Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 1 | /** |
| 2 | * eCryptfs: Linux filesystem encryption layer |
| 3 | * |
| 4 | * Copyright (C) 2004-2006 International Business Machines Corp. |
| 5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> |
| 6 | * Tyler Hicks <tyhicks@ou.edu> |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or |
| 9 | * modify it under the terms of the GNU General Public License version |
| 10 | * 2 as published by the Free Software Foundation. |
| 11 | * |
| 12 | * This program is distributed in the hope that it will be useful, but |
| 13 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 15 | * General Public License for more details. |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License |
| 18 | * along with this program; if not, write to the Free Software |
| 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA |
| 20 | * 02111-1307, USA. |
| 21 | */ |
| 22 | |
| 23 | #include <net/sock.h> |
| 24 | #include <linux/hash.h> |
| 25 | #include <linux/random.h> |
| 26 | #include "ecryptfs_kernel.h" |
| 27 | |
| 28 | static struct sock *ecryptfs_nl_sock; |
| 29 | |
| 30 | /** |
| 31 | * ecryptfs_send_netlink |
| 32 | * @data: The data to include as the payload |
| 33 | * @data_len: The byte count of the data |
| 34 | * @msg_ctx: The netlink context that will be used to handle the |
| 35 | * response message |
| 36 | * @msg_type: The type of netlink message to send |
| 37 | * @msg_flags: The flags to include in the netlink header |
| 38 | * @daemon_pid: The process id of the daemon to send the message to |
| 39 | * |
| 40 | * Sends the data to the specified daemon pid and uses the netlink |
| 41 | * context element to store the data needed for validation upon |
| 42 | * receiving the response. The data and the netlink context can be |
| 43 | * null if just sending a netlink header is sufficient. Returns zero |
| 44 | * upon sending the message; non-zero upon error. |
| 45 | */ |
| 46 | int ecryptfs_send_netlink(char *data, int data_len, |
Michael Halcrow | f66e883 | 2008-04-29 00:59:51 -0700 | [diff] [blame] | 47 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 48 | u16 msg_flags, struct pid *daemon_pid) |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 49 | { |
| 50 | struct sk_buff *skb; |
| 51 | struct nlmsghdr *nlh; |
| 52 | struct ecryptfs_message *msg; |
| 53 | size_t payload_len; |
| 54 | int rc; |
| 55 | |
| 56 | payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0); |
| 57 | skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL); |
| 58 | if (!skb) { |
| 59 | rc = -ENOMEM; |
| 60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); |
| 61 | goto out; |
| 62 | } |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 63 | nlh = NLMSG_PUT(skb, pid_nr(daemon_pid), msg_ctx ? msg_ctx->counter : 0, |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 64 | msg_type, payload_len); |
| 65 | nlh->nlmsg_flags = msg_flags; |
| 66 | if (msg_ctx && payload_len) { |
| 67 | msg = (struct ecryptfs_message *)NLMSG_DATA(nlh); |
| 68 | msg->index = msg_ctx->index; |
| 69 | msg->data_len = data_len; |
| 70 | memcpy(msg->data, data, data_len); |
| 71 | } |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, pid_nr(daemon_pid), 0); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 73 | if (rc < 0) { |
| 74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " |
| 75 | "message; rc = [%d]\n", rc); |
| 76 | goto out; |
| 77 | } |
| 78 | rc = 0; |
| 79 | goto out; |
| 80 | nlmsg_failure: |
| 81 | rc = -EMSGSIZE; |
| 82 | kfree_skb(skb); |
| 83 | out: |
| 84 | return rc; |
| 85 | } |
| 86 | |
| 87 | /** |
| 88 | * ecryptfs_process_nl_reponse |
| 89 | * @skb: The socket buffer containing the netlink message of state |
| 90 | * RESPONSE |
| 91 | * |
| 92 | * Processes a response message after sending a operation request to |
| 93 | * userspace. Attempts to assign the msg to a netlink context element |
| 94 | * at the index specified in the msg. The sk_buff and nlmsghdr must |
| 95 | * be validated before this function. Returns zero upon delivery to |
| 96 | * desired context element; non-zero upon delivery failure or error. |
| 97 | */ |
| 98 | static int ecryptfs_process_nl_response(struct sk_buff *skb) |
| 99 | { |
Arnaldo Carvalho de Melo | b529ccf | 2007-04-25 19:08:35 -0700 | [diff] [blame] | 100 | struct nlmsghdr *nlh = nlmsg_hdr(skb); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 102 | struct pid *pid; |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 103 | int rc; |
| 104 | |
| 105 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { |
| 106 | rc = -EINVAL; |
| 107 | ecryptfs_printk(KERN_ERR, "Received netlink message with " |
| 108 | "incorrectly specified data length\n"); |
| 109 | goto out; |
| 110 | } |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 111 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
| 112 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, NULL, |
| 113 | pid, nlh->nlmsg_seq); |
| 114 | put_pid(pid); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 115 | if (rc) |
| 116 | printk(KERN_ERR |
| 117 | "Error processing response message; rc = [%d]\n", rc); |
| 118 | out: |
| 119 | return rc; |
| 120 | } |
| 121 | |
| 122 | /** |
| 123 | * ecryptfs_process_nl_helo |
| 124 | * @skb: The socket buffer containing the nlmsghdr in HELO state |
| 125 | * |
| 126 | * Gets uid and pid of the skb and adds the values to the daemon id |
| 127 | * hash. Returns zero after adding a new daemon id to the hash list; |
| 128 | * non-zero otherwise. |
| 129 | */ |
| 130 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) |
| 131 | { |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 132 | struct pid *pid; |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 133 | int rc; |
| 134 | |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 135 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 136 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 137 | NETLINK_CREDS(skb)->uid, NULL, pid); |
| 138 | put_pid(pid); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 139 | if (rc) |
| 140 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); |
| 141 | return rc; |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * ecryptfs_process_nl_quit |
| 146 | * @skb: The socket buffer containing the nlmsghdr in QUIT state |
| 147 | * |
| 148 | * Gets uid and pid of the skb and deletes the corresponding daemon |
| 149 | * id, if it is the registered that is requesting the |
| 150 | * deletion. Returns zero after deleting the desired daemon id; |
| 151 | * non-zero otherwise. |
| 152 | */ |
| 153 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) |
| 154 | { |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 155 | struct pid *pid; |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 156 | int rc; |
| 157 | |
Michael Halcrow | 6a3fd92 | 2008-04-29 00:59:52 -0700 | [diff] [blame] | 158 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
| 159 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, NULL, pid); |
| 160 | put_pid(pid); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 161 | if (rc) |
| 162 | printk(KERN_WARNING |
| 163 | "Error processing QUIT message; rc = [%d]\n", rc); |
| 164 | return rc; |
| 165 | } |
| 166 | |
| 167 | /** |
| 168 | * ecryptfs_receive_nl_message |
| 169 | * |
| 170 | * Callback function called by netlink system when a message arrives. |
| 171 | * If the message looks to be valid, then an attempt is made to assign |
| 172 | * it to its desired netlink context element and wake up the process |
| 173 | * that is waiting for a response. |
| 174 | */ |
Denis V. Lunev | cd40b7d | 2007-10-10 21:15:29 -0700 | [diff] [blame] | 175 | static void ecryptfs_receive_nl_message(struct sk_buff *skb) |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 176 | { |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 177 | struct nlmsghdr *nlh; |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 178 | |
Arnaldo Carvalho de Melo | b529ccf | 2007-04-25 19:08:35 -0700 | [diff] [blame] | 179 | nlh = nlmsg_hdr(skb); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 180 | if (!NLMSG_OK(nlh, skb->len)) { |
| 181 | ecryptfs_printk(KERN_ERR, "Received corrupt netlink " |
| 182 | "message\n"); |
| 183 | goto free; |
| 184 | } |
| 185 | switch (nlh->nlmsg_type) { |
Michael Halcrow | f66e883 | 2008-04-29 00:59:51 -0700 | [diff] [blame] | 186 | case ECRYPTFS_MSG_RESPONSE: |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 187 | if (ecryptfs_process_nl_response(skb)) { |
| 188 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 189 | "deliver netlink response to " |
| 190 | "requesting operation\n"); |
| 191 | } |
| 192 | break; |
Michael Halcrow | f66e883 | 2008-04-29 00:59:51 -0700 | [diff] [blame] | 193 | case ECRYPTFS_MSG_HELO: |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 194 | if (ecryptfs_process_nl_helo(skb)) { |
| 195 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 196 | "fulfill HELO request\n"); |
| 197 | } |
| 198 | break; |
Michael Halcrow | f66e883 | 2008-04-29 00:59:51 -0700 | [diff] [blame] | 199 | case ECRYPTFS_MSG_QUIT: |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 200 | if (ecryptfs_process_nl_quit(skb)) { |
| 201 | ecryptfs_printk(KERN_WARNING, "Failed to " |
| 202 | "fulfill QUIT request\n"); |
| 203 | } |
| 204 | break; |
| 205 | default: |
| 206 | ecryptfs_printk(KERN_WARNING, "Dropping netlink " |
| 207 | "message of unrecognized type [%d]\n", |
| 208 | nlh->nlmsg_type); |
| 209 | break; |
| 210 | } |
| 211 | free: |
| 212 | kfree_skb(skb); |
| 213 | } |
| 214 | |
| 215 | /** |
| 216 | * ecryptfs_init_netlink |
| 217 | * |
| 218 | * Initializes the daemon id hash list, netlink context array, and |
| 219 | * necessary locks. Returns zero upon success; non-zero upon error. |
| 220 | */ |
| 221 | int ecryptfs_init_netlink(void) |
| 222 | { |
| 223 | int rc; |
| 224 | |
Eric W. Biederman | b4b5102 | 2007-09-12 13:05:38 +0200 | [diff] [blame] | 225 | ecryptfs_nl_sock = netlink_kernel_create(&init_net, NETLINK_ECRYPTFS, 0, |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 226 | ecryptfs_receive_nl_message, |
Patrick McHardy | af65bdf | 2007-04-20 14:14:21 -0700 | [diff] [blame] | 227 | NULL, THIS_MODULE); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 228 | if (!ecryptfs_nl_sock) { |
| 229 | rc = -EIO; |
| 230 | ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n"); |
| 231 | goto out; |
| 232 | } |
| 233 | ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT; |
| 234 | rc = 0; |
| 235 | out: |
| 236 | return rc; |
| 237 | } |
| 238 | |
| 239 | /** |
| 240 | * ecryptfs_release_netlink |
| 241 | * |
| 242 | * Frees all memory used by the netlink context array and releases the |
| 243 | * netlink socket. |
| 244 | */ |
| 245 | void ecryptfs_release_netlink(void) |
| 246 | { |
Denis V. Lunev | b7c6ba6 | 2008-01-28 14:41:19 -0800 | [diff] [blame] | 247 | netlink_kernel_release(ecryptfs_nl_sock); |
Michael Halcrow | 88b4a07 | 2007-02-12 00:53:43 -0800 | [diff] [blame] | 248 | ecryptfs_nl_sock = NULL; |
| 249 | } |