client: Add is_encrypted libcephfs api

Given a fd, will return if is encrypted or not.
Optionally, an enctag will be returned if set.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 1528ff3a67d2aa1c6c5e80a1e3853919348bd6d1..1a6353a8eba3a6ac19f71267a9ef8f1412fcaa49 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -18526,6 +18526,28 @@ int Client::ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2&
   return 0;
 }
 
+int Client::is_encrypted(int fd, UserPerm& perms, char* enctag)
+{
+  Fh *f = get_filehandle(fd);
+  if (!f) {
+    return -EBADF;
+  }
+
+  Inode *in = f->inode.get();
+  if (in->is_encrypted()) {
+    int r = ll_getxattr(in, "user.ceph.subvolume.enctag", enctag, sizeof(enctag), perms);
+    // dir can be encrypted and xattr DNE if it isn't setup via mgr subvolume
+    // this is an expected scenario
+    if (r < 0) {
+      enctag = nullptr;
+    }
+
+    return 0;
+  }
+  enctag = nullptr;
+  return -EINVAL;
+}
+
 int Client::get_fscrypt_key_status(fscrypt_get_key_status_arg* arg) {
   ceph_fscrypt_key_identifier kid;
   int r = kid.init(arg->key_spec);

diff --git a/src/client/Client.h b/src/client/Client.h
index deb1c98066d1e69cf9a352dc42cec913244f30af..8bbe6731d78d982497098e12186ab5bd2bddb722 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -388,6 +388,7 @@ public:
   int get_inode_flags(int fd, int* file_attr_out);
 
   int set_fscrypt_policy_v2(int fd, const struct fscrypt_policy_v2& policy);
+  int is_encrypted(int fd, UserPerm& perms, char* enctag);
 
   int mds_command(
     const std::string &mds_spec,

diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h
index c839f0f55c886a8145d0101e46325d98bec43699..33a9324d556a66639072ffdf006895797be1b6b4 100644 (file)
--- a/src/include/cephfs/libcephfs.h
+++ b/src/include/cephfs/libcephfs.h
@@ -2038,6 +2038,16 @@ int ceph_remove_fscrypt_key(struct ceph_mount_info *cmount,
 int ceph_set_fscrypt_policy_v2(struct ceph_mount_info *cmount,
                                int fd, const struct fscrypt_policy_v2 *policy);
 
+/**
+ * Checks to see if encryption is set on a directory.
+ *
+ * @param cmount the ceph mount handle to use.
+ * @param fd open directory file descriptor
+ * @param enctag, if set on dir, will return non-nullptr
+ * @returns zero on success, other returns a negative error code.
+ */
+int ceph_is_encrypted(struct ceph_mount_info *cmount,
+                      int fd, char* enctag);
 /**
  * Fill file_attr_out with content of i_flags
  * @param cmount the ceph mount handle to use.

diff --git a/src/libcephfs.cc b/src/libcephfs.cc
index d8f54032b0b3a3ebf1bf87731fb2facdc2c4f42a..078acfdcc321dcd4c59a031d7a09543db4e446a8 100644 (file)
--- a/src/libcephfs.cc
+++ b/src/libcephfs.cc
@@ -2543,6 +2543,15 @@ extern "C" int ceph_set_fscrypt_policy_v2(struct ceph_mount_info *cmount,
   return cmount->get_client()->set_fscrypt_policy_v2(fd, *policy);
 }
 
+extern "C" int ceph_is_encrypted(struct ceph_mount_info *cmount,
+                                          int fd, char* enctag)
+{
+  if (!cmount->is_mounted())
+    return -ENOTCONN;
+
+  return cmount->get_client()->is_encrypted(fd, cmount->default_perms, enctag);
+}
+
 
 // This is deprecated, use ceph_ll_register_callbacks2 instead.
 extern "C" void ceph_ll_register_callbacks(class ceph_mount_info *cmount,