diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2009-01-06 17:42:00 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-06 18:59:22 -0500 |
| commit | addd65ad8d19a7d7982130b16f957d5d01d3f8df (patch) | |
| tree | 2263b4a4b7a6269410bd161a3995d2b4af3f7bcf /fs/ecryptfs | |
| parent | 51ca58dcc9f0d6b1e78954d08bd4954fb6a1421c (diff) | |
eCryptfs: Filename Encryption: filldir, lookup, and readlink
Make the requisite modifications to ecryptfs_filldir(), ecryptfs_lookup(),
and ecryptfs_readlink() to call out to filename encryption functions.
Propagate filename encryption policy flags from mount-wide crypt_stat to
inode crypt_stat.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Cc: Dustin Kirkland <dustin.kirkland@gmail.com>
Cc: Eric Sandeen <sandeen@redhat.com>
Cc: Tyler Hicks <tchicks@us.ibm.com>
Cc: David Kleikamp <shaggy@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs')
| -rw-r--r-- | fs/ecryptfs/crypto.c | 107 | ||||
| -rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 6 | ||||
| -rw-r--r-- | fs/ecryptfs/file.c | 30 | ||||
| -rw-r--r-- | fs/ecryptfs/inode.c | 294 |
4 files changed, 195 insertions, 242 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 18c78abba683..ea2afd2ce222 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
| @@ -924,6 +924,15 @@ static void ecryptfs_copy_mount_wide_flags_to_inode_flags( | |||
| 924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; | 924 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
| 925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | 925 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) |
| 926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; | 926 | crypt_stat->flags |= ECRYPTFS_VIEW_AS_ENCRYPTED; |
| 927 | if (mount_crypt_stat->flags & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES) { | ||
| 928 | crypt_stat->flags |= ECRYPTFS_ENCRYPT_FILENAMES; | ||
| 929 | if (mount_crypt_stat->flags | ||
| 930 | & ECRYPTFS_GLOBAL_ENCFN_USE_MOUNT_FNEK) | ||
| 931 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_MOUNT_FNEK; | ||
| 932 | else if (mount_crypt_stat->flags | ||
| 933 | & ECRYPTFS_GLOBAL_ENCFN_USE_FEK) | ||
| 934 | crypt_stat->flags |= ECRYPTFS_ENCFN_USE_FEK; | ||
| 935 | } | ||
| 927 | } | 936 | } |
| 928 | 937 | ||
| 929 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( | 938 | static int ecryptfs_copy_mount_wide_sigs_to_inode_sigs( |
| @@ -1060,7 +1069,8 @@ struct ecryptfs_flag_map_elem { | |||
| 1060 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { | 1069 | static struct ecryptfs_flag_map_elem ecryptfs_flag_map[] = { |
| 1061 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, | 1070 | {0x00000001, ECRYPTFS_ENABLE_HMAC}, |
| 1062 | {0x00000002, ECRYPTFS_ENCRYPTED}, | 1071 | {0x00000002, ECRYPTFS_ENCRYPTED}, |
| 1063 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR} | 1072 | {0x00000004, ECRYPTFS_METADATA_IN_XATTR}, |
| 1073 | {0x00000008, ECRYPTFS_ENCRYPT_FILENAMES} | ||
| 1064 | }; | 1074 | }; |
| 1065 | 1075 | ||
| 1066 | /** | 1076 | /** |
| @@ -1213,6 +1223,8 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
| 1213 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); | 1223 | &(ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat); |
| 1214 | int rc; | 1224 | int rc; |
| 1215 | 1225 | ||
| 1226 | if (crypt_stat->extent_size == 0) | ||
| 1227 | crypt_stat->extent_size = ECRYPTFS_DEFAULT_EXTENT_SIZE; | ||
| 1216 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, | 1228 | rc = ecryptfs_read_lower(data, 0, crypt_stat->extent_size, |
| 1217 | ecryptfs_inode); | 1229 | ecryptfs_inode); |
| 1218 | if (rc) { | 1230 | if (rc) { |
| @@ -1222,7 +1234,6 @@ int ecryptfs_read_and_validate_header_region(char *data, | |||
| 1222 | } | 1234 | } |
| 1223 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { | 1235 | if (!contains_ecryptfs_marker(data + ECRYPTFS_FILE_SIZE_BYTES)) { |
| 1224 | rc = -EINVAL; | 1236 | rc = -EINVAL; |
| 1225 | ecryptfs_printk(KERN_DEBUG, "Valid marker not found\n"); | ||
| 1226 | } | 1237 | } |
| 1227 | out: | 1238 | out: |
| 1228 | return rc; | 1239 | return rc; |
| @@ -1629,98 +1640,6 @@ out: | |||
| 1629 | } | 1640 | } |
| 1630 | 1641 | ||
| 1631 | /** | 1642 | /** |
| 1632 | * ecryptfs_encode_filename - converts a plaintext file name to cipher text | ||
| 1633 | * @crypt_stat: The crypt_stat struct associated with the file anem to encode | ||
| 1634 | * @name: The plaintext name | ||
| 1635 | * @length: The length of the plaintext | ||
| 1636 | * @encoded_name: The encypted name | ||
| 1637 | * | ||
| 1638 | * Encrypts and encodes a filename into something that constitutes a | ||
| 1639 | * valid filename for a filesystem, with printable characters. | ||
| 1640 | * | ||
| 1641 | * We assume that we have a properly initialized crypto context, | ||
| 1642 | * pointed to by crypt_stat->tfm. | ||
| 1643 | * | ||
| 1644 | * TODO: Implement filename decoding and decryption here, in place of | ||
| 1645 | * memcpy. We are keeping the framework around for now to (1) | ||
| 1646 | * facilitate testing of the components needed to implement filename | ||
| 1647 | * encryption and (2) to provide a code base from which other | ||
| 1648 | * developers in the community can easily implement this feature. | ||
| 1649 | * | ||
| 1650 | * Returns the length of encoded filename; negative if error | ||
| 1651 | */ | ||
| 1652 | int | ||
| 1653 | ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
| 1654 | const char *name, int length, char **encoded_name) | ||
| 1655 | { | ||
| 1656 | int error = 0; | ||
| 1657 | |||
| 1658 | (*encoded_name) = kmalloc(length + 2, GFP_KERNEL); | ||
| 1659 | if (!(*encoded_name)) { | ||
| 1660 | error = -ENOMEM; | ||
| 1661 | goto out; | ||
| 1662 | } | ||
| 1663 | /* TODO: Filename encryption is a scheduled feature for a | ||
| 1664 | * future version of eCryptfs. This function is here only for | ||
| 1665 | * the purpose of providing a framework for other developers | ||
| 1666 | * to easily implement filename encryption. Hint: Replace this | ||
| 1667 | * memcpy() with a call to encrypt and encode the | ||
| 1668 | * filename, the set the length accordingly. */ | ||
| 1669 | memcpy((void *)(*encoded_name), (void *)name, length); | ||
| 1670 | (*encoded_name)[length] = '\0'; | ||
| 1671 | error = length + 1; | ||
| 1672 | out: | ||
| 1673 | return error; | ||
| 1674 | } | ||
| 1675 | |||
| 1676 | /** | ||
| 1677 | * ecryptfs_decode_filename - converts the cipher text name to plaintext | ||
| 1678 | * @crypt_stat: The crypt_stat struct associated with the file | ||
| 1679 | * @name: The filename in cipher text | ||
| 1680 | * @length: The length of the cipher text name | ||
| 1681 | * @decrypted_name: The plaintext name | ||
| 1682 | * | ||
| 1683 | * Decodes and decrypts the filename. | ||
| 1684 | * | ||
| 1685 | * We assume that we have a properly initialized crypto context, | ||
| 1686 | * pointed to by crypt_stat->tfm. | ||
| 1687 | * | ||
| 1688 | * TODO: Implement filename decoding and decryption here, in place of | ||
| 1689 | * memcpy. We are keeping the framework around for now to (1) | ||
| 1690 | * facilitate testing of the components needed to implement filename | ||
| 1691 | * encryption and (2) to provide a code base from which other | ||
| 1692 | * developers in the community can easily implement this feature. | ||
| 1693 | * | ||
| 1694 | * Returns the length of decoded filename; negative if error | ||
| 1695 | */ | ||
| 1696 | int | ||
| 1697 | ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
| 1698 | const char *name, int length, char **decrypted_name) | ||
| 1699 | { | ||
| 1700 | int error = 0; | ||
| 1701 | |||
| 1702 | (*decrypted_name) = kmalloc(length + 2, GFP_KERNEL); | ||
| 1703 | if (!(*decrypted_name)) { | ||
| 1704 | error = -ENOMEM; | ||
| 1705 | goto out; | ||
| 1706 | } | ||
| 1707 | /* TODO: Filename encryption is a scheduled feature for a | ||
| 1708 | * future version of eCryptfs. This function is here only for | ||
| 1709 | * the purpose of providing a framework for other developers | ||
| 1710 | * to easily implement filename encryption. Hint: Replace this | ||
| 1711 | * memcpy() with a call to decode and decrypt the | ||
| 1712 | * filename, the set the length accordingly. */ | ||
| 1713 | memcpy((void *)(*decrypted_name), (void *)name, length); | ||
| 1714 | (*decrypted_name)[length + 1] = '\0'; /* Only for convenience | ||
| 1715 | * in printing out the | ||
| 1716 | * string in debug | ||
| 1717 | * messages */ | ||
| 1718 | error = length; | ||
| 1719 | out: | ||
| 1720 | return error; | ||
| 1721 | } | ||
| 1722 | |||
| 1723 | /** | ||
| 1724 | * ecryptfs_encrypt_filename - encrypt filename | 1643 | * ecryptfs_encrypt_filename - encrypt filename |
| 1725 | * | 1644 | * |
| 1726 | * CBC-encrypts the filename. We do not want to encrypt the same | 1645 | * CBC-encrypts the filename. We do not want to encrypt the same |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index b648175a44cd..c11fc95714ab 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
| @@ -627,12 +627,6 @@ int ecryptfs_decode_and_decrypt_filename(char **decrypted_name, | |||
| 627 | struct dentry *ecryptfs_dentry, | 627 | struct dentry *ecryptfs_dentry, |
| 628 | const char *name, size_t name_size); | 628 | const char *name, size_t name_size); |
| 629 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); | 629 | int ecryptfs_fill_zeros(struct file *file, loff_t new_length); |
| 630 | int ecryptfs_decode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
| 631 | const char *name, int length, | ||
| 632 | char **decrypted_name); | ||
| 633 | int ecryptfs_encode_filename(struct ecryptfs_crypt_stat *crypt_stat, | ||
| 634 | const char *name, int length, | ||
| 635 | char **encoded_name); | ||
| 636 | int ecryptfs_encrypt_and_encode_filename( | 630 | int ecryptfs_encrypt_and_encode_filename( |
| 637 | char **encoded_name, | 631 | char **encoded_name, |
| 638 | size_t *encoded_name_size, | 632 | size_t *encoded_name_size, |
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index 713834371229..567eb4bee1b6 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
| @@ -77,27 +77,27 @@ struct ecryptfs_getdents_callback { | |||
| 77 | 77 | ||
| 78 | /* Inspired by generic filldir in fs/readdir.c */ | 78 | /* Inspired by generic filldir in fs/readdir.c */ |
| 79 | static int | 79 | static int |
| 80 | ecryptfs_filldir(void *dirent, const char *name, int namelen, loff_t offset, | 80 | ecryptfs_filldir(void *dirent, const char *lower_name, int lower_namelen, |
| 81 | u64 ino, unsigned int d_type) | 81 | loff_t offset, u64 ino, unsigned int d_type) |
| 82 | { | 82 | { |
| 83 | struct ecryptfs_crypt_stat *crypt_stat; | ||
| 84 | struct ecryptfs_getdents_callback *buf = | 83 | struct ecryptfs_getdents_callback *buf = |
| 85 | (struct ecryptfs_getdents_callback *)dirent; | 84 | (struct ecryptfs_getdents_callback *)dirent; |
| 85 | int name_size; | ||
| 86 | char *name; | ||
| 86 | int rc; | 87 | int rc; |
| 87 | int decoded_length; | ||
| 88 | char *decoded_name; | ||
| 89 | 88 | ||
| 90 | crypt_stat = ecryptfs_dentry_to_private(buf->dentry)->crypt_stat; | ||
| 91 | buf->filldir_called++; | 89 | buf->filldir_called++; |
| 92 | decoded_length = ecryptfs_decode_filename(crypt_stat, name, namelen, | 90 | rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size, |
| 93 | &decoded_name); | 91 | buf->dentry, lower_name, |
| 94 | if (decoded_length < 0) { | 92 | lower_namelen); |
| 95 | rc = decoded_length; | 93 | if (rc) { |
| 94 | printk(KERN_ERR "%s: Error attempting to decode and decrypt " | ||
| 95 | "filename [%s]; rc = [%d]\n", __func__, lower_name, | ||
| 96 | rc); | ||
| 96 | goto out; | 97 | goto out; |
| 97 | } | 98 | } |
| 98 | rc = buf->filldir(buf->dirent, decoded_name, decoded_length, offset, | 99 | rc = buf->filldir(buf->dirent, name, name_size, offset, ino, d_type); |
| 99 | ino, d_type); | 100 | kfree(name); |
| 100 | kfree(decoded_name); | ||
| 101 | if (rc >= 0) | 101 | if (rc >= 0) |
| 102 | buf->entries_written++; | 102 | buf->entries_written++; |
| 103 | out: | 103 | out: |
| @@ -106,8 +106,8 @@ out: | |||
| 106 | 106 | ||
| 107 | /** | 107 | /** |
| 108 | * ecryptfs_readdir | 108 | * ecryptfs_readdir |
| 109 | * @file: The ecryptfs file struct | 109 | * @file: The eCryptfs directory file |
| 110 | * @dirent: Directory entry | 110 | * @dirent: Directory entry handle |
| 111 | * @filldir: The filldir callback function | 111 | * @filldir: The filldir callback function |
| 112 | */ | 112 | */ |
| 113 | static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir) | 113 | static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir) |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 0111906a8877..38309ce94d71 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c | |||
| @@ -228,8 +228,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, | |||
| 228 | { | 228 | { |
| 229 | int rc; | 229 | int rc; |
| 230 | 230 | ||
| 231 | /* ecryptfs_do_create() calls ecryptfs_interpose(), which opens | 231 | /* ecryptfs_do_create() calls ecryptfs_interpose() */ |
| 232 | * the crypt_stat->lower_file (persistent file) */ | ||
| 233 | rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); | 232 | rc = ecryptfs_do_create(directory_inode, ecryptfs_dentry, mode, nd); |
| 234 | if (unlikely(rc)) { | 233 | if (unlikely(rc)) { |
| 235 | ecryptfs_printk(KERN_WARNING, "Failed to create file in" | 234 | ecryptfs_printk(KERN_WARNING, "Failed to create file in" |
| @@ -244,141 +243,91 @@ out: | |||
| 244 | } | 243 | } |
| 245 | 244 | ||
| 246 | /** | 245 | /** |
| 247 | * ecryptfs_lookup | 246 | * ecryptfs_lookup_and_interpose_lower - Perform a lookup |
| 248 | * @dir: inode | ||
| 249 | * @dentry: The dentry | ||
| 250 | * @nd: nameidata, may be NULL | ||
| 251 | * | ||
| 252 | * Find a file on disk. If the file does not exist, then we'll add it to the | ||
| 253 | * dentry cache and continue on to read it from the disk. | ||
| 254 | */ | 247 | */ |
| 255 | static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | 248 | int ecryptfs_lookup_and_interpose_lower(struct dentry *ecryptfs_dentry, |
| 256 | struct nameidata *nd) | 249 | struct dentry *lower_dentry, |
| 250 | struct ecryptfs_crypt_stat *crypt_stat, | ||
| 251 | struct inode *ecryptfs_dir_inode, | ||
| 252 | struct nameidata *ecryptfs_nd) | ||
| 257 | { | 253 | { |
| 258 | int rc = 0; | ||
| 259 | struct dentry *lower_dir_dentry; | 254 | struct dentry *lower_dir_dentry; |
| 260 | struct dentry *lower_dentry; | ||
| 261 | struct vfsmount *lower_mnt; | 255 | struct vfsmount *lower_mnt; |
| 262 | char *encoded_name; | 256 | struct inode *lower_inode; |
| 263 | int encoded_namelen; | ||
| 264 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | ||
| 265 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; | 257 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat; |
| 266 | char *page_virt = NULL; | 258 | char *page_virt = NULL; |
| 267 | struct inode *lower_inode; | ||
| 268 | u64 file_size; | 259 | u64 file_size; |
| 260 | int rc = 0; | ||
| 269 | 261 | ||
| 270 | lower_dir_dentry = ecryptfs_dentry_to_lower(dentry->d_parent); | 262 | lower_dir_dentry = lower_dentry->d_parent; |
| 271 | dentry->d_op = &ecryptfs_dops; | 263 | lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt( |
| 272 | if ((dentry->d_name.len == 1 && !strcmp(dentry->d_name.name, ".")) | 264 | ecryptfs_dentry->d_parent)); |
| 273 | || (dentry->d_name.len == 2 | ||
| 274 | && !strcmp(dentry->d_name.name, ".."))) { | ||
| 275 | d_drop(dentry); | ||
| 276 | goto out; | ||
| 277 | } | ||
| 278 | encoded_namelen = ecryptfs_encode_filename(crypt_stat, | ||
| 279 | dentry->d_name.name, | ||
| 280 | dentry->d_name.len, | ||
| 281 | &encoded_name); | ||
| 282 | if (encoded_namelen < 0) { | ||
| 283 | rc = encoded_namelen; | ||
| 284 | d_drop(dentry); | ||
| 285 | goto out; | ||
| 286 | } | ||
| 287 | ecryptfs_printk(KERN_DEBUG, "encoded_name = [%s]; encoded_namelen " | ||
| 288 | "= [%d]\n", encoded_name, encoded_namelen); | ||
| 289 | lower_dentry = lookup_one_len(encoded_name, lower_dir_dentry, | ||
| 290 | encoded_namelen - 1); | ||
| 291 | kfree(encoded_name); | ||
| 292 | if (IS_ERR(lower_dentry)) { | ||
| 293 | ecryptfs_printk(KERN_ERR, "ERR from lower_dentry\n"); | ||
| 294 | rc = PTR_ERR(lower_dentry); | ||
| 295 | d_drop(dentry); | ||
| 296 | goto out; | ||
| 297 | } | ||
| 298 | lower_mnt = mntget(ecryptfs_dentry_to_lower_mnt(dentry->d_parent)); | ||
| 299 | ecryptfs_printk(KERN_DEBUG, "lower_dentry = [%p]; lower_dentry->" | ||
| 300 | "d_name.name = [%s]\n", lower_dentry, | ||
| 301 | lower_dentry->d_name.name); | ||
| 302 | lower_inode = lower_dentry->d_inode; | 265 | lower_inode = lower_dentry->d_inode; |
| 303 | fsstack_copy_attr_atime(dir, lower_dir_dentry->d_inode); | 266 | fsstack_copy_attr_atime(ecryptfs_dir_inode, lower_dir_dentry->d_inode); |
| 304 | BUG_ON(!atomic_read(&lower_dentry->d_count)); | 267 | BUG_ON(!atomic_read(&lower_dentry->d_count)); |
| 305 | ecryptfs_set_dentry_private(dentry, | 268 | ecryptfs_set_dentry_private(ecryptfs_dentry, |
| 306 | kmem_cache_alloc(ecryptfs_dentry_info_cache, | 269 | kmem_cache_alloc(ecryptfs_dentry_info_cache, |
| 307 | GFP_KERNEL)); | 270 | GFP_KERNEL)); |
| 308 | if (!ecryptfs_dentry_to_private(dentry)) { | 271 | if (!ecryptfs_dentry_to_private(ecryptfs_dentry)) { |
| 309 | rc = -ENOMEM; | 272 | rc = -ENOMEM; |
| 310 | ecryptfs_printk(KERN_ERR, "Out of memory whilst attempting " | 273 | printk(KERN_ERR "%s: Out of memory whilst attempting " |
| 311 | "to allocate ecryptfs_dentry_info struct\n"); | 274 | "to allocate ecryptfs_dentry_info struct\n", |
| 275 | __func__); | ||
| 312 | goto out_dput; | 276 | goto out_dput; |
| 313 | } | 277 | } |
| 314 | ecryptfs_set_dentry_lower(dentry, lower_dentry); | 278 | ecryptfs_set_dentry_lower(ecryptfs_dentry, lower_dentry); |
| 315 | ecryptfs_set_dentry_lower_mnt(dentry, lower_mnt); | 279 | ecryptfs_set_dentry_lower_mnt(ecryptfs_dentry, lower_mnt); |
| 316 | if (!lower_dentry->d_inode) { | 280 | if (!lower_dentry->d_inode) { |
| 317 | /* We want to add because we couldn't find in lower */ | 281 | /* We want to add because we couldn't find in lower */ |
| 318 | d_add(dentry, NULL); | 282 | d_add(ecryptfs_dentry, NULL); |
| 319 | goto out; | 283 | goto out; |
| 320 | } | 284 | } |
| 321 | rc = ecryptfs_interpose(lower_dentry, dentry, dir->i_sb, | 285 | rc = ecryptfs_interpose(lower_dentry, ecryptfs_dentry, |
| 322 | ECRYPTFS_INTERPOSE_FLAG_D_ADD); | 286 | ecryptfs_dir_inode->i_sb, 1); |
| 323 | if (rc) { | 287 | if (rc) { |
| 324 | ecryptfs_printk(KERN_ERR, "Error interposing\n"); | 288 | printk(KERN_ERR "%s: Error interposing; rc = [%d]\n", |
| 289 | __func__, rc); | ||
| 325 | goto out; | 290 | goto out; |
| 326 | } | 291 | } |
| 327 | if (S_ISDIR(lower_inode->i_mode)) { | 292 | if (S_ISDIR(lower_inode->i_mode)) |
| 328 | ecryptfs_printk(KERN_DEBUG, "Is a directory; returning\n"); | ||
| 329 | goto out; | 293 | goto out; |
| 330 | } | 294 | if (S_ISLNK(lower_inode->i_mode)) |
| 331 | if (S_ISLNK(lower_inode->i_mode)) { | ||
| 332 | ecryptfs_printk(KERN_DEBUG, "Is a symlink; returning\n"); | ||
| 333 | goto out; | 295 | goto out; |
| 334 | } | 296 | if (special_file(lower_inode->i_mode)) |
| 335 | if (special_file(lower_inode->i_mode)) { | ||
| 336 | ecryptfs_printk(KERN_DEBUG, "Is a special file; returning\n"); | ||
| 337 | goto out; | 297 | goto out; |
| 338 | } | 298 | if (!ecryptfs_nd) |
| 339 | if (!nd) { | ||
| 340 | ecryptfs_printk(KERN_DEBUG, "We have a NULL nd, just leave" | ||
| 341 | "as we *think* we are about to unlink\n"); | ||
| 342 | goto out; | 299 | goto out; |
| 343 | } | ||
| 344 | /* Released in this function */ | 300 | /* Released in this function */ |
| 345 | page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, | 301 | page_virt = kmem_cache_zalloc(ecryptfs_header_cache_2, GFP_USER); |
| 346 | GFP_USER); | ||
| 347 | if (!page_virt) { | 302 | if (!page_virt) { |
| 303 | printk(KERN_ERR "%s: Cannot kmem_cache_zalloc() a page\n", | ||
| 304 | __func__); | ||
| 348 | rc = -ENOMEM; | 305 | rc = -ENOMEM; |
| 349 | ecryptfs_printk(KERN_ERR, | ||
| 350 | "Cannot ecryptfs_kmalloc a page\n"); | ||
| 351 | goto out; | 306 | goto out; |
| 352 | } | 307 | } |
| 353 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; | 308 | if (!ecryptfs_inode_to_private(ecryptfs_dentry->d_inode)->lower_file) { |
| 354 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) | 309 | rc = ecryptfs_init_persistent_file(ecryptfs_dentry); |
| 355 | ecryptfs_set_default_sizes(crypt_stat); | ||
| 356 | if (!ecryptfs_inode_to_private(dentry->d_inode)->lower_file) { | ||
| 357 | rc = ecryptfs_init_persistent_file(dentry); | ||
| 358 | if (rc) { | 310 | if (rc) { |
| 359 | printk(KERN_ERR "%s: Error attempting to initialize " | 311 | printk(KERN_ERR "%s: Error attempting to initialize " |
| 360 | "the persistent file for the dentry with name " | 312 | "the persistent file for the dentry with name " |
| 361 | "[%s]; rc = [%d]\n", __func__, | 313 | "[%s]; rc = [%d]\n", __func__, |
| 362 | dentry->d_name.name, rc); | 314 | ecryptfs_dentry->d_name.name, rc); |
| 363 | goto out; | 315 | goto out_free_kmem; |
| 364 | } | 316 | } |
| 365 | } | 317 | } |
| 366 | rc = ecryptfs_read_and_validate_header_region(page_virt, | 318 | rc = ecryptfs_read_and_validate_header_region(page_virt, |
| 367 | dentry->d_inode); | 319 | ecryptfs_dentry->d_inode); |
| 368 | if (rc) { | 320 | if (rc) { |
| 369 | rc = ecryptfs_read_and_validate_xattr_region(page_virt, dentry); | 321 | rc = ecryptfs_read_and_validate_xattr_region(page_virt, |
| 322 | ecryptfs_dentry); | ||
| 370 | if (rc) { | 323 | if (rc) { |
| 371 | printk(KERN_DEBUG "Valid metadata not found in header " | ||
| 372 | "region or xattr region; treating file as " | ||
| 373 | "unencrypted\n"); | ||
| 374 | rc = 0; | 324 | rc = 0; |
| 375 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); | 325 | goto out_free_kmem; |
| 376 | goto out; | ||
| 377 | } | 326 | } |
| 378 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; | 327 | crypt_stat->flags |= ECRYPTFS_METADATA_IN_XATTR; |
| 379 | } | 328 | } |
| 380 | mount_crypt_stat = &ecryptfs_superblock_to_private( | 329 | mount_crypt_stat = &ecryptfs_superblock_to_private( |
| 381 | dentry->d_sb)->mount_crypt_stat; | 330 | ecryptfs_dentry->d_sb)->mount_crypt_stat; |
| 382 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { | 331 | if (mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) { |
| 383 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) | 332 | if (crypt_stat->flags & ECRYPTFS_METADATA_IN_XATTR) |
| 384 | file_size = (crypt_stat->num_header_bytes_at_front | 333 | file_size = (crypt_stat->num_header_bytes_at_front |
| @@ -388,14 +337,103 @@ static struct dentry *ecryptfs_lookup(struct inode *dir, struct dentry *dentry, | |||
| 388 | } else { | 337 | } else { |
| 389 | file_size = get_unaligned_be64(page_virt); | 338 | file_size = get_unaligned_be64(page_virt); |
| 390 | } | 339 | } |
| 391 | i_size_write(dentry->d_inode, (loff_t)file_size); | 340 | i_size_write(ecryptfs_dentry->d_inode, (loff_t)file_size); |
| 341 | out_free_kmem: | ||
| 392 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); | 342 | kmem_cache_free(ecryptfs_header_cache_2, page_virt); |
| 393 | goto out; | 343 | goto out; |
| 394 | |||
| 395 | out_dput: | 344 | out_dput: |
| 396 | dput(lower_dentry); | 345 | dput(lower_dentry); |
| 397 | d_drop(dentry); | 346 | d_drop(ecryptfs_dentry); |
| 398 | out: | 347 | out: |
| 348 | return rc; | ||
| 349 | } | ||
| 350 | |||
| 351 | /** | ||
| 352 | * ecryptfs_lookup | ||
| 353 | * @ecryptfs_dir_inode: The eCryptfs directory inode | ||
| 354 | * @ecryptfs_dentry: The eCryptfs dentry that we are looking up | ||
| 355 | * @ecryptfs_nd: nameidata; may be NULL | ||
| 356 | * | ||
| 357 | * Find a file on disk. If the file does not exist, then we'll add it to the | ||
| 358 | * dentry cache and continue on to read it from the disk. | ||
| 359 | */ | ||
| 360 | static struct dentry *ecryptfs_lookup(struct inode *ecryptfs_dir_inode, | ||
| 361 | struct dentry *ecryptfs_dentry, | ||
| 362 | struct nameidata *ecryptfs_nd) | ||
| 363 | { | ||
| 364 | char *encrypted_and_encoded_name = NULL; | ||
| 365 | int encrypted_and_encoded_name_size; | ||
| 366 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | ||
| 367 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; | ||
| 368 | struct ecryptfs_inode_info *inode_info; | ||
| 369 | struct dentry *lower_dir_dentry, *lower_dentry; | ||
| 370 | int rc = 0; | ||
| 371 | |||
| 372 | ecryptfs_dentry->d_op = &ecryptfs_dops; | ||
| 373 | if ((ecryptfs_dentry->d_name.len == 1 | ||
| 374 | && !strcmp(ecryptfs_dentry->d_name.name, ".")) | ||
| 375 | || (ecryptfs_dentry->d_name.len == 2 | ||
| 376 | && !strcmp(ecryptfs_dentry->d_name.name, ".."))) { | ||
| 377 | goto out_d_drop; | ||
| 378 | } | ||
| 379 | lower_dir_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry->d_parent); | ||
| 380 | lower_dentry = lookup_one_len(ecryptfs_dentry->d_name.name, | ||
| 381 | lower_dir_dentry, | ||
| 382 | ecryptfs_dentry->d_name.len); | ||
| 383 | if (IS_ERR(lower_dentry)) { | ||
| 384 | rc = PTR_ERR(lower_dentry); | ||
| 385 | printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " | ||
| 386 | "lower_dentry = [%s]\n", __func__, rc, | ||
| 387 | ecryptfs_dentry->d_name.name); | ||
| 388 | goto out_d_drop; | ||
| 389 | } | ||
| 390 | if (lower_dentry->d_inode) | ||
| 391 | goto lookup_and_interpose; | ||
| 392 | inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | ||
| 393 | if (inode_info) { | ||
| 394 | crypt_stat = &inode_info->crypt_stat; | ||
| 395 | /* TODO: lock for crypt_stat comparison */ | ||
| 396 | if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) | ||
| 397 | ecryptfs_set_default_sizes(crypt_stat); | ||
| 398 | } | ||
| 399 | if (crypt_stat) | ||
| 400 | mount_crypt_stat = crypt_stat->mount_crypt_stat; | ||
| 401 | else | ||
| 402 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
| 403 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
| 404 | if (!(crypt_stat && (crypt_stat->flags & ECRYPTFS_ENCRYPT_FILENAMES)) | ||
| 405 | && !(mount_crypt_stat && (mount_crypt_stat->flags | ||
| 406 | & ECRYPTFS_GLOBAL_ENCRYPT_FILENAMES))) | ||
| 407 | goto lookup_and_interpose; | ||
| 408 | dput(lower_dentry); | ||
| 409 | rc = ecryptfs_encrypt_and_encode_filename( | ||
| 410 | &encrypted_and_encoded_name, &encrypted_and_encoded_name_size, | ||
| 411 | crypt_stat, mount_crypt_stat, ecryptfs_dentry->d_name.name, | ||
| 412 | ecryptfs_dentry->d_name.len); | ||
| 413 | if (rc) { | ||
| 414 | printk(KERN_ERR "%s: Error attempting to encrypt and encode " | ||
| 415 | "filename; rc = [%d]\n", __func__, rc); | ||
| 416 | goto out_d_drop; | ||
| 417 | } | ||
| 418 | lower_dentry = lookup_one_len(encrypted_and_encoded_name, | ||
| 419 | lower_dir_dentry, | ||
| 420 | encrypted_and_encoded_name_size - 1); | ||
| 421 | if (IS_ERR(lower_dentry)) { | ||
| 422 | rc = PTR_ERR(lower_dentry); | ||
| 423 | printk(KERN_ERR "%s: lookup_one_len() returned [%d] on " | ||
| 424 | "lower_dentry = [%s]\n", __func__, rc, | ||
| 425 | encrypted_and_encoded_name); | ||
| 426 | goto out_d_drop; | ||
| 427 | } | ||
| 428 | lookup_and_interpose: | ||
| 429 | rc = ecryptfs_lookup_and_interpose_lower(ecryptfs_dentry, lower_dentry, | ||
| 430 | crypt_stat, ecryptfs_dir_inode, | ||
| 431 | ecryptfs_nd); | ||
| 432 | goto out; | ||
| 433 | out_d_drop: | ||
| 434 | d_drop(ecryptfs_dentry); | ||
| 435 | out: | ||
| 436 | kfree(encrypted_and_encoded_name); | ||
| 399 | return ERR_PTR(rc); | 437 | return ERR_PTR(rc); |
| 400 | } | 438 | } |
| 401 | 439 | ||
| @@ -466,19 +504,21 @@ static int ecryptfs_symlink(struct inode *dir, struct dentry *dentry, | |||
| 466 | struct dentry *lower_dentry; | 504 | struct dentry *lower_dentry; |
| 467 | struct dentry *lower_dir_dentry; | 505 | struct dentry *lower_dir_dentry; |
| 468 | char *encoded_symname; | 506 | char *encoded_symname; |
| 469 | int encoded_symlen; | 507 | size_t encoded_symlen; |
| 470 | struct ecryptfs_crypt_stat *crypt_stat = NULL; | 508 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = NULL; |
| 471 | 509 | ||
| 472 | lower_dentry = ecryptfs_dentry_to_lower(dentry); | 510 | lower_dentry = ecryptfs_dentry_to_lower(dentry); |
| 473 | dget(lower_dentry); | 511 | dget(lower_dentry); |
| 474 | lower_dir_dentry = lock_parent(lower_dentry); | 512 | lower_dir_dentry = lock_parent(lower_dentry); |
| 475 | encoded_symlen = ecryptfs_encode_filename(crypt_stat, symname, | 513 | mount_crypt_stat = &ecryptfs_superblock_to_private( |
| 476 | strlen(symname), | 514 | dir->i_sb)->mount_crypt_stat; |
| 477 | &encoded_symname); | 515 | rc = ecryptfs_encrypt_and_encode_filename(&encoded_symname, |
| 478 | if (encoded_symlen < 0) { | 516 | &encoded_symlen, |
| 479 | rc = encoded_symlen; | 517 | NULL, |
| 518 | mount_crypt_stat, symname, | ||
| 519 | strlen(symname)); | ||
| 520 | if (rc) | ||
| 480 | goto out_lock; | 521 | goto out_lock; |
| 481 | } | ||
| 482 | rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, | 522 | rc = vfs_symlink(lower_dir_dentry->d_inode, lower_dentry, |
| 483 | encoded_symname); | 523 | encoded_symname); |
| 484 | kfree(encoded_symname); | 524 | kfree(encoded_symname); |
| @@ -602,52 +642,54 @@ out_lock: | |||
| 602 | } | 642 | } |
| 603 | 643 | ||
| 604 | static int | 644 | static int |
| 605 | ecryptfs_readlink(struct dentry *dentry, char __user * buf, int bufsiz) | 645 | ecryptfs_readlink(struct dentry *dentry, char __user *buf, int bufsiz) |
| 606 | { | 646 | { |
| 607 | int rc; | ||
| 608 | struct dentry *lower_dentry; | ||
| 609 | char *decoded_name; | ||
| 610 | char *lower_buf; | 647 | char *lower_buf; |
| 611 | mm_segment_t old_fs; | 648 | struct dentry *lower_dentry; |
| 612 | struct ecryptfs_crypt_stat *crypt_stat; | 649 | struct ecryptfs_crypt_stat *crypt_stat; |
| 650 | char *plaintext_name; | ||
| 651 | size_t plaintext_name_size; | ||
| 652 | mm_segment_t old_fs; | ||
| 653 | int rc; | ||
| 613 | 654 | ||
| 614 | lower_dentry = ecryptfs_dentry_to_lower(dentry); | 655 | lower_dentry = ecryptfs_dentry_to_lower(dentry); |
| 615 | if (!lower_dentry->d_inode->i_op->readlink) { | 656 | if (!lower_dentry->d_inode->i_op->readlink) { |
| 616 | rc = -EINVAL; | 657 | rc = -EINVAL; |
| 617 | goto out; | 658 | goto out; |
| 618 | } | 659 | } |
| 660 | crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; | ||
| 619 | /* Released in this function */ | 661 | /* Released in this function */ |
| 620 | lower_buf = kmalloc(bufsiz, GFP_KERNEL); | 662 | lower_buf = kmalloc(bufsiz, GFP_KERNEL); |
| 621 | if (lower_buf == NULL) { | 663 | if (lower_buf == NULL) { |
| 622 | ecryptfs_printk(KERN_ERR, "Out of memory\n"); | 664 | printk(KERN_ERR "%s: Out of memory whilst attempting to " |
| 665 | "kmalloc [%d] bytes\n", __func__, bufsiz); | ||
| 623 | rc = -ENOMEM; | 666 | rc = -ENOMEM; |
| 624 | goto out; | 667 | goto out; |
| 625 | } | 668 | } |
| 626 | old_fs = get_fs(); | 669 | old_fs = get_fs(); |
| 627 | set_fs(get_ds()); | 670 | set_fs(get_ds()); |
| 628 | ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " | ||
| 629 | "lower_dentry->d_name.name = [%s]\n", | ||
| 630 | lower_dentry->d_name.name); | ||
| 631 | rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, | 671 | rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, |
| 632 | (char __user *)lower_buf, | 672 | (char __user *)lower_buf, |
| 633 | bufsiz); | 673 | bufsiz); |
| 634 | set_fs(old_fs); | 674 | set_fs(old_fs); |
| 635 | if (rc >= 0) { | 675 | if (rc >= 0) { |
| 636 | crypt_stat = NULL; | 676 | rc = ecryptfs_decode_and_decrypt_filename(&plaintext_name, |
| 637 | rc = ecryptfs_decode_filename(crypt_stat, lower_buf, rc, | 677 | &plaintext_name_size, |
| 638 | &decoded_name); | 678 | dentry, lower_buf, |
| 639 | if (rc == -ENOMEM) | 679 | rc); |
| 680 | if (rc) { | ||
| 681 | printk(KERN_ERR "%s: Error attempting to decode and " | ||
| 682 | "decrypt filename; rc = [%d]\n", __func__, | ||
| 683 | rc); | ||
| 640 | goto out_free_lower_buf; | 684 | goto out_free_lower_buf; |
| 641 | if (rc > 0) { | ||
| 642 | ecryptfs_printk(KERN_DEBUG, "Copying [%d] bytes " | ||
| 643 | "to userspace: [%*s]\n", rc, | ||
| 644 | decoded_name); | ||
| 645 | if (copy_to_user(buf, decoded_name, rc)) | ||
| 646 | rc = -EFAULT; | ||
| 647 | } | 685 | } |
| 648 | kfree(decoded_name); | 686 | rc = copy_to_user(buf, plaintext_name, plaintext_name_size); |
| 649 | fsstack_copy_attr_atime(dentry->d_inode, | 687 | if (rc) |
| 650 | lower_dentry->d_inode); | 688 | rc = -EFAULT; |
| 689 | else | ||
| 690 | rc = plaintext_name_size; | ||
| 691 | kfree(plaintext_name); | ||
| 692 | fsstack_copy_attr_atime(dentry->d_inode, lower_dentry->d_inode); | ||
| 651 | } | 693 | } |
| 652 | out_free_lower_buf: | 694 | out_free_lower_buf: |
| 653 | kfree(lower_buf); | 695 | kfree(lower_buf); |
| @@ -669,8 +711,6 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) | |||
| 669 | } | 711 | } |
| 670 | old_fs = get_fs(); | 712 | old_fs = get_fs(); |
| 671 | set_fs(get_ds()); | 713 | set_fs(get_ds()); |
| 672 | ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ " | ||
| 673 | "dentry->d_name.name = [%s]\n", dentry->d_name.name); | ||
| 674 | rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); | 714 | rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len); |
| 675 | set_fs(old_fs); | 715 | set_fs(old_fs); |
| 676 | if (rc < 0) | 716 | if (rc < 0) |