Linux 3.11-rc3
[cris-mirror.git] / net / dns_resolver / dns_key.c
blobf347a2ca7d7e6c5c1f6feae5e8edae91b487500e
1 /* Key type used to cache DNS lookups made by the kernel
3 * See Documentation/networking/dns_resolver.txt
5 * Copyright (c) 2007 Igor Mammedov
6 * Author(s): Igor Mammedov (niallain@gmail.com)
7 * Steve French (sfrench@us.ibm.com)
8 * Wang Lei (wang840925@gmail.com)
9 * David Howells (dhowells@redhat.com)
11 * This library is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License as published
13 * by the Free Software Foundation; either version 2.1 of the License, or
14 * (at your option) any later version.
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
19 * the GNU Lesser General Public License for more details.
21 * You should have received a copy of the GNU Lesser General Public License
22 * along with this library; if not, write to the Free Software
23 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include <linux/module.h>
26 #include <linux/moduleparam.h>
27 #include <linux/slab.h>
28 #include <linux/string.h>
29 #include <linux/kernel.h>
30 #include <linux/keyctl.h>
31 #include <linux/err.h>
32 #include <linux/seq_file.h>
33 #include <keys/dns_resolver-type.h>
34 #include <keys/user-type.h>
35 #include "internal.h"
37 MODULE_DESCRIPTION("DNS Resolver");
38 MODULE_AUTHOR("Wang Lei");
39 MODULE_LICENSE("GPL");
41 unsigned int dns_resolver_debug;
42 module_param_named(debug, dns_resolver_debug, uint, S_IWUSR | S_IRUGO);
43 MODULE_PARM_DESC(debug, "DNS Resolver debugging mask");
45 const struct cred *dns_resolver_cache;
47 #define DNS_ERRORNO_OPTION "dnserror"
50 * Instantiate a user defined key for dns_resolver.
52 * The data must be a NUL-terminated string, with the NUL char accounted in
53 * datalen.
55 * If the data contains a '#' characters, then we take the clause after each
56 * one to be an option of the form 'key=value'. The actual data of interest is
57 * the string leading up to the first '#'. For instance:
59 * "ip1,ip2,...#foo=bar"
61 static int
62 dns_resolver_instantiate(struct key *key, struct key_preparsed_payload *prep)
64 struct user_key_payload *upayload;
65 unsigned long derrno;
66 int ret;
67 size_t datalen = prep->datalen, result_len = 0;
68 const char *data = prep->data, *end, *opt;
70 kenter("%%%d,%s,'%*.*s',%zu",
71 key->serial, key->description,
72 (int)datalen, (int)datalen, data, datalen);
74 if (datalen <= 1 || !data || data[datalen - 1] != '\0')
75 return -EINVAL;
76 datalen--;
78 /* deal with any options embedded in the data */
79 end = data + datalen;
80 opt = memchr(data, '#', datalen);
81 if (!opt) {
82 /* no options: the entire data is the result */
83 kdebug("no options");
84 result_len = datalen;
85 } else {
86 const char *next_opt;
88 result_len = opt - data;
89 opt++;
90 kdebug("options: '%s'", opt);
91 do {
92 const char *eq;
93 int opt_len, opt_nlen, opt_vlen, tmp;
95 next_opt = memchr(opt, '#', end - opt) ?: end;
96 opt_len = next_opt - opt;
97 if (!opt_len) {
98 printk(KERN_WARNING
99 "Empty option to dns_resolver key %d\n",
100 key->serial);
101 return -EINVAL;
104 eq = memchr(opt, '=', opt_len) ?: end;
105 opt_nlen = eq - opt;
106 eq++;
107 opt_vlen = next_opt - eq; /* will be -1 if no value */
109 tmp = opt_vlen >= 0 ? opt_vlen : 0;
110 kdebug("option '%*.*s' val '%*.*s'",
111 opt_nlen, opt_nlen, opt, tmp, tmp, eq);
113 /* see if it's an error number representing a DNS error
114 * that's to be recorded as the result in this key */
115 if (opt_nlen == sizeof(DNS_ERRORNO_OPTION) - 1 &&
116 memcmp(opt, DNS_ERRORNO_OPTION, opt_nlen) == 0) {
117 kdebug("dns error number option");
118 if (opt_vlen <= 0)
119 goto bad_option_value;
121 ret = kstrtoul(eq, 10, &derrno);
122 if (ret < 0)
123 goto bad_option_value;
125 if (derrno < 1 || derrno > 511)
126 goto bad_option_value;
128 kdebug("dns error no. = %lu", derrno);
129 key->type_data.x[0] = -derrno;
130 continue;
133 bad_option_value:
134 printk(KERN_WARNING
135 "Option '%*.*s' to dns_resolver key %d:"
136 " bad/missing value\n",
137 opt_nlen, opt_nlen, opt, key->serial);
138 return -EINVAL;
139 } while (opt = next_opt + 1, opt < end);
142 /* don't cache the result if we're caching an error saying there's no
143 * result */
144 if (key->type_data.x[0]) {
145 kleave(" = 0 [h_error %ld]", key->type_data.x[0]);
146 return 0;
149 kdebug("store result");
150 ret = key_payload_reserve(key, result_len);
151 if (ret < 0)
152 return -EINVAL;
154 upayload = kmalloc(sizeof(*upayload) + result_len + 1, GFP_KERNEL);
155 if (!upayload) {
156 kleave(" = -ENOMEM");
157 return -ENOMEM;
160 upayload->datalen = result_len;
161 memcpy(upayload->data, data, result_len);
162 upayload->data[result_len] = '\0';
163 rcu_assign_pointer(key->payload.data, upayload);
165 kleave(" = 0");
166 return 0;
170 * The description is of the form "[<type>:]<domain_name>"
172 * The domain name may be a simple name or an absolute domain name (which
173 * should end with a period). The domain name is case-independent.
175 static int
176 dns_resolver_match(const struct key *key, const void *description)
178 int slen, dlen, ret = 0;
179 const char *src = key->description, *dsp = description;
181 kenter("%s,%s", src, dsp);
183 if (!src || !dsp)
184 goto no_match;
186 if (strcasecmp(src, dsp) == 0)
187 goto matched;
189 slen = strlen(src);
190 dlen = strlen(dsp);
191 if (slen <= 0 || dlen <= 0)
192 goto no_match;
193 if (src[slen - 1] == '.')
194 slen--;
195 if (dsp[dlen - 1] == '.')
196 dlen--;
197 if (slen != dlen || strncasecmp(src, dsp, slen) != 0)
198 goto no_match;
200 matched:
201 ret = 1;
202 no_match:
203 kleave(" = %d", ret);
204 return ret;
208 * Describe a DNS key
210 static void dns_resolver_describe(const struct key *key, struct seq_file *m)
212 int err = key->type_data.x[0];
214 seq_puts(m, key->description);
215 if (key_is_instantiated(key)) {
216 if (err)
217 seq_printf(m, ": %d", err);
218 else
219 seq_printf(m, ": %u", key->datalen);
224 * read the DNS data
225 * - the key's semaphore is read-locked
227 static long dns_resolver_read(const struct key *key,
228 char __user *buffer, size_t buflen)
230 if (key->type_data.x[0])
231 return key->type_data.x[0];
233 return user_read(key, buffer, buflen);
236 struct key_type key_type_dns_resolver = {
237 .name = "dns_resolver",
238 .instantiate = dns_resolver_instantiate,
239 .match = dns_resolver_match,
240 .revoke = user_revoke,
241 .destroy = user_destroy,
242 .describe = dns_resolver_describe,
243 .read = dns_resolver_read,
246 static int __init init_dns_resolver(void)
248 struct cred *cred;
249 struct key *keyring;
250 int ret;
252 /* create an override credential set with a special thread keyring in
253 * which DNS requests are cached
255 * this is used to prevent malicious redirections from being installed
256 * with add_key().
258 cred = prepare_kernel_cred(NULL);
259 if (!cred)
260 return -ENOMEM;
262 keyring = keyring_alloc(".dns_resolver",
263 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
264 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
265 KEY_USR_VIEW | KEY_USR_READ,
266 KEY_ALLOC_NOT_IN_QUOTA, NULL);
267 if (IS_ERR(keyring)) {
268 ret = PTR_ERR(keyring);
269 goto failed_put_cred;
272 ret = register_key_type(&key_type_dns_resolver);
273 if (ret < 0)
274 goto failed_put_key;
276 /* instruct request_key() to use this special keyring as a cache for
277 * the results it looks up */
278 set_bit(KEY_FLAG_ROOT_CAN_CLEAR, &keyring->flags);
279 cred->thread_keyring = keyring;
280 cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
281 dns_resolver_cache = cred;
283 kdebug("DNS resolver keyring: %d\n", key_serial(keyring));
284 return 0;
286 failed_put_key:
287 key_put(keyring);
288 failed_put_cred:
289 put_cred(cred);
290 return ret;
293 static void __exit exit_dns_resolver(void)
295 key_revoke(dns_resolver_cache->thread_keyring);
296 unregister_key_type(&key_type_dns_resolver);
297 put_cred(dns_resolver_cache);
300 module_init(init_dns_resolver)
301 module_exit(exit_dns_resolver)
302 MODULE_LICENSE("GPL");