CDEBUG(D_INFO, "data_key is "LPU64" \n", data_key);
/*encrypt the data*/
ptr = (char *)kmap(page);
+ key_ptr = ptr;
ptr += offset;
CDEBUG(D_INFO, "ptr is %s \n", ptr);
for (i = 0; i < count; i++)
- *ptr++ ^= data_key;
- CDEBUG(D_INFO, "encrypted ptr is %s \n", ptr);
+ *ptr++ ^= (__u8)data_key;
+ CDEBUG(D_INFO, "encrypted ptr is %s \n", key_ptr);
kunmap(page);
RETURN(0);
OBD_FREE(lustre_data->it_key, sizeof(struct crypto_key));
}
OBD_ALLOC(crypto_key, sizeof(struct crypto_key));
-
+
+ crypto_key->ck_type = MKS_TYPE;
lustre_data->it_key = crypto_key;
lustre_data->it_key_size = sizeof(struct crypto_key);
RETURN(rc);
int mds_pack_gskey(struct obd_device *obd, struct lustre_msg *repmsg,
int *offset, struct mds_body *body, struct inode *inode)
{
- struct mds_obd *mds = &obd->u.mds;
struct crypto_key_md *md_key;
struct crypto_key *ckey;
__u32 buflen, *sizep;
void *buf;
int size, rc = 0;
ENTRY;
-
- if ((mds->mds_crypto_type != MKS_TYPE &&
- mds->mds_crypto_type != GKS_TYPE))
- RETURN(rc);
sizep = lustre_msg_buf(repmsg, (*offset)++, 4);
if (!sizep) {
size = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key),
EA_KEY);
- if (size < 0) {
- CERROR("Can not get gskey from MDS ino %lu rc %d\n",
- inode->i_ino, size);
+ if (size <= 0) {
+ if (size < 0)
+ CERROR("Can not get gskey from MDS ino %lu rc %d\n",
+ inode->i_ino, size);
GOTO(out, rc = size);
}
if (le32_to_cpu(md_key->md_magic) != MD_KEY_MAGIC) {
RETURN(rc);
}
-static int mds_get_gskey(struct inode *inode, struct crypto_key_md *mkey)
+static int mds_get_gskey(struct inode *inode, struct crypto_key *ckey)
{
- LASSERT(mkey);
+ LASSERT(ckey);
/*tmp create gs key here*/
- get_random_bytes(mkey->md_ck.ck_key, KEY_SIZE);
- mkey->md_ck.ck_type = MKS_TYPE;
+ LASSERT(ckey->ck_type == MKS_TYPE);
+ get_random_bytes(ckey->ck_key, KEY_SIZE);
RETURN(0);
}
{
struct crypto_key_md *md_key = NULL;
struct crypto_key *ckey = (struct crypto_key *)key;
- struct mds_obd *mds = &obd->u.mds;
int rc = 0;
ENTRY;
- if ((mds->mds_crypto_type != MKS_TYPE &&
- mds->mds_crypto_type != GKS_TYPE)) {
- CDEBUG(D_INFO, "mds_crypto_type %d \n", mds->mds_crypto_type);
- RETURN(rc);
- }
+ if (!ckey)
+ RETURN(0);
+
+ LASSERT(ckey->ck_type == MKS_TYPE || ckey->ck_type == GKS_TYPE);
+
OBD_ALLOC(md_key, sizeof(*md_key));
- if (mds->mds_crypto_type == MKS_TYPE) {
- mds_get_gskey(inode, md_key);
- } else {
- LASSERT(ckey != NULL);
- }
+ if (ckey->ck_type == MKS_TYPE) {
+ mds_get_gskey(inode, ckey);
+ }
+
rc = fsfilt_get_md(obd, inode, md_key, sizeof(*md_key),
EA_KEY);
if (rc < 0)
GOTO(free, rc);
LASSERT(le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC ||
md_key->md_magic == 0);
+
if (le32_to_cpu(md_key->md_magic) == MD_KEY_MAGIC) {
CDEBUG(D_INFO, "reset key %s mac %s", md_key->md_ck.ck_mac,
md_key->md_ck.ck_key);
}
md_key->md_magic = cpu_to_le32(MD_KEY_MAGIC);
- if (mds->mds_crypto_type == GKS_TYPE) {
/*get key and mac from request buffer*/
- if (valid & ATTR_MAC) {
- memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE);
+ if (valid & ATTR_MAC) {
+ memcpy(md_key->md_ck.ck_mac, ckey->ck_mac, MAC_SIZE);
CDEBUG(D_INFO, "set mac %s for ino %lu \n",
md_key->md_ck.ck_mac, inode->i_ino);
- }
- if (valid & ATTR_KEY) {
- memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE);
- CDEBUG(D_INFO, "set key %s for ino %lu \n",
+ }
+ if (valid & ATTR_KEY) {
+ memcpy(md_key->md_ck.ck_key, ckey->ck_key, KEY_SIZE);
+ CDEBUG(D_INFO, "set key %s for ino %lu \n",
md_key->md_ck.ck_key, inode->i_ino);
- }
}
- rc = fsfilt_set_md(obd, inode, handle, md_key,
- sizeof(*md_key), EA_KEY);
+ rc = fsfilt_set_md(obd, inode, handle, md_key, sizeof(*md_key), EA_KEY);
free:
if (md_key)
OBD_FREE(md_key, sizeof(*md_key));
{
struct mds_obd *mds = &obd->u.mds;
ENTRY;
-
if (vallen >= strlen("mks") &&
memcmp(val, "mks", vallen) == 0) {
mds->mds_crypto_type = MKS_TYPE;
assert_env MDSCOUNT
+SETUP=${SETUP:-"setup"}
+CLEANUP=${CLEANUP:-"cleanup"}
+
+DIR1=${DIR1:-$MOUNT1}
+DIR2=${DIR2:-$MOUNT2}
+CRYPT_TYPE=${CRYPT_TYPE:-"gks"}
+RUN_UID=${RUN_UID:-1000}
if [ `using_krb5_sec $SECURITY` == 'n' ] ; then
ALWAYS_EXCEPT="0c $ALWAYS_EXCEPT"
fi
-
gen_config() {
rm -f $XMLCONFIG
exit
fi
-SETUP=${SETUP:-"setup"}
-CLEANUP=${CLEANUP:-"cleanup"}
setup() {
gen_config
if [ "$ONLY" == "setup" ]; then
exit 0
fi
+disable_encrypt() {
+ NAME=$1
+ grep " $MOUNT " /proc/mounts && umount $MOUNT
+ zconf_mount `hostname` $NAME
+}
+enable_encrypt() {
+ NAME=$1
+ grep " $MOUNT " /proc/mounts || zconf_mount `hostname` $MOUNT
+ $LCTL set_crypt $MOUNT $CRYPT_TYPE
+}
mkdir -p $DIR
+
+test_1a() {
+ rm -rf $DIR1/1a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/1a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/1a1
+ diff -u $DIR1/1a0 $DIR2/1a1 || error "files are different"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/1a0 $DIR2/1a1 && error "write encryption failed"
+}
+run_test 1a "read/write encryption============="
+
+test_2a() {
+ rm -rf $DIR1/2a*
+ enable_encrypt $MOUNT
+ touch $DIR1/2a0
+ setfacl -m u:bin:rw $DIR1/2a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/2a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/2a1
+ diff -u $DIR1/2a0 $DIR2/2a1 || error "files are different"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/2a0 $DIR2/2a1 && error "write encryption failed"
+}
+run_test 2a "read/write encryption with acl============="
+
+test_3a() {
+ rm -rf $DIR1/3a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/3a1
+ chown $RUN_UID $DIR1/3a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/3a1
+ diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/3a0 $DIR2/3a1 && error "write encryption failed"
+}
+run_test 3a "write chmod encryption============="
+
+test_4a() {
+ rm -rf $DIR1/4a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/4a1
+ setfacl -m u:bin:rw $DIR1/4a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/4a1
+ diff -u $DIR1/4a0 $DIR2/4a1 || error "files are different"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/4a0 $DIR2/4a1 && error "write encryption failed"
+}
+run_test 4a "write chacl encryption============="
+
+test_5a() {
+ rm -rf $DIR1/5a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/5a1
+ setfacl -m u:bin:rw $DIR1/5a0
+ chown $RUN_UID $DIR1/3a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/5a1
+ diff -u $DIR1/5a0 $DIR2/5a1 || error "files are different"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/5a0 $DIR2/5a1 && error "write encryption failed"
+}
+run_test 5a "write chacl encryption============="
+
$CLEANUP