[S] Change in ...nfs-ganesha[next]: commonlib: Place OWNER & GROUP mode generated aces at the beginning
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190155?usp=email )
Change subject: commonlib: Place OWNER & GROUP mode generated aces at the beginning
......................................................................
commonlib: Place OWNER & GROUP mode generated aces at the beginning
Place the OWNER@ & GROUP@ generated aces from the mode bits at the
beginning in order to ensure that the mode-bits are taking effect so
exsiting ace with principal that happens to be the owner won't override
it. The ratio is that if the user does 'chmod', they won't be confused
by such existing ace.
Still the EVERYONE@ generated aces are placed at the end, otherwise it
will mask any other existing ace.
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: Ief1c0d6d07a3d76ca03d67a965272776df5cddcb
---
M src/FSAL/commonlib.c
1 file changed, 9 insertions(+), 7 deletions(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/55/1190155/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190155?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: Ief1c0d6d07a3d76ca03d67a965272776df5cddcb
Gerrit-Change-Number: 1190155
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[S] Change in ...nfs-ganesha[next]: commonlib: In fsal_mode_gen_acl the group perm should serve as mask
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190154?usp=email )
Change subject: commonlib: In fsal_mode_gen_acl the group perm should serve as mask
......................................................................
commonlib: In fsal_mode_gen_acl the group perm should serve as mask
According to RFC 8881, section 6.4.1.1:
The ACL attributes SHOULD also be modified such that:
1. If MODE4_RGRP is not set, entities explicitly listed in the ACL
other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_READ_DATA.
2. If MODE4_WGRP is not set, entities explicitly listed in the ACL
other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_WRITE_DATA
or ACE4_APPEND_DATA.
3. If MODE4_XGRP is not set, entities explicitly listed in the ACL
other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_EXECUTE.
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: I2e999440612cded5ed2e361c9e44973bee987c0f
---
M src/FSAL/commonlib.c
1 file changed, 16 insertions(+), 1 deletion(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/54/1190154/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190154?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I2e999440612cded5ed2e361c9e44973bee987c0f
Gerrit-Change-Number: 1190154
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[XS] Change in ...nfs-ganesha[next]: access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG f...
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190112?usp=email )
Change subject: access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG from missing_access
......................................................................
access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG from
missing_access
If not removing the FSAL_ACE4_REQ_FLAG from the missing_access variable,
it means that the access check will always fail as this value is not
present in the aces permissions.
The aim of FSAL_ACE4_REQ_FLAG is to give to the caller the ability to
signal that ACL attr must be present (and not just mode bits).
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: I79505c60c261500042b885df2dcd112475caa939
---
M src/FSAL/access_check.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/12/1190112/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190112?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I79505c60c261500042b885df2dcd112475caa939
Gerrit-Change-Number: 1190112
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[S] Change in ...nfs-ganesha[next]: commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit ...
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190111?usp=email )
Change subject: commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit aces
......................................................................
commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit
aces
Currently the fsal_mode_to_acl dups inherit aces which don't have the
inherit only flag.
According to RFC 8881 6.4.3.1 this is an optional behavior by the
server:
"When a new directory is created, the server MAY split any inherited ACE
that is both inheritable and effective (in other words, that has neither
ACE4_INHERIT_ONLY_ACE nor ACE4_NO_PROPAGATE_INHERIT_ACE set), into two
ACEs, one with no inheritance flags and one with ACE4_INHERIT_ONLY_ACE
set."
Adding a flag so the caller can decide whether to dup or not, as
back-ends might have limited number of slots for storing aces.
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: I0835ca744485e380b0b72e8308bf11f5582c4159
---
M src/FSAL/FSAL_VFS/file.c
M src/FSAL/commonlib.c
M src/Protocols/NFS/nfs_proto_tools.c
M src/include/FSAL/fsal_commonlib.h
4 files changed, 8 insertions(+), 6 deletions(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/11/1190111/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190111?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I0835ca744485e380b0b72e8308bf11f5582c4159
Gerrit-Change-Number: 1190111
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[XS] Change in ...nfs-ganesha[next]: commonlib: Identify correctly special id's
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190110?usp=email )
Change subject: commonlib: Identify correctly special id's
......................................................................
commonlib: Identify correctly special id's
A client might place uid's 1,2 or 3 as the ace principals that it sends
so better examine the internal flag and not the 'who.uid' itself.
(in the `decode_acl`, ganesha translates the OWNER@, GROUP@ & EVERYONE@
into uid's 1,2,3 and sets the FSAL_ACE_IFLAG_SPECIAL_ID internal flag)
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: I779670fd3d077ba53bbd0153c408aaa8b34eb835
---
M src/FSAL/commonlib.c
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/10/1190110/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190110?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I779670fd3d077ba53bbd0153c408aaa8b34eb835
Gerrit-Change-Number: 1190110
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[S] Change in ...nfs-ganesha[next]: commonlib: Add default flags for generated aces from mode-bits
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190108?usp=email )
Change subject: commonlib: Add default flags for generated aces from mode-bits
......................................................................
commonlib: Add default flags for generated aces from mode-bits
All should have the READ_ATTR & READ_ACL allowed by default.
Owner in addition Should have the write attr, acl & owner
(actually owner may just change the gid to group it belongs to)
This change is in order to align to posix file-systems behavior (also
the knfsd is doing that).
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: I1c5bab43c9fa87cb073432b604c2a6348614797e
---
M src/FSAL/commonlib.c
1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/08/1190108/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190108?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I1c5bab43c9fa87cb073432b604c2a6348614797e
Gerrit-Change-Number: 1190108
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks
[XS] Change in ...nfs-ganesha[next]: log_functions: Don't call Cleanup from Fatal handling function
by Assaf Yaari (GerritHub)
Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190107?usp=email )
Change subject: log_functions: Don't call Cleanup from Fatal handling function
......................................................................
log_functions: Don't call Cleanup from Fatal handling function
The Cleanup utility and usages (especially the uid2grp_cache_cleanup) is
not thread safe. A thread that call the LogFatal invokes now the
cleaners that destroy pthreads locks which may be used by other threads
and that may lead to undefined behavior. Also double destroy of the same
lock is undefined.
On Fatal we wand to terminate the process as fast as we can without the
risk of stuck threads that holds the process alive.
Also changing from _exit() to exit() to eliminate the ambiguity whether
the glibc version terminates just the thread or the entire process.
Signed-off-by: Assaf Yaari <assafy(a)google.com>
Change-Id: Ic8997399a5cc689a5bb59921a2270b7f5b347590
---
M src/log/log_functions.c
1 file changed, 1 insertion(+), 2 deletions(-)
git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/07/1190107/1
--
To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190107?usp=email
To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: Ic8997399a5cc689a5bb59921a2270b7f5b347590
Gerrit-Change-Number: 1190107
Gerrit-PatchSet: 1
Gerrit-Owner: Assaf Yaari <assafy(a)google.com>
8 months, 4 weeks