Propagate file ownership via NFSv4

NFSv4 has FATTR4_OWNER and FATTR4_OWNER_GROUP fields that can be used to
announce file ownership. Unlike FUSE, these are strings. For our use
case it's sufficient to always set them to a decimal value of the
user/group ID.

Author: EdSchouten

pkg/filesystem/virtual/nfsv4/nfs40_program.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"io"
 	"math"
+	"strconv"
 	"sync"
 	"time"
 
@@ -560,6 +561,8 @@ func (p *nfs40Program) writeAttributes(attributes *virtual.Attributes, attrReque
 					(1 << nfsv4.FATTR4_FILEID),
 				(1 << (nfsv4.FATTR4_MODE - 32)) |
 					(1 << (nfsv4.FATTR4_NUMLINKS - 32)) |
+					(1 << (nfsv4.FATTR4_OWNER - 32)) |
+					(1 << (nfsv4.FATTR4_OWNER_GROUP - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_ACCESS - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_METADATA - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_MODIFY - 32)),
@@ -657,6 +660,25 @@ func (p *nfs40Program) writeAttributes(attributes *virtual.Attributes, attrReque
 			s |= b
 			nfsv4.WriteUint32T(w, attributes.GetLinkCount())
 		}
+		if b := uint32(1 << (nfsv4.FATTR4_OWNER - 32)); f&b != 0 {
+			// The macOS NFSv4 driver requires that if
+			// FATTR4_OWNER is a supported attribute, all
+			// files in the file system report it.
+			s |= b
+			v := ""
+			if ownerUserID, ok := attributes.GetOwnerUserID(); ok {
+				v = strconv.FormatUint(uint64(ownerUserID), 10)
+			}
+			nfsv4.WriteUtf8strMixed(w, v)
+		}
+		if b := uint32(1 << (nfsv4.FATTR4_OWNER_GROUP - 32)); f&b != 0 {
+			s |= b
+			v := ""
+			if ownerGroupID, ok := attributes.GetOwnerGroupID(); ok {
+				v = strconv.FormatUint(uint64(ownerGroupID), 10)
+			}
+			nfsv4.WriteUtf8strMixed(w, v)
+		}
 		if b := uint32(1 << (nfsv4.FATTR4_TIME_ACCESS - 32)); f&b != 0 {
 			s |= b
 			deterministicNfstime4.WriteTo(w)
@@ -3026,6 +3048,12 @@ func attrRequestToAttributesMask(attrRequest nfsv4.Bitmap4) virtual.AttributesMa
 		if f&uint32(1<<(nfsv4.FATTR4_NUMLINKS-32)) != 0 {
 			attributesMask |= virtual.AttributesMaskLinkCount
 		}
+		if f&uint32(1<<(nfsv4.FATTR4_OWNER-32)) != 0 {
+			attributesMask |= virtual.AttributesMaskOwnerUserID
+		}
+		if f&uint32(1<<(nfsv4.FATTR4_OWNER_GROUP-32)) != 0 {
+			attributesMask |= virtual.AttributesMaskOwnerGroupID
+		}
 		if f&uint32(1<<(nfsv4.FATTR4_TIME_MODIFY-32)) != 0 {
 			attributesMask |= virtual.AttributesMaskLastDataModificationTime
 		}
@@ -3044,6 +3072,12 @@ func attributesMaskToBitmap4(in virtual.AttributesMask) []uint32 {
 	if in&virtual.AttributesMaskPermissions != 0 {
 		out[1] |= (1 << (nfsv4.FATTR4_MODE - 32))
 	}
+	if in&virtual.AttributesMaskOwnerUserID != 0 {
+		out[1] |= (1 << (nfsv4.FATTR4_OWNER - 32))
+	}
+	if in&virtual.AttributesMaskOwnerGroupID != 0 {
+		out[1] |= (1 << (nfsv4.FATTR4_OWNER_GROUP - 32))
+	}
 	if in&virtual.AttributesMaskSizeBytes != 0 {
 		out[0] |= (1 << nfsv4.FATTR4_SIZE)
 	}
@@ -3172,7 +3206,9 @@ func fattr4ToAttributes(in *nfsv4.Fattr4, out *virtual.Attributes) nfsv4.Nfsstat
 	if len(in.Attrmask) > 1 {
 		// Attributes 32 to 63.
 		f := in.Attrmask[1]
-		if f&^(1<<(nfsv4.FATTR4_MODE-32)) != 0 {
+		if f&^((1<<(nfsv4.FATTR4_MODE-32))|
+			(1<<(nfsv4.FATTR4_OWNER-32))|
+			(1<<(nfsv4.FATTR4_OWNER_GROUP-32))) != 0 {
 			return nfsv4.NFS4ERR_ATTRNOTSUPP
 		}
 		if f&(1<<(nfsv4.FATTR4_MODE-32)) != 0 {
@@ -3182,6 +3218,9 @@ func fattr4ToAttributes(in *nfsv4.Fattr4, out *virtual.Attributes) nfsv4.Nfsstat
 			}
 			out.SetPermissions(virtual.NewPermissionsFromMode(mode))
 		}
+		if f&((1<<(nfsv4.FATTR4_OWNER-32))|(1<<(nfsv4.FATTR4_OWNER_GROUP-32))) != 0 {
+			return nfsv4.NFS4ERR_PERM
+		}
 	}
 	for i := 2; i < len(in.Attrmask); i++ {
 		// Attributes 64 or higher.

pkg/filesystem/virtual/nfsv4/nfs40_program_test.go

@@ -1681,7 +1681,16 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 		// Request all supported attributes.
 		rootDirectory.EXPECT().VirtualGetAttributes(
 			ctx,
-			virtual.AttributesMaskChangeID|virtual.AttributesMaskFileHandle|virtual.AttributesMaskFileType|virtual.AttributesMaskInodeNumber|virtual.AttributesMaskLastDataModificationTime|virtual.AttributesMaskLinkCount|virtual.AttributesMaskPermissions|virtual.AttributesMaskSizeBytes,
+			virtual.AttributesMaskChangeID|
+				virtual.AttributesMaskFileHandle|
+				virtual.AttributesMaskFileType|
+				virtual.AttributesMaskInodeNumber|
+				virtual.AttributesMaskLastDataModificationTime|
+				virtual.AttributesMaskLinkCount|
+				virtual.AttributesMaskOwnerGroupID|
+				virtual.AttributesMaskOwnerUserID|
+				virtual.AttributesMaskPermissions|
+				virtual.AttributesMaskSizeBytes,
 			gomock.Any(),
 		).Do(func(ctx context.Context, requested virtual.AttributesMask, attributes *virtual.Attributes) {
 			attributes.SetChangeID(0xeaab7253dad16ee5)
@@ -1690,6 +1699,8 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 			attributes.SetInodeNumber(0xfcadd45521cb1db2)
 			attributes.SetLastDataModificationTime(time.Unix(1654791566, 4839067173))
 			attributes.SetLinkCount(12)
+			attributes.SetOwnerGroupID(20)
+			attributes.SetOwnerUserID(501)
 			attributes.SetPermissions(virtual.PermissionsRead | virtual.PermissionsExecute)
 			attributes.SetSizeBytes(8192)
 		})
@@ -1716,6 +1727,8 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 								(1 << nfsv4_xdr.FATTR4_FILEID),
 							(1 << (nfsv4_xdr.FATTR4_MODE - 32)) |
 								(1 << (nfsv4_xdr.FATTR4_NUMLINKS - 32)) |
+								(1 << (nfsv4_xdr.FATTR4_OWNER - 32)) |
+								(1 << (nfsv4_xdr.FATTR4_OWNER_GROUP - 32)) |
 								(1 << (nfsv4_xdr.FATTR4_TIME_ACCESS - 32)) |
 								(1 << (nfsv4_xdr.FATTR4_TIME_METADATA - 32)) |
 								(1 << (nfsv4_xdr.FATTR4_TIME_MODIFY - 32)),
@@ -1753,6 +1766,8 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 										(1 << nfsv4_xdr.FATTR4_FILEID),
 									(1 << (nfsv4_xdr.FATTR4_MODE - 32)) |
 										(1 << (nfsv4_xdr.FATTR4_NUMLINKS - 32)) |
+										(1 << (nfsv4_xdr.FATTR4_OWNER - 32)) |
+										(1 << (nfsv4_xdr.FATTR4_OWNER_GROUP - 32)) |
 										(1 << (nfsv4_xdr.FATTR4_TIME_ACCESS - 32)) |
 										(1 << (nfsv4_xdr.FATTR4_TIME_METADATA - 32)) |
 										(1 << (nfsv4_xdr.FATTR4_TIME_MODIFY - 32)),
@@ -1761,7 +1776,7 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 									// FATTR4_SUPPORTED_ATTRS.
 									0x00, 0x00, 0x00, 0x02,
 									0x00, 0x18, 0x0f, 0xff,
-									0x00, 0x30, 0x80, 0x0a,
+									0x00, 0x30, 0x80, 0x3a,
 									// FATTR4_TYPE == NF4DIR.
 									0x00, 0x00, 0x00, 0x02,
 									// FATTR4_FH_EXPIRE_TYPE == FH4_PERSISTENT.
@@ -1792,6 +1807,12 @@ func TestNFS40ProgramCompound_OP_GETATTR(t *testing.T) {
 									0x00, 0x00, 0x01, 0x6d,
 									// FATTR4_NUMLINKS.
 									0x00, 0x00, 0x00, 0x0c,
+									// FATTR4_OWNER == "501".
+									0x00, 0x00, 0x00, 0x03,
+									0x35, 0x30, 0x31, 0x00,
+									// FATTR4_OWNER_GROUP == "20".
+									0x00, 0x00, 0x00, 0x02,
+									0x32, 0x30, 0x00, 0x00,
 									// FATTR4_TIME_ACCESS == 2000-01-01T00:00:00Z.
 									0x00, 0x00, 0x00, 0x00, 0x38, 0x6d, 0x43, 0x80,
 									0x00, 0x00, 0x00, 0x00,

pkg/filesystem/virtual/nfsv4/nfs41_program.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/binary"
 	"io"
+	"strconv"
 	"sync"
 	"time"
 
@@ -398,6 +399,8 @@ func (p *nfs41Program) writeAttributes(attributes *virtual.Attributes, attrReque
 					(1 << nfsv4.FATTR4_FILEID),
 				(1 << (nfsv4.FATTR4_MODE - 32)) |
 					(1 << (nfsv4.FATTR4_NUMLINKS - 32)) |
+					(1 << (nfsv4.FATTR4_OWNER - 32)) |
+					(1 << (nfsv4.FATTR4_OWNER_GROUP - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_ACCESS - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_METADATA - 32)) |
 					(1 << (nfsv4.FATTR4_TIME_MODIFY - 32)),
@@ -496,6 +499,25 @@ func (p *nfs41Program) writeAttributes(attributes *virtual.Attributes, attrReque
 			s |= b
 			nfsv4.WriteUint32T(w, attributes.GetLinkCount())
 		}
+		if b := uint32(1 << (nfsv4.FATTR4_OWNER - 32)); f&b != 0 {
+			// The macOS NFSv4 driver requires that if
+			// FATTR4_OWNER is a supported attribute, all
+			// files in the file system report it.
+			s |= b
+			v := ""
+			if ownerUserID, ok := attributes.GetOwnerUserID(); ok {
+				v = strconv.FormatUint(uint64(ownerUserID), 10)
+			}
+			nfsv4.WriteUtf8strMixed(w, v)
+		}
+		if b := uint32(1 << (nfsv4.FATTR4_OWNER_GROUP - 32)); f&b != 0 {
+			s |= b
+			v := ""
+			if ownerGroupID, ok := attributes.GetOwnerGroupID(); ok {
+				v = strconv.FormatUint(uint64(ownerGroupID), 10)
+			}
+			nfsv4.WriteUtf8strMixed(w, v)
+		}
 		if b := uint32(1 << (nfsv4.FATTR4_TIME_ACCESS - 32)); f&b != 0 {
 			s |= b
 			deterministicNfstime4.WriteTo(w)