forked from Minki/linux
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6: Ecryptfs: Add mount option to check uid of device being mounted = expect uid eCryptfs: Fix payload_len unitialized variable warning eCryptfs: fix compile error eCryptfs: Return error when lower file pointer is NULL
This commit is contained in:
Linus Torvalds
commit
d55140ce3a
@ -1,6 +1,6 @@
|
||||
config ECRYPT_FS
|
||||
tristate "eCrypt filesystem layer support (EXPERIMENTAL)"
|
||||
depends on EXPERIMENTAL && KEYS && CRYPTO
|
||||
depends on EXPERIMENTAL && KEYS && CRYPTO && (ENCRYPTED_KEYS || ENCRYPTED_KEYS=n)
|
||||
select CRYPTO_ECB
|
||||
select CRYPTO_CBC
|
||||
select CRYPTO_MD5
|
||||
|
||||
@ -1973,7 +1973,7 @@ pki_encrypt_session_key(struct key *auth_tok_key,
|
||||
{
|
||||
struct ecryptfs_msg_ctx *msg_ctx = NULL;
|
||||
char *payload = NULL;
|
||||
size_t payload_len;
|
||||
size_t payload_len = 0;
|
||||
struct ecryptfs_message *msg;
|
||||
int rc;
|
||||
|
||||
|
||||
@ -175,6 +175,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
|
||||
ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
|
||||
ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
|
||||
ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
|
||||
ecryptfs_opt_check_dev_ruid,
|
||||
ecryptfs_opt_err };
|
||||
|
||||
static const match_table_t tokens = {
|
||||
@ -191,6 +192,7 @@ static const match_table_t tokens = {
|
||||
{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
|
||||
{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
|
||||
{ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
|
||||
{ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
|
||||
{ecryptfs_opt_err, NULL}
|
||||
};
|
||||
|
||||
@ -236,6 +238,7 @@ static void ecryptfs_init_mount_crypt_stat(
|
||||
* ecryptfs_parse_options
|
||||
* @sb: The ecryptfs super block
|
||||
* @options: The options passed to the kernel
|
||||
* @check_ruid: set to 1 if device uid should be checked against the ruid
|
||||
*
|
||||
* Parse mount options:
|
||||
* debug=N - ecryptfs_verbosity level for debug output
|
||||
@ -251,7 +254,8 @@ static void ecryptfs_init_mount_crypt_stat(
|
||||
*
|
||||
* Returns zero on success; non-zero on error
|
||||
*/
|
||||
static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
|
||||
static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
|
||||
uid_t *check_ruid)
|
||||
{
|
||||
char *p;
|
||||
int rc = 0;
|
||||
@ -276,6 +280,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
|
||||
char *cipher_key_bytes_src;
|
||||
char *fn_cipher_key_bytes_src;
|
||||
|
||||
*check_ruid = 0;
|
||||
|
||||
if (!options) {
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
@ -380,6 +386,9 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
|
||||
mount_crypt_stat->flags |=
|
||||
ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
|
||||
break;
|
||||
case ecryptfs_opt_check_dev_ruid:
|
||||
*check_ruid = 1;
|
||||
break;
|
||||
case ecryptfs_opt_err:
|
||||
default:
|
||||
printk(KERN_WARNING
|
||||
@ -475,6 +484,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
|
||||
const char *err = "Getting sb failed";
|
||||
struct inode *inode;
|
||||
struct path path;
|
||||
uid_t check_ruid;
|
||||
int rc;
|
||||
|
||||
sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
|
||||
@ -483,7 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
|
||||
goto out;
|
||||
}
|
||||
|
||||
rc = ecryptfs_parse_options(sbi, raw_data);
|
||||
rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
|
||||
if (rc) {
|
||||
err = "Error parsing options";
|
||||
goto out;
|
||||
@ -521,6 +531,15 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
|
||||
"known incompatibilities\n");
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
|
||||
rc = -EPERM;
|
||||
printk(KERN_ERR "Mount of device (uid: %d) not owned by "
|
||||
"requested user (uid: %d)\n",
|
||||
path.dentry->d_inode->i_uid, current_uid());
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
|
||||
s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
|
||||
s->s_blocksize = path.dentry->d_sb->s_blocksize;
|
||||
|
||||
@ -39,15 +39,16 @@
|
||||
int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
|
||||
loff_t offset, size_t size)
|
||||
{
|
||||
struct ecryptfs_inode_info *inode_info;
|
||||
struct file *lower_file;
|
||||
mm_segment_t fs_save;
|
||||
ssize_t rc;
|
||||
|
||||
inode_info = ecryptfs_inode_to_private(ecryptfs_inode);
|
||||
BUG_ON(!inode_info->lower_file);
|
||||
lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
|
||||
if (!lower_file)
|
||||
return -EIO;
|
||||
fs_save = get_fs();
|
||||
set_fs(get_ds());
|
||||
rc = vfs_write(inode_info->lower_file, data, size, &offset);
|
||||
rc = vfs_write(lower_file, data, size, &offset);
|
||||
set_fs(fs_save);
|
||||
mark_inode_dirty_sync(ecryptfs_inode);
|
||||
return rc;
|
||||
@ -225,15 +226,16 @@ out:
|
||||
int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
|
||||
struct inode *ecryptfs_inode)
|
||||
{
|
||||
struct ecryptfs_inode_info *inode_info =
|
||||
ecryptfs_inode_to_private(ecryptfs_inode);
|
||||
struct file *lower_file;
|
||||
mm_segment_t fs_save;
|
||||
ssize_t rc;
|
||||
|
||||
BUG_ON(!inode_info->lower_file);
|
||||
lower_file = ecryptfs_inode_to_private(ecryptfs_inode)->lower_file;
|
||||
if (!lower_file)
|
||||
return -EIO;
|
||||
fs_save = get_fs();
|
||||
set_fs(get_ds());
|
||||
rc = vfs_read(inode_info->lower_file, data, size, &offset);
|
||||
rc = vfs_read(lower_file, data, size, &offset);
|
||||
set_fs(fs_save);
|
||||
return rc;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user