diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-02-10 19:13:35 +0100 |
---|---|---|
committer | Raghavendra Bhat <raghavendra@redhat.com> | 2015-03-09 13:53:00 -0700 |
commit | 72dc1025dc17a650f3838223c78e3205132deba9 (patch) | |
tree | 077be9e3b9113489b970a055d0b5bda0c9d643ad /libglusterfs | |
parent | 7d3f27d4c9421c976eec3a39004e84bad20586d7 (diff) |
posix: add ACL translation for the GF_POSIX_ACL_*_KEY xattr
Adding support for two virtual extended attributes that are used for
converting a binary POSIX ACL to a POSIX.1e long ACL text format. This
makes it possible to transfer the ACL over the network to a different OS
which can convert the POSIX.1e text format to its native structures.
The following xattrs are sent over RPC in SETXATTR/GETXATTR procedures,
and contain the POSIX.1e long ACL text format:
- glusterfs.posix.acl: maps to ACL_TYPE_ACCESS
- glusterfs.posix.default_acl: maps to ACL_TYPE_DEFAULT
acl_from_text() (from libacl) converts the text format into an acl_t
structure. This structure is then used by acl_set_file() to set the ACL
in the filesystem.
libacl-devel is needed for linking against libacl, so it has been added
to the BuildRequires in the .spec.
NetBSD does not support POSIX ACLs. Trying to get/set POSIX ACLs on a
storage server running NetBSD, an error will be returned with errno set
to ENOTSUP. Faking support, but not enforcing ACLs seems wrong to me.
URL: http://www.gluster.org/community/documentation/index.php/Features/Improved_POSIX_ACLs
BUG: 1185654
Change-Id: Ic5eb73d69190d3492df2f711d0436775eeea7de3
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9627
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: soumya k <skoduri@redhat.com>
Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
Diffstat (limited to 'libglusterfs')
-rw-r--r-- | libglusterfs/src/glusterfs-acl.h | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/libglusterfs/src/glusterfs-acl.h b/libglusterfs/src/glusterfs-acl.h index 174c16dd9f5..55f94ff0509 100644 --- a/libglusterfs/src/glusterfs-acl.h +++ b/libglusterfs/src/glusterfs-acl.h @@ -11,6 +11,17 @@ #ifndef _GLUSTERFS_ACL_H #define _GLUSTERFS_ACL_H + +/* WARNING: Much if this code is restricted to Linux usage. + * + * It would be much cleaner to replace the code with something that is based on + * libacl (or its libc implementation on *BSD). + * + * Initial work for replacing this Linux specific implementation has been + * started as part of the "Improve POSIX ACLs" feature. Functionality for this + * feature has been added to the end of this file. + */ + #include <stdint.h> #include <sys/types.h> /* For uid_t */ @@ -99,4 +110,56 @@ struct posix_acl_conf { struct posix_acl *minimal_acl; }; + +/* Above this comment, the legacy POSIX ACL support is kept until it is not + * used anymore. Below you will find the more portable version to support POSIX + * ACls based on the implementation of libacl (see sys/acl.h). */ + +/* virtual xattrs passed over RPC, not stored on disk */ +#define GF_POSIX_ACL_ACCESS "glusterfs.posix.acl" +#define GF_POSIX_ACL_DEFAULT "glusterfs.posix.default_acl" +#define GF_POSIX_ACL_REQUEST(key) \ + (!strncmp(key, GF_POSIX_ACL_ACCESS, strlen(GF_POSIX_ACL_ACCESS)) || \ + !strncmp(key, GF_POSIX_ACL_DEFAULT, strlen(GF_POSIX_ACL_DEFAULT))) + +#ifdef HAVE_SYS_ACL_H /* only NetBSD does not support POSIX ACLs */ + +#include <sys/acl.h> + +static inline const char* +gf_posix_acl_get_key (const acl_type_t type) +{ + char *acl_key = NULL; + + switch (type) { + case ACL_TYPE_ACCESS: + acl_key = GF_POSIX_ACL_ACCESS; + break; + case ACL_TYPE_DEFAULT: + acl_key = GF_POSIX_ACL_DEFAULT; + break; + default: + errno = EINVAL; + } + + return acl_key; +} + +static inline const acl_type_t +gf_posix_acl_get_type (const char *key) +{ + acl_type_t type = 0; + + if (!strncmp (key, GF_POSIX_ACL_ACCESS, strlen (GF_POSIX_ACL_ACCESS))) + type = ACL_TYPE_ACCESS; + else if (!strncmp (key, GF_POSIX_ACL_DEFAULT, + strlen (GF_POSIX_ACL_DEFAULT))) + type = ACL_TYPE_DEFAULT; + else + errno = EINVAL; + + return type; +} + +#endif /* HAVE_SYS_ACL_H */ #endif /* _GLUSTERFS_ACL_H */ |