nfscommon: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday) https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls describes an extension to NFSv4.2 to handle POSIX draft ACLs. This is the first of several patches that implement the above draft. This patch should not result in a semantics change.
This commit is contained in:
@@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } nfsuserd_state;
|
|||||||
|
|
||||||
typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
|
typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
|
||||||
|
|
||||||
|
/* Values for supports_nfsv4acls. */
|
||||||
|
#define SUPPACL_NONE 0
|
||||||
|
#define SUPPACL_NFSV4 1
|
||||||
|
#define SUPPACL_POSIX 2
|
||||||
|
|
||||||
#endif /* _KERNEL */
|
#endif /* _KERNEL */
|
||||||
|
|
||||||
#endif /* _NFS_NFS_H */
|
#endif /* _NFS_NFS_H */
|
||||||
|
|||||||
@@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp)
|
|||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Determine if the file system supports POSIX draft ACLs.
|
||||||
|
* Return 1 if it does, 0 otherwise.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
nfs_supportsposixacls(struct vnode *vp)
|
||||||
|
{
|
||||||
|
int error;
|
||||||
|
long retval;
|
||||||
|
|
||||||
|
ASSERT_VOP_LOCKED(vp, "nfs supports posixacls");
|
||||||
|
|
||||||
|
if (nfsrv_useacl == 0)
|
||||||
|
return (0);
|
||||||
|
error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval);
|
||||||
|
if (error == 0 && retval != 0)
|
||||||
|
return (1);
|
||||||
|
return (0);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* These are the first fields of all the context structures passed into
|
* These are the first fields of all the context structures passed into
|
||||||
* nfs_pnfsio().
|
* nfs_pnfsio().
|
||||||
|
|||||||
@@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, u_int32_t);
|
|||||||
int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
|
int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
|
||||||
int nfsrv_atroot(vnode_t, uint64_t *);
|
int nfsrv_atroot(vnode_t, uint64_t *);
|
||||||
int nfs_supportsnfsv4acls(vnode_t);
|
int nfs_supportsnfsv4acls(vnode_t);
|
||||||
|
int nfs_supportsposixacls(struct vnode *);
|
||||||
|
|
||||||
/* nfs_commonacl.c */
|
/* nfs_commonacl.c */
|
||||||
int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
|
int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
|
||||||
@@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, char *, int,
|
|||||||
int);
|
int);
|
||||||
bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
|
bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
|
||||||
void nfsrv_checknospc(void);
|
void nfsrv_checknospc(void);
|
||||||
|
int nfs_supportsacls(struct vnode *);
|
||||||
|
|
||||||
/* nfs_commonkrpc.c */
|
/* nfs_commonkrpc.c */
|
||||||
int newnfs_nmcancelreqs(struct nfsmount *);
|
int newnfs_nmcancelreqs(struct nfsmount *);
|
||||||
|
|||||||
+29
-1
@@ -1025,6 +1025,10 @@ struct nfsv3_sattr {
|
|||||||
#define NFSATTRBIT_SECLABEL 80
|
#define NFSATTRBIT_SECLABEL 80
|
||||||
#define NFSATTRBIT_MODEUMASK 81
|
#define NFSATTRBIT_MODEUMASK 81
|
||||||
#define NFSATTRBIT_XATTRSUPPORT 82
|
#define NFSATTRBIT_XATTRSUPPORT 82
|
||||||
|
#define NFSATTRBIT_ACLTRUEFORM 89
|
||||||
|
#define NFSATTRBIT_ACLTRUEFORMSCOPE 90
|
||||||
|
#define NFSATTRBIT_POSIXDEFAULTACL 91
|
||||||
|
#define NFSATTRBIT_POSIXACCESSACL 92
|
||||||
|
|
||||||
#define NFSATTRBM_SUPPORTEDATTRS 0x00000001
|
#define NFSATTRBM_SUPPORTEDATTRS 0x00000001
|
||||||
#define NFSATTRBM_TYPE 0x00000002
|
#define NFSATTRBM_TYPE 0x00000002
|
||||||
@@ -1109,8 +1113,12 @@ struct nfsv3_sattr {
|
|||||||
#define NFSATTRBM_SECLABEL 0x00010000
|
#define NFSATTRBM_SECLABEL 0x00010000
|
||||||
#define NFSATTRBM_MODEUMASK 0x00020000
|
#define NFSATTRBM_MODEUMASK 0x00020000
|
||||||
#define NFSATTRBM_XATTRSUPPORT 0x00040000
|
#define NFSATTRBM_XATTRSUPPORT 0x00040000
|
||||||
|
#define NFSATTRBM_ACLTRUEFORM 0x02000000
|
||||||
|
#define NFSATTRBM_ACLTRUEFORMSCOPE 0x04000000
|
||||||
|
#define NFSATTRBM_POSIXDEFAULTACL 0x08000000
|
||||||
|
#define NFSATTRBM_POSIXACCESSACL 0x10000000
|
||||||
|
|
||||||
#define NFSATTRBIT_MAX 83
|
#define NFSATTRBIT_MAX 93
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Sets of attributes that are supported, by words in the bitmap.
|
* Sets of attributes that are supported, by words in the bitmap.
|
||||||
@@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t;
|
|||||||
#define NFSV4SXATTR_CREATE 1
|
#define NFSV4SXATTR_CREATE 1
|
||||||
#define NFSV4SXATTR_REPLACE 2
|
#define NFSV4SXATTR_REPLACE 2
|
||||||
|
|
||||||
|
/* Definitions for POSIX draft ACLs for NFSv4.2. */
|
||||||
|
#define NFSV4_ACL_MODEL_NFS4 1
|
||||||
|
#define NFSV4_ACL_MODEL_POSIX_DRAFT 2
|
||||||
|
#define NFSV4_ACL_MODEL_NONE 3
|
||||||
|
|
||||||
|
#define NFSV4_ACL_SCOPE_FILE_OBJECT 1
|
||||||
|
#define NFSV4_ACL_SCOPE_FILE_SYSTEM 2
|
||||||
|
#define NFSV4_ACL_SCOPE_SERVER 3
|
||||||
|
|
||||||
|
#define NFSV4_POSIXACL_TAG_USER_OBJ 1
|
||||||
|
#define NFSV4_POSIXACL_TAG_USER 2
|
||||||
|
#define NFSV4_POSIXACL_TAG_GROUP_OBJ 3
|
||||||
|
#define NFSV4_POSIXACL_TAG_GROUP 4
|
||||||
|
#define NFSV4_POSIXACL_TAG_MASK 5
|
||||||
|
#define NFSV4_POSIXACL_TAG_OTHER 6
|
||||||
|
|
||||||
|
#define NFSV4_POSIXACL_PERM_PERM_EXECUTE 0x00000001
|
||||||
|
#define NFSV4_POSIXACL_PERM_PERM_WRITE 0x00000002
|
||||||
|
#define NFSV4_POSIXACL_PERM_PERM_READ 0x00000004
|
||||||
|
|
||||||
/* Values for ChangeAttrType (RFC-7862). */
|
/* Values for ChangeAttrType (RFC-7862). */
|
||||||
#define NFSV4CHANGETYPE_MONOTONIC_INCR 0
|
#define NFSV4CHANGETYPE_MONOTONIC_INCR 0
|
||||||
#define NFSV4CHANGETYPE_VERS_COUNTER 1
|
#define NFSV4CHANGETYPE_VERS_COUNTER 1
|
||||||
|
|||||||
Reference in New Issue
Block a user