Commit | Line | Data |
---|---|---|
88b4a07e MH |
1 | /** |
2 | * eCryptfs: Linux filesystem encryption layer | |
3 | * | |
4 | * Copyright (C) 2004-2006 International Business Machines Corp. | |
5 | * Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com> | |
6 | * Tyler Hicks <tyhicks@ou.edu> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU General Public License version | |
10 | * 2 as published by the Free Software Foundation. | |
11 | * | |
12 | * This program is distributed in the hope that it will be useful, but | |
13 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 | * General Public License for more details. | |
16 | * | |
17 | * You should have received a copy of the GNU General Public License | |
18 | * along with this program; if not, write to the Free Software | |
19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
20 | * 02111-1307, USA. | |
21 | */ | |
22 | ||
23 | #include <net/sock.h> | |
24 | #include <linux/hash.h> | |
25 | #include <linux/random.h> | |
26 | #include "ecryptfs_kernel.h" | |
27 | ||
28 | static struct sock *ecryptfs_nl_sock; | |
29 | ||
30 | /** | |
31 | * ecryptfs_send_netlink | |
32 | * @data: The data to include as the payload | |
33 | * @data_len: The byte count of the data | |
34 | * @msg_ctx: The netlink context that will be used to handle the | |
35 | * response message | |
36 | * @msg_type: The type of netlink message to send | |
37 | * @msg_flags: The flags to include in the netlink header | |
38 | * @daemon_pid: The process id of the daemon to send the message to | |
39 | * | |
40 | * Sends the data to the specified daemon pid and uses the netlink | |
41 | * context element to store the data needed for validation upon | |
42 | * receiving the response. The data and the netlink context can be | |
43 | * null if just sending a netlink header is sufficient. Returns zero | |
44 | * upon sending the message; non-zero upon error. | |
45 | */ | |
46 | int ecryptfs_send_netlink(char *data, int data_len, | |
47 | struct ecryptfs_msg_ctx *msg_ctx, u16 msg_type, | |
48 | u16 msg_flags, pid_t daemon_pid) | |
49 | { | |
50 | struct sk_buff *skb; | |
51 | struct nlmsghdr *nlh; | |
52 | struct ecryptfs_message *msg; | |
53 | size_t payload_len; | |
54 | int rc; | |
55 | ||
56 | payload_len = ((data && data_len) ? (sizeof(*msg) + data_len) : 0); | |
57 | skb = alloc_skb(NLMSG_SPACE(payload_len), GFP_KERNEL); | |
58 | if (!skb) { | |
59 | rc = -ENOMEM; | |
60 | ecryptfs_printk(KERN_ERR, "Failed to allocate socket buffer\n"); | |
61 | goto out; | |
62 | } | |
63 | nlh = NLMSG_PUT(skb, daemon_pid, msg_ctx ? msg_ctx->counter : 0, | |
64 | msg_type, payload_len); | |
65 | nlh->nlmsg_flags = msg_flags; | |
66 | if (msg_ctx && payload_len) { | |
67 | msg = (struct ecryptfs_message *)NLMSG_DATA(nlh); | |
68 | msg->index = msg_ctx->index; | |
69 | msg->data_len = data_len; | |
70 | memcpy(msg->data, data, data_len); | |
71 | } | |
72 | rc = netlink_unicast(ecryptfs_nl_sock, skb, daemon_pid, 0); | |
73 | if (rc < 0) { | |
74 | ecryptfs_printk(KERN_ERR, "Failed to send eCryptfs netlink " | |
75 | "message; rc = [%d]\n", rc); | |
76 | goto out; | |
77 | } | |
78 | rc = 0; | |
79 | goto out; | |
80 | nlmsg_failure: | |
81 | rc = -EMSGSIZE; | |
82 | kfree_skb(skb); | |
83 | out: | |
84 | return rc; | |
85 | } | |
86 | ||
87 | /** | |
88 | * ecryptfs_process_nl_reponse | |
89 | * @skb: The socket buffer containing the netlink message of state | |
90 | * RESPONSE | |
91 | * | |
92 | * Processes a response message after sending a operation request to | |
93 | * userspace. Attempts to assign the msg to a netlink context element | |
94 | * at the index specified in the msg. The sk_buff and nlmsghdr must | |
95 | * be validated before this function. Returns zero upon delivery to | |
96 | * desired context element; non-zero upon delivery failure or error. | |
97 | */ | |
98 | static int ecryptfs_process_nl_response(struct sk_buff *skb) | |
99 | { | |
b529ccf2 | 100 | struct nlmsghdr *nlh = nlmsg_hdr(skb); |
88b4a07e MH |
101 | struct ecryptfs_message *msg = NLMSG_DATA(nlh); |
102 | int rc; | |
103 | ||
104 | if (skb->len - NLMSG_HDRLEN - sizeof(*msg) != msg->data_len) { | |
105 | rc = -EINVAL; | |
106 | ecryptfs_printk(KERN_ERR, "Received netlink message with " | |
107 | "incorrectly specified data length\n"); | |
108 | goto out; | |
109 | } | |
dddfa461 MH |
110 | rc = ecryptfs_process_response(msg, NETLINK_CREDS(skb)->uid, |
111 | NETLINK_CREDS(skb)->pid, nlh->nlmsg_seq); | |
88b4a07e MH |
112 | if (rc) |
113 | printk(KERN_ERR | |
114 | "Error processing response message; rc = [%d]\n", rc); | |
115 | out: | |
116 | return rc; | |
117 | } | |
118 | ||
119 | /** | |
120 | * ecryptfs_process_nl_helo | |
121 | * @skb: The socket buffer containing the nlmsghdr in HELO state | |
122 | * | |
123 | * Gets uid and pid of the skb and adds the values to the daemon id | |
124 | * hash. Returns zero after adding a new daemon id to the hash list; | |
125 | * non-zero otherwise. | |
126 | */ | |
127 | static int ecryptfs_process_nl_helo(struct sk_buff *skb) | |
128 | { | |
129 | int rc; | |
130 | ||
131 | rc = ecryptfs_process_helo(ECRYPTFS_TRANSPORT_NETLINK, | |
132 | NETLINK_CREDS(skb)->uid, | |
133 | NETLINK_CREDS(skb)->pid); | |
134 | if (rc) | |
135 | printk(KERN_WARNING "Error processing HELO; rc = [%d]\n", rc); | |
136 | return rc; | |
137 | } | |
138 | ||
139 | /** | |
140 | * ecryptfs_process_nl_quit | |
141 | * @skb: The socket buffer containing the nlmsghdr in QUIT state | |
142 | * | |
143 | * Gets uid and pid of the skb and deletes the corresponding daemon | |
144 | * id, if it is the registered that is requesting the | |
145 | * deletion. Returns zero after deleting the desired daemon id; | |
146 | * non-zero otherwise. | |
147 | */ | |
148 | static int ecryptfs_process_nl_quit(struct sk_buff *skb) | |
149 | { | |
150 | int rc; | |
151 | ||
152 | rc = ecryptfs_process_quit(NETLINK_CREDS(skb)->uid, | |
153 | NETLINK_CREDS(skb)->pid); | |
154 | if (rc) | |
155 | printk(KERN_WARNING | |
156 | "Error processing QUIT message; rc = [%d]\n", rc); | |
157 | return rc; | |
158 | } | |
159 | ||
160 | /** | |
161 | * ecryptfs_receive_nl_message | |
162 | * | |
163 | * Callback function called by netlink system when a message arrives. | |
164 | * If the message looks to be valid, then an attempt is made to assign | |
165 | * it to its desired netlink context element and wake up the process | |
166 | * that is waiting for a response. | |
167 | */ | |
cd40b7d3 | 168 | static void ecryptfs_receive_nl_message(struct sk_buff *skb) |
88b4a07e | 169 | { |
88b4a07e | 170 | struct nlmsghdr *nlh; |
88b4a07e | 171 | |
b529ccf2 | 172 | nlh = nlmsg_hdr(skb); |
88b4a07e MH |
173 | if (!NLMSG_OK(nlh, skb->len)) { |
174 | ecryptfs_printk(KERN_ERR, "Received corrupt netlink " | |
175 | "message\n"); | |
176 | goto free; | |
177 | } | |
178 | switch (nlh->nlmsg_type) { | |
179 | case ECRYPTFS_NLMSG_RESPONSE: | |
180 | if (ecryptfs_process_nl_response(skb)) { | |
181 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
182 | "deliver netlink response to " | |
183 | "requesting operation\n"); | |
184 | } | |
185 | break; | |
186 | case ECRYPTFS_NLMSG_HELO: | |
187 | if (ecryptfs_process_nl_helo(skb)) { | |
188 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
189 | "fulfill HELO request\n"); | |
190 | } | |
191 | break; | |
192 | case ECRYPTFS_NLMSG_QUIT: | |
193 | if (ecryptfs_process_nl_quit(skb)) { | |
194 | ecryptfs_printk(KERN_WARNING, "Failed to " | |
195 | "fulfill QUIT request\n"); | |
196 | } | |
197 | break; | |
198 | default: | |
199 | ecryptfs_printk(KERN_WARNING, "Dropping netlink " | |
200 | "message of unrecognized type [%d]\n", | |
201 | nlh->nlmsg_type); | |
202 | break; | |
203 | } | |
204 | free: | |
205 | kfree_skb(skb); | |
206 | } | |
207 | ||
208 | /** | |
209 | * ecryptfs_init_netlink | |
210 | * | |
211 | * Initializes the daemon id hash list, netlink context array, and | |
212 | * necessary locks. Returns zero upon success; non-zero upon error. | |
213 | */ | |
214 | int ecryptfs_init_netlink(void) | |
215 | { | |
216 | int rc; | |
217 | ||
b4b51029 | 218 | ecryptfs_nl_sock = netlink_kernel_create(&init_net, NETLINK_ECRYPTFS, 0, |
88b4a07e | 219 | ecryptfs_receive_nl_message, |
af65bdfc | 220 | NULL, THIS_MODULE); |
88b4a07e MH |
221 | if (!ecryptfs_nl_sock) { |
222 | rc = -EIO; | |
223 | ecryptfs_printk(KERN_ERR, "Failed to create netlink socket\n"); | |
224 | goto out; | |
225 | } | |
226 | ecryptfs_nl_sock->sk_sndtimeo = ECRYPTFS_DEFAULT_SEND_TIMEOUT; | |
227 | rc = 0; | |
228 | out: | |
229 | return rc; | |
230 | } | |
231 | ||
232 | /** | |
233 | * ecryptfs_release_netlink | |
234 | * | |
235 | * Frees all memory used by the netlink context array and releases the | |
236 | * netlink socket. | |
237 | */ | |
238 | void ecryptfs_release_netlink(void) | |
239 | { | |
b7c6ba6e | 240 | netlink_kernel_release(ecryptfs_nl_sock); |
88b4a07e MH |
241 | ecryptfs_nl_sock = NULL; |
242 | } |