samba - Apr 2018 - Operation Not Supported error for GETXATTR when VFS plugin "nfs4acl_xattr" is used

Hello All

I am trying to use nfs4acl_xattr plugin from samba source code.

https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html

I mounted NFSv4 mount point locally and exported it through samba with vfs
objects set to nfs4acl_xattr.









*[root at test3 ajain]# net conf showshare local[local]        path
/home/ajain/mount        comment = local share        guest ok = no
read only = no        hosts allow = ALL        vfs objects = nfs4acl_xattr*


The share is not accessible when the plugin is enabled and I see all the
accesses fail with EOPNOTSUPP (errno 95).









*[root at test2 ~]#  smbclient //test3/local --user=test -WdomainEnter
domain\test's password:Kinit for test at domain to access test3 failed:
Cannot
find KDC for requested realmDomain=[domain] OS=[Windows 6.1] Server=[Samba
4.6.2]smb: \>smb: \> lsNT_STATUS_NOT_SUPPORTED listing \*smb: \>*



When I added debug prints inside the plugin, I am seeing GETXATTR call
fails with error 95.
The path is generally "." since samba does vfs_ChDir to the directory
before calling get_nt_acl_fn

Here are my experiments so far:

* If I write the small program to do getxattr on the path where we have
mounted NFS share, it works fine. Even if we do chdir to directory and then
do getxattr it works fine. If we do getxattr on just the root directory of
the mount point, it works well. So from underlying mount point, there is no
issue.

* nfs4_getfacl and nfs4_setfacl commands perfectly work fine on the local
mount point.

* In the plugin itself, if I change the path to actual directory instead of
".", it still fails with same error.

Can someone help me understand, why following call may fail when the path
is locally mounted NFS share and not a VFS path:

*                length = SMB_VFS_NEXT_GETXATTR(handle, path,
NFS4ACL_XATTR_NAME, blob.data, blob.length);*

Since next module in the stack is Default_VFS, isn't it supposed to forward
the request to local NFS client? I do not see any packets on NFS port of
the local NFS client when this operation fails.


Setup information:

Samba Version: 4.6.2
CentOS Linux release 7.2.1511 (Core)
3.10.0-327.el7.x86_64


Any help on this issue is appreciated.


Thanks
~ Akash

Hi,

On Thu, Apr 05, 2018 at 04:09:26PM +0530, Akash Jain via samba
wrote:
> Hello All
> 
> I am trying to use nfs4acl_xattr plugin from samba source code.
> 
> https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html
> 
> I mounted NFSv4 mount point locally and exported it through samba with vfs
> objects set to nfs4acl_xattr.
>
> *[root at test3 ajain]# net conf showshare local[local]        path >
/home/ajain/mount        comment = local share        guest ok = no
> read only = no        hosts allow = ALL        vfs objects = nfs4acl_xattr*
> 
> 
> The share is not accessible when the plugin is enabled and I see all the
> accesses fail with EOPNOTSUPP (errno 95).
the module as is isn't directly compatible with NFSv4 ACLs as described in
the
manpage.

Setting nfs4acl_xattr:encoding=xdr and nfs4acl_xattr:xattr_name=system.nfs4_acl
are needed in the config, but you will need to adapt the code to deal with
string name identifiers instead of ids.

-slow

-- 
Ralph Boehme, Samba Team       https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG Key Fingerprint:           FAE2 C608 8A24 2520 51C5
                               59E4 AA1E 9B71 2639 9E46

On Thu, 5 Apr 2018 16:09:26 +0530
Akash Jain via samba <samba at lists.samba.org> wrote:
> Hello All
> 
> I am trying to use nfs4acl_xattr plugin from samba source code.
> 
> https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html
> 
> I mounted NFSv4 mount point locally and exported it through samba
> with vfs objects set to nfs4acl_xattr.
> 
> *[root at test2 ~]#  smbclient //test3/local --user=test -Wdomain
> Enter domain\test's password:
> Kinit for test at domain to access test3 failed:
> Cannot find KDC for requested realm Domain=[domain]
> OS=[Windows 6.1] Server=[Samba 4.6.2]
> smb: \>smb: \>
> lsNT_STATUS_NOT_SUPPORTED listing \*smb: \>*
Does it work without the vfs ?
From the above it looks like you aren't even connecting to the share.

Rowland

On Thu, Apr 05, 2018 at 04:09:26PM +0530, Akash Jain via samba
wrote:
> 
> Can someone help me understand, why following call may fail when the path
> is locally mounted NFS share and not a VFS path:
> 
> *                length = SMB_VFS_NEXT_GETXATTR(handle, path,
> NFS4ACL_XATTR_NAME, blob.data, blob.length);*
> 
> Since next module in the stack is Default_VFS, isn't it supposed to
forward
> the request to local NFS client? I do not see any packets on NFS port of
> the local NFS client when this operation fails.
Looks like your local NFS client doesn't support remote xattr
operations.

Hi All

I found there is one bug in the plugin. The name of the attribute for ACL
as per strace output of nfs4_setfacl is *system.nfs4_acl.*
The source code has defined it as
#define NFS4ACL_XATTR_NAME      ( "system.nfs4acl" )

Note there is missing underscore.

After this, the EOPNOTSUPP error is not observed.

Hope this helps

Akash

On Thu, Apr 5, 2018 at 11:43 PM, Jeremy Allison <jra at samba.org> wrote:
> On Thu, Apr 05, 2018 at 04:09:26PM +0530, Akash Jain via samba wrote:
> >
> > Can someone help me understand, why following call may fail when the
path
> > is locally mounted NFS share and not a VFS path:
> >
> > *                length = SMB_VFS_NEXT_GETXATTR(handle, path,
> > NFS4ACL_XATTR_NAME, blob.data, blob.length);*
> >
> > Since next module in the stack is Default_VFS, isn't it supposed
to
> forward
> > the request to local NFS client? I do not see any packets on NFS port
of
> > the local NFS client when this operation fails.
>
> Looks like your local NFS client doesn't support remote xattr
> operations.
>