search

linux-nfs / nfsd

Linux kernel source tree
Other
0 stars 0 forks source link

Return a permissions ACE in delegations #87

Open chucklever opened 4 months ago

chucklever commented 4 months ago

NFSv4.1 delegations (both read and write) can return a list of users that do not need to perform access calls when opening a file. Section 18.16.2 defines these like this:

struct open_read_delegation4 {
   ...
 nfsace4 permissions; /* Defines users who don't
                         need an ACCESS call to
                         open for read */
};

and

struct open_write_delegation4 {
   ...
 nfsace4   permissions; /* Defines users who don't
                           need an ACCESS call as
                           part of a delegated
                           open. */
};

Unfortunately RFC 8881 has little else to say about the semantics of this mechanism. It's not evident yet how many clients support this feature. However, if the file's ACL is easily available at OPEN time, it shouldn't be difficult to extract an ACE and provide it here.

jtlayton commented 1 month ago

I started looking at this today. This is a bit tricky since the VFS doesn't return information about why it allowed the open in the first place. To do this right, I suppose we'll need to repeat the permission checks ourselves after the fact, and try to figure out why we were allowed to open the file.

What may be best is to shoot for just covering a large subset of the cases:

  1. See if the mode bits allow the same sort of access for everyone. Return an EVERYONE ACE if so.
  2. See If the uid in the cred in the svc_rqst is the same as the file owner. Return a uid ACE if so.
  3. Check groups and supplemental groups for a match vs. group owner. Return a gid ACE if so

If none of the above allow access, then it was probably a POSIX ACE. It's probably best to just return no ACE at that point. We could try to walk the ace, but I'd probably consider that a "phase 2" thing. I'll see if I can hack something together for this.

chucklever commented 1 month ago

Wondering if Rick's POSIX ACL draft or the NFSv4 ACL draft itself need to give some guidance on what a server needs to provide for delegation ACEs. I think NFSD ought to be OK returning no ACE for the moment when a POSIX ACL limits OPEN access.