Iustin Pop [Mon, 24 Apr 2023 20:04:50 +0000 (22:04 +0200)]
Fix acl_copy_int test naming and unhide a test
All the tests were actually exercising `acl_copy_int()`, only the
feature flag is called ACL_COPY_EXT. Additionally, two separate tests
had sane function name, which was hiding the first of them.
Iustin Pop [Mon, 24 Apr 2023 20:00:13 +0000 (22:00 +0200)]
Fix yet another acl_copy_int test that is causing segfaults
Version 0.7.0 broken in Debian on the s390x architecture, but not due
to the recently introduced tests, but a much older one. This didn't
break before because tests were broken on Debian (sigh again), which
hid the problem.
In order to make this in general more consistent, abstract the
"generate an invalid but safe(ish) external representation" and reuse
that in all the tests that cause, directly or indirectly, a call to
acl_copy_int().
Iustin Pop [Sat, 22 Apr 2023 20:56:34 +0000 (22:56 +0200)]
Modernise the tp_dealloc functions
While in Python 2.7, it was recommended to explicitly check for
errors, and only do the save exception/restore exception dance, modern
Python documentation says to always do this, unconditionally. For
example, in
https://docs.python.org/3.11/extending/newtypes.html#finalization-and-de-allocation.
So let's switch to this, and to the more proper deallocation using the
tp_free member - not because these are subclassable types, but because
the initialisation is also done using tp_alloc, so consistency++.
Iustin Pop [Sat, 22 Apr 2023 00:20:16 +0000 (02:20 +0200)]
Rework how acl __setstate__ handles some errors
This resolves the very old comment 'Should we ignore errors'. Upon
more thinking, yes, ignoring errors is better, and the way the code
was, it contained a memory leak (on a very unlikely path).
So rework it to ignore errors in freeing the old ACL, since we don't
care about the old ACL, and the new one is successfully allocated.
Iustin Pop [Sat, 22 Apr 2023 00:12:17 +0000 (02:12 +0200)]
Try to make the acl_copy_ext_failure test better behaved
Sigh, this is really not a good test, but it does show the
deficiencies in the C library - I learned that users can trivially
shoot themselves in the foot and cause segfaults.
Iustin Pop [Sun, 16 Apr 2023 23:31:41 +0000 (01:31 +0200)]
Add gcov exclusion patterns for hard-to-test error paths
I don't know how to force failures, and in most normal code, these
error paths should not happen, since the rest of the code is well
behaved. As such, I'm adding exclusion markers, for C function
failures.
Iustin Pop [Sun, 16 Apr 2023 19:30:05 +0000 (21:30 +0200)]
Restore the CI environment
This is a bulk change that tries to bring up the CI environment back
to health. It does:
- switch to newer Python versions (3.7+ only)
- switch to current codecov action
- drops no-longer-supported codecov-results-as-artifact storage
- install dependencies for, and build documentation (as validation
step during the build, not to use the result)
Hopefully this will allow again CI to run correctly.
Iustin Pop [Sun, 6 Dec 2020 13:56:45 +0000 (14:56 +0100)]
Test 'filedef' arguments for all supported types
Support for unicode/bytes/path objects for filedef was introduced way
back in 707c0d4a, but was not tested across all of these. Let's test
all of these.
Iustin Pop [Fri, 19 Jun 2020 22:47:09 +0000 (00:47 +0200)]
Remove the PyType_Type assignments to _Type objects
Newer docs (since 3.5, which is what Travis tests) don't have this
anymore, only tp_new setting. tp_new is set directly in the type
objects, so it looks like this is not needed anymore. And it should
fix nightly testing, hopefully.
Iustin Pop [Mon, 16 Dec 2019 23:52:42 +0000 (00:52 +0100)]
Fix bug in ACL(filedef=...) constructor
Only found by python3.7-dgb, the 3.8 one ignored this. 'path' is a
'char*', we can't decref it, the proper one to decref is the actual
filedef PyBytes object.
Iustin Pop [Wed, 11 Dec 2019 20:40:37 +0000 (21:40 +0100)]
Tests: replace two mode= uses with text=
The text=… argument is supported more widely (e.g. FreeBSD doesn't
support mode), so let's use that in tests for better coverage on
multiple platforms.
Iustin Pop [Wed, 11 Dec 2019 20:30:12 +0000 (21:30 +0100)]
Remove obsolete check for non-initialised Entry
Today, objects are always initialised, so this check is superfluous,
and the get_tag_qualifier will properly handle errors from acl_*
functions, so even if that invariant is actually violated, this will
not lead to undefined behaviour.
Iustin Pop [Tue, 3 Dec 2019 23:50:57 +0000 (00:50 +0100)]
Fix from_acl tests for non-Linux platforms
FreeBSD doesn't have acl_cmp, so comparison via rich compare is not
defined, thus all comparisons are False. Fix tests so the equality
check is only done on Linux, and add a poor man's test via string
representation equality.
Iustin Pop [Tue, 3 Dec 2019 23:35:33 +0000 (00:35 +0100)]
Change entry qualifier set/get behaviour
This was intended to address #13, but investigation found out more
breakage than just that. It's hard to make overflow/underflow tests
without assuming the signedness of the uid_t/gid_t types, so
assume/require that they're unsigned (it is true with glibc, MacOS and
FreeBSD) and use this to improve the behaviour:
- Fix setting very large qualifiers, both in the sense of correctly
reporting overflow when too large, and not longer falsely reporting
overflow for larger than signed max but smaller than unsigned max;
- Fix returning very large (larger than signed max value) qualifiers;
Iustin Pop [Fri, 29 Nov 2019 18:55:09 +0000 (19:55 +0100)]
Add stub type hints - even if not working
Apparently PEP561 only addresses packages, not modules, and somewhat
dismissively says: "code should be refactored into a package-based
distribution and indicate that the package supports typing as
described above".
Well, locally I can use it, so let's add the stub. Will see later if
it can be used somehow.
Iustin Pop [Fri, 29 Nov 2019 14:42:42 +0000 (15:42 +0100)]
Switch ACL to be always-initialised
This is the last object to change, but the semantics here are more
complex. Since the ACL doesn't have a parent, and the init signature
is complex, we can't detect "same-reinit", we allow arbitrary-reinit,
but this makes existing live entries be undefined; they might point to
a different entry in the new ACL, or not be valid, etc.
It could be possible to prevent re-init, but doing so requires
trickery which might be broken by serialisation, so let's just leave
it there and document it as such.
Iustin Pop [Fri, 29 Nov 2019 13:54:23 +0000 (14:54 +0100)]
Stop duplicating permset initialisation
A permset can be initalised either via `__init__ ` or by getting
`parent.permset` getter. The latter duplicates the logic in the
former, which is not good as hacks into the internals of the permset.
Remove the duplication by just calling explicitly permset(self) and
returning the value of it.
Iustin Pop [Fri, 29 Nov 2019 13:28:06 +0000 (14:28 +0100)]
Change Entry initialisation protocol
This fixes very large and significant bugs - segfaults and memory
leaks - that were present for uninitialised object, more precisely
created but not init'ed ones.
I spent quite a bit of time thinking back on forth how to fix this,
and from the two options of:
- check initialised status on all code paths, or
- don't ever allow invalid/un-initialised objects
The latter one seems the correct one, even though the Python C API
docs imply that doing actual stuff in `__new__` should be "rare".
Tests for reference leaks and wrong re-init added as well; these would
have caught at least memory leaks before.