nfscommon: Add some support for POSIX draft ACLs

An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.

This is the first of several patches that implement the
above draft.

This patch should not result in a semantics change.
This commit is contained in:
Rick Macklem
2025-12-21 14:28:12 -08:00
parent 95788a851d
commit a35bbd5d9f
4 changed files with 56 additions and 1 deletions
+5
View File
@@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } nfsuserd_state;
typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
/* Values for supports_nfsv4acls. */
#define SUPPACL_NONE 0
#define SUPPACL_NFSV4 1
#define SUPPACL_POSIX 2
#endif /* _KERNEL */
#endif /* _NFS_NFS_H */
+20
View File
@@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp)
return (0);
}
/*
* Determine if the file system supports POSIX draft ACLs.
* Return 1 if it does, 0 otherwise.
*/
int
nfs_supportsposixacls(struct vnode *vp)
{
int error;
long retval;
ASSERT_VOP_LOCKED(vp, "nfs supports posixacls");
if (nfsrv_useacl == 0)
return (0);
error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval);
if (error == 0 && retval != 0)
return (1);
return (0);
}
/*
* These are the first fields of all the context structures passed into
* nfs_pnfsio().
+2
View File
@@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, u_int32_t);
int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
int nfsrv_atroot(vnode_t, uint64_t *);
int nfs_supportsnfsv4acls(vnode_t);
int nfs_supportsposixacls(struct vnode *);
/* nfs_commonacl.c */
int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
@@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, char *, int,
int);
bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
void nfsrv_checknospc(void);
int nfs_supportsacls(struct vnode *);
/* nfs_commonkrpc.c */
int newnfs_nmcancelreqs(struct nfsmount *);
+29 -1
View File
@@ -1025,6 +1025,10 @@ struct nfsv3_sattr {
#define NFSATTRBIT_SECLABEL 80
#define NFSATTRBIT_MODEUMASK 81
#define NFSATTRBIT_XATTRSUPPORT 82
#define NFSATTRBIT_ACLTRUEFORM 89
#define NFSATTRBIT_ACLTRUEFORMSCOPE 90
#define NFSATTRBIT_POSIXDEFAULTACL 91
#define NFSATTRBIT_POSIXACCESSACL 92
#define NFSATTRBM_SUPPORTEDATTRS 0x00000001
#define NFSATTRBM_TYPE 0x00000002
@@ -1109,8 +1113,12 @@ struct nfsv3_sattr {
#define NFSATTRBM_SECLABEL 0x00010000
#define NFSATTRBM_MODEUMASK 0x00020000
#define NFSATTRBM_XATTRSUPPORT 0x00040000
#define NFSATTRBM_ACLTRUEFORM 0x02000000
#define NFSATTRBM_ACLTRUEFORMSCOPE 0x04000000
#define NFSATTRBM_POSIXDEFAULTACL 0x08000000
#define NFSATTRBM_POSIXACCESSACL 0x10000000
#define NFSATTRBIT_MAX 83
#define NFSATTRBIT_MAX 93
/*
* Sets of attributes that are supported, by words in the bitmap.
@@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t;
#define NFSV4SXATTR_CREATE 1
#define NFSV4SXATTR_REPLACE 2
/* Definitions for POSIX draft ACLs for NFSv4.2. */
#define NFSV4_ACL_MODEL_NFS4 1
#define NFSV4_ACL_MODEL_POSIX_DRAFT 2
#define NFSV4_ACL_MODEL_NONE 3
#define NFSV4_ACL_SCOPE_FILE_OBJECT 1
#define NFSV4_ACL_SCOPE_FILE_SYSTEM 2
#define NFSV4_ACL_SCOPE_SERVER 3
#define NFSV4_POSIXACL_TAG_USER_OBJ 1
#define NFSV4_POSIXACL_TAG_USER 2
#define NFSV4_POSIXACL_TAG_GROUP_OBJ 3
#define NFSV4_POSIXACL_TAG_GROUP 4
#define NFSV4_POSIXACL_TAG_MASK 5
#define NFSV4_POSIXACL_TAG_OTHER 6
#define NFSV4_POSIXACL_PERM_PERM_EXECUTE 0x00000001
#define NFSV4_POSIXACL_PERM_PERM_WRITE 0x00000002
#define NFSV4_POSIXACL_PERM_PERM_READ 0x00000004
/* Values for ChangeAttrType (RFC-7862). */
#define NFSV4CHANGETYPE_MONOTONIC_INCR 0
#define NFSV4CHANGETYPE_VERS_COUNTER 1