diff options
author | Michael Halcrow <mhalcrow@us.ibm.com> | 2009-01-06 17:42:00 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 18:59:22 -0500 |
commit | addd65ad8d19a7d7982130b16f957d5d01d3f8df (patch) | |
tree | 2263b4a4b7a6269410bd161a3995d2b4af3f7bcf /fs | |
parent | 51ca58dcc9f0d6b1e78954d08bd4954fb6a1421c (diff) |
eCryptfs: Filename Encryption: filldir, lookup, and readlink
Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
and ecryptfs_readlink() to call out to filename encryption functions.
Propagate filename encryption policy flags from mount-wide crypt_stat to
inode crypt_stat.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Tyler Hicks <tchicks@us.ibm.com>
Cc: David Kleikamp <shaggy@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/crypto.c | 107 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 6 | ||||
-rw-r--r-- | fs/ecryptfs/file.c | 30 | ||||
-rw-r--r-- | fs/ecryptfs/inode.c | 294 |
4 files changed, 195 insertions, 242 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 18c78abba68..ea2afd2ce22 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -924,6 +924,15 @@ static void ecryptfs_copy_mount_wide_flags_to_inode_flags( | |||
924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; | 924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | 925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) |
926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; | 926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; |
927 | if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { | ||
928 | crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; | ||
929 | if (mount_crypt_stat->flags | ||
930 | & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) | ||
931 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; | ||
932 | else if (mount_crypt_stat->flags | ||
933 | & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) | ||
934 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; | ||
935 | } | ||
927 | } | 936 | } |
928 | 937 | ||
929 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( | 938 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( |
@@ -1060,7 +1069,8 @@ struct ecryptfs_flag_map_elem { | |||
1060 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { | 1069 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { |
1061 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, | 1070 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, |
1062 | {0x00000002, ECRYPTFS_ENCRYPTED}, | 1071 | {0x00000002, ECRYPTFS_ENCRYPTED}, |
1063 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR} | 1072 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR}, |
1073 | {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES} | ||
1064 | }; | 1074 | }; |
1065 | 1075 | ||
1066 | /** | 1076 | /** |
@@ -1213,6 +1223,8 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
1213 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); | 1223 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); |
1214 | int rc; | 1224 | int rc; |
1215 | 1225 | ||
1226 | if (crypt_stat->extent_size == 0) | ||
1227 | crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; | ||
1216 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, | 1228 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, |
1217 | ecryptfs_inode); | 1229 | ecryptfs_inode); |
1218 | if (rc) { | 1230 | if (rc) { |
@@ -1222,7 +1234,6 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
1222 | } | 1234 | } |
1223 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { | 1235 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { |
1224 | rc = -EINVAL; | 1236 | rc = -EINVAL; |
1225 | ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n"); | ||
1226 | } | 1237 | } |
1227 | out: | 1238 | out: |
1228 | return rc; | 1239 | return rc; |
@@ -1629,98 +1640,6 @@ out: | |||
1629 | } | 1640 | } |
1630 | 1641 | ||
1631 | /** | 1642 | /** |
1632 | * ecryptfs_encode_filename - converts a plaintext file name to cipher text | ||
1633 | * @crypt_stat: The crypt_stat struct associated with the file anem to encode | ||
1634 | * @name: The plaintext name | ||
1635 | * @length: The length of the plaintext | ||
1636 | * @encoded_name: The encypted name | ||
1637 | * | ||
1638 | * Encrypts and encodes a filename into something that constitutes a | ||
1639 | * valid filename for a filesystem, with printable characters. | ||
1640 | * | ||
1641 | * We assume that we have a properly initialized crypto context, | ||
1642 | * pointed to by crypt_stat->tfm. | ||
1643 | * | ||
1644 | * TODO: Implement filename decoding and decryption here, in place of | ||
1645 | * memcpy. We are keeping the framework around for now to (1) | ||
1646 | * facilitate testing of the components needed to implement filename | ||
1647 | * encryption and (2) to provide a code base from which other | ||
1648 | * developers in the community can easily implement this feature. | ||
1649 | * | ||
1650 | * Returns the length of encoded filename; negative if error | ||
1651 | */ | ||
1652 | int | ||
1653 | ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
1654 | const char *name, int length, char **encoded_name) | ||
1655 | { | ||
1656 | int error = 0; | ||
1657 | |||
1658 | (*encoded_name) = kmalloc(length + 2, GFP_KERNEL); | ||
1659 | if (!(*encoded_name)) { | ||
1660 | error = -ENOMEM; | ||
1661 | goto out; | ||
1662 | } | ||
1663 | /* TODO: Filename encryption is a scheduled feature for a | ||
1664 | * future version of eCryptfs. This function is here only for | ||
1665 | * the purpose of providing a framework for other developers | ||
1666 | * to easily implement filename encryption. Hint: Replace this | ||
1667 | * memcpy() with a call to encrypt and encode the | ||
1668 | * filename, the set the length accordingly. */ | ||
1669 | memcpy((void *)(*encoded_name), (void *)name, length); | ||
1670 | (*encoded_name)[length] = '\0'; | ||
1671 | error = length + 1; | ||
1672 | out: | ||
1673 | return error; | ||
1674 | } | ||
1675 | |||
1676 | /** | ||
1677 | * ecryptfs_decode_filename - converts the cipher text name to plaintext | ||
1678 | * @crypt_stat: The crypt_stat struct associated with the file | ||
1679 | * @name: The filename in cipher text | ||
1680 | * @length: The length of the cipher text name | ||
1681 | * @decrypted_name: The plaintext name | ||
1682 | * | ||
1683 | * Decodes and decrypts the filename. | ||
1684 | * | ||
1685 | * We assume that we have a properly initialized crypto context, | ||
1686 | * pointed to by crypt_stat->tfm. | ||
1687 | * | ||
1688 | * TODO: Implement filename decoding and decryption here, in place of | ||
1689 | * memcpy. We are keeping the framework around for now to (1) | ||
1690 | * facilitate testing of the components needed to implement filename | ||
1691 | * encryption and (2) to provide a code base from which other | ||
1692 | * developers in the community can easily implement this feature. | ||
1693 | * | ||
1694 | * Returns the length of decoded filename; negative if error | ||
1695 | */ | ||
1696 | int | ||
1697 | ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
1698 | const char *name, int length, char **decrypted_name) | ||
1699 | { | ||
1700 | int error = 0; | ||
1701 | |||
1702 | (*decrypted_name) = kmalloc(length + 2, GFP_KERNEL); | ||
1703 | if (!(*decrypted_name)) { | ||
1704 | error = -ENOMEM; | ||
1705 | goto out; | ||
1706 | } | ||
1707 | /* TODO: Filename encryption is a scheduled feature for a | ||
1708 | * future version of eCryptfs. This function is here only for | ||
1709 | * the purpose of providing a framework for other developers | ||
1710 | * to easily implement filename encryption. Hint: Replace this | ||
1711 | * memcpy() with a call to decode and decrypt the | ||
1712 | * filename, the set the length accordingly. */ | ||
1713 | memcpy((void *)(*decrypted_name), (void *)name, length); | ||
1714 | (*decrypted_name)[length + 1] = '\0'; /* Only for convenience | ||
1715 | * in printing out the | ||
1716 | * string in debug | ||
1717 | * messages */ | ||
1718 | error = length; | ||
1719 | out: | ||
1720 | return error; | ||
1721 | } | ||
1722 | |||
1723 | /** | ||
1724 | * ecryptfs_encrypt_filename - encrypt filename | 1643 | * ecryptfs_encrypt_filename - encrypt filename |
1725 | * | 1644 | * |
1726 | * CBC-encrypts the filename. We do not want to encrypt the same | 1645 | * CBC-encrypts the filename. We do not want to encrypt the same |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index b648175a44c..c11fc95714a 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -627,12 +627,6 @@ int ecryptfs_decode_and_decrypt_filename(char **decrypted_name, | |||
627 | struct dentry *ecryptfs_dentry, | 627 | struct dentry *ecryptfs_dentry, |
628 | const char *name, size_t name_size); | 628 | const char *name, size_t name_size); |
629 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); | 629 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); |
630 | int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
631 | const char *name, int length, | ||
632 | char **decrypted_name); | ||
633 | int ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
634 | const char *name, int length, | ||
635 | char **encoded_name); | ||
636 | int ecryptfs_encrypt_and_encode_filename( | 630 | int ecryptfs_encrypt_and_encode_filename( |
637 | char **encoded_name, | 631 | char **encoded_name, |
638 | size_t *encoded_name_size, | 632 | size_t *encoded_name_size, |
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index 71383437122..567eb4bee1b 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
@@ -77,27 +77,27 @@ struct ecryptfs_getdents_callback { | |||
77 | 77 | ||
78 | /* Inspired by generic filldir in fs/readdir.c */ | 78 | /* Inspired by generic filldir in fs/readdir.c */ |
79 | static int | 79 | static int |
80 | ecryptfs_filldir(void *dirent, const char *name, int namelen, loff_t offset, | 80 | ecryptfs_filldir(void *dirent, const char *lower_name, int lower_namelen, |
81 | u64 ino, unsigned int d_type) | 81 | loff_t offset, u64 ino, unsigned int d_type) |
82 | { | 82 | { |
83 | struct ecryptfs_crypt_stat *crypt_stat; | ||
84 | struct ecryptfs_getdents_callback *buf = | 83 | struct ecryptfs_getdents_callback *buf = |
85 | (struct ecryptfs_getdents_callback *)dirent; | 84 | (struct ecryptfs_getdents_callback *)dirent; |
85 | int name_size; | ||
86 | char *name; | ||
86 | int rc; | 87 | int rc; |
87 | int decoded_length; | ||
88 | char *decoded_name; | ||
89 | 88 | ||
90 | crypt_stat = ecryptfs_dentry_to_private(buf->dentry)->crypt_stat; | ||
91 | buf->filldir_called++; | 89 | buf->filldir_called++; |
92 | decoded_length = ecryptfs_decode_filename(crypt_stat, name, namelen, | 90 | rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size, |
93 | &decoded_name); | 91 | buf->dentry, lower_name, |
94 | if (decoded_length < 0) { | 92 | lower_namelen); |
95 | rc = decoded_length; | 93 | if (rc) { |
94 | printk(KERN_ERR "%s: Error attempting to decode and decrypt " | ||
95 | "filename [%s]; rc = [%d]\n", __func__, lower_name, | ||
96 | rc); | ||
96 | goto out; | 97 | goto out; |
97 | } | 98 | } |
98 | rc = buf->filldir(buf->dirent, decoded_name, decoded_length, offset, | 99 | rc = buf->filldir(buf->dirent, name, name_size, offset, ino, d_type); |
99 | ino, d_type); | 100 | kfree(name); |
100 | kfree(decoded_name); | ||
101 | if (rc >= 0) | 101 | if (rc >= 0) |
102 | buf->entries_written++; | 102 | buf->entries_written++; |
103 | out: | 103 | out: |
@@ -106,8 +106,8 @@ out: | |||
106 | 106 | ||
107 | /** | 107 | /** |
108 | * ecryptfs_readdir | 108 | * ecryptfs_readdir |
109 | * @file: The ecryptfs file struct | 109 | * @file: The eCryptfs directory file |
110 | * @dirent: Directory entry | 110 | * @dirent: Directory entry handle |
111 | * @filldir: The filldir callback function | 111 | * @filldir: The filldir callback function |
112 | */ | 112 | */ |
113 | static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir) | 113 | static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir) |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 0111906a887..38309ce94d7 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c | |||
@@ -228,8 +228,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, | |||
228 | { | 228 | { |
229 | int rc; | 229 | int rc; |
230 | 230 | ||
231 | /* ecryptfs_do_create() calls ecryptfs_interpose(), which opens | 231 | /* ecryptfs_do_create() calls ecryptfs_interpose() */ |
232 | * the crypt_stat->lower_file (persistent file) */ | ||
233 | rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); | 232 | rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); |
234 | if (unlikely(rc)) { | 233 | if (unlikely(rc)) { |
235 | ecryptfs_printk(KERN_WARNING, "Failed to create file in" | 234 | ecryptfs_printk(KERN_WARNING, "Failed to create file in" |
@@ -244,141 +243,91 @@ out: | |||
244 | } | 243 | } |
245 | 244 | ||
246 | /** | 245 | /** |
247 | * ecryptfs_lookup | 246 | * ecryptfs_lookup_and_interpose_lower - Perform a lookup |
248 | * @dir: inode | ||
249 | * @dentry: The dentry | ||
250 | * @nd: nameidata, may be NULL | ||
251 | * | ||
252 | * Find a file on disk. If the file does not exist, then we'll add it to the | ||
253 | * dentry cache and continue on to read it from the disk. | ||
254 | */ | 247 | */ |
255 | static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | 248 | int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, |
256 | struct nameidata *nd) | 249 | struct dentry *lower_dentry, |
250 | struct ecryptfs_crypt_stat *crypt_stat, | ||
251 | struct inode *ecryptfs_dir_inode, | ||
252 | struct nameidata *ecryptfs_nd) | ||
257 | { | 253 | { |
258 | int rc = 0; | ||
259 | struct dentry *lower_dir_dentry; | 254 | struct dentry *lower_dir_dentry; |
260 | struct dentry *lower_dentry; | ||
261 | struct vfsmount *lower_mnt; | 255 | struct vfsmount *lower_mnt; |
262 | char *encoded_name; | 256 | struct inode *lower_inode; |
263 | int encoded_namelen; | ||
264 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | ||
265 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | 257 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; |
266 | char *page_virt = NULL; | 258 | char *page_virt = NULL; |
267 | struct inode *lower_inode; | ||
268 | u64 file_size; | 259 | u64 file_size; |
260 | int rc = 0; | ||
269 | 261 | ||
270 | lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); | 262 | lower_dir_dentry = lower_dentry->d_parent; |
271 | dentry->d_op = &ecryptfs_dops; | 263 | lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt( |
272 | if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) | 264 | ecryptfs_dentry->d_parent)); |
273 | || (dentry->d_name.len == 2 | ||
274 | && !strcmp(dentry->d_name.name, ".."))) { | ||
275 | d_drop(dentry); | ||
276 | goto out; | ||
277 | } | ||
278 | encoded_namelen = ecryptfs_encode_filename(crypt_stat, | ||
279 | dentry->d_name.name, | ||
280 | dentry->d_name.len, | ||
281 | &encoded_name); | ||
282 | if (encoded_namelen < 0) { | ||
283 | rc = encoded_namelen; | ||
284 | d_drop(dentry); | ||
285 | goto out; | ||
286 | } | ||
287 | ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " | ||
288 | "= [%d]\n", encoded_name, encoded_namelen); | ||
289 | lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, | ||
290 | encoded_namelen - 1); | ||
291 | kfree(encoded_name); | ||
292 | if (IS_ERR(lower_dentry)) { | ||
293 | ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); | ||
294 | rc = PTR_ERR(lower_dentry); | ||
295 | d_drop(dentry); | ||
296 | goto out; | ||
297 | } | ||
298 | lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); | ||
299 | ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" | ||
300 | "d_name.name = [%s]\n", lower_dentry, | ||
301 | lower_dentry->d_name.name); | ||
302 | lower_inode = lower_dentry->d_inode; | 265 | lower_inode = lower_dentry->d_inode; |
303 | fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); | 266 | fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode); |
304 | BUG_ON(!atomic_read(&lower_dentry->d_count)); | 267 | BUG_ON(!atomic_read(&lower_dentry->d_count)); |
305 | ecryptfs_set_dentry_private(dentry, | 268 | ecryptfs_set_dentry_private(ecryptfs_dentry, |
306 | kmem_cache_alloc(ecryptfs_dentry_info_cache, | 269 | kmem_cache_alloc(ecryptfs_dentry_info_cache, |
307 | GFP_KERNEL)); | 270 | GFP_KERNEL)); |
308 | if (!ecryptfs_dentry_to_private(dentry)) { | 271 | if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) { |
309 | rc = -ENOMEM; | 272 | rc = -ENOMEM; |
310 | ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " | 273 | printk(KERN_ERR "%s: Out of memory whilst attempting " |
311 | "to allocate ecryptfs_dentry_info struct\n"); | 274 | "to allocate ecryptfs_dentry_info struct\n", |
275 | __func__); | ||
312 | goto out_dput; | 276 | goto out_dput; |
313 | } | 277 | } |
314 | ecryptfs_set_dentry_lower(dentry, lower_dentry); | 278 | ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry); |
315 | ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); | 279 | ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt); |
316 | if (!lower_dentry->d_inode) { | 280 | if (!lower_dentry->d_inode) { |
317 | /* We want to add because we couldn't find in lower */ | 281 | /* We want to add because we couldn't find in lower */ |
318 | d_add(dentry, NULL); | 282 | d_add(ecryptfs_dentry, NULL); |
319 | goto out; | 283 | goto out; |
320 | } | 284 | } |
321 | rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, | 285 | rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, |
322 | ECRYPTFS_INTERPOSE_FLAG_D_ADD); | 286 | ecryptfs_dir_inode->i_sb, 1); |
323 | if (rc) { | 287 | if (rc) { |
324 | ecryptfs_printk(KERN_ERR, "Error interposing\n"); | 288 | printk(KERN_ERR "%s: Error interposing; rc = [%d]\n", |
289 | __func__, rc); | ||
325 | goto out; | 290 | goto out; |
326 | } | 291 | } |
327 | if (S_ISDIR(lower_inode->i_mode)) { | 292 | if (S_ISDIR(lower_inode->i_mode)) |
328 | ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); | ||
329 | goto out; | 293 | goto out; |
330 | } | 294 | if (S_ISLNK(lower_inode->i_mode)) |
331 | if (S_ISLNK(lower_inode->i_mode)) { | ||
332 | ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); | ||
333 | goto out; | 295 | goto out; |
334 | } | 296 | if (special_file(lower_inode->i_mode)) |
335 | if (special_file(lower_inode->i_mode)) { | ||
336 | ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n"); | ||
337 | goto out; | 297 | goto out; |
338 | } | 298 | if (!ecryptfs_nd) |
339 | if (!nd) { | ||
340 | ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" | ||
341 | "as we *think* we are about to unlink\n"); | ||
342 | goto out; | 299 | goto out; |
343 | } | ||
344 | /* Released in this function */ | 300 | /* Released in this function */ |
345 | page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, | 301 | page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER); |
346 | GFP_USER); | ||
347 | if (!page_virt) { | 302 | if (!page_virt) { |
303 | printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n", | ||
304 | __func__); | ||
348 | rc = -ENOMEM; | 305 | rc = -ENOMEM; |
349 | ecryptfs_printk(KERN_ERR, | ||
350 | "Cannot ecryptfs_kmalloc a page\n"); | ||
351 | goto out; | 306 | goto out; |
352 | } | 307 | } |
353 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; | 308 | if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) { |
354 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) | 309 | rc = ecryptfs_init_persistent_file(ecryptfs_dentry); |
355 | ecryptfs_set_default_sizes(crypt_stat); | ||
356 | if (!ecryptfs_inode_to_private(dentry->d_inode)->lower_file) { | ||
357 | rc = ecryptfs_init_persistent_file(dentry); | ||
358 | if (rc) { | 310 | if (rc) { |
359 | printk(KERN_ERR "%s: Error attempting to initialize " | 311 | printk(KERN_ERR "%s: Error attempting to initialize " |
360 | "the persistent file for the dentry with name " | 312 | "the persistent file for the dentry with name " |
361 | "[%s]; rc = [%d]\n", __func__, | 313 | "[%s]; rc = [%d]\n", __func__, |
362 | dentry->d_name.name, rc); | 314 | ecryptfs_dentry->d_name.name, rc); |
363 | goto out; | 315 | goto out_free_kmem; |
364 | } | 316 | } |
365 | } | 317 | } |
366 | rc = ecryptfs_read_and_validate_header_region(page_virt, | 318 | rc = ecryptfs_read_and_validate_header_region(page_virt, |
367 | dentry->d_inode); | 319 | ecryptfs_dentry->d_inode); |
368 | if (rc) { | 320 | if (rc) { |
369 | rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); | 321 | rc = ecryptfs_read_and_validate_xattr_region(page_virt, |
322 | ecryptfs_dentry); | ||
370 | if (rc) { | 323 | if (rc) { |
371 | printk(KERN_DEBUG "Valid metadata not found in header " | ||
372 | "region or xattr region; treating file as " | ||
373 | "unencrypted\n"); | ||
374 | rc = 0; | 324 | rc = 0; |
375 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); | 325 | goto out_free_kmem; |
376 | goto out; | ||
377 | } | 326 | } |
378 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; | 327 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
379 | } | 328 | } |
380 | mount_crypt_stat = &ecryptfs_superblock_to_private( | 329 | mount_crypt_stat = &ecryptfs_superblock_to_private( |
381 | dentry->d_sb)->mount_crypt_stat; | 330 | ecryptfs_dentry->d_sb)->mount_crypt_stat; |
382 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { | 331 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { |
383 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) | 332 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
384 | file_size = (crypt_stat->num_header_bytes_at_front | 333 | file_size = (crypt_stat->num_header_bytes_at_front |
@@ -388,14 +337,103 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | |||
388 | } else { | 337 | } else { |
389 | file_size = get_unaligned_be64(page_virt); | 338 | file_size = get_unaligned_be64(page_virt); |
390 | } | 339 | } |
391 | i_size_write(dentry->d_inode, (loff_t)file_size); | 340 | i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size); |
341 | out_free_kmem: | ||
392 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); | 342 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); |
393 | goto out; | 343 | goto out; |
394 | |||
395 | out_dput: | 344 | out_dput: |
396 | dput(lower_dentry); | 345 | dput(lower_dentry); |
397 | d_drop(dentry); | 346 | d_drop(ecryptfs_dentry); |
398 | out: | 347 | out: |
348 | return rc; | ||
349 | } | ||
350 | |||
351 | /** | ||
352 | * ecryptfs_lookup | ||
353 | * @ecryptfs_dir_inode: The eCryptfs directory inode | ||
354 | * @ecryptfs_dentry: The eCryptfs dentry that we are looking up | ||
355 | * @ecryptfs_nd: nameidata; may be NULL | ||
356 | * | ||
357 | * Find a file on disk. If the file does not exist, then we'll add it to the | ||
358 | * dentry cache and continue on to read it from the disk. | ||
359 | */ | ||
360 | static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode, | ||
361 | struct dentry *ecryptfs_dentry, | ||
362 | struct nameidata *ecryptfs_nd) | ||
363 | { | ||
364 | char *encrypted_and_encoded_name = NULL; | ||
365 | int encrypted_and_encoded_name_size; | ||
366 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | ||
367 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; | ||
368 | struct ecryptfs_inode_info *inode_info; | ||
369 | struct dentry *lower_dir_dentry, *lower_dentry; | ||
370 | int rc = 0; | ||
371 | |||
372 | ecryptfs_dentry->d_op = &ecryptfs_dops; | ||
373 | if ((ecryptfs_dentry->d_name.len == 1 | ||
374 | && !strcmp(ecryptfs_dentry->d_name.name, ".")) | ||
375 | || (ecryptfs_dentry->d_name.len == 2 | ||
376 | && !strcmp(ecryptfs_dentry->d_name.name, ".."))) { | ||
377 | goto out_d_drop; | ||
378 | } | ||
379 | lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent); | ||
380 | lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name, | ||
381 | lower_dir_dentry, | ||
382 | ecryptfs_dentry->d_name.len); | ||
383 | if (IS_ERR(lower_dentry)) { | ||
384 | rc = PTR_ERR(lower_dentry); | ||
385 | printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " | ||
386 | "lower_dentry = [%s]\n", __func__, rc, | ||
387 | ecryptfs_dentry->d_name.name); | ||
388 | goto out_d_drop; | ||
389 | } | ||
390 | if (lower_dentry->d_inode) | ||
391 | goto lookup_and_interpose; | ||
392 | inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | ||
393 | if (inode_info) { | ||
394 | crypt_stat = &inode_info->crypt_stat; | ||
395 | /* TODO: lock for crypt_stat comparison */ | ||
396 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) | ||
397 | ecryptfs_set_default_sizes(crypt_stat); | ||
398 | } | ||
399 | if (crypt_stat) | ||
400 | mount_crypt_stat = crypt_stat->mount_crypt_stat; | ||
401 | else | ||
402 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
403 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
404 | if (!(crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES)) | ||
405 | && !(mount_crypt_stat && (mount_crypt_stat->flags | ||
406 | & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) | ||
407 | goto lookup_and_interpose; | ||
408 | dput(lower_dentry); | ||
409 | rc = ecryptfs_encrypt_and_encode_filename( | ||
410 | &encrypted_and_encoded_name, &encrypted_and_encoded_name_size, | ||
411 | crypt_stat, mount_crypt_stat, ecryptfs_dentry->d_name.name, | ||
412 | ecryptfs_dentry->d_name.len); | ||
413 | if (rc) { | ||
414 | printk(KERN_ERR "%s: Error attempting to encrypt and encode " | ||
415 | "filename; rc = [%d]\n", __func__, rc); | ||
416 | goto out_d_drop; | ||
417 | } | ||
418 | lower_dentry = lookup_one_len(encrypted_and_encoded_name, | ||
419 | lower_dir_dentry, | ||
420 | encrypted_and_encoded_name_size - 1); | ||
421 | if (IS_ERR(lower_dentry)) { | ||
422 | rc = PTR_ERR(lower_dentry); | ||
423 | printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " | ||
424 | "lower_dentry = [%s]\n", __func__, rc, | ||
425 | encrypted_and_encoded_name); | ||
426 | goto out_d_drop; | ||
427 | } | ||
428 | lookup_and_interpose: | ||
429 | rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry, | ||
430 | crypt_stat, ecryptfs_dir_inode, | ||
431 | ecryptfs_nd); | ||
432 | goto out; | ||
433 | out_d_drop: | ||
434 | d_drop(ecryptfs_dentry); | ||
435 | out: | ||
436 | kfree(encrypted_and_encoded_name); | ||
399 | return ERR_PTR(rc); | 437 | return ERR_PTR(rc); |
400 | } | 438 | } |
401 | 439 | ||
@@ -466,19 +504,21 @@ static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, | |||
466 | struct dentry *lower_dentry; | 504 | struct dentry *lower_dentry; |
467 | struct dentry *lower_dir_dentry; | 505 | struct dentry *lower_dir_dentry; |
468 | char *encoded_symname; | 506 | char *encoded_symname; |
469 | int encoded_symlen; | 507 | size_t encoded_symlen; |
470 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | 508 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; |
471 | 509 | ||
472 | lower_dentry = ecryptfs_dentry_to_lower(dentry); | 510 | lower_dentry = ecryptfs_dentry_to_lower(dentry); |
473 | dget(lower_dentry); | 511 | dget(lower_dentry); |
474 | lower_dir_dentry = lock_parent(lower_dentry); | 512 | lower_dir_dentry = lock_parent(lower_dentry); |
475 | encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, | 513 | mount_crypt_stat = &ecryptfs_superblock_to_private( |
476 | strlen(symname), | 514 | dir->i_sb)->mount_crypt_stat; |
477 | &encoded_symname); | 515 | rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname, |
478 | if (encoded_symlen < 0) { | 516 | &encoded_symlen, |
479 | rc = encoded_symlen; | 517 | NULL, |
518 | mount_crypt_stat, symname, | ||
519 | strlen(symname)); | ||
520 | if (rc) | ||
480 | goto out_lock; | 521 | goto out_lock; |
481 | } | ||
482 | rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, | 522 | rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, |
483 | encoded_symname); | 523 | encoded_symname); |
484 | kfree(encoded_symname); | 524 | kfree(encoded_symname); |
@@ -602,52 +642,54 @@ out_lock: | |||
602 | } | 642 | } |
603 | 643 | ||
604 | static int | 644 | static int |
605 | ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) | 645 | ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz) |
606 | { | 646 | { |
607 | int rc; | ||
608 | struct dentry *lower_dentry; | ||
609 | char *decoded_name; | ||
610 | char *lower_buf; | 647 | char *lower_buf; |
611 | mm_segment_t old_fs; | 648 | struct dentry *lower_dentry; |
612 | struct ecryptfs_crypt_stat *crypt_stat; | 649 | struct ecryptfs_crypt_stat *crypt_stat; |
650 | char *plaintext_name; | ||
651 | size_t plaintext_name_size; | ||
652 | mm_segment_t old_fs; | ||
653 | int rc; | ||
613 | 654 | ||
614 | lower_dentry = ecryptfs_dentry_to_lower(dentry); | 655 | lower_dentry = ecryptfs_dentry_to_lower(dentry); |
615 | if (!lower_dentry->d_inode->i_op->readlink) { | 656 | if (!lower_dentry->d_inode->i_op->readlink) { |
616 | rc = -EINVAL; | 657 | rc = -EINVAL; |
617 | goto out; | 658 | goto out; |
618 | } | 659 | } |
660 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; | ||
619 | /* Released in this function */ | 661 | /* Released in this function */ |
620 | lower_buf = kmalloc(bufsiz, GFP_KERNEL); | 662 | lower_buf = kmalloc(bufsiz, GFP_KERNEL); |
621 | if (lower_buf == NULL) { | 663 | if (lower_buf == NULL) { |
622 | ecryptfs_printk(KERN_ERR, "Out of memory\n"); | 664 | printk(KERN_ERR "%s: Out of memory whilst attempting to " |
665 | "kmalloc [%d] bytes\n", __func__, bufsiz); | ||
623 | rc = -ENOMEM; | 666 | rc = -ENOMEM; |
624 | goto out; | 667 | goto out; |
625 | } | 668 | } |
626 | old_fs = get_fs(); | 669 | old_fs = get_fs(); |
627 | set_fs(get_ds()); | 670 | set_fs(get_ds()); |
628 | ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " | ||
629 | "lower_dentry->d_name.name = [%s]\n", | ||
630 | lower_dentry->d_name.name); | ||
631 | rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, | 671 | rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, |
632 | (char __user *)lower_buf, | 672 | (char __user *)lower_buf, |
633 | bufsiz); | 673 | bufsiz); |
634 | set_fs(old_fs); | 674 | set_fs(old_fs); |
635 | if (rc >= 0) { | 675 | if (rc >= 0) { |
636 | crypt_stat = NULL; | 676 | rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name, |
637 | rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, | 677 | &plaintext_name_size, |
638 | &decoded_name); | 678 | dentry, lower_buf, |
639 | if (rc == -ENOMEM) | 679 | rc); |
680 | if (rc) { | ||
681 | printk(KERN_ERR "%s: Error attempting to decode and " | ||
682 | "decrypt filename; rc = [%d]\n", __func__, | ||
683 | rc); | ||
640 | goto out_free_lower_buf; | 684 | goto out_free_lower_buf; |
641 | if (rc > 0) { | ||
642 | ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " | ||
643 | "to userspace: [%*s]\n", rc, | ||
644 | decoded_name); | ||
645 | if (copy_to_user(buf, decoded_name, rc)) | ||
646 | rc = -EFAULT; | ||
647 | } | 685 | } |
648 | kfree(decoded_name); | 686 | rc = copy_to_user(buf, plaintext_name, plaintext_name_size); |
649 | fsstack_copy_attr_atime(dentry->d_inode, | 687 | if (rc) |
650 | lower_dentry->d_inode); | 688 | rc = -EFAULT; |
689 | else | ||
690 | rc = plaintext_name_size; | ||
691 | kfree(plaintext_name); | ||
692 | fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode); | ||
651 | } | 693 | } |
652 | out_free_lower_buf: | 694 | out_free_lower_buf: |
653 | kfree(lower_buf); | 695 | kfree(lower_buf); |
@@ -669,8 +711,6 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) | |||
669 | } | 711 | } |
670 | old_fs = get_fs(); | 712 | old_fs = get_fs(); |
671 | set_fs(get_ds()); | 713 | set_fs(get_ds()); |
672 | ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " | ||
673 | "dentry->d_name.name = [%s]\n", dentry->d_name.name); | ||
674 | rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); | 714 | rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); |
675 | set_fs(old_fs); | 715 | set_fs(old_fs); |
676 | if (rc < 0) | 716 | if (rc < 0) |