Skip to content

Commit

Permalink
Add ACL wrapper libraries
Browse files Browse the repository at this point in the history
This commit adds common ACL libraries, libzfsacl for Linux and
FreeBSD to provide helper functions to access ACLs. On Linux,
libsunacl provides acl() and facl() to be consumed by
vfs_zfsacl.c in Samba.

libpyzfsacl.c provides python bindings for libzfsacl. A new
package for libzfsacl that includes all the libraries is added.

Signed-off-by: Umer Saleem <[email protected]>
  • Loading branch information
usaleem-ix committed Jan 11, 2024
1 parent 14906fd commit 3986969
Show file tree
Hide file tree
Showing 19 changed files with 4,082 additions and 5 deletions.
5 changes: 3 additions & 2 deletions config/deb.am
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ deb-utils: deb-local rpm-utils-initramfs
pkg9=$${name}-initramfs-$${version}.$${arch}.rpm; \
pkg10=`ls python3-pyzfs-$${version}.noarch.rpm 2>/dev/null`; \
pkg11=`ls pam_zfs_key-$${version}.$${arch}.rpm 2>/dev/null`; \
pkg12=`ls python3-libzfsacl-$${version}.$${arch}.rpm 2>/dev/null`; \
## Arguments need to be passed to dh_shlibdeps. Alien provides no mechanism
## to do this, so we install a shim onto the path which calls the real
## dh_shlibdeps with the required arguments.
Expand All @@ -81,11 +82,11 @@ deb-utils: deb-local rpm-utils-initramfs
env "PATH=$${path_prepend}:$${PATH}" \
fakeroot $(ALIEN) --bump=0 --scripts --to-deb --target=$$debarch \
$$pkg1 $$pkg2 $$pkg3 $$pkg4 $$pkg5 $$pkg6 $$pkg7 \
$$pkg8 $$pkg9 $$pkg10 $$pkg11 || exit 1; \
$$pkg8 $$pkg9 $$pkg10 $$pkg11 $$pkg12 || exit 1; \
$(RM) $${path_prepend}/dh_shlibdeps; \
rmdir $${path_prepend}; \
$(RM) $$pkg1 $$pkg2 $$pkg3 $$pkg4 $$pkg5 $$pkg6 $$pkg7 \
$$pkg8 $$pkg9 $$pkg10 $$pkg11;
$$pkg8 $$pkg9 $$pkg10 $$pkg11 $$pkg12;

deb: deb-kmod deb-dkms deb-utils

Expand Down
12 changes: 12 additions & 0 deletions contrib/debian/control
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,17 @@ Description: wrapper for libzfs_core C library (documentation)
.
This package contains the documentation.

Package: openzfs-python3-libzfsacl
Section: contrib/python
Architecture: linux-any
Depends: ${misc:Depends},
${python3:Depends}
Replaces: python3-libzfsacl
Conflicts: python3-libzfsacl
Description: Python module for accessing NFSV41 style ACLs
libzfsacl is cross platform python library for accessing NFSv41 style
ACLs.

Package: openzfs-zfs-dkms
Architecture: all
Depends: dkms (>> 2.1.1.2-5),
Expand Down Expand Up @@ -248,6 +259,7 @@ Depends: openzfs-libnvpair3 (= ${binary:Version}),
openzfs-libuutil3 (= ${binary:Version}),
openzfs-libzfs4 (= ${binary:Version}),
openzfs-libzpool5 (= ${binary:Version}),
openzfs-python3-libzfsacl (= ${binary:Version}),
python3,
${misc:Depends},
${shlibs:Depends}
Expand Down
4 changes: 4 additions & 0 deletions contrib/debian/openzfs-python3-libzfsacl.install.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
usr/lib/python3/dist-packages/libzfsacl-*.egg-info
usr/lib/python3/dist-packages/libzfsacl.cpython-*.so
lib/@DEB_HOST_MULTIARCH@/libzfsacl.so.*
lib/@DEB_HOST_MULTIARCH@/libsunacl.so.*
3 changes: 2 additions & 1 deletion contrib/debian/openzfs-python3-pyzfs.install
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
usr/lib/python3*
usr/lib/python3/dist-packages/libzfs_core
usr/lib/python3/dist-packages/pyzfs-*.egg-info
1 change: 1 addition & 0 deletions contrib/debian/rules.in
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,7 @@ override_dh_auto_install:

override_dh_python3:
dh_python3 -p openzfs-python3-pyzfs
dh_python3 -p openzfs-python3-libzfsacl

override_dh_dkms:
'$(CURDIR)/scripts/dkms.mkconf' -n $(NAME) -v $(DEB_VERSION_UPSTREAM) -f '$(CURDIR)/scripts/zfs-dkms.dkms'
Expand Down
6 changes: 5 additions & 1 deletion include/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -190,8 +190,12 @@ USER_H = \
libzfs_core.h \
libzfsbootenv.h \
libzutil.h \
thread_pool.h
thread_pool.h \
zfsacl.h

if BUILD_LINUX
USER_H += sunacl.h
endif

if CONFIG_USER
libzfsdir = $(includedir)/libzfs
Expand Down
110 changes: 110 additions & 0 deletions include/sunacl.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or https://opensource.org/licenses/CDDL-1.0.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/

/*
* Copyright (c) 2008, 2009 Edward Tomasz Napierała <[email protected]>
* Copyright (c) 2022 Andrew Walker <[email protected]>
* All rights reserved.
*/

#ifndef SUNACL_H
#define SUNACL_H extern __attribute__((visibility("default")))

#include <sys/types.h> /* uid_t */

/*
* ACL_MAX_ENTRIES from <sys/acl.h>
*/

typedef struct acl_entry aclent_t;

typedef struct ace {
uid_t a_who; /* uid or gid */
uint32_t a_access_mask; /* read,write,... */
uint16_t a_flags; /* see below */
uint16_t a_type; /* allow or deny */
} ace_t;

/*
* The following are defined for ace_t.
*/
#define ACE_READ_DATA 0x00000001
#define ACE_LIST_DIRECTORY 0x00000001
#define ACE_WRITE_DATA 0x00000002
#define ACE_ADD_FILE 0x00000002
#define ACE_APPEND_DATA 0x00000004
#define ACE_ADD_SUBDIRECTORY 0x00000004
#define ACE_READ_NAMED_ATTRS 0x00000008
#define ACE_WRITE_NAMED_ATTRS 0x00000010
#define ACE_EXECUTE 0x00000020
#define ACE_DELETE_CHILD 0x00000040
#define ACE_READ_ATTRIBUTES 0x00000080
#define ACE_WRITE_ATTRIBUTES 0x00000100
#define ACE_DELETE 0x00010000
#define ACE_READ_ACL 0x00020000
#define ACE_WRITE_ACL 0x00040000
#define ACE_WRITE_OWNER 0x00080000
#define ACE_SYNCHRONIZE 0x00100000

#define ACE_FILE_INHERIT_ACE 0x0001
#define ACE_DIRECTORY_INHERIT_ACE 0x0002
#define ACE_NO_PROPAGATE_INHERIT_ACE 0x0004
#define ACE_INHERIT_ONLY_ACE 0x0008
#define ACE_SUCCESSFUL_ACCESS_ACE_FLAG 0x0010
#define ACE_FAILED_ACCESS_ACE_FLAG 0x0020
#define ACE_IDENTIFIER_GROUP 0x0040
#define ACE_INHERITED_ACE 0x0080
#define ACE_OWNER 0x1000
#define ACE_GROUP 0x2000
#define ACE_EVERYONE 0x4000

#define ACE_ACCESS_ALLOWED_ACE_TYPE 0x0000
#define ACE_ACCESS_DENIED_ACE_TYPE 0x0001
#define ACE_SYSTEM_AUDIT_ACE_TYPE 0x0002
#define ACE_SYSTEM_ALARM_ACE_TYPE 0x0003

#define ACE_ALL_PERMS (ACE_READ_DATA|ACE_LIST_DIRECTORY|ACE_WRITE_DATA| \
ACE_ADD_FILE|ACE_APPEND_DATA|ACE_ADD_SUBDIRECTORY|ACE_READ_NAMED_ATTRS| \
ACE_WRITE_NAMED_ATTRS|ACE_EXECUTE|ACE_DELETE_CHILD|ACE_READ_ATTRIBUTES| \
ACE_WRITE_ATTRIBUTES|ACE_DELETE|ACE_READ_ACL|ACE_WRITE_ACL| \
ACE_WRITE_OWNER|ACE_SYNCHRONIZE)

/*
* The following flags are supported by both NFSv4 ACLs and ace_t.
*/
#define ACE_NFSV4_SUP_FLAGS (ACE_FILE_INHERIT_ACE | \
ACE_DIRECTORY_INHERIT_ACE | \
ACE_NO_PROPAGATE_INHERIT_ACE | \
ACE_INHERIT_ONLY_ACE | \
ACE_IDENTIFIER_GROUP | \
ACE_INHERITED_ACE)

#define ACE_TYPE_FLAGS (ACE_OWNER|ACE_GROUP|ACE_EVERYONE|ACE_IDENTIFIER_GROUP)

/* cmd's to manipulate ace acls. */
#define ACE_GETACL 4
#define ACE_SETACL 5
#define ACE_GETACLCNT 6

int acl(const char *path, int cmd, int cnt, void *buf);
int facl(int fd, int cmd, int cnt, void *buf);

#endif /* SUNACL_H */
Loading

0 comments on commit 3986969

Please sign in to comment.