2014-04-13 18:26:46 +00:00
|
|
|
import os
|
|
|
|
|
import shutil
|
2014-04-27 12:29:03 +00:00
|
|
|
import sys
|
2014-04-13 18:26:46 +00:00
|
|
|
import tempfile
|
|
|
|
|
import unittest
|
2015-05-22 17:21:41 +00:00
|
|
|
|
|
|
|
|
from ..platform import acl_get, acl_set
|
|
|
|
|
from . import BaseTestCase
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
ACCESS_ACL = """
|
|
|
|
|
user::rw-
|
|
|
|
|
user:root:rw-:0
|
|
|
|
|
user:9999:r--:9999
|
|
|
|
|
group::r--
|
|
|
|
|
group:root:r--:0
|
|
|
|
|
group:9999:r--:9999
|
|
|
|
|
mask::rw-
|
|
|
|
|
other::r--
|
|
|
|
|
""".strip().encode('ascii')
|
|
|
|
|
|
|
|
|
|
DEFAULT_ACL = """
|
|
|
|
|
user::rw-
|
|
|
|
|
user:root:r--:0
|
|
|
|
|
user:8888:r--:8888
|
|
|
|
|
group::r--
|
|
|
|
|
group:root:r--:0
|
|
|
|
|
group:8888:r--:8888
|
|
|
|
|
mask::rw-
|
|
|
|
|
other::r--
|
|
|
|
|
""".strip().encode('ascii')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def fakeroot_detected():
|
|
|
|
|
return 'FAKEROOTKEY' in os.environ
|
|
|
|
|
|
|
|
|
|
|
2014-04-27 12:29:03 +00:00
|
|
|
@unittest.skipUnless(sys.platform.startswith('linux'), 'linux only test')
|
2014-04-13 18:26:46 +00:00
|
|
|
@unittest.skipIf(fakeroot_detected(), 'not compatible with fakeroot')
|
2015-05-09 18:47:50 +00:00
|
|
|
class PlatformLinuxTestCase(BaseTestCase):
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.tmpdir = tempfile.mkdtemp()
|
|
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
|
shutil.rmtree(self.tmpdir)
|
|
|
|
|
|
2014-04-29 20:29:26 +00:00
|
|
|
def get_acl(self, path, numeric_owner=False):
|
2014-04-13 18:26:46 +00:00
|
|
|
item = {}
|
2014-08-01 13:50:18 +00:00
|
|
|
acl_get(path, item, os.stat(path), numeric_owner=numeric_owner)
|
2014-04-13 18:26:46 +00:00
|
|
|
return item
|
|
|
|
|
|
2014-04-29 20:29:26 +00:00
|
|
|
def set_acl(self, path, access=None, default=None, numeric_owner=False):
|
2014-04-13 18:26:46 +00:00
|
|
|
item = {b'acl_access': access, b'acl_default': default}
|
2014-04-29 20:29:26 +00:00
|
|
|
acl_set(path, item, numeric_owner=numeric_owner)
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
|
def test_access_acl(self):
|
|
|
|
|
file = tempfile.NamedTemporaryFile()
|
|
|
|
|
self.assert_equal(self.get_acl(file.name), {})
|
2014-04-29 20:29:26 +00:00
|
|
|
self.set_acl(file.name, access=b'user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n', numeric_owner=False)
|
|
|
|
|
self.assert_in(b'user:root:rw-:0', self.get_acl(file.name)[b'acl_access'])
|
|
|
|
|
self.assert_in(b'group:root:rw-:0', self.get_acl(file.name)[b'acl_access'])
|
|
|
|
|
self.assert_in(b'user:0:rw-:0', self.get_acl(file.name, numeric_owner=True)[b'acl_access'])
|
|
|
|
|
file2 = tempfile.NamedTemporaryFile()
|
|
|
|
|
self.set_acl(file2.name, access=b'user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n', numeric_owner=True)
|
|
|
|
|
self.assert_in(b'user:9999:rw-:9999', self.get_acl(file2.name)[b'acl_access'])
|
|
|
|
|
self.assert_in(b'group:9999:rw-:9999', self.get_acl(file2.name)[b'acl_access'])
|
2014-04-13 18:26:46 +00:00
|
|
|
|
|
|
|
|
def test_default_acl(self):
|
|
|
|
|
self.assert_equal(self.get_acl(self.tmpdir), {})
|
|
|
|
|
self.set_acl(self.tmpdir, access=ACCESS_ACL, default=DEFAULT_ACL)
|
|
|
|
|
self.assert_equal(self.get_acl(self.tmpdir)[b'acl_access'], ACCESS_ACL)
|
|
|
|
|
self.assert_equal(self.get_acl(self.tmpdir)[b'acl_default'], DEFAULT_ACL)
|
|
|
|
|
|
2015-10-18 18:54:46 +00:00
|
|
|
def test_non_ascii_acl(self):
|
|
|
|
|
# Testing non-ascii ACL processing to see whether our code is robust.
|
|
|
|
|
# I have no idea whether non-ascii ACLs are allowed by the standard,
|
|
|
|
|
# but in practice they seem to be out there and must not make our code explode.
|
|
|
|
|
file = tempfile.NamedTemporaryFile()
|
|
|
|
|
self.assert_equal(self.get_acl(file.name), {})
|
|
|
|
|
nothing_special = 'user::rw-\ngroup::r--\nmask::rw-\nother::---\n'.encode('ascii')
|
2015-10-18 23:09:58 +00:00
|
|
|
# TODO: can this be tested without having an existing system user übel with uid 666 gid 666?
|
2015-10-18 18:54:46 +00:00
|
|
|
user_entry = 'user:übel:rw-:666'.encode('utf-8')
|
|
|
|
|
user_entry_numeric = 'user:666:rw-:666'.encode('ascii')
|
|
|
|
|
group_entry = 'group:übel:rw-:666'.encode('utf-8')
|
|
|
|
|
group_entry_numeric = 'group:666:rw-:666'.encode('ascii')
|
|
|
|
|
acl = b'\n'.join([nothing_special, user_entry, group_entry])
|
|
|
|
|
self.set_acl(file.name, access=acl, numeric_owner=False)
|
2015-10-18 23:09:58 +00:00
|
|
|
acl_access = self.get_acl(file.name, numeric_owner=False)[b'acl_access']
|
|
|
|
|
self.assert_in(user_entry, acl_access)
|
|
|
|
|
self.assert_in(group_entry, acl_access)
|
2015-10-18 18:54:46 +00:00
|
|
|
acl_access_numeric = self.get_acl(file.name, numeric_owner=True)[b'acl_access']
|
|
|
|
|
self.assert_in(user_entry_numeric, acl_access_numeric)
|
|
|
|
|
self.assert_in(group_entry_numeric, acl_access_numeric)
|
|
|
|
|
file2 = tempfile.NamedTemporaryFile()
|
|
|
|
|
self.set_acl(file2.name, access=acl, numeric_owner=True)
|
2015-10-18 23:09:58 +00:00
|
|
|
acl_access = self.get_acl(file2.name, numeric_owner=False)[b'acl_access']
|
|
|
|
|
self.assert_in(user_entry, acl_access)
|
|
|
|
|
self.assert_in(group_entry, acl_access)
|
|
|
|
|
acl_access_numeric = self.get_acl(file.name, numeric_owner=True)[b'acl_access']
|
|
|
|
|
self.assert_in(user_entry_numeric, acl_access_numeric)
|
|
|
|
|
self.assert_in(group_entry_numeric, acl_access_numeric)
|
2015-10-18 18:54:46 +00:00
|
|
|
|
2015-10-18 21:20:01 +00:00
|
|
|
def test_utils(self):
|
|
|
|
|
from ..platform_linux import acl_use_local_uid_gid
|
|
|
|
|
self.assert_equal(acl_use_local_uid_gid(b'user:nonexistent1234:rw-:1234'), b'user:1234:rw-')
|
|
|
|
|
self.assert_equal(acl_use_local_uid_gid(b'group:nonexistent1234:rw-:1234'), b'group:1234:rw-')
|
|
|
|
|
self.assert_equal(acl_use_local_uid_gid(b'user:root:rw-:0'), b'user:0:rw-')
|
|
|
|
|
self.assert_equal(acl_use_local_uid_gid(b'group:root:rw-:0'), b'group:0:rw-')
|
|
|
|
|
|
2014-05-03 13:10:11 +00:00
|
|
|
|
|
|
|
|
@unittest.skipUnless(sys.platform.startswith('darwin'), 'OS X only test')
|
|
|
|
|
@unittest.skipIf(fakeroot_detected(), 'not compatible with fakeroot')
|
2015-05-09 18:47:50 +00:00
|
|
|
class PlatformDarwinTestCase(BaseTestCase):
|
2014-05-03 13:10:11 +00:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.tmpdir = tempfile.mkdtemp()
|
|
|
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
|
shutil.rmtree(self.tmpdir)
|
|
|
|
|
|
|
|
|
|
def get_acl(self, path, numeric_owner=False):
|
|
|
|
|
item = {}
|
2014-08-01 13:50:18 +00:00
|
|
|
acl_get(path, item, os.stat(path), numeric_owner=numeric_owner)
|
2014-05-03 13:10:11 +00:00
|
|
|
return item
|
|
|
|
|
|
|
|
|
|
def set_acl(self, path, acl, numeric_owner=False):
|
|
|
|
|
item = {b'acl_extended': acl}
|
|
|
|
|
acl_set(path, item, numeric_owner=numeric_owner)
|
|
|
|
|
|
|
|
|
|
def test_access_acl(self):
|
|
|
|
|
file = tempfile.NamedTemporaryFile()
|
2014-05-03 21:22:55 +00:00
|
|
|
file2 = tempfile.NamedTemporaryFile()
|
2014-05-03 13:10:11 +00:00
|
|
|
self.assert_equal(self.get_acl(file.name), {})
|
2014-05-03 21:22:55 +00:00
|
|
|
self.set_acl(file.name, b'!#acl 1\ngroup:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000:staff:0:allow:read\nuser:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read\n', numeric_owner=False)
|
2014-05-03 13:10:11 +00:00
|
|
|
self.assert_in(b'group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000014:staff:20:allow:read', self.get_acl(file.name)[b'acl_extended'])
|
|
|
|
|
self.assert_in(b'user:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read', self.get_acl(file.name)[b'acl_extended'])
|
2014-05-03 21:22:55 +00:00
|
|
|
self.set_acl(file2.name, b'!#acl 1\ngroup:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000:staff:0:allow:read\nuser:FFFFEEEE-DDDD-CCCC-BBBB-AAAA00000000:root:0:allow:read\n', numeric_owner=True)
|
|
|
|
|
self.assert_in(b'group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000:wheel:0:allow:read', self.get_acl(file2.name)[b'acl_extended'])
|
|
|
|
|
self.assert_in(b'group:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000::0:allow:read', self.get_acl(file2.name, numeric_owner=True)[b'acl_extended'])
|
