posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr

Adding support for two virtual extended attributes that are used for
converting a binary POSIX ACL to a POSIX.1e long ACL text format. This
makes it possible to transfer the ACL over the network to a different OS
which can convert the POSIX.1e text format to its native structures.

The following xattrs are sent over RPC in SETXATTR/GETXATTR procedures,
and contain the POSIX.1e long ACL text format:

- glusterfs.posix.acl: maps to ACL_TYPE_ACCESS
- glusterfs.posix.default_acl: maps to ACL_TYPE_DEFAULT

acl_from_text() (from libacl) converts the text format into an acl_t
structure. This structure is then used by acl_set_file() to set the ACL
in the filesystem.

libacl-devel is needed for linking against libacl, so it has been added
to the BuildRequires in the .spec.

NetBSD does not support POSIX ACLs. Trying to get/set POSIX ACLs on a
storage server running NetBSD, an error will be returned with errno set
to ENOTSUP. Faking support, but not enforcing ACLs seems wrong to me.

URL: http://www.gluster.org/community/documentation/index.php/Features/Improved_POSIX_ACLs
BUG: 1185654
Change-Id: Ic5eb73d69190d3492df2f711d0436775eeea7de3
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9627
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: soumya k <skoduri@redhat.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>

1 files changed, 63 insertions, 0 deletions

diff --git a/libglusterfs/src/glusterfs-acl.h b/libglusterfs/src/glusterfs-acl.h
index 174c16dd9f5..55f94ff0509 100644
--- a/libglusterfs/src/glusterfs-acl.h
+++ b/libglusterfs/src/glusterfs-acl.h
@@ -11,6 +11,17 @@
 #ifndef _GLUSTERFS_ACL_H
 #define _GLUSTERFS_ACL_H
 
+
+/* WARNING: Much if this code is restricted to Linux usage.
+ *
+ * It would be much cleaner to replace the code with something that is based on
+ * libacl (or its libc implementation on *BSD).
+ *
+ * Initial work for replacing this Linux specific implementation has been
+ * started as part of the "Improve POSIX ACLs" feature. Functionality for this
+ * feature has been added to the end of this file.
+ */
+
 #include <stdint.h>
 #include <sys/types.h> /* For uid_t */
 
@@ -99,4 +110,56 @@ struct posix_acl_conf {
         struct posix_acl *minimal_acl;
 };
 
+
+/* Above this comment, the legacy POSIX ACL support is kept until it is not
+ * used anymore. Below you will find the more portable version to support POSIX
+ * ACls based on the implementation of libacl (see sys/acl.h). */
+
+/* virtual xattrs passed over RPC, not stored on disk */
+#define GF_POSIX_ACL_ACCESS       "glusterfs.posix.acl"
+#define GF_POSIX_ACL_DEFAULT      "glusterfs.posix.default_acl"
+#define GF_POSIX_ACL_REQUEST(key) \
+        (!strncmp(key, GF_POSIX_ACL_ACCESS, strlen(GF_POSIX_ACL_ACCESS)) || \
+         !strncmp(key, GF_POSIX_ACL_DEFAULT, strlen(GF_POSIX_ACL_DEFAULT)))
+
+#ifdef HAVE_SYS_ACL_H /* only NetBSD does not support POSIX ACLs */
+
+#include <sys/acl.h>
+
+static inline const char*
+gf_posix_acl_get_key (const acl_type_t type)
+{
+        char *acl_key = NULL;
+
+        switch (type) {
+        case ACL_TYPE_ACCESS:
+                acl_key = GF_POSIX_ACL_ACCESS;
+                break;
+        case ACL_TYPE_DEFAULT:
+                acl_key = GF_POSIX_ACL_DEFAULT;
+                break;
+        default:
+                errno = EINVAL;
+        }
+
+        return acl_key;
+}
+
+static inline const acl_type_t
+gf_posix_acl_get_type (const char *key)
+{
+        acl_type_t type = 0;
+
+        if (!strncmp (key, GF_POSIX_ACL_ACCESS, strlen (GF_POSIX_ACL_ACCESS)))
+                type = ACL_TYPE_ACCESS;
+        else if (!strncmp (key, GF_POSIX_ACL_DEFAULT,
+                           strlen (GF_POSIX_ACL_DEFAULT)))
+                type = ACL_TYPE_DEFAULT;
+        else
+                errno = EINVAL;
+
+        return type;
+}
+
+#endif /* HAVE_SYS_ACL_H */
 #endif /* _GLUSTERFS_ACL_H */