4 """Unittests for the posix1e module"""
6 # Copyright (C) 2002-2009, 2012, 2014, 2015 Iustin Pop <iustin@k1024.org>
8 # This library is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU Lesser General Public
10 # License as published by the Free Software Foundation; either
11 # version 2.1 of the License, or (at your option) any later version.
13 # This library is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 # Lesser General Public License for more details.
18 # You should have received a copy of the GNU Lesser General Public
19 # License along with this library; if not, write to the Free Software
20 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
32 import pytest # type: ignore
40 TEST_DIR = os.environ.get("TEST_DIR", ".")
42 BASIC_ACL_TEXT = "u::rw,g::r,o::-"
44 # Permset permission information
46 posix1e.ACL_READ: ("read", posix1e.Permset.read),
47 posix1e.ACL_WRITE: ("write", posix1e.Permset.write),
48 posix1e.ACL_EXECUTE: ("execute", posix1e.Permset.execute),
52 (posix1e.ACL_USER, "user"),
53 (posix1e.ACL_GROUP, "group"),
54 (posix1e.ACL_USER_OBJ, "user object"),
55 (posix1e.ACL_GROUP_OBJ, "group object"),
56 (posix1e.ACL_MASK, "mask"),
57 (posix1e.ACL_OTHER, "other"),
60 ALL_TAG_VALUES = [i[0] for i in ALL_TAGS]
61 ALL_TAG_DESCS = [i[1] for i in ALL_TAGS]
63 # Fixtures and helpers
65 def ignore_ioerror(errnum, fn, *args, **kwargs):
66 """Call a function while ignoring some IOErrors.
68 This is needed as some OSes (e.g. FreeBSD) return failure (EINVAL)
69 when doing certain operations on an invalid ACL.
74 except IOError as err:
75 if err.errno == errnum:
81 """per-test temp dir based in TEST_DIR"""
82 with tempfile.TemporaryDirectory(dir=TEST_DIR) as dname:
86 fh, fname = tempfile.mkstemp(".test", "xattr-", path)
89 @contextlib.contextmanager
90 def get_file_name(path):
91 fh, fname = get_file(path)
95 @contextlib.contextmanager
96 def get_file_fd(path):
97 fd = get_file(path)[0]
101 @contextlib.contextmanager
102 def get_file_object(path):
103 fd = get_file(path)[0]
104 with os.fdopen(fd) as f:
107 @contextlib.contextmanager
109 yield tempfile.mkdtemp(".test", "xattr-", path)
111 def get_symlink(path, dangling=True):
112 """create a symlink"""
113 fh, fname = get_file(path)
117 sname = fname + ".symlink"
118 os.symlink(fname, sname)
121 @contextlib.contextmanager
122 def get_valid_symlink(path):
123 yield get_symlink(path, dangling=False)[1]
125 @contextlib.contextmanager
126 def get_dangling_symlink(path):
127 yield get_symlink(path, dangling=True)[1]
129 @contextlib.contextmanager
130 def get_file_and_symlink(path):
131 yield get_symlink(path, dangling=False)
133 @contextlib.contextmanager
134 def get_file_and_fobject(path):
135 fh, fname = get_file(path)
136 with os.fdopen(fh) as fo:
139 # Wrappers that build upon existing values
141 def as_wrapper(call, fn, closer=None):
142 @contextlib.contextmanager
144 with call(path) as r:
147 if closer is not None:
152 return as_wrapper(call, lambda r: r.encode())
155 return as_wrapper(call, pathlib.PurePath)
157 def as_iostream(call):
158 opener = lambda f: io.open(f, "r")
159 closer = lambda r: r.close()
160 return as_wrapper(call, opener, closer)
162 NOT_BEFORE_36 = pytest.mark.xfail(condition="sys.version_info < (3,6)",
164 NOT_PYPY = pytest.mark.xfail(condition="platform.python_implementation() == 'PyPy'",
167 require_acl_from_mode = pytest.mark.skipif("not HAS_ACL_FROM_MODE")
168 require_acl_check = pytest.mark.skipif("not HAS_ACL_CHECK")
169 require_acl_entry = pytest.mark.skipif("not HAS_ACL_ENTRY")
170 require_extended_check = pytest.mark.skipif("not HAS_EXTENDED_CHECK")
171 require_equiv_mode = pytest.mark.skipif("not HAS_EQUIV_MODE")
172 require_copy_ext = pytest.mark.skipif("not HAS_COPY_EXT")
174 # Note: ACLs are valid only for files/directories, not symbolic links
175 # themselves, so we only create valid symlinks.
178 as_bytes(get_file_name),
179 pytest.param(as_fspath(get_file_name),
180 marks=[NOT_BEFORE_36, NOT_PYPY]),
183 pytest.param(as_fspath(get_dir),
184 marks=[NOT_BEFORE_36, NOT_PYPY]),
186 as_bytes(get_valid_symlink),
187 pytest.param(as_fspath(get_valid_symlink),
188 marks=[NOT_BEFORE_36, NOT_PYPY]),
199 "file via symlink (bytes)",
200 "file via symlink (path)",
206 as_iostream(get_file_name),
215 ALL_P = FILE_P + FD_P
216 ALL_D = FILE_D + FD_D
218 @pytest.fixture(params=FILE_P, ids=FILE_D)
219 def file_subject(testdir, request):
220 with request.param(testdir) as value:
223 @pytest.fixture(params=FD_P, ids=FD_D)
224 def fd_subject(testdir, request):
225 with request.param(testdir) as value:
228 @pytest.fixture(params=ALL_P, ids=ALL_D)
229 def subject(testdir, request):
230 with request.param(testdir) as value:
235 """Load/create tests"""
236 def test_from_file(self, testdir):
237 """Test loading ACLs from a file"""
238 _, fname = get_file(testdir)
239 acl1 = posix1e.ACL(file=fname)
242 def test_from_dir(self, testdir):
243 """Test loading ACLs from a directory"""
244 with get_dir(testdir) as dname:
245 acl1 = posix1e.ACL(file=dname)
246 acl2 = posix1e.ACL(filedef=dname)
248 # default ACLs might or might not be valid; missing ones are
249 # not valid, so we don't test acl2 for validity
251 def test_from_fd(self, testdir):
252 """Test loading ACLs from a file descriptor"""
253 fd, _ = get_file(testdir)
254 acl1 = posix1e.ACL(fd=fd)
257 def test_from_nonexisting(self, testdir):
258 _, fname = get_file(testdir)
259 with pytest.raises(IOError):
260 posix1e.ACL(file="fname"+".no-such-file")
262 def test_from_invalid_fd(self, testdir):
263 fd, _ = get_file(testdir)
265 with pytest.raises(IOError):
268 def test_from_empty_invalid(self):
269 """Test creating an empty ACL"""
271 assert not acl1.valid()
273 def test_from_text(self):
274 """Test creating an ACL from text"""
275 acl1 = posix1e.ACL(text=BASIC_ACL_TEXT)
278 def test_from_acl(self):
279 """Test creating an ACL from an existing ACL"""
281 acl2 = posix1e.ACL(acl=acl1)
284 def test_invalid_creation_params(self, testdir):
285 """Test that creating an ACL from multiple objects fails"""
286 fd, _ = get_file(testdir)
287 with pytest.raises(ValueError):
288 posix1e.ACL(text=BASIC_ACL_TEXT, fd=fd)
290 def test_invalid_value_creation(self):
291 """Test that creating an ACL from wrong specification fails"""
292 with pytest.raises(EnvironmentError):
293 posix1e.ACL(text="foobar")
294 with pytest.raises(TypeError):
295 posix1e.ACL(foo="bar")
297 def test_uninit(self):
298 """Checks that uninit is actually empty init"""
299 acl = posix1e.ACL.__new__(posix1e.ACL)
300 assert not acl.valid()
305 def test_double_init(self):
306 acl1 = posix1e.ACL(text=BASIC_ACL_TEXT)
308 acl1.__init__(text=BASIC_ACL_TEXT)
311 @pytest.mark.xfail(reason="Unreliable test, re-init doesn't always invalidate children")
312 def test_double_init_breaks_children(self):
315 e.permset.write = True
317 with pytest.raises(EnvironmentError):
318 e.permset.write = False
321 class TestAclExtensions:
322 """ACL extensions checks"""
324 @require_acl_from_mode
325 def test_from_mode(self):
326 """Test loading ACLs from an octal mode"""
327 acl1 = posix1e.ACL(mode=0o644)
331 def test_acl_check(self):
332 """Test the acl_check method"""
333 acl1 = posix1e.ACL(text=BASIC_ACL_TEXT)
334 assert not acl1.check()
337 assert c == (ACL_MISS_ERROR, 0)
338 assert isinstance(c, tuple)
339 assert c[0] == ACL_MISS_ERROR
342 assert c == (ACL_ENTRY_ERROR, 0)
344 def test_applyto(self, subject):
345 """Test the apply_to function"""
346 # TODO: add read/compare with before, once ACL can be init'ed
348 basic_acl = posix1e.ACL(text=BASIC_ACL_TEXT)
349 basic_acl.applyto(subject)
350 enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
351 assert enhanced_acl.valid()
352 enhanced_acl.applyto(subject)
354 def test_apply_to_with_wrong_object(self):
355 acl1 = posix1e.ACL(text=BASIC_ACL_TEXT)
357 with pytest.raises(TypeError):
358 acl1.applyto(object())
359 with pytest.raises(TypeError):
360 acl1.applyto(object(), object())
362 def test_apply_to_fail(self, testdir):
363 acl1 = posix1e.ACL(text=BASIC_ACL_TEXT)
365 fd, fname = get_file(testdir)
367 with pytest.raises(IOError):
369 with pytest.raises(IOError, match="no-such-file"):
370 acl1.applyto(fname+".no-such-file")
372 @require_extended_check
373 def test_applyto_extended(self, subject):
374 """Test the acl_extended function"""
375 basic_acl = posix1e.ACL(text=BASIC_ACL_TEXT)
376 basic_acl.applyto(subject)
377 assert not has_extended(subject)
378 enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
379 assert enhanced_acl.valid()
380 enhanced_acl.applyto(subject)
381 assert has_extended(subject)
383 @require_extended_check
384 @pytest.mark.parametrize(
385 "gen", [ get_file_and_symlink, get_file_and_fobject ])
386 def test_applyto_extended_mixed(self, testdir, gen):
387 """Test the acl_extended function"""
388 with gen(testdir) as (a, b):
389 basic_acl = posix1e.ACL(text=BASIC_ACL_TEXT)
392 assert not has_extended(item)
393 enhanced_acl = posix1e.ACL(text="u::rw,g::-,o::-,u:root:rw,mask::r")
394 assert enhanced_acl.valid()
395 enhanced_acl.applyto(b)
397 assert has_extended(item)
399 @require_extended_check
400 def test_extended_fail(self, testdir):
401 fd, fname = get_file(testdir)
403 with pytest.raises(IOError):
405 with pytest.raises(IOError, match="no-such-file"):
406 has_extended(fname+".no-such-file")
408 @require_extended_check
409 def test_extended_arg_handling(self):
410 with pytest.raises(TypeError):
412 with pytest.raises(TypeError):
413 has_extended(object())
416 def test_equiv_mode(self):
417 """Test the equiv_mode function"""
418 if HAS_ACL_FROM_MODE:
419 for mode in 0o644, 0o755:
420 acl = posix1e.ACL(mode=mode)
421 assert acl.equiv_mode() == mode
422 acl = posix1e.ACL(text="u::rw,g::r,o::r")
423 assert acl.equiv_mode() == 0o644
424 acl = posix1e.ACL(text="u::rx,g::-,o::-")
425 assert acl.equiv_mode() == 0o500
428 def test_to_any_text(self):
429 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
431 acl.to_any_text(options=posix1e.TEXT_ABBREVIATE)
432 assert b"user::" in acl.to_any_text()
435 def test_to_any_text_wrong_args(self):
436 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
437 with pytest.raises(TypeError):
438 acl.to_any_text(foo="bar")
442 def test_rich_compare(self):
443 acl1 = posix1e.ACL(text="u::rw,g::r,o::r")
444 acl2 = posix1e.ACL(acl=acl1)
445 acl3 = posix1e.ACL(text="u::rw,g::rw,o::r")
448 with pytest.raises(TypeError):
450 with pytest.raises(TypeError):
453 assert not (acl1 == 1)
454 with pytest.raises(TypeError):
458 def test_acl_iterator(self):
459 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
461 assert entry.parent is acl
464 def test_acl_copy_ext(self):
465 a = posix1e.ACL(text=BASIC_ACL_TEXT)
467 c = posix1e.ACL(acl=b)
470 state = a.__getstate__()
471 b.__setstate__(state)
479 def test_delete_default(self, testdir):
480 """Test removing the default ACL"""
481 with get_dir(testdir) as dname:
482 posix1e.delete_default(dname)
484 def test_delete_default_fail(self, testdir):
485 """Test removing the default ACL"""
486 with get_file_name(testdir) as fname:
487 with pytest.raises(IOError, match="no-such-file"):
488 posix1e.delete_default(fname+".no-such-file")
491 def test_delete_default_wrong_arg(self):
492 with pytest.raises(TypeError):
493 posix1e.delete_default(object())
495 def test_reapply(self, testdir):
496 """Test re-applying an ACL"""
497 fd, fname = get_file(testdir)
498 acl1 = posix1e.ACL(fd=fd)
501 with get_dir(testdir) as dname:
502 acl2 = posix1e.ACL(file=fname)
508 class TestModification:
509 """ACL modification tests"""
511 def checkRef(self, obj):
512 """Checks if a given obj has a 'sane' refcount"""
513 if platform.python_implementation() == "PyPy":
515 ref_cnt = sys.getrefcount(obj)
516 # FIXME: hardcoded value for the max ref count... but I've
517 # seen it overflow on bad reference counting, so it's better
519 if ref_cnt < 2 or ref_cnt > 1024:
520 pytest.fail("Wrong reference count, expected 2-1024 and got %d" %
524 """Test str() of an ACL."""
525 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
527 self.checkRef(str_acl)
529 def test_append(self):
530 """Test append a new Entry to the ACL"""
533 e.tag_type = posix1e.ACL_OTHER
534 ignore_ioerror(errno.EINVAL, acl.calc_mask)
536 self.checkRef(str_format)
538 ignore_ioerror(errno.EINVAL, acl.calc_mask)
539 assert not acl.valid()
541 def test_wrong_append(self):
542 """Test append a new Entry to the ACL based on wrong object type"""
544 with pytest.raises(TypeError):
547 def test_entry_creation(self):
549 e = posix1e.Entry(acl)
550 ignore_ioerror(errno.EINVAL, acl.calc_mask)
552 self.checkRef(str_format)
554 def test_entry_failed_creation(self):
555 # Checks for partial initialisation and deletion on error
557 with pytest.raises(TypeError):
558 posix1e.Entry(object())
560 def test_entry_reinitialisations(self):
565 with pytest.raises(ValueError, match="different parent"):
569 def test_entry_reinit_leaks_refcount(self):
572 ref = sys.getrefcount(acl)
574 assert ref == sys.getrefcount(acl), "Uh-oh, ref leaks..."
576 def test_delete(self):
577 """Test delete Entry from the ACL"""
580 e.tag_type = posix1e.ACL_OTHER
581 ignore_ioerror(errno.EINVAL, acl.calc_mask)
583 ignore_ioerror(errno.EINVAL, acl.calc_mask)
585 def test_double_delete(self):
586 """Test delete Entry from the ACL"""
587 # This is not entirely valid/correct, since the entry object
588 # itself is invalid after the first deletion, so we're
589 # actually testing deleting an invalid object, not a
590 # non-existing entry...
593 e.tag_type = posix1e.ACL_OTHER
594 ignore_ioerror(errno.EINVAL, acl.calc_mask)
596 ignore_ioerror(errno.EINVAL, acl.calc_mask)
597 with pytest.raises(EnvironmentError):
600 def test_delete_unowned(self):
601 """Test delete Entry from the ACL"""
605 e.tag_type = posix1e.ACL_OTHER
606 with pytest.raises(ValueError, match="un-owned entry"):
609 # This currently fails as this deletion seems to be accepted :/
610 @pytest.mark.xfail(reason="Entry deletion is unreliable")
611 def testDeleteInvalidEntry(self):
612 """Test delete foreign Entry from the ACL"""
616 e.tag_type = posix1e.ACL_OTHER
617 ignore_ioerror(errno.EINVAL, acl1.calc_mask)
618 with pytest.raises(EnvironmentError):
621 def test_delete_invalid_object(self):
622 """Test delete a non-Entry from the ACL"""
624 with pytest.raises(TypeError):
625 acl.delete_entry(object())
627 def test_double_entries(self):
628 """Test double entries"""
629 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
631 for tag_type in (posix1e.ACL_USER_OBJ, posix1e.ACL_GROUP_OBJ,
634 e.tag_type = tag_type
636 assert not acl.valid(), ("ACL containing duplicate entries"
637 " should not be valid")
640 def test_multiple_good_entries(self):
641 """Test multiple valid entries"""
642 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
644 for tag_type in (posix1e.ACL_USER,
646 for obj_id in range(5):
648 e.tag_type = tag_type
652 assert acl.valid(), ("ACL should be able to hold multiple"
653 " user/group entries")
655 def test_multiple_bad_entries(self):
656 """Test multiple invalid entries"""
657 for tag_type in (posix1e.ACL_USER,
659 acl = posix1e.ACL(text=BASIC_ACL_TEXT)
662 e1.tag_type = tag_type
666 assert acl.valid(), ("ACL should be able to add a"
669 e2.tag_type = tag_type
672 ignore_ioerror(errno.EINVAL, acl.calc_mask)
673 assert not acl.valid(), ("ACL should not validate when"
674 " containing two duplicate entries")
676 # FreeBSD trips over itself here and can't delete the
677 # entry, even though it still exists.
678 ignore_ioerror(errno.EINVAL, acl.delete_entry, e2)
683 e1.tag_type = ACL_USER
689 e2.tag_type = ACL_GROUP
696 assert e1.tag_type == e2.tag_type
698 def test_copy_wrong_arg(self):
701 with pytest.raises(TypeError):
704 def test_set_permset(self):
707 e1.tag_type = ACL_USER
713 e2.tag_type = ACL_GROUP
719 assert e2.permset.write
720 assert e2.tag_type == ACL_GROUP
722 def test_set_permset_wrong_arg(self):
725 with pytest.raises(TypeError):
728 def test_permset_creation(self):
735 def test_permset_creation_wrong_arg(self):
736 with pytest.raises(TypeError):
739 def test_permset_reinitialisations(self):
745 with pytest.raises(ValueError, match="different parent"):
749 def test_permset_reinit_leaks_refcount(self):
753 ref = sys.getrefcount(e)
755 assert ref == sys.getrefcount(e), "Uh-oh, ref leaks..."
757 def test_permset(self):
758 """Test permissions"""
764 self.checkRef(str_ps)
765 for perm in PERMSETS:
767 txt = PERMSETS[perm][0]
768 self.checkRef(str_ps)
769 assert not ps.test(perm), ("Empty permission set should not"
770 " have permission '%s'" % txt)
772 assert ps.test(perm), ("Permission '%s' should exist"
773 " after addition" % txt)
775 self.checkRef(str_ps)
777 assert not ps.test(perm), ("Permission '%s' should not exist"
778 " after deletion" % txt)
780 def test_permset_via_accessors(self):
781 """Test permissions"""
787 self.checkRef(str_ps)
789 return PERMSETS[perm][1].__get__(ps)
790 def setter(parm, value):
791 return PERMSETS[perm][1].__set__(ps, value)
792 for perm in PERMSETS:
794 self.checkRef(str_ps)
795 txt = PERMSETS[perm][0]
796 assert not getter(perm), ("Empty permission set should not"
797 " have permission '%s'" % txt)
799 assert ps.test(perm), ("Permission '%s' should exist"
800 " after addition" % txt)
801 assert getter(perm), ("Permission '%s' should exist"
802 " after addition" % txt)
804 self.checkRef(str_ps)
806 assert not ps.test(perm), ("Permission '%s' should not exist"
807 " after deletion" % txt)
808 assert not getter(perm), ("Permission '%s' should not exist"
809 " after deletion" % txt)
811 def test_permset_invalid_type(self):
816 with pytest.raises(TypeError):
818 with pytest.raises(TypeError):
820 with pytest.raises(TypeError):
822 with pytest.raises(ValueError):
825 def test_qualifier_values(self):
826 """Tests qualifier correct store/retrieval"""
829 # work around deprecation warnings
830 for tag in [posix1e.ACL_USER, posix1e.ACL_GROUP]:
834 if tag == posix1e.ACL_USER:
835 regex = re.compile("user with uid %d" % qualifier)
837 regex = re.compile("group with gid %d" % qualifier)
839 e.qualifier = qualifier
840 except OverflowError:
841 # reached overflow condition, break
843 assert e.qualifier == qualifier
844 assert regex.search(str(e)) is not None
847 def test_qualifier_overflow(self):
848 """Tests qualifier overflow handling"""
851 qualifier = sys.maxsize * 2
852 for tag in [posix1e.ACL_USER, posix1e.ACL_GROUP]:
854 with pytest.raises(OverflowError):
855 e.qualifier = qualifier
857 def test_negative_qualifier(self):
858 """Tests negative qualifier handling"""
859 # Note: this presumes that uid_t/gid_t in C are unsigned...
862 for tag in [posix1e.ACL_USER, posix1e.ACL_GROUP]:
864 for qualifier in [-10, -5, -1]:
865 with pytest.raises(OverflowError):
866 e.qualifier = qualifier
868 def test_invalid_qualifier(self):
869 """Tests invalid qualifier handling"""
872 with pytest.raises(TypeError):
873 e.qualifier = object()
874 with pytest.raises((TypeError, AttributeError)):
877 def test_qualifier_on_wrong_tag(self):
878 """Tests qualifier setting on wrong tag"""
881 e.tag_type = posix1e.ACL_OTHER
882 with pytest.raises(TypeError):
884 with pytest.raises(TypeError):
887 @pytest.mark.parametrize("tag", ALL_TAG_VALUES, ids=ALL_TAG_DESCS)
888 def test_tag_types(self, tag):
889 """Tests tag type correct set/get"""
893 assert e.tag_type == tag
894 # check we can show all tag types without breaking
897 @pytest.mark.parametrize("src_tag", ALL_TAG_VALUES, ids=ALL_TAG_DESCS)
898 @pytest.mark.parametrize("dst_tag", ALL_TAG_VALUES, ids=ALL_TAG_DESCS)
899 def test_tag_overwrite(self, src_tag, dst_tag):
900 """Tests tag type correct set/get"""
904 assert e.tag_type == src_tag
907 assert e.tag_type == dst_tag
910 def test_invalid_tags(self):
911 """Tests tag type incorrect set/get"""
914 with pytest.raises(TypeError):
915 e.tag_type = object()
916 e.tag_type = posix1e.ACL_USER_OBJ
917 # For some reason, PyPy raises AttributeError. Strange...
918 with pytest.raises((TypeError, AttributeError)):
921 def test_tag_wrong_overwrite(self):
924 e.tag_type = posix1e.ACL_USER_OBJ
925 tag = max(ALL_TAG_VALUES) + 1
926 with pytest.raises(EnvironmentError):
928 # Check tag is still valid.
929 assert e.tag_type == posix1e.ACL_USER_OBJ
931 if __name__ == "__main__":