fs/cifs/dns_resolve.c

   1 /*
   2  *  fs/cifs/dns_resolve.c
   3  *
   4  *   Copyright (c) 2007 Igor Mammedov
   5  *   Author(s): Igor Mammedov (niallain@gmail.com)
   6  *              Steve French (sfrench@us.ibm.com)
   7  *
   8  *   Contains the CIFS DFS upcall routines used for hostname to
   9  *   IP address translation.
  10  *
  11  *   This library is free software; you can redistribute it and/or modify
  12  *   it under the terms of the GNU Lesser General Public License as published
  13  *   by the Free Software Foundation; either version 2.1 of the License, or
  14  *   (at your option) any later version.
  15  *
  16  *   This library is distributed in the hope that it will be useful,
  17  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
  19  *   the GNU Lesser General Public License for more details.
  20  *
  21  *   You should have received a copy of the GNU Lesser General Public License
  22  *   along with this library; if not, write to the Free Software
  23  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  24  */
  25
  26 #include <linux/keyctl.h>
  27 #include <linux/key-type.h>
  28 #include <keys/user-type.h>
  29 #include "dns_resolve.h"
  30 #include "cifsglob.h"
  31 #include "cifsproto.h"
  32 #include "cifs_debug.h"
  33
  34 static const struct cred *dns_resolver_cache;
  35
  36 /* Checks if supplied name is IP address
  37  * returns:
  38  *              1 - name is IP
  39  *              0 - name is not IP
  40  */
  41 static int
  42 is_ip(char *name)
  43 {
  44         struct sockaddr_storage ss;
  45
  46         return cifs_convert_address(name, &ss);
  47 }
  48
  49 static int
  50 dns_resolver_instantiate(struct key *key, const void *data,
  51                 size_t datalen)
  52 {
  53         int rc = 0;
  54         char *ip;
  55
  56         ip = kmalloc(datalen + 1, GFP_KERNEL);
  57         if (!ip)
  58                 return -ENOMEM;
  59
  60         memcpy(ip, data, datalen);
  61         ip[datalen] = '\0';
  62
  63         /* make sure this looks like an address */
  64         if (!is_ip(ip)) {
  65                 kfree(ip);
  66                 return -EINVAL;
  67         }
  68
  69         key->type_data.x[0] = datalen;
  70         key->payload.data = ip;
  71
  72         return rc;
  73 }
  74
  75 static void
  76 dns_resolver_destroy(struct key *key)
  77 {
  78         kfree(key->payload.data);
  79 }
  80
  81 struct key_type key_type_dns_resolver = {
  82         .name        = "dns_resolver",
  83         .def_datalen = sizeof(struct in_addr),
  84         .describe    = user_describe,
  85         .instantiate = dns_resolver_instantiate,
  86         .destroy     = dns_resolver_destroy,
  87         .match       = user_match,
  88 };
  89
  90 /* Resolves server name to ip address.
  91  * input:
  92  *      unc - server UNC
  93  * output:
  94  *      *ip_addr - pointer to server ip, caller responcible for freeing it.
  95  * return 0 on success
  96  */
  97 int
  98 dns_resolve_server_name_to_ip(const char *unc, char **ip_addr)
  99 {
 100         const struct cred *saved_cred;
 101         int rc = -EAGAIN;
 102         struct key *rkey = ERR_PTR(-EAGAIN);
 103         char *name;
 104         char *data = NULL;
 105         int len;
 106
 107         if (!ip_addr || !unc)
 108                 return -EINVAL;
 109
 110         /* search for server name delimiter */
 111         len = strlen(unc);
 112         if (len < 3) {
 113                 cFYI(1, ("%s: unc is too short: %s", __func__, unc));
 114                 return -EINVAL;
 115         }
 116         len -= 2;
 117         name = memchr(unc+2, '\\', len);
 118         if (!name) {
 119                 cFYI(1, ("%s: probably server name is whole unc: %s",
 120                                         __func__, unc));
 121         } else {
 122                 len = (name - unc) - 2/* leading // */;
 123         }
 124
 125         name = kmalloc(len+1, GFP_KERNEL);
 126         if (!name) {
 127                 rc = -ENOMEM;
 128                 return rc;
 129         }
 130         memcpy(name, unc+2, len);
 131         name[len] = 0;
 132
 133         if (is_ip(name)) {
 134                 cFYI(1, ("%s: it is IP, skipping dns upcall: %s",
 135                                         __func__, name));
 136                 data = name;
 137                 goto skip_upcall;
 138         }
 139
 140         saved_cred = override_creds(dns_resolver_cache);
 141         rkey = request_key(&key_type_dns_resolver, name, "");
 142         revert_creds(saved_cred);
 143         if (!IS_ERR(rkey)) {
 144                 if (!(rkey->perm & KEY_USR_VIEW)) {
 145                         down_read(&rkey->sem);
 146                         rkey->perm |= KEY_USR_VIEW;
 147                         up_read(&rkey->sem);
 148                 }
 149                 len = rkey->type_data.x[0];
 150                 data = rkey->payload.data;
 151         } else {
 152                 cERROR(1, ("%s: unable to resolve: %s", __func__, name));
 153                 goto out;
 154         }
 155
 156 skip_upcall:
 157         if (data) {
 158                 *ip_addr = kmalloc(len + 1, GFP_KERNEL);
 159                 if (*ip_addr) {
 160                         memcpy(*ip_addr, data, len + 1);
 161                         if (!IS_ERR(rkey))
 162                                 cFYI(1, ("%s: resolved: %s to %s", __func__,
 163                                                         name,
 164                                                         *ip_addr
 165                                         ));
 166                         rc = 0;
 167                 } else {
 168                         rc = -ENOMEM;
 169                 }
 170                 if (!IS_ERR(rkey))
 171                         key_put(rkey);
 172         }
 173
 174 out:
 175         kfree(name);
 176         return rc;
 177 }
 178
 179 int __init cifs_init_dns_resolver(void)
 180 {
 181         struct cred *cred;
 182         struct key *keyring;
 183         int ret;
 184
 185         printk(KERN_NOTICE "Registering the %s key type\n",
 186                key_type_dns_resolver.name);
 187
 188         /* create an override credential set with a special thread keyring in
 189          * which DNS requests are cached
 190          *
 191          * this is used to prevent malicious redirections from being installed
 192          * with add_key().
 193          */
 194         cred = prepare_kernel_cred(NULL);
 195         if (!cred)
 196                 return -ENOMEM;
 197
 198         keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
 199                             (KEY_POS_ALL & ~KEY_POS_SETATTR) |
 200                             KEY_USR_VIEW | KEY_USR_READ,
 201                             KEY_ALLOC_NOT_IN_QUOTA);
 202         if (IS_ERR(keyring)) {
 203                 ret = PTR_ERR(keyring);
 204                 goto failed_put_cred;
 205         }
 206
 207         ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
 208         if (ret < 0)
 209                 goto failed_put_key;
 210
 211         ret = register_key_type(&key_type_dns_resolver);
 212         if (ret < 0)
 213                 goto failed_put_key;
 214
 215         /* instruct request_key() to use this special keyring as a cache for
 216          * the results it looks up */
 217         cred->thread_keyring = keyring;
 218         cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
 219         dns_resolver_cache = cred;
 220         return 0;
 221
 222 failed_put_key:
 223         key_put(keyring);
 224 failed_put_cred:
 225         put_cred(cred);
 226         return ret;
 227 }
 228
 229 void cifs_exit_dns_resolver(void)
 230 {
 231         key_revoke(dns_resolver_cache->thread_keyring);
 232         unregister_key_type(&key_type_dns_resolver);
 233         put_cred(dns_resolver_cache);
 234         printk(KERN_NOTICE "Unregistered %s key type\n",
 235                key_type_dns_resolver.name);
 236 }