IETF Logo Mail Archive

[nfsv4] RFC: handling who strings for VERIFY/NVERIFY

Rick Macklem <rick.macklem@gmail.com> Wed, 30 October 2024 22:53 UTC

Return-Path: <rick.macklem@gmail.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1ADEC1D52FE for <nfsv4@ietfa.amsl.com>; Wed, 30 Oct 2024 15:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X9qVq2Eta3TQ for <nfsv4@ietfa.amsl.com>; Wed, 30 Oct 2024 15:53:48 -0700 (PDT)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C791C1D5300 for <nfsv4@ietf.org>; Wed, 30 Oct 2024 15:53:48 -0700 (PDT)
Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-5cb615671acso230905a12.1 for <nfsv4@ietf.org>; Wed, 30 Oct 2024 15:53:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730328827; x=1730933627; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=G1tlr0yA6wOMo+vV73H39x87/IwJL6foFnXyUZxq4tw=; b=BRI49f36aibDulFleb/g+6vdlZa0NO+T3e6Q3zoZoPHpvaLK9MRRueF0en3Rhd+9Mr eIatxFQjq4N45TH1MGlYFtLD75zwt0ZlszbHpoirVwwrR2UcbTQEprguJkKxAY+6tYKj 14n30qiqL63umqPOnuMCG88XhfcqYAF8Qp5SszBebZiUiP48q3uL3p7+9X7KaL7qaHr1 HxFfleEam0JMr8BW+Ny1Shmxj2yUb+DGZHq8/I26BVkqYxhcx/xWRjF7CmIpq3G4E7+8 UAhdQeSNxl9CL3Y3i/FX9NqrILkkj7TzKm8Vjk9YUgeUmBWNVSzaRIXHLDnkbdHYje7c +7dQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730328827; x=1730933627; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=G1tlr0yA6wOMo+vV73H39x87/IwJL6foFnXyUZxq4tw=; b=RhSYFFSPTglVOWh1NvlN1cu524bed7L2K8KY2Jpi6HCklt5ayoAx/m0r2373h6PslJ 42XjvDIj7bFpgQmsM3yg9IcPvod0xxZqKJjgdn7FI+9Cth6URujL1IXhCG5vIuNv0OlC +luucwGd9tmW9c2HDeEtirwrm+BWGddZef0cXiRp0ioFYvOknb86MStrjgz6xZ3/u87x JpIobFCqtRKpgJn07LMrtJGt27508lU1bKHQwe9uhaaDdtS08+IVVx/qoItuv8n+Fijg 7keJZaD/Fu1M4qaNHzS7nXPXiQDxfsmyBOcSPRwb6iuwmdytMIEwz5HTqf6DV9z4oXsB 0lJA==
X-Gm-Message-State: AOJu0YzBFYYcZ/iV4YvqKEOyMD7PNzUGTVfsT4U0xs8YJPPP7ualNNXq +tdQS65ErcQV0JC4ZDyjEtKmgRqfw1B7zx4wfBPv6Qw4cbVsTYsraTO9JsDnqdUmHkUebPu1qlW UQ8Ruyma3NDrUq+zZuduPvmrXqjZU5Uw=
X-Google-Smtp-Source: AGHT+IEUSumDSBXaQS/8E+aOXFVgWV8/KXGhtIaFq6GOU9Xjqb5AMKJ0VVO19OehE9+nUoK6ClvylVSBfOqQVSYFYmA=
X-Received: by 2002:a05:6402:278e:b0:5c9:5745:de9a with SMTP id 4fb4d7f45d1cf-5cbbf8a40c4mr15211932a12.9.1730328826721; Wed, 30 Oct 2024 15:53:46 -0700 (PDT)
MIME-Version: 1.0
From: Rick Macklem <rick.macklem@gmail.com>
Date: Wed, 30 Oct 2024 15:53:37 -0700
Message-ID: <CAM5tNy6pJdtzQ9r+ZrwombaZaG4LVZbxK6DH0hcibi2GM0MJGQ@mail.gmail.com>
To: NFSv4 <nfsv4@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: 364RBRTMEALPLFOCEDZFVXF5GO5WDXGS
X-Message-ID-Hash: 364RBRTMEALPLFOCEDZFVXF5GO5WDXGS
X-MailFrom: rick.macklem@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-nfsv4.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [nfsv4] RFC: handling who strings for VERIFY/NVERIFY
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/hnEersuZWIXoqDjFnw1U3dU3F-Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Owner: <mailto:nfsv4-owner@ietf.org>
List-Post: <mailto:nfsv4@ietf.org>
List-Subscribe: <mailto:nfsv4-join@ietf.org>
List-Unsubscribe: <mailto:nfsv4-leave@ietf.org>

Hi,

While working on code for the POSIX draft ACL extension,
I ran into this issue related to "who" strings for VERIFY/NVERIFY.

I can see two ways for the who field to be compared as "same".
A) - Require the who strings to be identical.
or
B) - Require the user/group the string maps to be the same.

At this time, it appears that the Linux knfsd does A) and the
FreeBSD server does B).
It currently applies to the Acl, Owner and Owner_group attributes
(and affects the POSIX draft ACL attributes in the proposal).

I am not aware of anything in the RFCs that clarifies this.

Any comments?

rick

v2.30.2 | Report a Bug | By Email | System Status