Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 1 | /** |
| 2 | * eCryptfs: Linux filesystem encryption layer |
| 3 | * |
| 4 | * Copyright (C) 2004-2006 International Business Machines Corp. |
| 5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> |
| 6 | * Tyler Hicks <tyhicks@ou.edu> |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public License version |
| 10 | * 2 as published by the Free Software Foundation. |
| 11 | * |
| 12 | * This program is distributed in the hope that it will be useful, but |
| 13 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | * General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License |
| 18 | * along with this program; if not, write to the Free Software |
| 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
| 20 | * 02111-1307, USA. |
| 21 | */ |
| 22 | |
| 23 | #include <net/sock.h> |
| 24 | #include <linux/hash.h> |
| 25 | #include <linux/random.h> |
| 26 | #include "ecryptfs_kernel.h" |
| 27 | |
| 28 | static struct sock *ecryptfs_nl_sock; |
| 29 | |
| 30 | /** |
| 31 | * ecryptfs_send_netlink |
| 32 | * @data: The data to include as the payload |
| 33 | * @data_len: The byte count of the data |
| 34 | * @msg_ctx: The netlink context that will be used to handle the |
| 35 | * response message |
| 36 | * @msg_type: The type of netlink message to send |
| 37 | * @msg_flags: The flags to include in the netlink header |
| 38 | * @daemon_pid: The process id of the daemon to send the message to |
| 39 | * |
| 40 | * Sends the data to the specified daemon pid and uses the netlink |
| 41 | * context element to store the data needed for validation upon |
| 42 | * receiving the response. The data and the netlink context can be |
| 43 | * null if just sending a netlink header is sufficient. Returns zero |
| 44 | * upon sending the message; non-zero upon error. |
| 45 | */ |
| 46 | int ecryptfs_send_netlink(char *data, int data_len, |
| 47 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, |
| 48 | u16 msg_flags, pid_t daemon_pid) |
| 49 | { |
| 50 | struct sk_buff *skb; |
| 51 | struct nlmsghdr *nlh; |
| 52 | struct ecryptfs_message *msg; |
| 53 | size_t payload_len; |
| 54 | int rc; |
| 55 | |
| 56 | payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0); |
| 57 | skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL); |
| 58 | if (!skb) { |
| 59 | rc = -ENOMEM; |
| 60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); |
| 61 | goto out; |
| 62 | } |
| 63 | nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0, |
| 64 | msg_type, payload_len); |
| 65 | nlh->nlmsg_flags = msg_flags; |
| 66 | if (msg_ctx && payload_len) { |
| 67 | msg = (struct ecryptfs_message *)NLMSG_DATA(nlh); |
| 68 | msg->index = msg_ctx->index; |
| 69 | msg->data_len = data_len; |
| 70 | memcpy(msg->data, data, data_len); |
| 71 | } |
| 72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0); |
| 73 | if (rc < 0) { |
| 74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " |
| 75 | "message; rc = [%d]\n", rc); |
| 76 | goto out; |
| 77 | } |
| 78 | rc = 0; |
| 79 | goto out; |
| 80 | nlmsg_failure: |
| 81 | rc = -EMSGSIZE; |
| 82 | kfree_skb(skb); |
| 83 | out: |
| 84 | return rc; |
| 85 | } |
| 86 | |
| 87 | /** |
| 88 | * ecryptfs_process_nl_reponse |
| 89 | * @skb: The socket buffer containing the netlink message of state |
| 90 | * RESPONSE |
| 91 | * |
| 92 | * Processes a response message after sending a operation request to |
| 93 | * userspace. Attempts to assign the msg to a netlink context element |
| 94 | * at the index specified in the msg. The sk_buff and nlmsghdr must |
| 95 | * be validated before this function. Returns zero upon delivery to |
| 96 | * desired context element; non-zero upon delivery failure or error. |
| 97 | */ |
| 98 | static int ecryptfs_process_nl_response(struct sk_buff *skb) |
| 99 | { |
| 100 | struct nlmsghdr *nlh = (struct nlmsghdr*)skb->data; |
| 101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); |
| 102 | int rc; |
| 103 | |
| 104 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { |
| 105 | rc = -EINVAL; |
| 106 | ecryptfs_printk(KERN_ERR, "Received netlink message with " |
| 107 | "incorrectly specified data length\n"); |
| 108 | goto out; |
| 109 | } |
Michael Halcrow | dddfa46 | 2007-02-12 00:53:44 -0800 | [diff] [blame] | 110 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, |
| 111 | NETLINK_CREDS(skb)->pid, nlh->nlmsg_seq); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 112 | if (rc) |
| 113 | printk(KERN_ERR |
| 114 | "Error processing response message; rc = [%d]\n", rc); |
| 115 | out: |
| 116 | return rc; |
| 117 | } |
| 118 | |
| 119 | /** |
| 120 | * ecryptfs_process_nl_helo |
| 121 | * @skb: The socket buffer containing the nlmsghdr in HELO state |
| 122 | * |
| 123 | * Gets uid and pid of the skb and adds the values to the daemon id |
| 124 | * hash. Returns zero after adding a new daemon id to the hash list; |
| 125 | * non-zero otherwise. |
| 126 | */ |
| 127 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) |
| 128 | { |
| 129 | int rc; |
| 130 | |
| 131 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, |
| 132 | NETLINK_CREDS(skb)->uid, |
| 133 | NETLINK_CREDS(skb)->pid); |
| 134 | if (rc) |
| 135 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); |
| 136 | return rc; |
| 137 | } |
| 138 | |
| 139 | /** |
| 140 | * ecryptfs_process_nl_quit |
| 141 | * @skb: The socket buffer containing the nlmsghdr in QUIT state |
| 142 | * |
| 143 | * Gets uid and pid of the skb and deletes the corresponding daemon |
| 144 | * id, if it is the registered that is requesting the |
| 145 | * deletion. Returns zero after deleting the desired daemon id; |
| 146 | * non-zero otherwise. |
| 147 | */ |
| 148 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) |
| 149 | { |
| 150 | int rc; |
| 151 | |
| 152 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, |
| 153 | NETLINK_CREDS(skb)->pid); |
| 154 | if (rc) |
| 155 | printk(KERN_WARNING |
| 156 | "Error processing QUIT message; rc = [%d]\n", rc); |
| 157 | return rc; |
| 158 | } |
| 159 | |
| 160 | /** |
| 161 | * ecryptfs_receive_nl_message |
| 162 | * |
| 163 | * Callback function called by netlink system when a message arrives. |
| 164 | * If the message looks to be valid, then an attempt is made to assign |
| 165 | * it to its desired netlink context element and wake up the process |
| 166 | * that is waiting for a response. |
| 167 | */ |
| 168 | static void ecryptfs_receive_nl_message(struct sock *sk, int len) |
| 169 | { |
| 170 | struct sk_buff *skb; |
| 171 | struct nlmsghdr *nlh; |
| 172 | int rc = 0; /* skb_recv_datagram requires this */ |
| 173 | |
| 174 | receive: |
| 175 | skb = skb_recv_datagram(sk, 0, 0, &rc); |
| 176 | if (rc == -EINTR) |
| 177 | goto receive; |
| 178 | else if (rc < 0) { |
| 179 | ecryptfs_printk(KERN_ERR, "Error occurred while " |
| 180 | "receiving eCryptfs netlink message; " |
| 181 | "rc = [%d]\n", rc); |
| 182 | return; |
| 183 | } |
| 184 | nlh = (struct nlmsghdr *)skb->data; |
| 185 | if (!NLMSG_OK(nlh, skb->len)) { |
| 186 | ecryptfs_printk(KERN_ERR, "Received corrupt netlink " |
| 187 | "message\n"); |
| 188 | goto free; |
| 189 | } |
| 190 | switch (nlh->nlmsg_type) { |
| 191 | case ECRYPTFS_NLMSG_RESPONSE: |
| 192 | if (ecryptfs_process_nl_response(skb)) { |
| 193 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 194 | "deliver netlink response to " |
| 195 | "requesting operation\n"); |
| 196 | } |
| 197 | break; |
| 198 | case ECRYPTFS_NLMSG_HELO: |
| 199 | if (ecryptfs_process_nl_helo(skb)) { |
| 200 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 201 | "fulfill HELO request\n"); |
| 202 | } |
| 203 | break; |
| 204 | case ECRYPTFS_NLMSG_QUIT: |
| 205 | if (ecryptfs_process_nl_quit(skb)) { |
| 206 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 207 | "fulfill QUIT request\n"); |
| 208 | } |
| 209 | break; |
| 210 | default: |
| 211 | ecryptfs_printk(KERN_WARNING, "Dropping netlink " |
| 212 | "message of unrecognized type [%d]\n", |
| 213 | nlh->nlmsg_type); |
| 214 | break; |
| 215 | } |
| 216 | free: |
| 217 | kfree_skb(skb); |
| 218 | } |
| 219 | |
| 220 | /** |
| 221 | * ecryptfs_init_netlink |
| 222 | * |
| 223 | * Initializes the daemon id hash list, netlink context array, and |
| 224 | * necessary locks. Returns zero upon success; non-zero upon error. |
| 225 | */ |
| 226 | int ecryptfs_init_netlink(void) |
| 227 | { |
| 228 | int rc; |
| 229 | |
| 230 | ecryptfs_nl_sock = netlink_kernel_create(NETLINK_ECRYPTFS, 0, |
| 231 | ecryptfs_receive_nl_message, |
| 232 | THIS_MODULE); |
| 233 | if (!ecryptfs_nl_sock) { |
| 234 | rc = -EIO; |
| 235 | ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n"); |
| 236 | goto out; |
| 237 | } |
| 238 | ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT; |
| 239 | rc = 0; |
| 240 | out: |
| 241 | return rc; |
| 242 | } |
| 243 | |
| 244 | /** |
| 245 | * ecryptfs_release_netlink |
| 246 | * |
| 247 | * Frees all memory used by the netlink context array and releases the |
| 248 | * netlink socket. |
| 249 | */ |
| 250 | void ecryptfs_release_netlink(void) |
| 251 | { |
| 252 | if (ecryptfs_nl_sock && ecryptfs_nl_sock->sk_socket) |
| 253 | sock_release(ecryptfs_nl_sock->sk_socket); |
| 254 | ecryptfs_nl_sock = NULL; |
| 255 | } |