if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0) {
rc = ll_crypto_get_mac(inode, &attr, (void *)value, size,
&key, &key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ GOTO(out, rc);
+ }
}
OBD_ALLOC(op_data, sizeof(*op_data));
(void *)value, size, key, key_size, &request);
OBD_FREE(op_data, sizeof(*op_data));
- if (key && key_size)
- OBD_FREE(key, key_size);
if (rc) {
CDEBUG(D_SEC, "md_setattr fails: rc = %d\n", rc);
GOTO(out, rc);
}
out:
+ if (key && key_size)
+ OBD_FREE(key, key_size);
ptlrpc_req_finished(request);
RETURN(rc);
}
key_size, ckey);
if (rc) {
CERROR("decrypt key error rc %d \n", rc);
+ *key_size = 0;
GOTO(out, rc);
}
*key = ckey;
iattr->ia_valid |= ATTR_MAC;
- EXIT;
out:
if (acl)
posix_acl_release(acl);
OBD_FREE(kperm, kperm_size);
if (kcontext)
OBD_FREE(kcontext, kcontext_size);
- return rc;
+ RETURN(rc);
}
static int ll_crypt_permission_check(struct lustre_key *lkey,
RETURN(-ENOMEM);
ll_inode2mdc_data(op_data, inode, (OBD_MD_FLID | OBD_MD_MEA));
- if (ia_valid & (ATTR_UID | ATTR_GID)) {
+ if (ia_valid & (ATTR_UID | ATTR_GID | ATTR_MODE)) {
rc = ll_crypto_get_mac(inode, attr, NULL, 0, &key,
&key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ if (key && key_size)
+ OBD_FREE(key, key_size);
+ RETURN(rc);
+ }
}
rc = md_setattr(sbi->ll_md_exp, op_data,
attr, key, key_size, NULL, 0, NULL,
enable_encrypt $MOUNT
diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
}
-run_test 3a "write chmod encryption============="
+run_test 3a "write chown encryption============="
test_4a() {
rm -rf $DIR1/4a*
}
run_test 5a "write chacl encryption============="
+test_6a() {
+ rm -rf $DIR1/6a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/6a1
+ chown 0600 $DIR1/6a0
+ setfacl -m u:bin:rw $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a1
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+ echo "enable crypt read success"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 && error "write encryption failed"
+ enable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+}
+run_test 6a "write chmod/setfacl encryption============="
+
$CLEANUP