Currently we support ACLs if the NFS server file system supports
ALLOW and DENY ACE types. This patch makes the Linux client work with
ACLs if the server supports either ALLOW or DENY ACE types.
Signed-off-by: Malahal Naineni <[email protected]>
---
fs/nfs/nfs4proc.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 15052b8..4504685 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -4321,9 +4321,9 @@ static int nfs4_proc_renew(struct nfs_client *clp, struct rpc_cred *cred)
static inline int nfs4_server_supports_acls(struct nfs_server *server)
{
- return (server->caps & NFS_CAP_ACLS)
- && (server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL)
- && (server->acl_bitmask & ACL4_SUPPORT_DENY_ACL);
+ return server->caps & NFS_CAP_ACLS &&
+ (server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL ||
+ server->acl_bitmask & ACL4_SUPPORT_DENY_ACL);
}
/* Assuming that XATTR_SIZE_MAX is a multiple of PAGE_SIZE, and that
--
1.8.3.1
On Jan 23, 2014, at 20:50, Malahal Naineni <[email protected]> wrote:
> Currently we support ACLs if the NFS server file system supports
> ALLOW and DENY ACE types. This patch makes the Linux client work with
> ACLs if the server supports either ALLOW or DENY ACE types.
According to RFC5661, the behaviour if you don?t have ALLOW aces is to deny all access. How does it make sense to accept that?
--
Trond Myklebust
Linux NFS client maintainer
Trond Myklebust [[email protected]] wrote:
>
> On Jan 23, 2014, at 20:50, Malahal Naineni <[email protected]> wrote:
>
> > Currently we support ACLs if the NFS server file system supports
> > ALLOW and DENY ACE types. This patch makes the Linux client work with
> > ACLs if the server supports either ALLOW or DENY ACE types.
>
> According to RFC5661, the behaviour if you don’t have ALLOW aces is to deny all access. How does it make sense to accept that?
I have a server that only returned 'ALLOW' type support probably due to
a bug! There is nothing in the spec that said a server 'MUST' support
'ALLOW' and 'DENY' ACE types (RFC5661 does say 'SHOULD' though!). That
was my reasoning to fix the client to be more liberal/lenient.
Can a server implicitly construct 'ALLOW' ACEs based on mode and not
support explicitly setting such ACEs by a client? I am not too familiar
with ACLs, if you think we should only check for 'ALLOW' support flag, I
can re-spin the patch but I think it is better to be more lenient
specially if it is not incorrect by being more lenient!
Please let me know either way.
Regards, Malahal.
On Fri, 2014-01-24 at 11:19 -0600, Malahal Naineni wrote:
> Currently we support ACLs if the NFS server file system supports both
> ALLOW and DENY ACE types. This patch makes the Linux client work with
> ACLs even if the server supports only 'ALLOW' ACE type.
>
> Signed-off-by: Malahal Naineni <[email protected]>
> ---
> fs/nfs/nfs4proc.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> index 15052b8..e3b8fa6 100644
> --- a/fs/nfs/nfs4proc.c
> +++ b/fs/nfs/nfs4proc.c
> @@ -4321,9 +4321,8 @@ static int nfs4_proc_renew(struct nfs_client *clp, struct rpc_cred *cred)
>
> static inline int nfs4_server_supports_acls(struct nfs_server *server)
> {
> - return (server->caps & NFS_CAP_ACLS)
> - && (server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL)
> - && (server->acl_bitmask & ACL4_SUPPORT_DENY_ACL);
> + return server->caps & NFS_CAP_ACLS &&
> + server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL;
> }
>
> /* Assuming that XATTR_SIZE_MAX is a multiple of PAGE_SIZE, and that
Wait... Having looked at the code a bit more carefully. Is there any
reason to set NFS_CAP_ACLS at all if we don't see server->acl_bitmask &
ACL4_SUPPORT_ALLOW_ACL?
IOW: Is there any reason why we shouldn't just move the test for
server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL into
_nfs4_server_capabilities()?
I agree that will change the output of /proc/self/mountstats for broken
servers that advertise acls, but don't set ACL4_SUPPORT_ALLOW_ACL,
however since we will never serve up getacl, setacl or listacl requests
in that case, why would we advertise the server as supporting it?
Trond Myklebust [[email protected]] wrote:
> On Fri, 2014-01-24 at 11:19 -0600, Malahal Naineni wrote:
> > Currently we support ACLs if the NFS server file system supports both
> > ALLOW and DENY ACE types. This patch makes the Linux client work with
> > ACLs even if the server supports only 'ALLOW' ACE type.
> >
> > Signed-off-by: Malahal Naineni <[email protected]>
> > ---
> > fs/nfs/nfs4proc.c | 5 ++---
> > 1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
> > index 15052b8..e3b8fa6 100644
> > --- a/fs/nfs/nfs4proc.c
> > +++ b/fs/nfs/nfs4proc.c
> > @@ -4321,9 +4321,8 @@ static int nfs4_proc_renew(struct nfs_client *clp, struct rpc_cred *cred)
> >
> > static inline int nfs4_server_supports_acls(struct nfs_server *server)
> > {
> > - return (server->caps & NFS_CAP_ACLS)
> > - && (server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL)
> > - && (server->acl_bitmask & ACL4_SUPPORT_DENY_ACL);
> > + return server->caps & NFS_CAP_ACLS &&
> > + server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL;
> > }
> >
> > /* Assuming that XATTR_SIZE_MAX is a multiple of PAGE_SIZE, and that
>
> Wait... Having looked at the code a bit more carefully. Is there any
> reason to set NFS_CAP_ACLS at all if we don't see server->acl_bitmask &
> ACL4_SUPPORT_ALLOW_ACL?
I don't see any. Something like the attached patch should work!
Regards, Malahal.
Trond Myklebust [[email protected]] wrote:
>
> On Jan 24, 2014, at 7:28, Malahal Naineni <[email protected]> wrote:
>
> > Trond Myklebust [[email protected]] wrote:
> >>
> >> On Jan 23, 2014, at 20:50, Malahal Naineni <[email protected]> wrote:
> >>
> >>> Currently we support ACLs if the NFS server file system supports
> >>> ALLOW and DENY ACE types. This patch makes the Linux client work with
> >>> ACLs if the server supports either ALLOW or DENY ACE types.
> >>
> >> According to RFC5661, the behaviour if you don’t have ALLOW aces is to deny all access. How does it make sense to accept that?
> >
> > I have a server that only returned 'ALLOW' type support probably due to
> > a bug! There is nothing in the spec that said a server 'MUST' support
> > 'ALLOW' and 'DENY' ACE types (RFC5661 does say 'SHOULD' though!). That
> > was my reasoning to fix the client to be more liberal/lenient.
> >
> > Can a server implicitly construct 'ALLOW' ACEs based on mode and not
> > support explicitly setting such ACEs by a client? I am not too familiar
> > with ACLs, if you think we should only check for 'ALLOW' support flag, I
> > can re-spin the patch but I think it is better to be more lenient
> > specially if it is not incorrect by being more lenient!
>
> The way I read the spec, the default behaviour is to disallow access unless you have sufficient ALLOW aces for the behaviour that you want. The DENY aces are optional, and are there in order to explicitly deny a user or group a particular behaviour that they would otherwise be allowed due to some subsequent combination of ALLOW aces.
>
> So, I accept that a server could function while only supporting ALLOW aces, but I don’t see how it could work at all with only DENY ace support.
Fair enough!
Currently we support ACLs if the NFS server file system supports both
ALLOW and DENY ACE types. This patch makes the Linux client work with
ACLs even if the server supports only 'ALLOW' ACE type.
Signed-off-by: Malahal Naineni <[email protected]>
---
fs/nfs/nfs4proc.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 15052b8..e3b8fa6 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -4321,9 +4321,8 @@ static int nfs4_proc_renew(struct nfs_client *clp, struct rpc_cred *cred)
static inline int nfs4_server_supports_acls(struct nfs_server *server)
{
- return (server->caps & NFS_CAP_ACLS)
- && (server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL)
- && (server->acl_bitmask & ACL4_SUPPORT_DENY_ACL);
+ return server->caps & NFS_CAP_ACLS &&
+ server->acl_bitmask & ACL4_SUPPORT_ALLOW_ACL;
}
/* Assuming that XATTR_SIZE_MAX is a multiple of PAGE_SIZE, and that
--
1.8.3.1
On Jan 24, 2014, at 7:28, Malahal Naineni <[email protected]> wrote:
> Trond Myklebust [[email protected]] wrote:
>>
>> On Jan 23, 2014, at 20:50, Malahal Naineni <[email protected]> wrote:
>>
>>> Currently we support ACLs if the NFS server file system supports
>>> ALLOW and DENY ACE types. This patch makes the Linux client work with
>>> ACLs if the server supports either ALLOW or DENY ACE types.
>>
>> According to RFC5661, the behaviour if you don?t have ALLOW aces is to deny all access. How does it make sense to accept that?
>
> I have a server that only returned 'ALLOW' type support probably due to
> a bug! There is nothing in the spec that said a server 'MUST' support
> 'ALLOW' and 'DENY' ACE types (RFC5661 does say 'SHOULD' though!). That
> was my reasoning to fix the client to be more liberal/lenient.
>
> Can a server implicitly construct 'ALLOW' ACEs based on mode and not
> support explicitly setting such ACEs by a client? I am not too familiar
> with ACLs, if you think we should only check for 'ALLOW' support flag, I
> can re-spin the patch but I think it is better to be more lenient
> specially if it is not incorrect by being more lenient!
The way I read the spec, the default behaviour is to disallow access unless you have sufficient ALLOW aces for the behaviour that you want. The DENY aces are optional, and are there in order to explicitly deny a user or group a particular behaviour that they would otherwise be allowed due to some subsequent combination of ALLOW aces.
So, I accept that a server could function while only supporting ALLOW aces, but I don?t see how it could work at all with only DENY ace support.
Cheers
Trond
--
Trond Myklebust
Linux NFS client maintainer