From a0132a79df9b59d5d9b674665daf6cdbd79128a8 Mon Sep 17 00:00:00 2001 From: Sebastien Buisson Date: Wed, 4 Jan 2023 16:10:02 +0100 Subject: [PATCH] LU-16444 enc: null-enc names cannot be digested form When encrypted files have their names encrypted, long names are in digested form in case access is done without the encryption key. The digest is base64-encoded, and prepended with '_'. With null encryption for file names, names are always plain text. In this case, a legitimate '_' at the start of a name must not be interpreted as a digested form. sanity-sec test_54 is improved to test the case of a file whose name starts with '_'. Fixes: f18c87cb53 ("LU-13717 sec: handle null algo for filename encryption") Signed-off-by: Sebastien Buisson Change-Id: Idaad186afd06cfbabbe1d13e78f083d12876c8ff Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/49550 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger Reviewed-by: jsimmons Reviewed-by: Oleg Drokin --- lustre/llite/crypto.c | 4 ++-- lustre/tests/sanity-sec.sh | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/lustre/llite/crypto.c b/lustre/llite/crypto.c index edc5829..d8e8173 100644 --- a/lustre/llite/crypto.c +++ b/lustre/llite/crypto.c @@ -251,8 +251,8 @@ int ll_setup_filename(struct inode *dir, const struct qstr *iname, struct qstr dname; int rc; - if (fid && IS_ENCRYPTED(dir) && !llcrypt_has_encryption_key(dir) && - iname->name[0] == '_') + if (fid && IS_ENCRYPTED(dir) && llcrypt_policy_has_filename_enc(dir) && + !llcrypt_has_encryption_key(dir) && iname->name[0] == '_') digested = 1; dname.name = iname->name + digested; diff --git a/lustre/tests/sanity-sec.sh b/lustre/tests/sanity-sec.sh index c1f26ec..cd0a596 100755 --- a/lustre/tests/sanity-sec.sh +++ b/lustre/tests/sanity-sec.sh @@ -4322,6 +4322,7 @@ test_54() { local testdir2=$DIR2/$tdir/$ID0 local testfile=$testdir/$tfile local testfile2=$testdir/${tfile}withveryverylongnametoexercisecode + local testfile3=$testdir/_${tfile} local tmpfile=$TMP/${tfile}.tmp local resfile=$TMP/${tfile}.res local nameenc="" @@ -4366,6 +4367,8 @@ test_54() { cp $testfile $tmpfile $RUNAS dd if=/dev/urandom of=$testfile2 bs=127 count=1 conv=fsync || error "write to encrypted file $testfile2 failed" + $RUNAS dd if=/dev/urandom of=$testfile3 bs=127 count=1 conv=fsync || + error "write to encrypted file $testfile3 failed" $RUNAS mkdir $testdir/subdir || error "mkdir subdir failed" $RUNAS touch $testdir/subdir/subfile || error "mkdir subdir failed" @@ -4374,7 +4377,7 @@ test_54() { $RUNAS ls -R $testdir || error "ls -R $testdir failed" local filecount=$($RUNAS find $testdir -type f | wc -l) - [ $filecount -eq 3 ] || error "found $filecount files" + [ $filecount -eq 4 ] || error "found $filecount files" # check enable_filename_encryption default value # tunable only available for client built against embedded llcrypt @@ -4387,12 +4390,16 @@ test_54() { [ $nameenc -eq 0 ] || error "enable_filename_encryption should be 0 by default" - # $testfile and $testfile2 should exist because + # $testfile, $testfile2 and $testfile3 should exist because # names are not encrypted [ -f $testfile ] || error "$testfile should exist because name not encrypted" [ -f $testfile2 ] || error "$testfile2 should exist because name not encrypted" + [ -f $testfile3 ] || + error "$testfile3 should exist because name not encrypted" + stat $testfile3 + [ $? -eq 0 ] || error "cannot stat $testfile3 without key" fi scrambledfiles=( $(find $testdir/ -maxdepth 1 -type f) ) @@ -4409,6 +4416,8 @@ test_54() { error "reading $testfile failed" cmp -bl $tmpfile $resfile || error "file read differs from file written" + stat $testfile3 + [ $? -eq 0 ] || error "cannot stat $testfile3 with key" $RUNAS fscrypt lock --verbose $testdir || error "fscrypt lock $testdir failed (2)" -- 1.8.3.1