libnfs icon indicating copy to clipboard operation
libnfs copied to clipboard
verified publisher icon sahlberg

I am not able to find any API for corresponding to nfs4_getfacl and nfs4_setfacl

Open akhilsvaidya opened this issue 4 years ago • 15 comments

I am not able to find any API for corresponding to nfs4_getfacl and nfs4_setfacl. Is nfs4 ACL APIs available in libnfs?

akhilsvaidya avatar Jun 04 '21 04:06 akhilsvaidya

No the upper layer function is not implemented yet. It should be fairly straightforward to add since all the RPC and XDR layer is there already and I think it would mostly be calling the existing getattr function but for attribute #12. (after 5 seconds of causual looking at nfs4.x)

The same is true for NFSv3 ACLs, the RPC and XDR is there but not exposed to an upper layer function.

Do you want to have a go at adding a higher layer wrapper for these RPC calls so we get get/set facl support?

sahlberg avatar Jun 04 '21 05:06 sahlberg

@sahlberg Can you please share some sample code to read ACL details ?

bishnu1184 avatar Jul 01 '21 13:07 bishnu1184

See nfs_v4.c for examples. The function you need to use is nfs4_op_getattr() and the attribute you need to ask for is #12, FATTR4_ACL.

sahlberg avatar Jul 04 '21 21:07 sahlberg

@sahlberg I could fetch ACL details using method shown in https://github.com/sahlberg/libnfs/blob/master/examples/nfsclient-raw.c, but ACL returned as GETACL3res structure don't have detail in user friendly way like instead of user name I get UID. I looked into function nfs4_op_getattr() and attribute FATTR4_ACL, which you suggested, but I could not understand, how will I receive fattr4_acl structure in callback using nfs4_op_getattr() function, also I am facing compilation related issues with Visual Studio 2015 when I am trying to use local structures defined in nfs_v4.c. Can you please share bit more detail about steps using which I can get the ACLs

bishnu1184 avatar Jul 14 '21 06:07 bishnu1184

Take a look at current master. I have pushed support to read the nfsv4 acl. See nfs-io for an example.

sahlberg avatar Jul 17 '21 10:07 sahlberg

NFS only uses uid/gid in the protocol, not names. Mapping to names are outside the scope of NFS because there is no standard way of doing this and the methods differs from site to site. More popular methods are "shared passwd files" for small sites, or YP/NIS or LDAP or even active directory being popular for larger sites.

So for usermapping you will have to find out how it is implemented in your environment and do it outside of libnfs.

sahlberg avatar Jul 17 '21 21:07 sahlberg

Thanks for ACL support. I tested with latest code and I could get NFSv4 ACL (except 'flag' value is always coming as 0 only not sure if this is correct). Right now you have added ACL related functions at last of "nfs4_getacl_async.h" outside of "extern C" block. That causes linking issue when I try to call these functions from .CPP files (because of C++ name mangling). Is it possible to declare these functions inside "extern C" block like other functions ?

bishnu1184 avatar Jul 19 '21 14:07 bishnu1184

I have tweaked the headerfile for c++ and pushed. The flags will normally be set to 0 on most nfs4 servers. Have you checked if the server actually sends a non-0 value here?

sahlberg avatar Jul 20 '21 08:07 sahlberg

Done.

On Tue, Jul 20, 2021 at 12:33 AM bishnu1184 @.***> wrote:

Thanks for ACL support. I tested with latest code and I could get NFSv4 ACL (except 'flag' value is always coming as 0 only not sure if this is correct). Right now you have added ACL related functions at last of "nfs4_getacl_async.h" outside of "extern C" block. That causes linking issue when I try to call these functions from .CPP files (because of C++ name mangling). Is it possible to declare these functions inside "extern C" block like other functions ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sahlberg/libnfs/issues/346#issuecomment-882599124, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADY3EBJALWXUJWJCHT3HC3TYQZUVANCNFSM46CBZHFA .

sahlberg avatar Jul 23 '21 03:07 sahlberg

Sorry for not replying earlier, got busy with some other stuff. Yes, thanks after your fix C++ code is working fine now. I am not sure how to check the value sent by the server.

I have one question, is there any support for ACL in NFSv3 and what was the ACL shown in https://github.com/sahlberg/libnfs/blob/master/examples/nfsclient-raw.c this example Is this for NFSv3? Because I don't see any ACL detail in NFSv3 RFC document.

bishnu1184 avatar Jul 23 '21 04:07 bishnu1184

On Fri, Jul 23, 2021 at 2:36 PM bishnu1184 @.***> wrote:

Sorry for not replying earlier, got busy with some other stuff. Yes, thanks after your fix C++ code is working fine now. I am not sure how to check the value sent by the server.

I have one question, is there any support for ACL in NFSv3 and what was the ACL shown in https://github.com/sahlberg/libnfs/blob/master/examples/nfsclient-raw.c this example Is this for NFSv3? Because I don't see any ACL detail in NFSv3 RFC document.

NFSv3 ACL is not part of the NFS protocol but runs as a separate protocol on the same socket as the nfs server. As far as I know virtually all NFSv3 servers also support the NFSACL protocol.

NFSACL was never published as an RFC but became a defacto standard anyway. You can see the definitions for this protocol in nfs/nfs.x

You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sahlberg/libnfs/issues/346#issuecomment-885393492, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADY3EE5MUKFKRO6ZF7DBG3TZDWWNANCNFSM46CBZHFA .

sahlberg avatar Jul 23 '21 04:07 sahlberg

For an example, update SERVER and EXPORT in nfsclient-raw.c and just run it under wireshark and you will see examples of the GETACL method.

On Fri, Jul 23, 2021 at 2:42 PM ronnie sahlberg @.***> wrote:

On Fri, Jul 23, 2021 at 2:36 PM bishnu1184 @.***> wrote:

Sorry for not replying earlier, got busy with some other stuff. Yes, thanks after your fix C++ code is working fine now. I am not sure how to check the value sent by the server.

I have one question, is there any support for ACL in NFSv3 and what was the ACL shown in https://github.com/sahlberg/libnfs/blob/master/examples/nfsclient-raw.c this example Is this for NFSv3? Because I don't see any ACL detail in NFSv3 RFC document.

NFSv3 ACL is not part of the NFS protocol but runs as a separate protocol on the same socket as the nfs server. As far as I know virtually all NFSv3 servers also support the NFSACL protocol.

NFSACL was never published as an RPC but became a defacto standard anyway. You can see the definitions for this protocol in nfs/nfs.x

You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sahlberg/libnfs/issues/346#issuecomment-885393492, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADY3EE5MUKFKRO6ZF7DBG3TZDWWNANCNFSM46CBZHFA .

sahlberg avatar Jul 23 '21 06:07 sahlberg

Okay, I will test and let you know.

bishnu1184 avatar Jul 26 '21 04:07 bishnu1184

This is very helpful, thanks. Are you adding v4 setacl. if not then pls tell me the changes pending for v4 setacl. I will try.

GuruprasadUjwal avatar Sep 13 '21 06:09 GuruprasadUjwal

Thanks for ACL support. I tested with latest code and I could get NFSv4 ACL (except 'flag' value is always coming as 0 only not sure if this is correct). Right now you have added ACL related functions at last of "nfs4_getacl_async.h" outside of "extern C" block. That causes linking issue when I try to call these functions from .CPP files (because of C++ name mangling). Is it possible to declare these functions inside "extern C" block like other functions ?

Hi, @bishnu1184 I'm testing get NFSv4 ACL function with nfs-io in example. But it failed with following error:

ACL version:4 Failed to read ACLs getacl call failed with "Failed to unmarshall fattr4_acl"

Do you have any idea about this error?

Joseph94young avatar Oct 21 '21 11:10 Joseph94young