From patchwork Sat May 17 02:22:25 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kinglong Mee <kinglongmee@gmail.com>
X-Patchwork-Id: 4195871
Return-Path: <linux-nfs-owner@kernel.org>
X-Original-To: patchwork-linux-nfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id C1C6A9F1E2
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 17 May 2014 02:22:41 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 8FF72203E1
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 17 May 2014 02:22:40 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 54FA1203DB
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Sat, 17 May 2014 02:22:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754637AbaEQCWi (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Fri, 16 May 2014 22:22:38 -0400
Received: from mail-oa0-f44.google.com ([209.85.219.44]:64686 "EHLO
	mail-oa0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754502AbaEQCWh (ORCPT
	<rfc822; linux-nfs@vger.kernel.org>); Fri, 16 May 2014 22:22:37 -0400
Received: by mail-oa0-f44.google.com with SMTP id o6so3916272oag.3
	for <linux-nfs@vger.kernel.org>; Fri, 16 May 2014 19:22:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:cc:subject
	:content-type:content-transfer-encoding;
	bh=nq9MR7d2o8vjmg7UwnQ9CNFBF4DTOKVpIuGlmBDWDoE=;
	b=cQGJbkCEKzhukgk4zg6AyOPH5r/Va0FabMim44qSKrrNSplPTsJwpLOim0eWPEl73h
	FRV5yGu2CUTY7Ezr+v4mZdJ1qO3EIg/XEsiSeEQleU54vfhOblHKwlKEo3aZfM6hN/2O
	gZGzh2nqvpDXz3DM9y0O9R3dd3pvGt4wJL8bx93B8cO1RZdiKGviz07jqI9k5xEuCtze
	JPE439tHpJD78tTf6A3aZoEO4Gnb3/2lUxs14YmFWZtpAgrlJh8fjbNQsjF6MJg3H0S3
	RRiXd0u0KbuJBCEEm5ujsnTDUVn8rIt+T/oAeCpMVj+KEOCWC/8jxngZVHBZDnIXXacM
	uaNA==
X-Received: by 10.182.105.1 with SMTP id gi1mr21349870obb.9.1400293357470;
	Fri, 16 May 2014 19:22:37 -0700 (PDT)
Received: from [192.168.31.158] ([118.117.115.173])
	by mx.google.com with ESMTPSA id
	r3sm18030631obi.23.2014.05.16.19.22.34 for <multiple recipients>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Fri, 16 May 2014 19:22:36 -0700 (PDT)
Message-ID: <5376C7E1.6080005@gmail.com>
Date: Sat, 17 May 2014 10:22:25 +0800
From: Kinglong Mee <kinglongmee@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
	rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "J. Bruce Fields" <bfields@fieldses.org>
CC: linux-nfs@vger.kernel.org, kinglongmee@gmail.com
Subject: [PATCH 3/3 v2] NFS4.0: Add some test cases for nfsv4 acl
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
---
 nfs4.0/servertests/__init__.py |   1 +
 nfs4.0/servertests/st_acl.py   | 322 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 323 insertions(+)
 create mode 100644 nfs4.0/servertests/st_acl.py

diff --git a/nfs4.0/servertests/__init__.py b/nfs4.0/servertests/__init__.py
index b0b77c4..90da169 100644
--- a/nfs4.0/servertests/__init__.py
+++ b/nfs4.0/servertests/__init__.py
@@ -40,4 +40,5 @@ __all__ = [ "st_access.py",
             "st_reboot.py",
             "st_delegation.py", # Not Done at all
             "st_spoof.py",
+            "st_acl.py",
             ]
diff --git a/nfs4.0/servertests/st_acl.py b/nfs4.0/servertests/st_acl.py
new file mode 100644
index 0000000..c162406
--- /dev/null
+++ b/nfs4.0/servertests/st_acl.py
@@ -0,0 +1,322 @@
+from nfs4_const import *
+from environment import check, checklist
+from nfs4lib import get_attr_name
+from nfs4acl import *
+
+MASK_ALL_FILE = ACE4_READ_DATA | ACE4_WRITE_DATA | ACE4_APPEND_DATA | \
+                ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \
+                ACE4_EXECUTE | ACE4_READ_ATTRIBUTES | ACE4_WRITE_ATTRIBUTES | \
+                ACE4_DELETE | ACE4_READ_ACL | ACE4_WRITE_ACL | \
+                ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE
+MASK_ALL_DIR = ACE4_LIST_DIRECTORY | ACE4_ADD_FILE | ACE4_ADD_SUBDIRECTORY | \
+               ACE4_READ_NAMED_ATTRS | ACE4_WRITE_NAMED_ATTRS | \
+               ACE4_EXECUTE | ACE4_DELETE_CHILD | ACE4_READ_ATTRIBUTES | \
+               ACE4_WRITE_ATTRIBUTES | ACE4_READ_ACL | ACE4_WRITE_ACL | \
+               ACE4_WRITE_OWNER | ACE4_SYNCHRONIZE
+
+def doTestGetACL(t, env, path):
+    c = env.c1
+    ops = c.use_obj(path) + [c.getattr([FATTR4_ACL])]
+    res = c.compound(ops)
+    check(res)
+
+    attrs = res.resarray[-1].obj_attributes
+    if FATTR4_ACL not in attrs.keys():
+        t.fail("Attributes not contains FATTR4_ACL")
+
+#    print printableacl(attrs[FATTR4_ACL])
+
+def testCheckSupportedACL(t, env):
+    """ Check whether attributes contains FATTR4_ACLSUPPORT
+
+    FLAGS: getattr all
+    CODE: ACLSUPP
+    """
+    if not FATTR4_ACLSUPPORT & env.c1.supportedAttrs():
+        t.fail_support("Server does not support FATTR4_ACL")
+
+def testGetACLFile(t, env):
+    """ Get ACL of reg file
+
+    FLAGS: acl getattr file all
+    DEPEND: ACLSUPP LOOKFILE
+    CODE: ACL1r
+    """
+    doTestGetACL(t, env, env.opts.usefile)
+
+def testGetACLDir(t, env):
+    """ Get ACL of dir file
+
+    FLAGS: acl getattr dir all
+    DEPEND: ACLSUPP LOOKDIR
+    CODE: ACL1d
+    """
+    doTestGetACL(t, env, env.opts.usedir)
+
+def testGetACLFifo(t, env):
+    """ Get ACL of fifo file
+
+    FLAGS: acl getattr fifo all
+    DEPEND: ACLSUPP LOOKFIFO
+    CODE: ACL1f
+    """
+    doTestGetACL(t, env, env.opts.usefifo)
+
+def testGetACLLink(t, env):
+    """ Get ACL of symlink file
+
+    FLAGS: acl getattr symlink all
+    DEPEND: ACLSUPP LOOKLINK
+    CODE: ACL1a
+    """
+    doTestGetACL(t, env, env.opts.uselink)
+
+def testGetACLSocket(t, env):
+    """ Get ACL of socket file
+
+    FLAGS: acl getattr socket all
+    DEPEND: ACLSUPP LOOKSOCK
+    CODE: ACL1s
+    """
+    doTestGetACL(t, env, env.opts.usesocket)
+
+def testGetACLChar(t, env):
+    """ Get ACL of char file
+
+    FLAGS: acl getattr char all
+    DEPEND: ACLSUPP LOOKCHAR
+    CODE: ACL1c
+    """
+    doTestGetACL(t, env, env.opts.usechar)
+
+def testGetACLBlock(t, env):
+    """ Get ACL of block file
+
+    FLAGS: acl getattr block all
+    DEPEND: ACLSUPP LOOKBLK
+    CODE: ACL1b
+    """
+    doTestGetACL(t, env, env.opts.useblock)
+
+def doCheckACL(t, c, file, acl):
+    res = c.compound(c.use_obj(file) + [c.getattr([FATTR4_ACL])])
+    check(res)
+
+    attrs = res.resarray[-1].obj_attributes
+    if FATTR4_ACL not in attrs.keys():
+         t.fail("Attributes not contains FATTR4_ACL")
+
+#    print printableacl(acl)
+#    print printableacl(attrs[FATTR4_ACL])
+
+def doSetACLEnv(t, env, type = NF4REG):
+    c = env.c1
+    path = c.homedir + [t.code]
+    res = c.create_obj(path, attrs={FATTR4_MODE:0777})
+    check(res)
+
+    c1 = env.c2
+    c1.init_connection()
+
+    path += [t.code]
+    attrs = {FATTR4_MODE: 0777}
+
+    if type == NF4REG:
+        fh, stateid = c1.create_confirm(t.code, path, attrs=attrs,
+                                        deny=OPEN4_SHARE_DENY_NONE)
+        return (c1, path, fh, stateid)
+    else:
+        res = c1.create_obj(path, attrs=attrs)
+        check(res)
+        return (c1, path)
+
+def testWriteFileWithoutACL(t, env):
+    """ Check write file without write ACL
+
+    FLAGS: acl file all
+    DEPEND: ACLSUPP MKFILE
+    CODE: ACL2
+    """
+    c1, path, fh, stateid = doSetACLEnv(t, env)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_DATA, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, fh, testacl)
+
+    res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE)
+    check(res, NFS4ERR_ACCESS, "Trying to OPEN file without write ACL")
+
+def testReadFileWithoutACL(t, env):
+    """ Check read file without read ACL
+
+    FLAGS: acl file all
+    DEPEND: ACLSUPP MKFILE
+    CODE: ACL3
+    """
+    c1, path, fh, stateid = doSetACLEnv(t, env)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_READ_DATA, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, fh, testacl)
+
+    res = c1.open_file(t.code, path, deny = OPEN4_SHARE_DENY_READ)
+    check(res, NFS4ERR_ACCESS, "Trying to OPEN file without read ACL")
+
+def testAppendFileWithoutACL(t, env):
+    """ Check write file without append ACL
+
+    FLAGS: acl file all
+    DEPEND: ACLSUPP MKFILE
+    CODE: ACL4
+    """
+    c1, path, fh, stateid = doSetACLEnv(t, env)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_APPEND_DATA, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, fh, testacl)
+
+    res = c1.open_file(t.code, path, access=OPEN4_SHARE_ACCESS_WRITE)
+    check(res, NFS4ERR_ACCESS, "Trying to OPEN file without append ACL")
+
+def testChownWithoutACL(t, env):
+    """ Check change file's owner without WRITE OWNER ACL
+
+    FLAGS: acl file all
+    DEPEND: ACLSUPP MKFILE
+    CODE: ACL5
+    """
+    c1, path, fh, stateid = doSetACLEnv(t, env)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_OWNER, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, fh, testacl)
+
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_OWNER: "6666"})])
+    check(res, NFS4ERR_PERM, "Trying to change file's owner without ACL")
+
+def testSetACLWithoutACL(t, env):
+    """ Check set ACL without SETACL ACL
+
+    FLAGS: acl file all
+    DEPEND: ACLSUPP MKFILE
+    CODE: ACL6
+    """
+    c1, path, fh, stateid = doSetACLEnv(t, env)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_FILE & ~ACE4_WRITE_ACL, "OWNER@")]
+    ops = c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})]
+    res = c1.compound(ops)
+    check(res)
+
+    doCheckACL(t, c1, fh, testacl)
+
+    res = c1.compound(ops)
+    check(res, NFS4ERR_PERM, "Trying to set acl without ACL")
+
+def testCreateFileWithoutACL(t, env):
+    """ Check create file in directory without ACL
+
+    FLAGS: acl dir all
+    DEPEND: ACLSUPP MKDIR
+    CODE: ACL7
+    """
+    c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_FILE, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, path, testacl)
+
+    path += [t.code]
+    res = c1.create_obj(path)
+    # NFSD's shortage, can not create sub-directory
+    check(res, NFS4ERR_ACCESS)
+
+    res = c1.create_file(t.code, path)
+    check(res, NFS4ERR_ACCESS, "Trying to create file without ACL")
+
+def testListDirWithoutACL(t, env):
+    """ Check list directory without ACL
+
+    FLAGS: acl dir all
+    DEPEND: ACLSUPP MKDIR
+    CODE: ACL8
+    """
+    c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_LIST_DIRECTORY, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, path, testacl)
+
+    res = c1.compound(c1.use_obj(path) + [c1.readdir()])
+    check(res, NFS4ERR_ACCESS, "Trying to list directory without ACL")
+
+def testMkdirWithoutACL(t, env):
+    """ Check creat sub-directory without ACL
+
+    FLAGS: acl dir all
+    DEPEND: ACLSUPP MKDIR
+    CODE: ACL9
+    """
+    c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_ADD_SUBDIRECTORY, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, path, testacl)
+
+    path += [t.code]
+    res = c1.create_file(t.code, path)
+    # NFSD's shortage, can not create file
+    check(res, NFS4ERR_ACCESS)
+
+    res = c1.create_obj(path)
+    check(res, NFS4ERR_ACCESS, "Trying to create sub-directory without ACL")
+
+def testLookupFileWithoutACL(t, env):
+    """ Check lookup file without ACL
+
+    FLAGS: acl dir all
+    DEPEND: ACLSUPP MKDIR
+    CODE: ACL10
+    """
+    c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_EXECUTE, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, path, testacl)
+
+    res = c1.compound(c1.use_obj(path) + c1.lookup_path([t.code]))
+    check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL")
+
+def testUnlinkFileWithoutACL(t, env):
+    """ Check unlink sub-file without ACL
+
+    FLAGS: acl dir all
+    DEPEND: ACLSUPP MKDIR
+    CODE: ACL11
+    """
+    c1, path = doSetACLEnv(t, env, type = NF4DIR)
+
+    testacl = [nfsace4(ALLOWED, 0, MASK_ALL_DIR & ~ACE4_DELETE_CHILD, "OWNER@")]
+    res = c1.compound(c1.use_obj(path) + [c1.setattr({FATTR4_ACL: testacl})])
+    check(res)
+
+    doCheckACL(t, c1, path, testacl)
+
+    res = c1.compound(c1.use_obj(path) + [c1.remove_op(t.code)])
+    check(res, NFS4ERR_ACCESS, "Trying to lookup sub-file without ACL")