Esempio n. 1
0
def testSyntheticAcl(t, env):
    """ GETATTR of an ACL on a file with no ACL
        This should return a synthetic ACL, see RFC 5661, section 6.4.2

    FLAGS: getattr file all
    DEPEND: LOOKFILE
    CODE: GATTACL
    """
    c = env.c1
    file_obj = c.homedir + [t.code]
    acl_attr_bitnum = get_attrbitnum_dict()['acl']

    # These expected values come from the Isilon synthetic ACL; if that changes
    # or ACL policy is being applied, this test may need to change.
    group_rights = every_rights = ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + \
        ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE
    owner_rights = group_rights + ACE4_WRITE_DATA + ACE4_APPEND_DATA + \
        ACE4_WRITE_NAMED_ATTRS + ACE4_WRITE_ATTRIBUTES + ACE4_WRITE_ACL
    acl_expected = [
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@")
    ]

    c.create_confirm(t.code)
    ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: 'acl'})]
    res = c.compound(ops)
    check(res, msg="Asking for ACL attribute")

    acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[
        acl_attr_bitnum]
    if acl_retrieved == []:
        t.fail("ACL is empty!")
    if compare_acl(acl_retrieved, acl_expected) == False:
        t.fail("ACL does not match!")
Esempio n. 2
0
def testACLTypes(t, env):
    """SETATTR all supported and unsupported ACL Types and verify correct response

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL3
    """
    c = env.c1
    c.init_connection()
    file_obj = c.homedir + [t.code]

    # track ACL support types for comparison of aclsupport mask returned by server
    acl_support_types = [ACL4_SUPPORT_ALLOW_ACL, ACL4_SUPPORT_DENY_ACL, ACL4_SUPPORT_AUDIT_ACL, ACL4_SUPPORT_ALARM_ACL]

    # track all ACL types for test
    ace_types = [
        ACE4_ACCESS_ALLOWED_ACE_TYPE,
        ACE4_ACCESS_DENIED_ACE_TYPE,
        ACE4_SYSTEM_AUDIT_ACE_TYPE,
        ACE4_SYSTEM_ALARM_ACE_TYPE,
    ]

    # track ACL names for printing in test results
    ace_type_names = [
        "ACE4_ACCESS_ALLOWED_ACE_TYPE",
        "ACE4_ACCESS_DENIED_ACE_TYPE",
        "ACE4_SYSTEM_AUDIT_ACE_TYPE",
        "ACE4_SYSTEM_ALARM_ACE_TYPE",
    ]

    # get supported acl type mask from server
    supported = c.supportedACLTypes()

    fh, stateid = c.create_confirm(t.code)

    for index in range(0, len(acl_support_types)):
        if supported & acl_support_types[index]:
            print "Testing supported ACL type: %s" % (ace_type_names[index])

            set_acl_round_trip(
                file_obj, c, [nfsace4(ace_types[index], 0, ACE4_READ_DATA, "OWNER@")], set_acl_exp=NFS4_OK
            )
        else:
            print "Testing unsupported ACL type: %s" % (ace_type_names[index])

            set_acl_round_trip(
                file_obj,
                c,
                [nfsace4(ace_types[index], 0, ACE4_READ_DATA, "OWNER@")],
                set_acl_exp=NFS4ERR_ATTRNOTSUPP,
                compare=False,
            )
Esempio n. 3
0
def testACLTypes(t, env):
    """SETATTR all supported and unsupported ACL Types and verify correct response

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL3
    """
    c = env.c1
    c.init_connection()
    file_obj = c.homedir + [t.code]

    # track ACL support types for comparison of aclsupport mask returned by server
    acl_support_types = [
        ACL4_SUPPORT_ALLOW_ACL, ACL4_SUPPORT_DENY_ACL, ACL4_SUPPORT_AUDIT_ACL,
        ACL4_SUPPORT_ALARM_ACL
    ]

    # track all ACL types for test
    ace_types = [
        ACE4_ACCESS_ALLOWED_ACE_TYPE, ACE4_ACCESS_DENIED_ACE_TYPE,
        ACE4_SYSTEM_AUDIT_ACE_TYPE, ACE4_SYSTEM_ALARM_ACE_TYPE
    ]

    # track ACL names for printing in test results
    ace_type_names = [
        "ACE4_ACCESS_ALLOWED_ACE_TYPE", "ACE4_ACCESS_DENIED_ACE_TYPE",
        "ACE4_SYSTEM_AUDIT_ACE_TYPE", "ACE4_SYSTEM_ALARM_ACE_TYPE"
    ]

    # get supported acl type mask from server
    supported = c.supportedACLTypes()

    fh, stateid = c.create_confirm(t.code)

    for index in range(0, len(acl_support_types)):
        if supported & acl_support_types[index]:
            print "Testing supported ACL type: %s" % (ace_type_names[index])

            set_acl_round_trip(
                file_obj,
                c, [nfsace4(ace_types[index], 0, ACE4_READ_DATA, "OWNER@")],
                set_acl_exp=NFS4_OK)
        else:
            print "Testing unsupported ACL type: %s" % (ace_type_names[index])

            set_acl_round_trip(
                file_obj,
                c, [nfsace4(ace_types[index], 0, ACE4_READ_DATA, "OWNER@")],
                set_acl_exp=NFS4ERR_ATTRNOTSUPP,
                compare=False)
Esempio n. 4
0
def testInvalidName(t, env):
    """ Test setting an ACL with an invalid name

    FLAGS: idmap setattr file acl all
    CODE: SETID1
    """
    c = env.c1
    c.init_connection()
    c.create_confirm(t.code)
    path = c.homedir + [t.code]
    # First ace is for test, second for cleanup
    acl = [nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_WRITE_OWNER, "baduser@baddomain"),
           nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE, "EVERYONE@")]
    _setacl(c, path, acl, NFS4ERR_BADOWNER)
Esempio n. 5
0
def testChangeOwnerWithUid(t, env):
    """SETOWN using UID

    FLAGS: idmap setattr file all
    CODE: SOWNID
    """
    c = env.c1
    c.init_connection()
    c.create_confirm(t.code)
    path = c.homedir + [t.code]
    # First ace is for test, second for cleanup
    acl = [nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_WRITE_OWNER, "admin@localdomain"),
           nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE, "EVERYONE@")]
    _setacl(c, path, acl)
    _admin_chownerorgrp(env, path, 'owner', '10')
Esempio n. 6
0
def testInvalidName(t, env):
    """ Test setting an ACL with an invalid name

    FLAGS: idmap setattr file acl all
    CODE: SETID1
    """
    c = env.c1
    c.init_connection()
    c.create_confirm(t.code)
    path = c.homedir + [t.code]
    # First ace is for test, second for cleanup
    acl = [
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_WRITE_OWNER,
                "baduser@baddomain"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE,
                "EVERYONE@")
    ]
    _setacl(c, path, acl, NFS4ERR_BADOWNER)
Esempio n. 7
0
def testACLMultipleACE(t, env):
    """SETACL EVERYONE@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1ma
    """
    acl_test(t,
             env,
             "", [
                 nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE,
                         "EVERYONE@"),
                 nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ,
                         "OWNER@")
             ],
             test_open_write=NFS4_OK,
             test_open_read=NFS4_OK,
             c2_test_open_write=NFS4_OK,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 8
0
def testChangeOwnerWithUid(t, env):
    """SETOWN using UID

    FLAGS: idmap setattr file all
    CODE: SOWNID
    """
    c = env.c1
    c.init_connection()
    c.create_confirm(t.code)
    path = c.homedir + [t.code]
    # First ace is for test, second for cleanup
    acl = [
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_WRITE_OWNER,
                "admin@localdomain"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE,
                "EVERYONE@")
    ]
    _setacl(c, path, acl)
    _admin_chownerorgrp(env, path, 'owner', '10')
Esempio n. 9
0
def testACLMultipleACE(t, env):
    """SETACL EVERYONE@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1ma
    """
    acl_test(
        t,
        env,
        "",
        [
            nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE, "EVERYONE@"),
            nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ, "OWNER@"),
        ],
        test_open_write=NFS4_OK,
        test_open_read=NFS4_OK,
        c2_test_open_write=NFS4_OK,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 10
0
def testSyntheticAcl(t, env):
    """ GETATTR of an ACL on a file with no ACL
        This should return a synthetic ACL, see RFC 5661, section 6.4.2

    FLAGS: getattr file all
    DEPEND: LOOKFILE
    CODE: GATTACL
    """
    c = env.c1
    file_obj = c.homedir + [t.code]
    acl_attr_bitnum = get_attrbitnum_dict()["acl"]

    # These expected values come from the Isilon synthetic ACL; if that changes
    # or ACL policy is being applied, this test may need to change.
    group_rights = every_rights = (
        ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE
    )
    owner_rights = (
        group_rights
        + ACE4_WRITE_DATA
        + ACE4_APPEND_DATA
        + ACE4_WRITE_NAMED_ATTRS
        + ACE4_WRITE_ATTRIBUTES
        + ACE4_WRITE_ACL
    )
    acl_expected = [
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"),
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@"),
    ]

    c.create_confirm(t.code)
    ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: "acl"})]
    res = c.compound(ops)
    check(res, msg="Asking for ACL attribute")

    acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[acl_attr_bitnum]
    if acl_retrieved == []:
        t.fail("ACL is empty!")
    if compare_acl(acl_retrieved, acl_expected) == False:
        t.fail("ACL does not match!")
Esempio n. 11
0
def testACLOwnerDenyRead(t, env):
    """SETACL OWNER@ deny read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1odr
    """
    acl_test(t,
             env,
             "owner_deny_read",
             nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0, ACE4_GENERIC_READ,
                     "OWNER@"),
             test_open_write=NFS4ERR_ACCESS,
             test_open_read=NFS4ERR_ACCESS,
             c2_test_open_write=NFS4ERR_ACCESS,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 12
0
def testACLOwnerAllowRead(t, env):
    """SETACL OWNER@ allow read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1oar
    """
    acl_test(t,
             env,
             "owner_allow_read",
             nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ,
                     "OWNER@"),
             test_open_write=NFS4ERR_ACCESS,
             test_open_read=NFS4_OK,
             c2_test_open_write=NFS4ERR_ACCESS,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 13
0
def testACLOwnerAllowWrite(t, env):
    """SETACL OWNER@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1oaw
    """
    acl_test(t,
             env,
             "owner_allow_write",
             nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE,
                     "OWNER@"),
             test_open_write=NFS4_OK,
             test_open_read=NFS4ERR_ACCESS,
             c2_test_open_write=NFS4ERR_ACCESS,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 14
0
def testACLEveryoneAllowWrite(t, env):
    """SETACL EVERYONE@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1eaw
    """
    acl_test(t,
             env,
             "everyone_allow_write",
             nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE,
                     "EVERYONE@"),
             test_open_write=NFS4_OK,
             test_open_read=NFS4ERR_ACCESS,
             c2_test_open_write=NFS4_OK,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 15
0
def testACLEveryoneAllowRead(t, env):
    """SETACL EVERYONE@ allow read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1ear
    """
    acl_test(t,
             env,
             "everyone_allow_read",
             nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ,
                     "EVERYONE@"),
             test_open_write=NFS4ERR_ACCESS,
             test_open_read=NFS4_OK,
             c2_test_open_write=NFS4ERR_ACCESS,
             c2_test_open_read=NFS4_OK)
Esempio n. 16
0
def testACLEveryoneDenyRead(t, env):
    """SETACL EVERYONE@ deny read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1edr
    """
    acl_test(t,
             env,
             "everyone_deny_read",
             nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0, ACE4_GENERIC_READ,
                     "EVERYONE@"),
             test_open_write=NFS4ERR_ACCESS,
             test_open_read=NFS4ERR_ACCESS,
             c2_test_open_write=NFS4ERR_ACCESS,
             c2_test_open_read=NFS4ERR_ACCESS)
Esempio n. 17
0
def testACLOwnerDenyRead(t, env):
    """SETACL OWNER@ deny read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1odr
    """
    acl_test(
        t,
        env,
        "owner_deny_read",
        nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0, ACE4_GENERIC_READ, "OWNER@"),
        test_open_write=NFS4ERR_ACCESS,
        test_open_read=NFS4ERR_ACCESS,
        c2_test_open_write=NFS4ERR_ACCESS,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 18
0
def testACLOwnerAllowWrite(t, env):
    """SETACL OWNER@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1oaw
    """
    acl_test(
        t,
        env,
        "owner_allow_write",
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE, "OWNER@"),
        test_open_write=NFS4_OK,
        test_open_read=NFS4ERR_ACCESS,
        c2_test_open_write=NFS4ERR_ACCESS,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 19
0
def testACLEveryoneDenyRead(t, env):
    """SETACL EVERYONE@ deny read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1edr
    """
    acl_test(
        t,
        env,
        "everyone_deny_read",
        nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0, ACE4_GENERIC_READ, "EVERYONE@"),
        test_open_write=NFS4ERR_ACCESS,
        test_open_read=NFS4ERR_ACCESS,
        c2_test_open_write=NFS4ERR_ACCESS,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 20
0
def testACLEveryoneAllowRead(t, env):
    """SETACL EVERYONE@ allow read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1ear
    """
    acl_test(
        t,
        env,
        "everyone_allow_read",
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ, "EVERYONE@"),
        test_open_write=NFS4ERR_ACCESS,
        test_open_read=NFS4_OK,
        c2_test_open_write=NFS4ERR_ACCESS,
        c2_test_open_read=NFS4_OK,
    )
Esempio n. 21
0
def testACLEveryoneAllowWrite(t, env):
    """SETACL EVERYONE@ deny write

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1eaw
    """
    acl_test(
        t,
        env,
        "everyone_allow_write",
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_WRITE, "EVERYONE@"),
        test_open_write=NFS4_OK,
        test_open_read=NFS4ERR_ACCESS,
        c2_test_open_write=NFS4_OK,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 22
0
def testACLOwnerAllowRead(t, env):
    """SETACL OWNER@ allow read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL1oar
    """
    acl_test(
        t,
        env,
        "owner_allow_read",
        nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, ACE4_GENERIC_READ, "OWNER@"),
        test_open_write=NFS4ERR_ACCESS,
        test_open_read=NFS4_OK,
        c2_test_open_write=NFS4ERR_ACCESS,
        c2_test_open_read=NFS4ERR_ACCESS,
    )
Esempio n. 23
0
def testACLDirectAccess(t, env):
    """SETATTR OWNER@ and verify prevention of direct write/read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL2
    """

    c = env.c1
    c.init_connection()
    filename = c.homedir + ["acl_direct_access"]
    # we initially create the file 666 to make sure it's the ACL that is
    # restricting access
    fh1, stateid1 = c.create_confirm(
        "owner1",
        filename,
        attrs={FATTR4_MODE: 0666},
        access=OPEN4_SHARE_ACCESS_BOTH,
        deny=OPEN4_SHARE_DENY_NONE,
        mode=GUARDED4,
    )

    # create a new connection to do the access as someone else
    # to make sure we're not hitting the owner_override case
    c2 = env.c2
    c2.init_connection()

    res = c2.write_file(filename, "1" * 1000)
    check(res, NFS4_OK, "NFS4 Direct Write Op without ACL")
    res = c2.read_file(filename)
    check(res, NFS4_OK, "NFS4 Direct Read Op without ACL")

    set_acl_round_trip(
        filename, c, nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0, ACE4_READ_DATA | ACE4_WRITE_DATA, "EVERYONE@")
    )

    res = c2.write_file(filename, "1" * 1000)
    check(res, NFS4ERR_ACCESS, "NFS4 Direct Write Op with ACL")
    res = c2.read_file(filename)
    check(res, NFS4ERR_ACCESS, "NFS4 Direct Read Op with ACL")
Esempio n. 24
0
def testACLDirectAccess(t, env):
    """SETATTR OWNER@ and verify prevention of direct write/read

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL2
    """

    c = env.c1
    c.init_connection()
    filename = c.homedir + ["acl_direct_access"]
    # we initially create the file 666 to make sure it's the ACL that is
    # restricting access
    fh1, stateid1 = c.create_confirm('owner1',
                                     filename,
                                     attrs={FATTR4_MODE: 0666},
                                     access=OPEN4_SHARE_ACCESS_BOTH,
                                     deny=OPEN4_SHARE_DENY_NONE,
                                     mode=GUARDED4)

    # create a new connection to do the access as someone else
    # to make sure we're not hitting the owner_override case
    c2 = env.c2
    c2.init_connection()

    res = c2.write_file(filename, "1" * 1000)
    check(res, NFS4_OK, "NFS4 Direct Write Op without ACL")
    res = c2.read_file(filename)
    check(res, NFS4_OK, "NFS4 Direct Read Op without ACL")

    set_acl_round_trip(
        filename, c,
        nfsace4(ACE4_ACCESS_DENIED_ACE_TYPE, 0,
                ACE4_READ_DATA | ACE4_WRITE_DATA, "EVERYONE@"))

    res = c2.write_file(filename, "1" * 1000)
    check(res, NFS4ERR_ACCESS, "NFS4 Direct Write Op with ACL")
    res = c2.read_file(filename)
    check(res, NFS4ERR_ACCESS, "NFS4 Direct Read Op with ACL")
Esempio n. 25
0
class Environment(testmod.Environment):
    # STUB
    attr_info = [ \
        AttrInfo('supported_attrs', 'rm', []),
        AttrInfo('type', 'rm', 1),
        AttrInfo('fh_expire_type', 'rm', 0),
        AttrInfo('change', 'rm', 0),
        AttrInfo('size', 'rwm', 0),
        AttrInfo('link_support', 'rm', False),
        AttrInfo('symlink_support', 'rm', False),
        AttrInfo('named_attr', 'rm', False),
        AttrInfo('fsid', 'rm', fsid4(0, 0)),
        AttrInfo('unique_handles', 'rm', False),
        AttrInfo('lease_time', 'rm', 0),
        AttrInfo('rdattr_error', 'rm', 0),
        AttrInfo('filehandle', 'rm', 'nonsense'),
        AttrInfo('acl', 'rw', [nfsace4(0,0,0,'EVERYONE@')]),
        AttrInfo('aclsupport', 'r', 0),
        AttrInfo('archive', 'rw', False),
        AttrInfo('cansettime', 'r', False),
        AttrInfo('case_insensitive', 'r', False),
        AttrInfo('case_preserving', 'r', False),
        AttrInfo('chown_restricted', 'r', False),
        AttrInfo('fileid', 'r', 0),
        AttrInfo('files_avail', 'r', 0),
        AttrInfo('files_free', 'r', 0),
        AttrInfo('files_total', 'r', 0),
        # FRED - packer did not complain about missing [] about server
        AttrInfo('fs_locations', 'r',
                 fs_locations4('root',[fs_location4(['server'],'path')])),
        AttrInfo('hidden', 'rw', False),
        AttrInfo('homogeneous', 'r', False),
        AttrInfo('maxfilesize', 'r', 0),
        AttrInfo('maxlink', 'r', 0),
        AttrInfo('maxname', 'r', 0),
        AttrInfo('maxread', 'r', 0),
        AttrInfo('maxwrite', 'r', 0),
        AttrInfo('mimetype', 'rw', 'nonsense'),
        AttrInfo('mode', 'rw', 0),
        AttrInfo('no_trunc', 'r', False),
        AttrInfo('numlinks', 'r', 0),
        AttrInfo('owner', 'rw', 'nonsense'),
        AttrInfo('owner_group', 'rw', 'nonsense'),
        AttrInfo('quota_avail_hard', 'r', 0),
        AttrInfo('quota_avail_soft', 'r', 0),
        AttrInfo('quota_used', 'r', 0),
        AttrInfo('rawdev', 'r', specdata4(0, 0)),
        AttrInfo('space_avail', 'r', 0),
        AttrInfo('space_free', 'r', 0),
        AttrInfo('space_total', 'r', 0),
        AttrInfo('space_used', 'r', 0),
        AttrInfo('system', 'rw', False),
        AttrInfo('time_access', 'r', nfstime4(0, 0)),
        AttrInfo('time_access_set', 'w', settime4(0)),
        AttrInfo('time_backup', 'rw', nfstime4(0, 0)),
        AttrInfo('time_create', 'rw', nfstime4(0, 0)),
        AttrInfo('time_delta', 'r', nfstime4(0, 0)),
        AttrInfo('time_metadata', 'r', nfstime4(0, 0)),
        AttrInfo('time_modify', 'r', nfstime4(0, 0)),
        AttrInfo('time_modify_set', 'w', settime4(0)),
        AttrInfo('mounted_on_fileid', 'r', 0),
        ]

    def __init__(self, opts):
        sec1, sec2 = self._get_security(opts)
#        authsys1 = rpc.SecAuthSys(0, opts.machinename, opts.uid, opts.gid, [])
        authsys2 = rpc.SecAuthSys(0, opts.machinename, opts.uid+1, opts.gid+1, [])
        self.c1 = NFS4Client('client1_pid%i' % os.getpid(),
                             opts.server, opts.port, opts.path,
                             sec_list=[sec1], opts=opts)
        self.c2 = NFS4Client('client2_pid%i' % os.getpid(),
                             opts.server, opts.port, opts.path,
                             sec_list=[authsys2], opts=opts)
        self.longname = "a"*512
        self.uid = 0
        self.gid = 0
        self.opts = opts
        self.filedata = "This is the file test data."
        self.linkdata = "/etc/X11"
        self.stateid0 = stateid4(0, '')
        self.stateid1 = stateid4(0xffffffffL, '\xff'*12)

    def _get_security(self, opts):
        if opts.security == 'none':
            return [opts.flavor(), opts.flavor()]
        elif opts.security == 'sys':
            sec1 = opts.flavor(0, opts.machinename, opts.uid, opts.gid, [])
            sec2 = opts.flavor(0, opts.machinename, opts.uid+1, opts.gid+1, [])
            return [sec1, sec2]
        elif opts.security.startswith('krb5'):
            sec1 = opts.flavor(opts.service)
            sec2 = opts.flavor(opts.service)
            return [sec1, sec2]
        else:
            raise 'Bad security %s' % opts.security

    def init(self):
        """Run once before any test is run"""
        c = self.c1
        if self.opts.maketree:
            self._maketree()
        if self.opts.noinit:
            return
        # Make sure opts.path exists
        res = c.compound(c.use_obj(self.opts.path))
        check(res, msg="Could not LOOKUP /%s," % '/'.join(self.opts.path))
        # Make sure it is empty
        c.clean_dir(self.opts.path)
        c.null()

    def _maketree(self):
        """Make testtree"""
        c = self.c1
        # make /tmp (and path leading up to it if necesary)
        path = []
        for comp in self.opts.path:
            path.append(comp)
            res = c.compound(c.use_obj(path))
            checklist(res, [NFS4_OK, NFS4ERR_NOENT],
                  "Could not LOOKUP /%s," % '/'.join(path))
            if res.status == NFS4ERR_NOENT:
                res = c.create_obj(path)
                check(res, msg="Trying to create /%s," % '/'.join(path))
        # remove /tree/*
        tree = self.opts.path[:-1] + ['tree']
        res = c.compound(c.use_obj(tree))
        checklist(res, [NFS4_OK, NFS4ERR_NOENT])
        if res.status == NFS4ERR_NOENT:
            res = c.create_obj(tree)
            check(res, msg="Trying to create /%s," % '/'.join(tree))
        else:
            c.clean_dir(tree)
        
        # make objects in /tree
        name = {NF4DIR: 'dir',
                NF4SOCK: 'socket',
                NF4FIFO: 'fifo',
                NF4LNK: 'link',
                NF4BLK: 'block',
                NF4CHR: 'char'}
        for type in name:
            path = tree + [name[type]]
            res = c.create_obj(path, type)
            if res.status != NFS4_OK:
                print "WARNING - could not create /%s" % '/'.join(path)
        c.init_connection()
        fh, stateid = c.create_confirm('maketree', tree + ['file'],
                                       deny=OPEN4_SHARE_DENY_NONE)
        ops = [c.putfh_op(fh),
               c.write_op(stateid, 0, FILE_SYNC4, self.filedata)]
        res = c.compound(ops)
        check(res, msg="Writing data to /%s/file" % '/'.join(tree))
        res = c.close_file('maketree', fh, stateid )
        check(res)
            
    def finish(self):
        """Run once after all tests are run"""
        if self.opts.nocleanup:
            return
        c = self.c1
        c.null()
        c.null()
        c.clean_dir(self.opts.path)

    def startUp(self):
        """Run before each test"""
        self.c1.null()

    def sleep(self, sec, msg=''):
        """Sleep for given seconds"""
        print "Sleeping for %i seconds:" % sec, msg
        time.sleep(sec)
        print "Woke up"

    def serverhelper(self, args):
        """Perform a special operation on the server side (such as
        rebooting the server)"""
        if self.opts.serverhelper is None:
            print "Manual operation required on server:"
            print args + " and hit ENTER when done"
            sys.stdin.readline()
            print "Continuing with test"
        else:
            cmd = self.opts.serverhelper
            if self.opts.serverhelperarg:
                cmd += ' ' + self.opts.serverhelperarg
            cmd += ' ' + args
            os.system(cmd);
Esempio n. 26
0
def testACLEnumRountTrip(t, env):
    """SETATTR all supported ACL Types

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL4
    """
    c = env.c1
    c.init_connection()
    rtfail = 0

    # track ACL support types for comparison of aclsupport mask returned by server
    acl_support_types = [
        ACL4_SUPPORT_ALLOW_ACL, ACL4_SUPPORT_DENY_ACL, ACL4_SUPPORT_AUDIT_ACL,
        ACL4_SUPPORT_ALARM_ACL
    ]

    # track all ACL types for test
    ace_types = [
        ACE4_ACCESS_ALLOWED_ACE_TYPE, ACE4_ACCESS_DENIED_ACE_TYPE,
        ACE4_SYSTEM_AUDIT_ACE_TYPE, ACE4_SYSTEM_ALARM_ACE_TYPE
    ]

    # track all ACL flags for test
    ace_flags = {}
    # for ALLOWED and DENIED, SUCCESSFUL_ACCESS and FAILED_ACCESS mean nothing
    # for all types, IDENTIFIER_GROUP is omitted; we only test FOO@ whos
    ace_flags[ACE4_ACCESS_ALLOWED_ACE_TYPE] = [
        0, ACE4_FILE_INHERIT_ACE, ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE, ACE4_INHERIT_ONLY_ACE
    ]
    ace_flags[ACE4_ACCESS_DENIED_ACE_TYPE] = [
        0, ACE4_FILE_INHERIT_ACE, ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE, ACE4_INHERIT_ONLY_ACE
    ]

    # AUDIT and ALARM currently omit nothing because they're not even
    # supported and are therefore dead code; if we add support then
    # we'll need to review which values to include
    ace_flags[ACE4_SYSTEM_AUDIT_ACE_TYPE] = [
        0, ACE4_FILE_INHERIT_ACE, ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE, ACE4_INHERIT_ONLY_ACE,
        ACE4_SUCCESSFUL_ACCESS_ACE_FLAG, ACE4_FAILED_ACCESS_ACE_FLAG
    ]
    ace_flags[ACE4_SYSTEM_ALARM_ACE_TYPE] = [
        0, ACE4_FILE_INHERIT_ACE, ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE, ACE4_INHERIT_ONLY_ACE,
        ACE4_SUCCESSFUL_ACCESS_ACE_FLAG, ACE4_FAILED_ACCESS_ACE_FLAG
    ]

    # track all ACL access modes for test
    ace_access_modes = {}

    # for file we omit DELETE_CHILD since files can't have children
    ace_access_modes["file"] = [
        ACE4_READ_DATA, ACE4_WRITE_DATA, ACE4_APPEND_DATA,
        ACE4_READ_NAMED_ATTRS, ACE4_WRITE_NAMED_ATTRS, ACE4_EXECUTE,
        ACE4_READ_ATTRIBUTES, ACE4_WRITE_ATTRIBUTES, ACE4_DELETE,
        ACE4_READ_ACL, ACE4_WRITE_ACL, ACE4_WRITE_OWNER, ACE4_SYNCHRONIZE,
        ACE4_GENERIC_READ, ACE4_GENERIC_WRITE, ACE4_GENERIC_EXECUTE
    ]

    # for dir we omit SYNCHRONIZE, GENERIC_READ, GENERIC_WRITE and
    # GENERIC_EXECUTE since these are inapplicable to directories
    ace_access_modes["dir"] = [
        ACE4_READ_DATA, ACE4_WRITE_DATA, ACE4_APPEND_DATA,
        ACE4_READ_NAMED_ATTRS, ACE4_WRITE_NAMED_ATTRS, ACE4_EXECUTE,
        ACE4_DELETE_CHILD, ACE4_READ_ATTRIBUTES, ACE4_WRITE_ATTRIBUTES,
        ACE4_DELETE, ACE4_READ_ACL, ACE4_WRITE_ACL, ACE4_WRITE_OWNER
    ]

    # track interesting who types for test
    ace_identities = ["OWNER@", "GROUP@", "EVERYONE@"]
    #    ace_identities = ["OWNER@", "GROUP@", "EVERYONE@", "INTERACTIVE@", "NETWORK@", "DIALUP@", "BATCH@", "ANONYMOUS@",
    #        "AUTHENTICATED@", "SERVICE@"]

    # get supported acl type mask from server
    supported = c.supportedACLTypes()

    for file_type in ("file", "dir"):
        # iterate over all acl support types
        for index in range(0, len(acl_support_types)):
            # only run tests on supported acl types (unsupported will surely fail)
            if supported & acl_support_types[index]:
                # iterate over all possible ace flags
                for ace_flag in ace_flags[ace_types[index]]:
                    # skip any flag tests for files since they don't apply
                    if ace_flag != 0 and file_type == "file":
                        continue

                    # iterate over all access modes
                    for access_mode in ace_access_modes[file_type]:
                        # iterate over all identities
                        for identity in ace_identities:

                            # generate a test name for presentation
                            testname = "%s_%s_%s_%s_%s" % (
                                file_type, ace_type_to_str(ace_types[index]),
                                ace_flag_to_str(ace_flag),
                                ace_mode_to_str(file_type,
                                                access_mode), identity)

                            print "Round Tripping nfsace4(%s, %s, %s, %s) on a %s" % (
                                ace_type_to_str(ace_types[index]),
                                ace_flag_to_str(ace_flag),
                                ace_mode_to_str(file_type, access_mode),
                                identity, file_type)

                            try:
                                acl_test(
                                    t,
                                    env,
                                    testname, [
                                        nfsace4(ace_types[index], ace_flag,
                                                access_mode, identity)
                                    ],
                                    file_type=file_type,
                                    verbose=1)

                            except Exception, e:
                                rtfail += 1
                                print "--> ACLTest Exception: ", e
Esempio n. 27
0
def testACLEnumRountTrip(t, env):
    """SETATTR all supported ACL Types

    FLAGS: acls file all
    DEPEND: MKFILE
    CODE: SETACL4
    """
    c = env.c1
    c.init_connection()
    rtfail = 0

    # track ACL support types for comparison of aclsupport mask returned by server
    acl_support_types = [ACL4_SUPPORT_ALLOW_ACL, ACL4_SUPPORT_DENY_ACL, ACL4_SUPPORT_AUDIT_ACL, ACL4_SUPPORT_ALARM_ACL]

    # track all ACL types for test
    ace_types = [
        ACE4_ACCESS_ALLOWED_ACE_TYPE,
        ACE4_ACCESS_DENIED_ACE_TYPE,
        ACE4_SYSTEM_AUDIT_ACE_TYPE,
        ACE4_SYSTEM_ALARM_ACE_TYPE,
    ]

    # track all ACL flags for test
    ace_flags = {}
    # for ALLOWED and DENIED, SUCCESSFUL_ACCESS and FAILED_ACCESS mean nothing
    # for all types, IDENTIFIER_GROUP is omitted; we only test FOO@ whos
    ace_flags[ACE4_ACCESS_ALLOWED_ACE_TYPE] = [
        0,
        ACE4_FILE_INHERIT_ACE,
        ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE,
        ACE4_INHERIT_ONLY_ACE,
    ]
    ace_flags[ACE4_ACCESS_DENIED_ACE_TYPE] = [
        0,
        ACE4_FILE_INHERIT_ACE,
        ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE,
        ACE4_INHERIT_ONLY_ACE,
    ]

    # AUDIT and ALARM currently omit nothing because they're not even
    # supported and are therefore dead code; if we add support then
    # we'll need to review which values to include
    ace_flags[ACE4_SYSTEM_AUDIT_ACE_TYPE] = [
        0,
        ACE4_FILE_INHERIT_ACE,
        ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE,
        ACE4_INHERIT_ONLY_ACE,
        ACE4_SUCCESSFUL_ACCESS_ACE_FLAG,
        ACE4_FAILED_ACCESS_ACE_FLAG,
    ]
    ace_flags[ACE4_SYSTEM_ALARM_ACE_TYPE] = [
        0,
        ACE4_FILE_INHERIT_ACE,
        ACE4_DIRECTORY_INHERIT_ACE,
        ACE4_NO_PROPAGATE_INHERIT_ACE,
        ACE4_INHERIT_ONLY_ACE,
        ACE4_SUCCESSFUL_ACCESS_ACE_FLAG,
        ACE4_FAILED_ACCESS_ACE_FLAG,
    ]

    # track all ACL access modes for test
    ace_access_modes = {}

    # for file we omit DELETE_CHILD since files can't have children
    ace_access_modes["file"] = [
        ACE4_READ_DATA,
        ACE4_WRITE_DATA,
        ACE4_APPEND_DATA,
        ACE4_READ_NAMED_ATTRS,
        ACE4_WRITE_NAMED_ATTRS,
        ACE4_EXECUTE,
        ACE4_READ_ATTRIBUTES,
        ACE4_WRITE_ATTRIBUTES,
        ACE4_DELETE,
        ACE4_READ_ACL,
        ACE4_WRITE_ACL,
        ACE4_WRITE_OWNER,
        ACE4_SYNCHRONIZE,
        ACE4_GENERIC_READ,
        ACE4_GENERIC_WRITE,
        ACE4_GENERIC_EXECUTE,
    ]

    # for dir we omit SYNCHRONIZE, GENERIC_READ, GENERIC_WRITE and
    # GENERIC_EXECUTE since these are inapplicable to directories
    ace_access_modes["dir"] = [
        ACE4_READ_DATA,
        ACE4_WRITE_DATA,
        ACE4_APPEND_DATA,
        ACE4_READ_NAMED_ATTRS,
        ACE4_WRITE_NAMED_ATTRS,
        ACE4_EXECUTE,
        ACE4_DELETE_CHILD,
        ACE4_READ_ATTRIBUTES,
        ACE4_WRITE_ATTRIBUTES,
        ACE4_DELETE,
        ACE4_READ_ACL,
        ACE4_WRITE_ACL,
        ACE4_WRITE_OWNER,
    ]

    # track interesting who types for test
    ace_identities = ["OWNER@", "GROUP@", "EVERYONE@"]
    #    ace_identities = ["OWNER@", "GROUP@", "EVERYONE@", "INTERACTIVE@", "NETWORK@", "DIALUP@", "BATCH@", "ANONYMOUS@",
    #        "AUTHENTICATED@", "SERVICE@"]

    # get supported acl type mask from server
    supported = c.supportedACLTypes()

    for file_type in ("file", "dir"):
        # iterate over all acl support types
        for index in range(0, len(acl_support_types)):
            # only run tests on supported acl types (unsupported will surely fail)
            if supported & acl_support_types[index]:
                # iterate over all possible ace flags
                for ace_flag in ace_flags[ace_types[index]]:
                    # skip any flag tests for files since they don't apply
                    if ace_flag != 0 and file_type == "file":
                        continue

                    # iterate over all access modes
                    for access_mode in ace_access_modes[file_type]:
                        # iterate over all identities
                        for identity in ace_identities:

                            # generate a test name for presentation
                            testname = "%s_%s_%s_%s_%s" % (
                                file_type,
                                ace_type_to_str(ace_types[index]),
                                ace_flag_to_str(ace_flag),
                                ace_mode_to_str(file_type, access_mode),
                                identity,
                            )

                            print "Round Tripping nfsace4(%s, %s, %s, %s) on a %s" % (
                                ace_type_to_str(ace_types[index]),
                                ace_flag_to_str(ace_flag),
                                ace_mode_to_str(file_type, access_mode),
                                identity,
                                file_type,
                            )

                            try:
                                acl_test(
                                    t,
                                    env,
                                    testname,
                                    [nfsace4(ace_types[index], ace_flag, access_mode, identity)],
                                    file_type=file_type,
                                    verbose=1,
                                )

                            except Exception, e:
                                rtfail += 1
                                print "--> ACLTest Exception: ", e