[net-next-2.6.git] / fs / cifs / dns_resolve.c

/*
 *  fs/cifs/dns_resolve.c
 *
 *   Copyright (c) 2007 Igor Mammedov
 *   Author(s): Igor Mammedov (niallain@gmail.com)
 *              Steve French (sfrench@us.ibm.com)
 *
 *   Contains the CIFS DFS upcall routines used for hostname to
 *   IP address translation.
 *
 *   This library is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU Lesser General Public License as published
 *   by the Free Software Foundation; either version 2.1 of the License, or
 *   (at your option) any later version.
 *
 *   This library is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
 *   the GNU Lesser General Public License for more details.
 *
 *   You should have received a copy of the GNU Lesser General Public License
 *   along with this library; if not, write to the Free Software
 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#include <linux/slab.h>
#include <linux/keyctl.h>
#include <linux/key-type.h>
#include <keys/user-type.h>
#include "dns_resolve.h"
#include "cifsglob.h"
#include "cifsproto.h"
#include "cifs_debug.h"

static const struct cred *dns_resolver_cache;

/* Checks if supplied name is IP address
 * returns:
 * 		1 - name is IP
 * 		0 - name is not IP
 */
static int
is_ip(char *name)
{
	struct sockaddr_storage ss;

	return cifs_convert_address(name, &ss);
}

static int
dns_resolver_instantiate(struct key *key, const void *data,
		size_t datalen)
{
	int rc = 0;
	char *ip;

	ip = kmalloc(datalen + 1, GFP_KERNEL);
	if (!ip)
		return -ENOMEM;

	memcpy(ip, data, datalen);
	ip[datalen] = '\0';

	/* make sure this looks like an address */
	if (!is_ip(ip)) {
		kfree(ip);
		return -EINVAL;
	}

	key->type_data.x[0] = datalen;
	key->payload.data = ip;

	return rc;
}

static void
dns_resolver_destroy(struct key *key)
{
	kfree(key->payload.data);
}

struct key_type key_type_dns_resolver = {
	.name        = "dns_resolver",
	.def_datalen = sizeof(struct in_addr),
	.describe    = user_describe,
	.instantiate = dns_resolver_instantiate,
	.destroy     = dns_resolver_destroy,
	.match       = user_match,
};

/* Resolves server name to ip address.
 * input:
 * 	unc - server UNC
 * output:
 * 	*ip_addr - pointer to server ip, caller responcible for freeing it.
 * return 0 on success
 */
int
dns_resolve_server_name_to_ip(const char *unc, char **ip_addr)
{
	const struct cred *saved_cred;
	int rc = -EAGAIN;
	struct key *rkey = ERR_PTR(-EAGAIN);
	char *name;
	char *data = NULL;
	int len;

	if (!ip_addr || !unc)
		return -EINVAL;

	/* search for server name delimiter */
	len = strlen(unc);
	if (len < 3) {
		cFYI(1, "%s: unc is too short: %s", __func__, unc);
		return -EINVAL;
	}
	len -= 2;
	name = memchr(unc+2, '\\', len);
	if (!name) {
		cFYI(1, "%s: probably server name is whole unc: %s",
					__func__, unc);
	} else {
		len = (name - unc) - 2/* leading // */;
	}

	name = kmalloc(len+1, GFP_KERNEL);
	if (!name) {
		rc = -ENOMEM;
		return rc;
	}
	memcpy(name, unc+2, len);
	name[len] = 0;

	if (is_ip(name)) {
		cFYI(1, "%s: it is IP, skipping dns upcall: %s",
					__func__, name);
		data = name;
		goto skip_upcall;
	}

	saved_cred = override_creds(dns_resolver_cache);
	rkey = request_key(&key_type_dns_resolver, name, "");
	revert_creds(saved_cred);
	if (!IS_ERR(rkey)) {
		if (!(rkey->perm & KEY_USR_VIEW)) {
			down_read(&rkey->sem);
			rkey->perm |= KEY_USR_VIEW;
			up_read(&rkey->sem);
		}
		len = rkey->type_data.x[0];
		data = rkey->payload.data;
	} else {
		cERROR(1, "%s: unable to resolve: %s", __func__, name);
		goto out;
	}

skip_upcall:
	if (data) {
		*ip_addr = kmalloc(len + 1, GFP_KERNEL);
		if (*ip_addr) {
			memcpy(*ip_addr, data, len + 1);
			if (!IS_ERR(rkey))
				cFYI(1, "%s: resolved: %s to %s", __func__,
							name,
							*ip_addr
					);
			rc = 0;
		} else {
			rc = -ENOMEM;
		}
		if (!IS_ERR(rkey))
			key_put(rkey);
	}

out:
	kfree(name);
	return rc;
}

int __init cifs_init_dns_resolver(void)
{
	struct cred *cred;
	struct key *keyring;
	int ret;

	printk(KERN_NOTICE "Registering the %s key type\n",
	       key_type_dns_resolver.name);

	/* create an override credential set with a special thread keyring in
	 * which DNS requests are cached
	 *
	 * this is used to prevent malicious redirections from being installed
	 * with add_key().
	 */
	cred = prepare_kernel_cred(NULL);
	if (!cred)
		return -ENOMEM;

	keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
			    (KEY_POS_ALL & ~KEY_POS_SETATTR) |
			    KEY_USR_VIEW | KEY_USR_READ,
			    KEY_ALLOC_NOT_IN_QUOTA);
	if (IS_ERR(keyring)) {
		ret = PTR_ERR(keyring);
		goto failed_put_cred;
	}

	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	if (ret < 0)
		goto failed_put_key;

	ret = register_key_type(&key_type_dns_resolver);
	if (ret < 0)
		goto failed_put_key;

	/* instruct request_key() to use this special keyring as a cache for
	 * the results it looks up */
	cred->thread_keyring = keyring;
	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	dns_resolver_cache = cred;
	return 0;

failed_put_key:
	key_put(keyring);
failed_put_cred:
	put_cred(cred);
	return ret;
}

void cifs_exit_dns_resolver(void)
{
	key_revoke(dns_resolver_cache->thread_keyring);
	unregister_key_type(&key_type_dns_resolver);
	put_cred(dns_resolver_cache);
	printk(KERN_NOTICE "Unregistered %s key type\n",
	       key_type_dns_resolver.name);
}
Commit	Line	Data
197c183f SF	1	/*
	2	* fs/cifs/dns_resolve.c
	3	*
	4	* Copyright (c) 2007 Igor Mammedov
	5	* Author(s): Igor Mammedov (niallain@gmail.com)
	6	* Steve French (sfrench@us.ibm.com)
	7	*
	8	* Contains the CIFS DFS upcall routines used for hostname to
	9	* IP address translation.
	10	*
	11	* This library is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU Lesser General Public License as published
	13	* by the Free Software Foundation; either version 2.1 of the License, or
	14	* (at your option) any later version.
	15	*
	16	* This library is distributed in the hope that it will be useful,
	17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
	19	* the GNU Lesser General Public License for more details.
	20	*
	21	* You should have received a copy of the GNU Lesser General Public License
	22	* along with this library; if not, write to the Free Software
	23	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	24	*/
	25
5a0e3ad6	26	#include <linux/slab.h>
4c0c03ca DH	27	#include <linux/keyctl.h>
4c0c03ca DH	28	#include <linux/key-type.h>
197c183f SF	29	#include <keys/user-type.h>
	30	#include "dns_resolve.h"
	31	#include "cifsglob.h"
	32	#include "cifsproto.h"
	33	#include "cifs_debug.h"
	34
4c0c03ca DH	35	static const struct cred *dns_resolver_cache;
4c0c03ca DH	36
9d815234 SF	37	/* Checks if supplied name is IP address
	38	* returns:
	39	* 1 - name is IP
	40	* 0 - name is not IP
	41	*/
	42	static int
681bf72e	43	is_ip(char *name)
9d815234	44	{
1e68b2b2	45	struct sockaddr_storage ss;
9d815234	46
1e68b2b2	47	return cifs_convert_address(name, &ss);
9d815234 SF	48	}
	49
	50	static int
	51	dns_resolver_instantiate(struct key key, const void data,
197c183f SF	52	size_t datalen)
	53	{
	54	int rc = 0;
	55	char *ip;
	56
9d815234	57	ip = kmalloc(datalen + 1, GFP_KERNEL);
197c183f SF	58	if (!ip)
	59	return -ENOMEM;
	60
	61	memcpy(ip, data, datalen);
	62	ip[datalen] = '\0';
	63
9d815234	64	/* make sure this looks like an address */
681bf72e	65	if (!is_ip(ip)) {
9d815234 SF	66	kfree(ip);
	67	return -EINVAL;
	68	}
	69
	70	key->type_data.x[0] = datalen;
d9fb5c09	71	key->payload.data = ip;
197c183f SF	72
	73	return rc;
	74	}
	75
87ed1d65 JL	76	static void
	77	dns_resolver_destroy(struct key *key)
	78	{
	79	kfree(key->payload.data);
	80	}
	81
197c183f SF	82	struct key_type key_type_dns_resolver = {
	83	.name = "dns_resolver",
	84	.def_datalen = sizeof(struct in_addr),
	85	.describe = user_describe,
	86	.instantiate = dns_resolver_instantiate,
87ed1d65	87	.destroy = dns_resolver_destroy,
197c183f SF	88	.match = user_match,
	89	};
	90
197c183f SF	91	/* Resolves server name to ip address.
	92	* input:
	93	* unc - server UNC
	94	* output:
	95	* *ip_addr - pointer to server ip, caller responcible for freeing it.
	96	* return 0 on success
	97	*/
	98	int
366781c1 SF	99	dns_resolve_server_name_to_ip(const char unc, char *ip_addr)
366781c1 SF	100	{
4c0c03ca	101	const struct cred *saved_cred;
197c183f	102	int rc = -EAGAIN;
d09e860c	103	struct key *rkey = ERR_PTR(-EAGAIN);
197c183f	104	char *name;
d09e860c	105	char *data = NULL;
197c183f SF	106	int len;
197c183f SF	107
366781c1	108	if (!ip_addr \|\| !unc)
197c183f SF	109	return -EINVAL;
	110
	111	/* search for server name delimiter */
	112	len = strlen(unc);
	113	if (len < 3) {
b6b38f70	114	cFYI(1, "%s: unc is too short: %s", __func__, unc);
197c183f SF	115	return -EINVAL;
	116	}
	117	len -= 2;
	118	name = memchr(unc+2, '\\', len);
	119	if (!name) {
b6b38f70 JP	120	cFYI(1, "%s: probably server name is whole unc: %s",
b6b38f70 JP	121	__func__, unc);
197c183f SF	122	} else {
	123	len = (name - unc) - 2/* leading // */;
	124	}
	125
	126	name = kmalloc(len+1, GFP_KERNEL);
	127	if (!name) {
	128	rc = -ENOMEM;
	129	return rc;
	130	}
	131	memcpy(name, unc+2, len);
	132	name[len] = 0;
	133
d09e860c	134	if (is_ip(name)) {
b6b38f70 JP	135	cFYI(1, "%s: it is IP, skipping dns upcall: %s",
b6b38f70 JP	136	__func__, name);
d09e860c SF	137	data = name;
	138	goto skip_upcall;
	139	}
	140
4c0c03ca	141	saved_cred = override_creds(dns_resolver_cache);
197c183f	142	rkey = request_key(&key_type_dns_resolver, name, "");
4c0c03ca	143	revert_creds(saved_cred);
197c183f	144	if (!IS_ERR(rkey)) {
4c0c03ca DH	145	if (!(rkey->perm & KEY_USR_VIEW)) {
	146	down_read(&rkey->sem);
	147	rkey->perm \|= KEY_USR_VIEW;
	148	up_read(&rkey->sem);
	149	}
9d815234	150	len = rkey->type_data.x[0];
d09e860c	151	data = rkey->payload.data;
d09e860c	152	} else {
b6b38f70	153	cERROR(1, "%s: unable to resolve: %s", __func__, name);
d09e860c SF	154	goto out;
	155	}
	156
	157	skip_upcall:
	158	if (data) {
9d815234	159	*ip_addr = kmalloc(len + 1, GFP_KERNEL);
d09e860c	160	if (*ip_addr) {
9d815234	161	memcpy(*ip_addr, data, len + 1);
5651ced3	162	if (!IS_ERR(rkey))
b6b38f70	163	cFYI(1, "%s: resolved: %s to %s", __func__,
5651ced3 IM	164	name,
5651ced3 IM	165	*ip_addr
b6b38f70	166	);
197c183f SF	167	rc = 0;
	168	} else {
	169	rc = -ENOMEM;
	170	}
d09e860c SF	171	if (!IS_ERR(rkey))
d09e860c SF	172	key_put(rkey);
197c183f SF	173	}
197c183f SF	174
d09e860c	175	out:
197c183f SF	176	kfree(name);
	177	return rc;
	178	}
	179
4c0c03ca DH	180	int __init cifs_init_dns_resolver(void)
	181	{
	182	struct cred *cred;
	183	struct key *keyring;
	184	int ret;
	185
	186	printk(KERN_NOTICE "Registering the %s key type\n",
	187	key_type_dns_resolver.name);
	188
	189	/* create an override credential set with a special thread keyring in
	190	* which DNS requests are cached
	191	*
	192	* this is used to prevent malicious redirections from being installed
	193	* with add_key().
	194	*/
	195	cred = prepare_kernel_cred(NULL);
	196	if (!cred)
	197	return -ENOMEM;
	198
	199	keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred,
	200	(KEY_POS_ALL & ~KEY_POS_SETATTR) \|
	201	KEY_USR_VIEW \| KEY_USR_READ,
	202	KEY_ALLOC_NOT_IN_QUOTA);
	203	if (IS_ERR(keyring)) {
	204	ret = PTR_ERR(keyring);
	205	goto failed_put_cred;
	206	}
	207
	208	ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
	209	if (ret < 0)
	210	goto failed_put_key;
	211
	212	ret = register_key_type(&key_type_dns_resolver);
	213	if (ret < 0)
	214	goto failed_put_key;
	215
	216	/* instruct request_key() to use this special keyring as a cache for
	217	* the results it looks up */
	218	cred->thread_keyring = keyring;
	219	cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
	220	dns_resolver_cache = cred;
	221	return 0;
	222
	223	failed_put_key:
	224	key_put(keyring);
	225	failed_put_cred:
	226	put_cred(cred);
	227	return ret;
	228	}
197c183f	229
51c20fcc	230	void cifs_exit_dns_resolver(void)
4c0c03ca DH	231	{
	232	key_revoke(dns_resolver_cache->thread_keyring);
	233	unregister_key_type(&key_type_dns_resolver);
	234	put_cred(dns_resolver_cache);
	235	printk(KERN_NOTICE "Unregistered %s key type\n",
	236	key_type_dns_resolver.name);
	237	}