Got ready for Posix ACL support in fuse kernel

Following a recent patch to the fuse kernel, the Posix ACL checks can
be done within the kernel instead of having to be done in the file
system, provided lowntfs-3g is used.

This mode is still not used by default until the fuse patch is
released by distributions.

include/fuse-lite/fuse_common.h

@@ -44,8 +44,10 @@ extern "C" {
 #ifdef POSIXACLS
 /*
  * FUSE_CAP_DONT_MASK: don't apply umask to file mode on create operations
+ * FUSE_CAP_POSIX_ACL: process Posix ACLs within the kernel
  */
 #define FUSE_CAP_DONT_MASK	(1 << 6)
+#define FUSE_CAP_POSIX_ACL	(1 << 18)
 #endif
 
 #define FUSE_CAP_BIG_WRITES	(1 << 5)

include/fuse-lite/fuse_kernel.h

@@ -138,12 +138,14 @@ struct fuse_file_lock {
  * FUSE_BIG_WRITES: allow big writes to be issued to the file system
  * FUSE_DONT_MASK: don't apply umask to file mode on create operations
  * FUSE_HAS_IOCTL_DIR: kernel supports ioctl on directories
+ * FUSE_POSIX_ACL: kernel supports Posix ACLs
  */
 #define FUSE_ASYNC_READ		(1 << 0)
 #define FUSE_POSIX_LOCKS	(1 << 1)
 #define FUSE_BIG_WRITES		(1 << 5)
 #define FUSE_DONT_MASK		(1 << 6)
 #define FUSE_HAS_IOCTL_DIR	(1 << 11)
+#define FUSE_POSIX_ACL		(1 << 19)
 
 /**
  * Release flags

include/ntfs-3g/param.h

@@ -107,6 +107,11 @@ enum {
  *	performances, but bad on security with internal fuse or external
  *	fuse older than 2.8
  *
+ *	On Linux, cacheing is discouraged for the high level interface
+ *	in order to get proper support of hard links. As a consequence,
+ *	having access control in the file system leads to fewer requests
+ *	to the file system and fewer context switches.
+ *
  *	Possible values for high level :
  *		1 : no cache, kernel control (recommended)
  *		4 : no cache, file system control
@@ -119,8 +124,9 @@ enum {
  *		5 : no cache, file system control
  *		6 : kernel/fuse cache, file system control (OpenIndiana only)
  *		8 : no cache, kernel control for ACLs
+ *		9 : kernel/fuse cache, kernel control for ACLs (target)
  *
- *	Use of options 7 and 8 requires a patch to fuse
+ *	Use of options 7, 8 and 9 requires a fuse module upgrade
  *	When Posix ACLs are selected in the configure options, a value
  *	of 6 is added in the mount report.
  */
@@ -139,7 +145,7 @@ enum {
  *	the fuse high level interface.
  */
 #define HPERMSCONFIG 1
-#define LPERMSCONFIG 3
+#define LPERMSCONFIG 3 /* Use 9 when ACLs are supported by fuse kernel */
 #endif /* defined(__sun) && defined(__SVR4) */
 
 #endif /* defined _NTFS_PARAM_H */

libfuse-lite/fuse_lowlevel.c

@@ -1103,6 +1103,8 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
 #ifdef POSIXACLS
 	if (arg->flags & FUSE_DONT_MASK)
 	    f->conn.capable |= FUSE_CAP_DONT_MASK;
+	if (arg->flags & FUSE_POSIX_ACL)
+	    f->conn.capable |= FUSE_CAP_POSIX_ACL;
 #endif
 	if (arg->flags & FUSE_BIG_WRITES)
 	    f->conn.capable |= FUSE_CAP_BIG_WRITES;
@@ -1143,6 +1145,8 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
 #ifdef POSIXACLS
 	    if (f->conn.want & FUSE_CAP_DONT_MASK)
 		outarg.flags |= FUSE_DONT_MASK;
+	    if (f->conn.want & FUSE_CAP_POSIX_ACL)
+		outarg.flags |= FUSE_POSIX_ACL;
 #endif
     } else {
 	/* Never use a version more recent than supported by the kernel */
@@ -1157,6 +1161,8 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid, const void *inarg)
 #ifdef POSIXACLS
 	    if (f->conn.want & FUSE_CAP_DONT_MASK)
 		outarg.flags |= FUSE_DONT_MASK;
+	    if (f->conn.want & FUSE_CAP_POSIX_ACL)
+		outarg.flags |= FUSE_POSIX_ACL;
 #endif
     	}
     }

src/lowntfs-3g.c

@@ -90,6 +90,10 @@
 #include <linux/fs.h>
 #endif
 
+#ifndef FUSE_CAP_POSIX_ACL  /* until defined in <fuse/fuse_common.h> */
+#define FUSE_CAP_POSIX_ACL (1 << 18)
+#endif /* FUSE_CAP_POSIX_ACL */
+
 #include "compat.h"
 #include "bitmap.h"
 #include "attrib.h"
@@ -140,13 +144,18 @@
 	 * FUSE cacheing is only usable with basic permissions
 	 * checked by the kernel with external fuse >= 2.8
 	 */
-#if KERNELACLS | !KERNELPERMS
+#if !KERNELPERMS
 #warning "Fuse cacheing is only usable with basic permissions checked by kernel"
 #endif
-#define ATTR_TIMEOUT (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT) ? 1.0 : 0.0)
-#define ENTRY_TIMEOUT (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT) ? 1.0 : 0.0)
+#if KERNELACLS
+#define ATTR_TIMEOUT 10.0
+#define ENTRY_TIMEOUT 10.0
+#else /* KERNELACLS */
+#define ATTR_TIMEOUT (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT) ? 10.0 : 0.0)
+#define ENTRY_TIMEOUT (ctx->vol->secure_flags & (1 << SECURITY_DEFAULT) ? 10.0 : 0.0)
+#endif /* KERNELACLS */
 #endif /* defined(__sun) && defined (__SVR4) */
-#endif
+#endif /* !CACHEING */
 #define GHOSTLTH 40 /* max length of a ghost file name - see ghostformat */
 
 		/* sometimes the kernel cannot check access */
@@ -611,6 +620,10 @@ static void ntfs_init(void *userdata __attribute__((unused)),
 		/* request umask not to be enforced by fuse */
 	conn->want |= FUSE_CAP_DONT_MASK;
 #endif /* defined FUSE_CAP_DONT_MASK */
+#if POSIXACLS & KERNELACLS
+		/* request ACLs to be checked by kernel */
+	conn->want |= FUSE_CAP_POSIX_ACL;
+#endif /* POSIXACLS & KERNELACLS */
 #ifdef FUSE_CAP_BIG_WRITES
 	if (ctx->big_writes
 	    && ((ctx->vol->nr_clusters << ctx->vol->cluster_size_bits)

src/ntfs-3g.c

@@ -85,6 +85,10 @@
 #include <sys/param.h>
 #endif /* defined(__APPLE__) || defined(__DARWIN__), ... */
 
+#ifndef FUSE_CAP_POSIX_ACL  /* until defined in <fuse/fuse_common.h> */
+#define FUSE_CAP_POSIX_ACL (1 << 18)
+#endif /* FUSE_CAP_POSIX_ACL */
+
 #include "compat.h"
 #include "attrib.h"
 #include "inode.h"
@@ -674,6 +678,10 @@ static void *ntfs_init(struct fuse_conn_info *conn)
 		/* request umask not to be enforced by fuse */
 	conn->want |= FUSE_CAP_DONT_MASK;
 #endif /* defined FUSE_CAP_DONT_MASK */
+#if POSIXACLS & KERNELACLS
+		/* request ACLs to be checked by kernel */
+	conn->want |= FUSE_CAP_POSIX_ACL;
+#endif /* POSIXACLS & KERNELACLS */
 #ifdef FUSE_CAP_BIG_WRITES
 	if (ctx->big_writes
 	    && ((ctx->vol->nr_clusters << ctx->vol->cluster_size_bits)