/**
   * eCryptfs: Linux filesystem encryption layer
   *
   * Copyright (C) 1997-2004 Erez Zadok
   * Copyright (C) 2001-2004 Stony Brook University

   * Copyright (C) 2004-2007 International Business Machines Corp.

   *   Author(s): Michael A. Halcrow <mhalcrow@us.ibm.com>
   *   		Michael C. Thompson <mcthomps@us.ibm.com>
   *
   * This program is free software; you can redistribute it and/or
   * modify it under the terms of the GNU General Public License as
   * published by the Free Software Foundation; either version 2 of the
   * License, or (at your option) any later version.
   *
   * This program is distributed in the hope that it will be useful, but
   * WITHOUT ANY WARRANTY; without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   * General Public License for more details.
   *
   * You should have received a copy of the GNU General Public License
   * along with this program; if not, write to the Free Software
   * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
   * 02111-1307, USA.
   */
  
  #include <linux/file.h>
  #include <linux/poll.h>

  #include <linux/slab.h>

  #include <linux/mount.h>
  #include <linux/pagemap.h>
  #include <linux/security.h>

  #include <linux/compat.h>

  #include <linux/fs_stack.h>

  #include <linux/smp_lock.h>

  #include "ecryptfs_kernel.h"
  
  /**

   * ecryptfs_read_update_atime
   *
   * generic_file_read updates the atime of upper layer inode.  But, it
   * doesn't give us a chance to update the atime of the lower layer
   * inode.  This function is a wrapper to generic_file_read.  It
   * updates the atime of the lower level inode if generic_file_read
   * returns without any errors. This is to be used only for file reads.
   * The function to be used for directory reads is ecryptfs_read.
   */
  static ssize_t ecryptfs_read_update_atime(struct kiocb *iocb,
  				const struct iovec *iov,
  				unsigned long nr_segs, loff_t pos)
  {
  	int rc;
  	struct dentry *lower_dentry;
  	struct vfsmount *lower_vfsmount;
  	struct file *file = iocb->ki_filp;
  
  	rc = generic_file_aio_read(iocb, iov, nr_segs, pos);
  	/*
  	 * Even though this is a async interface, we need to wait
  	 * for IO to finish to update atime
  	 */
  	if (-EIOCBQUEUED == rc)
  		rc = wait_on_sync_kiocb(iocb);
  	if (rc >= 0) {

  		lower_dentry = ecryptfs_dentry_to_lower(file->f_path.dentry);
  		lower_vfsmount = ecryptfs_dentry_to_lower_mnt(file->f_path.dentry);

  		touch_atime(lower_vfsmount, lower_dentry);
  	}
  	return rc;
  }
  
  struct ecryptfs_getdents_callback {
  	void *dirent;
  	struct dentry *dentry;
  	filldir_t filldir;

  	int filldir_called;
  	int entries_written;
  };

  /* Inspired by generic filldir in fs/readdir.c */

  static int

  ecryptfs_filldir(void *dirent, const char *lower_name, int lower_namelen,
  		 loff_t offset, u64 ino, unsigned int d_type)

  {

  	struct ecryptfs_getdents_callback *buf =
  	    (struct ecryptfs_getdents_callback *)dirent;

  	size_t name_size;

  	char *name;

  	int rc;

  	buf->filldir_called++;

  	rc = ecryptfs_decode_and_decrypt_filename(&name, &name_size,
  						  buf->dentry, lower_name,
  						  lower_namelen);
  	if (rc) {
  		printk(KERN_ERR "%s: Error attempting to decode and decrypt "
  		       "filename [%s]; rc = [%d]
  ", __func__, lower_name,
  		       rc);

  		goto out;
  	}

  	rc = buf->filldir(buf->dirent, name, name_size, offset, ino, d_type);
  	kfree(name);

  	if (rc >= 0)
  		buf->entries_written++;
  out:
  	return rc;
  }
  
  /**
   * ecryptfs_readdir

   * @file: The eCryptfs directory file
   * @dirent: Directory entry handle

   * @filldir: The filldir callback function
   */
  static int ecryptfs_readdir(struct file *file, void *dirent, filldir_t filldir)
  {
  	int rc;
  	struct file *lower_file;
  	struct inode *inode;
  	struct ecryptfs_getdents_callback buf;
  
  	lower_file = ecryptfs_file_to_lower(file);
  	lower_file->f_pos = file->f_pos;

  	inode = file->f_path.dentry->d_inode;

  	memset(&buf, 0, sizeof(buf));
  	buf.dirent = dirent;

  	buf.dentry = file->f_path.dentry;

  	buf.filldir = filldir;

  	buf.filldir_called = 0;
  	buf.entries_written = 0;

  	rc = vfs_readdir(lower_file, ecryptfs_filldir, (void *)&buf);

  	file->f_pos = lower_file->f_pos;

  	if (rc < 0)
  		goto out;
  	if (buf.filldir_called && !buf.entries_written)
  		goto out;

  	if (rc >= 0)

  		fsstack_copy_attr_atime(inode,
  					lower_file->f_path.dentry->d_inode);
  out:

  	return rc;
  }
  
  struct kmem_cache *ecryptfs_file_info_cache;
  
  /**
   * ecryptfs_open
   * @inode: inode speciying file to open
   * @file: Structure to return filled in
   *
   * Opens the file specified by inode.
   *
   * Returns zero on success; non-zero otherwise
   */
  static int ecryptfs_open(struct inode *inode, struct file *file)
  {
  	int rc = 0;
  	struct ecryptfs_crypt_stat *crypt_stat = NULL;
  	struct ecryptfs_mount_crypt_stat *mount_crypt_stat;

  	struct dentry *ecryptfs_dentry = file->f_path.dentry;

  	/* Private value of ecryptfs_dentry allocated in
  	 * ecryptfs_lookup() */

  	struct dentry *lower_dentry;

  	struct ecryptfs_file_info *file_info;

  	mount_crypt_stat = &ecryptfs_superblock_to_private(
  		ecryptfs_dentry->d_sb)->mount_crypt_stat;
  	if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED)
  	    && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR)
  		|| (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC)
  		|| (file->f_flags & O_APPEND))) {
  		printk(KERN_WARNING "Mount has encrypted view enabled; "
  		       "files may only be read
  ");
  		rc = -EPERM;
  		goto out;
  	}

  	/* Released in ecryptfs_release or end of function if failure */

  	file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);

  	ecryptfs_set_file_private(file, file_info);
  	if (!file_info) {
  		ecryptfs_printk(KERN_ERR,
  				"Error attempting to allocate memory
  ");
  		rc = -ENOMEM;
  		goto out;
  	}

  	lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry);
  	crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat;

  	mutex_lock(&crypt_stat->cs_mutex);

  	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)) {

  		ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...
  ");
  		/* Policy code enabled in future release */

  		crypt_stat->flags |= (ECRYPTFS_POLICY_APPLIED
  				      | ECRYPTFS_ENCRYPTED);

  	}
  	mutex_unlock(&crypt_stat->cs_mutex);

  	if (!ecryptfs_inode_to_private(inode)->lower_file) {

  		rc = ecryptfs_init_persistent_file(ecryptfs_dentry);
  		if (rc) {
  			printk(KERN_ERR "%s: Error attempting to initialize "
  			       "the persistent file for the dentry with name "
  			       "[%s]; rc = [%d]
  ", __func__,
  			       ecryptfs_dentry->d_name.name, rc);

  			goto out_free;

  		}
  	}

  	if ((ecryptfs_inode_to_private(inode)->lower_file->f_flags & O_RDONLY)
  	    && !(file->f_flags & O_RDONLY)) {
  		rc = -EPERM;
  		printk(KERN_WARNING "%s: Lower persistent file is RO; eCryptfs "
  		       "file must hence be opened RO
  ", __func__);

  		goto out_free;

  	}

  	ecryptfs_set_file_lower(
  		file, ecryptfs_inode_to_private(inode)->lower_file);

  	if (S_ISDIR(ecryptfs_dentry->d_inode->i_mode)) {
  		ecryptfs_printk(KERN_DEBUG, "This is a directory
  ");

  		mutex_lock(&crypt_stat->cs_mutex);

  		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

  		mutex_unlock(&crypt_stat->cs_mutex);

  		rc = 0;
  		goto out;
  	}
  	mutex_lock(&crypt_stat->cs_mutex);

  	if (!(crypt_stat->flags & ECRYPTFS_POLICY_APPLIED)
  	    || !(crypt_stat->flags & ECRYPTFS_KEY_VALID)) {

  		rc = ecryptfs_read_metadata(ecryptfs_dentry);

  		if (rc) {
  			ecryptfs_printk(KERN_DEBUG,
  					"Valid headers not found
  ");
  			if (!(mount_crypt_stat->flags
  			      & ECRYPTFS_PLAINTEXT_PASSTHROUGH_ENABLED)) {
  				rc = -EIO;

  				printk(KERN_WARNING "Either the lower file "

  				       "is not in a valid eCryptfs format, "

  				       "or the key could not be retrieved. "
  				       "Plaintext passthrough mode is not "

  				       "enabled; returning -EIO
  ");
  				mutex_unlock(&crypt_stat->cs_mutex);

  				goto out_free;

  			}

  			rc = 0;

  			crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);

  			mutex_unlock(&crypt_stat->cs_mutex);
  			goto out;
  		}
  	}
  	mutex_unlock(&crypt_stat->cs_mutex);
  	ecryptfs_printk(KERN_DEBUG, "inode w/ addr = [0x%p], i_ino = [0x%.16x] "
  			"size: [0x%.16x]
  ", inode, inode->i_ino,
  			i_size_read(inode));

  	goto out;

  out_free:

  	kmem_cache_free(ecryptfs_file_info_cache,
  			ecryptfs_file_to_private(file));
  out:
  	return rc;
  }
  
  static int ecryptfs_flush(struct file *file, fl_owner_t td)
  {
  	int rc = 0;
  	struct file *lower_file = NULL;
  
  	lower_file = ecryptfs_file_to_lower(file);
  	if (lower_file->f_op && lower_file->f_op->flush)
  		rc = lower_file->f_op->flush(lower_file, td);
  	return rc;
  }
  
  static int ecryptfs_release(struct inode *inode, struct file *file)
  {

  	kmem_cache_free(ecryptfs_file_info_cache,
  			ecryptfs_file_to_private(file));
  	return 0;

  }
  
  static int

  ecryptfs_fsync(struct file *file, int datasync)

  {

  	return vfs_fsync(ecryptfs_file_to_lower(file), datasync);

  }
  
  static int ecryptfs_fasync(int fd, struct file *file, int flag)
  {
  	int rc = 0;
  	struct file *lower_file = NULL;

  	lock_kernel();

  	lower_file = ecryptfs_file_to_lower(file);
  	if (lower_file->f_op && lower_file->f_op->fasync)
  		rc = lower_file->f_op->fasync(fd, lower_file, flag);

  	unlock_kernel();

  	return rc;
  }

  static long
  ecryptfs_unlocked_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  {
  	struct file *lower_file = NULL;
  	long rc = -ENOTTY;
  
  	if (ecryptfs_file_to_private(file))
  		lower_file = ecryptfs_file_to_lower(file);
  	if (lower_file && lower_file->f_op && lower_file->f_op->unlocked_ioctl)
  		rc = lower_file->f_op->unlocked_ioctl(lower_file, cmd, arg);
  	return rc;
  }
  
  #ifdef CONFIG_COMPAT
  static long
  ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  {
  	struct file *lower_file = NULL;
  	long rc = -ENOIOCTLCMD;
  
  	if (ecryptfs_file_to_private(file))
  		lower_file = ecryptfs_file_to_lower(file);
  	if (lower_file && lower_file->f_op && lower_file->f_op->compat_ioctl)
  		rc = lower_file->f_op->compat_ioctl(lower_file, cmd, arg);
  	return rc;
  }
  #endif

  
  const struct file_operations ecryptfs_dir_fops = {
  	.readdir = ecryptfs_readdir,

  	.unlocked_ioctl = ecryptfs_unlocked_ioctl,
  #ifdef CONFIG_COMPAT
  	.compat_ioctl = ecryptfs_compat_ioctl,
  #endif

  	.open = ecryptfs_open,
  	.flush = ecryptfs_flush,
  	.release = ecryptfs_release,
  	.fsync = ecryptfs_fsync,
  	.fasync = ecryptfs_fasync,

  	.splice_read = generic_file_splice_read,

  };
  
  const struct file_operations ecryptfs_main_fops = {

  	.llseek = generic_file_llseek,

  	.read = do_sync_read,
  	.aio_read = ecryptfs_read_update_atime,
  	.write = do_sync_write,
  	.aio_write = generic_file_aio_write,
  	.readdir = ecryptfs_readdir,

  	.unlocked_ioctl = ecryptfs_unlocked_ioctl,
  #ifdef CONFIG_COMPAT
  	.compat_ioctl = ecryptfs_compat_ioctl,
  #endif

  	.mmap = generic_file_mmap,
  	.open = ecryptfs_open,
  	.flush = ecryptfs_flush,
  	.release = ecryptfs_release,
  	.fsync = ecryptfs_fsync,
  	.fasync = ecryptfs_fasync,

  	.splice_read = generic_file_splice_read,

  };