def testSyntheticAcl(t, env): """ GETATTR of an ACL on a file with no ACL This should return a synthetic ACL, see RFC 5661, section 6.4.2 FLAGS: getattr file all DEPEND: LOOKFILE CODE: GATTACL """ c = env.c1 file_obj = c.homedir + [t.code] acl_attr_bitnum = get_attrbitnum_dict()['acl'] # These expected values come from the Isilon synthetic ACL; if that changes # or ACL policy is being applied, this test may need to change. group_rights = every_rights = ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + \ ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE owner_rights = group_rights + ACE4_WRITE_DATA + ACE4_APPEND_DATA + \ ACE4_WRITE_NAMED_ATTRS + ACE4_WRITE_ATTRIBUTES + ACE4_WRITE_ACL acl_expected = [ nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"), nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"), nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@") ] c.create_confirm(t.code) ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: 'acl'})] res = c.compound(ops) check(res, msg="Asking for ACL attribute") acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[ acl_attr_bitnum] if acl_retrieved == []: t.fail("ACL is empty!") if compare_acl(acl_retrieved, acl_expected) == False: t.fail("ACL does not match!")
def _setacl(c, path, acl, set_acl_exp=NFS4_OK): ops = c.use_obj(path) acl_attr_bitnum = get_attrbitnum_dict()['acl'] # set passed in ace on file setaclops = ops + [c.setattr({acl_attr_bitnum: acl})] set_res = c.compound(setaclops) # check result check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl))
def _admin_chownerorgrp(env, path, attr, newval): c4 = env.c4 c4.init_connection() baseops = c4.use_obj(path) attr_bitnum = get_attrbitnum_dict()[attr] ops = baseops + [c4.setattr({attr_bitnum: newval})] res = c4.compound(ops) check(res, NFS4_OK, "SETATTR did not support changing %s attribute" % (attr))
def set_acl_round_trip(file_obj, client, acl, set_acl_exp=NFS4_OK, get_acl_exp=NFS4_OK, compare=True): """ set_acl_round_trip(file_obj(list), client, acl, set_acl_exp=NFS4_OK, get_acl_exp=NFS4_OK, compare=True): Sets a specific ACL on a file (can be directory as well) and then attempts to round trip it via SETATTR and GETATTR and then compares the original and final ACL to validate they are equal. """ # if given an argument that is not a list, set it to be a list if type(acl) != type(list()): acl = [acl] baseops = client.use_obj(file_obj) acl_attr_bitnum = get_attrbitnum_dict()['acl'] # set passed in ace on file setaclops = baseops + [client.setattr({acl_attr_bitnum: acl})] set_res = client.compound(setaclops) # check result check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl)) # get back set ace getaclops = baseops + [client.getattr({acl_attr_bitnum: acl})] get_res = client.compound(getaclops) check(get_res, get_acl_exp, "GETATTR: Could not get ACE: %s" % (acl)) # pull the ace from the server out of the response get_res_acl = get_res.resarray[-1].obj_attributes[acl_attr_bitnum] # compare the source ace and result ace if compare: checkvalid( compare_acl(acl, get_res_acl), "SETATTR ACL: Source ACE (%s) and returned ACE (%s) do not match!" % (acl, get_res_acl))
def testSyntheticAcl(t, env): """ GETATTR of an ACL on a file with no ACL This should return a synthetic ACL, see RFC 5661, section 6.4.2 FLAGS: getattr file all DEPEND: LOOKFILE CODE: GATTACL """ c = env.c1 file_obj = c.homedir + [t.code] acl_attr_bitnum = get_attrbitnum_dict()["acl"] # These expected values come from the Isilon synthetic ACL; if that changes # or ACL policy is being applied, this test may need to change. group_rights = every_rights = ( ACE4_READ_DATA + ACE4_READ_NAMED_ATTRS + ACE4_READ_ATTRIBUTES + ACE4_READ_ACL + ACE4_SYNCHRONIZE ) owner_rights = ( group_rights + ACE4_WRITE_DATA + ACE4_APPEND_DATA + ACE4_WRITE_NAMED_ATTRS + ACE4_WRITE_ATTRIBUTES + ACE4_WRITE_ACL ) acl_expected = [ nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, owner_rights, "OWNER@"), nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, group_rights, "GROUP@"), nfsace4(ACE4_ACCESS_ALLOWED_ACE_TYPE, 0, every_rights, "EVERYONE@"), ] c.create_confirm(t.code) ops = c.use_obj(file_obj) + [c.getattr({acl_attr_bitnum: "acl"})] res = c.compound(ops) check(res, msg="Asking for ACL attribute") acl_retrieved = res.resarray[-1].opgetattr.resok4.obj_attributes[acl_attr_bitnum] if acl_retrieved == []: t.fail("ACL is empty!") if compare_acl(acl_retrieved, acl_expected) == False: t.fail("ACL does not match!")
def set_acl_round_trip(file_obj, client, acl, set_acl_exp=NFS4_OK, get_acl_exp=NFS4_OK, compare=True): """ set_acl_round_trip(file_obj(list), client, acl, set_acl_exp=NFS4_OK, get_acl_exp=NFS4_OK, compare=True): Sets a specific ACL on a file (can be directory as well) and then attempts to round trip it via SETATTR and GETATTR and then compares the original and final ACL to validate they are equal. """ # if given an argument that is not a list, set it to be a list if type(acl) != type(list()): acl = [acl] baseops = client.use_obj(file_obj) acl_attr_bitnum = get_attrbitnum_dict()["acl"] # set passed in ace on file setaclops = baseops + [client.setattr({acl_attr_bitnum: acl})] set_res = client.compound(setaclops) # check result check(set_res, set_acl_exp, "SETATTR: Could not set ACE: %s" % (acl)) # get back set ace getaclops = baseops + [client.getattr({acl_attr_bitnum: acl})] get_res = client.compound(getaclops) check(get_res, get_acl_exp, "GETATTR: Could not get ACE: %s" % (acl)) # pull the ace from the server out of the response get_res_acl = get_res.resarray[-1].obj_attributes[acl_attr_bitnum] # compare the source ace and result ace if compare: checkvalid( compare_acl(acl, get_res_acl), "SETATTR ACL: Source ACE (%s) and returned ACE (%s) do not match!" % (acl, get_res_acl), )
def __init__(self, name, access, sample): self.name = name self.bitnum = get_attrbitnum_dict()[name] self.mask = 2**self.bitnum self.access = access self.sample = sample