bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 14:53:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

ceph: add support to readdir for encrypted names

Browse Source 
To make it simpler to decrypt names in a readdir reply (i.e. before
we have a dentry), add a new ceph_encode_encrypted_fname()-like helper
that takes a qstr pointer instead of a dentry pointer.

Once we've decrypted the names in a readdir reply, we no longer need the
crypttext, so overwrite them in ceph_mds_reply_dir_entry with the
unencrypted names. Then in both ceph_readdir_prepopulate() and
ceph_readdir() we will use the dencrypted name directly.

[ jlayton: convert some BUG_ONs into error returns ]

Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This commit is contained in:
Xiubo Li
2022-03-14 10:28:35 +08:00
committed by Ilya Dryomov
parent 3859af9eba
commit af9ffa6df7
6 changed files with 144 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
fs/ceph/crypto.c
View File

@@ -192,15 +192,18 @@ void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,
swap(req->r_fscrypt_auth, as->fscrypt_auth);
}
int ceph_encode_encrypted_fname(const struct inode *parent,
struct dentry *dentry, char *buf)
int ceph_encode_encrypted_dname(const struct inode *parent,
struct qstr *d_name, char *buf)
{
u32 len;
int elen;
int ret;
u8 *cryptbuf;
WARN_ON_ONCE(!fscrypt_has_encryption_key(parent));
if (!fscrypt_has_encryption_key(parent)) {
memcpy(buf, d_name->name, d_name->len);
return d_name->len;
}
/*
* Convert cleartext d_name to ciphertext. If result is longer than
@@ -208,8 +211,7 @@ int ceph_encode_encrypted_fname(const struct inode *parent,
*
* See: fscrypt_setup_filename
*/
if (!fscrypt_fname_encrypted_size(parent, dentry->d_name.len, NAME_MAX,
&len))
if (!fscrypt_fname_encrypted_size(parent, d_name->len, NAME_MAX, &len))
return -ENAMETOOLONG;
/* Allocate a buffer appropriate to hold the result */
@@ -218,7 +220,7 @@ int ceph_encode_encrypted_fname(const struct inode *parent,
if (!cryptbuf)
return -ENOMEM;
ret = fscrypt_fname_encrypt(parent, &dentry->d_name, cryptbuf, len);
ret = fscrypt_fname_encrypt(parent, d_name, cryptbuf, len);
if (ret) {
kfree(cryptbuf);
return ret;
@@ -245,6 +247,14 @@ int ceph_encode_encrypted_fname(const struct inode *parent,
return elen;
}
int ceph_encode_encrypted_fname(const struct inode *parent,
struct dentry *dentry, char *buf)
{
WARN_ON_ONCE(!fscrypt_has_encryption_key(parent));
return ceph_encode_encrypted_dname(parent, &dentry->d_name, buf);
}
/**
* ceph_fname_to_usr - convert a filename for userland presentation
* @fname: ceph_fname to be converted
@@ -286,7 +296,10 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
* generating a nokey name via fscrypt.
*/
if (!fscrypt_has_encryption_key(fname->dir)) {
memcpy(oname->name, fname->name, fname->name_len);
if (fname->no_copy)
oname->name = fname->name;
else
memcpy(oname->name, fname->name, fname->name_len);
oname->len = fname->name_len;
if (is_nokey)
*is_nokey = true;