client: Breakout fscrypt get policy into method

chrisphoffman · chrisphoffman · commit a29aa59d5669 · 2025-06-25T10:21:53.000-04:00
Breakout fscrypt get policy into a method. Add ceph_get_fscrypt_policy_v2 support. Signed-off-by: Christopher Hoffman <choffman@redhat.com> (cherry picked from commit e11f4a7)
diff --git a/src/client/Client.cc b/src/client/Client.cc
@@ -18178,6 +18178,28 @@ int Client::ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2&
   return 0;
 }
 
+int Client::get_fscrypt_policy_v2(int fd, struct fscrypt_policy_v2* policy)
+{
+  Fh *f = get_filehandle(fd);
+  if (!f) {
+    return -EBADF;
+  }
+
+  return ll_get_fscrypt_policy_v2(f->inode.get(), policy);
+}
+
+int Client::ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy)
+{
+  if (in->is_fscrypt_enabled()) {
+    in->fscrypt_ctx->convert_to(policy);
+    if (policy->version != 2) {
+      return EINVAL;
+    }
+    return 0;
+  }
+  return ENODATA;
+}
+
 int Client::is_encrypted(int fd, UserPerm& perms, char* enctag)
 {
   Fh *f = get_filehandle(fd);
diff --git a/src/client/Client.h b/src/client/Client.h
@@ -349,6 +349,7 @@ class Client : public Dispatcher, public md_config_obs_t {
   int fcopyfile(const char *sname, const char *dname, UserPerm& perms, mode_t mode);
 
   int set_fscrypt_policy_v2(int fd, const struct fscrypt_policy_v2& policy);
+  int get_fscrypt_policy_v2(int fd, struct fscrypt_policy_v2* policy);
   int is_encrypted(int fd, UserPerm& perms, char* enctag);
 
   int mds_command(
@@ -709,6 +710,7 @@ class Client : public Dispatcher, public md_config_obs_t {
   }
 
   int ll_set_fscrypt_policy_v2(Inode *in, const struct fscrypt_policy_v2& policy);
+  int ll_get_fscrypt_policy_v2(Inode *in, struct fscrypt_policy_v2* policy);
 
   int ll_get_stripe_osd(struct Inode *in, uint64_t blockno,
 			file_layout_t* layout);
diff --git a/src/client/fuse_ll.cc b/src/client/fuse_ll.cc
@@ -969,7 +969,14 @@ static void fuse_ll_ioctl(fuse_req_t req, fuse_ino_t ino,
       Inode *in = fh->inode.get();
 
       if (in->is_fscrypt_enabled()) {
-        in->fscrypt_ctx->convert_to(&out_arg.policy.v2);
+
+        int r = cfuse->client->ll_get_fscrypt_policy_v2(in, &out_arg.policy.v2);
+
+        if (r < 0) {
+          fuse_reply_err(req, r);
+	  break;
+        }
+
         out_arg.policy_size = sizeof(out_arg.policy);
 
         fuse_reply_ioctl(req, 0, &out_arg, sizeof(out_arg));
diff --git a/src/include/cephfs/libcephfs.h b/src/include/cephfs/libcephfs.h
@@ -2039,6 +2039,17 @@ int ceph_is_encrypted(struct ceph_mount_info *cmount,
  */
 int get_inode_flags(struct ceph_mount_info *cmount, int fd, int* file_attr_out);
 
+/**
+ * Get encryption policy of a directory.
+ *
+ * @param cmount the ceph mount handle to use.
+ * @param fd open directory file descriptor
+ * @param policy pointer to to the fscrypt v2 policy
+ * @returns zero on success, other returns a negative error code.
+ */
+int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                               int fd, struct fscrypt_policy_v2 *policy);
+
 /* Low Level */
 struct Inode *ceph_ll_get_inode(struct ceph_mount_info *cmount,
 				vinodeno_t vino);
diff --git a/src/libcephfs.cc b/src/libcephfs.cc
@@ -2737,6 +2737,15 @@ extern "C" int ceph_is_encrypted(struct ceph_mount_info *cmount,
   return cmount->get_client()->is_encrypted(fd, cmount->default_perms, enctag);
 }
 
+extern "C" int ceph_get_fscrypt_policy_v2(struct ceph_mount_info *cmount,
+                                          int fd, struct fscrypt_policy_v2 *policy)
+{
+  if (!cmount->is_mounted())
+    return -ENOTCONN;
+
+  return cmount->get_client()->get_fscrypt_policy_v2(fd, policy);
+}
+
 
 // This is deprecated, use ceph_ll_register_callbacks2 instead.
 extern "C" void ceph_ll_register_callbacks(class ceph_mount_info *cmount,
