Commit | Line | Data |
---|---|---|
88b4a07e MH |
1 | /** |
2 | * eCryptfs: Linux filesystem encryption layer | |
3 | * | |
4 | * Copyright (C) 2004-2006 International Business Machines Corp. | |
5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> | |
6 | * Tyler Hicks <tyhicks@ou.edu> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public License version | |
10 | * 2 as published by the Free Software Foundation. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program; if not, write to the Free Software | |
19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
20 | * 02111-1307, USA. | |
21 | */ | |
22 | ||
23 | #include <net/sock.h> | |
24 | #include <linux/hash.h> | |
25 | #include <linux/random.h> | |
26 | #include "ecryptfs_kernel.h" | |
27 | ||
28 | static struct sock *ecryptfs_nl_sock; | |
29 | ||
30 | /** | |
31 | * ecryptfs_send_netlink | |
32 | * @data: The data to include as the payload | |
33 | * @data_len: The byte count of the data | |
34 | * @msg_ctx: The netlink context that will be used to handle the | |
35 | * response message | |
36 | * @msg_type: The type of netlink message to send | |
37 | * @msg_flags: The flags to include in the netlink header | |
38 | * @daemon_pid: The process id of the daemon to send the message to | |
39 | * | |
40 | * Sends the data to the specified daemon pid and uses the netlink | |
41 | * context element to store the data needed for validation upon | |
42 | * receiving the response. The data and the netlink context can be | |
43 | * null if just sending a netlink header is sufficient. Returns zero | |
44 | * upon sending the message; non-zero upon error. | |
45 | */ | |
46 | int ecryptfs_send_netlink(char *data, int data_len, | |
f66e883e | 47 | struct ecryptfs_msg_ctx *msg_ctx, u8 msg_type, |
6a3fd92e | 48 | u16 msg_flags, struct pid *daemon_pid) |
88b4a07e MH |
49 | { |
50 | struct sk_buff *skb; | |
51 | struct nlmsghdr *nlh; | |
52 | struct ecryptfs_message *msg; | |
53 | size_t payload_len; | |
54 | int rc; | |
55 | ||
56 | payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0); | |
57 | skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL); | |
58 | if (!skb) { | |
59 | rc = -ENOMEM; | |
60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); | |
61 | goto out; | |
62 | } | |
6a3fd92e | 63 | nlh = NLMSG_PUT(skb, pid_nr(daemon_pid), msg_ctx ? msg_ctx->counter : 0, |
88b4a07e MH |
64 | msg_type, payload_len); |
65 | nlh->nlmsg_flags = msg_flags; | |
66 | if (msg_ctx && payload_len) { | |
67 | msg = (struct ecryptfs_message *)NLMSG_DATA(nlh); | |
68 | msg->index = msg_ctx->index; | |
69 | msg->data_len = data_len; | |
70 | memcpy(msg->data, data, data_len); | |
71 | } | |
6a3fd92e | 72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, pid_nr(daemon_pid), 0); |
88b4a07e MH |
73 | if (rc < 0) { |
74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " | |
75 | "message; rc = [%d]\n", rc); | |
76 | goto out; | |
77 | } | |
78 | rc = 0; | |
79 | goto out; | |
80 | nlmsg_failure: | |
81 | rc = -EMSGSIZE; | |
82 | kfree_skb(skb); | |
83 | out: | |
84 | return rc; | |
85 | } | |
86 | ||
87 | /** | |
88 | * ecryptfs_process_nl_reponse | |
89 | * @skb: The socket buffer containing the netlink message of state | |
90 | * RESPONSE | |
91 | * | |
92 | * Processes a response message after sending a operation request to | |
93 | * userspace. Attempts to assign the msg to a netlink context element | |
94 | * at the index specified in the msg. The sk_buff and nlmsghdr must | |
95 | * be validated before this function. Returns zero upon delivery to | |
96 | * desired context element; non-zero upon delivery failure or error. | |
97 | */ | |
98 | static int ecryptfs_process_nl_response(struct sk_buff *skb) | |
99 | { | |
b529ccf2 | 100 | struct nlmsghdr *nlh = nlmsg_hdr(skb); |
88b4a07e | 101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); |
6a3fd92e | 102 | struct pid *pid; |
88b4a07e MH |
103 | int rc; |
104 | ||
105 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { | |
106 | rc = -EINVAL; | |
107 | ecryptfs_printk(KERN_ERR, "Received netlink message with " | |
108 | "incorrectly specified data length\n"); | |
109 | goto out; | |
110 | } | |
6a3fd92e MH |
111 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
112 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, NULL, | |
113 | pid, nlh->nlmsg_seq); | |
114 | put_pid(pid); | |
88b4a07e MH |
115 | if (rc) |
116 | printk(KERN_ERR | |
117 | "Error processing response message; rc = [%d]\n", rc); | |
118 | out: | |
119 | return rc; | |
120 | } | |
121 | ||
122 | /** | |
123 | * ecryptfs_process_nl_helo | |
124 | * @skb: The socket buffer containing the nlmsghdr in HELO state | |
125 | * | |
126 | * Gets uid and pid of the skb and adds the values to the daemon id | |
127 | * hash. Returns zero after adding a new daemon id to the hash list; | |
128 | * non-zero otherwise. | |
129 | */ | |
130 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) | |
131 | { | |
6a3fd92e | 132 | struct pid *pid; |
88b4a07e MH |
133 | int rc; |
134 | ||
6a3fd92e | 135 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
88b4a07e | 136 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, |
6a3fd92e MH |
137 | NETLINK_CREDS(skb)->uid, NULL, pid); |
138 | put_pid(pid); | |
88b4a07e MH |
139 | if (rc) |
140 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); | |
141 | return rc; | |
142 | } | |
143 | ||
144 | /** | |
145 | * ecryptfs_process_nl_quit | |
146 | * @skb: The socket buffer containing the nlmsghdr in QUIT state | |
147 | * | |
148 | * Gets uid and pid of the skb and deletes the corresponding daemon | |
149 | * id, if it is the registered that is requesting the | |
150 | * deletion. Returns zero after deleting the desired daemon id; | |
151 | * non-zero otherwise. | |
152 | */ | |
153 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) | |
154 | { | |
6a3fd92e | 155 | struct pid *pid; |
88b4a07e MH |
156 | int rc; |
157 | ||
6a3fd92e MH |
158 | pid = find_get_pid(NETLINK_CREDS(skb)->pid); |
159 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, NULL, pid); | |
160 | put_pid(pid); | |
88b4a07e MH |
161 | if (rc) |
162 | printk(KERN_WARNING | |
163 | "Error processing QUIT message; rc = [%d]\n", rc); | |
164 | return rc; | |
165 | } | |
166 | ||
167 | /** | |
168 | * ecryptfs_receive_nl_message | |
169 | * | |
170 | * Callback function called by netlink system when a message arrives. | |
171 | * If the message looks to be valid, then an attempt is made to assign | |
172 | * it to its desired netlink context element and wake up the process | |
173 | * that is waiting for a response. | |
174 | */ | |
cd40b7d3 | 175 | static void ecryptfs_receive_nl_message(struct sk_buff *skb) |
88b4a07e | 176 | { |
88b4a07e | 177 | struct nlmsghdr *nlh; |
88b4a07e | 178 | |
b529ccf2 | 179 | nlh = nlmsg_hdr(skb); |
88b4a07e MH |
180 | if (!NLMSG_OK(nlh, skb->len)) { |
181 | ecryptfs_printk(KERN_ERR, "Received corrupt netlink " | |
182 | "message\n"); | |
183 | goto free; | |
184 | } | |
185 | switch (nlh->nlmsg_type) { | |
f66e883e | 186 | case ECRYPTFS_MSG_RESPONSE: |
88b4a07e MH |
187 | if (ecryptfs_process_nl_response(skb)) { |
188 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
189 | "deliver netlink response to " | |
190 | "requesting operation\n"); | |
191 | } | |
192 | break; | |
f66e883e | 193 | case ECRYPTFS_MSG_HELO: |
88b4a07e MH |
194 | if (ecryptfs_process_nl_helo(skb)) { |
195 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
196 | "fulfill HELO request\n"); | |
197 | } | |
198 | break; | |
f66e883e | 199 | case ECRYPTFS_MSG_QUIT: |
88b4a07e MH |
200 | if (ecryptfs_process_nl_quit(skb)) { |
201 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
202 | "fulfill QUIT request\n"); | |
203 | } | |
204 | break; | |
205 | default: | |
206 | ecryptfs_printk(KERN_WARNING, "Dropping netlink " | |
207 | "message of unrecognized type [%d]\n", | |
208 | nlh->nlmsg_type); | |
209 | break; | |
210 | } | |
211 | free: | |
212 | kfree_skb(skb); | |
213 | } | |
214 | ||
215 | /** | |
216 | * ecryptfs_init_netlink | |
217 | * | |
218 | * Initializes the daemon id hash list, netlink context array, and | |
219 | * necessary locks. Returns zero upon success; non-zero upon error. | |
220 | */ | |
221 | int ecryptfs_init_netlink(void) | |
222 | { | |
223 | int rc; | |
224 | ||
b4b51029 | 225 | ecryptfs_nl_sock = netlink_kernel_create(&init_net, NETLINK_ECRYPTFS, 0, |
88b4a07e | 226 | ecryptfs_receive_nl_message, |
af65bdfc | 227 | NULL, THIS_MODULE); |
88b4a07e MH |
228 | if (!ecryptfs_nl_sock) { |
229 | rc = -EIO; | |
230 | ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n"); | |
231 | goto out; | |
232 | } | |
233 | ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT; | |
234 | rc = 0; | |
235 | out: | |
236 | return rc; | |
237 | } | |
238 | ||
239 | /** | |
240 | * ecryptfs_release_netlink | |
241 | * | |
242 | * Frees all memory used by the netlink context array and releases the | |
243 | * netlink socket. | |
244 | */ | |
245 | void ecryptfs_release_netlink(void) | |
246 | { | |
b7c6ba6e | 247 | netlink_kernel_release(ecryptfs_nl_sock); |
88b4a07e MH |
248 | ecryptfs_nl_sock = NULL; |
249 | } |