mgr/smb: Add acl_xattr configuration to share definition

Samba allows to store full Windows(NT) ACLs and bypass any lossy mapping
attempts to and from POSIX ACLs. Therefore we stack an additional module
in front of ceph to store NTACLs in a special extended attribute. Due to
certain limitations within containers the default xattr from security
namespace can't be used. Instead we configure a similar xattr from more
flexible 'user' namespace with the help of an option to the module.

ref: https://www.samba.org/samba/docs/current/man-html/vfs_acl_xattr.8.html
Signed-off-by: Anoop C S <[email protected]>

Author: anoopcs9

qa/suites/orch/cephadm/smb/tasks/deploy_smb_basic.yaml

@@ -43,8 +43,9 @@ tasks:
             globals = ["default", "domain"]
             instance_name = "SAMBA"
             [shares.share1.options]
-            "vfs objects" = "ceph"
+            "vfs objects" = "acl_xattr ceph"
             path = "/"
+            "acl_xattr:security_acl_name" = "user.NTACL"
             "ceph:config_file" = "/etc/ceph/ceph.conf"
             "ceph:user_id" = "smbdata"
             "kernel share modes" = "no"

qa/suites/orch/cephadm/smb/tasks/deploy_smb_domain.yaml

@@ -42,8 +42,9 @@ tasks:
           globals = ["default", "domain"]
           instance_name = "SAMBA"
           [shares.share1.options]
-          "vfs objects" = "ceph"
+          "vfs objects" = "acl_xattr ceph"
           path = "/"
+          "acl_xattr:security_acl_name" = "user.NTACL"
           "ceph:config_file" = "/etc/ceph/ceph.conf"
           "ceph:user_id" = "smbdata"
           "kernel share modes" = "no"

src/pybind/mgr/smb/handler.py

@@ -977,7 +977,8 @@ def _generate_share(
         # smb.conf options
         'options': {
             'path': path,
-            "vfs objects": "ceph",
+            "vfs objects": "acl_xattr ceph",
+            'acl_xattr:security_acl_name': 'user.NTACL',
             'ceph:config_file': '/etc/ceph/ceph.conf',
             'ceph:filesystem': share.cephfs.volume,
             'ceph:user_id': cephx_entity,

src/pybind/mgr/smb/tests/test_smb.py

@@ -421,7 +421,8 @@ def test_share_dump_config(tmodule):
                     'browseable': 'Yes',
                     'kernel share modes': 'no',
                     'x:ceph:id': 'foo.s1',
-                    'vfs objects': 'ceph',
+                    'vfs objects': 'acl_xattr ceph',
+                    'acl_xattr:security_acl_name': 'user.NTACL',
                     'ceph:config_file': '/etc/ceph/ceph.conf',
                     'ceph:filesystem': 'cephfs',
                     'ceph:user_id': 'smb.fs.cluster.foo',
@@ -434,7 +435,8 @@ def test_share_dump_config(tmodule):
                     'browseable': 'Yes',
                     'kernel share modes': 'no',
                     'x:ceph:id': 'foo.stwo',
-                    'vfs objects': 'ceph',
+                    'vfs objects': 'acl_xattr ceph',
+                    'acl_xattr:security_acl_name': 'user.NTACL',
                     'ceph:config_file': '/etc/ceph/ceph.conf',
                     'ceph:filesystem': 'cephfs',
                     'ceph:user_id': 'smb.fs.cluster.foo',