]>
Commit | Line | Data |
---|---|---|
197c183f SF |
1 | /* |
2 | * fs/cifs/dns_resolve.c | |
3 | * | |
4 | * Copyright (c) 2007 Igor Mammedov | |
5 | * Author(s): Igor Mammedov (niallain@gmail.com) | |
6 | * Steve French (sfrench@us.ibm.com) | |
7 | * | |
8 | * Contains the CIFS DFS upcall routines used for hostname to | |
9 | * IP address translation. | |
10 | * | |
11 | * This library is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU Lesser General Public License as published | |
13 | * by the Free Software Foundation; either version 2.1 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This library is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | |
19 | * the GNU Lesser General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU Lesser General Public License | |
22 | * along with this library; if not, write to the Free Software | |
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
24 | */ | |
25 | ||
5a0e3ad6 | 26 | #include <linux/slab.h> |
4c0c03ca DH |
27 | #include <linux/keyctl.h> |
28 | #include <linux/key-type.h> | |
197c183f SF |
29 | #include <keys/user-type.h> |
30 | #include "dns_resolve.h" | |
31 | #include "cifsglob.h" | |
32 | #include "cifsproto.h" | |
33 | #include "cifs_debug.h" | |
34 | ||
4c0c03ca DH |
35 | static const struct cred *dns_resolver_cache; |
36 | ||
9d815234 SF |
37 | /* Checks if supplied name is IP address |
38 | * returns: | |
39 | * 1 - name is IP | |
40 | * 0 - name is not IP | |
41 | */ | |
42 | static int | |
681bf72e | 43 | is_ip(char *name) |
9d815234 | 44 | { |
1e68b2b2 | 45 | struct sockaddr_storage ss; |
9d815234 | 46 | |
1e68b2b2 | 47 | return cifs_convert_address(name, &ss); |
9d815234 SF |
48 | } |
49 | ||
50 | static int | |
51 | dns_resolver_instantiate(struct key *key, const void *data, | |
197c183f SF |
52 | size_t datalen) |
53 | { | |
54 | int rc = 0; | |
55 | char *ip; | |
56 | ||
9d815234 | 57 | ip = kmalloc(datalen + 1, GFP_KERNEL); |
197c183f SF |
58 | if (!ip) |
59 | return -ENOMEM; | |
60 | ||
61 | memcpy(ip, data, datalen); | |
62 | ip[datalen] = '\0'; | |
63 | ||
9d815234 | 64 | /* make sure this looks like an address */ |
681bf72e | 65 | if (!is_ip(ip)) { |
9d815234 SF |
66 | kfree(ip); |
67 | return -EINVAL; | |
68 | } | |
69 | ||
70 | key->type_data.x[0] = datalen; | |
d9fb5c09 | 71 | key->payload.data = ip; |
197c183f SF |
72 | |
73 | return rc; | |
74 | } | |
75 | ||
87ed1d65 JL |
76 | static void |
77 | dns_resolver_destroy(struct key *key) | |
78 | { | |
79 | kfree(key->payload.data); | |
80 | } | |
81 | ||
197c183f SF |
82 | struct key_type key_type_dns_resolver = { |
83 | .name = "dns_resolver", | |
84 | .def_datalen = sizeof(struct in_addr), | |
85 | .describe = user_describe, | |
86 | .instantiate = dns_resolver_instantiate, | |
87ed1d65 | 87 | .destroy = dns_resolver_destroy, |
197c183f SF |
88 | .match = user_match, |
89 | }; | |
90 | ||
197c183f SF |
91 | /* Resolves server name to ip address. |
92 | * input: | |
93 | * unc - server UNC | |
94 | * output: | |
95 | * *ip_addr - pointer to server ip, caller responcible for freeing it. | |
96 | * return 0 on success | |
97 | */ | |
98 | int | |
366781c1 SF |
99 | dns_resolve_server_name_to_ip(const char *unc, char **ip_addr) |
100 | { | |
4c0c03ca | 101 | const struct cred *saved_cred; |
197c183f | 102 | int rc = -EAGAIN; |
d09e860c | 103 | struct key *rkey = ERR_PTR(-EAGAIN); |
197c183f | 104 | char *name; |
d09e860c | 105 | char *data = NULL; |
197c183f SF |
106 | int len; |
107 | ||
366781c1 | 108 | if (!ip_addr || !unc) |
197c183f SF |
109 | return -EINVAL; |
110 | ||
111 | /* search for server name delimiter */ | |
112 | len = strlen(unc); | |
113 | if (len < 3) { | |
b6b38f70 | 114 | cFYI(1, "%s: unc is too short: %s", __func__, unc); |
197c183f SF |
115 | return -EINVAL; |
116 | } | |
117 | len -= 2; | |
118 | name = memchr(unc+2, '\\', len); | |
119 | if (!name) { | |
b6b38f70 JP |
120 | cFYI(1, "%s: probably server name is whole unc: %s", |
121 | __func__, unc); | |
197c183f SF |
122 | } else { |
123 | len = (name - unc) - 2/* leading // */; | |
124 | } | |
125 | ||
126 | name = kmalloc(len+1, GFP_KERNEL); | |
127 | if (!name) { | |
128 | rc = -ENOMEM; | |
129 | return rc; | |
130 | } | |
131 | memcpy(name, unc+2, len); | |
132 | name[len] = 0; | |
133 | ||
d09e860c | 134 | if (is_ip(name)) { |
b6b38f70 JP |
135 | cFYI(1, "%s: it is IP, skipping dns upcall: %s", |
136 | __func__, name); | |
d09e860c SF |
137 | data = name; |
138 | goto skip_upcall; | |
139 | } | |
140 | ||
4c0c03ca | 141 | saved_cred = override_creds(dns_resolver_cache); |
197c183f | 142 | rkey = request_key(&key_type_dns_resolver, name, ""); |
4c0c03ca | 143 | revert_creds(saved_cred); |
197c183f | 144 | if (!IS_ERR(rkey)) { |
4c0c03ca DH |
145 | if (!(rkey->perm & KEY_USR_VIEW)) { |
146 | down_read(&rkey->sem); | |
147 | rkey->perm |= KEY_USR_VIEW; | |
148 | up_read(&rkey->sem); | |
149 | } | |
9d815234 | 150 | len = rkey->type_data.x[0]; |
d09e860c | 151 | data = rkey->payload.data; |
d09e860c | 152 | } else { |
b6b38f70 | 153 | cERROR(1, "%s: unable to resolve: %s", __func__, name); |
d09e860c SF |
154 | goto out; |
155 | } | |
156 | ||
157 | skip_upcall: | |
158 | if (data) { | |
9d815234 | 159 | *ip_addr = kmalloc(len + 1, GFP_KERNEL); |
d09e860c | 160 | if (*ip_addr) { |
9d815234 | 161 | memcpy(*ip_addr, data, len + 1); |
5651ced3 | 162 | if (!IS_ERR(rkey)) |
b6b38f70 | 163 | cFYI(1, "%s: resolved: %s to %s", __func__, |
5651ced3 IM |
164 | name, |
165 | *ip_addr | |
b6b38f70 | 166 | ); |
197c183f SF |
167 | rc = 0; |
168 | } else { | |
169 | rc = -ENOMEM; | |
170 | } | |
d09e860c SF |
171 | if (!IS_ERR(rkey)) |
172 | key_put(rkey); | |
197c183f SF |
173 | } |
174 | ||
d09e860c | 175 | out: |
197c183f SF |
176 | kfree(name); |
177 | return rc; | |
178 | } | |
179 | ||
4c0c03ca DH |
180 | int __init cifs_init_dns_resolver(void) |
181 | { | |
182 | struct cred *cred; | |
183 | struct key *keyring; | |
184 | int ret; | |
185 | ||
186 | printk(KERN_NOTICE "Registering the %s key type\n", | |
187 | key_type_dns_resolver.name); | |
188 | ||
189 | /* create an override credential set with a special thread keyring in | |
190 | * which DNS requests are cached | |
191 | * | |
192 | * this is used to prevent malicious redirections from being installed | |
193 | * with add_key(). | |
194 | */ | |
195 | cred = prepare_kernel_cred(NULL); | |
196 | if (!cred) | |
197 | return -ENOMEM; | |
198 | ||
199 | keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred, | |
200 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | | |
201 | KEY_USR_VIEW | KEY_USR_READ, | |
202 | KEY_ALLOC_NOT_IN_QUOTA); | |
203 | if (IS_ERR(keyring)) { | |
204 | ret = PTR_ERR(keyring); | |
205 | goto failed_put_cred; | |
206 | } | |
207 | ||
208 | ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL); | |
209 | if (ret < 0) | |
210 | goto failed_put_key; | |
211 | ||
212 | ret = register_key_type(&key_type_dns_resolver); | |
213 | if (ret < 0) | |
214 | goto failed_put_key; | |
215 | ||
216 | /* instruct request_key() to use this special keyring as a cache for | |
217 | * the results it looks up */ | |
218 | cred->thread_keyring = keyring; | |
219 | cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; | |
220 | dns_resolver_cache = cred; | |
221 | return 0; | |
222 | ||
223 | failed_put_key: | |
224 | key_put(keyring); | |
225 | failed_put_cred: | |
226 | put_cred(cred); | |
227 | return ret; | |
228 | } | |
197c183f | 229 | |
51c20fcc | 230 | void cifs_exit_dns_resolver(void) |
4c0c03ca DH |
231 | { |
232 | key_revoke(dns_resolver_cache->thread_keyring); | |
233 | unregister_key_type(&key_type_dns_resolver); | |
234 | put_cred(dns_resolver_cache); | |
235 | printk(KERN_NOTICE "Unregistered %s key type\n", | |
236 | key_type_dns_resolver.name); | |
237 | } |