import os import tempfile from ...platform import acl_get, acl_set from .platform_test import skipif_not_linux, skipif_fakeroot_detected, skipif_acls_not_working, skipif_no_ubel_user # set module-level skips pytestmark = [skipif_not_linux, skipif_fakeroot_detected] ACCESS_ACL = """\ user::rw- user:root:rw-:0 user:9999:r--:9999 group::r-- group:root:r--:0 group:9999:r--:9999 mask::rw- other::r--\ """.encode( "ascii" ) DEFAULT_ACL = """\ user::rw- user:root:r--:0 user:8888:r--:8888 group::r-- group:root:r--:0 group:8888:r--:8888 mask::rw- other::r--\ """.encode( "ascii" ) def get_acl(path, numeric_ids=False): item = {} acl_get(path, item, os.stat(path), numeric_ids=numeric_ids) return item def set_acl(path, access=None, default=None, numeric_ids=False): item = {"acl_access": access, "acl_default": default} acl_set(path, item, numeric_ids=numeric_ids) @skipif_acls_not_working def test_access_acl(): file = tempfile.NamedTemporaryFile() assert get_acl(file.name) == {} set_acl( file.name, access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n", numeric_ids=False, ) assert b"user:root:rw-:0" in get_acl(file.name)["acl_access"] assert b"group:root:rw-:0" in get_acl(file.name)["acl_access"] assert b"user:0:rw-:0" in get_acl(file.name, numeric_ids=True)["acl_access"] file2 = tempfile.NamedTemporaryFile() set_acl( file2.name, access=b"user::rw-\ngroup::r--\nmask::rw-\nother::---\nuser:root:rw-:9999\ngroup:root:rw-:9999\n", numeric_ids=True, ) assert b"user:9999:rw-:9999" in get_acl(file2.name)["acl_access"] assert b"group:9999:rw-:9999" in get_acl(file2.name)["acl_access"] @skipif_acls_not_working def test_default_acl(): with tempfile.TemporaryDirectory() as tmpdir: assert get_acl(tmpdir) == {} set_acl(tmpdir, access=ACCESS_ACL, default=DEFAULT_ACL) assert get_acl(tmpdir)["acl_access"] == ACCESS_ACL assert get_acl(tmpdir)["acl_default"] == DEFAULT_ACL @skipif_acls_not_working @skipif_no_ubel_user def test_non_ascii_acl(): # Testing non-ASCII ACL processing to see whether our code is robust. # I have no idea whether non-ASCII ACLs are allowed by the standard, # but in practice they seem to be out there and must not cause failures. file = tempfile.NamedTemporaryFile() assert get_acl(file.name) == {} nothing_special = b"user::rw-\ngroup::r--\nmask::rw-\nother::---\n" # TODO: can this be tested without having an existing system user übel with uid 666 gid 666? user_entry = "user:übel:rw-:666".encode() user_entry_numeric = b"user:666:rw-:666" group_entry = "group:übel:rw-:666".encode() group_entry_numeric = b"group:666:rw-:666" acl = b"\n".join([nothing_special, user_entry, group_entry]) set_acl(file.name, access=acl, numeric_ids=False) acl_access = get_acl(file.name, numeric_ids=False)["acl_access"] assert user_entry in acl_access assert group_entry in acl_access acl_access_numeric = get_acl(file.name, numeric_ids=True)["acl_access"] assert user_entry_numeric in acl_access_numeric assert group_entry_numeric in acl_access_numeric file2 = tempfile.NamedTemporaryFile() set_acl(file2.name, access=acl, numeric_ids=True) acl_access = get_acl(file2.name, numeric_ids=False)["acl_access"] assert user_entry in acl_access assert group_entry in acl_access acl_access_numeric = get_acl(file.name, numeric_ids=True)["acl_access"] assert user_entry_numeric in acl_access_numeric assert group_entry_numeric in acl_access_numeric def test_utils(): from ...platform.linux import acl_use_local_uid_gid assert acl_use_local_uid_gid(b"user:nonexistent1234:rw-:1234") == b"user:1234:rw-" assert acl_use_local_uid_gid(b"group:nonexistent1234:rw-:1234") == b"group:1234:rw-" assert acl_use_local_uid_gid(b"user:root:rw-:0") == b"user:0:rw-" assert acl_use_local_uid_gid(b"group:root:rw-:0") == b"group:0:rw-" def test_numeric_to_named_with_id_simple(monkeypatch): # Import here to ensure skip marker is applied before any platform-specific import side effects. from ...platform.linux import _acl_from_numeric_to_named_with_id # Pretend uid 1000 -> 'alice', gid 100 -> 'staff' from ...platform import platform_ug def _uid2user(uid, default=None): if uid == 1000: return "alice" return default def _gid2group(gid, default=None): if gid == 100: return "staff" return default monkeypatch.setattr(platform_ug, "_uid2user", _uid2user) monkeypatch.setattr(platform_ug, "_gid2group", _gid2group) src = b"\n".join([b"user::rwx", b"user:1000:r-x", b"group::r--", b"group:100:r--", b"mask::r-x", b"other::r--"]) out = _acl_from_numeric_to_named_with_id(src) lines = set(out.split(b"\n")) assert b"user::rwx" in lines assert b"user:alice:r-x:1000" in lines assert b"group::r--" in lines assert b"group:staff:r--:100" in lines assert b"mask::r-x" in lines assert b"other::r--" in lines def test_numeric_to_named_with_id_nonexistent_ids(monkeypatch): from ...platform.linux import _acl_from_numeric_to_named_with_id # Map functions return default (the given fallback), so names stay numeric but still append the fourth field from ...platform import platform_ug def _uid2user(uid, default=None): return default def _gid2group(gid, default=None): return default monkeypatch.setattr(platform_ug, "_uid2user", _uid2user) monkeypatch.setattr(platform_ug, "_gid2group", _gid2group) src = b"user:9999:r--\ngroup:8888:r--\n" out = _acl_from_numeric_to_named_with_id(src) lines = out.split(b"\n") assert lines[0] == b"user:9999:r--:9999" assert lines[1] == b"group:8888:r--:8888" def test_numeric_to_numeric_with_id_simple(): from ...platform.linux import _acl_from_numeric_to_numeric_with_id src = b"\n".join([b"user::rwx", b"user:1000:r-x", b"group::r--", b"group:100:r--", b"mask::r-x", b"other::r--"]) out = _acl_from_numeric_to_numeric_with_id(src) lines = set(out.split(b"\n")) assert b"user::rwx" in lines assert b"user:1000:r-x:1000" in lines assert b"group::r--" in lines assert b"group:100:r--:100" in lines assert b"mask::r-x" in lines assert b"other::r--" in lines