def testSyntheticAcl(t, env):
""" GETATTR of an ACL on a file with no ACL
This should return a synthetic ACL, see RFC 5661, section 6.4.2
FLAGS: getattr file all
DEPEND: LOOKFILE
CODE: GATTACL
"""
c = env.c1
file_obj = c.homedir + [t.code]
acl_attr_bitnum = get_attrbitnum_dict()['acl']
# These expected values come from the Isilon synthetic ACL; if that changes
# or ACL policy is being applied, this test may need to change.
group_rights = every_rights = ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + \
ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE
owner_rights = group_rights + ACE4_WRITE_DATA + ACE4_APPEND_DATA + \
ACE4_WRITE_NAMED_ATTRS + ACE4_WRITE_ATTRIBUTES + ACE4_WRITE_ACL
acl_expected = [
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"),
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"),
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@")
]
c.create_confirm(t.code)
ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: 'acl'})]
res = c.compound(ops)
check(res, msg="Asking for ACL attribute")
acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[
acl_attr_bitnum]
if acl_retrieved == []:
t.fail("ACL is empty!")
if compare_acl(acl_retrieved, acl_expected) == False:
t.fail("ACL does not match!")
def _setacl(c, path, acl, set_acl_exp=NFS4_OK):
ops = c.use_obj(path)
acl_attr_bitnum = get_attrbitnum_dict()['acl']
# set passed in ace on file
setaclops = ops + [c.setattr({acl_attr_bitnum: acl})]
set_res = c.compound(setaclops)
# check result
check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl))
def _setacl(c, path, acl, set_acl_exp=NFS4_OK):
ops = c.use_obj(path)
acl_attr_bitnum = get_attrbitnum_dict()['acl']
# set passed in ace on file
setaclops = ops + [c.setattr({acl_attr_bitnum: acl})]
set_res = c.compound(setaclops)
# check result
check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl))
def _admin_chownerorgrp(env, path, attr, newval):
c4 = env.c4
c4.init_connection()
baseops = c4.use_obj(path)
attr_bitnum = get_attrbitnum_dict()[attr]
ops = baseops + [c4.setattr({attr_bitnum: newval})]
res = c4.compound(ops)
check(res, NFS4_OK,
"SETATTR did not support changing %s attribute" % (attr))
def _admin_chownerorgrp(env, path, attr, newval):
c4 = env.c4
c4.init_connection()
baseops = c4.use_obj(path)
attr_bitnum = get_attrbitnum_dict()[attr]
ops = baseops + [c4.setattr({attr_bitnum: newval})]
res = c4.compound(ops)
check(res, NFS4_OK,
"SETATTR did not support changing %s attribute" % (attr))
def set_acl_round_trip(file_obj,
client,
acl,
set_acl_exp=NFS4_OK,
get_acl_exp=NFS4_OK,
compare=True):
""" set_acl_round_trip(file_obj(list), client, acl, set_acl_exp=NFS4_OK,
get_acl_exp=NFS4_OK, compare=True):
Sets a specific ACL on a file (can be directory as well) and then
attempts to round trip it via SETATTR and GETATTR and then compares
the original and final ACL to validate they are equal.
"""
# if given an argument that is not a list, set it to be a list
if type(acl) != type(list()):
acl = [acl]
baseops = client.use_obj(file_obj)
acl_attr_bitnum = get_attrbitnum_dict()['acl']
# set passed in ace on file
setaclops = baseops + [client.setattr({acl_attr_bitnum: acl})]
set_res = client.compound(setaclops)
# check result
check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl))
# get back set ace
getaclops = baseops + [client.getattr({acl_attr_bitnum: acl})]
get_res = client.compound(getaclops)
check(get_res, get_acl_exp, "GETATTR: Could not get ACE: %s" % (acl))
# pull the ace from the server out of the response
get_res_acl = get_res.resarray[-1].obj_attributes[acl_attr_bitnum]
# compare the source ace and result ace
if compare:
checkvalid(
compare_acl(acl, get_res_acl),
"SETATTR ACL: Source ACE (%s) and returned ACE (%s) do not match!"
% (acl, get_res_acl))
def testSyntheticAcl(t, env):
""" GETATTR of an ACL on a file with no ACL
This should return a synthetic ACL, see RFC 5661, section 6.4.2
FLAGS: getattr file all
DEPEND: LOOKFILE
CODE: GATTACL
"""
c = env.c1
file_obj = c.homedir + [t.code]
acl_attr_bitnum = get_attrbitnum_dict()["acl"]
# These expected values come from the Isilon synthetic ACL; if that changes
# or ACL policy is being applied, this test may need to change.
group_rights = every_rights = (
ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE
)
owner_rights = (
group_rights
+ ACE4_WRITE_DATA
+ ACE4_APPEND_DATA
+ ACE4_WRITE_NAMED_ATTRS
+ ACE4_WRITE_ATTRIBUTES
+ ACE4_WRITE_ACL
)
acl_expected = [
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"),
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"),
nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@"),
]
c.create_confirm(t.code)
ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: "acl"})]
res = c.compound(ops)
check(res, msg="Asking for ACL attribute")
acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[acl_attr_bitnum]
if acl_retrieved == []:
t.fail("ACL is empty!")
if compare_acl(acl_retrieved, acl_expected) == False:
t.fail("ACL does not match!")
def set_acl_round_trip(file_obj, client, acl, set_acl_exp=NFS4_OK, get_acl_exp=NFS4_OK, compare=True):
""" set_acl_round_trip(file_obj(list), client, acl, set_acl_exp=NFS4_OK,
get_acl_exp=NFS4_OK, compare=True):
Sets a specific ACL on a file (can be directory as well) and then
attempts to round trip it via SETATTR and GETATTR and then compares
the original and final ACL to validate they are equal.
"""
# if given an argument that is not a list, set it to be a list
if type(acl) != type(list()):
acl = [acl]
baseops = client.use_obj(file_obj)
acl_attr_bitnum = get_attrbitnum_dict()["acl"]
# set passed in ace on file
setaclops = baseops + [client.setattr({acl_attr_bitnum: acl})]
set_res = client.compound(setaclops)
# check result
check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl))
# get back set ace
getaclops = baseops + [client.getattr({acl_attr_bitnum: acl})]
get_res = client.compound(getaclops)
check(get_res, get_acl_exp, "GETATTR: Could not get ACE: %s" % (acl))
# pull the ace from the server out of the response
get_res_acl = get_res.resarray[-1].obj_attributes[acl_attr_bitnum]
# compare the source ace and result ace
if compare:
checkvalid(
compare_acl(acl, get_res_acl),
"SETATTR ACL: Source ACE (%s) and returned ACE (%s) do not match!" % (acl, get_res_acl),
)
def __init__(self, name, access, sample):
self.name = name
self.bitnum = get_attrbitnum_dict()[name]
self.mask = 2**self.bitnum
self.access = access
self.sample = sample
def __init__(self, name, access, sample):
self.name = name
self.bitnum = get_attrbitnum_dict()[name]
self.mask = 2**self.bitnum
self.access = access
self.sample = sample
