From nobody Sat Jul 31 20:27:58 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 57ABA12B93CA for ; Sat, 31 Jul 2021 20:28:33 +0000 (UTC) (envelope-from 6yearold@gmail.com) Received: from mail-lf1-f44.google.com (mail-lf1-f44.google.com [209.85.167.44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GcbSc2cWQz3DKD for ; Sat, 31 Jul 2021 20:28:32 +0000 (UTC) (envelope-from 6yearold@gmail.com) Received: by mail-lf1-f44.google.com with SMTP id r26so25596942lfp.5 for ; Sat, 31 Jul 2021 13:28:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=nhleDu7ceAYxy7Qql/wEDmwCLZv5qMqa69sbSwYcCDw=; b=a9VGJHQmWohLlt17qPEEI+U5ZpPhctxbdNzJTLt1hE4jXnn3eqw+2gBTpu0miBT5Rs 5YWuhMMyS2mGgvBBCtcc3Z2jTk4gogurwOKAB2BkzD9IcCkUWPUahA0t6v6FCbp82Ofn xReD5Su6IEL7GZ/4VbaW9HlrOgXHC8FDbvPMrAqUR1Ys7KEmCdGrjnyOahkV6jSnqQ1I G+EK/iE1y0D1Mds55/14H0BctbIiuwO3K0V5iavJyrc0zJtm1xrlV+q792Y0qaCGfmc/ yVGHViK3Z1E6xFBY19hOQOOVEXDTqbllWvA6CmtStt+pPTxVr+yJbAqYdqNN7KHUyrE7 2+7g== X-Gm-Message-State: AOAM531MpAxrgKsi4sMuFd8szVjXYCZFITBQ6L9EGHT/CcylTIffZ2Va w79jHswWH4do0gTv71IK9EMiQT9i1ro3SQ== X-Google-Smtp-Source: ABdhPJyGLiywEW12sLf2i5mCACcIWXmym/xj2EHIKNnR00sh+66wyQVOaeD8W2Y9kzEoRHKwkZJ/fw== X-Received: by 2002:a05:6512:c15:: with SMTP id z21mr6842054lfu.614.1627763305095; Sat, 31 Jul 2021 13:28:25 -0700 (PDT) Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com. [209.85.208.179]) by smtp.gmail.com with ESMTPSA id o25sm422948ljc.105.2021.07.31.13.28.24 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 31 Jul 2021 13:28:24 -0700 (PDT) Received: by mail-lj1-f179.google.com with SMTP id m9so18076765ljp.7 for ; Sat, 31 Jul 2021 13:28:24 -0700 (PDT) X-Received: by 2002:a2e:7305:: with SMTP id o5mr6169933ljc.280.1627763304508; Sat, 31 Jul 2021 13:28:24 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 From: Gleb Popov Date: Sat, 31 Jul 2021 23:27:58 +0300 X-Gmail-Original-Message-ID: Message-ID: Subject: acl_* API in presence of NFSv4-branded ACLs To: freebsd-hackers Content-Type: multipart/alternative; boundary="0000000000008b319705c8712d02" X-Rspamd-Queue-Id: 4GcbSc2cWQz3DKD X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of 6yearold@gmail.com designates 209.85.167.44 as permitted sender) smtp.mailfrom=6yearold@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; RCVD_TLS_ALL(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[4]; DMARC_NA(0.00)[freebsd.org]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_NONE(0.00)[209.85.208.179:received,209.85.167.44:from]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FORGED_SENDER(0.30)[arrowd@freebsd.org,6yearold@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.167.44:from]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[arrowd@freebsd.org,6yearold@gmail.com]; MAILMAN_DEST(0.00)[freebsd-hackers]; TO_DOM_EQ_FROM_DOM(0.00)[] X-ThisMailContainsUnwantedMimeParts: Y --0000000000008b319705c8712d02 Content-Type: text/plain; charset="UTF-8" Hello hackers. While working on some Linux code that uses acl_* functions it turned out that some of them are failing for NFSv4-branded ACLs we have in FreeBSD. This looks correct in theory, as NFSv4 ACLs are not part of POSIX 1e, but in practice there is some software that assumes that "no POSIX ALCs" == "no ACLs at all". For instance, [1]: acl_t acl = acl_get_file(path.data(), ACL_TYPE_ACCESS); if (acl || defaultAcl) { // some work on acl } On FreeBSD when run on an NFSv4-branded file, the `acl_get_file` returns NULL, which makes the code believe that the file has no ACL at all. I worked this around by trying `acl_get_file` with ACL_TYPE_NFS4 first, and retrying with ACL_TYPE_ACCESS in case of failure. Another, more complicated example [2]: acl_t temp = acl_from_text(aclStr.toLatin1().constData()); if (acl_valid(temp) != 0) { // error out } else { // do useful things with temp } Reading NFSv4-branded ACL succeeds in `acl_from_text`, however, passing it into `acl_valid` results in failure, because it works only on POSIX-branded ACLs. I worked this around by checking the brand with `acl_get_brand_np` and shortcutting to 0 in !POSIX case. For both these examples I'm interested if my workarounds seem sane. Maybe something needs to be changed in our libc, instead? Thanks in advance. [1] https://invent.kde.org/frameworks/kio/-/blob/master/src/ioslaves/file/file_unix.cpp#L173 [2] https://invent.kde.org/frameworks/kio/-/blob/master/src/core/kacl.cpp#L616 --0000000000008b319705c8712d02--