From 4b7aa10e5fd8742194ec1215cd748f0e2caf2066 Mon Sep 17 00:00:00 2001
From: Christopher Hoffman <choffman@redhat.com>
Date: Wed, 30 Jul 2025 15:17:32 +0000
Subject: [PATCH] client: turn is_encrypted into helper

Turn is_encrypted into helper functions. Add test to
validate is_encrypted.

Signed-off-by: Christopher Hoffman <choffman@redhat.com>
---
 src/client/Client.cc       | 22 ++++++++++++++++++----
 src/test/libcephfs/test.cc | 25 +++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/src/client/Client.cc b/src/client/Client.cc
index cddf40d92f2..6ae944c9543 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -18381,15 +18381,29 @@ int Client::is_encrypted(int fd, UserPerm& perms, char* enctag)
     return -EBADF;
   }
 
-  return ll_is_encrypted(f->inode.get(), perms, enctag);
+  auto *in = f->inode.get();
+  if (in->is_fscrypt_enabled()) {
+    std::scoped_lock lock(client_lock);
+    char name[] = "user.ceph.subvolume.enctag";
+    int r = _getxattr(in, name, enctag, sizeof(enctag), perms);
+    // dir can be encrypted and xattr DNE if it isn't setup via mgr subvolume
+    if (r < 0) {
+      enctag = nullptr;
+    }
+
+    return 1;
+  }
+  enctag = nullptr;
+  return -EINVAL;
 }
 
 int Client::ll_is_encrypted(Inode *in, UserPerm& perms, char *enctag)
 {
-  if (in->is_encrypted()) {
-    int r = ll_getxattr(in, "user.ceph.subvolume.enctag", enctag, sizeof(enctag), perms);
+  if (in->is_fscrypt_enabled()) {
+    std::scoped_lock lock(client_lock);
+    char name[] = "user.ceph.subvolume.enctag";
+    int r = _getxattr(in, name, enctag, sizeof(enctag), perms);
     // dir can be encrypted and xattr DNE if it isn't setup via mgr subvolume
-    // this is an expected scenario
     if (r < 0) {
       enctag = nullptr;
     }
diff --git a/src/test/libcephfs/test.cc b/src/test/libcephfs/test.cc
index edd56763577..fc1d177ecf4 100644
--- a/src/test/libcephfs/test.cc
+++ b/src/test/libcephfs/test.cc
@@ -3854,6 +3854,31 @@ TEST(LibCephFS, FsCrypt) {
   ceph_shutdown(cmount);
 }
 
+TEST(LibCephFS, EncTag) {
+  struct ceph_mount_info *cmount;
+  ASSERT_EQ(ceph_create(&cmount, NULL), 0);
+  ASSERT_EQ(ceph_conf_read_file(cmount, NULL), 0);
+  ASSERT_EQ(0, ceph_conf_parse_env(cmount, NULL));
+  ASSERT_EQ(do_ceph_mount(cmount, NULL), 0);
+
+  char test_xattr_file[NAME_MAX];
+  sprintf(test_xattr_file, "test_fscrypt_%d", getpid());
+  int fd = ceph_open(cmount, test_xattr_file, O_RDWR|O_CREAT, 0666);
+  ASSERT_GT(fd, 0);
+
+  char enctagbuf[] = "foo";
+  ASSERT_EQ(0, ceph_fsetxattr(cmount, fd, "ceph.fscrypt.auth", "foo", 3, CEPH_XATTR_CREATE));
+  ASSERT_EQ(0, ceph_fsetxattr(cmount, fd, "user.ceph.subvolume.enctag", enctagbuf, sizeof(enctagbuf), CEPH_XATTR_CREATE));
+
+  char enctagread[4];
+  ASSERT_EQ(1, ceph_is_encrypted(cmount, fd, enctagread));
+  ASSERT_EQ(0, strcmp(enctagbuf, enctagread));
+  ASSERT_EQ(0, ceph_close(cmount, fd));
+
+  ASSERT_EQ(0, ceph_unmount(cmount));
+  ceph_shutdown(cmount);
+}
+
 TEST(LibCephFS, SnapdirAttrs) {
   struct ceph_mount_info *cmount;
   ASSERT_EQ(ceph_create(&cmount, NULL), 0);
-- 
2.47.3