From 7f18a397143c62ae87b76025d0e5632ef97bbffa Mon Sep 17 00:00:00 2001
From: wangdi <wangdi>
Date: Thu, 18 Aug 2005 04:54:08 +0000
Subject: [PATCH] Branch: HEAD fix bug 7348, when chmod, should recompute mac
---
lustre/llite/file.c | 8 ++++++--
lustre/llite/llite_gs.c | 4 ++--
lustre/llite/llite_lib.c | 8 +++++++-
lustre/tests/sanity-crypto.sh | 20 +++++++++++++++++++-
4 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/lustre/llite/file.c b/lustre/llite/file.c
index 02cc252500..494b562da2 100644
--- a/lustre/llite/file.c
+++ b/lustre/llite/file.c
@@ -1914,6 +1914,10 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
if (strcmp(name, XATTR_NAME_ACL_ACCESS) == 0) {
rc = ll_crypto_get_mac(inode, &attr, (void *)value, size,
&key, &key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ GOTO(out, rc);
+ }
}
OBD_ALLOC(op_data, sizeof(*op_data));
@@ -1927,13 +1931,13 @@ int ll_setxattr_internal(struct inode *inode, const char *name,
(void *)value, size, key, key_size, &request);
OBD_FREE(op_data, sizeof(*op_data));
- if (key && key_size)
- OBD_FREE(key, key_size);
if (rc) {
CDEBUG(D_SEC, "md_setattr fails: rc = %d\n", rc);
GOTO(out, rc);
}
out:
+ if (key && key_size)
+ OBD_FREE(key, key_size);
ptlrpc_req_finished(request);
RETURN(rc);
}
diff --git a/lustre/llite/llite_gs.c b/lustre/llite/llite_gs.c
index b97366e43e..841d349ec2 100644
--- a/lustre/llite/llite_gs.c
+++ b/lustre/llite/llite_gs.c
@@ -458,11 +458,11 @@ int ll_gks_get_mac(struct inode *inode, struct iattr *iattr, void *value,
key_size, ckey);
if (rc) {
CERROR("decrypt key error rc %d \n", rc);
+ *key_size = 0;
GOTO(out, rc);
}
*key = ckey;
iattr->ia_valid |= ATTR_MAC;
- EXIT;
out:
if (acl)
posix_acl_release(acl);
@@ -474,7 +474,7 @@ out:
OBD_FREE(kperm, kperm_size);
if (kcontext)
OBD_FREE(kcontext, kcontext_size);
- return rc;
+ RETURN(rc);
}
static int ll_crypt_permission_check(struct lustre_key *lkey,
diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index de8f3444d4..8c625cd372 100644
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -1282,9 +1282,15 @@ int ll_setattr_raw(struct inode *inode, struct iattr *attr)
RETURN(-ENOMEM);
ll_inode2mdc_data(op_data, inode, (OBD_MD_FLID | OBD_MD_MEA));
- if (ia_valid & (ATTR_UID | ATTR_GID)) {
+ if (ia_valid & (ATTR_UID | ATTR_GID | ATTR_MODE)) {
rc = ll_crypto_get_mac(inode, attr, NULL, 0, &key,
&key_size);
+ if (rc) {
+ CERROR("can not get right mac, rc=%d\n", rc);
+ if (key && key_size)
+ OBD_FREE(key, key_size);
+ RETURN(rc);
+ }
}
rc = md_setattr(sbi->ll_md_exp, op_data,
attr, key, key_size, NULL, 0, NULL,
diff --git a/lustre/tests/sanity-crypto.sh b/lustre/tests/sanity-crypto.sh
index ade5a6c0c3..bfb5841acc 100755
--- a/lustre/tests/sanity-crypto.sh
+++ b/lustre/tests/sanity-crypto.sh
@@ -170,7 +170,7 @@ test_3a() {
enable_encrypt $MOUNT
diff -u $DIR1/3a0 $DIR2/3a1 || error "files are different"
}
-run_test 3a "write chmod encryption============="
+run_test 3a "write chown encryption============="
test_4a() {
rm -rf $DIR1/4a*
@@ -206,5 +206,23 @@ test_5a() {
}
run_test 5a "write chacl encryption============="
+test_6a() {
+ rm -rf $DIR1/6a*
+ enable_encrypt $MOUNT
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR2/6a1
+ chown 0600 $DIR1/6a0
+ setfacl -m u:bin:rw $DIR1/6a0
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a0 || error "chown write error"
+ echo aaaaaaaaaaaaaaaaaaaa >> $DIR1/6a1
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+ echo "enable crypt read success"
+ disable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 && error "write encryption failed"
+ enable_encrypt $MOUNT
+ diff -u $DIR1/6a0 $DIR2/6a1 || error "files are different"
+}
+run_test 6a "write chmod/setfacl encryption============="
+
$CLEANUP
--
GitLab