Changeset View
Standalone View
bin/getfacl/tests/getfacl_test.sh
- This file was added.
# | |||||
# Copyright 2017 Shivansh Rai | |||||
# All rights reserved. | |||||
# | |||||
# Redistribution and use in source and binary forms, with or without | |||||
# modification, are permitted provided that the following conditions | |||||
# are met: | |||||
# 1. Redistributions of source code must retain the above copyright | |||||
# notice, this list of conditions and the following disclaimer. | |||||
# 2. Redistributions in binary form must reproduce the above copyright | |||||
# notice, this list of conditions and the following disclaimer in the | |||||
# documentation and/or other materials provided with the distribution. | |||||
# | |||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
# SUCH DAMAGE. | |||||
# | |||||
# $FreeBSD$ | |||||
# | |||||
check_acl() | |||||
{ | |||||
# Check if POSIX.1e ACLs are enabled on the root partition. | |||||
fs=`df . | awk '$NF ~ "/" {print $1}'` | |||||
if mount | awk -v fs=$fs '$1 == fs' | grep -q acls && | |||||
asomers: This isn't reliable. There's no guarantee on the order of filesystems returned by `mount`. If… | |||||
tunefs -p "$fs" 2>&1 | awk '$2 == "POSIX.1e" {print $5}' | grep -q enabled; then | |||||
asomersUnsubmitted Not Done Inline Actionstunefs will only work for UFS. Can you write something that works for ZFS too? Try getconf TRUSTEDBSD_ACL_NFS4 . and getconf TRUSTEDBSD_ACL_EXTENDED . . asomers: `tunefs` will only work for UFS. Can you write something that works for ZFS too? Try `getconf… | |||||
ngieUnsubmitted Not Done Inline ActionsDon't use TRUSTEDBSD_ACL_EXTENDED -- that isn't documented as well as ACL_EXTENDED is (I should really remove that in another CR I send out to rwatson@ -- it's an old backwards compat knob that doesn't make much sense IMHO). ngie: Don't use `TRUSTEDBSD_ACL_EXTENDED` -- that isn't documented as well as `ACL_EXTENDED` is (I… | |||||
# ok | |||||
else | |||||
atf_skip "POSIX.1e ACLs are not enabled" | |||||
fi | |||||
ngieUnsubmitted Not Done Inline Actions
_PC_ACL_EXTENDED Returns 1 if an Access Control List (ACL) can be set on the specified file, otherwise 0. _PC_ACL_NFS4 Returns 1 if an NFSv4 ACLs can be set on the specified file, otherwise 0. For example: # UFS (without POSIX ACLs enabled) $ getconf ACL_EXTENDED /mnt/tmp/ 0 # UFS (with POSIX ACLs enabled) # XXX: had to unmount -- mount -ru /mnt/tmp updated the superblock, but # the value returned via *pathconf(2) didn't change. # $ sudo mount -ru /mnt/tmp $ sudo umount /mnt/tmp $ sudo tunefs -a enable /dev/md0 $ sudo mount /dev/md0 /mnt/tmp $ getconf ACL_EXTENDED /mnt/tmp 1 # ZFS $ getconf ACL_EXTENDED / 0 If you want to be really slick and get full coverage, I'd create a temporary UFS file system as I showed above and cleanup at test completion. I need to code this up generically though--I have some common patterns in contrib/netbsd-tests and elsewhere that illustrates how one can do this.
ngie: 1. Using getconf(1) is better (cuts to the chase and is not reliant on how the filesystem… | |||||
shivanshAuthorUnsubmitted Not Done Inline Actions@ngie I found out src/contrib/netbsd-tests/fs/tmpfs/h_funcs.subr in which there are custom functions to create mount points and mount/unmount them (test_mount() and test_unmount()).
Is this the pattern that you previously mentioned ? In case this is the pattern which you mentioned above, is it advisable for me to use this file itself via . $(atf_get_srcdir)/$(traverse to appropriate location)/h_funcs.subr or should I make a similar file inside src/bin/getfacl/tests. shivansh: @ngie I found out `src/contrib/netbsd-tests/fs/tmpfs/h_funcs.subr` in which there are custom… | |||||
} | |||||
get_user() | |||||
{ | |||||
stat -f "%Su" "$1" | |||||
} | |||||
get_group() | |||||
{ | |||||
stat -f "%Sg" "$1" | |||||
} | |||||
get_user_perm() | |||||
{ | |||||
stat -f "%SHp" "$1" | |||||
} | |||||
get_group_perm() | |||||
{ | |||||
stat -f "%SMp" "$1" | |||||
} | |||||
get_other_perm() | |||||
{ | |||||
stat -f "%SLp" "$1" | |||||
} | |||||
atf_test_case no_opt | |||||
no_opt_head() | |||||
{ | |||||
atf_set "descr" "Verify the output of the getfacl(1) command " \ | |||||
"without any options." | |||||
atf_set "require.user" "root" | |||||
} | |||||
Not Done Inline ActionsThis will only work for POSIX.1e ACLs. FreeBSD supports two incompatible ACL formats: POSIX.1e and NFSv4. I think the best thing to do would be to write two sets of tests: one for each ACL format. On any one run, one set would be skipped, depending on what filesystem Kyua is using. Or, you could write tests just for POSIX.1e ACLs, because that's what FreeBSD's CI system uses. In that case, you should modify check_acl to exclude filesystems with NFSv4 ACLs. asomers: This will only work for POSIX.1e ACLs. FreeBSD supports two incompatible ACL formats: POSIX.1e… | |||||
no_opt_body() | |||||
{ | |||||
check_acl | |||||
atf_check touch A | |||||
atf_check setfacl -m u::rw,g::r,o::r A | |||||
user_A=$(get_user A) | |||||
group_A=$(get_group A) | |||||
user_perm_A=$(get_user_perm A) | |||||
group_perm_A=$(get_group_perm A) | |||||
other_perm_A=$(get_other_perm A) | |||||
atf_check -o inline:'# file: A\n# owner: '"$user_A"'\n# group: '"$group_A"'\nuser::'"$user_perm_A"'\ngroup::'"$group_perm_A"'\nmask::'"$group_perm_A"'\nother::'"$other_perm_A"'\n' getfacl A | |||||
} | |||||
atf_test_case no_opt_symbolic | |||||
no_opt_symbolic_head() | |||||
{ | |||||
atf_set "descr" "Verify that if the target of the operation is a symbolic " \ | |||||
"link, then getfacl(1) returns the ACL from the source of " \ | |||||
"the symbolic link." | |||||
atf_set "require.user" "root" | |||||
} | |||||
no_opt_symbolic_body() | |||||
{ | |||||
check_acl | |||||
atf_check touch A | |||||
atf_check setfacl -m u::rw,g::r,o::r A | |||||
atf_check ln -s A B | |||||
user_A=$(get_user A) | |||||
group_A=$(get_group A) | |||||
user_perm_A=$(get_user_perm A) | |||||
group_perm_A=$(get_group_perm A) | |||||
other_perm_A=$(get_other_perm A) | |||||
atf_check -o inline:'# file: B\n# owner: '"$user_A"'\n# group: '"$group_A"'\nuser::'"$user_perm_A"'\ngroup::'"$group_perm_A"'\nmask::'"$group_perm_A"'\nother::'"$other_perm_A"'\n' getfacl B | |||||
} | |||||
atf_test_case h_flag | |||||
h_flag_head() | |||||
{ | |||||
atf_set "descr" "Verify that if the target of the operation is a symbolic " \ | |||||
"link, then '-h' option returns the ACL from the symbolic " \ | |||||
"link rather than following the link." | |||||
atf_set "require.user" "root" | |||||
} | |||||
h_flag_body() | |||||
{ | |||||
check_acl | |||||
atf_check touch A | |||||
atf_check setfacl -m u::rw,g::r,o::r A | |||||
atf_check ln -s A B | |||||
user_perm_B=$(get_user_perm B) | |||||
group_perm_B=$(get_group_perm B) | |||||
other_perm_B=$(get_other_perm B) | |||||
atf_check -o inline:'user::'"$user_perm_B"'\ngroup::'"$group_perm_B"'\nother::'"$other_perm_B"'\n' getfacl -hq B | |||||
} | |||||
atf_test_case q_flag | |||||
q_flag_head() | |||||
{ | |||||
atf_set "descr" "Verify that '-q' option does not display commented " \ | |||||
"information about file name and ownership." | |||||
atf_set "require.user" "root" | |||||
} | |||||
q_flag_body() | |||||
{ | |||||
check_acl | |||||
atf_check touch A | |||||
atf_check setfacl -m u::rw,g::r,o::r A | |||||
user_perm_A=$(get_user_perm A) | |||||
group_perm_A=$(get_group_perm A) | |||||
other_perm_A=$(get_other_perm A) | |||||
atf_check -o inline:'user::'"$user_perm_A"'\ngroup::'"$group_perm_A"'\nmask::'"$group_perm_A"'\nother::'"$other_perm_A"'\n' getfacl -q A | |||||
} | |||||
atf_init_test_cases() | |||||
{ | |||||
atf_add_test_case no_opt | |||||
atf_add_test_case no_opt_symbolic | |||||
atf_add_test_case h_flag | |||||
atf_add_test_case q_flag | |||||
} |
This isn't reliable. There's no guarantee on the order of filesystems returned by mount. If you want to check the root partition, you should try something like mount | awk '$3 == "/"'
Also, you seem to be using this as a gate for whether to run tests. In that case, it's inappropriate to ues atf_check, because that will fail the test if ACLs aren't enabled. Instead, you should skip the test if ACLs aren't enabled.
Finally, Kyua doesn't use / for temporary files. Instead, it uses $TMPDIR. But you shouldn't rely on that. Instead, you should check the filesystem where you happen to be executing. Try something like this: