From: Jeff Layton <jlayton@kernel.org>
To: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org
Cc: linux-fsdevel@vger.kernel.org, idryomov@gmail.com
Subject: [RFC PATCH v10 19/48] ceph: add helpers for converting names for userland presentation
Date: Tue, 11 Jan 2022 14:15:39 -0500 [thread overview]
Message-ID: <20220111191608.88762-20-jlayton@kernel.org> (raw)
In-Reply-To: <20220111191608.88762-1-jlayton@kernel.org>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
fs/ceph/crypto.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++
fs/ceph/crypto.h | 41 ++++++++++++++++++++++++++
2 files changed, 117 insertions(+)
diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
index 1f54e948b656..35137beb027b 100644
--- a/fs/ceph/crypto.c
+++ b/fs/ceph/crypto.c
@@ -175,3 +175,79 @@ int ceph_encode_encrypted_fname(const struct inode *parent, struct dentry *dentr
dout("base64-encoded ciphertext name = %.*s\n", elen, buf);
return elen;
}
+
+/**
+ * ceph_fname_to_usr - convert a filename for userland presentation
+ * @fname: ceph_fname to be converted
+ * @tname: temporary name buffer to use for conversion (may be NULL)
+ * @oname: where converted name should be placed
+ * @is_nokey: set to true if key wasn't available during conversion (may be NULL)
+ *
+ * Given a filename (usually from the MDS), format it for presentation to
+ * userland. If @parent is not encrypted, just pass it back as-is.
+ *
+ * Otherwise, base64 decode the string, and then ask fscrypt to format it
+ * for userland presentation.
+ *
+ * Returns 0 on success or negative error code on error.
+ */
+int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
+ struct fscrypt_str *oname, bool *is_nokey)
+{
+ int ret;
+ struct fscrypt_str _tname = FSTR_INIT(NULL, 0);
+ struct fscrypt_str iname;
+
+ if (!IS_ENCRYPTED(fname->dir)) {
+ oname->name = fname->name;
+ oname->len = fname->name_len;
+ return 0;
+ }
+
+ /* Sanity check that the resulting name will fit in the buffer */
+ if (fname->name_len > FSCRYPT_BASE64URL_CHARS(NAME_MAX))
+ return -EIO;
+
+ ret = __fscrypt_prepare_readdir(fname->dir);
+ if (ret)
+ return ret;
+
+ /*
+ * Use the raw dentry name as sent by the MDS instead of
+ * generating a nokey name via fscrypt.
+ */
+ if (!fscrypt_has_encryption_key(fname->dir)) {
+ memcpy(oname->name, fname->name, fname->name_len);
+ oname->len = fname->name_len;
+ if (is_nokey)
+ *is_nokey = true;
+ return 0;
+ }
+
+ if (fname->ctext_len == 0) {
+ int declen;
+
+ if (!tname) {
+ ret = fscrypt_fname_alloc_buffer(NAME_MAX, &_tname);
+ if (ret)
+ return ret;
+ tname = &_tname;
+ }
+
+ declen = fscrypt_base64url_decode(fname->name, fname->name_len, tname->name);
+ if (declen <= 0) {
+ ret = -EIO;
+ goto out;
+ }
+ iname.name = tname->name;
+ iname.len = declen;
+ } else {
+ iname.name = fname->ctext;
+ iname.len = fname->ctext_len;
+ }
+
+ ret = fscrypt_fname_disk_to_usr(fname->dir, 0, 0, &iname, oname);
+out:
+ fscrypt_fname_free_buffer(&_tname);
+ return ret;
+}
diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
index d5e298383b3e..c2e0cbb5667b 100644
--- a/fs/ceph/crypto.h
+++ b/fs/ceph/crypto.h
@@ -13,6 +13,14 @@ struct ceph_fs_client;
struct ceph_acl_sec_ctx;
struct ceph_mds_request;
+struct ceph_fname {
+ struct inode *dir;
+ char *name; // b64 encoded, possibly hashed
+ unsigned char *ctext; // binary crypttext (if any)
+ u32 name_len; // length of name buffer
+ u32 ctext_len; // length of crypttext
+};
+
struct ceph_fscrypt_auth {
__le32 cfa_version;
__le32 cfa_blob_len;
@@ -55,6 +63,22 @@ int ceph_fscrypt_prepare_context(struct inode *dir, struct inode *inode,
void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req, struct ceph_acl_sec_ctx *as);
int ceph_encode_encrypted_fname(const struct inode *parent, struct dentry *dentry, char *buf);
+static inline int ceph_fname_alloc_buffer(struct inode *parent, struct fscrypt_str *fname)
+{
+ if (!IS_ENCRYPTED(parent))
+ return 0;
+ return fscrypt_fname_alloc_buffer(NAME_MAX, fname);
+}
+
+static inline void ceph_fname_free_buffer(struct inode *parent, struct fscrypt_str *fname)
+{
+ if (IS_ENCRYPTED(parent))
+ fscrypt_fname_free_buffer(fname);
+}
+
+int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
+ struct fscrypt_str *oname, bool *is_nokey);
+
#else /* CONFIG_FS_ENCRYPTION */
static inline void ceph_fscrypt_set_ops(struct super_block *sb)
@@ -83,6 +107,23 @@ static inline int ceph_encode_encrypted_fname(const struct inode *parent,
{
return -EOPNOTSUPP;
}
+
+static inline int ceph_fname_alloc_buffer(struct inode *parent, struct fscrypt_str *fname)
+{
+ return 0;
+}
+
+static inline void ceph_fname_free_buffer(struct inode *parent, struct fscrypt_str *fname)
+{
+}
+
+static inline int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
+ struct fscrypt_str *oname, bool *is_nokey)
+{
+ oname->name = fname->name;
+ oname->len = fname->name_len;
+ return 0;
+}
#endif /* CONFIG_FS_ENCRYPTION */
#endif
--
2.34.1
next prev parent reply other threads:[~2022-01-11 19:17 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 19:15 [RFC PATCH v10 00/48] ceph+fscrypt: full support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 01/48] vfs: export new_inode_pseudo Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 02/48] fscrypt: export fscrypt_base64url_encode and fscrypt_base64url_decode Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 03/48] fscrypt: export fscrypt_fname_encrypt and fscrypt_fname_encrypted_size Jeff Layton
2022-01-27 1:58 ` Eric Biggers
2022-01-11 19:15 ` [RFC PATCH v10 04/48] fscrypt: add fscrypt_context_for_new_inode Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 05/48] ceph: preallocate inode for ops that may create one Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 06/48] ceph: crypto context handling for ceph Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 07/48] ceph: parse new fscrypt_auth and fscrypt_file fields in inode traces Jeff Layton
2022-02-17 8:25 ` Xiubo Li
2022-02-17 11:39 ` Jeff Layton
2022-02-18 1:09 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 08/48] ceph: add fscrypt_* handling to caps.c Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 09/48] ceph: add ability to set fscrypt_auth via setattr Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 10/48] ceph: implement -o test_dummy_encryption mount option Jeff Layton
2022-02-11 13:50 ` Luís Henriques
2022-02-11 14:52 ` Jeff Layton
2022-02-14 9:29 ` Luís Henriques
2022-01-11 19:15 ` [RFC PATCH v10 11/48] ceph: decode alternate_name in lease info Jeff Layton
2022-03-01 10:57 ` Xiubo Li
2022-03-01 11:18 ` Xiubo Li
2022-03-01 13:10 ` Jeff Layton
2022-03-01 13:51 ` Xiubo Li
2022-03-01 13:57 ` Jeff Layton
2022-03-01 14:07 ` Xiubo Li
2022-03-01 14:14 ` Jeff Layton
2022-03-01 14:30 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 12/48] ceph: add fscrypt ioctls Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 13/48] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 14/48] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 15/48] ceph: send altname in MClientRequest Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 16/48] ceph: encode encrypted name in dentry release Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 17/48] ceph: properly set DCACHE_NOKEY_NAME flag in lookup Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 18/48] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2022-01-11 19:15 ` Jeff Layton [this message]
2022-01-11 19:15 ` [RFC PATCH v10 20/48] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 21/48] ceph: add support to readdir for encrypted filenames Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 22/48] ceph: create symlinks with encrypted and base64-encoded targets Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 23/48] ceph: make ceph_get_name decrypt filenames Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 24/48] ceph: add a new ceph.fscrypt.auth vxattr Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 25/48] ceph: add some fscrypt guardrails Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 26/48] ceph: don't allow changing layout on encrypted files/directories Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 27/48] libceph: add CEPH_OSD_OP_ASSERT_VER support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 28/48] ceph: size handling for encrypted inodes in cap updates Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 29/48] ceph: fscrypt_file field handling in MClientRequest messages Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 30/48] ceph: get file size from fscrypt_file when present in inode traces Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 31/48] ceph: handle fscrypt fields in cap messages from MDS Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 32/48] ceph: add __ceph_get_caps helper support Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 33/48] ceph: add __ceph_sync_read " Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 34/48] ceph: add object version support for sync read Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 35/48] ceph: add infrastructure for file encryption and decryption Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 36/48] ceph: add truncate size handling support for fscrypt Jeff Layton
2022-01-12 8:41 ` Xiubo Li
2022-01-11 19:15 ` [RFC PATCH v10 37/48] libceph: allow ceph_osdc_new_request to accept a multi-op read Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 38/48] ceph: disable fallocate for encrypted inodes Jeff Layton
2022-01-11 19:15 ` [RFC PATCH v10 39/48] ceph: disable copy offload on " Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 40/48] ceph: don't use special DIO path for " Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 41/48] ceph: set encryption context on open Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 42/48] ceph: align data in pages in ceph_sync_write Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 43/48] ceph: add read/modify/write to ceph_sync_write Jeff Layton
2022-01-19 3:21 ` Xiubo Li
2022-01-19 5:08 ` Xiubo Li
2022-01-19 11:06 ` Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 44/48] ceph: plumb in decryption during sync reads Jeff Layton
2022-01-19 5:18 ` Xiubo Li
2022-01-19 18:49 ` Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 45/48] ceph: set i_blkbits to crypto block size for encrypted inodes Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 46/48] ceph: add fscrypt decryption support to ceph_netfs_issue_op Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 47/48] ceph: add encryption support to writepage Jeff Layton
2022-01-11 19:16 ` [RFC PATCH v10 48/48] ceph: fscrypt support for writepages Jeff Layton
2022-01-11 19:26 ` [RFC PATCH v10 00/48] ceph+fscrypt: full support Jeff Layton
2022-01-27 2:14 ` Eric Biggers
2022-01-27 11:08 ` Jeff Layton
2022-01-28 20:39 ` Eric Biggers
2022-01-28 20:47 ` Jeff Layton
2022-02-14 9:37 ` Xiubo Li
2022-02-14 11:33 ` Jeff Layton
2022-02-14 12:08 ` Xiubo Li
2022-02-15 0:44 ` Xiubo Li
2022-02-14 17:57 ` Luís Henriques
2022-02-14 18:39 ` Jeff Layton
2022-02-14 21:00 ` Luís Henriques
2022-02-14 21:10 ` Jeff Layton
2022-02-16 16:13 ` Luís Henriques
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220111191608.88762-20-jlayton@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=idryomov@gmail.com \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).