diff options
| author | Xiubo Li <xiubli@redhat.com> | 2022-03-14 05:28:35 +0300 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2023-08-24 12:24:34 +0300 |
| commit | af9ffa6df7e337599ce41165d9e6166a330c7b96 (patch) | |
| tree | e62445c27ebbdba422319064f1ff141ca03b82ea /fs/ceph/crypto.c | |
| parent | 3859af9eba958cec91e4908f64787f190254f565 (diff) | |
| download | linux-af9ffa6df7e337599ce41165d9e6166a330c7b96.tar.xz | |
ceph: add support to readdir for encrypted names
To make it simpler to decrypt names in a readdir reply (i.e. before
we have a dentry), add a new ceph_encode_encrypted_fname()-like helper
that takes a qstr pointer instead of a dentry pointer.
Once we've decrypted the names in a readdir reply, we no longer need the
crypttext, so overwrite them in ceph_mds_reply_dir_entry with the
unencrypted names. Then in both ceph_readdir_prepopulate() and
ceph_readdir() we will use the dencrypted name directly.
[ jlayton: convert some BUG_ONs into error returns ]
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-and-tested-by: Luís Henriques <lhenriques@suse.de>
Reviewed-by: Milind Changire <mchangir@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'fs/ceph/crypto.c')
| -rw-r--r-- | fs/ceph/crypto.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c index e2a461960955..a08978a0ed4d 100644 --- a/fs/ceph/crypto.c +++ b/fs/ceph/crypto.c @@ -192,15 +192,18 @@ void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, swap(req->r_fscrypt_auth, as->fscrypt_auth); } -int ceph_encode_encrypted_fname(const struct inode *parent, - struct dentry *dentry, char *buf) +int ceph_encode_encrypted_dname(const struct inode *parent, + struct qstr *d_name, char *buf) { u32 len; int elen; int ret; u8 *cryptbuf; - WARN_ON_ONCE(!fscrypt_has_encryption_key(parent)); + if (!fscrypt_has_encryption_key(parent)) { + memcpy(buf, d_name->name, d_name->len); + return d_name->len; + } /* * Convert cleartext d_name to ciphertext. If result is longer than @@ -208,8 +211,7 @@ int ceph_encode_encrypted_fname(const struct inode *parent, * * See: fscrypt_setup_filename */ - if (!fscrypt_fname_encrypted_size(parent, dentry->d_name.len, NAME_MAX, - &len)) + if (!fscrypt_fname_encrypted_size(parent, d_name->len, NAME_MAX, &len)) return -ENAMETOOLONG; /* Allocate a buffer appropriate to hold the result */ @@ -218,7 +220,7 @@ int ceph_encode_encrypted_fname(const struct inode *parent, if (!cryptbuf) return -ENOMEM; - ret = fscrypt_fname_encrypt(parent, &dentry->d_name, cryptbuf, len); + ret = fscrypt_fname_encrypt(parent, d_name, cryptbuf, len); if (ret) { kfree(cryptbuf); return ret; @@ -245,6 +247,14 @@ int ceph_encode_encrypted_fname(const struct inode *parent, return elen; } +int ceph_encode_encrypted_fname(const struct inode *parent, + struct dentry *dentry, char *buf) +{ + WARN_ON_ONCE(!fscrypt_has_encryption_key(parent)); + + return ceph_encode_encrypted_dname(parent, &dentry->d_name, buf); +} + /** * ceph_fname_to_usr - convert a filename for userland presentation * @fname: ceph_fname to be converted @@ -286,7 +296,10 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname, * generating a nokey name via fscrypt. */ if (!fscrypt_has_encryption_key(fname->dir)) { - memcpy(oname->name, fname->name, fname->name_len); + if (fname->no_copy) + oname->name = fname->name; + else + memcpy(oname->name, fname->name, fname->name_len); oname->len = fname->name_len; if (is_nokey) *is_nokey = true; |