blob: e0abad62b39535fb8d98368266707af464b050be [file] [log] [blame]
Michael Halcrow88b4a072007-02-12 00:53:43 -08001/**
2 * eCryptfs: Linux filesystem encryption layer
3 *
4 * Copyright (C) 2004-2006 International Business Machines Corp.
5 * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
6 * Tyler Hicks <tyhicks@ou.edu>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
20 * 02111-1307, USA.
21 */
22
23#include <net/sock.h>
24#include <linux/hash.h>
25#include <linux/random.h>
26#include "ecryptfs_kernel.h"
27
28static struct sock *ecryptfs_nl_sock;
29
30/**
31 * ecryptfs_send_netlink
32 * @data: The data to include as the payload
33 * @data_len: The byte count of the data
34 * @msg_ctx: The netlink context that will be used to handle the
35 * response message
36 * @msg_type: The type of netlink message to send
37 * @msg_flags: The flags to include in the netlink header
38 * @daemon_pid: The process id of the daemon to send the message to
39 *
40 * Sends the data to the specified daemon pid and uses the netlink
41 * context element to store the data needed for validation upon
42 * receiving the response. The data and the netlink context can be
43 * null if just sending a netlink header is sufficient. Returns zero
44 * upon sending the message; non-zero upon error.
45 */
46int ecryptfs_send_netlink(char *data, int data_len,
Michael Halcrowf66e8832008-04-29 00:59:51 -070047 struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type,
Michael Halcrow6a3fd922008-04-29 00:59:52 -070048 u16 msg_flags, struct pid *daemon_pid)
Michael Halcrow88b4a072007-02-12 00:53:43 -080049{
50 struct sk_buff *skb;
51 struct nlmsghdr *nlh;
52 struct ecryptfs_message *msg;
53 size_t payload_len;
54 int rc;
55
56 payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0);
57 skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL);
58 if (!skb) {
59 rc = -ENOMEM;
60 ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n");
61 goto out;
62 }
Michael Halcrow6a3fd922008-04-29 00:59:52 -070063 nlh = NLMSG_PUT(skb, pid_nr(daemon_pid), msg_ctx ? msg_ctx->counter : 0,
Michael Halcrow88b4a072007-02-12 00:53:43 -080064 msg_type, payload_len);
65 nlh->nlmsg_flags = msg_flags;
66 if (msg_ctx && payload_len) {
67 msg = (struct ecryptfs_message *)NLMSG_DATA(nlh);
68 msg->index = msg_ctx->index;
69 msg->data_len = data_len;
70 memcpy(msg->data, data, data_len);
71 }
Michael Halcrow6a3fd922008-04-29 00:59:52 -070072 rc = netlink_unicast(ecryptfs_nl_sock, skb, pid_nr(daemon_pid), 0);
Michael Halcrow88b4a072007-02-12 00:53:43 -080073 if (rc < 0) {
74 ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink "
75 "message; rc = [%d]\n", rc);
76 goto out;
77 }
78 rc = 0;
79 goto out;
80nlmsg_failure:
81 rc = -EMSGSIZE;
82 kfree_skb(skb);
83out:
84 return rc;
85}
86
87/**
88 * ecryptfs_process_nl_reponse
89 * @skb: The socket buffer containing the netlink message of state
90 * RESPONSE
91 *
92 * Processes a response message after sending a operation request to
93 * userspace. Attempts to assign the msg to a netlink context element
94 * at the index specified in the msg. The sk_buff and nlmsghdr must
95 * be validated before this function. Returns zero upon delivery to
96 * desired context element; non-zero upon delivery failure or error.
97 */
98static int ecryptfs_process_nl_response(struct sk_buff *skb)
99{
Arnaldo Carvalho de Melob529ccf2007-04-25 19:08:35 -0700100 struct nlmsghdr *nlh = nlmsg_hdr(skb);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800101 struct ecryptfs_message *msg = NLMSG_DATA(nlh);
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700102 struct pid *pid;
Michael Halcrow88b4a072007-02-12 00:53:43 -0800103 int rc;
104
105 if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) {
106 rc = -EINVAL;
107 ecryptfs_printk(KERN_ERR, "Received netlink message with "
108 "incorrectly specified data length\n");
109 goto out;
110 }
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700111 pid = find_get_pid(NETLINK_CREDS(skb)->pid);
112 rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, NULL,
113 pid, nlh->nlmsg_seq);
114 put_pid(pid);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800115 if (rc)
116 printk(KERN_ERR
117 "Error processing response message; rc = [%d]\n", rc);
118out:
119 return rc;
120}
121
122/**
123 * ecryptfs_process_nl_helo
124 * @skb: The socket buffer containing the nlmsghdr in HELO state
125 *
126 * Gets uid and pid of the skb and adds the values to the daemon id
127 * hash. Returns zero after adding a new daemon id to the hash list;
128 * non-zero otherwise.
129 */
130static int ecryptfs_process_nl_helo(struct sk_buff *skb)
131{
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700132 struct pid *pid;
Michael Halcrow88b4a072007-02-12 00:53:43 -0800133 int rc;
134
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700135 pid = find_get_pid(NETLINK_CREDS(skb)->pid);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800136 rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK,
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700137 NETLINK_CREDS(skb)->uid, NULL, pid);
138 put_pid(pid);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800139 if (rc)
140 printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc);
141 return rc;
142}
143
144/**
145 * ecryptfs_process_nl_quit
146 * @skb: The socket buffer containing the nlmsghdr in QUIT state
147 *
148 * Gets uid and pid of the skb and deletes the corresponding daemon
149 * id, if it is the registered that is requesting the
150 * deletion. Returns zero after deleting the desired daemon id;
151 * non-zero otherwise.
152 */
153static int ecryptfs_process_nl_quit(struct sk_buff *skb)
154{
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700155 struct pid *pid;
Michael Halcrow88b4a072007-02-12 00:53:43 -0800156 int rc;
157
Michael Halcrow6a3fd922008-04-29 00:59:52 -0700158 pid = find_get_pid(NETLINK_CREDS(skb)->pid);
159 rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, NULL, pid);
160 put_pid(pid);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800161 if (rc)
162 printk(KERN_WARNING
163 "Error processing QUIT message; rc = [%d]\n", rc);
164 return rc;
165}
166
167/**
168 * ecryptfs_receive_nl_message
169 *
170 * Callback function called by netlink system when a message arrives.
171 * If the message looks to be valid, then an attempt is made to assign
172 * it to its desired netlink context element and wake up the process
173 * that is waiting for a response.
174 */
Denis V. Lunevcd40b7d2007-10-10 21:15:29 -0700175static void ecryptfs_receive_nl_message(struct sk_buff *skb)
Michael Halcrow88b4a072007-02-12 00:53:43 -0800176{
Michael Halcrow88b4a072007-02-12 00:53:43 -0800177 struct nlmsghdr *nlh;
Michael Halcrow88b4a072007-02-12 00:53:43 -0800178
Arnaldo Carvalho de Melob529ccf2007-04-25 19:08:35 -0700179 nlh = nlmsg_hdr(skb);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800180 if (!NLMSG_OK(nlh, skb->len)) {
181 ecryptfs_printk(KERN_ERR, "Received corrupt netlink "
182 "message\n");
183 goto free;
184 }
185 switch (nlh->nlmsg_type) {
Michael Halcrowf66e8832008-04-29 00:59:51 -0700186 case ECRYPTFS_MSG_RESPONSE:
Michael Halcrow88b4a072007-02-12 00:53:43 -0800187 if (ecryptfs_process_nl_response(skb)) {
188 ecryptfs_printk(KERN_WARNING, "Failed to "
189 "deliver netlink response to "
190 "requesting operation\n");
191 }
192 break;
Michael Halcrowf66e8832008-04-29 00:59:51 -0700193 case ECRYPTFS_MSG_HELO:
Michael Halcrow88b4a072007-02-12 00:53:43 -0800194 if (ecryptfs_process_nl_helo(skb)) {
195 ecryptfs_printk(KERN_WARNING, "Failed to "
196 "fulfill HELO request\n");
197 }
198 break;
Michael Halcrowf66e8832008-04-29 00:59:51 -0700199 case ECRYPTFS_MSG_QUIT:
Michael Halcrow88b4a072007-02-12 00:53:43 -0800200 if (ecryptfs_process_nl_quit(skb)) {
201 ecryptfs_printk(KERN_WARNING, "Failed to "
202 "fulfill QUIT request\n");
203 }
204 break;
205 default:
206 ecryptfs_printk(KERN_WARNING, "Dropping netlink "
207 "message of unrecognized type [%d]\n",
208 nlh->nlmsg_type);
209 break;
210 }
211free:
212 kfree_skb(skb);
213}
214
215/**
216 * ecryptfs_init_netlink
217 *
218 * Initializes the daemon id hash list, netlink context array, and
219 * necessary locks. Returns zero upon success; non-zero upon error.
220 */
221int ecryptfs_init_netlink(void)
222{
223 int rc;
224
Eric W. Biedermanb4b51022007-09-12 13:05:38 +0200225 ecryptfs_nl_sock = netlink_kernel_create(&init_net, NETLINK_ECRYPTFS, 0,
Michael Halcrow88b4a072007-02-12 00:53:43 -0800226 ecryptfs_receive_nl_message,
Patrick McHardyaf65bdf2007-04-20 14:14:21 -0700227 NULL, THIS_MODULE);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800228 if (!ecryptfs_nl_sock) {
229 rc = -EIO;
230 ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n");
231 goto out;
232 }
233 ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT;
234 rc = 0;
235out:
236 return rc;
237}
238
239/**
240 * ecryptfs_release_netlink
241 *
242 * Frees all memory used by the netlink context array and releases the
243 * netlink socket.
244 */
245void ecryptfs_release_netlink(void)
246{
Denis V. Lunevb7c6ba62008-01-28 14:41:19 -0800247 netlink_kernel_release(ecryptfs_nl_sock);
Michael Halcrow88b4a072007-02-12 00:53:43 -0800248 ecryptfs_nl_sock = NULL;
249}