dns_query.c 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. /* Upcall routine, designed to work as a key type and working through
  2. * /sbin/request-key to contact userspace when handling DNS queries.
  3. *
  4. * See Documentation/networking/dns_resolver.rst
  5. *
  6. * Copyright (c) 2007 Igor Mammedov
  7. * Author(s): Igor Mammedov (niallain@gmail.com)
  8. * Steve French (sfrench@us.ibm.com)
  9. * Wang Lei (wang840925@gmail.com)
  10. * David Howells (dhowells@redhat.com)
  11. *
  12. * The upcall wrapper used to make an arbitrary DNS query.
  13. *
  14. * This function requires the appropriate userspace tool dns.upcall to be
  15. * installed and something like the following lines should be added to the
  16. * /etc/request-key.conf file:
  17. *
  18. * create dns_resolver * * /sbin/dns.upcall %k
  19. *
  20. * For example to use this module to query AFSDB RR:
  21. *
  22. * create dns_resolver afsdb:* * /sbin/dns.afsdb %k
  23. *
  24. * This library is free software; you can redistribute it and/or modify
  25. * it under the terms of the GNU Lesser General Public License as published
  26. * by the Free Software Foundation; either version 2.1 of the License, or
  27. * (at your option) any later version.
  28. *
  29. * This library is distributed in the hope that it will be useful,
  30. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  31. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
  32. * the GNU Lesser General Public License for more details.
  33. *
  34. * You should have received a copy of the GNU Lesser General Public License
  35. * along with this library; if not, see <http://www.gnu.org/licenses/>.
  36. */
  37. #include <linux/module.h>
  38. #include <linux/slab.h>
  39. #include <linux/cred.h>
  40. #include <linux/dns_resolver.h>
  41. #include <linux/err.h>
  42. #include <net/net_namespace.h>
  43. #include <keys/dns_resolver-type.h>
  44. #include <keys/user-type.h>
  45. #include "internal.h"
  46. /**
  47. * dns_query - Query the DNS
  48. * @net: The network namespace to operate in.
  49. * @type: Query type (or NULL for straight host->IP lookup)
  50. * @name: Name to look up
  51. * @namelen: Length of name
  52. * @options: Request options (or NULL if no options)
  53. * @_result: Where to place the returned data (or NULL)
  54. * @_expiry: Where to store the result expiry time (or NULL)
  55. * @invalidate: Always invalidate the key after use
  56. *
  57. * The data will be returned in the pointer at *result, if provided, and the
  58. * caller is responsible for freeing it.
  59. *
  60. * The description should be of the form "[<query_type>:]<domain_name>", and
  61. * the options need to be appropriate for the query type requested. If no
  62. * query_type is given, then the query is a straight hostname to IP address
  63. * lookup.
  64. *
  65. * The DNS resolution lookup is performed by upcalling to userspace by way of
  66. * requesting a key of type dns_resolver.
  67. *
  68. * Returns the size of the result on success, -ve error code otherwise.
  69. */
  70. int dns_query(struct net *net,
  71. const char *type, const char *name, size_t namelen,
  72. const char *options, char **_result, time64_t *_expiry,
  73. bool invalidate)
  74. {
  75. struct key *rkey;
  76. struct user_key_payload *upayload;
  77. size_t typelen, desclen;
  78. char *desc, *cp;
  79. int ret, len;
  80. kenter("%s,%*.*s,%zu,%s",
  81. type, (int)namelen, (int)namelen, name, namelen, options);
  82. if (!name || namelen == 0)
  83. return -EINVAL;
  84. /* construct the query key description as "[<type>:]<name>" */
  85. typelen = 0;
  86. desclen = 0;
  87. if (type) {
  88. typelen = strlen(type);
  89. if (typelen < 1)
  90. return -EINVAL;
  91. desclen += typelen + 1;
  92. }
  93. if (namelen < 3 || namelen > 255)
  94. return -EINVAL;
  95. desclen += namelen + 1;
  96. desc = kmalloc(desclen, GFP_KERNEL);
  97. if (!desc)
  98. return -ENOMEM;
  99. cp = desc;
  100. if (type) {
  101. memcpy(cp, type, typelen);
  102. cp += typelen;
  103. *cp++ = ':';
  104. }
  105. memcpy(cp, name, namelen);
  106. cp += namelen;
  107. *cp = '\0';
  108. if (!options)
  109. options = "";
  110. kdebug("call request_key(,%s,%s)", desc, options);
  111. /* make the upcall, using special credentials to prevent the use of
  112. * add_key() to preinstall malicious redirections
  113. */
  114. scoped_with_creds(dns_resolver_cache)
  115. rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
  116. kfree(desc);
  117. if (IS_ERR(rkey)) {
  118. ret = PTR_ERR(rkey);
  119. goto out;
  120. }
  121. down_read(&rkey->sem);
  122. set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
  123. rkey->perm |= KEY_USR_VIEW;
  124. ret = key_validate(rkey);
  125. if (ret < 0)
  126. goto put;
  127. /* If the DNS server gave an error, return that to the caller */
  128. ret = PTR_ERR(rkey->payload.data[dns_key_error]);
  129. if (ret)
  130. goto put;
  131. upayload = user_key_payload_locked(rkey);
  132. len = upayload->datalen;
  133. if (_result) {
  134. ret = -ENOMEM;
  135. *_result = kmemdup_nul(upayload->data, len, GFP_KERNEL);
  136. if (!*_result)
  137. goto put;
  138. }
  139. if (_expiry)
  140. *_expiry = rkey->expiry;
  141. ret = len;
  142. put:
  143. up_read(&rkey->sem);
  144. if (invalidate)
  145. key_invalidate(rkey);
  146. key_put(rkey);
  147. out:
  148. kleave(" = %d", ret);
  149. return ret;
  150. }
  151. EXPORT_SYMBOL(dns_query);