git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Fri, 3 Feb 2023 13:11:51 +0000 (14:11 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Tue, 21 Mar 2023 23:35:21 +0000 (23:35 +0000)
commit	971e025f5fb77f4eaaa1e9070598dfa6292a9678
tree	ef12176a893c7dbaa3c2c53d25e1f405fd862b8a	tree \| snapshot
parent	5e48ffca322c3c72d3b83b0719f245fc6f13c8e4	commit \| diff

LU-16524 sec: enforce rbac roles

There are 5 different rbac roles defined via nodemap:
- byfid_ops, to allow operations by FID (e.g. 'lfs rmfid').
- chlg_ops, to allow access to Lustre Changelogs.
- dne_ops, to allow operations related to DNE (e.g. 'lfs mkdir').
- file_perms, to allow modifications of file permissions and owners.
- quota_ops, to allow quota modifications.
Enforce these roles by checking the value of the 'rbac' nodemap
property on server side and returning -EPERM if operation is
forbidden.

Add sanity-sec test_64* to exercise these capabilities.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I37057f0ab50c02fa99db03cb04149a437e35ee0a
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/49907
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>

lustre/include/md_object.h		diff \| blob \| history
lustre/mdd/mdd_object.c		diff \| blob \| history
lustre/mdt/mdt_coordinator.c		diff \| blob \| history
lustre/mdt/mdt_handler.c		diff \| blob \| history
lustre/mdt/mdt_internal.h		diff \| blob \| history
lustre/mdt/mdt_lib.c		diff \| blob \| history
lustre/mdt/mdt_open.c		diff \| blob \| history
lustre/mdt/mdt_reint.c		diff \| blob \| history
lustre/mdt/mdt_restripe.c		diff \| blob \| history
lustre/mdt/mdt_xattr.c		diff \| blob \| history
lustre/obdecho/echo_client.c		diff \| blob \| history
lustre/ptlrpc/nodemap_handler.c		diff \| blob \| history
lustre/tests/sanity-sec.sh		diff \| blob \| history