From 4465cd87949ed23588a5550fe26985666b6e9410 Mon Sep 17 00:00:00 2001 From: Christopher Hoffman Date: Tue, 2 Sep 2025 14:31:52 +0000 Subject: [PATCH] client: Add fscrypt dummy encryption Add fscrypt dummy encryption to client. This will allow for mounting a cephfs volume without providing any fscrypt information. This will allow for more straightforward setup for development and test suites. Signed-off-by: Christopher Hoffman --- src/client/Client.cc | 48 +++++++++++++++++++++++++++ src/client/Client.h | 2 ++ src/common/options/mds-client.yaml.in | 10 ++++++ 3 files changed, 60 insertions(+) diff --git a/src/client/Client.cc b/src/client/Client.cc index d0cde09c6b5..8e5777e73b6 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -7003,6 +7003,17 @@ int Client::mount(const std::string &mount_root, const UserPerm& perms, } } + // dummy encryption? + if (cct->_conf.get_val("client_fscrypt_dummy_encryption")) { + client_lock.unlock(); + + r = fscrypt_dummy_encryption(); + if (r < 0) { + return r; + } + + client_lock.lock(); + } /* ldout(cct, 3) << "op: // client trace data structs" << dendl; ldout(cct, 3) << "op: struct stat st;" << dendl; @@ -7312,6 +7323,43 @@ void Client::abort_conn() _unmount(true); } +int Client::fscrypt_dummy_encryption() { + // get add key + char key[20]; + memset(key, 0, sizeof(key)); + ceph_fscrypt_key_identifier kid; + + int r = add_fscrypt_key(key, FSCRYPT_KEY_IDENTIFIER_SIZE, &kid); + if (r < 0) { + goto err; + } + + // set dummy encryption policy + struct fscrypt_policy_v2 policy; + + memset(&policy, 0, sizeof(policy)); + policy.version = 2; + policy.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS; + policy.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS; + policy.flags = FSCRYPT_POLICY_FLAGS_PAD_32; + memcpy(policy.master_key_identifier, kid.raw, FSCRYPT_KEY_IDENTIFIER_SIZE); + r = ll_set_fscrypt_policy_v2(root.get(), policy); + if (r < 0) { + goto err; + } + + return 0; + err: + fscrypt_remove_key_arg arg; + fscrypt_key_specifier key_spec; + key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER; + key_spec.__reserved = 0; + memcpy(key_spec.u.identifier, kid.raw, 16); + arg.removal_status_flags = 0; + arg.key_spec = key_spec; + r = remove_fscrypt_key(&arg); + return r; +} void Client::flush_cap_releases() { uint64_t nr_caps = 0; diff --git a/src/client/Client.h b/src/client/Client.h index 60a2d9175c6..28be5bb3684 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -369,6 +369,8 @@ public: } void abort_conn(); + int fscrypt_dummy_encryption(); + void set_uuid(const std::string& uuid); void set_session_timeout(unsigned timeout); int start_reclaim(const std::string& uuid, unsigned flags, diff --git a/src/common/options/mds-client.yaml.in b/src/common/options/mds-client.yaml.in index 82e6995244e..3603c67393e 100644 --- a/src/common/options/mds-client.yaml.in +++ b/src/common/options/mds-client.yaml.in @@ -628,3 +628,13 @@ options: - mds_client flags: - runtime +- name: client_fscrypt_dummy_encryption + type: bool + level: dev + desc: Enable fscrypt dummy encryption + long_desc: Enable fscrypt dummy encryption + default: false + services: + - mds_client + flags: + - runtime -- 2.47.3