From 95c5765b5aa286308ce3dfe9448d841bb24f04db Mon Sep 17 00:00:00 2001 From: Christopher Hoffman Date: Wed, 25 Jun 2025 13:14:45 +0000 Subject: [PATCH] client, libcephfs: Expose fscrypt apis as low level Add low level versions of fscrypt apis to support protocols such as NFS. Signed-off-by: Christopher Hoffman --- src/client/Client.cc | 6 +++++- src/client/Client.h | 1 + src/include/cephfs/libcephfs.h | 8 ++++++++ src/libcephfs.cc | 26 ++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index 435d396e20684..1ebe5eca89b98 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -18378,7 +18378,11 @@ int Client::is_encrypted(int fd, UserPerm& perms, char* enctag) return -EBADF; } - Inode *in = f->inode.get(); + return ll_is_encrypted(f->inode.get(), perms, enctag); +} + +int Client::ll_is_encrypted(Inode *in, UserPerm& perms, char *enctag) +{ if (in->is_encrypted()) { int r = ll_getxattr(in, "user.ceph.subvolume.enctag", enctag, sizeof(enctag), perms); // dir can be encrypted and xattr DNE if it isn't setup via mgr subvolume diff --git a/src/client/Client.h b/src/client/Client.h index 57c45bbb35c80..3cee9219d789d 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -752,6 +752,7 @@ public: int ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2& policy); int ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy); + int ll_is_encrypted(Inode *in, UserPerm& perms, char* enctag); int ll_get_stripe_osd(struct Inode *in, uint64_t blockno, file_layout_t* layout); diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h index 28d6c272d040f..536857849b263 100644 --- a/src/include/cephfs/libcephfs.h +++ b/src/include/cephfs/libcephfs.h @@ -2214,6 +2214,14 @@ int ceph_ll_setlk(struct ceph_mount_info *cmount, int ceph_ll_lazyio(struct ceph_mount_info *cmount, Fh *fh, int enable); +int ceph_ll_set_fscrypt_policy_v2(struct ceph_mount_info *cmount, + Inode *in, const struct fscrypt_policy_v2 *policy); + +int ceph_ll_get_fscrypt_policy_v2(struct ceph_mount_info *cmount, + Inode *in, struct fscrypt_policy_v2 *policy); + +int ceph_ll_is_encrypted(struct ceph_mount_info *cmount, Inode *in, char* enctag); + /* * Delegation support * diff --git a/src/libcephfs.cc b/src/libcephfs.cc index 5924ae31c52ae..95d6c755d19ca 100644 --- a/src/libcephfs.cc +++ b/src/libcephfs.cc @@ -2561,6 +2561,32 @@ extern "C" int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount, return cmount->get_client()->get_fscrypt_policy_v2(fd, policy); } +extern "C" int ceph_ll_set_fscrypt_policy_v2(struct ceph_mount_info *cmount, + Inode *in, const struct fscrypt_policy_v2 *policy) +{ + if (!cmount->is_mounted()) + return -ENOTCONN; + + return cmount->get_client()->ll_set_fscrypt_policy_v2(in, *policy); +} + +extern "C" int ceph_ll_get_fscrypt_policy_v2(struct ceph_mount_info *cmount, + Inode *in, struct fscrypt_policy_v2 *policy) +{ + if (!cmount->is_mounted()) + return -ENOTCONN; + + return cmount->get_client()->ll_get_fscrypt_policy_v2(in, policy); +} + +extern "C" int ceph_ll_is_encrypted(struct ceph_mount_info *cmount, + Inode *in, char* enctag) +{ + if (!cmount->is_mounted()) + return -ENOTCONN; + + return cmount->get_client()->ll_is_encrypted(in, cmount->default_perms, enctag); +} // This is deprecated, use ceph_ll_register_callbacks2 instead. extern "C" void ceph_ll_register_callbacks(class ceph_mount_info *cmount, -- 2.39.5