net/dns_resolver/dns_query.c

0001 /* Upcall routine, designed to work as a key type and working through
0002  * /sbin/request-key to contact userspace when handling DNS queries.
0003  *
0004  * See Documentation/networking/dns_resolver.rst
0005  *
0006  *   Copyright (c) 2007 Igor Mammedov
0007  *   Author(s): Igor Mammedov (niallain@gmail.com)
0008  *              Steve French (sfrench@us.ibm.com)
0009  *              Wang Lei (wang840925@gmail.com)
0010  *      David Howells (dhowells@redhat.com)
0011  *
0012  *   The upcall wrapper used to make an arbitrary DNS query.
0013  *
0014  *   This function requires the appropriate userspace tool dns.upcall to be
0015  *   installed and something like the following lines should be added to the
0016  *   /etc/request-key.conf file:
0017  *
0018  *  create dns_resolver * * /sbin/dns.upcall %k
0019  *
0020  *   For example to use this module to query AFSDB RR:
0021  *
0022  *  create dns_resolver afsdb:* * /sbin/dns.afsdb %k
0023  *
0024  *   This library is free software; you can redistribute it and/or modify
0025  *   it under the terms of the GNU Lesser General Public License as published
0026  *   by the Free Software Foundation; either version 2.1 of the License, or
0027  *   (at your option) any later version.
0028  *
0029  *   This library is distributed in the hope that it will be useful,
0030  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
0031  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
0032  *   the GNU Lesser General Public License for more details.
0033  *
0034  *   You should have received a copy of the GNU Lesser General Public License
0035  *   along with this library; if not, see <http://www.gnu.org/licenses/>.
0036  */
0037
0038 #include <linux/module.h>
0039 #include <linux/slab.h>
0040 #include <linux/cred.h>
0041 #include <linux/dns_resolver.h>
0042 #include <linux/err.h>
0043 #include <net/net_namespace.h>
0044
0045 #include <keys/dns_resolver-type.h>
0046 #include <keys/user-type.h>
0047
0048 #include "internal.h"
0049
0050 /**
0051  * dns_query - Query the DNS
0052  * @net: The network namespace to operate in.
0053  * @type: Query type (or NULL for straight host->IP lookup)
0054  * @name: Name to look up
0055  * @namelen: Length of name
0056  * @options: Request options (or NULL if no options)
0057  * @_result: Where to place the returned data (or NULL)
0058  * @_expiry: Where to store the result expiry time (or NULL)
0059  * @invalidate: Always invalidate the key after use
0060  *
0061  * The data will be returned in the pointer at *result, if provided, and the
0062  * caller is responsible for freeing it.
0063  *
0064  * The description should be of the form "[<query_type>:]<domain_name>", and
0065  * the options need to be appropriate for the query type requested.  If no
0066  * query_type is given, then the query is a straight hostname to IP address
0067  * lookup.
0068  *
0069  * The DNS resolution lookup is performed by upcalling to userspace by way of
0070  * requesting a key of type dns_resolver.
0071  *
0072  * Returns the size of the result on success, -ve error code otherwise.
0073  */
0074 int dns_query(struct net *net,
0075           const char *type, const char *name, size_t namelen,
0076           const char *options, char **_result, time64_t *_expiry,
0077           bool invalidate)
0078 {
0079     struct key *rkey;
0080     struct user_key_payload *upayload;
0081     const struct cred *saved_cred;
0082     size_t typelen, desclen;
0083     char *desc, *cp;
0084     int ret, len;
0085
0086     kenter("%s,%*.*s,%zu,%s",
0087            type, (int)namelen, (int)namelen, name, namelen, options);
0088
0089     if (!name || namelen == 0)
0090         return -EINVAL;
0091
0092     /* construct the query key description as "[<type>:]<name>" */
0093     typelen = 0;
0094     desclen = 0;
0095     if (type) {
0096         typelen = strlen(type);
0097         if (typelen < 1)
0098             return -EINVAL;
0099         desclen += typelen + 1;
0100     }
0101
0102     if (namelen < 3 || namelen > 255)
0103         return -EINVAL;
0104     desclen += namelen + 1;
0105
0106     desc = kmalloc(desclen, GFP_KERNEL);
0107     if (!desc)
0108         return -ENOMEM;
0109
0110     cp = desc;
0111     if (type) {
0112         memcpy(cp, type, typelen);
0113         cp += typelen;
0114         *cp++ = ':';
0115     }
0116     memcpy(cp, name, namelen);
0117     cp += namelen;
0118     *cp = '\0';
0119
0120     if (!options)
0121         options = "";
0122     kdebug("call request_key(,%s,%s)", desc, options);
0123
0124     /* make the upcall, using special credentials to prevent the use of
0125      * add_key() to preinstall malicious redirections
0126      */
0127     saved_cred = override_creds(dns_resolver_cache);
0128     rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
0129     revert_creds(saved_cred);
0130     kfree(desc);
0131     if (IS_ERR(rkey)) {
0132         ret = PTR_ERR(rkey);
0133         goto out;
0134     }
0135
0136     down_read(&rkey->sem);
0137     set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
0138     rkey->perm |= KEY_USR_VIEW;
0139
0140     ret = key_validate(rkey);
0141     if (ret < 0)
0142         goto put;
0143
0144     /* If the DNS server gave an error, return that to the caller */
0145     ret = PTR_ERR(rkey->payload.data[dns_key_error]);
0146     if (ret)
0147         goto put;
0148
0149     upayload = user_key_payload_locked(rkey);
0150     len = upayload->datalen;
0151
0152     if (_result) {
0153         ret = -ENOMEM;
0154         *_result = kmemdup_nul(upayload->data, len, GFP_KERNEL);
0155         if (!*_result)
0156             goto put;
0157     }
0158
0159     if (_expiry)
0160         *_expiry = rkey->expiry;
0161
0162     ret = len;
0163 put:
0164     up_read(&rkey->sem);
0165     if (invalidate)
0166         key_invalidate(rkey);
0167     key_put(rkey);
0168 out:
0169     kleave(" = %d", ret);
0170     return ret;
0171 }
0172 EXPORT_SYMBOL(dns_query);