Branch: HEAD

fix bug 7348, when chmod, should recompute mac

diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 02cc252..494b562 100644 (file)
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -1914,6 +1914,10 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
         if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0) {
                 rc = ll_crypto_get_mac(inode, &attr, (void *)value, size, 
                                        &key, &key_size);
+                if (rc) {
+                        CERROR("can not get right mac, rc=%d\n", rc);
+                        GOTO(out, rc);
+                }
         }
 
         OBD_ALLOC(op_data, sizeof(*op_data));
@@ -1927,13 +1931,13 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
                         (void *)value,  size, key, key_size, &request);
         OBD_FREE(op_data, sizeof(*op_data));
         
-        if (key && key_size) 
-                OBD_FREE(key, key_size);
         if (rc) {
                 CDEBUG(D_SEC, "md_setattr fails: rc = %d\n", rc);
                 GOTO(out, rc);
         }
 out:
+        if (key && key_size) 
+                OBD_FREE(key, key_size);
         ptlrpc_req_finished(request);
         RETURN(rc);
 }

diff --git a/lustre/llite/llite_gs.c b/lustre/llite/llite_gs.c
index b97366e..841d349 100644 (file)
--- a/lustre/llite/llite_gs.c
+++ b/lustre/llite/llite_gs.c
@@ -458,11 +458,11 @@ int ll_gks_get_mac(struct inode *inode, struct iattr *iattr, void *value,
                           key_size, ckey);
         if (rc) {
                 CERROR("decrypt key error rc %d \n", rc);
+                *key_size = 0;
                 GOTO(out, rc);
         }
         *key = ckey;
         iattr->ia_valid |= ATTR_MAC;
-        EXIT;
 out:
         if (acl)
                 posix_acl_release(acl);
@@ -474,7 +474,7 @@ out:
                 OBD_FREE(kperm, kperm_size);
         if (kcontext)
                 OBD_FREE(kcontext, kcontext_size);
-        return rc; 
+        RETURN(rc); 
 }
 
 static int ll_crypt_permission_check(struct lustre_key *lkey,

diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index de8f344..8c625cd 100644 (file)
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -1282,9 +1282,15 @@ int ll_setattr_raw(struct inode *inode, struct iattr *attr)
                         RETURN(-ENOMEM);
                 ll_inode2mdc_data(op_data, inode, (OBD_MD_FLID | OBD_MD_MEA));
 
-                if (ia_valid & (ATTR_UID | ATTR_GID)) {
+                if (ia_valid & (ATTR_UID | ATTR_GID | ATTR_MODE)) {
                         rc = ll_crypto_get_mac(inode, attr, NULL, 0, &key, 
                                                &key_size);
+                        if (rc) {
+                                CERROR("can not get right mac, rc=%d\n", rc);
+                                if (key && key_size)
+                                        OBD_FREE(key, key_size);
+                                RETURN(rc);
+                        }
                 }
                 rc = md_setattr(sbi->ll_md_exp, op_data,
                                 attr, key, key_size, NULL, 0, NULL, 

diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh
index ade5a6c..bfb5841 100755 (executable)
--- a/lustre/tests/sanity-crypto.sh
+++ b/lustre/tests/sanity-crypto.sh
@@ -170,7 +170,7 @@ test_3a() {
        enable_encrypt $MOUNT   
        diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
 }
-run_test 3a "write chmod encryption============="
+run_test 3a "write chown encryption============="
 
 test_4a() {
        rm -rf $DIR1/4a*
@@ -206,5 +206,23 @@ test_5a() {
 }
 run_test 5a "write chacl encryption============="
 
+test_6a() {
+       rm -rf $DIR1/6a*
+       enable_encrypt $MOUNT   
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/6a1
+       chown 0600 $DIR1/6a0
+        setfacl -m u:bin:rw $DIR1/6a0
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0 || error "chown write error"
+       echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a1  
+       diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+       echo "enable crypt read success"
+       disable_encrypt $MOUNT
+       diff -u $DIR1/6a0 $DIR2/6a1 && error "write encryption failed"
+       enable_encrypt $MOUNT   
+       diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+}
+run_test 6a "write chmod/setfacl encryption============="
+
 $CLEANUP