Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access Has No User Credentials #71

Open
amarcionek opened this issue Dec 19, 2018 · 3 comments
Open

Access Has No User Credentials #71

amarcionek opened this issue Dec 19, 2018 · 3 comments
Labels
enhancement

Comments

@amarcionek
Copy link
Contributor

According to both the V3 and V4 RFCs, the function access() is supposed to check the requested permissions against the permissions on the object considering the user in the request. The current definition of access in VirtualFileSystem does not have any user (Subject?) Is this intentional?
@kofemann
Copy link
Member

The Subject is taken credentials of issued RPC request. However, we can update access method to accept a subject as well, if you have a good reason to have it.

@amarcionek
Copy link
Contributor Author

I believe its required to have access to the caller's RPC credentials, otherwise, how would you know which part of the object's mode (user, group or other) to apply to requested access flags?

We actually have a fork where we are doing that currently. Effectively, we added Subject to the VirtualFileSystem interface for access and then extracted it out of the call via call$.getCredential().getSubject() in OperationOPEN and OperationACCESS and NFSPROC3_ACCESS_3 I'm happy to submit a PR.

However, how would you like to handle backwards compatibility? Make Subject an Optional? I'd hate to break compatibility for people.

@kofemann
Copy link
Member

The one options would be to add a new method and deprecate the old one. After two major releases the deprecated one can be deleted, somewhere around 0.21.x.

amarcionek added a commit to Seven10Storage/nfs4j that referenced this issue Jan 2, 2019
@amarcionek
Added Subject to access method
dae0bfc 
Access method should check against the caller's RPC credentials.
Addresses dCache#71.
@amarcionek amarcionek mentioned this issue Jan 2, 2019
Open
amarcionek added a commit to Seven10Storage/nfs4j that referenced this issue Jan 2, 2019
@amarcionek
Added Subject to access method
f162558 
Access method should check against the caller's RPC credentials.
Addresses dCache#71.
amarcionek added a commit to Seven10Storage/nfs4j that referenced this issue Jan 2, 2019
@amarcionek
Added Subject to access method
cb739e9 
Access method should check against the caller's RPC credentials.
Addresses dCache#71.

Signed-off-by: Adam Marcionek <amarcionek@seven10storage.com>
amarcionek added a commit to Seven10Storage/nfs4j that referenced this issue Jan 2, 2019
@amarcionek
Added Subject to access method
6749f74 
Access method should check against the caller's RPC credentials.
Addresses dCache#71.

Signed-off-by: Adam Marcionek <amarcionek@seven10storage.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kofemann @amarcionek