From 7f8eba4fbfdb683aea3bb1efaed236b2aa4b8f9b Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Sun, 27 Aug 2023 02:47:46 +0200 Subject: [PATCH] freebsd: add some ACL tests, fixes #7745 enable ACL support in freebsd vagrant machine's filesystem --- Vagrantfile | 2 + src/borg/testsuite/platform_freebsd.py | 88 ++++++++++++++++++++++---- 2 files changed, 77 insertions(+), 13 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 1a58cd1a..65e78442 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -66,6 +66,8 @@ def packages_freebsd pkg update yes | pkg upgrade echo 'export BORG_OPENSSL_PREFIX=/usr' >> ~vagrant/.bash_profile + # (re)mount / with acls + mount -o acls / EOF end diff --git a/src/borg/testsuite/platform_freebsd.py b/src/borg/testsuite/platform_freebsd.py index 9d898a76..b2cc7770 100644 --- a/src/borg/testsuite/platform_freebsd.py +++ b/src/borg/testsuite/platform_freebsd.py @@ -1,30 +1,92 @@ -"""Dummy file for now, will eventually contain FreeBSD ACL tests.""" -import pytest +import os +import tempfile +from ..platform import acl_get, acl_set from .platform import skipif_not_freebsd # set module-level skips pytestmark = [skipif_not_freebsd] -def get_acl(): - return +ACCESS_ACL = """\ +user::rw- +user:root:rw- +user:9999:r-- +group::r-- +group:wheel:r-- +group:9999:r-- +mask::rw- +other::r-- +""".encode( + "ascii" +) + +DEFAULT_ACL = """\ +user::rw- +user:root:r-- +user:8888:r-- +group::r-- +group:wheel:r-- +group:8888:r-- +mask::rw- +other::r-- +""".encode( + "ascii" +) -def get_set_acl(): - return +def get_acl(path, numeric_ids=False): + item = {} + acl_get(path, item, os.stat(path), numeric_ids=numeric_ids) + return item + + +def set_acl(path, access=None, default=None, nfs4=None, numeric_ids=False): + item = {"acl_access": access, "acl_default": default, "acl_nfs4": nfs4} + acl_set(path, item, numeric_ids=numeric_ids) -@pytest.mark.skip(reason="not yet implemented") def test_access_acl(): - pass + file1 = tempfile.NamedTemporaryFile() + set_acl( + file1.name, + access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-\ngroup:wheel:rw-\n", + numeric_ids=False, + ) + acl_access_names = get_acl(file1.name, numeric_ids=False)["acl_access"] + assert b"user:root:rw-" in acl_access_names + assert b"group:wheel:rw-" in acl_access_names + acl_access_ids = get_acl(file1.name, numeric_ids=True)["acl_access"] + assert b"user:0:rw-" in acl_access_ids + assert b"group:0:rw-" in acl_access_ids + + file2 = tempfile.NamedTemporaryFile() + set_acl( + file2.name, access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:0:rw-\ngroup:0:rw-\n", numeric_ids=True + ) + acl_access_names = get_acl(file2.name, numeric_ids=False)["acl_access"] + assert b"user:root:rw-" in acl_access_names + assert b"group:wheel:rw-" in acl_access_names + acl_access_ids = get_acl(file2.name, numeric_ids=True)["acl_access"] + assert b"user:0:rw-" in acl_access_ids + assert b"group:0:rw-" in acl_access_ids + + file3 = tempfile.NamedTemporaryFile() + set_acl( + file3.name, + access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:wheel:rw-:9999\n", + numeric_ids=True, + ) + acl_access_ids = get_acl(file3.name, numeric_ids=True)["acl_access"] + assert b"user:9999:rw-" in acl_access_ids + assert b"group:9999:rw-" in acl_access_ids -@pytest.mark.skip(reason="not yet implemented") def test_default_acl(): - pass + tmpdir = tempfile.mkdtemp() + set_acl(tmpdir, access=ACCESS_ACL, default=DEFAULT_ACL) + assert get_acl(tmpdir)["acl_access"] == ACCESS_ACL + assert get_acl(tmpdir)["acl_default"] == DEFAULT_ACL -@pytest.mark.skip(reason="not yet implemented") -def test_nfs4_acl(): - pass +# nfs4 acls testing not implemented.