dns_query.c 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. /* Upcall routine, designed to work as a key type and working through
  2. * /sbin/request-key to contact userspace when handling DNS queries.
  3. *
  4. * See Documentation/networking/dns_resolver.txt
  5. *
  6. * Copyright (c) 2007 Igor Mammedov
  7. * Author(s): Igor Mammedov (niallain@gmail.com)
  8. * Steve French (sfrench@us.ibm.com)
  9. * Wang Lei (wang840925@gmail.com)
  10. * David Howells (dhowells@redhat.com)
  11. *
  12. * The upcall wrapper used to make an arbitrary DNS query.
  13. *
  14. * This function requires the appropriate userspace tool dns.upcall to be
  15. * installed and something like the following lines should be added to the
  16. * /etc/request-key.conf file:
  17. *
  18. * create dns_resolver * * /sbin/dns.upcall %k
  19. *
  20. * For example to use this module to query AFSDB RR:
  21. *
  22. * create dns_resolver afsdb:* * /sbin/dns.afsdb %k
  23. *
  24. * This library is free software; you can redistribute it and/or modify
  25. * it under the terms of the GNU Lesser General Public License as published
  26. * by the Free Software Foundation; either version 2.1 of the License, or
  27. * (at your option) any later version.
  28. *
  29. * This library is distributed in the hope that it will be useful,
  30. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  31. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
  32. * the GNU Lesser General Public License for more details.
  33. *
  34. * You should have received a copy of the GNU Lesser General Public License
  35. * along with this library; if not, see <http://www.gnu.org/licenses/>.
  36. */
  37. #include <linux/module.h>
  38. #include <linux/slab.h>
  39. #include <linux/dns_resolver.h>
  40. #include <linux/err.h>
  41. #include <keys/dns_resolver-type.h>
  42. #include <keys/user-type.h>
  43. #include "internal.h"
  44. /**
  45. * dns_query - Query the DNS
  46. * @type: Query type (or NULL for straight host->IP lookup)
  47. * @name: Name to look up
  48. * @namelen: Length of name
  49. * @options: Request options (or NULL if no options)
  50. * @_result: Where to place the returned data.
  51. * @_expiry: Where to store the result expiry time (or NULL)
  52. *
  53. * The data will be returned in the pointer at *result, and the caller is
  54. * responsible for freeing it.
  55. *
  56. * The description should be of the form "[<query_type>:]<domain_name>", and
  57. * the options need to be appropriate for the query type requested. If no
  58. * query_type is given, then the query is a straight hostname to IP address
  59. * lookup.
  60. *
  61. * The DNS resolution lookup is performed by upcalling to userspace by way of
  62. * requesting a key of type dns_resolver.
  63. *
  64. * Returns the size of the result on success, -ve error code otherwise.
  65. */
  66. int dns_query(const char *type, const char *name, size_t namelen,
  67. const char *options, char **_result, time64_t *_expiry)
  68. {
  69. struct key *rkey;
  70. const struct user_key_payload *upayload;
  71. const struct cred *saved_cred;
  72. size_t typelen, desclen;
  73. char *desc, *cp;
  74. int ret, len;
  75. kenter("%s,%*.*s,%zu,%s",
  76. type, (int)namelen, (int)namelen, name, namelen, options);
  77. if (!name || namelen == 0 || !_result)
  78. return -EINVAL;
  79. /* construct the query key description as "[<type>:]<name>" */
  80. typelen = 0;
  81. desclen = 0;
  82. if (type) {
  83. typelen = strlen(type);
  84. if (typelen < 1)
  85. return -EINVAL;
  86. desclen += typelen + 1;
  87. }
  88. if (!namelen)
  89. namelen = strnlen(name, 256);
  90. if (namelen < 3 || namelen > 255)
  91. return -EINVAL;
  92. desclen += namelen + 1;
  93. desc = kmalloc(desclen, GFP_KERNEL);
  94. if (!desc)
  95. return -ENOMEM;
  96. cp = desc;
  97. if (type) {
  98. memcpy(cp, type, typelen);
  99. cp += typelen;
  100. *cp++ = ':';
  101. }
  102. memcpy(cp, name, namelen);
  103. cp += namelen;
  104. *cp = '\0';
  105. if (!options)
  106. options = "";
  107. kdebug("call request_key(,%s,%s)", desc, options);
  108. /* make the upcall, using special credentials to prevent the use of
  109. * add_key() to preinstall malicious redirections
  110. */
  111. saved_cred = override_creds(dns_resolver_cache);
  112. rkey = request_key(&key_type_dns_resolver, desc, options);
  113. revert_creds(saved_cred);
  114. kfree(desc);
  115. if (IS_ERR(rkey)) {
  116. ret = PTR_ERR(rkey);
  117. goto out;
  118. }
  119. down_read(&rkey->sem);
  120. set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
  121. rkey->perm |= KEY_USR_VIEW;
  122. ret = key_validate(rkey);
  123. if (ret < 0)
  124. goto put;
  125. /* If the DNS server gave an error, return that to the caller */
  126. ret = PTR_ERR(rkey->payload.data[dns_key_error]);
  127. if (ret)
  128. goto put;
  129. upayload = user_key_payload(rkey);
  130. len = upayload->datalen;
  131. ret = -ENOMEM;
  132. *_result = kmalloc(len + 1, GFP_KERNEL);
  133. if (!*_result)
  134. goto put;
  135. memcpy(*_result, upayload->data, len);
  136. (*_result)[len] = '\0';
  137. if (_expiry)
  138. *_expiry = rkey->expiry;
  139. ret = len;
  140. put:
  141. up_read(&rkey->sem);
  142. key_put(rkey);
  143. out:
  144. kleave(" = %d", ret);
  145. return ret;
  146. }
  147. EXPORT_SYMBOL(dns_query);