diff --git a/changelog/unreleased/sysacl-from-xattr.md b/changelog/unreleased/sysacl-from-xattr.md new file mode 100644 index 00000000000..56b83a5fc05 --- /dev/null +++ b/changelog/unreleased/sysacl-from-xattr.md @@ -0,0 +1,3 @@ +Enhancement: Add the xattr sys.acl to SysACL (eosgrpc) + +https://github.com/cs3org/reva/pull/2252 diff --git a/go.mod b/go.mod index 2aeef2c1103..2003315130f 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,6 @@ require ( github.com/aws/aws-sdk-go v1.41.9 github.com/beevik/etree v1.1.0 github.com/bluele/gcache v0.0.2 - github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect github.com/c-bata/go-prompt v0.2.5 github.com/cheggaaa/pb v1.0.29 github.com/coreos/go-oidc v2.2.1+incompatible @@ -39,7 +38,7 @@ require ( github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/jedib0t/go-pretty v4.3.0+incompatible - github.com/juliangruber/go-intersect v1.0.0 + github.com/juliangruber/go-intersect v1.1.0 github.com/mattn/go-sqlite3 v1.14.9 github.com/mileusna/useragent v1.0.2 github.com/minio/minio-go/v7 v7.0.15 diff --git a/go.sum b/go.sum index 58f9f0a88f1..77e11f609b1 100644 --- a/go.sum +++ b/go.sum @@ -404,8 +404,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juliangruber/go-intersect v1.0.0 h1:0XNPNaEoPd7PZljVNZLk4qrRkR153Sjk2ZL1426zFQ0= -github.com/juliangruber/go-intersect v1.0.0/go.mod h1:unIef4vysSJvZ6adJAAPiBVKpS4r/IOkmfuFghRFDDM= +github.com/juliangruber/go-intersect v1.1.0 h1:sc+y5dCjMMx0pAdYk/N6KBm00tD/f3tq+Iox7dYDUrY= +github.com/juliangruber/go-intersect v1.1.0/go.mod h1:WMau+1kAmnlQnKiikekNJbtGtfmILU/mMU6H7AgKbWQ= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= @@ -424,8 +424,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index a3835bed258..b970c58cfc9 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -48,6 +48,8 @@ import ( const ( versionPrefix = ".sys.v#." + // lwShareAttrKey = "reva.lwshare" + userACLEvalKey = "eval.useracl" ) const ( @@ -485,10 +487,37 @@ func (c *Client) GetFileInfoByInode(ctx context.Context, auth eosclient.Authoriz } log.Debug().Str("func", "GetFileInfoByInode").Uint64("inode", inode).Msg("") - return c.mergeParentACLsForFiles(ctx, auth, info), nil + return c.fixupACLs(ctx, auth, info), nil } -func (c *Client) mergeParentACLsForFiles(ctx context.Context, auth eosclient.Authorization, info *eosclient.FileInfo) *eosclient.FileInfo { +func (c *Client) fixupACLs(ctx context.Context, auth eosclient.Authorization, info *eosclient.FileInfo) *eosclient.FileInfo { + + // Append the ACLs that are described by the xattr sys.acl entry + a, err := acl.Parse(info.Attrs["sys.acl"], acl.ShortTextForm) + if err == nil { + if info.SysACL != nil { + info.SysACL.Entries = append(info.SysACL.Entries, a.Entries...) + } else { + info.SysACL = a + } + } + + // Read user ACLs if sys.eval.useracl is set + if userACLEval, ok := info.Attrs["sys."+userACLEvalKey]; ok && userACLEval == "1" { + if userACL, ok := info.Attrs["user.acl"]; ok { + userAcls, err := acl.Parse(userACL, acl.ShortTextForm) + if err != nil { + return nil + } + for _, e := range userAcls.Entries { + err = info.SysACL.SetEntry(e.Type, e.Qualifier, e.Permissions) + if err != nil { + return nil + } + } + } + } + // We need to inherit the ACLs for the parent directory as these are not available for files if !info.IsDir { parentInfo, err := c.GetFileInfoByPath(ctx, auth, path.Dir(info.File)) @@ -640,7 +669,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, auth eosclient.Authoriza info.Inode = inode } - return c.mergeParentACLsForFiles(ctx, auth, info), nil + return c.fixupACLs(ctx, auth, info), nil } // GetFileInfoByFXID returns the FileInfo by the given file id in hexadecimal