client, libcephfs: Expose fscrypt apis as low level

chrisphoffman · chrisphoffman · commit 536ef6a7d612 · 2025-06-25T10:22:02.000-04:00
Add low level versions of fscrypt apis to support protocols such as NFS. Signed-off-by: Christopher Hoffman <choffman@redhat.com> (cherry picked from commit a3cba25)
diff --git a/src/client/Client.cc b/src/client/Client.cc
@@ -18207,7 +18207,11 @@ int Client::is_encrypted(int fd, UserPerm& perms, char* enctag)
     return -EBADF;
   }
 
-  Inode *in = f->inode.get();
+  return ll_is_encrypted(f->inode.get(), perms, enctag);
+}
+
+int Client::ll_is_encrypted(Inode *in, UserPerm& perms, char *enctag)
+{
   if (in->is_encrypted()) {
     int r = ll_getxattr(in, "user.ceph.subvolume.enctag", enctag, sizeof(enctag), perms);
     // dir can be encrypted and xattr DNE if it isn't setup via mgr subvolume
diff --git a/src/client/Client.h b/src/client/Client.h
@@ -711,6 +711,7 @@ class Client : public Dispatcher, public md_config_obs_t {
 
   int ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2& policy);
   int ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy);
+  int ll_is_encrypted(Inode *in, UserPerm& perms, char* enctag);
 
   int ll_get_stripe_osd(struct Inode *in, uint64_t blockno,
 			file_layout_t* layout);
diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h
@@ -2206,6 +2206,14 @@ int ceph_ll_setlk(struct ceph_mount_info *cmount,
 
 int ceph_ll_lazyio(struct ceph_mount_info *cmount, Fh *fh, int enable);
 
+int ceph_ll_set_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                               Inode *in, const struct fscrypt_policy_v2 *policy);
+
+int ceph_ll_get_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                               Inode *in, struct fscrypt_policy_v2 *policy);
+
+int ceph_ll_is_encrypted(struct ceph_mount_info *cmount, Inode *in, char* enctag);
+
 /*
  * Delegation support
  *
diff --git a/src/libcephfs.cc b/src/libcephfs.cc
@@ -2746,6 +2746,32 @@ extern "C" int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount,
   return cmount->get_client()->get_fscrypt_policy_v2(fd, policy);
 }
 
+extern "C" int ceph_ll_set_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                                          Inode *in, const struct fscrypt_policy_v2 *policy)
+{
+  if (!cmount->is_mounted())
+    return -ENOTCONN;
+
+  return cmount->get_client()->ll_set_fscrypt_policy_v2(in, *policy);
+}
+
+extern "C" int ceph_ll_get_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                                          Inode *in, struct fscrypt_policy_v2 *policy)
+{
+  if (!cmount->is_mounted())
+    return -ENOTCONN;
+
+  return cmount->get_client()->ll_get_fscrypt_policy_v2(in, policy);
+}
+
+extern "C" int ceph_ll_is_encrypted(struct ceph_mount_info *cmount,
+                                          Inode *in, char* enctag)
+{
+  if (!cmount->is_mounted())
+    return -ENOTCONN;
+
+  return cmount->get_client()->ll_is_encrypted(in, cmount->default_perms, enctag);
+}
 
 // This is deprecated, use ceph_ll_register_callbacks2 instead.
 extern "C" void ceph_ll_register_callbacks(class ceph_mount_info *cmount,
