diff options
Diffstat (limited to 'fs')
-rw-r--r-- | fs/Kconfig | 2 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 101 | ||||
-rw-r--r-- | fs/ecryptfs/messaging.c | 505 | ||||
-rw-r--r-- | fs/ecryptfs/netlink.c | 255 |
4 files changed, 859 insertions, 4 deletions
diff --git a/fs/Kconfig b/fs/Kconfig index 11c59329ed06..488521ed9e9b 100644 --- a/fs/Kconfig +++ b/fs/Kconfig | |||
@@ -1088,7 +1088,7 @@ config AFFS_FS | |||
1088 | 1088 | ||
1089 | config ECRYPT_FS | 1089 | config ECRYPT_FS |
1090 | tristate "eCrypt filesystem layer support (EXPERIMENTAL)" | 1090 | tristate "eCrypt filesystem layer support (EXPERIMENTAL)" |
1091 | depends on EXPERIMENTAL && KEYS && CRYPTO | 1091 | depends on EXPERIMENTAL && KEYS && CRYPTO && NET |
1092 | help | 1092 | help |
1093 | Encrypted filesystem that operates on the VFS layer. See | 1093 | Encrypted filesystem that operates on the VFS layer. See |
1094 | <file:Documentation/ecryptfs.txt> to learn more about | 1094 | <file:Documentation/ecryptfs.txt> to learn more about |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index 0f897109759b..508648efa447 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -6,6 +6,8 @@ | |||
6 | * Copyright (C) 2001-2003 Stony Brook University | 6 | * Copyright (C) 2001-2003 Stony Brook University |
7 | * Copyright (C) 2004-2006 International Business Machines Corp. | 7 | * Copyright (C) 2004-2006 International Business Machines Corp. |
8 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> | 8 | * Author(s): Michael A. Halcrow <mahalcro@us.ibm.com> |
9 | * Trevor S. Highland <trevor.highland@gmail.com> | ||
10 | * Tyler Hicks <tyhicks@ou.edu> | ||
9 | * | 11 | * |
10 | * This program is free software; you can redistribute it and/or | 12 | * This program is free software; you can redistribute it and/or |
11 | * modify it under the terms of the GNU General Public License as | 13 | * modify it under the terms of the GNU General Public License as |
@@ -35,7 +37,7 @@ | |||
35 | /* Version verification for shared data structures w/ userspace */ | 37 | /* Version verification for shared data structures w/ userspace */ |
36 | #define ECRYPTFS_VERSION_MAJOR 0x00 | 38 | #define ECRYPTFS_VERSION_MAJOR 0x00 |
37 | #define ECRYPTFS_VERSION_MINOR 0x04 | 39 | #define ECRYPTFS_VERSION_MINOR 0x04 |
38 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x01 | 40 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x02 |
39 | /* These flags indicate which features are supported by the kernel | 41 | /* These flags indicate which features are supported by the kernel |
40 | * module; userspace tools such as the mount helper read | 42 | * module; userspace tools such as the mount helper read |
41 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine | 43 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine |
@@ -60,10 +62,24 @@ | |||
60 | #define ECRYPTFS_MAX_KEY_BYTES 64 | 62 | #define ECRYPTFS_MAX_KEY_BYTES 64 |
61 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 | 63 | #define ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES 512 |
62 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 | 64 | #define ECRYPTFS_DEFAULT_IV_BYTES 16 |
63 | #define ECRYPTFS_FILE_VERSION 0x01 | 65 | #define ECRYPTFS_FILE_VERSION 0x02 |
64 | #define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192 | 66 | #define ECRYPTFS_DEFAULT_HEADER_EXTENT_SIZE 8192 |
65 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 | 67 | #define ECRYPTFS_DEFAULT_EXTENT_SIZE 4096 |
66 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 | 68 | #define ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE 8192 |
69 | #define ECRYPTFS_DEFAULT_MSG_CTX_ELEMS 32 | ||
70 | #define ECRYPTFS_DEFAULT_SEND_TIMEOUT HZ | ||
71 | #define ECRYPTFS_MAX_MSG_CTX_TTL (HZ*3) | ||
72 | #define ECRYPTFS_NLMSG_HELO 100 | ||
73 | #define ECRYPTFS_NLMSG_QUIT 101 | ||
74 | #define ECRYPTFS_NLMSG_REQUEST 102 | ||
75 | #define ECRYPTFS_NLMSG_RESPONSE 103 | ||
76 | #define ECRYPTFS_MAX_PKI_NAME_BYTES 16 | ||
77 | #define ECRYPTFS_DEFAULT_NUM_USERS 4 | ||
78 | #define ECRYPTFS_MAX_NUM_USERS 32768 | ||
79 | #define ECRYPTFS_TRANSPORT_NETLINK 0 | ||
80 | #define ECRYPTFS_TRANSPORT_CONNECTOR 1 | ||
81 | #define ECRYPTFS_TRANSPORT_RELAYFS 2 | ||
82 | #define ECRYPTFS_DEFAULT_TRANSPORT ECRYPTFS_TRANSPORT_NETLINK | ||
67 | 83 | ||
68 | #define RFC2440_CIPHER_DES3_EDE 0x02 | 84 | #define RFC2440_CIPHER_DES3_EDE 0x02 |
69 | #define RFC2440_CIPHER_CAST_5 0x03 | 85 | #define RFC2440_CIPHER_CAST_5 0x03 |
@@ -77,6 +93,7 @@ | |||
77 | #define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag)) | 93 | #define ECRYPTFS_SET_FLAG(flag_bit_vector, flag) (flag_bit_vector |= (flag)) |
78 | #define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag)) | 94 | #define ECRYPTFS_CLEAR_FLAG(flag_bit_vector, flag) (flag_bit_vector &= ~(flag)) |
79 | #define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag)) | 95 | #define ECRYPTFS_CHECK_FLAG(flag_bit_vector, flag) (flag_bit_vector & (flag)) |
96 | #define RFC2440_CIPHER_RSA 0x01 | ||
80 | 97 | ||
81 | /** | 98 | /** |
82 | * For convenience, we may need to pass around the encrypted session | 99 | * For convenience, we may need to pass around the encrypted session |
@@ -114,6 +131,14 @@ struct ecryptfs_password { | |||
114 | 131 | ||
115 | enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; | 132 | enum ecryptfs_token_types {ECRYPTFS_PASSWORD, ECRYPTFS_PRIVATE_KEY}; |
116 | 133 | ||
134 | struct ecryptfs_private_key { | ||
135 | u32 key_size; | ||
136 | u32 data_len; | ||
137 | u8 signature[ECRYPTFS_PASSWORD_SIG_SIZE + 1]; | ||
138 | char pki_type[ECRYPTFS_MAX_PKI_NAME_BYTES + 1]; | ||
139 | u8 data[]; | ||
140 | }; | ||
141 | |||
117 | /* May be a password or a private key */ | 142 | /* May be a password or a private key */ |
118 | struct ecryptfs_auth_tok { | 143 | struct ecryptfs_auth_tok { |
119 | u16 version; /* 8-bit major and 8-bit minor */ | 144 | u16 version; /* 8-bit major and 8-bit minor */ |
@@ -123,7 +148,7 @@ struct ecryptfs_auth_tok { | |||
123 | u8 reserved[32]; | 148 | u8 reserved[32]; |
124 | union { | 149 | union { |
125 | struct ecryptfs_password password; | 150 | struct ecryptfs_password password; |
126 | /* Private key is in future eCryptfs releases */ | 151 | struct ecryptfs_private_key private_key; |
127 | } token; | 152 | } token; |
128 | } __attribute__ ((packed)); | 153 | } __attribute__ ((packed)); |
129 | 154 | ||
@@ -177,8 +202,13 @@ ecryptfs_get_key_payload_data(struct key *key) | |||
177 | #define ECRYPTFS_DEFAULT_CIPHER "aes" | 202 | #define ECRYPTFS_DEFAULT_CIPHER "aes" |
178 | #define ECRYPTFS_DEFAULT_KEY_BYTES 16 | 203 | #define ECRYPTFS_DEFAULT_KEY_BYTES 16 |
179 | #define ECRYPTFS_DEFAULT_HASH "md5" | 204 | #define ECRYPTFS_DEFAULT_HASH "md5" |
205 | #define ECRYPTFS_TAG_1_PACKET_TYPE 0x01 | ||
180 | #define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C | 206 | #define ECRYPTFS_TAG_3_PACKET_TYPE 0x8C |
181 | #define ECRYPTFS_TAG_11_PACKET_TYPE 0xED | 207 | #define ECRYPTFS_TAG_11_PACKET_TYPE 0xED |
208 | #define ECRYPTFS_TAG_64_PACKET_TYPE 0x40 | ||
209 | #define ECRYPTFS_TAG_65_PACKET_TYPE 0x41 | ||
210 | #define ECRYPTFS_TAG_66_PACKET_TYPE 0x42 | ||
211 | #define ECRYPTFS_TAG_67_PACKET_TYPE 0x43 | ||
182 | #define MD5_DIGEST_SIZE 16 | 212 | #define MD5_DIGEST_SIZE 16 |
183 | 213 | ||
184 | /** | 214 | /** |
@@ -271,6 +301,45 @@ struct ecryptfs_auth_tok_list_item { | |||
271 | struct ecryptfs_auth_tok auth_tok; | 301 | struct ecryptfs_auth_tok auth_tok; |
272 | }; | 302 | }; |
273 | 303 | ||
304 | struct ecryptfs_message { | ||
305 | u32 index; | ||
306 | u32 data_len; | ||
307 | u8 data[]; | ||
308 | }; | ||
309 | |||
310 | struct ecryptfs_msg_ctx { | ||
311 | #define ECRYPTFS_MSG_CTX_STATE_FREE 0x0001 | ||
312 | #define ECRYPTFS_MSG_CTX_STATE_PENDING 0x0002 | ||
313 | #define ECRYPTFS_MSG_CTX_STATE_DONE 0x0003 | ||
314 | u32 state; | ||
315 | unsigned int index; | ||
316 | unsigned int counter; | ||
317 | struct ecryptfs_message *msg; | ||
318 | struct task_struct *task; | ||
319 | struct list_head node; | ||
320 | struct mutex mux; | ||
321 | }; | ||
322 | |||
323 | extern struct list_head ecryptfs_msg_ctx_free_list; | ||
324 | extern struct list_head ecryptfs_msg_ctx_alloc_list; | ||
325 | extern struct mutex ecryptfs_msg_ctx_lists_mux; | ||
326 | |||
327 | #define ecryptfs_uid_hash(uid) \ | ||
328 | hash_long((unsigned long)uid, ecryptfs_hash_buckets) | ||
329 | extern struct hlist_head *ecryptfs_daemon_id_hash; | ||
330 | extern struct mutex ecryptfs_daemon_id_hash_mux; | ||
331 | extern int ecryptfs_hash_buckets; | ||
332 | |||
333 | extern unsigned int ecryptfs_msg_counter; | ||
334 | extern struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | ||
335 | extern unsigned int ecryptfs_transport; | ||
336 | |||
337 | struct ecryptfs_daemon_id { | ||
338 | pid_t pid; | ||
339 | uid_t uid; | ||
340 | struct hlist_node id_chain; | ||
341 | }; | ||
342 | |||
274 | static inline struct ecryptfs_file_info * | 343 | static inline struct ecryptfs_file_info * |
275 | ecryptfs_file_to_private(struct file *file) | 344 | ecryptfs_file_to_private(struct file *file) |
276 | { | 345 | { |
@@ -391,6 +460,9 @@ extern struct super_operations ecryptfs_sops; | |||
391 | extern struct dentry_operations ecryptfs_dops; | 460 | extern struct dentry_operations ecryptfs_dops; |
392 | extern struct address_space_operations ecryptfs_aops; | 461 | extern struct address_space_operations ecryptfs_aops; |
393 | extern int ecryptfs_verbosity; | 462 | extern int ecryptfs_verbosity; |
463 | extern unsigned int ecryptfs_message_buf_len; | ||
464 | extern signed long ecryptfs_message_wait_timeout; | ||
465 | extern unsigned int ecryptfs_number_of_users; | ||
394 | 466 | ||
395 | extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache; | 467 | extern struct kmem_cache *ecryptfs_auth_tok_list_item_cache; |
396 | extern struct kmem_cache *ecryptfs_file_info_cache; | 468 | extern struct kmem_cache *ecryptfs_file_info_cache; |
@@ -484,4 +556,27 @@ int ecryptfs_open_lower_file(struct file **lower_file, | |||
484 | struct vfsmount *lower_mnt, int flags); | 556 | struct vfsmount *lower_mnt, int flags); |
485 | int ecryptfs_close_lower_file(struct file *lower_file); | 557 | int ecryptfs_close_lower_file(struct file *lower_file); |
486 | 558 | ||
559 | int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid); | ||
560 | int ecryptfs_process_quit(uid_t uid, pid_t pid); | ||
561 | int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq); | ||
562 | int ecryptfs_send_message(unsigned int transport, char *data, int data_len, | ||
563 | struct ecryptfs_msg_ctx **msg_ctx); | ||
564 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, | ||
565 | struct ecryptfs_message **emsg); | ||
566 | int ecryptfs_init_messaging(unsigned int transport); | ||
567 | void ecryptfs_release_messaging(unsigned int transport); | ||
568 | |||
569 | int ecryptfs_send_netlink(char *data, int data_len, | ||
570 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | ||
571 | u16 msg_flags, pid_t daemon_pid); | ||
572 | int ecryptfs_init_netlink(void); | ||
573 | void ecryptfs_release_netlink(void); | ||
574 | |||
575 | int ecryptfs_send_connector(char *data, int data_len, | ||
576 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | ||
577 | u16 msg_flags, pid_t daemon_pid); | ||
578 | int ecryptfs_init_connector(void); | ||
579 | void ecryptfs_release_connector(void); | ||
580 | |||
581 | |||
487 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ | 582 | #endif /* #ifndef ECRYPTFS_KERNEL_H */ |
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c new file mode 100644 index 000000000000..c22b32fc8e8c --- /dev/null +++ b/fs/ecryptfs/messaging.c | |||
@@ -0,0 +1,505 @@ | |||
1 | /** | ||
2 | * eCryptfs: Linux filesystem encryption layer | ||
3 | * | ||
4 | * Copyright (C) 2004-2006 International Business Machines Corp. | ||
5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> | ||
6 | * Tyler Hicks <tyhicks@ou.edu> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public License version | ||
10 | * 2 as published by the Free Software Foundation. | ||
11 | * | ||
12 | * This program is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU General Public License | ||
18 | * along with this program; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | ||
20 | * 02111-1307, USA. | ||
21 | */ | ||
22 | |||
23 | #include "ecryptfs_kernel.h" | ||
24 | |||
25 | LIST_HEAD(ecryptfs_msg_ctx_free_list); | ||
26 | LIST_HEAD(ecryptfs_msg_ctx_alloc_list); | ||
27 | struct mutex ecryptfs_msg_ctx_lists_mux; | ||
28 | |||
29 | struct hlist_head *ecryptfs_daemon_id_hash; | ||
30 | struct mutex ecryptfs_daemon_id_hash_mux; | ||
31 | int ecryptfs_hash_buckets; | ||
32 | |||
33 | unsigned int ecryptfs_msg_counter; | ||
34 | struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr; | ||
35 | |||
36 | /** | ||
37 | * ecryptfs_acquire_free_msg_ctx | ||
38 | * @msg_ctx: The context that was acquired from the free list | ||
39 | * | ||
40 | * Acquires a context element from the free list and locks the mutex | ||
41 | * on the context. Returns zero on success; non-zero on error or upon | ||
42 | * failure to acquire a free context element. Be sure to lock the | ||
43 | * list mutex before calling. | ||
44 | */ | ||
45 | static int ecryptfs_acquire_free_msg_ctx(struct ecryptfs_msg_ctx **msg_ctx) | ||
46 | { | ||
47 | struct list_head *p; | ||
48 | int rc; | ||
49 | |||
50 | if (list_empty(&ecryptfs_msg_ctx_free_list)) { | ||
51 | ecryptfs_printk(KERN_WARNING, "The eCryptfs free " | ||
52 | "context list is empty. It may be helpful to " | ||
53 | "specify the ecryptfs_message_buf_len " | ||
54 | "parameter to be greater than the current " | ||
55 | "value of [%d]\n", ecryptfs_message_buf_len); | ||
56 | rc = -ENOMEM; | ||
57 | goto out; | ||
58 | } | ||
59 | list_for_each(p, &ecryptfs_msg_ctx_free_list) { | ||
60 | *msg_ctx = list_entry(p, struct ecryptfs_msg_ctx, node); | ||
61 | if (mutex_trylock(&(*msg_ctx)->mux)) { | ||
62 | (*msg_ctx)->task = current; | ||
63 | rc = 0; | ||
64 | goto out; | ||
65 | } | ||
66 | } | ||
67 | rc = -ENOMEM; | ||
68 | out: | ||
69 | return rc; | ||
70 | } | ||
71 | |||
72 | /** | ||
73 | * ecryptfs_msg_ctx_free_to_alloc | ||
74 | * @msg_ctx: The context to move from the free list to the alloc list | ||
75 | * | ||
76 | * Be sure to lock the list mutex and the context mutex before | ||
77 | * calling. | ||
78 | */ | ||
79 | static void ecryptfs_msg_ctx_free_to_alloc(struct ecryptfs_msg_ctx *msg_ctx) | ||
80 | { | ||
81 | list_move(&msg_ctx->node, &ecryptfs_msg_ctx_alloc_list); | ||
82 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_PENDING; | ||
83 | msg_ctx->counter = ++ecryptfs_msg_counter; | ||
84 | } | ||
85 | |||
86 | /** | ||
87 | * ecryptfs_msg_ctx_alloc_to_free | ||
88 | * @msg_ctx: The context to move from the alloc list to the free list | ||
89 | * | ||
90 | * Be sure to lock the list mutex and the context mutex before | ||
91 | * calling. | ||
92 | */ | ||
93 | static void ecryptfs_msg_ctx_alloc_to_free(struct ecryptfs_msg_ctx *msg_ctx) | ||
94 | { | ||
95 | list_move(&(msg_ctx->node), &ecryptfs_msg_ctx_free_list); | ||
96 | if (msg_ctx->msg) | ||
97 | kfree(msg_ctx->msg); | ||
98 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_FREE; | ||
99 | } | ||
100 | |||
101 | /** | ||
102 | * ecryptfs_find_daemon_id | ||
103 | * @uid: The user id which maps to the desired daemon id | ||
104 | * @id: If return value is zero, points to the desired daemon id | ||
105 | * pointer | ||
106 | * | ||
107 | * Search the hash list for the given user id. Returns zero if the | ||
108 | * user id exists in the list; non-zero otherwise. The daemon id hash | ||
109 | * mutex should be held before calling this function. | ||
110 | */ | ||
111 | static int ecryptfs_find_daemon_id(uid_t uid, struct ecryptfs_daemon_id **id) | ||
112 | { | ||
113 | struct hlist_node *elem; | ||
114 | int rc; | ||
115 | |||
116 | hlist_for_each_entry(*id, elem, | ||
117 | &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)], | ||
118 | id_chain) { | ||
119 | if ((*id)->uid == uid) { | ||
120 | rc = 0; | ||
121 | goto out; | ||
122 | } | ||
123 | } | ||
124 | rc = -EINVAL; | ||
125 | out: | ||
126 | return rc; | ||
127 | } | ||
128 | |||
129 | static int ecryptfs_send_raw_message(unsigned int transport, u16 msg_type, | ||
130 | pid_t pid) | ||
131 | { | ||
132 | int rc; | ||
133 | |||
134 | switch(transport) { | ||
135 | case ECRYPTFS_TRANSPORT_NETLINK: | ||
136 | rc = ecryptfs_send_netlink(NULL, 0, NULL, msg_type, 0, pid); | ||
137 | break; | ||
138 | case ECRYPTFS_TRANSPORT_CONNECTOR: | ||
139 | case ECRYPTFS_TRANSPORT_RELAYFS: | ||
140 | default: | ||
141 | rc = -ENOSYS; | ||
142 | } | ||
143 | return rc; | ||
144 | } | ||
145 | |||
146 | /** | ||
147 | * ecryptfs_process_helo | ||
148 | * @transport: The underlying transport (netlink, etc.) | ||
149 | * @uid: The user ID owner of the message | ||
150 | * @pid: The process ID for the userspace program that sent the | ||
151 | * message | ||
152 | * | ||
153 | * Adds the uid and pid values to the daemon id hash. If a uid | ||
154 | * already has a daemon pid registered, the daemon will be | ||
155 | * unregistered before the new daemon id is put into the hash list. | ||
156 | * Returns zero after adding a new daemon id to the hash list; | ||
157 | * non-zero otherwise. | ||
158 | */ | ||
159 | int ecryptfs_process_helo(unsigned int transport, uid_t uid, pid_t pid) | ||
160 | { | ||
161 | struct ecryptfs_daemon_id *new_id; | ||
162 | struct ecryptfs_daemon_id *old_id; | ||
163 | int rc; | ||
164 | |||
165 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | ||
166 | new_id = kmalloc(sizeof(*new_id), GFP_KERNEL); | ||
167 | if (!new_id) { | ||
168 | rc = -ENOMEM; | ||
169 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory; unable " | ||
170 | "to register daemon [%d] for user\n", pid, uid); | ||
171 | goto unlock; | ||
172 | } | ||
173 | if (!ecryptfs_find_daemon_id(uid, &old_id)) { | ||
174 | printk(KERN_WARNING "Received request from user [%d] " | ||
175 | "to register daemon [%d]; unregistering daemon " | ||
176 | "[%d]\n", uid, pid, old_id->pid); | ||
177 | hlist_del(&old_id->id_chain); | ||
178 | rc = ecryptfs_send_raw_message(transport, ECRYPTFS_NLMSG_QUIT, | ||
179 | old_id->pid); | ||
180 | if (rc) | ||
181 | printk(KERN_WARNING "Failed to send QUIT " | ||
182 | "message to daemon [%d]; rc = [%d]\n", | ||
183 | old_id->pid, rc); | ||
184 | kfree(old_id); | ||
185 | } | ||
186 | new_id->uid = uid; | ||
187 | new_id->pid = pid; | ||
188 | hlist_add_head(&new_id->id_chain, | ||
189 | &ecryptfs_daemon_id_hash[ecryptfs_uid_hash(uid)]); | ||
190 | rc = 0; | ||
191 | unlock: | ||
192 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
193 | return rc; | ||
194 | } | ||
195 | |||
196 | /** | ||
197 | * ecryptfs_process_quit | ||
198 | * @uid: The user ID owner of the message | ||
199 | * @pid: The process ID for the userspace program that sent the | ||
200 | * message | ||
201 | * | ||
202 | * Deletes the corresponding daemon id for the given uid and pid, if | ||
203 | * it is the registered that is requesting the deletion. Returns zero | ||
204 | * after deleting the desired daemon id; non-zero otherwise. | ||
205 | */ | ||
206 | int ecryptfs_process_quit(uid_t uid, pid_t pid) | ||
207 | { | ||
208 | struct ecryptfs_daemon_id *id; | ||
209 | int rc; | ||
210 | |||
211 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | ||
212 | if (ecryptfs_find_daemon_id(uid, &id)) { | ||
213 | rc = -EINVAL; | ||
214 | ecryptfs_printk(KERN_ERR, "Received request from user [%d] to " | ||
215 | "unregister unrecognized daemon [%d]\n", uid, | ||
216 | pid); | ||
217 | goto unlock; | ||
218 | } | ||
219 | if (id->pid != pid) { | ||
220 | rc = -EINVAL; | ||
221 | ecryptfs_printk(KERN_WARNING, "Received request from user [%d] " | ||
222 | "with pid [%d] to unregister daemon [%d]\n", | ||
223 | uid, pid, id->pid); | ||
224 | goto unlock; | ||
225 | } | ||
226 | hlist_del(&id->id_chain); | ||
227 | kfree(id); | ||
228 | rc = 0; | ||
229 | unlock: | ||
230 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
231 | return rc; | ||
232 | } | ||
233 | |||
234 | /** | ||
235 | * ecryptfs_process_reponse | ||
236 | * @msg: The ecryptfs message received; the caller should sanity check | ||
237 | * msg->data_len | ||
238 | * @pid: The process ID of the userspace application that sent the | ||
239 | * message | ||
240 | * @seq: The sequence number of the message | ||
241 | * | ||
242 | * Processes a response message after sending a operation request to | ||
243 | * userspace. Returns zero upon delivery to desired context element; | ||
244 | * non-zero upon delivery failure or error. | ||
245 | */ | ||
246 | int ecryptfs_process_response(struct ecryptfs_message *msg, pid_t pid, u32 seq) | ||
247 | { | ||
248 | struct ecryptfs_daemon_id *id; | ||
249 | struct ecryptfs_msg_ctx *msg_ctx; | ||
250 | int msg_size; | ||
251 | int rc; | ||
252 | |||
253 | if (msg->index >= ecryptfs_message_buf_len) { | ||
254 | rc = -EINVAL; | ||
255 | ecryptfs_printk(KERN_ERR, "Attempt to reference " | ||
256 | "context buffer at index [%d]; maximum " | ||
257 | "allowable is [%d]\n", msg->index, | ||
258 | (ecryptfs_message_buf_len - 1)); | ||
259 | goto out; | ||
260 | } | ||
261 | msg_ctx = &ecryptfs_msg_ctx_arr[msg->index]; | ||
262 | mutex_lock(&msg_ctx->mux); | ||
263 | if (ecryptfs_find_daemon_id(msg_ctx->task->euid, &id)) { | ||
264 | rc = -EBADMSG; | ||
265 | ecryptfs_printk(KERN_WARNING, "User [%d] received a " | ||
266 | "message response from process [%d] but does " | ||
267 | "not have a registered daemon\n", | ||
268 | msg_ctx->task->euid, pid); | ||
269 | goto wake_up; | ||
270 | } | ||
271 | if (id->pid != pid) { | ||
272 | rc = -EBADMSG; | ||
273 | ecryptfs_printk(KERN_ERR, "User [%d] received a " | ||
274 | "message response from an unrecognized " | ||
275 | "process [%d]\n", msg_ctx->task->euid, pid); | ||
276 | goto unlock; | ||
277 | } | ||
278 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | ||
279 | rc = -EINVAL; | ||
280 | ecryptfs_printk(KERN_WARNING, "Desired context element is not " | ||
281 | "pending a response\n"); | ||
282 | goto unlock; | ||
283 | } else if (msg_ctx->counter != seq) { | ||
284 | rc = -EINVAL; | ||
285 | ecryptfs_printk(KERN_WARNING, "Invalid message sequence; " | ||
286 | "expected [%d]; received [%d]\n", | ||
287 | msg_ctx->counter, seq); | ||
288 | goto unlock; | ||
289 | } | ||
290 | msg_size = sizeof(*msg) + msg->data_len; | ||
291 | msg_ctx->msg = kmalloc(msg_size, GFP_KERNEL); | ||
292 | if (!msg_ctx->msg) { | ||
293 | rc = -ENOMEM; | ||
294 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | ||
295 | goto unlock; | ||
296 | } | ||
297 | memcpy(msg_ctx->msg, msg, msg_size); | ||
298 | msg_ctx->state = ECRYPTFS_MSG_CTX_STATE_DONE; | ||
299 | rc = 0; | ||
300 | wake_up: | ||
301 | wake_up_process(msg_ctx->task); | ||
302 | unlock: | ||
303 | mutex_unlock(&msg_ctx->mux); | ||
304 | out: | ||
305 | return rc; | ||
306 | } | ||
307 | |||
308 | /** | ||
309 | * ecryptfs_send_message | ||
310 | * @transport: The transport over which to send the message (i.e., | ||
311 | * netlink) | ||
312 | * @data: The data to send | ||
313 | * @data_len: The length of data | ||
314 | * @msg_ctx: The message context allocated for the send | ||
315 | */ | ||
316 | int ecryptfs_send_message(unsigned int transport, char *data, int data_len, | ||
317 | struct ecryptfs_msg_ctx **msg_ctx) | ||
318 | { | ||
319 | struct ecryptfs_daemon_id *id; | ||
320 | int rc; | ||
321 | |||
322 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | ||
323 | if (ecryptfs_find_daemon_id(current->euid, &id)) { | ||
324 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
325 | rc = -ENOTCONN; | ||
326 | ecryptfs_printk(KERN_ERR, "User [%d] does not have a daemon " | ||
327 | "registered\n", current->euid); | ||
328 | goto out; | ||
329 | } | ||
330 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
331 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | ||
332 | rc = ecryptfs_acquire_free_msg_ctx(msg_ctx); | ||
333 | if (rc) { | ||
334 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
335 | ecryptfs_printk(KERN_WARNING, "Could not claim a free " | ||
336 | "context element\n"); | ||
337 | goto out; | ||
338 | } | ||
339 | ecryptfs_msg_ctx_free_to_alloc(*msg_ctx); | ||
340 | mutex_unlock(&(*msg_ctx)->mux); | ||
341 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
342 | switch (transport) { | ||
343 | case ECRYPTFS_TRANSPORT_NETLINK: | ||
344 | rc = ecryptfs_send_netlink(data, data_len, *msg_ctx, | ||
345 | ECRYPTFS_NLMSG_REQUEST, 0, id->pid); | ||
346 | break; | ||
347 | case ECRYPTFS_TRANSPORT_CONNECTOR: | ||
348 | case ECRYPTFS_TRANSPORT_RELAYFS: | ||
349 | default: | ||
350 | rc = -ENOSYS; | ||
351 | } | ||
352 | if (rc) { | ||
353 | printk(KERN_ERR "Error attempting to send message to userspace " | ||
354 | "daemon; rc = [%d]\n", rc); | ||
355 | } | ||
356 | out: | ||
357 | return rc; | ||
358 | } | ||
359 | |||
360 | /** | ||
361 | * ecryptfs_wait_for_response | ||
362 | * @msg_ctx: The context that was assigned when sending a message | ||
363 | * @msg: The incoming message from userspace; not set if rc != 0 | ||
364 | * | ||
365 | * Sleeps until awaken by ecryptfs_receive_message or until the amount | ||
366 | * of time exceeds ecryptfs_message_wait_timeout. If zero is | ||
367 | * returned, msg will point to a valid message from userspace; a | ||
368 | * non-zero value is returned upon failure to receive a message or an | ||
369 | * error occurs. | ||
370 | */ | ||
371 | int ecryptfs_wait_for_response(struct ecryptfs_msg_ctx *msg_ctx, | ||
372 | struct ecryptfs_message **msg) | ||
373 | { | ||
374 | signed long timeout = ecryptfs_message_wait_timeout * HZ; | ||
375 | int rc = 0; | ||
376 | |||
377 | sleep: | ||
378 | timeout = schedule_timeout_interruptible(timeout); | ||
379 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | ||
380 | mutex_lock(&msg_ctx->mux); | ||
381 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_DONE) { | ||
382 | if (timeout) { | ||
383 | mutex_unlock(&msg_ctx->mux); | ||
384 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
385 | goto sleep; | ||
386 | } | ||
387 | rc = -ENOMSG; | ||
388 | } else { | ||
389 | *msg = msg_ctx->msg; | ||
390 | msg_ctx->msg = NULL; | ||
391 | } | ||
392 | ecryptfs_msg_ctx_alloc_to_free(msg_ctx); | ||
393 | mutex_unlock(&msg_ctx->mux); | ||
394 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
395 | return rc; | ||
396 | } | ||
397 | |||
398 | int ecryptfs_init_messaging(unsigned int transport) | ||
399 | { | ||
400 | int i; | ||
401 | int rc = 0; | ||
402 | |||
403 | if (ecryptfs_number_of_users > ECRYPTFS_MAX_NUM_USERS) { | ||
404 | ecryptfs_number_of_users = ECRYPTFS_MAX_NUM_USERS; | ||
405 | ecryptfs_printk(KERN_WARNING, "Specified number of users is " | ||
406 | "too large, defaulting to [%d] users\n", | ||
407 | ecryptfs_number_of_users); | ||
408 | } | ||
409 | mutex_init(&ecryptfs_daemon_id_hash_mux); | ||
410 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | ||
411 | ecryptfs_hash_buckets = 0; | ||
412 | while (ecryptfs_number_of_users >> ++ecryptfs_hash_buckets); | ||
413 | ecryptfs_daemon_id_hash = kmalloc(sizeof(struct hlist_head) | ||
414 | * ecryptfs_hash_buckets, GFP_KERNEL); | ||
415 | if (!ecryptfs_daemon_id_hash) { | ||
416 | rc = -ENOMEM; | ||
417 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | ||
418 | goto out; | ||
419 | } | ||
420 | for (i = 0; i < ecryptfs_hash_buckets; i++) | ||
421 | INIT_HLIST_HEAD(&ecryptfs_daemon_id_hash[i]); | ||
422 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
423 | |||
424 | ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx) | ||
425 | * ecryptfs_message_buf_len), GFP_KERNEL); | ||
426 | if (!ecryptfs_msg_ctx_arr) { | ||
427 | rc = -ENOMEM; | ||
428 | ecryptfs_printk(KERN_ERR, "Failed to allocate memory\n"); | ||
429 | goto out; | ||
430 | } | ||
431 | mutex_init(&ecryptfs_msg_ctx_lists_mux); | ||
432 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | ||
433 | ecryptfs_msg_counter = 0; | ||
434 | for (i = 0; i < ecryptfs_message_buf_len; i++) { | ||
435 | INIT_LIST_HEAD(&ecryptfs_msg_ctx_arr[i].node); | ||
436 | mutex_init(&ecryptfs_msg_ctx_arr[i].mux); | ||
437 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); | ||
438 | ecryptfs_msg_ctx_arr[i].index = i; | ||
439 | ecryptfs_msg_ctx_arr[i].state = ECRYPTFS_MSG_CTX_STATE_FREE; | ||
440 | ecryptfs_msg_ctx_arr[i].counter = 0; | ||
441 | ecryptfs_msg_ctx_arr[i].task = NULL; | ||
442 | ecryptfs_msg_ctx_arr[i].msg = NULL; | ||
443 | list_add_tail(&ecryptfs_msg_ctx_arr[i].node, | ||
444 | &ecryptfs_msg_ctx_free_list); | ||
445 | mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); | ||
446 | } | ||
447 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
448 | switch(transport) { | ||
449 | case ECRYPTFS_TRANSPORT_NETLINK: | ||
450 | rc = ecryptfs_init_netlink(); | ||
451 | if (rc) | ||
452 | ecryptfs_release_messaging(transport); | ||
453 | break; | ||
454 | case ECRYPTFS_TRANSPORT_CONNECTOR: | ||
455 | case ECRYPTFS_TRANSPORT_RELAYFS: | ||
456 | default: | ||
457 | rc = -ENOSYS; | ||
458 | } | ||
459 | out: | ||
460 | return rc; | ||
461 | } | ||
462 | |||
463 | void ecryptfs_release_messaging(unsigned int transport) | ||
464 | { | ||
465 | if (ecryptfs_msg_ctx_arr) { | ||
466 | int i; | ||
467 | |||
468 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | ||
469 | for (i = 0; i < ecryptfs_message_buf_len; i++) { | ||
470 | mutex_lock(&ecryptfs_msg_ctx_arr[i].mux); | ||
471 | if (ecryptfs_msg_ctx_arr[i].msg) | ||
472 | kfree(ecryptfs_msg_ctx_arr[i].msg); | ||
473 | mutex_unlock(&ecryptfs_msg_ctx_arr[i].mux); | ||
474 | } | ||
475 | kfree(ecryptfs_msg_ctx_arr); | ||
476 | mutex_unlock(&ecryptfs_msg_ctx_lists_mux); | ||
477 | } | ||
478 | if (ecryptfs_daemon_id_hash) { | ||
479 | struct hlist_node *elem; | ||
480 | struct ecryptfs_daemon_id *id; | ||
481 | int i; | ||
482 | |||
483 | mutex_lock(&ecryptfs_daemon_id_hash_mux); | ||
484 | for (i = 0; i < ecryptfs_hash_buckets; i++) { | ||
485 | hlist_for_each_entry(id, elem, | ||
486 | &ecryptfs_daemon_id_hash[i], | ||
487 | id_chain) { | ||
488 | hlist_del(elem); | ||
489 | kfree(id); | ||
490 | } | ||
491 | } | ||
492 | kfree(ecryptfs_daemon_id_hash); | ||
493 | mutex_unlock(&ecryptfs_daemon_id_hash_mux); | ||
494 | } | ||
495 | switch(transport) { | ||
496 | case ECRYPTFS_TRANSPORT_NETLINK: | ||
497 | ecryptfs_release_netlink(); | ||
498 | break; | ||
499 | case ECRYPTFS_TRANSPORT_CONNECTOR: | ||
500 | case ECRYPTFS_TRANSPORT_RELAYFS: | ||
501 | default: | ||
502 | break; | ||
503 | } | ||
504 | return; | ||
505 | } | ||
diff --git a/fs/ecryptfs/netlink.c b/fs/ecryptfs/netlink.c new file mode 100644 index 000000000000..aba061d62118 --- /dev/null +++ b/fs/ecryptfs/netlink.c | |||
@@ -0,0 +1,255 @@ | |||
1 | /** | ||
2 | * eCryptfs: Linux filesystem encryption layer | ||
3 | * | ||
4 | * Copyright (C) 2004-2006 International Business Machines Corp. | ||
5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> | ||
6 | * Tyler Hicks <tyhicks@ou.edu> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public License version | ||
10 | * 2 as published by the Free Software Foundation. | ||
11 | * | ||
12 | * This program is distributed in the hope that it will be useful, but | ||
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
15 | * General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU General Public License | ||
18 | * along with this program; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | ||
20 | * 02111-1307, USA. | ||
21 | */ | ||
22 | |||
23 | #include <net/sock.h> | ||
24 | #include <linux/hash.h> | ||
25 | #include <linux/random.h> | ||
26 | #include "ecryptfs_kernel.h" | ||
27 | |||
28 | static struct sock *ecryptfs_nl_sock; | ||
29 | |||
30 | /** | ||
31 | * ecryptfs_send_netlink | ||
32 | * @data: The data to include as the payload | ||
33 | * @data_len: The byte count of the data | ||
34 | * @msg_ctx: The netlink context that will be used to handle the | ||
35 | * response message | ||
36 | * @msg_type: The type of netlink message to send | ||
37 | * @msg_flags: The flags to include in the netlink header | ||
38 | * @daemon_pid: The process id of the daemon to send the message to | ||
39 | * | ||
40 | * Sends the data to the specified daemon pid and uses the netlink | ||
41 | * context element to store the data needed for validation upon | ||
42 | * receiving the response. The data and the netlink context can be | ||
43 | * null if just sending a netlink header is sufficient. Returns zero | ||
44 | * upon sending the message; non-zero upon error. | ||
45 | */ | ||
46 | int ecryptfs_send_netlink(char *data, int data_len, | ||
47 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | ||
48 | u16 msg_flags, pid_t daemon_pid) | ||
49 | { | ||
50 | struct sk_buff *skb; | ||
51 | struct nlmsghdr *nlh; | ||
52 | struct ecryptfs_message *msg; | ||
53 | size_t payload_len; | ||
54 | int rc; | ||
55 | |||
56 | payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0); | ||
57 | skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL); | ||
58 | if (!skb) { | ||
59 | rc = -ENOMEM; | ||
60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); | ||
61 | goto out; | ||
62 | } | ||
63 | nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0, | ||
64 | msg_type, payload_len); | ||
65 | nlh->nlmsg_flags = msg_flags; | ||
66 | if (msg_ctx && payload_len) { | ||
67 | msg = (struct ecryptfs_message *)NLMSG_DATA(nlh); | ||
68 | msg->index = msg_ctx->index; | ||
69 | msg->data_len = data_len; | ||
70 | memcpy(msg->data, data, data_len); | ||
71 | } | ||
72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0); | ||
73 | if (rc < 0) { | ||
74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " | ||
75 | "message; rc = [%d]\n", rc); | ||
76 | goto out; | ||
77 | } | ||
78 | rc = 0; | ||
79 | goto out; | ||
80 | nlmsg_failure: | ||
81 | rc = -EMSGSIZE; | ||
82 | kfree_skb(skb); | ||
83 | out: | ||
84 | return rc; | ||
85 | } | ||
86 | |||
87 | /** | ||
88 | * ecryptfs_process_nl_reponse | ||
89 | * @skb: The socket buffer containing the netlink message of state | ||
90 | * RESPONSE | ||
91 | * | ||
92 | * Processes a response message after sending a operation request to | ||
93 | * userspace. Attempts to assign the msg to a netlink context element | ||
94 | * at the index specified in the msg. The sk_buff and nlmsghdr must | ||
95 | * be validated before this function. Returns zero upon delivery to | ||
96 | * desired context element; non-zero upon delivery failure or error. | ||
97 | */ | ||
98 | static int ecryptfs_process_nl_response(struct sk_buff *skb) | ||
99 | { | ||
100 | struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data; | ||
101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); | ||
102 | int rc; | ||
103 | |||
104 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { | ||
105 | rc = -EINVAL; | ||
106 | ecryptfs_printk(KERN_ERR, "Received netlink message with " | ||
107 | "incorrectly specified data length\n"); | ||
108 | goto out; | ||
109 | } | ||
110 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->pid, | ||
111 | nlh->nlmsg_seq); | ||
112 | if (rc) | ||
113 | printk(KERN_ERR | ||
114 | "Error processing response message; rc = [%d]\n", rc); | ||
115 | out: | ||
116 | return rc; | ||
117 | } | ||
118 | |||
119 | /** | ||
120 | * ecryptfs_process_nl_helo | ||
121 | * @skb: The socket buffer containing the nlmsghdr in HELO state | ||
122 | * | ||
123 | * Gets uid and pid of the skb and adds the values to the daemon id | ||
124 | * hash. Returns zero after adding a new daemon id to the hash list; | ||
125 | * non-zero otherwise. | ||
126 | */ | ||
127 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) | ||
128 | { | ||
129 | int rc; | ||
130 | |||
131 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, | ||
132 | NETLINK_CREDS(skb)->uid, | ||
133 | NETLINK_CREDS(skb)->pid); | ||
134 | if (rc) | ||
135 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); | ||
136 | return rc; | ||
137 | } | ||
138 | |||
139 | /** | ||
140 | * ecryptfs_process_nl_quit | ||
141 | * @skb: The socket buffer containing the nlmsghdr in QUIT state | ||
142 | * | ||
143 | * Gets uid and pid of the skb and deletes the corresponding daemon | ||
144 | * id, if it is the registered that is requesting the | ||
145 | * deletion. Returns zero after deleting the desired daemon id; | ||
146 | * non-zero otherwise. | ||
147 | */ | ||
148 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) | ||
149 | { | ||
150 | int rc; | ||
151 | |||
152 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, | ||
153 | NETLINK_CREDS(skb)->pid); | ||
154 | if (rc) | ||
155 | printk(KERN_WARNING | ||
156 | "Error processing QUIT message; rc = [%d]\n", rc); | ||
157 | return rc; | ||
158 | } | ||
159 | |||
160 | /** | ||
161 | * ecryptfs_receive_nl_message | ||
162 | * | ||
163 | * Callback function called by netlink system when a message arrives. | ||
164 | * If the message looks to be valid, then an attempt is made to assign | ||
165 | * it to its desired netlink context element and wake up the process | ||
166 | * that is waiting for a response. | ||
167 | */ | ||
168 | static void ecryptfs_receive_nl_message(struct sock *sk, int len) | ||
169 | { | ||
170 | struct sk_buff *skb; | ||
171 | struct nlmsghdr *nlh; | ||
172 | int rc = 0; /* skb_recv_datagram requires this */ | ||
173 | |||
174 | receive: | ||
175 | skb = skb_recv_datagram(sk, 0, 0, &rc); | ||
176 | if (rc == -EINTR) | ||
177 | goto receive; | ||
178 | else if (rc < 0) { | ||
179 | ecryptfs_printk(KERN_ERR, "Error occurred while " | ||
180 | "receiving eCryptfs netlink message; " | ||
181 | "rc = [%d]\n", rc); | ||
182 | return; | ||
183 | } | ||
184 | nlh = (struct nlmsghdr *)skb->data; | ||
185 | if (!NLMSG_OK(nlh, skb->len)) { | ||
186 | ecryptfs_printk(KERN_ERR, "Received corrupt netlink " | ||
187 | "message\n"); | ||
188 | goto free; | ||
189 | } | ||
190 | switch (nlh->nlmsg_type) { | ||
191 | case ECRYPTFS_NLMSG_RESPONSE: | ||
192 | if (ecryptfs_process_nl_response(skb)) { | ||
193 | ecryptfs_printk(KERN_WARNING, "Failed to " | ||
194 | "deliver netlink response to " | ||
195 | "requesting operation\n"); | ||
196 | } | ||
197 | break; | ||
198 | case ECRYPTFS_NLMSG_HELO: | ||
199 | if (ecryptfs_process_nl_helo(skb)) { | ||
200 | ecryptfs_printk(KERN_WARNING, "Failed to " | ||
201 | "fulfill HELO request\n"); | ||
202 | } | ||
203 | break; | ||
204 | case ECRYPTFS_NLMSG_QUIT: | ||
205 | if (ecryptfs_process_nl_quit(skb)) { | ||
206 | ecryptfs_printk(KERN_WARNING, "Failed to " | ||
207 | "fulfill QUIT request\n"); | ||
208 | } | ||
209 | break; | ||
210 | default: | ||
211 | ecryptfs_printk(KERN_WARNING, "Dropping netlink " | ||
212 | "message of unrecognized type [%d]\n", | ||
213 | nlh->nlmsg_type); | ||
214 | break; | ||
215 | } | ||
216 | free: | ||
217 | kfree_skb(skb); | ||
218 | } | ||
219 | |||
220 | /** | ||
221 | * ecryptfs_init_netlink | ||
222 | * | ||
223 | * Initializes the daemon id hash list, netlink context array, and | ||
224 | * necessary locks. Returns zero upon success; non-zero upon error. | ||
225 | */ | ||
226 | int ecryptfs_init_netlink(void) | ||
227 | { | ||
228 | int rc; | ||
229 | |||
230 | ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0, | ||
231 | ecryptfs_receive_nl_message, | ||
232 | THIS_MODULE); | ||
233 | if (!ecryptfs_nl_sock) { | ||
234 | rc = -EIO; | ||
235 | ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n"); | ||
236 | goto out; | ||
237 | } | ||
238 | ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT; | ||
239 | rc = 0; | ||
240 | out: | ||
241 | return rc; | ||
242 | } | ||
243 | |||
244 | /** | ||
245 | * ecryptfs_release_netlink | ||
246 | * | ||
247 | * Frees all memory used by the netlink context array and releases the | ||
248 | * netlink socket. | ||
249 | */ | ||
250 | void ecryptfs_release_netlink(void) | ||
251 | { | ||
252 | if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket) | ||
253 | sock_release(ecryptfs_nl_sock->sk_socket); | ||
254 | ecryptfs_nl_sock = NULL; | ||
255 | } | ||