git: a35bbd5d9f5f - main - nfscommon: Add some support for POSIX draft ACLs

Sun, 21 Dec 2025 14:29:48 -0800 

The branch main has been updated by rmacklem:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8

commit a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8
Author:     Rick Macklem <[email protected]>
AuthorDate: 2025-12-21 22:28:12 +0000
Commit:     Rick Macklem <[email protected]>
CommitDate: 2025-12-21 22:28:12 +0000

    nfscommon: Add some support for POSIX draft ACLs
    
    An internet draft (expected to become an RFC someday)
    https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
    describes an extension to NFSv4.2 to handle POSIX draft ACLs.
    
    This is the first of several patches that implement the
    above draft.
    
    This patch should not result in a semantics change.
---
 sys/fs/nfs/nfs.h            |  5 +++++
 sys/fs/nfs/nfs_commonport.c | 20 ++++++++++++++++++++
 sys/fs/nfs/nfs_var.h        |  2 ++
 sys/fs/nfs/nfsproto.h       | 30 +++++++++++++++++++++++++++++-
 4 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h
index e6a125b388a8..ecff9b8e6849 100644
--- a/sys/fs/nfs/nfs.h
+++ b/sys/fs/nfs/nfs.h
@@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } 
nfsuserd_state;
 
 typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
 
+/* Values for supports_nfsv4acls. */
+#define        SUPPACL_NONE    0
+#define        SUPPACL_NFSV4   1
+#define        SUPPACL_POSIX   2
+
 #endif /* _KERNEL */
 
 #endif /* _NFS_NFS_H */
diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 862780741ee7..44fcbe2d5722 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp)
        return (0);
 }
 
+/*
+ * Determine if the file system supports POSIX draft ACLs.
+ * Return 1 if it does, 0 otherwise.
+ */
+int
+nfs_supportsposixacls(struct vnode *vp)
+{
+       int error;
+       long retval;
+
+       ASSERT_VOP_LOCKED(vp, "nfs supports posixacls");
+
+       if (nfsrv_useacl == 0)
+               return (0);
+       error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval);
+       if (error == 0 && retval != 0)
+               return (1);
+       return (0);
+}
+
 /*
  * These are the first fields of all the context structures passed into
  * nfs_pnfsio().
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index 7db3952ecf5c..6b14c8486272 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, 
u_int32_t);
 int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
 int nfsrv_atroot(vnode_t, uint64_t *);
 int nfs_supportsnfsv4acls(vnode_t);
+int nfs_supportsposixacls(struct vnode *);
 
 /* nfs_commonacl.c */
 int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
@@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf 
*, char *, int,
     int);
 bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
 void nfsrv_checknospc(void);
+int nfs_supportsacls(struct vnode *);
 
 /* nfs_commonkrpc.c */
 int newnfs_nmcancelreqs(struct nfsmount *);
diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h
index 13fec8a102a3..41150ef88188 100644
--- a/sys/fs/nfs/nfsproto.h
+++ b/sys/fs/nfs/nfsproto.h
@@ -1025,6 +1025,10 @@ struct nfsv3_sattr {
 #define        NFSATTRBIT_SECLABEL             80
 #define        NFSATTRBIT_MODEUMASK            81
 #define        NFSATTRBIT_XATTRSUPPORT         82
+#define        NFSATTRBIT_ACLTRUEFORM          89
+#define        NFSATTRBIT_ACLTRUEFORMSCOPE     90
+#define        NFSATTRBIT_POSIXDEFAULTACL      91
+#define        NFSATTRBIT_POSIXACCESSACL       92
 
 #define        NFSATTRBM_SUPPORTEDATTRS        0x00000001
 #define        NFSATTRBM_TYPE                  0x00000002
@@ -1109,8 +1113,12 @@ struct nfsv3_sattr {
 #define        NFSATTRBM_SECLABEL              0x00010000
 #define        NFSATTRBM_MODEUMASK             0x00020000
 #define        NFSATTRBM_XATTRSUPPORT          0x00040000
+#define        NFSATTRBM_ACLTRUEFORM           0x02000000
+#define        NFSATTRBM_ACLTRUEFORMSCOPE      0x04000000
+#define        NFSATTRBM_POSIXDEFAULTACL       0x08000000
+#define        NFSATTRBM_POSIXACCESSACL        0x10000000
 
-#define        NFSATTRBIT_MAX                  83
+#define        NFSATTRBIT_MAX                  93
 
 /*
  * Sets of attributes that are supported, by words in the bitmap.
@@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t;
 #define        NFSV4SXATTR_CREATE      1
 #define        NFSV4SXATTR_REPLACE     2
 
+/* Definitions for POSIX draft ACLs for NFSv4.2. */
+#define        NFSV4_ACL_MODEL_NFS4            1
+#define        NFSV4_ACL_MODEL_POSIX_DRAFT     2
+#define        NFSV4_ACL_MODEL_NONE            3
+
+#define        NFSV4_ACL_SCOPE_FILE_OBJECT     1
+#define        NFSV4_ACL_SCOPE_FILE_SYSTEM     2
+#define        NFSV4_ACL_SCOPE_SERVER          3
+
+#define        NFSV4_POSIXACL_TAG_USER_OBJ     1
+#define        NFSV4_POSIXACL_TAG_USER         2
+#define        NFSV4_POSIXACL_TAG_GROUP_OBJ    3
+#define        NFSV4_POSIXACL_TAG_GROUP        4
+#define        NFSV4_POSIXACL_TAG_MASK         5
+#define        NFSV4_POSIXACL_TAG_OTHER        6
+
+#define        NFSV4_POSIXACL_PERM_PERM_EXECUTE        0x00000001
+#define        NFSV4_POSIXACL_PERM_PERM_WRITE          0x00000002
+#define        NFSV4_POSIXACL_PERM_PERM_READ           0x00000004
+
 /* Values for ChangeAttrType (RFC-7862). */
 #define        NFSV4CHANGETYPE_MONOTONIC_INCR          0
 #define        NFSV4CHANGETYPE_VERS_COUNTER            1

Reply via email to