From 39afeac82ab39abcb4528d88e500f5e930ee88cb Mon Sep 17 00:00:00 2001 From: Christopher Hoffman Date: Tue, 24 Jun 2025 19:09:07 +0000 Subject: [PATCH] client: Breakout fscrypt get policy into method Breakout fscrypt get policy into a method. Add ceph_get_fscrypt_policy_v2 support. Signed-off-by: Christopher Hoffman --- src/client/Client.cc | 22 ++++++++++++++++++++++ src/client/Client.h | 2 ++ src/client/fuse_ll.cc | 9 ++++++++- src/include/cephfs/libcephfs.h | 11 +++++++++++ src/libcephfs.cc | 9 +++++++++ 5 files changed, 52 insertions(+), 1 deletion(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index 316242b5279..de5f07f608b 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -18231,6 +18231,28 @@ int Client::ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2& return 0; } +int Client::get_fscrypt_policy_v2(int fd, struct fscrypt_policy_v2* policy) +{ + Fh *f = get_filehandle(fd); + if (!f) { + return -EBADF; + } + + return ll_get_fscrypt_policy_v2(f->inode.get(), policy); +} + +int Client::ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy) +{ + if (in->is_fscrypt_enabled()) { + in->fscrypt_ctx->convert_to(policy); + if (policy->version != 2) { + return EINVAL; + } + return 0; + } + return ENODATA; +} + int Client::is_encrypted(int fd, UserPerm& perms, char* enctag) { Fh *f = get_filehandle(fd); diff --git a/src/client/Client.h b/src/client/Client.h index 3b86078f179..feafe4d1f91 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -349,6 +349,7 @@ public: int fcopyfile(const char *sname, const char *dname, UserPerm& perms, mode_t mode); int set_fscrypt_policy_v2(int fd, const struct fscrypt_policy_v2& policy); + int get_fscrypt_policy_v2(int fd, struct fscrypt_policy_v2* policy); int is_encrypted(int fd, UserPerm& perms, char* enctag); int mds_command( @@ -711,6 +712,7 @@ public: } int ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2& policy); + int ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy); int ll_get_stripe_osd(struct Inode *in, uint64_t blockno, file_layout_t* layout); diff --git a/src/client/fuse_ll.cc b/src/client/fuse_ll.cc index 7bd92663b60..fa13de4e540 100644 --- a/src/client/fuse_ll.cc +++ b/src/client/fuse_ll.cc @@ -971,7 +971,14 @@ static void fuse_ll_ioctl(fuse_req_t req, fuse_ino_t ino, Inode *in = fh->inode.get(); if (in->is_fscrypt_enabled()) { - in->fscrypt_ctx->convert_to(&out_arg.policy.v2); + + int r = cfuse->client->ll_get_fscrypt_policy_v2(in, &out_arg.policy.v2); + + if (r < 0) { + fuse_reply_err(req, r); + break; + } + out_arg.policy_size = sizeof(out_arg.policy); fuse_reply_ioctl(req, 0, &out_arg, sizeof(out_arg)); diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h index ea0374d7535..7cf7f77da4e 100644 --- a/src/include/cephfs/libcephfs.h +++ b/src/include/cephfs/libcephfs.h @@ -2049,6 +2049,17 @@ int ceph_set_fscrypt_policy_v2(struct ceph_mount_info *cmount, int ceph_is_encrypted(struct ceph_mount_info *cmount, int fd, char* enctag); +/** + * Get encryption policy of a directory. + * + * @param cmount the ceph mount handle to use. + * @param fd open directory file descriptor + * @param policy pointer to to the fscrypt v2 policy + * @returns zero on success, other returns a negative error code. + */ +int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount, + int fd, struct fscrypt_policy_v2 *policy); + /* Low Level */ struct Inode *ceph_ll_get_inode(struct ceph_mount_info *cmount, vinodeno_t vino); diff --git a/src/libcephfs.cc b/src/libcephfs.cc index 0fe4a88efbb..fcf69ca802f 100644 --- a/src/libcephfs.cc +++ b/src/libcephfs.cc @@ -2542,6 +2542,15 @@ extern "C" int ceph_is_encrypted(struct ceph_mount_info *cmount, return cmount->get_client()->is_encrypted(fd, cmount->default_perms, enctag); } +extern "C" int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount, + int fd, struct fscrypt_policy_v2 *policy) +{ + if (!cmount->is_mounted()) + return -ENOTCONN; + + return cmount->get_client()->get_fscrypt_policy_v2(fd, policy); +} + // This is deprecated, use ceph_ll_register_callbacks2 instead. extern "C" void ceph_ll_register_callbacks(class ceph_mount_info *cmount, -- 2.39.5