client: Add fscrypt dummy encryption

Add fscrypt dummy encryption to client. This will allow
for mounting a cephfs volume without providing any fscrypt
information. This will allow for more straightforward setup
for development and test suites.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index d0cde09c6b53daed11a1a28ed527fa3bf414c173..8e5777e73b60c15065d325f555a922801c6b39e9 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -7003,6 +7003,17 @@ int Client::mount(const std::string &mount_root, const UserPerm& perms,
     }
   }
 
+  // dummy encryption?
+  if (cct->_conf.get_val<bool>("client_fscrypt_dummy_encryption")) {
+    client_lock.unlock();
+
+    r = fscrypt_dummy_encryption();
+    if (r < 0) {
+      return r;
+    }
+
+    client_lock.lock();
+  }
   /*
   ldout(cct, 3) << "op: // client trace data structs" << dendl;
   ldout(cct, 3) << "op: struct stat st;" << dendl;
@@ -7312,6 +7323,43 @@ void Client::abort_conn()
   _unmount(true);
 }
 
+int Client::fscrypt_dummy_encryption() {
+    // get add key
+    char key[20];
+    memset(key, 0, sizeof(key));
+    ceph_fscrypt_key_identifier kid;
+
+    int r = add_fscrypt_key(key, FSCRYPT_KEY_IDENTIFIER_SIZE, &kid);
+    if (r < 0) {
+      goto err;
+    }
+
+    // set dummy encryption policy
+    struct fscrypt_policy_v2 policy;
+    
+    memset(&policy, 0, sizeof(policy));
+    policy.version = 2;
+    policy.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
+    policy.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
+    policy.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
+    memcpy(policy.master_key_identifier, kid.raw, FSCRYPT_KEY_IDENTIFIER_SIZE);
+    r = ll_set_fscrypt_policy_v2(root.get(), policy);
+    if (r < 0) {
+      goto err;
+    }
+
+    return 0;
+  err:
+    fscrypt_remove_key_arg arg;
+    fscrypt_key_specifier key_spec;
+    key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
+    key_spec.__reserved = 0;
+    memcpy(key_spec.u.identifier, kid.raw, 16);
+    arg.removal_status_flags = 0;
+    arg.key_spec = key_spec;
+    r = remove_fscrypt_key(&arg);
+    return r;
+}
 void Client::flush_cap_releases()
 {
   uint64_t nr_caps = 0;

diff --git a/src/client/Client.h b/src/client/Client.h
index 60a2d9175c6705252f9353cdcbb2cd058eaf85b2..28be5bb36842ca82ba23339b41293e8e718b93fc 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -369,6 +369,8 @@ public:
   }
   void abort_conn();
 
+  int fscrypt_dummy_encryption();
+
   void set_uuid(const std::string& uuid);
   void set_session_timeout(unsigned timeout);
   int start_reclaim(const std::string& uuid, unsigned flags,

diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in
index 82e6995244ea73f667e31daa4014cebd088a8347..3603c67393ea40b5faade9fca84a86b3b3ab18c8 100644 (file)
--- a/src/common/options/mds-client.yaml.in
+++ b/src/common/options/mds-client.yaml.in
@@ -628,3 +628,13 @@ options:
   - mds_client
   flags:
   - runtime
+- name: client_fscrypt_dummy_encryption
+  type: bool
+  level: dev
+  desc: Enable fscrypt dummy encryption
+  long_desc: Enable fscrypt dummy encryption
+  default: false
+  services:
+  - mds_client
+  flags:
+  - runtime