fs/cifs/dns_resolve.c

   1 /*
   2  *  fs/cifs/dns_resolve.c
   3  *
   4  *   Copyright (c) 2007 Igor Mammedov
   5  *   Author(s): Igor Mammedov (niallain@gmail.com)
   6  *              Steve French (sfrench@us.ibm.com)
   7  *
   8  *   Contains the CIFS DFS upcall routines used for hostname to
   9  *   IP address translation.
  10  *
  11  *   This library is free software; you can redistribute it and/or modify
  12  *   it under the terms of the GNU Lesser General Public License as published
  13  *   by the Free Software Foundation; either version 2.1 of the License, or
  14  *   (at your option) any later version.
  15  *
  16  *   This library is distributed in the hope that it will be useful,
  17  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
  19  *   the GNU Lesser General Public License for more details.
  20  *
  21  *   You should have received a copy of the GNU Lesser General Public License
  22  *   along with this library; if not, write to the Free Software
  23  *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  24  */
  25
  26 #include <linux/slab.h>
  27 #include <linux/keyctl.h>
  28 #include <linux/key-type.h>
  29 #include <keys/user-type.h>
  30 #include "dns_resolve.h"
  31 #include "cifsglob.h"
  32 #include "cifsproto.h"
  33 #include "cifs_debug.h"
  34
  35 static const struct cred *dns_resolver_cache;
  36
  37 /* Checks if supplied name is IP address
  38  * returns:
  39  *              1 - name is IP
  40  *              0 - name is not IP
  41  */
  42 static int
  43 is_ip(char *name)
  44 {
  45         struct sockaddr_storage ss;
  46
  47         return cifs_convert_address(name, &ss);
  48 }
  49
  50 static int
  51 dns_resolver_instantiate(struct key *key, const void *data,
  52                 size_t datalen)
  53 {
  54         int rc = 0;
  55         char *ip;
  56
  57         ip = kmalloc(datalen + 1, GFP_KERNEL);
  58         if (!ip)
  59                 return -ENOMEM;
  60
  61         memcpy(ip, data, datalen);
  62         ip[datalen] = '\0';
  63
  64         /* make sure this looks like an address */
  65         if (!is_ip(ip)) {
  66                 kfree(ip);
  67                 return -EINVAL;
  68         }
  69
  70         key->type_data.x[0] = datalen;
  71         key->payload.data = ip;
  72
  73         return rc;
  74 }
  75
  76 static void
  77 dns_resolver_destroy(struct key *key)
  78 {
  79         kfree(key->payload.data);
  80 }
  81
  82 struct key_type key_type_dns_resolver = {
  83         .name        = "dns_resolver",
  84         .def_datalen = sizeof(struct in_addr),
  85         .describe    = user_describe,
  86         .instantiate = dns_resolver_instantiate,
  87         .destroy     = dns_resolver_destroy,
  88         .match       = user_match,
  89 };
  90
  91 /* Resolves server name to ip address.
  92  * input:
  93  *      unc - server UNC
  94  * output:
  95  *      *ip_addr - pointer to server ip, caller responcible for freeing it.
  96  * return 0 on success
  97  */
  98 int
  99 dns_resolve_server_name_to_ip(const char *unc, char **ip_addr)
 100 {
 101         const struct cred *saved_cred;
 102         int rc = -EAGAIN;
 103         struct key *rkey = ERR_PTR(-EAGAIN);
 104         char *name;
 105         char *data = NULL;
 106         int len;
 107
 108         if (!ip_addr || !unc)
 109                 return -EINVAL;
 110
 111         /* search for server name delimiter */
 112         len = strlen(unc);
 113         if (len < 3) {
 114                 cFYI(1, ("%s: unc is too short: %s", __func__, unc));
 115                 return -EINVAL;
 116         }
 117         len -= 2;
 118         name = memchr(unc+2, '\\', len);
 119         if (!name) {
 120                 cFYI(1, ("%s: probably server name is whole unc: %s",
 121                                         __func__, unc));
 122         } else {
 123                 len = (name - unc) - 2/* leading // */;
 124         }
 125
 126         name = kmalloc(len+1, GFP_KERNEL);
 127         if (!name) {
 128                 rc = -ENOMEM;
 129                 return rc;
 130         }
 131         memcpy(name, unc+2, len);
 132         name[len] = 0;
 133
 134         if (is_ip(name)) {
 135                 cFYI(1, ("%s: it is IP, skipping dns upcall: %s",
 136                                         __func__, name));
 137                 data = name;
 138                 goto skip_upcall;
 139         }
 140
 141         saved_cred = override_creds(dns_resolver_cache);
 142         rkey = request_key(&key_type_dns_resolver, name, "");
 143         revert_creds(saved_cred);
 144         if (!IS_ERR(rkey)) {
 145                 if (!(rkey->perm & KEY_USR_VIEW)) {
 146                         down_read(&rkey->sem);
 147                         rkey->perm |= KEY_USR_VIEW;
 148                         up_read(&rkey->sem);
 149                 }
 150                 len = rkey->type_data.x[0];
 151                 data = rkey->payload.data;
 152         } else {
 153                 cERROR(1, ("%s: unable to resolve: %s", __func__, name));
 154                 goto out;
 155         }
 156
 157 skip_upcall:
 158         if (data) {
 159                 *ip_addr = kmalloc(len + 1, GFP_KERNEL);
 160                 if (*ip_addr) {
 161                         memcpy(*ip_addr, data, len + 1);
 162                         if (!IS_ERR(rkey))
 163                                 cFYI(1, ("%s: resolved: %s to %s", __func__,
 164                                                         name,
 165                                                         *ip_addr
 166                                         ));
 167                         rc = 0;
 168                 } else {
 169                         rc = -ENOMEM;
 170                 }
 171                 if (!IS_ERR(rkey))
 172                         key_put(rkey);
 173         }
 174
 175 out:
 176         kfree(name);
 177         return rc;
 178 }
 179
 180 int __init cifs_init_dns_resolver(void)
 181 {
 182         struct cred *cred;
 183         struct key *keyring;
 184         int ret;
 185
 186         printk(KERN_NOTICE "Registering the %s key type\n",
 187                key_type_dns_resolver.name);
 188
 189         /* create an override credential set with a special thread keyring in
 190          * which DNS requests are cached
 191          *
 192          * this is used to prevent malicious redirections from being installed
 193          * with add_key().
 194          */
 195         cred = prepare_kernel_cred(NULL);
 196         if (!cred)
 197                 return -ENOMEM;
 198
 199         keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
 200                             (KEY_POS_ALL & ~KEY_POS_SETATTR) |
 201                             KEY_USR_VIEW | KEY_USR_READ,
 202                             KEY_ALLOC_NOT_IN_QUOTA);
 203         if (IS_ERR(keyring)) {
 204                 ret = PTR_ERR(keyring);
 205                 goto failed_put_cred;
 206         }
 207
 208         ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
 209         if (ret < 0)
 210                 goto failed_put_key;
 211
 212         ret = register_key_type(&key_type_dns_resolver);
 213         if (ret < 0)
 214                 goto failed_put_key;
 215
 216         /* instruct request_key() to use this special keyring as a cache for
 217          * the results it looks up */
 218         cred->thread_keyring = keyring;
 219         cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
 220         dns_resolver_cache = cred;
 221         return 0;
 222
 223 failed_put_key:
 224         key_put(keyring);
 225 failed_put_cred:
 226         put_cred(cred);
 227         return ret;
 228 }
 229
 230 void __exit cifs_exit_dns_resolver(void)
 231 {
 232         key_revoke(dns_resolver_cache->thread_keyring);
 233         unregister_key_type(&key_type_dns_resolver);
 234         put_cred(dns_resolver_cache);
 235         printk(KERN_NOTICE "Unregistered %s key type\n",
 236                key_type_dns_resolver.name);
 237 }