ceph: add support to readdir for encrypted names

	swap(req->r_fscrypt_auth, as->fscrypt_auth);

}

int ceph_encode_encrypted_fname(const struct inode *parent,

				struct dentry *dentry, char *buf)

int ceph_encode_encrypted_dname(const struct inode *parent,

				struct qstr *d_name, char *buf)

{

	u32 len;

	int elen;

	int ret;

	u8 *cryptbuf;

	WARN_ON_ONCE(!fscrypt_has_encryption_key(parent));

	if (!fscrypt_has_encryption_key(parent)) {

		memcpy(buf, d_name->name, d_name->len);

		return d_name->len;

	}

	/*

	 * Convert cleartext d_name to ciphertext. If result is longer than

	 *

	 * See: fscrypt_setup_filename

	 */

	if (!fscrypt_fname_encrypted_size(parent, dentry->d_name.len, NAME_MAX,

					  &len))

	if (!fscrypt_fname_encrypted_size(parent, d_name->len, NAME_MAX, &len))

		return -ENAMETOOLONG;

	/* Allocate a buffer appropriate to hold the result */

	if (!cryptbuf)

		return -ENOMEM;

	ret = fscrypt_fname_encrypt(parent, &dentry->d_name, cryptbuf, len);

	ret = fscrypt_fname_encrypt(parent, d_name, cryptbuf, len);

	if (ret) {

		kfree(cryptbuf);

		return ret;

	return elen;

}

int ceph_encode_encrypted_fname(const struct inode *parent,

				struct dentry *dentry, char *buf)

{

	WARN_ON_ONCE(!fscrypt_has_encryption_key(parent));

	return ceph_encode_encrypted_dname(parent, &dentry->d_name, buf);

}

/**

 * ceph_fname_to_usr - convert a filename for userland presentation

 * @fname: ceph_fname to be converted

	 * generating a nokey name via fscrypt.

	 */

	if (!fscrypt_has_encryption_key(fname->dir)) {

		if (fname->no_copy)

			oname->name = fname->name;

		else

			memcpy(oname->name, fname->name, fname->name_len);

		oname->len = fname->name_len;

		if (is_nokey)

	unsigned char	*ctext;		// binary crypttext (if any)

	u32		name_len;	// length of name buffer

	u32		ctext_len;	// length of crypttext

	bool		no_copy;

};

struct ceph_fscrypt_auth {

				 struct ceph_acl_sec_ctx *as);

void ceph_fscrypt_as_ctx_to_req(struct ceph_mds_request *req,

				struct ceph_acl_sec_ctx *as);

int ceph_encode_encrypted_dname(const struct inode *parent,

				struct qstr *d_name, char *buf);

int ceph_encode_encrypted_fname(const struct inode *parent,

				struct dentry *dentry, char *buf);

{

}

static inline int ceph_encode_encrypted_dname(const struct inode *parent,

					      struct qstr *d_name, char *buf)

{

	memcpy(buf, d_name->name, d_name->len);

	return d_name->len;

}

static inline int ceph_encode_encrypted_fname(const struct inode *parent,

					      struct dentry *dentry, char *buf)

{

#include "super.h"

#include "mds_client.h"

#include "crypto.h"

/*

 * Directory operations: readdir, lookup, create, link, unlink,

		di = ceph_dentry(dentry);

		if (d_unhashed(dentry) ||

		    d_really_is_negative(dentry) ||

		    di->lease_shared_gen != shared_gen) {

		    di->lease_shared_gen != shared_gen ||

		    ((dentry->d_flags & DCACHE_NOKEY_NAME) &&

		     fscrypt_has_encryption_key(dir))) {

			spin_unlock(&dentry->d_lock);

			dput(dentry);

			err = -EAGAIN;

		ctx->pos = 2;

	}

	err = fscrypt_prepare_readdir(inode);

	if (err)

		return err;

	spin_lock(&ci->i_ceph_lock);

	/* request Fx cap. if have Fx, we don't need to release Fs cap

	 * for later create/unlink. */

		req = ceph_mdsc_create_request(mdsc, op, USE_AUTH_MDS);

		if (IS_ERR(req))

			return PTR_ERR(req);

		err = ceph_alloc_readdir_reply_buffer(req, inode);

		if (err) {

			ceph_mdsc_put_request(req);

			req->r_inode_drop = CEPH_CAP_FILE_EXCL;

		}

		if (dfi->last_name) {

			req->r_path2 = kstrdup(dfi->last_name, GFP_KERNEL);

			struct qstr d_name = { .name = dfi->last_name,

					       .len = strlen(dfi->last_name) };

			req->r_path2 = kzalloc(NAME_MAX + 1, GFP_KERNEL);

			if (!req->r_path2) {

				ceph_mdsc_put_request(req);

				return -ENOMEM;

			}

			err = ceph_encode_encrypted_dname(inode, &d_name,

							  req->r_path2);

			if (err < 0) {

				ceph_mdsc_put_request(req);

				return err;

			}

		} else if (is_hash_order(ctx->pos)) {

			req->r_args.readdir.offset_hash =

				cpu_to_le32(fpos_hash(ctx->pos));

	for (; i < rinfo->dir_nr; i++) {

		struct ceph_mds_reply_dir_entry *rde = rinfo->dir_entries + i;

		BUG_ON(rde->offset < ctx->pos);

		if (rde->offset < ctx->pos) {

			pr_warn("%s: rde->offset 0x%llx ctx->pos 0x%llx\n",

				__func__, rde->offset, ctx->pos);

			return -EIO;

		}

		if (WARN_ON_ONCE(!rde->inode.in))

			return -EIO;

		ctx->pos = rde->offset;

		dout("readdir (%d/%d) -> %llx '%.*s' %p\n",

		     i, rinfo->dir_nr, ctx->pos,

		     rde->name_len, rde->name, &rde->inode.in);

		BUG_ON(!rde->inode.in);

		if (!dir_emit(ctx, rde->name, rde->name_len,

			      ceph_present_ino(inode->i_sb, le64_to_cpu(rde->inode.in->ino)),

			      le32_to_cpu(rde->inode.in->mode) >> 12)) {

			dout("filldir stopping us...\n");

			return 0;

		}

		/* Reset the lengths to their original allocated vals */

		ctx->pos++;

	}

					dfi->dir_ordered_count);

		spin_unlock(&ci->i_ceph_lock);

	}

	dout("readdir %p file %p done.\n", inode, file);

	return 0;

}

			     struct ceph_mds_session *session)

{

	struct dentry *parent = req->r_dentry;

	struct ceph_inode_info *ci = ceph_inode(d_inode(parent));

	struct inode *inode = d_inode(parent);

	struct ceph_inode_info *ci = ceph_inode(inode);

	struct ceph_mds_reply_info_parsed *rinfo = &req->r_reply_info;

	struct qstr dname;

	struct dentry *dn;

		tvino.snap = le64_to_cpu(rde->inode.in->snapid);

		if (rinfo->hash_order) {

			u32 hash = ceph_str_hash(ci->i_dir_layout.dl_dir_hash,

						 rde->name, rde->name_len);

			hash = ceph_frag_value(hash);

			u32 hash = ceph_frag_value(rde->raw_hash);

			if (hash != last_hash)

				fpos_offset = 2;

			last_hash = hash;

				err = -ENOMEM;

				goto out;

			}

			if (rde->is_nokey) {

				spin_lock(&dn->d_lock);

				dn->d_flags |= DCACHE_NOKEY_NAME;

				spin_unlock(&dn->d_lock);

			}

		} else if (d_really_is_positive(dn) &&

			   (ceph_ino(d_inode(dn)) != tvino.ino ||

			    ceph_snap(d_inode(dn)) != tvino.snap)) {

	info->dir_nr = num;

	while (num) {

		struct inode *inode = d_inode(req->r_dentry);

		struct ceph_inode_info *ci = ceph_inode(inode);

		struct ceph_mds_reply_dir_entry *rde = info->dir_entries + i;

		struct fscrypt_str tname = FSTR_INIT(NULL, 0);

		struct fscrypt_str oname = FSTR_INIT(NULL, 0);

		struct ceph_fname fname;

		u32 altname_len, _name_len;

		u8 *altname, *_name;

		/* dentry */

		ceph_decode_32_safe(p, end, rde->name_len, bad);

		ceph_decode_need(p, end, rde->name_len, bad);

		rde->name = *p;

		*p += rde->name_len;

		dout("parsed dir dname '%.*s'\n", rde->name_len, rde->name);

		ceph_decode_32_safe(p, end, _name_len, bad);

		ceph_decode_need(p, end, _name_len, bad);

		_name = *p;

		*p += _name_len;

		dout("parsed dir dname '%.*s'\n", _name_len, _name);

		if (info->hash_order)

			rde->raw_hash = ceph_str_hash(ci->i_dir_layout.dl_dir_hash,

						      _name, _name_len);

		/* dentry lease */

		err = parse_reply_info_lease(p, end, &rde->lease, features,

					     &rde->altname_len, &rde->altname);

					     &altname_len, &altname);

		if (err)

			goto out_bad;

		/*

		 * Try to dencrypt the dentry names and update them

		 * in the ceph_mds_reply_dir_entry struct.

		 */

		fname.dir = inode;

		fname.name = _name;

		fname.name_len = _name_len;

		fname.ctext = altname;

		fname.ctext_len = altname_len;

		/*

		 * The _name_len maybe larger than altname_len, such as

		 * when the human readable name length is in range of

		 * (CEPH_NOHASH_NAME_MAX, CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE),

		 * then the copy in ceph_fname_to_usr will corrupt the

		 * data if there has no encryption key.

		 *

		 * Just set the no_copy flag and then if there has no

		 * encryption key the oname.name will be assigned to

		 * _name always.

		 */

		fname.no_copy = true;

		if (altname_len == 0) {

			/*

			 * Set tname to _name, and this will be used

			 * to do the base64_decode in-place. It's

			 * safe because the decoded string should

			 * always be shorter, which is 3/4 of origin

			 * string.

			 */

			tname.name = _name;

			/*

			 * Set oname to _name too, and this will be

			 * used to do the dencryption in-place.

			 */

			oname.name = _name;

			oname.len = _name_len;

		} else {

			/*

			 * This will do the decryption only in-place

			 * from altname cryptext directly.

			 */

			oname.name = altname;

			oname.len = altname_len;

		}

		rde->is_nokey = false;

		err = ceph_fname_to_usr(&fname, &tname, &oname, &rde->is_nokey);

		if (err) {

			pr_err("%s unable to decode %.*s, got %d\n", __func__,

			       _name_len, _name, err);

			goto out_bad;

		}

		rde->name = oname.name;

		rde->name_len = oname.len;

		/* inode */

		err = parse_reply_info_in(p, end, &rde->inode, features);

		if (err < 0)

	if (err == 0) {

		if (result == 0 && (req->r_op == CEPH_MDS_OP_READDIR ||

				    req->r_op == CEPH_MDS_OP_LSSNAP))

			ceph_readdir_prepopulate(req, req->r_session);

			err = ceph_readdir_prepopulate(req, req->r_session);

	}

	current->journal_info = NULL;

	mutex_unlock(&req->r_fill_mutex);