LU-16444 enc: null-enc names cannot be digested form

author Sebastien Buisson <sbuisson@ddn.com>

Wed, 4 Jan 2023 15:10:02 +0000 (16:10 +0100)

committer Oleg Drokin <green@whamcloud.com>

Thu, 19 Jan 2023 15:27:10 +0000 (15:27 +0000)
author Sebastien Buisson <sbuisson@ddn.com>
Wed, 4 Jan 2023 15:10:02 +0000 (16:10 +0100)
committer Oleg Drokin <green@whamcloud.com>
Thu, 19 Jan 2023 15:27:10 +0000 (15:27 +0000)
diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c

index edc5829..d8e8173 100644 (file)
--- a/lustre/llite/crypto.c
+++ b/lustre/llite/crypto.c
@@ -251,8 +251,8 @@ int ll_setup_filename(struct inode *dir, const struct qstr *iname,
         struct qstr dname;
         int rc;
  
-       if (fid && IS_ENCRYPTED(dir) && !llcrypt_has_encryption_key(dir) &&
-           iname->name[0] == '_')
+       if (fid && IS_ENCRYPTED(dir) && llcrypt_policy_has_filename_enc(dir) &&
+           !llcrypt_has_encryption_key(dir) && iname->name[0] == '_')
                 digested = 1;
  
         dname.name = iname->name + digested;
diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh

index c1f26ec..cd0a596 100755 (executable)
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -4322,6 +4322,7 @@ test_54() {
         local testdir2=$DIR2/$tdir/$ID0
         local testfile=$testdir/$tfile
         local testfile2=$testdir/${tfile}withveryverylongnametoexercisecode
+       local testfile3=$testdir/_${tfile}
         local tmpfile=$TMP/${tfile}.tmp
         local resfile=$TMP/${tfile}.res
         local nameenc=""
@@ -4366,6 +4367,8 @@ test_54() {
         cp $testfile $tmpfile
         $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
                 error "write to encrypted file $testfile2 failed"
+       $RUNAS dd if=/dev/urandom of=$testfile3 bs=127 count=1 conv=fsync ||
+               error "write to encrypted file $testfile3 failed"
         $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
         $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
  
@@ -4374,7 +4377,7 @@ test_54() {
  
         $RUNAS ls -R $testdir || error "ls -R $testdir failed"
         local filecount=$($RUNAS find $testdir -type f | wc -l)
-       [ $filecount -eq 3 ] || error "found $filecount files"
+       [ $filecount -eq 4 ] || error "found $filecount files"
  
         # check enable_filename_encryption default value
         # tunable only available for client built against embedded llcrypt
@@ -4387,12 +4390,16 @@ test_54() {
                 [ $nameenc -eq 0 ] ||
                        error "enable_filename_encryption should be 0 by default"
  
-               # $testfile and $testfile2 should exist because
+               # $testfile, $testfile2 and $testfile3 should exist because
                 # names are not encrypted
                 [ -f $testfile ] ||
                       error "$testfile should exist because name not encrypted"
                 [ -f $testfile2 ] ||
                       error "$testfile2 should exist because name not encrypted"
+               [ -f $testfile3 ] ||
+                     error "$testfile3 should exist because name not encrypted"
+               stat $testfile3
+               [ $? -eq 0 ] || error "cannot stat $testfile3 without key"
         fi
  
         scrambledfiles=( $(find $testdir/ -maxdepth 1 -type f) )
@@ -4409,6 +4416,8 @@ test_54() {
                 error "reading $testfile failed"
  
         cmp -bl $tmpfile $resfile || error "file read differs from file written"
+       stat $testfile3
+       [ $? -eq 0 ] || error "cannot stat $testfile3 with key"
  
         $RUNAS fscrypt lock --verbose $testdir ||
                 error "fscrypt lock $testdir failed (2)"
author	Sebastien Buisson <sbuisson@ddn.com>
	Wed, 4 Jan 2023 15:10:02 +0000 (16:10 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Thu, 19 Jan 2023 15:27:10 +0000 (15:27 +0000)
lustre/llite/crypto.c		patch \| blob \| history
lustre/tests/sanity-sec.sh		patch \| blob \| history