From 268ece9a584e646f3d494ccbf7e332b632adeb18 Mon Sep 17 00:00:00 2001 From: fbx Date: Tue, 9 Nov 2021 12:35:08 +0100 Subject: [PATCH 1/8] Add the xattr sys.acl to SysACL --- pkg/eosclient/eosgrpc/eosgrpc.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index a3835bed25..42ab061c0d 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -485,10 +485,17 @@ func (c *Client) GetFileInfoByInode(ctx context.Context, auth eosclient.Authoriz } log.Debug().Str("func", "GetFileInfoByInode").Uint64("inode", inode).Msg("") - return c.mergeParentACLsForFiles(ctx, auth, info), nil + return c.fixupACLs(ctx, auth, info), nil } -func (c *Client) mergeParentACLsForFiles(ctx context.Context, auth eosclient.Authorization, info *eosclient.FileInfo) *eosclient.FileInfo { +func (c *Client) fixupACLs(ctx context.Context, auth eosclient.Authorization, info *eosclient.FileInfo) *eosclient.FileInfo { + + // Append the ACLs that are described by the xattr sys.acl entry + a, err := acl.Parse(info.Attrs["sys.acl"], acl.ShortTextForm) + if err == nil { + info.SysACL.Entries = append(info.SysACL.Entries, a.Entries...) + } + // We need to inherit the ACLs for the parent directory as these are not available for files if !info.IsDir { parentInfo, err := c.GetFileInfoByPath(ctx, auth, path.Dir(info.File)) @@ -640,7 +647,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, auth eosclient.Authoriza info.Inode = inode } - return c.mergeParentACLsForFiles(ctx, auth, info), nil + return c.fixupACLs(ctx, auth, info), nil } // GetFileInfoByFXID returns the FileInfo by the given file id in hexadecimal From 9a496c21077cf85f0f8b4eea92465be3e657b84a Mon Sep 17 00:00:00 2001 From: fbx Date: Tue, 9 Nov 2021 15:27:03 +0100 Subject: [PATCH 2/8] Ruggedize the xattr sys.acl handling --- pkg/eosclient/eosgrpc/eosgrpc.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 42ab061c0d..cef123da0e 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -493,7 +493,11 @@ func (c *Client) fixupACLs(ctx context.Context, auth eosclient.Authorization, in // Append the ACLs that are described by the xattr sys.acl entry a, err := acl.Parse(info.Attrs["sys.acl"], acl.ShortTextForm) if err == nil { - info.SysACL.Entries = append(info.SysACL.Entries, a.Entries...) + if info.SysACL != nil { + info.SysACL.Entries = append(info.SysACL.Entries, a.Entries...) + } else { + info.SysACL = a + } } // We need to inherit the ACLs for the parent directory as these are not available for files From b29c459089196b13686a139c6a58ad50f8bb24f6 Mon Sep 17 00:00:00 2001 From: Fabrizio Furano Date: Tue, 9 Nov 2021 15:32:54 +0100 Subject: [PATCH 3/8] Add relnotes --- changelog/unreleased/sysacl-from-xattr.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/unreleased/sysacl-from-xattr.md diff --git a/changelog/unreleased/sysacl-from-xattr.md b/changelog/unreleased/sysacl-from-xattr.md new file mode 100644 index 0000000000..33907c28bc --- /dev/null +++ b/changelog/unreleased/sysacl-from-xattr.md @@ -0,0 +1,3 @@ +Fix: Add the xattr sys.acl to SysACL (eosgrpc) + +https://github.com/cs3org/reva/pull/2252 From 19f29a929e94bd525494be3ec907c7d718a6ecbd Mon Sep 17 00:00:00 2001 From: Fabrizio Furano Date: Tue, 9 Nov 2021 15:33:56 +0100 Subject: [PATCH 4/8] Fix becomes enhancement --- changelog/unreleased/sysacl-from-xattr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/unreleased/sysacl-from-xattr.md b/changelog/unreleased/sysacl-from-xattr.md index 33907c28bc..56b83a5fc0 100644 --- a/changelog/unreleased/sysacl-from-xattr.md +++ b/changelog/unreleased/sysacl-from-xattr.md @@ -1,3 +1,3 @@ -Fix: Add the xattr sys.acl to SysACL (eosgrpc) +Enhancement: Add the xattr sys.acl to SysACL (eosgrpc) https://github.com/cs3org/reva/pull/2252 From 47730037906f97596ac8a8120cf22a8153a814fb Mon Sep 17 00:00:00 2001 From: Fabrizio Furano Date: Tue, 9 Nov 2021 16:49:58 +0100 Subject: [PATCH 5/8] Read user ACLs if sys.eval.useracl is set (eosgrpc) --- pkg/eosclient/eosgrpc/eosgrpc.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index cef123da0e..9616aa56e1 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -47,7 +47,9 @@ import ( ) const ( - versionPrefix = ".sys.v#." + versionPrefix = ".sys.v#." + lwShareAttrKey = "reva.lwshare" + userACLEvalKey = "eval.useracl" ) const ( @@ -500,6 +502,22 @@ func (c *Client) fixupACLs(ctx context.Context, auth eosclient.Authorization, in } } + // Read user ACLs if sys.eval.useracl is set + if userACLEval, ok := info.Attrs["sys."+userACLEvalKey]; ok && userACLEval == "1" { + if userACL, ok := info.Attrs["user.acl"]; ok { + userAcls, err := acl.Parse(userACL, acl.ShortTextForm) + if err != nil { + return nil + } + for _, e := range userAcls.Entries { + err = info.SysACL.SetEntry(e.Type, e.Qualifier, e.Permissions) + if err != nil { + return nil + } + } + } + } + // We need to inherit the ACLs for the parent directory as these are not available for files if !info.IsDir { parentInfo, err := c.GetFileInfoByPath(ctx, auth, path.Dir(info.File)) From 8194b9bd31d3f4741f26db0c7eb54284cb05fc2c Mon Sep 17 00:00:00 2001 From: Fabrizio Furano Date: Tue, 9 Nov 2021 18:54:20 +0100 Subject: [PATCH 6/8] Comnent out unused constant --- pkg/eosclient/eosgrpc/eosgrpc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 9616aa56e1..3b963d21b7 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -47,8 +47,8 @@ import ( ) const ( - versionPrefix = ".sys.v#." - lwShareAttrKey = "reva.lwshare" + versionPrefix = ".sys.v#." + //lwShareAttrKey = "reva.lwshare" userACLEvalKey = "eval.useracl" ) From 2714e14e7641660209dbd11e235922d077748770 Mon Sep 17 00:00:00 2001 From: Fabrizio Furano Date: Tue, 9 Nov 2021 21:18:19 +0100 Subject: [PATCH 7/8] Comnent out unused constant ..fix --- pkg/eosclient/eosgrpc/eosgrpc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 3b963d21b7..b970c58cfc 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -48,7 +48,7 @@ import ( const ( versionPrefix = ".sys.v#." - //lwShareAttrKey = "reva.lwshare" + // lwShareAttrKey = "reva.lwshare" userACLEvalKey = "eval.useracl" ) From 34bd4f70aff626b98bf3e2799a1316a7da585544 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Nov 2021 02:10:08 +0000 Subject: [PATCH 8/8] [Build-deps]: Bump github.com/juliangruber/go-intersect Bumps [github.com/juliangruber/go-intersect](https://github.com/juliangruber/go-intersect) from 1.0.0 to 1.1.0. - [Release notes](https://github.com/juliangruber/go-intersect/releases) - [Commits](https://github.com/juliangruber/go-intersect/compare/v1.0.0...v1.1.0) --- updated-dependencies: - dependency-name: github.com/juliangruber/go-intersect dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 3 +-- go.sum | 7 ++++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 2aeef2c110..2003315130 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,6 @@ require ( github.com/aws/aws-sdk-go v1.41.9 github.com/beevik/etree v1.1.0 github.com/bluele/gcache v0.0.2 - github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect github.com/c-bata/go-prompt v0.2.5 github.com/cheggaaa/pb v1.0.29 github.com/coreos/go-oidc v2.2.1+incompatible @@ -39,7 +38,7 @@ require ( github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/jedib0t/go-pretty v4.3.0+incompatible - github.com/juliangruber/go-intersect v1.0.0 + github.com/juliangruber/go-intersect v1.1.0 github.com/mattn/go-sqlite3 v1.14.9 github.com/mileusna/useragent v1.0.2 github.com/minio/minio-go/v7 v7.0.15 diff --git a/go.sum b/go.sum index 58f9f0a88f..77e11f609b 100644 --- a/go.sum +++ b/go.sum @@ -404,8 +404,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/juliangruber/go-intersect v1.0.0 h1:0XNPNaEoPd7PZljVNZLk4qrRkR153Sjk2ZL1426zFQ0= -github.com/juliangruber/go-intersect v1.0.0/go.mod h1:unIef4vysSJvZ6adJAAPiBVKpS4r/IOkmfuFghRFDDM= +github.com/juliangruber/go-intersect v1.1.0 h1:sc+y5dCjMMx0pAdYk/N6KBm00tD/f3tq+Iox7dYDUrY= +github.com/juliangruber/go-intersect v1.1.0/go.mod h1:WMau+1kAmnlQnKiikekNJbtGtfmILU/mMU6H7AgKbWQ= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= @@ -424,8 +424,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs= +github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=