Skip to content

Commit

Permalink
Add test suite for validating NFSv4.1 ACLs
Browse files Browse the repository at this point in the history
This commit adds test suite for NFSv4.1 ACLS. The test suite uses
libzfsacl python bindings to validate functionality of NFS ACLs.

The test suite validates the basic behavior of ACLs by verifying
default ACEs and then moves to testing all the flags and
permissions for deny and allow permissions.

Test suite also verifies that allow ACEs don't work without
setting the specific permission flag, i.e. to perform an operation,
it's permission is required. Similarly, test suite also verifies
that allow ACE for a specific permission only allows that
perticular permission and user does not have access to other
permissions.

Signed-off-by: Umer Saleem <[email protected]>
  • Loading branch information
usaleem-ix committed Jan 12, 2024
1 parent 812b22d commit 2116dfc
Show file tree
Hide file tree
Showing 14 changed files with 1,668 additions and 4 deletions.
1 change: 1 addition & 0 deletions contrib/debian/openzfs-python3-libzfsacl.install.in
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
usr/lib/python3/dist-packages/libzfsacl-*.egg-info
usr/lib/python3/dist-packages/libzfsacl.cpython-*.so
usr/lib/python3/dist-packages/zfsacltests
lib/@DEB_HOST_MULTIARCH@/libzfsacl.so.*
lib/@DEB_HOST_MULTIARCH@/libsunacl.so.*
3 changes: 2 additions & 1 deletion lib/libzfsacl/Makefile.am
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
dist_noinst_DATA += \
%D%/libpyzfsacl.c
%D%/libpyzfsacl.c \
%D%/zfsacltests

SUBSTFILES += %D%/setup.py

Expand Down
5 changes: 3 additions & 2 deletions lib/libzfsacl/setup.py.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,9 @@ setup(
version='@VERSION@',
description='ACL wrapper library for acessing NFSv4 ACLs on Linux/FreeBSD',
ext_modules=[libzfsacl_mod],
packages=find_packages(where=srcdir),
package_dir={"": os.path.relpath(srcdir)},
packages=find_packages(where=srcdir) + ['zfsacltests'],
package_dir={"": os.path.relpath(srcdir),
"zfsacltests": os.path.relpath(srcdir) + '/zfsacltests'},
include_package_data=True,
python_requires='>=3.6,<4',
zip_safe=False,
Expand Down
1 change: 1 addition & 0 deletions lib/libzfsacl/zfsacl/libzfsacl_impl_linux.c
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,7 @@ zfsacl_create_aclentry(zfsacl_t _acl, int _idx, zfsacl_entry_t *_pentry)
errno = ENOMEM;
return (B_FALSE);
}
_acl->aclbuf = (uint_t *)_tmp;
_acl->aclbuf_size = new_size;
assert(new_size == (acl_size + ACE4_SZ));
memset(_acl->aclbuf + (new_size - ACE4_SZ), 0, ACE4_SZ);
Expand Down
Empty file.
1,520 changes: 1,520 additions & 0 deletions lib/libzfsacl/zfsacltests/test_nfsv4acl.py

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions rpm/generic/zfs.spec.in
Original file line number Diff line number Diff line change
Expand Up @@ -612,5 +612,6 @@ systemctl --system daemon-reload >/dev/null || true
%files -n python%{__python_pkg_version}-libzfsacl
%{__python_sitelib}/libzfsacl-*/*
%{__python_sitelib}/libzfsacl.cpython*.so
%{__python_sitelib}/zfsacltests/*
%{_libdir}/libzfsacl.so.*
%{_libdir}/libsunacl.so.*
4 changes: 4 additions & 0 deletions tests/runfiles/common.run
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ failsafe = callbacks/zfs_failsafe
outputdir = /var/tmp/test_results
tags = ['functional']

[tests/functional/acl/nfsv4]
tests = ['nfsacl_001']
tags = ['functional', 'acl', 'nfsv4']

[tests/functional/acl/off]
tests = ['dosmode', 'posixmode']
tags = ['functional', 'acl']
Expand Down
4 changes: 4 additions & 0 deletions tests/runfiles/sanity.run
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ failsafe = callbacks/zfs_failsafe
outputdir = /var/tmp/test_results
tags = ['functional']

[tests/functional/acl/nfsv4]
tests = ['nfsacl_001']
tags = ['functional', 'acl', 'nfsv4']

[tests/functional/acl/off]
tests = ['posixmode']
tags = ['functional', 'acl']
Expand Down
5 changes: 4 additions & 1 deletion tests/zfs-tests/tests/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ regen:
nobase_nodist_datadir_zfs_tests_tests_DATA = \
functional/pam/utilities.kshlib
nobase_nodist_datadir_zfs_tests_tests_SCRIPTS = \
functional/pyzfs/pyzfs_unittest.ksh
functional/pyzfs/pyzfs_unittest.ksh \
functional/acl/nfsv4/nfsacl_001.ksh

SUBSTFILES += $(nobase_nodist_datadir_zfs_tests_tests_DATA) $(nobase_nodist_datadir_zfs_tests_tests_SCRIPTS)

Expand Down Expand Up @@ -390,6 +391,8 @@ nobase_dist_datadir_zfs_tests_tests_DATA += \
functional/idmap_mount/idmap_mount_common.kshlib

nobase_dist_datadir_zfs_tests_tests_SCRIPTS += \
functional/acl/nfsv4/cleanup.ksh \
functional/acl/nfsv4/setup.ksh \
functional/acl/off/cleanup.ksh \
functional/acl/off/dosmode.ksh \
functional/acl/off/posixmode.ksh \
Expand Down
1 change: 1 addition & 0 deletions tests/zfs-tests/tests/functional/acl/nfsv4/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
nfsacl_001.ksh
37 changes: 37 additions & 0 deletions tests/zfs-tests/tests/functional/acl/nfsv4/cleanup.ksh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or https://opensource.org/licenses/CDDL-1.0.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2023 iXsystems, Inc. All rights reserved.
# Use is subject to license terms.
#

. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/acl/acl_common.kshlib

cleanup_user_group

default_cleanup

if is_freebsd; then
mv /usr/bin/fortune_bak /usr/bin/fortune
fi
39 changes: 39 additions & 0 deletions tests/zfs-tests/tests/functional/acl/nfsv4/nfsacl_001.ksh.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
#!/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or https://opensource.org/licenses/CDDL-1.0.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2023 iXsystems, Inc. All rights reserved.
# Use is subject to license terms.
#

. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/acl/acl_common.kshlib

verify_runnable "global"
log_assert "Verify NFSv4 ACLs behave correctly"

@PYTHON@ -m unittest --verbose zfsacltests.test_nfsv4acl
if [ $? -ne 0 ]; then
log_fail "NFSv4.1 ACL tests completed with errors"
fi

log_pass "NFSv4.1 ACL tests completed without errors"
51 changes: 51 additions & 0 deletions tests/zfs-tests/tests/functional/acl/nfsv4/setup.ksh
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or https://opensource.org/licenses/CDDL-1.0.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#

#
# Copyright 2023 iXsystems, Inc. All rights reserved.
# Use is subject to license terms.
#

. $STF_SUITE/include/libtest.shlib
. $STF_SUITE/tests/functional/acl/acl_common.kshlib

cleanup_user_group

# Create staff group and add user to it
log_must add_group $ZFS_ACL_STAFF_GROUP
log_must add_user $ZFS_ACL_STAFF_GROUP $ZFS_ACL_STAFF1
log_must add_user $ZFS_ACL_STAFF_GROUP $ZFS_ACL_STAFF2

if is_freebsd; then
mv /usr/bin/fortune /usr/bin/fortune_bak
cp /usr/bin/true /usr/bin/fortune
fi

DISK=${DISKS%% *}
default_setup_noexit $DISK
log_must chmod 777 $TESTDIR

# Use NFSv4 ACLs on filesystem
log_must zfs set acltype=nfsv4 $TESTPOOL
log_must zfs set acltype=nfsv4 $TESTPOOL/$TESTFS

log_pass

0 comments on commit 2116dfc

Please sign in to comment.