From nobody Sun Dec 21 22:29:37 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dZGD20Nsqz6LTDV
	for <dev-commits-src-all@mlmmj.nyi.freebsd.org>; Sun, 21 Dec 2025 22:29:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dZGD16W2zz3v1T
	for <dev-commits-src-all@FreeBSD.org>; Sun, 21 Dec 2025 22:29:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1766356177;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WHJOIGOVPoYlccKWuAtHaBIUKdrXsxMb3aTwzRFg5z4=;
	b=Pv6V6RVFCCMOe2tVuSkDoQRT8EVvlLUHaEi2CaNhee4BFEPvKz4VHkrtVM4yah4SW8h695
	Xn+Nsdj3rVlDX7w5RchRm+GFa3qpm72yJJyR6p+NsAdPCJGBbrGNysy8UB81rmLyXzJtxV
	rm+MaZfNwIDf+o1du3Vb/c9v/LPN4HhB0CXXhPBFErFmpc/GMesBdMbPCe4lJcv7IoBFN2
	nCLBx/AAmhJikFSG+dQRwJvk3Y6T93Skde4bZnI35S6pwlvI0WTgX3B+OPeOWeySDmZnLq
	+lDOGixgnj97z+PW8ua/UuvhM7ohl8INDrhxod36Sa0sPSHUUJUhNuRbijsfsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1766356177;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=WHJOIGOVPoYlccKWuAtHaBIUKdrXsxMb3aTwzRFg5z4=;
	b=JTXIl+GTA2VGNA+yusvpnDZIe2W9FtDSWlVNELGNUUopliwEOS8F3vRIx5czdDP+gOZ/f2
	E2JH9EsJ4FVI7REDIHC31Y1N3sMXbCeHyfBu+v5TCotiw2clz0IPPLwhIUPHOztXTKWlgV
	W55El7YQkwKny2B4pzeHyAj4uxKFBushg/DZsST59IEDO+uYI5nWZAqg271BUCOYkYE2M9
	vm9TgvdskNALQgdqyVmhLtT8dZKKeCMcsgpBTd1ZjTvVG8q8TPS58YjVIzuEIrkk85ZYZ/
	TdCvWSf9+1J09nvpqKb8abED/UV121fnuKYBi3UBvGaAov5BJ0bRJMaVL464XA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1766356177; a=rsa-sha256; cv=none;
	b=So4YJmIKVlId3chPrbU33Fkr/dORM+SULN26k+d8yoQPmIaYi0R9md6TCxhIn18AuUQHoK
	qXnGrENAXRC4KrGIdvqDiz7wjkZhGUlpIOlgvGsgOrN5j35GIIVmvrBWhpDRbWgO9DEBG+
	YhWkXE1bnrKbXA2bQy2+K7k6tmBxRDysMma4ZMQj+iEAZqtA5FiAwaCvZ2u9n/N1UZvAGX
	lkNEwkqxGPZavptFHsdwU4CByauYXMa6Q8au3uYoyCirKrW1XWZGdc2e1S0t+pAUqJ1R4S
	2Xy3cDCI3kyOi8byqAMkPilTAA9hUw5dzHyIDJnUp68SbV1+lnWZHh6L+ZtVwA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dZGD15lW8z10KK
	for <dev-commits-src-all@FreeBSD.org>; Sun, 21 Dec 2025 22:29:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 8704
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Sun, 21 Dec 2025 22:29:37 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: a35bbd5d9f5f - main - nfscommon: Add some support for POSIX draft ACLs
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8
Auto-Submitted: auto-generated
Date: Sun, 21 Dec 2025 22:29:37 +0000
Message-Id: <694874d1.8704.60f44fbb@gitrepo.freebsd.org>

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8

commit a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2025-12-21 22:28:12 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2025-12-21 22:28:12 +0000

    nfscommon: Add some support for POSIX draft ACLs
    
    An internet draft (expected to become an RFC someday)
    https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
    describes an extension to NFSv4.2 to handle POSIX draft ACLs.
    
    This is the first of several patches that implement the
    above draft.
    
    This patch should not result in a semantics change.
---
 sys/fs/nfs/nfs.h            |  5 +++++
 sys/fs/nfs/nfs_commonport.c | 20 ++++++++++++++++++++
 sys/fs/nfs/nfs_var.h        |  2 ++
 sys/fs/nfs/nfsproto.h       | 30 +++++++++++++++++++++++++++++-
 4 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h
index e6a125b388a8..ecff9b8e6849 100644
--- a/sys/fs/nfs/nfs.h
+++ b/sys/fs/nfs/nfs.h
@@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } nfsuserd_state;
 
 typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
 
+/* Values for supports_nfsv4acls. */
+#define	SUPPACL_NONE	0
+#define	SUPPACL_NFSV4	1
+#define	SUPPACL_POSIX	2
+
 #endif	/* _KERNEL */
 
 #endif	/* _NFS_NFS_H */
diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 862780741ee7..44fcbe2d5722 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp)
 	return (0);
 }
 
+/*
+ * Determine if the file system supports POSIX draft ACLs.
+ * Return 1 if it does, 0 otherwise.
+ */
+int
+nfs_supportsposixacls(struct vnode *vp)
+{
+	int error;
+	long retval;
+
+	ASSERT_VOP_LOCKED(vp, "nfs supports posixacls");
+
+	if (nfsrv_useacl == 0)
+		return (0);
+	error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval);
+	if (error == 0 && retval != 0)
+		return (1);
+	return (0);
+}
+
 /*
  * These are the first fields of all the context structures passed into
  * nfs_pnfsio().
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index 7db3952ecf5c..6b14c8486272 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, u_int32_t);
 int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
 int nfsrv_atroot(vnode_t, uint64_t *);
 int nfs_supportsnfsv4acls(vnode_t);
+int nfs_supportsposixacls(struct vnode *);
 
 /* nfs_commonacl.c */
 int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
@@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, char *, int,
     int);
 bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
 void nfsrv_checknospc(void);
+int nfs_supportsacls(struct vnode *);
 
 /* nfs_commonkrpc.c */
 int newnfs_nmcancelreqs(struct nfsmount *);
diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h
index 13fec8a102a3..41150ef88188 100644
--- a/sys/fs/nfs/nfsproto.h
+++ b/sys/fs/nfs/nfsproto.h
@@ -1025,6 +1025,10 @@ struct nfsv3_sattr {
 #define	NFSATTRBIT_SECLABEL		80
 #define	NFSATTRBIT_MODEUMASK		81
 #define	NFSATTRBIT_XATTRSUPPORT		82
+#define	NFSATTRBIT_ACLTRUEFORM		89
+#define	NFSATTRBIT_ACLTRUEFORMSCOPE	90
+#define	NFSATTRBIT_POSIXDEFAULTACL	91
+#define	NFSATTRBIT_POSIXACCESSACL	92
 
 #define	NFSATTRBM_SUPPORTEDATTRS	0x00000001
 #define	NFSATTRBM_TYPE			0x00000002
@@ -1109,8 +1113,12 @@ struct nfsv3_sattr {
 #define	NFSATTRBM_SECLABEL		0x00010000
 #define	NFSATTRBM_MODEUMASK		0x00020000
 #define	NFSATTRBM_XATTRSUPPORT		0x00040000
+#define	NFSATTRBM_ACLTRUEFORM		0x02000000
+#define	NFSATTRBM_ACLTRUEFORMSCOPE	0x04000000
+#define	NFSATTRBM_POSIXDEFAULTACL	0x08000000
+#define	NFSATTRBM_POSIXACCESSACL	0x10000000
 
-#define	NFSATTRBIT_MAX			83
+#define	NFSATTRBIT_MAX			93
 
 /*
  * Sets of attributes that are supported, by words in the bitmap.
@@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t;
 #define	NFSV4SXATTR_CREATE	1
 #define	NFSV4SXATTR_REPLACE	2
 
+/* Definitions for POSIX draft ACLs for NFSv4.2. */
+#define	NFSV4_ACL_MODEL_NFS4		1
+#define	NFSV4_ACL_MODEL_POSIX_DRAFT	2
+#define	NFSV4_ACL_MODEL_NONE		3
+
+#define	NFSV4_ACL_SCOPE_FILE_OBJECT	1
+#define	NFSV4_ACL_SCOPE_FILE_SYSTEM	2
+#define	NFSV4_ACL_SCOPE_SERVER		3
+
+#define	NFSV4_POSIXACL_TAG_USER_OBJ	1
+#define	NFSV4_POSIXACL_TAG_USER		2
+#define	NFSV4_POSIXACL_TAG_GROUP_OBJ	3
+#define	NFSV4_POSIXACL_TAG_GROUP	4
+#define	NFSV4_POSIXACL_TAG_MASK		5
+#define	NFSV4_POSIXACL_TAG_OTHER	6
+
+#define	NFSV4_POSIXACL_PERM_PERM_EXECUTE	0x00000001
+#define	NFSV4_POSIXACL_PERM_PERM_WRITE		0x00000002
+#define	NFSV4_POSIXACL_PERM_PERM_READ		0x00000004
+
 /* Values for ChangeAttrType (RFC-7862). */
 #define	NFSV4CHANGETYPE_MONOTONIC_INCR		0
 #define	NFSV4CHANGETYPE_VERS_COUNTER		1