static void nfs4_acls_test(void) { int i = 0; fsal_acl_data_t acldata, acldata2; fsal_ace_t *ace = NULL; fsal_acl_t *acl = NULL; fsal_acl_status_t status; acldata.naces = 3; acldata.aces = nfs4_ace_alloc(3); LogDebug(COMPONENT_NFS_V4_ACL, "acldata.aces = %p", acldata.aces); ace = acldata.aces; for (i = 0; i < 3; i++) { ace->type = i; ace->perm = i; ace->flag = i; ace->who.uid = i; ace++; } acl = nfs4_acl_new_entry(&acldata, &status); PTHREAD_RWLOCK_rdlock(&acl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "acl = %p, ref = %u, status = %u", acl, acl->ref, status); PTHREAD_RWLOCK_unlock(&acl->lock); acldata2.naces = 3; acldata2.aces = nfs4_ace_alloc(3); LogDebug(COMPONENT_NFS_V4_ACL, "acldata2.aces = %p", acldata2.aces); ace = acldata2.aces; for (i = 0; i < 3; i++) { ace->type = i; ace->perm = i; ace->flag = i; ace->who.uid = i; ace++; } acl = nfs4_acl_new_entry(&acldata2, &status); PTHREAD_RWLOCK_rdlock(&acl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "re-access: acl = %p, ref = %u, status = %u", acl, acl->ref, status); PTHREAD_RWLOCK_unlock(&acl->lock); nfs4_acl_release_entry(acl, &status); PTHREAD_RWLOCK_rdlock(&acl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "release: acl = %p, ref = %u, status = %u", acl, acl->ref, status); PTHREAD_RWLOCK_unlock(&acl->lock); nfs4_acl_release_entry(acl, &status); }
/* Covert GPFS NFS4 ACLs to FSAL ACLs, and set the ACL * pointer of attribute. */ static int gpfs_acl_2_fsal_acl(struct attrlist * p_object_attributes, gpfs_acl_t *p_gpfsacl) { fsal_acl_status_t status; fsal_acl_data_t acldata; fsal_ace_t *pace; fsal_acl_t *pacl; gpfs_ace_v4_t *pace_gpfs; /* sanity checks */ if(!p_object_attributes || !p_gpfsacl) return ERR_FSAL_FAULT; /* Create fsal acl data. */ acldata.naces = p_gpfsacl->acl_nace; acldata.aces = (fsal_ace_t *)nfs4_ace_alloc(acldata.naces); /* Fill fsal acl data from gpfs acl. */ for(pace = acldata.aces, pace_gpfs = p_gpfsacl->ace_v4; pace < acldata.aces + acldata.naces; pace++, pace_gpfs++) { pace->type = pace_gpfs->aceType; pace->flag = pace_gpfs->aceFlags; pace->iflag = pace_gpfs->aceIFlags; pace->perm = pace_gpfs->aceMask; if(IS_FSAL_ACE_SPECIAL_ID(*pace)) /* Record special user. */ { pace->who.uid = pace_gpfs->aceWho; } else { if(IS_FSAL_ACE_GROUP_ID(*pace)) /* Record group. */ pace->who.gid = pace_gpfs->aceWho; else /* Record user. */ pace->who.uid = pace_gpfs->aceWho; } LogDebug(COMPONENT_FSAL, "gpfs_acl_2_fsal_acl: fsal ace: type = 0x%x, flag = 0x%x, perm = 0x%x, special = %d, %s = 0x%x", pace->type, pace->flag, pace->perm, IS_FSAL_ACE_SPECIAL_ID(*pace), GET_FSAL_ACE_WHO_TYPE(*pace), GET_FSAL_ACE_WHO(*pace)); } /* Create a new hash table entry for fsal acl. */ pacl = nfs4_acl_new_entry(&acldata, &status); LogDebug(COMPONENT_FSAL, "fsal acl = %p, fsal_acl_status = %u", pacl, status); if(pacl == NULL) { LogCrit(COMPONENT_FSAL, "gpfs_acl_2_fsal_acl: failed to create a new acl entry"); return ERR_FSAL_FAULT; } /* Add fsal acl to attribute. */ p_object_attributes->acl = pacl; return ERR_FSAL_NO_ERROR; }
fsal_acl_t *lzfs_int_convert_lzfs_acl(const liz_acl_t *lzfs_acl) { fsal_acl_data_t acl_data; fsal_acl_status_t acl_status; fsal_acl_t *fsal_acl = NULL; if (!lzfs_acl) { return NULL; } acl_data.naces = liz_get_acl_size(lzfs_acl); acl_data.aces = (fsal_ace_t *)nfs4_ace_alloc(acl_data.naces); if (!acl_data.aces) { return NULL; } for (unsigned i = 0; i < acl_data.naces; ++i) { fsal_ace_t *fsal_ace = acl_data.aces + i; liz_acl_ace_t lzfs_ace; int rc = liz_get_acl_entry(lzfs_acl, i, &lzfs_ace); (void)rc; assert(rc == 0); fsal_ace->type = lzfs_ace.type; fsal_ace->flag = lzfs_ace.flags & 0xFF; fsal_ace->iflag = (lzfs_ace.flags & LIZ_ACL_SPECIAL_WHO) ? FSAL_ACE_IFLAG_SPECIAL_ID : 0; if (IS_FSAL_ACE_GROUP_ID(*fsal_ace)) { fsal_ace->who.gid = lzfs_ace.id; } else { fsal_ace->who.uid = lzfs_ace.id; } if (IS_FSAL_ACE_SPECIAL_ID(*fsal_ace)) { switch (lzfs_ace.id) { case LIZ_ACL_OWNER_SPECIAL_ID: fsal_ace->who.uid = FSAL_ACE_SPECIAL_OWNER; break; case LIZ_ACL_GROUP_SPECIAL_ID: fsal_ace->who.uid = FSAL_ACE_SPECIAL_GROUP; break; case LIZ_ACL_EVERYONE_SPECIAL_ID: fsal_ace->who.uid = FSAL_ACE_SPECIAL_EVERYONE; break; default: fsal_ace->who.uid = FSAL_ACE_NORMAL_WHO; LogWarn(COMPONENT_FSAL, "Invalid LizardFS ACE special id type (%u)", (unsigned)lzfs_ace.id); } } } fsal_acl = nfs4_acl_new_entry(&acl_data, &acl_status); LogDebug(COMPONENT_FSAL, "fsal acl = %p, fsal_acl_status = %u", fsal_acl, acl_status); return fsal_acl; }
/** * @brief Convert PanFS ACLs to FSAL ACLs * * @param[in] panacl Source PanFS ACL set * @param[in,out] attrib Target FSAL attribute list * @return FSAL Status */ static fsal_status_t panfs_acl_2_fsal_acl(struct pan_fs_acl_s *panacl, struct attrlist *attrib) { fsal_acl_status_t status; fsal_acl_data_t acldata; struct pan_fs_ace_s *panace; fsal_ace_t *ace = NULL; fsal_acl_t *acl = NULL; /* sanity checks */ if (!attrib || !panacl) return fsalstat(ERR_FSAL_FAULT, EFAULT); /* Count the number of aces */ acldata.naces = 0; for (panace = panacl->aces; panace < panacl->aces + panacl->naces; panace++) { if (panace_info_to_fsal_type(panace->info) == (uint32_t)-1) continue; acldata.naces++; } if (acldata.naces == 0) { /* No ACEs on this object */ FSAL_UNSET_MASK(attrib->mask, ATTR_ACL); attrib->acl = NULL; return fsalstat(ERR_FSAL_NO_ERROR, 0); } /* Create fsal acl data. */ acldata.aces = (fsal_ace_t *) nfs4_ace_alloc(acldata.naces); LogDebug(COMPONENT_FSAL, "Converting %u aces:", acldata.naces); ace = acldata.aces; for (panace = panacl->aces; panace < panacl->aces + panacl->naces; panace++) { ace->type = panace_info_to_fsal_type(panace->info); if (ace->type == (uint32_t)-1) continue; ace->flag = panace_info_to_fsal_flag(panace->info); ace->perm = panace_perm_to_fsal_perm(panace->permissions); panace_id_to_fsal_id(&panace->identity, ace); fsal_print_ace(COMPONENT_FSAL, NIV_DEBUG, ace); ace++; } /* Create a new hash table entry for fsal acl. */ acl = nfs4_acl_new_entry(&acldata, &status); if (!acl) return fsalstat(ERR_FSAL_FAULT, status); /* Add fsal acl to attribute. */ attrib->acl = acl; return fsalstat(ERR_FSAL_NO_ERROR, 0); }
static void nfs4_acls_test() { int i = 0; fsal_acl_data_t acldata; fsal_ace_t *pace = NULL; fsal_acl_t *pacl = NULL; fsal_acl_status_t status; acldata.naces = 3; acldata.aces = nfs4_ace_alloc(3); LogDebug(COMPONENT_NFS_V4_ACL, "&acldata.aces = %p", &acldata.aces); pace = acldata.aces; for(i = 0; i < 3; i++) { pace->type = i; pace->perm = i; pace->flag = i; pace->who.uid = i; pace++; } pacl = nfs4_acl_new_entry(&acldata, &status); nfs4_acl_entry_inc_ref(pacl); P_r(&pacl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "pacl = %p, ref = %u, status = %u", pacl, pacl->ref, status); V_r(&pacl->lock); pacl = nfs4_acl_new_entry(&acldata, &status); nfs4_acl_entry_inc_ref(pacl); P_r(&pacl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "re-access: pacl = %p, ref = %u, status = %u", pacl, pacl->ref, status); V_r(&pacl->lock); nfs4_acl_release_entry(pacl, &status); P_r(&pacl->lock); LogDebug(COMPONENT_NFS_V4_ACL, "release: pacl = %p, ref = %u, status = %u", pacl, pacl->ref, status); V_r(&pacl->lock); nfs4_acl_release_entry(pacl, &status); }
/* * Read the ACL in GlusterFS format and convert it into fsal ACL before * storing it in fsalattr */ fsal_status_t glusterfs_get_acl(struct glusterfs_export *glfs_export, struct glfs_object *glhandle, glusterfs_fsal_xstat_t *buffxstat, struct attrlist *fsalattr) { fsal_status_t status = { ERR_FSAL_NO_ERROR, 0 }; fsal_acl_data_t acldata; fsal_acl_status_t aclstatus; fsal_ace_t *pace = NULL; int e_count = 0, i_count = 0, new_count = 0, new_i_count = 0; if (fsalattr->acl != NULL) { /* We should never be passed attributes that have an * ACL attached, but just in case some future code * path changes that assumption, let's release the * old ACL properly. */ int acl_status; acl_status = nfs4_acl_release_entry(fsalattr->acl); if (acl_status != NFS_V4_ACL_SUCCESS) LogCrit(COMPONENT_FSAL, "Failed to release old acl, status=%d", acl_status); fsalattr->acl = NULL; } if (NFSv4_ACL_SUPPORT) { buffxstat->e_acl = glfs_h_acl_get(glfs_export->gl_fs->fs, glhandle, ACL_TYPE_ACCESS); if (!buffxstat->e_acl) { status = gluster2fsal_error(errno); return status; } e_count = ace_count(buffxstat->e_acl); if (buffxstat->is_dir) { buffxstat->i_acl = glfs_h_acl_get(glfs_export->gl_fs->fs, glhandle, ACL_TYPE_DEFAULT); i_count = ace_count(buffxstat->i_acl); } /* Allocating memory for both ALLOW and DENY entries */ acldata.naces = 2 * (e_count + i_count); LogDebug(COMPONENT_FSAL, "No of aces present in fsal_acl_t = %d" , acldata.naces); if (!acldata.naces) return status; FSAL_SET_MASK(buffxstat->attr_valid, XATTR_ACL); acldata.aces = (fsal_ace_t *) nfs4_ace_alloc(acldata.naces); pace = acldata.aces; new_count = posix_acl_2_fsal_acl(buffxstat->e_acl, buffxstat->is_dir, false, &pace); if (new_count < 0) return fsalstat(ERR_FSAL_NO_ACE, -1); if (i_count > 0) { new_i_count = posix_acl_2_fsal_acl(buffxstat->i_acl, true, true, &pace); if (new_i_count > 0) new_count += new_i_count; else LogDebug(COMPONENT_FSAL, "Inherit acl is not set for this directory"); } /* Reallocating acldata into the required size */ acldata.aces = (fsal_ace_t *) gsh_realloc(acldata.aces, new_count*sizeof(fsal_ace_t)); acldata.naces = new_count; fsalattr->acl = nfs4_acl_new_entry(&acldata, &aclstatus); LogDebug(COMPONENT_FSAL, "fsal acl = %p, fsal_acl_status = %u", fsalattr->acl, aclstatus); if (fsalattr->acl == NULL) { LogCrit(COMPONENT_FSAL, "failed to create a new acl entry"); return fsalstat(ERR_FSAL_NOMEM, -1); } fsalattr->valid_mask |= ATTR_ACL; } else { /* We were asked for ACL but do not support. */ status = fsalstat(ERR_FSAL_NOTSUPP, 0); } return status; }