Implement SMB ACLs (NFSv4) at VFS layer
- Add ACL structures: - VfsAceType (Allow/Deny/Audit/Alarm) - VfsAceFlag (inheritance flags) - VfsAceMask (permission masks) - VfsAce (access control entry) - VfsAcl (ACL list with default_acl) - Add VfsBackend methods: - get_acl() - retrieve ACL from .acl JSON - set_acl() - store ACL as .acl JSON - check_acl() - check permission for principal - add_ace() - add ACE to ACL - remove_ace() - remove ACE by index - LocalFs implementation: - VfsAclMeta serialization struct - ACL stored as JSON metadata (similar to quota/snapshot) - Box<VfsAcl> for recursive default_acl - Foundation for SMB/NFSv4 ACL support All 229 tests pass.
This commit is contained in:
Warren
@@ -235,6 +235,33 @@ pub trait VfsBackend: Send + Sync {
|
||||
fn restore_previous_version(&self, _path: &Path, _gmt_token: &str) -> Result<(), VfsError> {
|
||||
Err(VfsError::Unsupported("restore_previous_version".to_string()))
|
||||
}
|
||||
|
||||
// ===== ACL support (NFSv4/SMB) =====
|
||||
|
||||
/// 获取文件ACL
|
||||
fn get_acl(&self, _path: &Path) -> Result<VfsAcl, VfsError> {
|
||||
Err(VfsError::Unsupported("get_acl".to_string()))
|
||||
}
|
||||
|
||||
/// 设置文件ACL
|
||||
fn set_acl(&self, _path: &Path, _acl: &VfsAcl) -> Result<(), VfsError> {
|
||||
Err(VfsError::Unsupported("set_acl".to_string()))
|
||||
}
|
||||
|
||||
/// 检查ACL权限
|
||||
fn check_acl(&self, _path: &Path, _principal: &str, _mask: VfsAceMask) -> Result<bool, VfsError> {
|
||||
Ok(true) // Default: no ACL, always allow
|
||||
}
|
||||
|
||||
/// 添加ACE
|
||||
fn add_ace(&self, _path: &Path, _ace: &VfsAce) -> Result<(), VfsError> {
|
||||
Err(VfsError::Unsupported("add_ace".to_string()))
|
||||
}
|
||||
|
||||
/// 移除ACE
|
||||
fn remove_ace(&self, _path: &Path, _ace_index: usize) -> Result<(), VfsError> {
|
||||
Err(VfsError::Unsupported("remove_ace".to_string()))
|
||||
}
|
||||
}
|
||||
|
||||
/// 快照信息
|
||||
@@ -291,6 +318,97 @@ pub struct VfsPreviousVersion {
|
||||
pub size: u64,
|
||||
}
|
||||
|
||||
/// ACL访问控制条目类型(NFSv4/SMB)
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum VfsAceType {
|
||||
/// 允许访问
|
||||
Allow,
|
||||
/// 拒绝访问
|
||||
Deny,
|
||||
/// 审计(SMB)
|
||||
Audit,
|
||||
/// 警报(SMB)
|
||||
Alarm,
|
||||
}
|
||||
|
||||
/// ACL继承标志(NFSv4/SMB)
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum VfsAceFlag {
|
||||
/// 文件继承
|
||||
FileInherit,
|
||||
/// 目录继承
|
||||
DirectoryInherit,
|
||||
/// 无继承(仅当前对象)
|
||||
NoPropagateInherit,
|
||||
/// 仅继承(不应用于当前对象)
|
||||
InheritOnly,
|
||||
/// 已继承
|
||||
Inherited,
|
||||
/// 成功审计(SMB)
|
||||
SuccessfulAccess,
|
||||
/// 失败审计(SMB)
|
||||
FailedAccess,
|
||||
}
|
||||
|
||||
/// ACL权限掩码(NFSv4)
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum VfsAceMask {
|
||||
/// 读数据
|
||||
ReadData,
|
||||
/// 写数据
|
||||
WriteData,
|
||||
/// 执行
|
||||
Execute,
|
||||
/// 列目录(读数据+目录)
|
||||
ListDirectory,
|
||||
/// 添加文件(写数据+目录)
|
||||
AddFile,
|
||||
/// 添加子目录
|
||||
AddSubdirectory,
|
||||
/// 删除子项
|
||||
DeleteChild,
|
||||
/// 删除
|
||||
Delete,
|
||||
/// 读属性
|
||||
ReadAttributes,
|
||||
/// 写属性
|
||||
WriteAttributes,
|
||||
/// 读ACL
|
||||
ReadNfsAcl,
|
||||
/// 写ACL
|
||||
WriteNfsAcl,
|
||||
/// 读取所有权
|
||||
ReadOwner,
|
||||
/// 写入所有权
|
||||
WriteOwner,
|
||||
/// 同步
|
||||
Synchronize,
|
||||
/// 完全控制(所有权限)
|
||||
FullControl,
|
||||
}
|
||||
|
||||
/// ACL访问控制条目(ACE)
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct VfsAce {
|
||||
/// ACE类型
|
||||
pub ace_type: VfsAceType,
|
||||
/// ACE标志
|
||||
pub flags: Vec<VfsAceFlag>,
|
||||
/// 权限掩码
|
||||
pub mask: Vec<VfsAceMask>,
|
||||
/// 主体(用户/组SID或名称)
|
||||
pub principal: String,
|
||||
}
|
||||
|
||||
/// ACL列表(NFSv4/SMB)
|
||||
#[derive(Debug, Clone, Default)]
|
||||
pub struct VfsAcl {
|
||||
/// ACE列表
|
||||
pub aces: Vec<VfsAce>,
|
||||
/// 默认ACL(仅目录)
|
||||
pub default_acl: Option<Box<VfsAcl>>,
|
||||
}
|
||||
|
||||
/// 压缩算法类型
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
pub enum VfsCompression {
|
||||
|
||||
Reference in New Issue
Block a user