From nobody Thu Feb 5 01:23:00 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f5zxJ28vsz6QxGK for ; Thu, 05 Feb 2026 01:23:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f5zxJ1SXLz3cBJ for ; Thu, 05 Feb 2026 01:23:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770254580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GmNSJ+3SagvbD73P+pTWpj4EZPUS15FGYRc8qIySEYE=; b=PiIxULxhlchBp+py8ViDoKSPsjiteqmi9f4MKC3Yt0zlbqzcrPAS8rnVZ4CVzJy2GOIi8t 6PiNhH/g3KFQszvnrA3gDz56nfpPMXLjgy5tZ6ve7ZqhRLHMGaz7/oLMqP6wIFUpe8eA+8 TeAf9TZPjU2Oum/lVvAlYOO7Ot+zRXrHS/dZ9POiUr9zCMUNOR+Mylqazya0wbm4vIfw+c RPpxe7H0QurPDqwt8MOtVQu0DPWT+7YZdCXyw8ECBJjE7bikHWV8PZllxlu4VHE6Jhpnb/ zDiod0xD4yTKCpasDVXMHYXyXWLFd/auQMai8N8tkfMaZjKu79CZB4TI3uokYA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770254580; a=rsa-sha256; cv=none; b=cNhYKZO+lhs3kdbUJe0iKuVYOb0sIpdyJ5a8FEijnHHkTiV5RTybTlqfwWhVpRnHUv25c4 iwQ/VSf3IC0zGrA1hlZTlnNLm0ygjGeh54Lx4Wn+uqc3idJc9Zrouc9kYXS3S5HkIUm78m 3arIyu3AnZLYgdpH3sP5tZIWtdaCYye6ty5G879GraXB2zPR22zg3Oqj5pmAZsMHHQf78L +0FAYHP8fa4h0vUaEhFHa1Wxy/pa1ad2utxWeJoQo8VDsKTKc9KEreCIA+BZDqtwBk8Tvo TMvxwiBldVErABIz0y3hjex8Nl6az0Wt2vpJ0R5pYXSbh/u2sxM8alXX7sgw2A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770254580; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=GmNSJ+3SagvbD73P+pTWpj4EZPUS15FGYRc8qIySEYE=; b=j3WUQdR8W1CvTeXJSlWLQu7AJsHJwYS2Nzk4ROSUyNKhEOEvAOx/7M5bcDOYx7oK9UdDJe /8zRFAWVN0rGbIdWB2Rv9/YQ+IfLtZ/In600pHKHfPuSpL4TFoqq4EtZyHAbBgdWwe6J50 dGmQpFSuadR4h4JKeZeSks4geAg2zKggTfV8E45lsO8SiqcfdVA5DiU92/YLk8pcM2BIO9 FvyB15bvVOYgRdaEZOuXyNnP0QZ3DzOGHDTO7y7QQZRejC8hRToEl6MM8cAwFqsiESuDye n2va+8yzamQBhxi3IzZqsPN9dRGHZpyFLfi/xPaNBKjPk589P1xMC3qe3fbWNA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f5zxJ10jpz1MvN for ; Thu, 05 Feb 2026 01:23:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 38305 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 05 Feb 2026 01:23:00 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: e00ce2fe6536 - stable/15 - nfscommon: Add some support for POSIX draft ACLs List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: e00ce2fe6536c7a986cd4fac42e9b6d7f2d66357 Auto-Submitted: auto-generated Date: Thu, 05 Feb 2026 01:23:00 +0000 Message-Id: <6983f0f4.38305.f5d21bb@gitrepo.freebsd.org> The branch stable/15 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=e00ce2fe6536c7a986cd4fac42e9b6d7f2d66357 commit e00ce2fe6536c7a986cd4fac42e9b6d7f2d66357 Author: Rick Macklem AuthorDate: 2025-12-21 22:28:12 +0000 Commit: Rick Macklem CommitDate: 2026-02-05 01:19:36 +0000 nfscommon: Add some support for POSIX draft ACLs An internet draft (expected to become an RFC someday) https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls describes an extension to NFSv4.2 to handle POSIX draft ACLs. This is the first of several patches that implement the above draft. This patch should not result in a semantics change. (cherry picked from commit a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8) --- sys/fs/nfs/nfs.h | 5 +++++ sys/fs/nfs/nfs_commonport.c | 20 ++++++++++++++++++++ sys/fs/nfs/nfs_var.h | 2 ++ sys/fs/nfs/nfsproto.h | 30 +++++++++++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h index e6a125b388a8..ecff9b8e6849 100644 --- a/sys/fs/nfs/nfs.h +++ b/sys/fs/nfs/nfs.h @@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } nfsuserd_state; typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status; +/* Values for supports_nfsv4acls. */ +#define SUPPACL_NONE 0 +#define SUPPACL_NFSV4 1 +#define SUPPACL_POSIX 2 + #endif /* _KERNEL */ #endif /* _NFS_NFS_H */ diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c index 862780741ee7..44fcbe2d5722 100644 --- a/sys/fs/nfs/nfs_commonport.c +++ b/sys/fs/nfs/nfs_commonport.c @@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp) return (0); } +/* + * Determine if the file system supports POSIX draft ACLs. + * Return 1 if it does, 0 otherwise. + */ +int +nfs_supportsposixacls(struct vnode *vp) +{ + int error; + long retval; + + ASSERT_VOP_LOCKED(vp, "nfs supports posixacls"); + + if (nfsrv_useacl == 0) + return (0); + error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval); + if (error == 0 && retval != 0) + return (1); + return (0); +} + /* * These are the first fields of all the context structures passed into * nfs_pnfsio(). diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h index 7db3952ecf5c..6b14c8486272 100644 --- a/sys/fs/nfs/nfs_var.h +++ b/sys/fs/nfs/nfs_var.h @@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, u_int32_t); int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *); int nfsrv_atroot(vnode_t, uint64_t *); int nfs_supportsnfsv4acls(vnode_t); +int nfs_supportsposixacls(struct vnode *); /* nfs_commonacl.c */ int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *, @@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, char *, int, int); bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype)); void nfsrv_checknospc(void); +int nfs_supportsacls(struct vnode *); /* nfs_commonkrpc.c */ int newnfs_nmcancelreqs(struct nfsmount *); diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h index 13fec8a102a3..41150ef88188 100644 --- a/sys/fs/nfs/nfsproto.h +++ b/sys/fs/nfs/nfsproto.h @@ -1025,6 +1025,10 @@ struct nfsv3_sattr { #define NFSATTRBIT_SECLABEL 80 #define NFSATTRBIT_MODEUMASK 81 #define NFSATTRBIT_XATTRSUPPORT 82 +#define NFSATTRBIT_ACLTRUEFORM 89 +#define NFSATTRBIT_ACLTRUEFORMSCOPE 90 +#define NFSATTRBIT_POSIXDEFAULTACL 91 +#define NFSATTRBIT_POSIXACCESSACL 92 #define NFSATTRBM_SUPPORTEDATTRS 0x00000001 #define NFSATTRBM_TYPE 0x00000002 @@ -1109,8 +1113,12 @@ struct nfsv3_sattr { #define NFSATTRBM_SECLABEL 0x00010000 #define NFSATTRBM_MODEUMASK 0x00020000 #define NFSATTRBM_XATTRSUPPORT 0x00040000 +#define NFSATTRBM_ACLTRUEFORM 0x02000000 +#define NFSATTRBM_ACLTRUEFORMSCOPE 0x04000000 +#define NFSATTRBM_POSIXDEFAULTACL 0x08000000 +#define NFSATTRBM_POSIXACCESSACL 0x10000000 -#define NFSATTRBIT_MAX 83 +#define NFSATTRBIT_MAX 93 /* * Sets of attributes that are supported, by words in the bitmap. @@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t; #define NFSV4SXATTR_CREATE 1 #define NFSV4SXATTR_REPLACE 2 +/* Definitions for POSIX draft ACLs for NFSv4.2. */ +#define NFSV4_ACL_MODEL_NFS4 1 +#define NFSV4_ACL_MODEL_POSIX_DRAFT 2 +#define NFSV4_ACL_MODEL_NONE 3 + +#define NFSV4_ACL_SCOPE_FILE_OBJECT 1 +#define NFSV4_ACL_SCOPE_FILE_SYSTEM 2 +#define NFSV4_ACL_SCOPE_SERVER 3 + +#define NFSV4_POSIXACL_TAG_USER_OBJ 1 +#define NFSV4_POSIXACL_TAG_USER 2 +#define NFSV4_POSIXACL_TAG_GROUP_OBJ 3 +#define NFSV4_POSIXACL_TAG_GROUP 4 +#define NFSV4_POSIXACL_TAG_MASK 5 +#define NFSV4_POSIXACL_TAG_OTHER 6 + +#define NFSV4_POSIXACL_PERM_PERM_EXECUTE 0x00000001 +#define NFSV4_POSIXACL_PERM_PERM_WRITE 0x00000002 +#define NFSV4_POSIXACL_PERM_PERM_READ 0x00000004 + /* Values for ChangeAttrType (RFC-7862). */ #define NFSV4CHANGETYPE_MONOTONIC_INCR 0 #define NFSV4CHANGETYPE_VERS_COUNTER 1