blob: e3aa2253c8508e1b316a0b3a32e04472cdb51712 [file] [log] [blame]
Michael Halcrow88b4a072007-02-12 00:53:43 -08001/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include <net/sock.h>
24#include <linux/hash.h>
25#include <linux/random.h>
26#include "ecryptfs_kernel.h"
27
28static struct sock *ecryptfs_nl_sock;
29
30/**
31 * ecryptfs_send_netlink
32 * @data: The data to include as the payload
33 * @data_len: The byte count of the data
34 * @msg_ctx: The netlink context that will be used to handle the
35 * response message
36 * @msg_type: The type of netlink message to send
37 * @msg_flags: The flags to include in the netlink header
38 * @daemon_pid: The process id of the daemon to send the message to
39 *
40 * Sends the data to the specified daemon pid and uses the netlink
41 * context element to store the data needed for validation upon
42 * receiving the response. The data and the netlink context can be
43 * null if just sending a netlink header is sufficient. Returns zero
44 * upon sending the message; non-zero upon error.
45 */
46int ecryptfs_send_netlink(char *data, int data_len,
47 struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type,
48 u16 msg_flags, pid_t daemon_pid)
49{
50 struct sk_buff *skb;
51 struct nlmsghdr *nlh;
52 struct ecryptfs_message *msg;
53 size_t payload_len;
54 int rc;
55
56 payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0);
57 skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL);
58 if (!skb) {
59 rc = -ENOMEM;
60 ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n");
61 goto out;
62 }
63 nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0,
64 msg_type, payload_len);
65 nlh->nlmsg_flags = msg_flags;
66 if (msg_ctx && payload_len) {
67 msg = (struct ecryptfs_message *)NLMSG_DATA(nlh);
68 msg->index = msg_ctx->index;
69 msg->data_len = data_len;
70 memcpy(msg->data, data, data_len);
71 }
72 rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0);
73 if (rc < 0) {
74 ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink "
75 "message; rc = [%d]\n", rc);
76 goto out;
77 }
78 rc = 0;
79 goto out;
80nlmsg_failure:
81 rc = -EMSGSIZE;
82 kfree_skb(skb);
83out:
84 return rc;
85}
86
87/**
88 * ecryptfs_process_nl_reponse
89 * @skb: The socket buffer containing the netlink message of state
90 * RESPONSE
91 *
92 * Processes a response message after sending a operation request to
93 * userspace. Attempts to assign the msg to a netlink context element
94 * at the index specified in the msg. The sk_buff and nlmsghdr must
95 * be validated before this function. Returns zero upon delivery to
96 * desired context element; non-zero upon delivery failure or error.
97 */
98static int ecryptfs_process_nl_response(struct sk_buff *skb)
99{
100 struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data;
101 struct ecryptfs_message *msg = NLMSG_DATA(nlh);
102 int rc;
103
104 if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) {
105 rc = -EINVAL;
106 ecryptfs_printk(KERN_ERR, "Received netlink message with "
107 "incorrectly specified data length\n");
108 goto out;
109 }
Michael Halcrowdddfa462007-02-12 00:53:44 -0800110 rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid,
111 NETLINK_CREDS(skb)->pid, nlh->nlmsg_seq);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800112 if (rc)
113 printk(KERN_ERR
114 "Error processing response message; rc = [%d]\n", rc);
115out:
116 return rc;
117}
118
119/**
120 * ecryptfs_process_nl_helo
121 * @skb: The socket buffer containing the nlmsghdr in HELO state
122 *
123 * Gets uid and pid of the skb and adds the values to the daemon id
124 * hash. Returns zero after adding a new daemon id to the hash list;
125 * non-zero otherwise.
126 */
127static int ecryptfs_process_nl_helo(struct sk_buff *skb)
128{
129 int rc;
130
131 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK,
132 NETLINK_CREDS(skb)->uid,
133 NETLINK_CREDS(skb)->pid);
134 if (rc)
135 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
136 return rc;
137}
138
139/**
140 * ecryptfs_process_nl_quit
141 * @skb: The socket buffer containing the nlmsghdr in QUIT state
142 *
143 * Gets uid and pid of the skb and deletes the corresponding daemon
144 * id, if it is the registered that is requesting the
145 * deletion. Returns zero after deleting the desired daemon id;
146 * non-zero otherwise.
147 */
148static int ecryptfs_process_nl_quit(struct sk_buff *skb)
149{
150 int rc;
151
152 rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid,
153 NETLINK_CREDS(skb)->pid);
154 if (rc)
155 printk(KERN_WARNING
156 "Error processing QUIT message; rc = [%d]\n", rc);
157 return rc;
158}
159
160/**
161 * ecryptfs_receive_nl_message
162 *
163 * Callback function called by netlink system when a message arrives.
164 * If the message looks to be valid, then an attempt is made to assign
165 * it to its desired netlink context element and wake up the process
166 * that is waiting for a response.
167 */
168static void ecryptfs_receive_nl_message(struct sock *sk, int len)
169{
170 struct sk_buff *skb;
171 struct nlmsghdr *nlh;
172 int rc = 0; /* skb_recv_datagram requires this */
173
174receive:
175 skb = skb_recv_datagram(sk, 0, 0, &rc);
176 if (rc == -EINTR)
177 goto receive;
178 else if (rc < 0) {
179 ecryptfs_printk(KERN_ERR, "Error occurred while "
180 "receiving eCryptfs netlink message; "
181 "rc = [%d]\n", rc);
182 return;
183 }
184 nlh = (struct nlmsghdr *)skb->data;
185 if (!NLMSG_OK(nlh, skb->len)) {
186 ecryptfs_printk(KERN_ERR, "Received corrupt netlink "
187 "message\n");
188 goto free;
189 }
190 switch (nlh->nlmsg_type) {
191 case ECRYPTFS_NLMSG_RESPONSE:
192 if (ecryptfs_process_nl_response(skb)) {
193 ecryptfs_printk(KERN_WARNING, "Failed to "
194 "deliver netlink response to "
195 "requesting operation\n");
196 }
197 break;
198 case ECRYPTFS_NLMSG_HELO:
199 if (ecryptfs_process_nl_helo(skb)) {
200 ecryptfs_printk(KERN_WARNING, "Failed to "
201 "fulfill HELO request\n");
202 }
203 break;
204 case ECRYPTFS_NLMSG_QUIT:
205 if (ecryptfs_process_nl_quit(skb)) {
206 ecryptfs_printk(KERN_WARNING, "Failed to "
207 "fulfill QUIT request\n");
208 }
209 break;
210 default:
211 ecryptfs_printk(KERN_WARNING, "Dropping netlink "
212 "message of unrecognized type [%d]\n",
213 nlh->nlmsg_type);
214 break;
215 }
216free:
217 kfree_skb(skb);
218}
219
220/**
221 * ecryptfs_init_netlink
222 *
223 * Initializes the daemon id hash list, netlink context array, and
224 * necessary locks. Returns zero upon success; non-zero upon error.
225 */
226int ecryptfs_init_netlink(void)
227{
228 int rc;
229
230 ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0,
231 ecryptfs_receive_nl_message,
232 THIS_MODULE);
233 if (!ecryptfs_nl_sock) {
234 rc = -EIO;
235 ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n");
236 goto out;
237 }
238 ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT;
239 rc = 0;
240out:
241 return rc;
242}
243
244/**
245 * ecryptfs_release_netlink
246 *
247 * Frees all memory used by the netlink context array and releases the
248 * netlink socket.
249 */
250void ecryptfs_release_netlink(void)
251{
252 if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket)
253 sock_release(ecryptfs_nl_sock->sk_socket);
254 ecryptfs_nl_sock = NULL;
255}