From 2c7bcb60531e597ecbbe92636930f6d9b28815cd Mon Sep 17 00:00:00 2001 From: wangdi Date: Tue, 9 Aug 2005 10:12:37 +0000 Subject: [PATCH] Branch: b_hd_crypto some fixes about crypto api 1)some debug info fix 2)reorganize the code for mds_set_gskey --- lustre/llite/llite_gs.c | 8 ++-- lustre/mds/handler.c | 2 +- lustre/mds/mds_lib.c | 59 ++++++++++++----------------- lustre/mds/mds_open.c | 3 +- lustre/tests/cfg/lmv.sh | 2 +- lustre/tests/sanity-crypto.sh | 88 +++++++++++++++++++++++++++++++++++++++++-- 6 files changed, 118 insertions(+), 44 deletions(-) diff --git a/lustre/llite/llite_gs.c b/lustre/llite/llite_gs.c index bc1577a..9f75957 100644 --- a/lustre/llite/llite_gs.c +++ b/lustre/llite/llite_gs.c @@ -477,11 +477,12 @@ static int ll_crypt_cb(struct page *page, __u64 offset, __u64 count, CDEBUG(D_INFO, "data_key is "LPU64" \n", data_key); /*encrypt the data*/ ptr = (char *)kmap(page); + key_ptr = ptr; ptr += offset; CDEBUG(D_INFO, "ptr is %s \n", ptr); for (i = 0; i < count; i++) - *ptr++ ^= data_key; - CDEBUG(D_INFO, "encrypted ptr is %s \n", ptr); + *ptr++ ^= (__u8)data_key; + CDEBUG(D_INFO, "encrypted ptr is %s \n", key_ptr); kunmap(page); RETURN(0); @@ -570,7 +571,8 @@ int ll_mks_create_key(struct inode *inode, struct lookup_intent *it) OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key)); } OBD_ALLOC(crypto_key, sizeof(struct crypto_key)); - + + crypto_key->ck_type = MKS_TYPE; lustre_data->it_key = crypto_key; lustre_data->it_key_size = sizeof(struct crypto_key); RETURN(rc); diff --git a/lustre/mds/handler.c b/lustre/mds/handler.c index 2a9fda7..089e7bc 100644 --- a/lustre/mds/handler.c +++ b/lustre/mds/handler.c @@ -333,7 +333,7 @@ struct dentry *mds_id2dentry(struct obd_device *obd, struct lustre_id *id, struct mds_obd *mds = &obd->u.mds; struct dentry *result; struct inode *inode; - unsigned long ino; + unsigned long ino = 0; __u32 generation; char idname[32]; diff --git a/lustre/mds/mds_lib.c b/lustre/mds/mds_lib.c index 4584f1c..a71bc99 100644 --- a/lustre/mds/mds_lib.c +++ b/lustre/mds/mds_lib.c @@ -239,17 +239,12 @@ void mds_inode2id(struct obd_device *obd, struct lustre_id *id, int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg, int *offset, struct mds_body *body, struct inode *inode) { - struct mds_obd *mds = &obd->u.mds; struct crypto_key_md *md_key; struct crypto_key *ckey; __u32 buflen, *sizep; void *buf; int size, rc = 0; ENTRY; - - if ((mds->mds_crypto_type != MKS_TYPE && - mds->mds_crypto_type != GKS_TYPE)) - RETURN(rc); sizep = lustre_msg_buf(repmsg, (*offset)++, 4); if (!sizep) { @@ -265,9 +260,10 @@ int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg, size = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key), EA_KEY); - if (size < 0) { - CERROR("Can not get gskey from MDS ino %lu rc %d\n", - inode->i_ino, size); + if (size <= 0) { + if (size < 0) + CERROR("Can not get gskey from MDS ino %lu rc %d\n", + inode->i_ino, size); GOTO(out, rc = size); } if (le32_to_cpu(md_key->md_magic) != MD_KEY_MAGIC) { @@ -287,12 +283,12 @@ out: RETURN(rc); } -static int mds_get_gskey(struct inode *inode, struct crypto_key_md *mkey) +static int mds_get_gskey(struct inode *inode, struct crypto_key *ckey) { - LASSERT(mkey); + LASSERT(ckey); /*tmp create gs key here*/ - get_random_bytes(mkey->md_ck.ck_key, KEY_SIZE); - mkey->md_ck.ck_type = MKS_TYPE; + LASSERT(ckey->ck_type == MKS_TYPE); + get_random_bytes(ckey->ck_key, KEY_SIZE); RETURN(0); } @@ -302,48 +298,44 @@ int mds_set_gskey(struct obd_device *obd, void *handle, { struct crypto_key_md *md_key = NULL; struct crypto_key *ckey = (struct crypto_key *)key; - struct mds_obd *mds = &obd->u.mds; int rc = 0; ENTRY; - if ((mds->mds_crypto_type != MKS_TYPE && - mds->mds_crypto_type != GKS_TYPE)) { - CDEBUG(D_INFO, "mds_crypto_type %d \n", mds->mds_crypto_type); - RETURN(rc); - } + if (!ckey) + RETURN(0); + + LASSERT(ckey->ck_type == MKS_TYPE || ckey->ck_type == GKS_TYPE); + OBD_ALLOC(md_key, sizeof(*md_key)); - if (mds->mds_crypto_type == MKS_TYPE) { - mds_get_gskey(inode, md_key); - } else { - LASSERT(ckey != NULL); - } + if (ckey->ck_type == MKS_TYPE) { + mds_get_gskey(inode, ckey); + } + rc = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key), EA_KEY); if (rc < 0) GOTO(free, rc); LASSERT(le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC || md_key->md_magic == 0); + if (le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC) { CDEBUG(D_INFO, "reset key %s mac %s", md_key->md_ck.ck_mac, md_key->md_ck.ck_key); } md_key->md_magic = cpu_to_le32(MD_KEY_MAGIC); - if (mds->mds_crypto_type == GKS_TYPE) { /*get key and mac from request buffer*/ - if (valid & ATTR_MAC) { - memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE); + if (valid & ATTR_MAC) { + memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE); CDEBUG(D_INFO, "set mac %s for ino %lu \n", md_key->md_ck.ck_mac, inode->i_ino); - } - if (valid & ATTR_KEY) { - memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE); - CDEBUG(D_INFO, "set key %s for ino %lu \n", + } + if (valid & ATTR_KEY) { + memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE); + CDEBUG(D_INFO, "set key %s for ino %lu \n", md_key->md_ck.ck_key, inode->i_ino); - } } - rc = fsfilt_set_md(obd, inode, handle, md_key, - sizeof(*md_key), EA_KEY); + rc = fsfilt_set_md(obd, inode, handle, md_key, sizeof(*md_key), EA_KEY); free: if (md_key) OBD_FREE(md_key, sizeof(*md_key)); @@ -354,7 +346,6 @@ int mds_set_crypto_type(struct obd_device *obd, void *val, __u32 vallen) { struct mds_obd *mds = &obd->u.mds; ENTRY; - if (vallen >= strlen("mks") && memcmp(val, "mks", vallen) == 0) { mds->mds_crypto_type = MKS_TYPE; diff --git a/lustre/mds/mds_open.c b/lustre/mds/mds_open.c index 7486ce1b..3174e82 100644 --- a/lustre/mds/mds_open.c +++ b/lustre/mds/mds_open.c @@ -1228,8 +1228,7 @@ got_child: mds_inode2id(obd, &body->id1, inode, fid); mds_update_inode_ids(obd, dchild->d_inode, handle, &body->id1, &sid); - if ((rec->ur_flags & MDS_OPEN_HAS_KEY) || - mds->mds_crypto_type == MKS_TYPE) { + if ((rec->ur_flags & MDS_OPEN_HAS_KEY)) { rc = mds_set_gskey(obd, handle, dchild->d_inode, rec->ur_ea2data, rec->ur_ea2datalen, ATTR_KEY | ATTR_MAC); diff --git a/lustre/tests/cfg/lmv.sh b/lustre/tests/cfg/lmv.sh index 6f896d8..ea68251 100644 --- a/lustre/tests/cfg/lmv.sh +++ b/lustre/tests/cfg/lmv.sh @@ -17,7 +17,7 @@ MOUNT=${MOUNT:-"/mnt/lustre"} MOUNT1=${MOUNT1:-$MOUNT} MOUNT2=${MOUNT2:-${MOUNT}2} DIR=${DIR:-$MOUNT} -DIR2=${DIR2:-$MOUNT1} +DIR2=${DIR2:-$MOUNT2} PTLDEBUG=${PTLDEBUG:-0x3f0400} SUBSYSTEM=${SUBSYSTEM:- 0xffb7e3ff} PDSH=${PDSH:-no_dsh} diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh index c5ab848..936220f 100755 --- a/lustre/tests/sanity-crypto.sh +++ b/lustre/tests/sanity-crypto.sh @@ -17,11 +17,17 @@ build_test_filter assert_env MDSCOUNT +SETUP=${SETUP:-"setup"} +CLEANUP=${CLEANUP:-"cleanup"} + +DIR1=${DIR1:-$MOUNT1} +DIR2=${DIR2:-$MOUNT2} +CRYPT_TYPE=${CRYPT_TYPE:-"gks"} +RUN_UID=${RUN_UID:-1000} if [ `using_krb5_sec $SECURITY` == 'n' ] ; then ALWAYS_EXCEPT="0c $ALWAYS_EXCEPT" fi - gen_config() { rm -f $XMLCONFIG @@ -79,8 +85,6 @@ if [ "$ONLY" == "cleanup" ]; then exit fi -SETUP=${SETUP:-"setup"} -CLEANUP=${CLEANUP:-"cleanup"} setup() { gen_config @@ -106,7 +110,85 @@ $SETUP if [ "$ONLY" == "setup" ]; then exit 0 fi +disable_encrypt() { + NAME=$1 + grep " $MOUNT " /proc/mounts && umount $MOUNT + zconf_mount `hostname` $NAME +} +enable_encrypt() { + NAME=$1 + grep " $MOUNT " /proc/mounts || zconf_mount `hostname` $MOUNT + $LCTL set_crypt $MOUNT $CRYPT_TYPE +} mkdir -p $DIR + +test_1a() { + rm -rf $DIR1/1a* + enable_encrypt $MOUNT + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/1a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/1a1 + diff -u $DIR1/1a0 $DIR2/1a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/1a0 $DIR2/1a1 && error "write encryption failed" +} +run_test 1a "read/write encryption=============" + +test_2a() { + rm -rf $DIR1/2a* + enable_encrypt $MOUNT + touch $DIR1/2a0 + setfacl -m u:bin:rw $DIR1/2a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/2a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/2a1 + diff -u $DIR1/2a0 $DIR2/2a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/2a0 $DIR2/2a1 && error "write encryption failed" +} +run_test 2a "read/write encryption with acl=============" + +test_3a() { + rm -rf $DIR1/3a* + enable_encrypt $MOUNT + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/3a1 + chown $RUN_UID $DIR1/3a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a1 + diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/3a0 $DIR2/3a1 && error "write encryption failed" +} +run_test 3a "write chmod encryption=============" + +test_4a() { + rm -rf $DIR1/4a* + enable_encrypt $MOUNT + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/4a1 + setfacl -m u:bin:rw $DIR1/4a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a1 + diff -u $DIR1/4a0 $DIR2/4a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/4a0 $DIR2/4a1 && error "write encryption failed" +} +run_test 4a "write chacl encryption=============" + +test_5a() { + rm -rf $DIR1/5a* + enable_encrypt $MOUNT + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/5a1 + setfacl -m u:bin:rw $DIR1/5a0 + chown $RUN_UID $DIR1/3a0 + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0 || error "chown write error" + echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a1 + diff -u $DIR1/5a0 $DIR2/5a1 || error "files are different" + disable_encrypt $MOUNT + diff -u $DIR1/5a0 $DIR2/5a1 && error "write encryption failed" +} +run_test 5a "write chacl encryption=============" + $CLEANUP -- 1.8.3.1