April 2024 - Devel - Nfs Ganesha List Archives

[XS] Change in ...nfs-ganesha[next]: access_check: Return ERR_FSAL_ACCESS on access failure if ACL present

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190113?usp=email ) Change subject: access_check: Return ERR_FSAL_ACCESS on access failure if ACL present ...................................................................... access_check: Return ERR_FSAL_ACCESS on access failure if ACL present If the caller specifies FSAL_ACE4_REQ_FLAG and there is ACL present and the required access is not met, return back ERR_FSAL_ACCESS. Returning back ERR_FSAL_NO_ACE should signal that no ACL present. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: Iad20d14053fe202ce748a814e961000524d8a684 --- M src/FSAL/access_check.c 1 file changed, 1 insertion(+), 4 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/13/1190113/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190113?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: Iad20d14053fe202ce748a814e961000524d8a684 Gerrit-Change-Number: 1190113 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[S] Change in ...nfs-ganesha[next]: commonlib: In fsal_mode_gen_acl the group perm should serve as mask

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190154?usp=email ) Change subject: commonlib: In fsal_mode_gen_acl the group perm should serve as mask ...................................................................... commonlib: In fsal_mode_gen_acl the group perm should serve as mask According to RFC 8881, section 6.4.1.1: The ACL attributes SHOULD also be modified such that: 1. If MODE4_RGRP is not set, entities explicitly listed in the ACL other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_READ_DATA. 2. If MODE4_WGRP is not set, entities explicitly listed in the ACL other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_WRITE_DATA or ACE4_APPEND_DATA. 3. If MODE4_XGRP is not set, entities explicitly listed in the ACL other than OWNER@ and EVERYONE@ SHOULD NOT be granted ACE4_EXECUTE. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I2e999440612cded5ed2e361c9e44973bee987c0f --- M src/FSAL/commonlib.c 1 file changed, 16 insertions(+), 1 deletion(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/54/1190154/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190154?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I2e999440612cded5ed2e361c9e44973bee987c0f Gerrit-Change-Number: 1190154 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[XS] Change in ...nfs-ganesha[next]: access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG f...

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190112?usp=email ) Change subject: access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG from missing_access ...................................................................... access_check: In fsal_check_access_acl reset the FSAL_ACE4_REQ_FLAG from missing_access If not removing the FSAL_ACE4_REQ_FLAG from the missing_access variable, it means that the access check will always fail as this value is not present in the aces permissions. The aim of FSAL_ACE4_REQ_FLAG is to give to the caller the ability to signal that ACL attr must be present (and not just mode bits). Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I79505c60c261500042b885df2dcd112475caa939 --- M src/FSAL/access_check.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/12/1190112/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190112?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I79505c60c261500042b885df2dcd112475caa939 Gerrit-Change-Number: 1190112 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[S] Change in ...nfs-ganesha[next]: commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit ...

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190111?usp=email ) Change subject: commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit aces ...................................................................... commonlib: In fsal_mode_to_acl provide a flag whether to dup inherit aces Currently the fsal_mode_to_acl dups inherit aces which don't have the inherit only flag. According to RFC 8881 6.4.3.1 this is an optional behavior by the server: "When a new directory is created, the server MAY split any inherited ACE that is both inheritable and effective (in other words, that has neither ACE4_INHERIT_ONLY_ACE nor ACE4_NO_PROPAGATE_INHERIT_ACE set), into two ACEs, one with no inheritance flags and one with ACE4_INHERIT_ONLY_ACE set." Adding a flag so the caller can decide whether to dup or not, as back-ends might have limited number of slots for storing aces. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I0835ca744485e380b0b72e8308bf11f5582c4159 --- M src/FSAL/FSAL_VFS/file.c M src/FSAL/commonlib.c M src/Protocols/NFS/nfs_proto_tools.c M src/include/FSAL/fsal_commonlib.h 4 files changed, 8 insertions(+), 6 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/11/1190111/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190111?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I0835ca744485e380b0b72e8308bf11f5582c4159 Gerrit-Change-Number: 1190111 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[XS] Change in ...nfs-ganesha[next]: commonlib: Identify correctly special id's

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190110?usp=email ) Change subject: commonlib: Identify correctly special id's ...................................................................... commonlib: Identify correctly special id's A client might place uid's 1,2 or 3 as the ace principals that it sends so better examine the internal flag and not the 'who.uid' itself. (in the `decode_acl`, ganesha translates the OWNER@, GROUP@ & EVERYONE@ into uid's 1,2,3 and sets the FSAL_ACE_IFLAG_SPECIAL_ID internal flag) Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I779670fd3d077ba53bbd0153c408aaa8b34eb835 --- M src/FSAL/commonlib.c 1 file changed, 1 insertion(+), 1 deletion(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/10/1190110/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190110?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I779670fd3d077ba53bbd0153c408aaa8b34eb835 Gerrit-Change-Number: 1190110 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[XS] Change in ...nfs-ganesha[next]: commonlib: Remove GROUP_ID flag from special "who"

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190109?usp=email ) Change subject: commonlib: Remove GROUP_ID flag from special "who" ...................................................................... commonlib: Remove GROUP_ID flag from special "who" According to RFC 8881 section 6.2.1.5, the ACE4_IDENTIFIER_GROUP should be set to zero for special principals. Indeed Ganesha removes this flag when decoding ACL attr so we need to be consistent here. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: Ic9fa794423a258cec719277fe65cef1294ba1f52 --- M src/FSAL/commonlib.c 1 file changed, 0 insertions(+), 2 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/09/1190109/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190109?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: Ic9fa794423a258cec719277fe65cef1294ba1f52 Gerrit-Change-Number: 1190109 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[S] Change in ...nfs-ganesha[next]: commonlib: Add default flags for generated aces from mode-bits

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190108?usp=email ) Change subject: commonlib: Add default flags for generated aces from mode-bits ...................................................................... commonlib: Add default flags for generated aces from mode-bits All should have the READ_ATTR & READ_ACL allowed by default. Owner in addition Should have the write attr, acl & owner (actually owner may just change the gid to group it belongs to) This change is in order to align to posix file-systems behavior (also the knfsd is doing that). Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I1c5bab43c9fa87cb073432b604c2a6348614797e --- M src/FSAL/commonlib.c 1 file changed, 10 insertions(+), 0 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/08/1190108/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190108?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I1c5bab43c9fa87cb073432b604c2a6348614797e Gerrit-Change-Number: 1190108 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[XS] Change in ...nfs-ganesha[next]: log_functions: Don't call Cleanup from Fatal handling function

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190107?usp=email ) Change subject: log_functions: Don't call Cleanup from Fatal handling function ...................................................................... log_functions: Don't call Cleanup from Fatal handling function The Cleanup utility and usages (especially the uid2grp_cache_cleanup) is not thread safe. A thread that call the LogFatal invokes now the cleaners that destroy pthreads locks which may be used by other threads and that may lead to undefined behavior. Also double destroy of the same lock is undefined. On Fatal we wand to terminate the process as fast as we can without the risk of stuck threads that holds the process alive. Also changing from _exit() to exit() to eliminate the ambiguity whether the glibc version terminates just the thread or the entire process. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: Ic8997399a5cc689a5bb59921a2270b7f5b347590 --- M src/log/log_functions.c 1 file changed, 1 insertion(+), 2 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/07/1190107/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190107?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: Ic8997399a5cc689a5bb59921a2270b7f5b347590 Gerrit-Change-Number: 1190107 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[M] Change in ...nfs-ganesha[next]: nfs_proto_tools: In encode_acl convert mode to acl if no acl present

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190106?usp=email ) Change subject: nfs_proto_tools: In encode_acl convert mode to acl if no acl present ...................................................................... nfs_proto_tools: In encode_acl convert mode to acl if no acl present This in order to conform to RFC 8881 and match knfsd behavior. Also renamed two static functions in order to overcome compilation conflict with functions from included header. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: Ia4b4a714909d7280e4dfda7b7b6b01779e9f71ea --- M src/Protocols/NFS/nfs_proto_tools.c 1 file changed, 59 insertions(+), 53 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/06/1190106/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190106?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: Ia4b4a714909d7280e4dfda7b7b6b01779e9f71ea Gerrit-Change-Number: 1190106 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

[S] Change in ...nfs-ganesha[next]: commonlib: In fsal_mode_gen_acl create properly the generates acl object

by Assaf Yaari (GerritHub)

Assaf Yaari has uploaded this change for review. ( https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190104?usp=email ) Change subject: commonlib: In fsal_mode_gen_acl create properly the generates acl object ...................................................................... commonlib: In fsal_mode_gen_acl create properly the generates acl object Don't just allocate the memory but place in the hashtable using nfs4_acl_new_entry like any other acl object. Signed-off-by: Assaf Yaari <assafy(a)google.com> Change-Id: I3f48b7825e5a2c46ce6af834c57e20ebc6512b30 --- M src/FSAL/commonlib.c 1 file changed, 10 insertions(+), 4 deletions(-) git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/04/1190104/1 -- To view, visit https://review.gerrithub.io/c/ffilz/nfs-ganesha/+/1190104?usp=email To unsubscribe, or for help writing mail filters, visit https://review.gerrithub.io/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: ffilz/nfs-ganesha Gerrit-Branch: next Gerrit-Change-Id: I3f48b7825e5a2c46ce6af834c57e20ebc6512b30 Gerrit-Change-Number: 1190104 Gerrit-PatchSet: 1 Gerrit-Owner: Assaf Yaari <assafy(a)google.com>

1 month, 2 weeks

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

Devel April 2024