dns_resolve.c 5.43 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
/*
 *  fs/cifs/dns_resolve.c
 *
 *   Copyright (c) 2007 Igor Mammedov
 *   Author(s): Igor Mammedov (niallain@gmail.com)
 *              Steve French (sfrench@us.ibm.com)
 *
 *   Contains the CIFS DFS upcall routines used for hostname to
 *   IP address translation.
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

26
#include <linux/slab.h>
27 28
#include <linux/keyctl.h>
#include <linux/key-type.h>
29 30 31 32 33 34
#include <keys/user-type.h>
#include "dns_resolve.h"
#include "cifsglob.h"
#include "cifsproto.h"
#include "cifs_debug.h"

35 36
static const struct cred *dns_resolver_cache;

37 38 39 40 41 42
/* Checks if supplied name is IP address
 * returns:
 * 		1 - name is IP
 * 		0 - name is not IP
 */
static int
43
is_ip(const char *name, int len)
44
{
45
	struct sockaddr_storage ss;
46

47
	return cifs_convert_address((struct sockaddr *)&ss, name, len);
48 49 50 51
}

static int
dns_resolver_instantiate(struct key *key, const void *data,
52 53 54 55 56
		size_t datalen)
{
	int rc = 0;
	char *ip;

57 58 59 60
	/* make sure this looks like an address */
	if (!is_ip(data, datalen))
		return -EINVAL;

61
	ip = kmalloc(datalen + 1, GFP_KERNEL);
62 63 64 65 66 67
	if (!ip)
		return -ENOMEM;

	memcpy(ip, data, datalen);
	ip[datalen] = '\0';

68
	key->type_data.x[0] = datalen;
69
	key->payload.data = ip;
70 71 72 73

	return rc;
}

74 75 76 77 78 79
static void
dns_resolver_destroy(struct key *key)
{
	kfree(key->payload.data);
}

80 81 82 83 84
struct key_type key_type_dns_resolver = {
	.name        = "dns_resolver",
	.def_datalen = sizeof(struct in_addr),
	.describe    = user_describe,
	.instantiate = dns_resolver_instantiate,
85
	.destroy     = dns_resolver_destroy,
86 87 88 89 90 91 92 93
	.match       = user_match,
};

/* Resolves server name to ip address.
 * input:
 * 	unc - server UNC
 * output:
 * 	*ip_addr - pointer to server ip, caller responcible for freeing it.
94
 * return the length of the returned string on success
95 96
 */
int
Steve French's avatar
Steve French committed
97 98
dns_resolve_server_name_to_ip(const char *unc, char **ip_addr)
{
99
	const struct cred *saved_cred;
100
	int rc = -EAGAIN;
101
	struct key *rkey = ERR_PTR(-EAGAIN);
102
	char *name;
103
	char *data = NULL;
104 105
	int len;

Steve French's avatar
Steve French committed
106
	if (!ip_addr || !unc)
107 108 109 110 111
		return -EINVAL;

	/* search for server name delimiter */
	len = strlen(unc);
	if (len < 3) {
112
		cFYI(1, "%s: unc is too short: %s", __func__, unc);
113 114 115 116 117
		return -EINVAL;
	}
	len -= 2;
	name = memchr(unc+2, '\\', len);
	if (!name) {
118 119
		cFYI(1, "%s: probably server name is whole unc: %s",
					__func__, unc);
120 121 122 123 124 125 126 127 128 129 130 131
	} else {
		len = (name - unc) - 2/* leading // */;
	}

	name = kmalloc(len+1, GFP_KERNEL);
	if (!name) {
		rc = -ENOMEM;
		return rc;
	}
	memcpy(name, unc+2, len);
	name[len] = 0;

132
	if (is_ip(name, len)) {
133 134
		cFYI(1, "%s: it is IP, skipping dns upcall: %s",
					__func__, name);
135 136 137 138
		data = name;
		goto skip_upcall;
	}

139
	saved_cred = override_creds(dns_resolver_cache);
140
	rkey = request_key(&key_type_dns_resolver, name, "");
141
	revert_creds(saved_cred);
142
	if (!IS_ERR(rkey)) {
143 144 145 146 147
		if (!(rkey->perm & KEY_USR_VIEW)) {
			down_read(&rkey->sem);
			rkey->perm |= KEY_USR_VIEW;
			up_read(&rkey->sem);
		}
148
		len = rkey->type_data.x[0];
149 150
		data = rkey->payload.data;
	} else {
151
		cERROR(1, "%s: unable to resolve: %s", __func__, name);
152 153 154 155 156
		goto out;
	}

skip_upcall:
	if (data) {
157
		*ip_addr = kmalloc(len + 1, GFP_KERNEL);
158
		if (*ip_addr) {
159
			memcpy(*ip_addr, data, len + 1);
160
			if (!IS_ERR(rkey))
161
				cFYI(1, "%s: resolved: %s to %s", __func__,
162 163
							name,
							*ip_addr
164
					);
165
			rc = len;
166 167 168
		} else {
			rc = -ENOMEM;
		}
169 170
		if (!IS_ERR(rkey))
			key_put(rkey);
171 172
	}

173
out:
174 175 176 177
	kfree(name);
	return rc;
}

178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
int __init cifs_init_dns_resolver(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret;

	printk(KERN_NOTICE "Registering the %s key type\n",
	       key_type_dns_resolver.name);

	/* create an override credential set with a special thread keyring in
	 * which DNS requests are cached
	 *
	 * this is used to prevent malicious redirections from being installed
	 * with add_key().
	 */
	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
			    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
			    KEY_USR_VIEW | KEY_USR_READ,
			    KEY_ALLOC_NOT_IN_QUOTA);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&key_type_dns_resolver);
	if (ret < 0)
		goto failed_put_key;

	/* instruct request_key() to use this special keyring as a cache for
	 * the results it looks up */
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	dns_resolver_cache = cred;
	return 0;

failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}
227

228
void cifs_exit_dns_resolver(void)
229 230 231 232 233 234 235
{
	key_revoke(dns_resolver_cache->thread_keyring);
	unregister_key_type(&key_type_dns_resolver);
	put_cred(dns_resolver_cache);
	printk(KERN_NOTICE "Unregistered %s key type\n",
	       key_type_dns_resolver.name);
}