, symlink)
except IOError:
err = sys.exc_info()[1]
if symlink and (err.errno == errno.EPERM
or err.errno == errno.ENOENT):
# symlinks may fail, in which case we abort the rest
# of the test for this case (Linux returns EPERM; OS X returns ENOENT)
return
raise
self.assertRaises(EnvironmentError, xattr.setxattr, item,
self.USER_ATTR, self.USER_VAL, XATTR_CREATE)
self.checkList(xattr.listxattr(item, symlink), [self.USER_ATTR])
self.assertEqual(xattr.getxattr(item, self.USER_ATTR, symlink),
self.USER_VAL)
self.checkTuples(xattr.get_all(item, nofollow=symlink),
[(self.USER_ATTR, self.USER_VAL)])
xattr.removexattr(item, self.USER_ATTR)
self.checkList(xattr.listxattr(item, symlink), [])
self.checkTuples(xattr.get_all(item, nofollow=symlink), [])
self.assertRaises(EnvironmentError, xattr.removexattr, item,
self.USER_ATTR)
def test_mixed_access(testdir, gen):
"""test mixed access to file"""
with gen(testdir) as (a, b):
# Check empty
lists_equal(xattr.list(a), [])
lists_equal(xattr.listxattr(b), [])
# Check value
xattr.set(a, USER_ATTR, USER_VAL)
for i in [a, b]:
# Deprecated functions
lists_equal(xattr.listxattr(i), [USER_ATTR])
assert xattr.getxattr(i, USER_ATTR) == USER_VAL
tuples_equal(xattr.get_all(i), [(USER_ATTR, USER_VAL)])
# Current functions
lists_equal(xattr.list(i), [USER_ATTR])
assert xattr.list(i, namespace=NAMESPACE) == [USER_NN]
assert xattr.get(i, USER_ATTR) == USER_VAL
assert xattr.get(i, USER_NN, namespace=NAMESPACE) == USER_VAL
tuples_equal(xattr.get_all(i),
[(USER_ATTR, USER_VAL)])
assert xattr.get_all(i, namespace=NAMESPACE) == \
[(USER_NN, USER_VAL)]
# Overwrite
xattr.set(b, USER_ATTR, LARGE_VAL, flags=xattr.XATTR_REPLACE)
assert xattr.get(a, USER_ATTR) == LARGE_VAL
assert xattr.getxattr(a, USER_ATTR) == LARGE_VAL
xattr.removexattr(b, USER_ATTR)
assert xattr.get_all(a, namespace=NAMESPACE) == []
assert xattr.get_all(b, namespace=NAMESPACE) == []
def test_set_get_remove(subject, use_ns):
item = subject[0]
lists_equal(xattr.list(item), [])
if use_ns:
xattr.set(item, USER_NN, USER_VAL,
namespace=NAMESPACE)
else:
xattr.set(item, USER_ATTR, USER_VAL)
if use_ns:
assert xattr.list(item, namespace=NAMESPACE) == [USER_NN]
else:
lists_equal(xattr.list(item), [USER_ATTR])
lists_equal(xattr.list(item, namespace=EMPTY_NS),
[USER_ATTR])
if use_ns:
assert xattr.get(item, USER_NN, namespace=NAMESPACE) == USER_VAL
else:
assert xattr.get(item, USER_ATTR) == USER_VAL
if use_ns:
assert xattr.get_all(item, namespace=NAMESPACE) == \
[(USER_NN, USER_VAL)]
else:
tuples_equal(xattr.get_all(item),
[(USER_ATTR, USER_VAL)])
if use_ns:
xattr.remove(item, USER_NN, namespace=NAMESPACE)
else:
xattr.remove(item, USER_ATTR)
lists_equal(xattr.list(item), [])
tuples_equal(xattr.get_all(item), [])
def _checkDeprecated(self, item, symlink=False):
"""check deprecated list, set, get operations against an item"""
self.assertEqual(self._ignore(xattr.listxattr(item, symlink)),
[])
self.assertRaises(EnvironmentError, xattr.setxattr, item,
self.USER_ATTR, self.USER_VAL,
XATTR_REPLACE)
try:
xattr.setxattr(item, self.USER_ATTR, self.USER_VAL, 0, symlink)
except IOError:
err = sys.exc_info()[1]
if err.errno == errno.EPERM and symlink:
# symlinks may fail, in which case we abort the rest
# of the test for this case
return
raise
self.assertRaises(EnvironmentError, xattr.setxattr, item,
self.USER_ATTR, self.USER_VAL, XATTR_CREATE)
self.assertEqual(self._ignore(xattr.listxattr(item, symlink)),
[self.USER_ATTR])
self.assertEqual(xattr.getxattr(item, self.USER_ATTR, symlink),
self.USER_VAL)
self.assertEqual(self._ignore_tuples(xattr.get_all(item,
nofollow=symlink)),
[(self.USER_ATTR, self.USER_VAL)])
xattr.removexattr(item, self.USER_ATTR)
self.assertEqual(self._ignore(xattr.listxattr(item, symlink)),
[])
self.assertEqual(self._ignore_tuples(xattr.get_all(item,
nofollow=symlink)),
[])
self.assertRaises(EnvironmentError, xattr.removexattr,
item, self.USER_ATTR)
def _checkListSetGet(self, item, symlink=False, use_ns=False):
"""check list, set, get operations against an item"""
self.assertEqual(self._ignore(xattr.list(item, symlink)),
[])
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_ATTR, self.USER_VAL, flags=XATTR_REPLACE)
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_NN, self.USER_VAL, flags=XATTR_REPLACE,
namespace=NS_USER)
try:
if use_ns:
xattr.set(item, self.USER_NN, self.USER_VAL,
namespace=NS_USER,
nofollow=symlink)
else:
xattr.set(item, self.USER_ATTR, self.USER_VAL,
nofollow=symlink)
except IOError:
err = sys.exc_info()[1]
if err.errno == errno.EPERM and symlink:
# symlinks may fail, in which case we abort the rest
# of the test for this case
return
raise
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_ATTR, self.USER_VAL, flags=XATTR_CREATE)
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_NN, self.USER_VAL,
flags=XATTR_CREATE, namespace=NS_USER)
self.assertEqual(self._ignore(xattr.list(item, nofollow=symlink)),
[self.USER_ATTR])
self.assertEqual(self._ignore(xattr.list(item, nofollow=symlink,
namespace=EMPTY_NS)),
[self.USER_ATTR])
self.assertEqual(xattr.list(item, namespace=NS_USER, nofollow=symlink),
[self.USER_NN])
self.assertEqual(xattr.get(item, self.USER_ATTR, nofollow=symlink),
self.USER_VAL)
self.assertEqual(xattr.get(item, self.USER_NN, nofollow=symlink,
namespace=NS_USER), self.USER_VAL)
self.assertEqual(self._ignore_tuples(xattr.get_all(item,
nofollow=symlink)),
[(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(item, nofollow=symlink,
namespace=NS_USER),
[(self.USER_NN, self.USER_VAL)])
if use_ns:
xattr.remove(item, self.USER_NN, namespace=NS_USER)
else:
xattr.remove(item, self.USER_ATTR)
self.assertEqual(self._ignore(xattr.list(item, symlink)), [])
self.assertEqual(self._ignore_tuples(xattr.get_all(item,
nofollow=symlink)),
[])
self.assertRaises(EnvironmentError, xattr.remove,
item, self.USER_ATTR, nofollow=symlink)
self.assertRaises(EnvironmentError, xattr.remove, item,
self.USER_NN, namespace=NS_USER, nofollow=symlink)
def _checkListSetGet(self, item, symlink=False, use_ns=False):
"""check list, set, get operations against an item"""
self.checkList(xattr.list(item, symlink), [])
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_ATTR, self.USER_VAL, flags=XATTR_REPLACE)
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_NN, self.USER_VAL, flags=XATTR_REPLACE,
namespace=NS_USER)
try:
if use_ns:
xattr.set(item, self.USER_NN, self.USER_VAL,
namespace=NS_USER,
nofollow=symlink)
else:
xattr.set(item, self.USER_ATTR, self.USER_VAL,
nofollow=symlink)
except IOError:
err = sys.exc_info()[1]
if symlink and (err.errno == errno.EPERM or
err.errno == errno.ENOENT):
# symlinks may fail, in which case we abort the rest
# of the test for this case (Linux returns EPERM; OS X
# returns ENOENT)
return
raise
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_ATTR, self.USER_VAL, flags=XATTR_CREATE)
self.assertRaises(EnvironmentError, xattr.set, item,
self.USER_NN, self.USER_VAL,
flags=XATTR_CREATE, namespace=NS_USER)
self.checkList(xattr.list(item, nofollow=symlink), [self.USER_ATTR])
self.checkList(xattr.list(item, nofollow=symlink,
namespace=EMPTY_NS),
[self.USER_ATTR])
self.assertEqual(xattr.list(item, namespace=NS_USER, nofollow=symlink),
[self.USER_NN])
self.assertEqual(xattr.get(item, self.USER_ATTR, nofollow=symlink),
self.USER_VAL)
self.assertEqual(xattr.get(item, self.USER_NN, nofollow=symlink,
namespace=NS_USER), self.USER_VAL)
self.checkTuples(xattr.get_all(item, nofollow=symlink),
[(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(item, nofollow=symlink,
namespace=NS_USER),
[(self.USER_NN, self.USER_VAL)])
if use_ns:
xattr.remove(item, self.USER_NN, namespace=NS_USER)
else:
xattr.remove(item, self.USER_ATTR)
self.checkList(xattr.list(item, symlink), [])
self.checkTuples(xattr.get_all(item, nofollow=symlink),
[])
self.assertRaises(EnvironmentError, xattr.remove,
item, self.USER_ATTR, nofollow=symlink)
self.assertRaises(EnvironmentError, xattr.remove, item,
self.USER_NN, namespace=NS_USER, nofollow=symlink)
def testNoXattrDeprecated(self):
"""test no attributes (deprecated functions)"""
fh, fname = self._getfile()
self.checkList(xattr.listxattr(fname), [])
self.checkTuples(xattr.get_all(fname), [])
dname = self._getdir()
self.checkList(xattr.listxattr(dname), [])
self.checkTuples(xattr.get_all(dname), [])
_, sname = self._getsymlink()
self.checkList(xattr.listxattr(sname, True), [])
self.checkTuples(xattr.get_all(sname, nofollow=True), [])
def testMixedAccessDeprecated(self):
"""test mixed access to file (deprecated functions)"""
fh, fname = self._getfile()
fo = os.fdopen(fh)
self.assertEqual(xattr.listxattr(fname), [])
xattr.setxattr(fname, self.USER_ATTR, self.USER_VAL)
self.assertEqual(xattr.listxattr(fh), [self.USER_ATTR])
self.assertEqual(xattr.getxattr(fo, self.USER_ATTR), self.USER_VAL)
self.assertEqual(xattr.get_all(fo), [(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fname), [(self.USER_ATTR, self.USER_VAL)])
fo.close()
def testNoXattrDeprecated(self):
"""test no attributes (deprecated functions)"""
fh, fname = self._getfile()
self.assertEqual(xattr.listxattr(fname), [])
self.assertEqual(xattr.get_all(fname), [])
dname = self._getdir()
self.assertEqual(xattr.listxattr(dname), [])
self.assertEqual(xattr.get_all(dname), [])
_, sname = self._getsymlink()
self.assertEqual(xattr.listxattr(sname, True), [])
self.assertEqual(xattr.get_all(sname, nofollow=True), [])
def test_set_get_remove_deprecated(subject):
"""check deprecated list, set, get operations against an item"""
item = subject[0]
lists_equal(xattr.listxattr(item), [])
xattr.setxattr(item, USER_ATTR, USER_VAL, 0)
lists_equal(xattr.listxattr(item), [USER_ATTR])
assert xattr.getxattr(item, USER_ATTR) == USER_VAL
tuples_equal(xattr.get_all(item), [(USER_ATTR, USER_VAL)])
xattr.removexattr(item, USER_ATTR)
lists_equal(xattr.listxattr(item), [])
tuples_equal(xattr.get_all(item), [])
def test_no_attributes(any_subject):
"""test no attributes"""
item, nofollow = any_subject
lists_equal(xattr.list(item, nofollow=nofollow), [])
assert xattr.list(item, nofollow=nofollow,
namespace=NAMESPACE) == []
tuples_equal(xattr.get_all(item, nofollow=nofollow), [])
assert xattr.get_all(item, nofollow=nofollow,
namespace=NAMESPACE) == []
with pytest.raises(EnvironmentError):
xattr.get(item, USER_NN, nofollow=nofollow,
namespace=NAMESPACE)
def testMixedAccessDeprecated(self):
"""test mixed access to file (deprecated functions)"""
fh, fname = self._getfile()
fo = os.fdopen(fh)
self.checkList(xattr.listxattr(fname), [])
xattr.setxattr(fname, self.USER_ATTR, self.USER_VAL)
self.checkList(xattr.listxattr(fh), [self.USER_ATTR])
self.assertEqual(xattr.getxattr(fo, self.USER_ATTR), self.USER_VAL)
self.checkTuples(xattr.get_all(fo), [(self.USER_ATTR, self.USER_VAL)])
self.checkTuples(xattr.get_all(fname),
[(self.USER_ATTR, self.USER_VAL)])
fo.close()
def test_binary_payload(subject):
"""test binary values"""
item = subject[0]
BINVAL = b"abc\0def"
xattr.set(item, USER_ATTR, BINVAL)
lists_equal(xattr.list(item), [USER_ATTR])
assert xattr.list(item, namespace=NAMESPACE) == [USER_NN]
assert xattr.get(item, USER_ATTR) == BINVAL
assert xattr.get(item, USER_NN, namespace=NAMESPACE) == BINVAL
tuples_equal(xattr.get_all(item), [(USER_ATTR, BINVAL)])
assert xattr.get_all(item, namespace=NAMESPACE) == [(USER_NN, BINVAL)]
xattr.remove(item, USER_ATTR)
def testBinaryPayload(self):
"""test binary values"""
fh, fname = self._getfile()
os.close(fh)
BINVAL = "abc" + "\0" + "def"
if PY3K:
BINVAL = BINVAL.encode()
xattr.set(fname, self.USER_ATTR, BINVAL)
self.assertEqual(xattr.list(fname), [self.USER_ATTR])
self.assertEqual(xattr.list(fname, namespace=NS_USER), [self.USER_NN])
self.assertEqual(xattr.get(fname, self.USER_ATTR), BINVAL)
self.assertEqual(xattr.get(fname, self.USER_NN, namespace=NS_USER), BINVAL)
self.assertEqual(xattr.get_all(fname), [(self.USER_ATTR, BINVAL)])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER), [(self.USER_NN, BINVAL)])
xattr.remove(fname, self.USER_ATTR)
def testMixedAccess(self):
"""test mixed access to file"""
fh, fname = self._getfile()
fo = os.fdopen(fh)
self.assertEqual(xattr.list(fname), [])
xattr.set(fname, self.USER_ATTR, self.USER_VAL)
self.assertEqual(xattr.list(fh), [self.USER_ATTR])
self.assertEqual(xattr.list(fh, namespace=NS_USER), [self.USER_NN])
self.assertEqual(xattr.get(fo, self.USER_ATTR), self.USER_VAL)
self.assertEqual(xattr.get(fo, self.USER_NN, namespace=NS_USER), self.USER_VAL)
self.assertEqual(xattr.get_all(fo), [(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fo, namespace=NS_USER), [(self.USER_NN, self.USER_VAL)])
self.assertEqual(xattr.get_all(fname), [(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER), [(self.USER_NN, self.USER_VAL)])
fo.close()
def test_no_attributes_deprecated(any_subject):
"""test no attributes (deprecated functions)"""
item, nofollow = any_subject
lists_equal(xattr.listxattr(item, True), [])
tuples_equal(xattr.get_all(item, True), [])
with pytest.raises(EnvironmentError):
xattr.getxattr(item, USER_ATTR, True)
def testManyOps(self):
"""test many ops"""
fh, fname = self._getfile()
xattr.set(fh, self.USER_ATTR, self.USER_VAL)
VL = [self.USER_ATTR]
VN = [self.USER_NN]
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.list(fh), VL)
self.assertEqual(xattr.list(fh, namespace=EMPTY_NS), VL)
self.assertEqual(xattr.list(fh, namespace=NS_USER), VN)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.get(fh, self.USER_ATTR), self.USER_VAL)
self.assertEqual(xattr.get(fh, self.USER_NN, namespace=NS_USER), self.USER_VAL)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.get_all(fh), [(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fh, namespace=NS_USER), [(self.USER_NN, self.USER_VAL)])
def is_untrusted_xattr(path, orig_perms):
"""Check for 'user.qubes.untrusted' xattr on the file.
Expects a readable file.
"""
try:
file_xattrs = xattr.get_all(path)
except:
error('Unable to read extended attributes of {}'.format(path))
safe_chmod(path, orig_perms,
'Unable to set original permissions of {}'.format(path))
sys.exit(65)
# Check for our custom qubes attribute
untrusted_attribute = (b'user.qubes.untrusted', b'true')
if untrusted_attribute in file_xattrs:
# We found our attribute
# Return to original permissions
safe_chmod(path, orig_perms,
'Unable to set original permissions of {}'.format(path))
return True
# Return to original permissions
safe_chmod(path, orig_perms,
'Unable to set original permissions of {}'.format(path))
# We didn't find our attribute
return False
def _add_linux_xattr(self, path, st):
if not xattr: return
try:
self.linux_xattr = xattr.get_all(path, nofollow=True)
except EnvironmentError, e:
if e.errno != errno.EOPNOTSUPP:
raise
def _add_linux_xattr(self, path, st):
if not xattr: return
try:
self.linux_xattr = xattr.get_all(path, nofollow=True)
except EnvironmentError as e:
if e.errno != errno.EOPNOTSUPP:
raise
def testBinaryPayload(self):
"""test binary values"""
fh, fname = self._getfile()
os.close(fh)
BINVAL = "abc" + '\0' + "def"
if PY3K:
BINVAL = BINVAL.encode()
xattr.set(fname, self.USER_ATTR, BINVAL)
self.checkList(xattr.list(fname), [self.USER_ATTR])
self.assertEqual(xattr.list(fname, namespace=NS_USER), [self.USER_NN])
self.assertEqual(xattr.get(fname, self.USER_ATTR), BINVAL)
self.assertEqual(xattr.get(fname, self.USER_NN, namespace=NS_USER),
BINVAL)
self.checkTuples(xattr.get_all(fname), [(self.USER_ATTR, BINVAL)])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER),
[(self.USER_NN, BINVAL)])
xattr.remove(fname, self.USER_ATTR)
def testNoXattrDeprecated(self):
"""test no attributes (deprecated functions)"""
fh, fname = self._getfile()
self.checkList(xattr.listxattr(fname), [])
self.checkTuples(xattr.get_all(fname), [])
self.assertRaises(EnvironmentError, xattr.getxattr, fname,
self.USER_ATTR)
dname = self._getdir()
self.checkList(xattr.listxattr(dname), [])
self.checkTuples(xattr.get_all(dname), [])
self.assertRaises(EnvironmentError, xattr.getxattr, dname,
self.USER_ATTR)
_, sname = self._getsymlink()
self.checkList(xattr.listxattr(sname, True), [])
self.checkTuples(xattr.get_all(sname, nofollow=True), [])
self.assertRaises(EnvironmentError, xattr.getxattr, fname,
self.USER_ATTR, True)
def testNoXattrDeprecated(self):
"""test no attributes (deprecated functions)"""
fh, fname = self._getfile()
self.checkList(xattr.listxattr(fname), [])
self.checkTuples(xattr.get_all(fname), [])
self.assertRaises(EnvironmentError, xattr.getxattr, fname,
self.USER_ATTR)
dname = self._getdir()
self.checkList(xattr.listxattr(dname), [])
self.checkTuples(xattr.get_all(dname), [])
self.assertRaises(EnvironmentError, xattr.getxattr, dname,
self.USER_ATTR)
_, sname = self._getsymlink()
self.checkList(xattr.listxattr(sname, True), [])
self.checkTuples(xattr.get_all(sname, nofollow=True), [])
self.assertRaises(EnvironmentError, xattr.getxattr, fname,
self.USER_ATTR, True)
def test_binary_payload_deprecated(subject):
"""test binary values (deprecated functions)"""
item = subject[0]
BINVAL = b"abc\0def"
xattr.setxattr(item, USER_ATTR, BINVAL)
lists_equal(xattr.listxattr(item), [USER_ATTR])
assert xattr.getxattr(item, USER_ATTR) == BINVAL
tuples_equal(xattr.get_all(item), [(USER_ATTR, BINVAL)])
xattr.removexattr(item, USER_ATTR)
def test_many_ops(subject):
"""test many ops"""
item = subject[0]
xattr.set(item, USER_ATTR, USER_VAL)
VL = [USER_ATTR]
VN = [USER_NN]
for i in range(MANYOPS_COUNT):
lists_equal(xattr.list(item), VL)
lists_equal(xattr.list(item, namespace=EMPTY_NS), VL)
assert xattr.list(item, namespace=NAMESPACE) == VN
for i in range(MANYOPS_COUNT):
assert xattr.get(item, USER_ATTR) == USER_VAL
assert xattr.get(item, USER_NN, namespace=NAMESPACE) == USER_VAL
for i in range(MANYOPS_COUNT):
tuples_equal(xattr.get_all(item),
[(USER_ATTR, USER_VAL)])
assert xattr.get_all(item, namespace=NAMESPACE) == \
[(USER_NN, USER_VAL)]
def testMixedAccess(self):
"""test mixed access to file"""
fh, fname = self._getfile()
fo = os.fdopen(fh)
self.checkList(xattr.list(fname), [])
xattr.set(fname, self.USER_ATTR, self.USER_VAL)
self.checkList(xattr.list(fh), [self.USER_ATTR])
self.assertEqual(xattr.list(fh, namespace=NS_USER), [self.USER_NN])
self.assertEqual(xattr.get(fo, self.USER_ATTR), self.USER_VAL)
self.assertEqual(xattr.get(fo, self.USER_NN, namespace=NS_USER),
self.USER_VAL)
self.checkTuples(xattr.get_all(fo), [(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fo, namespace=NS_USER),
[(self.USER_NN, self.USER_VAL)])
self.checkTuples(xattr.get_all(fname),
[(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER),
[(self.USER_NN, self.USER_VAL)])
fo.close()
def xattr_diff(afile, bfile):
def tuple_list_to_hash(tl):
ret = {}
for k,v in tl:
ret[k] = v
return ret
info = []
a_attr = tuple_list_to_hash(xattr.get_all(afile, namespace=xattr.NS_USER))
b_attr = tuple_list_to_hash(xattr.get_all(bfile, namespace=xattr.NS_USER))
for ka,va in a_attr.items():
if b_attr.has_key(ka):
if b_attr[ka] != va:
info.append("xattrs differ for %s" % ka)
else:
info.append("only in %s: %s" % (afile, ka))
for kb,vb in b_attr.items():
if not a_attr.has_key(kb):
info.append("only in %s: %s" % (bfile, kb))
return info
def testManyOps(self):
"""test many ops"""
fh, fname = self._getfile()
xattr.set(fh, self.USER_ATTR, self.USER_VAL)
VL = [self.USER_ATTR]
VN = [self.USER_NN]
for i in range(self.MANYOPS_COUNT):
self.checkList(xattr.list(fh), VL)
self.checkList(xattr.list(fh, namespace=EMPTY_NS), VL)
self.assertEqual(xattr.list(fh, namespace=NS_USER), VN)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.get(fh, self.USER_ATTR), self.USER_VAL)
self.assertEqual(xattr.get(fh, self.USER_NN, namespace=NS_USER),
self.USER_VAL)
for i in range(self.MANYOPS_COUNT):
self.checkTuples(xattr.get_all(fh),
[(self.USER_ATTR, self.USER_VAL)])
self.assertEqual(xattr.get_all(fh, namespace=NS_USER),
[(self.USER_NN, self.USER_VAL)])
def read_user_xattr(fd):
try:
it = xattr.get_all(fd)
except IOError as e:
for err in 'ENOTSUP', 'EOPNOTSUPP':
if hasattr(errno, err) and e.errno == getattr(errno, err):
raise e
meta = {k[5:]: v for k, v in it if k.startswith('user.')}
return meta
def testManyOpsDeprecated(self):
"""test many ops (deprecated functions)"""
fh, fname = self._getfile()
xattr.setxattr(fh, self.USER_ATTR, self.USER_VAL)
VL = [self.USER_ATTR]
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.listxattr(fh), VL)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.getxattr(fh, self.USER_ATTR), self.USER_VAL)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.get_all(fh), [(self.USER_ATTR, self.USER_VAL)])
def xattr_diff(afile, bfile):
def tuple_list_to_hash(tl):
ret = {}
for k, v in tl:
ret[k] = v
return ret
info = []
a_attr = tuple_list_to_hash(xattr.get_all(afile, namespace=xattr.NS_USER))
b_attr = tuple_list_to_hash(xattr.get_all(bfile, namespace=xattr.NS_USER))
for ka, va in a_attr.items():
if b_attr.has_key(ka):
if b_attr[ka] != va:
info.append("xattrs differ for %s" % ka)
else:
info.append("only in %s: %s" % (afile, ka))
for kb, vb in b_attr.items():
if not a_attr.has_key(kb):
info.append("only in %s: %s" % (bfile, kb))
return info
def make_link(root: str, filename: str, dst_folder: str):
filepath = os.path.join(root, filename)
original_filepath = os.path.join('..', '..', '..', filepath)
for k, v in xattr.get_all(filepath):
k = str(k, 'utf-8')
v = str(v, 'utf-8')
v_dir = os.path.join(dst_folder, k, v)
os.makedirs(v_dir)
new_filepath = os.path.join(v_dir, filename)
os.symlink(original_filepath, new_filepath)
def read_user_xattr(fd):
it = {}
try:
it = xattr.get_all(fd)
except IOError as err:
for code in ('ENOTSUP', 'EOPNOTSUPP', 'ENOENT'):
if hasattr(errno, code) and err.errno == getattr(errno, code):
raise err
meta = debinarize({k[5:]: v for k, v in it if k.startswith(b'user.')})
return meta
def testBinaryPayloadDeprecated(self):
"""test binary values (deprecated functions)"""
fh, fname = self._getfile()
os.close(fh)
BINVAL = "abc" + "\0" + "def"
if PY3K:
BINVAL = BINVAL.encode()
xattr.setxattr(fname, self.USER_ATTR, BINVAL)
self.assertEqual(xattr.listxattr(fname), [self.USER_ATTR])
self.assertEqual(xattr.getxattr(fname, self.USER_ATTR), BINVAL)
self.assertEqual(xattr.get_all(fname), [(self.USER_ATTR, BINVAL)])
xattr.removexattr(fname, self.USER_ATTR)
def testBinaryPayloadDeprecated(self):
"""test binary values (deprecated functions)"""
fh, fname = self._getfile()
os.close(fh)
BINVAL = "abc" + '\0' + "def"
if PY3K:
BINVAL = BINVAL.encode()
xattr.setxattr(fname, self.USER_ATTR, BINVAL)
self.checkList(xattr.listxattr(fname), [self.USER_ATTR])
self.assertEqual(xattr.getxattr(fname, self.USER_ATTR), BINVAL)
self.checkTuples(xattr.get_all(fname), [(self.USER_ATTR, BINVAL)])
xattr.removexattr(fname, self.USER_ATTR)
def test_many_ops_deprecated(subject):
"""test many ops (deprecated functions)"""
item = subject[0]
xattr.setxattr(item, USER_ATTR, USER_VAL)
VL = [USER_ATTR]
for i in range(MANYOPS_COUNT):
lists_equal(xattr.listxattr(item), VL)
for i in range(MANYOPS_COUNT):
assert xattr.getxattr(item, USER_ATTR) == USER_VAL
for i in range(MANYOPS_COUNT):
tuples_equal(xattr.get_all(item),
[(USER_ATTR, USER_VAL)])
def testManyOpsDeprecated(self):
"""test many ops (deprecated functions)"""
fh, fname = self._getfile()
xattr.setxattr(fh, self.USER_ATTR, self.USER_VAL)
VL = [self.USER_ATTR]
for i in range(self.MANYOPS_COUNT):
self.checkList(xattr.listxattr(fh), VL)
for i in range(self.MANYOPS_COUNT):
self.assertEqual(xattr.getxattr(fh, self.USER_ATTR), self.USER_VAL)
for i in range(self.MANYOPS_COUNT):
self.checkTuples(xattr.get_all(fh),
[(self.USER_ATTR, self.USER_VAL)])
def testNoXattr(self):
"""test no attributes"""
fh, fname = self._getfile()
self.checkList(xattr.list(fname), [])
self.assertEqual(xattr.list(fname, namespace=NS_USER), [])
self.checkTuples(xattr.get_all(fname), [])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, fname,
self.USER_NN, namespace=NS_USER)
dname = self._getdir()
self.checkList(xattr.list(dname), [])
self.assertEqual(xattr.list(dname, namespace=NS_USER), [])
self.checkTuples(xattr.get_all(dname), [])
self.assertEqual(xattr.get_all(dname, namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, dname,
self.USER_NN, namespace=NS_USER)
_, sname = self._getsymlink()
self.checkList(xattr.list(sname, nofollow=True), [])
self.assertEqual(xattr.list(sname, nofollow=True,
namespace=NS_USER), [])
self.checkTuples(xattr.get_all(sname, nofollow=True), [])
self.assertEqual(xattr.get_all(sname, nofollow=True,
namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, sname,
self.USER_NN, namespace=NS_USER, nofollow=True)
def testNoXattr(self):
"""test no attributes"""
fh, fname = self._getfile()
self.checkList(xattr.list(fname), [])
self.assertEqual(xattr.list(fname, namespace=NS_USER), [])
self.checkTuples(xattr.get_all(fname), [])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, fname,
self.USER_NN, namespace=NS_USER)
dname = self._getdir()
self.checkList(xattr.list(dname), [])
self.assertEqual(xattr.list(dname, namespace=NS_USER), [])
self.checkTuples(xattr.get_all(dname), [])
self.assertEqual(xattr.get_all(dname, namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, dname,
self.USER_NN, namespace=NS_USER)
_, sname = self._getsymlink()
self.checkList(xattr.list(sname, nofollow=True), [])
self.assertEqual(xattr.list(sname, nofollow=True,
namespace=NS_USER), [])
self.checkTuples(xattr.get_all(sname, nofollow=True), [])
self.assertEqual(xattr.get_all(sname, nofollow=True,
namespace=NS_USER), [])
self.assertRaises(EnvironmentError, xattr.get, sname,
self.USER_NN, namespace=NS_USER, nofollow=True)
def change_file(path, trusted):
"""Change the trust state of a file"""
# Save the original permissions of the file
orig_perms = os.stat(path).st_mode
# See if the file is readable
try:
with open(path):
pass
except IOError:
# Try to unlock file to get read access
safe_chmod(path, 0o644, 'Could not unlock {} for reading'.format(path))
if trusted:
# Set file to trusted
# AKA remove our xattr
file_xattrs = xattr.get_all(path)
untrusted_attribute = (b'user.qubes.untrusted', b'true')
# Check if the xattr exists first
if untrusted_attribute in file_xattrs:
try:
xattr.removexattr(path, 'user.qubes.untrusted')
except:
# Unable to remove our xattr, return original permissions
error(
'Unable to remove untrusted attribute on {}'.format(path))
safe_chmod(path, orig_perms,
'Unable to set original perms. on {}'.format(path))
# Remove visual attributes
set_visual_attributes(path, False)
else:
# Set file to untrusted
# AKA add our xattr and lock
try:
xattr.setxattr(path, 'user.qubes.untrusted', 'true')
safe_chmod(
path, 0o0,
'Unable to set untrusted permissions on: {}'.format(path))
except:
# Unable to remove our xattr, return original permissions
safe_chmod(
path, orig_perms,
'Unable to return perms after setting as untrusted: {}'.format(
path))
sys.exit(65)
# Add visual attributes
set_visual_attributes(path, True)
def xattr_sync_impl(file_name, meta):
xlist = xattr.get_all(file_name, namespace=xattr.NS_USER)
to_delete = []
to_set = {}
for k,v in meta.items():
to_set[k] = v
for k,v in xlist:
if (k == ACL_XATTR):
continue
if (not meta.has_key(k)):
to_delete.append(k)
elif (meta[k] == v):
del to_set[k]
return to_delete, to_set
def xattr_sync_impl(file_name, meta):
xlist = xattr.get_all(file_name, namespace=xattr.NS_USER)
to_delete = []
to_set = {}
for k, v in meta.items():
to_set[k] = v
for k, v in xlist:
if (k == ACL_XATTR):
continue
if (not meta.has_key(k)):
to_delete.append(k)
elif (meta[k] == v):
del to_set[k]
return to_delete, to_set
def assert_xattr(file_name, meta):
""" Raise an exception if the xattrs on a file are not what we expect """
to_delete, to_set = xattr_sync_impl(file_name, meta)
if (len(to_delete) == 0) and (len(to_set) == 0):
return
print "XATTRS DIFFER: ",
print "EXPECTED: {",
sep = ""
for k,v in meta.items():
print sep + str(k) + " : " + str(v),
sep = ", "
print "}",
print "GOT: {",
sep = ""
for k,v in xattr.get_all(file_name, namespace=xattr.NS_USER):
if (k == ACL_XATTR):
continue
print "%s%s:%s" % (sep, k, v),
sep = ", "
print "}",
print
raise Exception("extended attributes are not what we expect on %s" % file_name)
def _getitem(self, cpv):
values = {}
path = self.__get_path(cpv)
all = {}
for tuple in xattr.get_all(path,namespace=self.ns):
key,value = tuple
all[key] = value
if not '_mtime_' in all:
raise KeyError(cpv)
# We default to '' like other caches
for key in self.keys:
attr_value = all.get(key,'1:')
parts,sep,value = attr_value.partition(':')
parts = int(parts)
if parts > 1:
for i in range(1,parts):
value += all.get(key+str(i))
values[key] = value
return values
def testNoXattr(self):
"""test no attributes"""
fh, fname = self._getfile()
self.assertEqual(xattr.list(fname), [])
self.assertEqual(xattr.list(fname, namespace=NS_USER), [])
self.assertEqual(xattr.get_all(fname), [])
self.assertEqual(xattr.get_all(fname, namespace=NS_USER), [])
dname = self._getdir()
self.assertEqual(xattr.list(dname), [])
self.assertEqual(xattr.list(dname, namespace=NS_USER), [])
self.assertEqual(xattr.get_all(dname), [])
self.assertEqual(xattr.get_all(dname, namespace=NS_USER), [])
_, sname = self._getsymlink()
self.assertEqual(xattr.list(sname, nofollow=True), [])
self.assertEqual(xattr.list(sname, nofollow=True, namespace=NS_USER), [])
self.assertEqual(xattr.get_all(sname, nofollow=True), [])
self.assertEqual(xattr.get_all(sname, nofollow=True, namespace=NS_USER), [])
def all_xattrs(self, path, **kw): return dict(xattr.get_all(path, namespace=xattr.NS_USER, **kw))
def get(self, path):
d = dict(xattr.get_all(path, namespace = xattr.NS_USER))
for k in d:
d[k] = d[k].split(',')
return Values(d)
def items(self):
"""
Returns a list of key/value pairs for all filesystem attributes
"""
allAttrs = xattr.get_all(self._path, namespace=xattr.NS_USER)
return [ (key.decode(), self._decodeVal(val)) for key, val in allAttrs ]
def _get_xattrs(self, filename): pairs = xattr.get_all(os.path.join(self.dirpath, filename), namespace=xattr.NS_USER) return dict([list(map(to_unicode, p)) for p in pairs])
