LU-13975 sec: require enc key in case of O_CREAT only

In ll_atomic_open(), do not return -ENOKEY when trying to open
either a directory or a file without the encryption key, unless
O_CREAT flag is specified.
Indeed, listing directory content is allowed even without the key.
And in case of regular file, ll_file_open() already checks for the
presence of an encryption key.

Improve sanity-sec test_54 to verify this is working properly.

Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53 54" clientdistro=el8.1 fstype=ldiskfs mdscount=2 mdtcount=4
Test-Parameters: testlist=sanity-sec envdefinitions=ONLY="36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 52 53 54" clientdistro=el8.1 fstype=zfs mdscount=2 mdtcount=4
Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I813d4ec938e00c8463b1d3ee9766d180806b40ba
Reviewed-on: https://review.whamcloud.com/39983
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index ab6285c..b84dfd7 100644 (file)
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -1122,16 +1122,17 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
        it->it_flags &= ~MDS_OPEN_FL_INTERNAL;
 
        if (ll_sbi_has_encrypt(ll_i2sbi(dir)) && IS_ENCRYPTED(dir)) {
-               /* we know that we are going to create a regular file because
+               /* in case of create, this is going to be a regular file because
                 * we set S_IFREG bit on it->it_create_mode above
                 */
                rc = llcrypt_get_encryption_info(dir);
                if (rc)
                        GOTO(out_release, rc);
-               if (!llcrypt_has_encryption_key(dir))
-                       GOTO(out_release, rc = -ENOKEY);
-               encrypt = true;
-               rc = 0;
+               if (open_flags & O_CREAT) {
+                       if (!llcrypt_has_encryption_key(dir))
+                               GOTO(out_release, rc = -ENOKEY);
+                       encrypt = true;
+               }
        }
 
        OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE2, cfs_fail_val);

diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh
index a866b66..e678c95 100755 (executable)
--- a/lustre/tests/sanity-sec.sh
+++ b/lustre/tests/sanity-sec.sh
@@ -4010,13 +4010,22 @@ test_54() {
        cp $testfile $tmpfile
        $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync ||
                error "write to encrypted file $testfile2 failed"
+       $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed"
+       $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed"
 
        $RUNAS fscrypt lock --verbose $testdir ||
                error "fscrypt lock $testdir failed (1)"
 
+       $RUNAS ls -R $testdir || error "ls -R $testdir failed"
+       local filecount=$($RUNAS find $testdir -type f | wc -l)
+       [ $filecount -eq 3 ] || error "found $filecount files"
+
        $RUNAS hexdump -C $testfile &&
                error "reading $testfile should have failed without key"
 
+       $RUNAS touch ${testfile}.nokey &&
+               error "touch ${testfile}.nokey should have failed without key"
+
        echo mypass | $RUNAS fscrypt unlock --verbose $testdir ||
                error "fscrypt unlock $testdir failed (1)"