git: a35bbd5d9f5f - main - nfscommon: Add some support for POSIX draft ACLs

The branch main has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8

commit a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2025-12-21 22:28:12 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2025-12-21 22:28:12 +0000

    nfscommon: Add some support for POSIX draft ACLs
    
    An internet draft (expected to become an RFC someday)
    https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
    describes an extension to NFSv4.2 to handle POSIX draft ACLs.
    
    This is the first of several patches that implement the
    above draft.
    
    This patch should not result in a semantics change.
---
 sys/fs/nfs/nfs.h            |  5 +++++
 sys/fs/nfs/nfs_commonport.c | 20 ++++++++++++++++++++
 sys/fs/nfs/nfs_var.h        |  2 ++
 sys/fs/nfs/nfsproto.h       | 30 +++++++++++++++++++++++++++++-
 4 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/sys/fs/nfs/nfs.h b/sys/fs/nfs/nfs.h
index e6a125b388a8..ecff9b8e6849 100644
--- a/sys/fs/nfs/nfs.h
+++ b/sys/fs/nfs/nfs.h
@@ -867,6 +867,11 @@ typedef enum { NOTRUNNING=0, STARTSTOP=1, RUNNING=2 } nfsuserd_state;
 
 typedef enum { UNKNOWN=0, DELETED=1, NLINK_ZERO=2, VALID=3 } nfsremove_status;
 
+/* Values for supports_nfsv4acls. */
+#define	SUPPACL_NONE	0
+#define	SUPPACL_NFSV4	1
+#define	SUPPACL_POSIX	2
+
 #endif	/* _KERNEL */
 
 #endif	/* _NFS_NFS_H */
diff --git a/sys/fs/nfs/nfs_commonport.c b/sys/fs/nfs/nfs_commonport.c
index 862780741ee7..44fcbe2d5722 100644
--- a/sys/fs/nfs/nfs_commonport.c
+++ b/sys/fs/nfs/nfs_commonport.c
@@ -820,6 +820,26 @@ nfs_supportsnfsv4acls(struct vnode *vp)
 	return (0);
 }
 
+/*
+ * Determine if the file system supports POSIX draft ACLs.
+ * Return 1 if it does, 0 otherwise.
+ */
+int
+nfs_supportsposixacls(struct vnode *vp)
+{
+	int error;
+	long retval;
+
+	ASSERT_VOP_LOCKED(vp, "nfs supports posixacls");
+
+	if (nfsrv_useacl == 0)
+		return (0);
+	error = VOP_PATHCONF(vp, _PC_ACL_EXTENDED, &retval);
+	if (error == 0 && retval != 0)
+		return (1);
+	return (0);
+}
+
 /*
  * These are the first fields of all the context structures passed into
  * nfs_pnfsio().
diff --git a/sys/fs/nfs/nfs_var.h b/sys/fs/nfs/nfs_var.h
index 7db3952ecf5c..6b14c8486272 100644
--- a/sys/fs/nfs/nfs_var.h
+++ b/sys/fs/nfs/nfs_var.h
@@ -437,6 +437,7 @@ struct nfsreferral *nfsv4root_getreferral(vnode_t, vnode_t, u_int32_t);
 int nfsvno_pathconf(vnode_t, int, long *, struct ucred *, NFSPROC_T *);
 int nfsrv_atroot(vnode_t, uint64_t *);
 int nfs_supportsnfsv4acls(vnode_t);
+int nfs_supportsposixacls(struct vnode *);
 
 /* nfs_commonacl.c */
 int nfsrv_dissectace(struct nfsrv_descript *, struct acl_entry *,
@@ -784,6 +785,7 @@ void nfsm_trimtrailing(struct nfsrv_descript *, struct mbuf *, char *, int,
     int);
 bool nfsrv_checkwrongsec(struct nfsrv_descript *, int, __enum_uint8(vtype));
 void nfsrv_checknospc(void);
+int nfs_supportsacls(struct vnode *);
 
 /* nfs_commonkrpc.c */
 int newnfs_nmcancelreqs(struct nfsmount *);
diff --git a/sys/fs/nfs/nfsproto.h b/sys/fs/nfs/nfsproto.h
index 13fec8a102a3..41150ef88188 100644
--- a/sys/fs/nfs/nfsproto.h
+++ b/sys/fs/nfs/nfsproto.h
@@ -1025,6 +1025,10 @@ struct nfsv3_sattr {
 #define	NFSATTRBIT_SECLABEL		80
 #define	NFSATTRBIT_MODEUMASK		81
 #define	NFSATTRBIT_XATTRSUPPORT		82
+#define	NFSATTRBIT_ACLTRUEFORM		89
+#define	NFSATTRBIT_ACLTRUEFORMSCOPE	90
+#define	NFSATTRBIT_POSIXDEFAULTACL	91
+#define	NFSATTRBIT_POSIXACCESSACL	92
 
 #define	NFSATTRBM_SUPPORTEDATTRS	0x00000001
 #define	NFSATTRBM_TYPE			0x00000002
@@ -1109,8 +1113,12 @@ struct nfsv3_sattr {
 #define	NFSATTRBM_SECLABEL		0x00010000
 #define	NFSATTRBM_MODEUMASK		0x00020000
 #define	NFSATTRBM_XATTRSUPPORT		0x00040000
+#define	NFSATTRBM_ACLTRUEFORM		0x02000000
+#define	NFSATTRBM_ACLTRUEFORMSCOPE	0x04000000
+#define	NFSATTRBM_POSIXDEFAULTACL	0x08000000
+#define	NFSATTRBM_POSIXACCESSACL	0x10000000
 
-#define	NFSATTRBIT_MAX			83
+#define	NFSATTRBIT_MAX			93
 
 /*
  * Sets of attributes that are supported, by words in the bitmap.
@@ -1693,6 +1701,26 @@ typedef struct nfsv4stateid nfsv4stateid_t;
 #define	NFSV4SXATTR_CREATE	1
 #define	NFSV4SXATTR_REPLACE	2
 
+/* Definitions for POSIX draft ACLs for NFSv4.2. */
+#define	NFSV4_ACL_MODEL_NFS4		1
+#define	NFSV4_ACL_MODEL_POSIX_DRAFT	2
+#define	NFSV4_ACL_MODEL_NONE		3
+
+#define	NFSV4_ACL_SCOPE_FILE_OBJECT	1
+#define	NFSV4_ACL_SCOPE_FILE_SYSTEM	2
+#define	NFSV4_ACL_SCOPE_SERVER		3
+
+#define	NFSV4_POSIXACL_TAG_USER_OBJ	1
+#define	NFSV4_POSIXACL_TAG_USER		2
+#define	NFSV4_POSIXACL_TAG_GROUP_OBJ	3
+#define	NFSV4_POSIXACL_TAG_GROUP	4
+#define	NFSV4_POSIXACL_TAG_MASK		5
+#define	NFSV4_POSIXACL_TAG_OTHER	6
+
+#define	NFSV4_POSIXACL_PERM_PERM_EXECUTE	0x00000001
+#define	NFSV4_POSIXACL_PERM_PERM_WRITE		0x00000002
+#define	NFSV4_POSIXACL_PERM_PERM_READ		0x00000004
+
 /* Values for ChangeAttrType (RFC-7862). */
 #define	NFSV4CHANGETYPE_MONOTONIC_INCR		0
 #define	NFSV4CHANGETYPE_VERS_COUNTER		1