diff options
-rw-r--r-- | Documentation/networking/dns_resolver.txt | 146 | ||||
-rw-r--r-- | fs/afs/Kconfig | 1 | ||||
-rw-r--r-- | fs/afs/cell.c | 40 | ||||
-rw-r--r-- | fs/cifs/Kconfig | 17 | ||||
-rw-r--r-- | fs/cifs/README | 5 | ||||
-rw-r--r-- | fs/cifs/cifs_debug.c | 25 | ||||
-rw-r--r-- | fs/cifs/cifs_dfs_ref.c | 5 | ||||
-rw-r--r-- | fs/cifs/cifs_spnego.c | 4 | ||||
-rw-r--r-- | fs/cifs/cifsfs.c | 13 | ||||
-rw-r--r-- | fs/cifs/cifsproto.h | 4 | ||||
-rw-r--r-- | fs/cifs/connect.c | 1 | ||||
-rw-r--r-- | fs/cifs/dns_resolve.c | 231 | ||||
-rw-r--r-- | fs/cifs/dns_resolve.h | 2 | ||||
-rw-r--r-- | fs/cifs/inode.c | 43 | ||||
-rw-r--r-- | fs/cifs/netmisc.c | 45 | ||||
-rw-r--r-- | include/keys/dns_resolver-type.h | 23 | ||||
-rw-r--r-- | include/linux/dns_resolver.h | 34 | ||||
-rw-r--r-- | net/Kconfig | 1 | ||||
-rw-r--r-- | net/Makefile | 1 | ||||
-rw-r--r-- | net/dns_resolver/Kconfig | 27 | ||||
-rw-r--r-- | net/dns_resolver/Makefile | 7 | ||||
-rw-r--r-- | net/dns_resolver/dns_key.c | 211 | ||||
-rw-r--r-- | net/dns_resolver/dns_query.c | 160 | ||||
-rw-r--r-- | net/dns_resolver/internal.h | 44 |
24 files changed, 833 insertions, 257 deletions
diff --git a/Documentation/networking/dns_resolver.txt b/Documentation/networking/dns_resolver.txt new file mode 100644 index 000000000000..aefd1e681804 --- /dev/null +++ b/Documentation/networking/dns_resolver.txt | |||
@@ -0,0 +1,146 @@ | |||
1 | =================== | ||
2 | DNS Resolver Module | ||
3 | =================== | ||
4 | |||
5 | Contents: | ||
6 | |||
7 | - Overview. | ||
8 | - Compilation. | ||
9 | - Setting up. | ||
10 | - Usage. | ||
11 | - Mechanism. | ||
12 | - Debugging. | ||
13 | |||
14 | |||
15 | ======== | ||
16 | OVERVIEW | ||
17 | ======== | ||
18 | |||
19 | The DNS resolver module provides a way for kernel services to make DNS queries | ||
20 | by way of requesting a key of key type dns_resolver. These queries are | ||
21 | upcalled to userspace through /sbin/request-key. | ||
22 | |||
23 | These routines must be supported by userspace tools dns.upcall, cifs.upcall and | ||
24 | request-key. It is under development and does not yet provide the full feature | ||
25 | set. The features it does support include: | ||
26 | |||
27 | (*) Implements the dns_resolver key_type to contact userspace. | ||
28 | |||
29 | It does not yet support the following AFS features: | ||
30 | |||
31 | (*) Dns query support for AFSDB resource record. | ||
32 | |||
33 | This code is extracted from the CIFS filesystem. | ||
34 | |||
35 | |||
36 | =========== | ||
37 | COMPILATION | ||
38 | =========== | ||
39 | |||
40 | The module should be enabled by turning on the kernel configuration options: | ||
41 | |||
42 | CONFIG_DNS_RESOLVER - tristate "DNS Resolver support" | ||
43 | |||
44 | |||
45 | ========== | ||
46 | SETTING UP | ||
47 | ========== | ||
48 | |||
49 | To set up this facility, the /etc/request-key.conf file must be altered so that | ||
50 | /sbin/request-key can appropriately direct the upcalls. For example, to handle | ||
51 | basic dname to IPv4/IPv6 address resolution, the following line should be | ||
52 | added: | ||
53 | |||
54 | #OP TYPE DESC CO-INFO PROGRAM ARG1 ARG2 ARG3 ... | ||
55 | #====== ============ ======= ======= ========================== | ||
56 | create dns_resolver * * /usr/sbin/cifs.upcall %k | ||
57 | |||
58 | To direct a query for query type 'foo', a line of the following should be added | ||
59 | before the more general line given above as the first match is the one taken. | ||
60 | |||
61 | create dns_resolver foo:* * /usr/sbin/dns.foo %k | ||
62 | |||
63 | |||
64 | |||
65 | ===== | ||
66 | USAGE | ||
67 | ===== | ||
68 | |||
69 | To make use of this facility, one of the following functions that are | ||
70 | implemented in the module can be called after doing: | ||
71 | |||
72 | #include <linux/dns_resolver.h> | ||
73 | |||
74 | (1) int dns_query(const char *type, const char *name, size_t namelen, | ||
75 | const char *options, char **_result, time_t *_expiry); | ||
76 | |||
77 | This is the basic access function. It looks for a cached DNS query and if | ||
78 | it doesn't find it, it upcalls to userspace to make a new DNS query, which | ||
79 | may then be cached. The key description is constructed as a string of the | ||
80 | form: | ||
81 | |||
82 | [<type>:]<name> | ||
83 | |||
84 | where <type> optionally specifies the particular upcall program to invoke, | ||
85 | and thus the type of query to do, and <name> specifies the string to be | ||
86 | looked up. The default query type is a straight hostname to IP address | ||
87 | set lookup. | ||
88 | |||
89 | The name parameter is not required to be a NUL-terminated string, and its | ||
90 | length should be given by the namelen argument. | ||
91 | |||
92 | The options parameter may be NULL or it may be a set of options | ||
93 | appropriate to the query type. | ||
94 | |||
95 | The return value is a string appropriate to the query type. For instance, | ||
96 | for the default query type it is just a list of comma-separated IPv4 and | ||
97 | IPv6 addresses. The caller must free the result. | ||
98 | |||
99 | The length of the result string is returned on success, and a negative | ||
100 | error code is returned otherwise. -EKEYREJECTED will be returned if the | ||
101 | DNS lookup failed. | ||
102 | |||
103 | If _expiry is non-NULL, the expiry time (TTL) of the result will be | ||
104 | returned also. | ||
105 | |||
106 | |||
107 | ========= | ||
108 | MECHANISM | ||
109 | ========= | ||
110 | |||
111 | The dnsresolver module registers a key type called "dns_resolver". Keys of | ||
112 | this type are used to transport and cache DNS lookup results from userspace. | ||
113 | |||
114 | When dns_query() is invoked, it calls request_key() to search the local | ||
115 | keyrings for a cached DNS result. If that fails to find one, it upcalls to | ||
116 | userspace to get a new result. | ||
117 | |||
118 | Upcalls to userspace are made through the request_key() upcall vector, and are | ||
119 | directed by means of configuration lines in /etc/request-key.conf that tell | ||
120 | /sbin/request-key what program to run to instantiate the key. | ||
121 | |||
122 | The upcall handler program is responsible for querying the DNS, processing the | ||
123 | result into a form suitable for passing to the keyctl_instantiate_key() | ||
124 | routine. This then passes the data to dns_resolver_instantiate() which strips | ||
125 | off and processes any options included in the data, and then attaches the | ||
126 | remainder of the string to the key as its payload. | ||
127 | |||
128 | The upcall handler program should set the expiry time on the key to that of the | ||
129 | lowest TTL of all the records it has extracted a result from. This means that | ||
130 | the key will be discarded and recreated when the data it holds has expired. | ||
131 | |||
132 | dns_query() returns a copy of the value attached to the key, or an error if | ||
133 | that is indicated instead. | ||
134 | |||
135 | See <file:Documentation/keys-request-key.txt> for further information about | ||
136 | request-key function. | ||
137 | |||
138 | |||
139 | ========= | ||
140 | DEBUGGING | ||
141 | ========= | ||
142 | |||
143 | Debugging messages can be turned on dynamically by writing a 1 into the | ||
144 | following file: | ||
145 | |||
146 | /sys/module/dnsresolver/parameters/debug | ||
diff --git a/fs/afs/Kconfig b/fs/afs/Kconfig index 5c4e61d3c772..8f975f25b486 100644 --- a/fs/afs/Kconfig +++ b/fs/afs/Kconfig | |||
@@ -2,6 +2,7 @@ config AFS_FS | |||
2 | tristate "Andrew File System support (AFS) (EXPERIMENTAL)" | 2 | tristate "Andrew File System support (AFS) (EXPERIMENTAL)" |
3 | depends on INET && EXPERIMENTAL | 3 | depends on INET && EXPERIMENTAL |
4 | select AF_RXRPC | 4 | select AF_RXRPC |
5 | select DNS_RESOLVER | ||
5 | help | 6 | help |
6 | If you say Y here, you will get an experimental Andrew File System | 7 | If you say Y here, you will get an experimental Andrew File System |
7 | driver. It currently only supports unsecured read-only AFS access. | 8 | driver. It currently only supports unsecured read-only AFS access. |
diff --git a/fs/afs/cell.c b/fs/afs/cell.c index e19c13f059ed..ffea35c63879 100644 --- a/fs/afs/cell.c +++ b/fs/afs/cell.c | |||
@@ -13,6 +13,7 @@ | |||
13 | #include <linux/slab.h> | 13 | #include <linux/slab.h> |
14 | #include <linux/key.h> | 14 | #include <linux/key.h> |
15 | #include <linux/ctype.h> | 15 | #include <linux/ctype.h> |
16 | #include <linux/dns_resolver.h> | ||
16 | #include <linux/sched.h> | 17 | #include <linux/sched.h> |
17 | #include <keys/rxrpc-type.h> | 18 | #include <keys/rxrpc-type.h> |
18 | #include "internal.h" | 19 | #include "internal.h" |
@@ -36,6 +37,8 @@ static struct afs_cell *afs_cell_alloc(const char *name, char *vllist) | |||
36 | struct key *key; | 37 | struct key *key; |
37 | size_t namelen; | 38 | size_t namelen; |
38 | char keyname[4 + AFS_MAXCELLNAME + 1], *cp, *dp, *next; | 39 | char keyname[4 + AFS_MAXCELLNAME + 1], *cp, *dp, *next; |
40 | char *dvllist = NULL, *_vllist = NULL; | ||
41 | char delimiter = ':'; | ||
39 | int ret; | 42 | int ret; |
40 | 43 | ||
41 | _enter("%s,%s", name, vllist); | 44 | _enter("%s,%s", name, vllist); |
@@ -43,8 +46,10 @@ static struct afs_cell *afs_cell_alloc(const char *name, char *vllist) | |||
43 | BUG_ON(!name); /* TODO: want to look up "this cell" in the cache */ | 46 | BUG_ON(!name); /* TODO: want to look up "this cell" in the cache */ |
44 | 47 | ||
45 | namelen = strlen(name); | 48 | namelen = strlen(name); |
46 | if (namelen > AFS_MAXCELLNAME) | 49 | if (namelen > AFS_MAXCELLNAME) { |
50 | _leave(" = -ENAMETOOLONG"); | ||
47 | return ERR_PTR(-ENAMETOOLONG); | 51 | return ERR_PTR(-ENAMETOOLONG); |
52 | } | ||
48 | 53 | ||
49 | /* allocate and initialise a cell record */ | 54 | /* allocate and initialise a cell record */ |
50 | cell = kzalloc(sizeof(struct afs_cell) + namelen + 1, GFP_KERNEL); | 55 | cell = kzalloc(sizeof(struct afs_cell) + namelen + 1, GFP_KERNEL); |
@@ -64,15 +69,31 @@ static struct afs_cell *afs_cell_alloc(const char *name, char *vllist) | |||
64 | INIT_LIST_HEAD(&cell->vl_list); | 69 | INIT_LIST_HEAD(&cell->vl_list); |
65 | spin_lock_init(&cell->vl_lock); | 70 | spin_lock_init(&cell->vl_lock); |
66 | 71 | ||
72 | /* if the ip address is invalid, try dns query */ | ||
73 | if (!vllist || strlen(vllist) < 7) { | ||
74 | ret = dns_query("afsdb", name, namelen, "ipv4", &dvllist, NULL); | ||
75 | if (ret < 0) { | ||
76 | _leave(" = %d", ret); | ||
77 | return ERR_PTR(ret); | ||
78 | } | ||
79 | _vllist = dvllist; | ||
80 | |||
81 | /* change the delimiter for user-space reply */ | ||
82 | delimiter = ','; | ||
83 | |||
84 | } else { | ||
85 | _vllist = vllist; | ||
86 | } | ||
87 | |||
67 | /* fill in the VL server list from the rest of the string */ | 88 | /* fill in the VL server list from the rest of the string */ |
68 | do { | 89 | do { |
69 | unsigned a, b, c, d; | 90 | unsigned a, b, c, d; |
70 | 91 | ||
71 | next = strchr(vllist, ':'); | 92 | next = strchr(_vllist, delimiter); |
72 | if (next) | 93 | if (next) |
73 | *next++ = 0; | 94 | *next++ = 0; |
74 | 95 | ||
75 | if (sscanf(vllist, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) | 96 | if (sscanf(_vllist, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) |
76 | goto bad_address; | 97 | goto bad_address; |
77 | 98 | ||
78 | if (a > 255 || b > 255 || c > 255 || d > 255) | 99 | if (a > 255 || b > 255 || c > 255 || d > 255) |
@@ -81,7 +102,7 @@ static struct afs_cell *afs_cell_alloc(const char *name, char *vllist) | |||
81 | cell->vl_addrs[cell->vl_naddrs++].s_addr = | 102 | cell->vl_addrs[cell->vl_naddrs++].s_addr = |
82 | htonl((a << 24) | (b << 16) | (c << 8) | d); | 103 | htonl((a << 24) | (b << 16) | (c << 8) | d); |
83 | 104 | ||
84 | } while (cell->vl_naddrs < AFS_CELL_MAX_ADDRS && (vllist = next)); | 105 | } while (cell->vl_naddrs < AFS_CELL_MAX_ADDRS && (_vllist = next)); |
85 | 106 | ||
86 | /* create a key to represent an anonymous user */ | 107 | /* create a key to represent an anonymous user */ |
87 | memcpy(keyname, "afs@", 4); | 108 | memcpy(keyname, "afs@", 4); |
@@ -110,6 +131,7 @@ bad_address: | |||
110 | ret = -EINVAL; | 131 | ret = -EINVAL; |
111 | error: | 132 | error: |
112 | key_put(cell->anonymous_key); | 133 | key_put(cell->anonymous_key); |
134 | kfree(dvllist); | ||
113 | kfree(cell); | 135 | kfree(cell); |
114 | _leave(" = %d", ret); | 136 | _leave(" = %d", ret); |
115 | return ERR_PTR(ret); | 137 | return ERR_PTR(ret); |
@@ -201,14 +223,12 @@ int afs_cell_init(char *rootcell) | |||
201 | } | 223 | } |
202 | 224 | ||
203 | cp = strchr(rootcell, ':'); | 225 | cp = strchr(rootcell, ':'); |
204 | if (!cp) { | 226 | if (!cp) |
205 | printk(KERN_ERR "kAFS: no VL server IP addresses specified\n"); | 227 | _debug("kAFS: no VL server IP addresses specified"); |
206 | _leave(" = -EINVAL"); | 228 | else |
207 | return -EINVAL; | 229 | *cp++ = 0; |
208 | } | ||
209 | 230 | ||
210 | /* allocate a cell record for the root cell */ | 231 | /* allocate a cell record for the root cell */ |
211 | *cp++ = 0; | ||
212 | new_root = afs_cell_create(rootcell, cp); | 232 | new_root = afs_cell_create(rootcell, cp); |
213 | if (IS_ERR(new_root)) { | 233 | if (IS_ERR(new_root)) { |
214 | _leave(" = %ld", PTR_ERR(new_root)); | 234 | _leave(" = %ld", PTR_ERR(new_root)); |
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig index efcb3a78a327..917b7d449bb2 100644 --- a/fs/cifs/Kconfig +++ b/fs/cifs/Kconfig | |||
@@ -70,14 +70,14 @@ config CIFS_WEAK_PW_HASH | |||
70 | If unsure, say N. | 70 | If unsure, say N. |
71 | 71 | ||
72 | config CIFS_UPCALL | 72 | config CIFS_UPCALL |
73 | bool "Kerberos/SPNEGO advanced session setup" | 73 | bool "Kerberos/SPNEGO advanced session setup" |
74 | depends on CIFS && KEYS | 74 | depends on CIFS && KEYS |
75 | help | 75 | select DNS_RESOLVER |
76 | Enables an upcall mechanism for CIFS which accesses | 76 | help |
77 | userspace helper utilities to provide SPNEGO packaged (RFC 4178) | 77 | Enables an upcall mechanism for CIFS which accesses userspace helper |
78 | Kerberos tickets which are needed to mount to certain secure servers | 78 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets |
79 | (for which more secure Kerberos authentication is required). If | 79 | which are needed to mount to certain secure servers (for which more |
80 | unsure, say N. | 80 | secure Kerberos authentication is required). If unsure, say N. |
81 | 81 | ||
82 | config CIFS_XATTR | 82 | config CIFS_XATTR |
83 | bool "CIFS extended attributes" | 83 | bool "CIFS extended attributes" |
@@ -121,6 +121,7 @@ config CIFS_DEBUG2 | |||
121 | config CIFS_DFS_UPCALL | 121 | config CIFS_DFS_UPCALL |
122 | bool "DFS feature support" | 122 | bool "DFS feature support" |
123 | depends on CIFS && KEYS | 123 | depends on CIFS && KEYS |
124 | select DNS_RESOLVER | ||
124 | help | 125 | help |
125 | Distributed File System (DFS) support is used to access shares | 126 | Distributed File System (DFS) support is used to access shares |
126 | transparently in an enterprise name space, even if the share | 127 | transparently in an enterprise name space, even if the share |
diff --git a/fs/cifs/README b/fs/cifs/README index a727b7cb075f..a7081eeeb85d 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -568,8 +568,9 @@ module can be displayed via modinfo. | |||
568 | Misc /proc/fs/cifs Flags and Debug Info | 568 | Misc /proc/fs/cifs Flags and Debug Info |
569 | ======================================= | 569 | ======================================= |
570 | Informational pseudo-files: | 570 | Informational pseudo-files: |
571 | DebugData Displays information about active CIFS sessions | 571 | DebugData Displays information about active CIFS sessions and |
572 | and shares, as well as the cifs.ko version. | 572 | shares, features enabled as well as the cifs.ko |
573 | version. | ||
573 | Stats Lists summary resource usage information as well as per | 574 | Stats Lists summary resource usage information as well as per |
574 | share statistics, if CONFIG_CIFS_STATS in enabled | 575 | share statistics, if CONFIG_CIFS_STATS in enabled |
575 | in the kernel configuration. | 576 | in the kernel configuration. |
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index 4fce6e61b34e..eb1ba493489f 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c | |||
@@ -119,6 +119,31 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) | |||
119 | "Display Internal CIFS Data Structures for Debugging\n" | 119 | "Display Internal CIFS Data Structures for Debugging\n" |
120 | "---------------------------------------------------\n"); | 120 | "---------------------------------------------------\n"); |
121 | seq_printf(m, "CIFS Version %s\n", CIFS_VERSION); | 121 | seq_printf(m, "CIFS Version %s\n", CIFS_VERSION); |
122 | seq_printf(m, "Features: "); | ||
123 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
124 | seq_printf(m, "dfs"); | ||
125 | seq_putc(m, ' '); | ||
126 | #endif | ||
127 | #ifdef CONFIG_CIFS_FSCACHE | ||
128 | seq_printf(m, "fscache"); | ||
129 | seq_putc(m, ' '); | ||
130 | #endif | ||
131 | #ifdef CONFIG_CIFS_WEAK_PW_HASH | ||
132 | seq_printf(m, "lanman"); | ||
133 | seq_putc(m, ' '); | ||
134 | #endif | ||
135 | #ifdef CONFIG_CIFS_POSIX | ||
136 | seq_printf(m, "posix"); | ||
137 | seq_putc(m, ' '); | ||
138 | #endif | ||
139 | #ifdef CONFIG_CIFS_UPCALL | ||
140 | seq_printf(m, "spnego"); | ||
141 | seq_putc(m, ' '); | ||
142 | #endif | ||
143 | #ifdef CONFIG_CIFS_XATTR | ||
144 | seq_printf(m, "xattr"); | ||
145 | #endif | ||
146 | seq_putc(m, '\n'); | ||
122 | seq_printf(m, "Active VFS Requests: %d\n", GlobalTotalActiveXid); | 147 | seq_printf(m, "Active VFS Requests: %d\n", GlobalTotalActiveXid); |
123 | seq_printf(m, "Servers:"); | 148 | seq_printf(m, "Servers:"); |
124 | 149 | ||
diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c index dc1ed50ea06e..d6ced7aa23cf 100644 --- a/fs/cifs/cifs_dfs_ref.c +++ b/fs/cifs/cifs_dfs_ref.c | |||
@@ -141,7 +141,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata, | |||
141 | } | 141 | } |
142 | 142 | ||
143 | rc = dns_resolve_server_name_to_ip(*devname, &srvIP); | 143 | rc = dns_resolve_server_name_to_ip(*devname, &srvIP); |
144 | if (rc != 0) { | 144 | if (rc < 0) { |
145 | cERROR(1, "%s: Failed to resolve server part of %s to IP: %d", | 145 | cERROR(1, "%s: Failed to resolve server part of %s to IP: %d", |
146 | __func__, *devname, rc); | 146 | __func__, *devname, rc); |
147 | goto compose_mount_options_err; | 147 | goto compose_mount_options_err; |
@@ -150,8 +150,7 @@ char *cifs_compose_mount_options(const char *sb_mountdata, | |||
150 | * assuming that we have 'unc=' and 'ip=' in | 150 | * assuming that we have 'unc=' and 'ip=' in |
151 | * the original sb_mountdata | 151 | * the original sb_mountdata |
152 | */ | 152 | */ |
153 | md_len = strlen(sb_mountdata) + strlen(srvIP) + | 153 | md_len = strlen(sb_mountdata) + rc + strlen(ref->node_name) + 12; |
154 | strlen(ref->node_name) + 12; | ||
155 | mountdata = kzalloc(md_len+1, GFP_KERNEL); | 154 | mountdata = kzalloc(md_len+1, GFP_KERNEL); |
156 | if (mountdata == NULL) { | 155 | if (mountdata == NULL) { |
157 | rc = -ENOMEM; | 156 | rc = -ENOMEM; |
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c index 6effccff85a5..87044906cd1f 100644 --- a/fs/cifs/cifs_spnego.c +++ b/fs/cifs/cifs_spnego.c | |||
@@ -84,6 +84,9 @@ struct key_type cifs_spnego_key_type = { | |||
84 | /* strlen of ";uid=0x" */ | 84 | /* strlen of ";uid=0x" */ |
85 | #define UID_KEY_LEN 7 | 85 | #define UID_KEY_LEN 7 |
86 | 86 | ||
87 | /* strlen of ";creduid=0x" */ | ||
88 | #define CREDUID_KEY_LEN 11 | ||
89 | |||
87 | /* strlen of ";user=" */ | 90 | /* strlen of ";user=" */ |
88 | #define USER_KEY_LEN 6 | 91 | #define USER_KEY_LEN 6 |
89 | 92 | ||
@@ -107,6 +110,7 @@ cifs_get_spnego_key(struct cifsSesInfo *sesInfo) | |||
107 | IP_KEY_LEN + INET6_ADDRSTRLEN + | 110 | IP_KEY_LEN + INET6_ADDRSTRLEN + |
108 | MAX_MECH_STR_LEN + | 111 | MAX_MECH_STR_LEN + |
109 | UID_KEY_LEN + (sizeof(uid_t) * 2) + | 112 | UID_KEY_LEN + (sizeof(uid_t) * 2) + |
113 | CREDUID_KEY_LEN + (sizeof(uid_t) * 2) + | ||
110 | USER_KEY_LEN + strlen(sesInfo->userName) + | 114 | USER_KEY_LEN + strlen(sesInfo->userName) + |
111 | PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; | 115 | PID_KEY_LEN + (sizeof(pid_t) * 2) + 1; |
112 | 116 | ||
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 5ac541a30c1d..a5ed10c9afef 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
@@ -45,7 +45,6 @@ | |||
45 | #include "cifs_fs_sb.h" | 45 | #include "cifs_fs_sb.h" |
46 | #include <linux/mm.h> | 46 | #include <linux/mm.h> |
47 | #include <linux/key-type.h> | 47 | #include <linux/key-type.h> |
48 | #include "dns_resolve.h" | ||
49 | #include "cifs_spnego.h" | 48 | #include "cifs_spnego.h" |
50 | #include "fscache.h" | 49 | #include "fscache.h" |
51 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ | 50 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ |
@@ -934,22 +933,13 @@ init_cifs(void) | |||
934 | if (rc) | 933 | if (rc) |
935 | goto out_unregister_filesystem; | 934 | goto out_unregister_filesystem; |
936 | #endif | 935 | #endif |
937 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
938 | rc = cifs_init_dns_resolver(); | ||
939 | if (rc) | ||
940 | goto out_unregister_key_type; | ||
941 | #endif | ||
942 | 936 | ||
943 | return 0; | 937 | return 0; |
944 | 938 | ||
945 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
946 | out_unregister_key_type: | ||
947 | #endif | ||
948 | #ifdef CONFIG_CIFS_UPCALL | 939 | #ifdef CONFIG_CIFS_UPCALL |
949 | unregister_key_type(&cifs_spnego_key_type); | ||
950 | out_unregister_filesystem: | 940 | out_unregister_filesystem: |
951 | #endif | ||
952 | unregister_filesystem(&cifs_fs_type); | 941 | unregister_filesystem(&cifs_fs_type); |
942 | #endif | ||
953 | out_destroy_request_bufs: | 943 | out_destroy_request_bufs: |
954 | cifs_destroy_request_bufs(); | 944 | cifs_destroy_request_bufs(); |
955 | out_destroy_mids: | 945 | out_destroy_mids: |
@@ -971,7 +961,6 @@ exit_cifs(void) | |||
971 | cifs_fscache_unregister(); | 961 | cifs_fscache_unregister(); |
972 | #ifdef CONFIG_CIFS_DFS_UPCALL | 962 | #ifdef CONFIG_CIFS_DFS_UPCALL |
973 | cifs_dfs_release_automount_timer(); | 963 | cifs_dfs_release_automount_timer(); |
974 | cifs_exit_dns_resolver(); | ||
975 | #endif | 964 | #endif |
976 | #ifdef CONFIG_CIFS_UPCALL | 965 | #ifdef CONFIG_CIFS_UPCALL |
977 | unregister_key_type(&cifs_spnego_key_type); | 966 | unregister_key_type(&cifs_spnego_key_type); |
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h index 2eaebbd31132..1f5450814087 100644 --- a/fs/cifs/cifsproto.h +++ b/fs/cifs/cifsproto.h | |||
@@ -86,8 +86,8 @@ extern unsigned int smbCalcSize(struct smb_hdr *ptr); | |||
86 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); | 86 | extern unsigned int smbCalcSize_LE(struct smb_hdr *ptr); |
87 | extern int decode_negTokenInit(unsigned char *security_blob, int length, | 87 | extern int decode_negTokenInit(unsigned char *security_blob, int length, |
88 | struct TCP_Server_Info *server); | 88 | struct TCP_Server_Info *server); |
89 | extern int cifs_convert_address(struct sockaddr *dst, char *src); | 89 | extern int cifs_convert_address(struct sockaddr *dst, const char *src, int len); |
90 | extern int cifs_fill_sockaddr(struct sockaddr *dst, char *src, | 90 | extern int cifs_fill_sockaddr(struct sockaddr *dst, const char *src, int len, |
91 | unsigned short int port); | 91 | unsigned short int port); |
92 | extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); | 92 | extern int map_smb_to_linux_error(struct smb_hdr *smb, int logErr); |
93 | extern void header_assemble(struct smb_hdr *, char /* command */ , | 93 | extern void header_assemble(struct smb_hdr *, char /* command */ , |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index 2a43a0aca965..95c2ea67edfb 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -1543,6 +1543,7 @@ cifs_get_tcp_session(struct smb_vol *volume_info) | |||
1543 | if (volume_info->UNCip && volume_info->UNC) { | 1543 | if (volume_info->UNCip && volume_info->UNC) { |
1544 | rc = cifs_fill_sockaddr((struct sockaddr *)&addr, | 1544 | rc = cifs_fill_sockaddr((struct sockaddr *)&addr, |
1545 | volume_info->UNCip, | 1545 | volume_info->UNCip, |
1546 | strlen(volume_info->UNCip), | ||
1546 | volume_info->port); | 1547 | volume_info->port); |
1547 | if (!rc) { | 1548 | if (!rc) { |
1548 | /* we failed translating address */ | 1549 | /* we failed translating address */ |
diff --git a/fs/cifs/dns_resolve.c b/fs/cifs/dns_resolve.c index 3ad7f4300c45..0eb87026cad3 100644 --- a/fs/cifs/dns_resolve.c +++ b/fs/cifs/dns_resolve.c | |||
@@ -4,6 +4,8 @@ | |||
4 | * Copyright (c) 2007 Igor Mammedov | 4 | * Copyright (c) 2007 Igor Mammedov |
5 | * Author(s): Igor Mammedov (niallain@gmail.com) | 5 | * Author(s): Igor Mammedov (niallain@gmail.com) |
6 | * Steve French (sfrench@us.ibm.com) | 6 | * Steve French (sfrench@us.ibm.com) |
7 | * Wang Lei (wang840925@gmail.com) | ||
8 | * David Howells (dhowells@redhat.com) | ||
7 | * | 9 | * |
8 | * Contains the CIFS DFS upcall routines used for hostname to | 10 | * Contains the CIFS DFS upcall routines used for hostname to |
9 | * IP address translation. | 11 | * IP address translation. |
@@ -24,214 +26,73 @@ | |||
24 | */ | 26 | */ |
25 | 27 | ||
26 | #include <linux/slab.h> | 28 | #include <linux/slab.h> |
27 | #include <linux/keyctl.h> | 29 | #include <linux/dns_resolver.h> |
28 | #include <linux/key-type.h> | ||
29 | #include <keys/user-type.h> | ||
30 | #include "dns_resolve.h" | 30 | #include "dns_resolve.h" |
31 | #include "cifsglob.h" | 31 | #include "cifsglob.h" |
32 | #include "cifsproto.h" | 32 | #include "cifsproto.h" |
33 | #include "cifs_debug.h" | 33 | #include "cifs_debug.h" |
34 | 34 | ||
35 | static const struct cred *dns_resolver_cache; | 35 | /** |
36 | 36 | * dns_resolve_server_name_to_ip - Resolve UNC server name to ip address. | |
37 | /* Checks if supplied name is IP address | 37 | * @unc: UNC path specifying the server |
38 | * returns: | 38 | * @ip_addr: Where to return the IP address. |
39 | * 1 - name is IP | 39 | * |
40 | * 0 - name is not IP | 40 | * The IP address will be returned in string form, and the caller is |
41 | */ | 41 | * responsible for freeing it. |
42 | static int | 42 | * |
43 | is_ip(char *name) | 43 | * Returns length of result on success, -ve on error. |
44 | { | ||
45 | struct sockaddr_storage ss; | ||
46 | |||
47 | return cifs_convert_address((struct sockaddr *)&ss, name); | ||
48 | } | ||
49 | |||
50 | static int | ||
51 | dns_resolver_instantiate(struct key *key, const void *data, | ||
52 | size_t datalen) | ||
53 | { | ||
54 | int rc = 0; | ||
55 | char *ip; | ||
56 | |||
57 | ip = kmalloc(datalen + 1, GFP_KERNEL); | ||
58 | if (!ip) | ||
59 | return -ENOMEM; | ||
60 | |||
61 | memcpy(ip, data, datalen); | ||
62 | ip[datalen] = '\0'; | ||
63 | |||
64 | /* make sure this looks like an address */ | ||
65 | if (!is_ip(ip)) { | ||
66 | kfree(ip); | ||
67 | return -EINVAL; | ||
68 | } | ||
69 | |||
70 | key->type_data.x[0] = datalen; | ||
71 | key->payload.data = ip; | ||
72 | |||
73 | return rc; | ||
74 | } | ||
75 | |||
76 | static void | ||
77 | dns_resolver_destroy(struct key *key) | ||
78 | { | ||
79 | kfree(key->payload.data); | ||
80 | } | ||
81 | |||
82 | struct key_type key_type_dns_resolver = { | ||
83 | .name = "dns_resolver", | ||
84 | .def_datalen = sizeof(struct in_addr), | ||
85 | .describe = user_describe, | ||
86 | .instantiate = dns_resolver_instantiate, | ||
87 | .destroy = dns_resolver_destroy, | ||
88 | .match = user_match, | ||
89 | }; | ||
90 | |||
91 | /* Resolves server name to ip address. | ||
92 | * input: | ||
93 | * unc - server UNC | ||
94 | * output: | ||
95 | * *ip_addr - pointer to server ip, caller responcible for freeing it. | ||
96 | * return 0 on success | ||
97 | */ | 44 | */ |
98 | int | 45 | int |
99 | dns_resolve_server_name_to_ip(const char *unc, char **ip_addr) | 46 | dns_resolve_server_name_to_ip(const char *unc, char **ip_addr) |
100 | { | 47 | { |
101 | const struct cred *saved_cred; | 48 | struct sockaddr_storage ss; |
102 | int rc = -EAGAIN; | 49 | const char *hostname, *sep; |
103 | struct key *rkey = ERR_PTR(-EAGAIN); | ||
104 | char *name; | 50 | char *name; |
105 | char *data = NULL; | 51 | int len, rc; |
106 | int len; | ||
107 | 52 | ||
108 | if (!ip_addr || !unc) | 53 | if (!ip_addr || !unc) |
109 | return -EINVAL; | 54 | return -EINVAL; |
110 | 55 | ||
111 | /* search for server name delimiter */ | ||
112 | len = strlen(unc); | 56 | len = strlen(unc); |
113 | if (len < 3) { | 57 | if (len < 3) { |
114 | cFYI(1, "%s: unc is too short: %s", __func__, unc); | 58 | cFYI(1, "%s: unc is too short: %s", __func__, unc); |
115 | return -EINVAL; | 59 | return -EINVAL; |
116 | } | 60 | } |
117 | len -= 2; | ||
118 | name = memchr(unc+2, '\\', len); | ||
119 | if (!name) { | ||
120 | cFYI(1, "%s: probably server name is whole unc: %s", | ||
121 | __func__, unc); | ||
122 | } else { | ||
123 | len = (name - unc) - 2/* leading // */; | ||
124 | } | ||
125 | |||
126 | name = kmalloc(len+1, GFP_KERNEL); | ||
127 | if (!name) { | ||
128 | rc = -ENOMEM; | ||
129 | return rc; | ||
130 | } | ||
131 | memcpy(name, unc+2, len); | ||
132 | name[len] = 0; | ||
133 | |||
134 | if (is_ip(name)) { | ||
135 | cFYI(1, "%s: it is IP, skipping dns upcall: %s", | ||
136 | __func__, name); | ||
137 | data = name; | ||
138 | goto skip_upcall; | ||
139 | } | ||
140 | 61 | ||
141 | saved_cred = override_creds(dns_resolver_cache); | 62 | /* Discount leading slashes for cifs */ |
142 | rkey = request_key(&key_type_dns_resolver, name, ""); | 63 | len -= 2; |
143 | revert_creds(saved_cred); | 64 | hostname = unc + 2; |
144 | if (!IS_ERR(rkey)) { | ||
145 | if (!(rkey->perm & KEY_USR_VIEW)) { | ||
146 | down_read(&rkey->sem); | ||
147 | rkey->perm |= KEY_USR_VIEW; | ||
148 | up_read(&rkey->sem); | ||
149 | } | ||
150 | len = rkey->type_data.x[0]; | ||
151 | data = rkey->payload.data; | ||
152 | } else { | ||
153 | cERROR(1, "%s: unable to resolve: %s", __func__, name); | ||
154 | goto out; | ||
155 | } | ||
156 | |||
157 | skip_upcall: | ||
158 | if (data) { | ||
159 | *ip_addr = kmalloc(len + 1, GFP_KERNEL); | ||
160 | if (*ip_addr) { | ||
161 | memcpy(*ip_addr, data, len + 1); | ||
162 | if (!IS_ERR(rkey)) | ||
163 | cFYI(1, "%s: resolved: %s to %s", __func__, | ||
164 | name, | ||
165 | *ip_addr | ||
166 | ); | ||
167 | rc = 0; | ||
168 | } else { | ||
169 | rc = -ENOMEM; | ||
170 | } | ||
171 | if (!IS_ERR(rkey)) | ||
172 | key_put(rkey); | ||
173 | } | ||
174 | 65 | ||
175 | out: | 66 | /* Search for server name delimiter */ |
176 | kfree(name); | 67 | sep = memchr(hostname, '\\', len); |
68 | if (sep) | ||
69 | len = sep - unc; | ||
70 | else | ||
71 | cFYI(1, "%s: probably server name is whole unc: %s", | ||
72 | __func__, unc); | ||
73 | |||
74 | /* Try to interpret hostname as an IPv4 or IPv6 address */ | ||
75 | rc = cifs_convert_address((struct sockaddr *)&ss, hostname, len); | ||
76 | if (rc > 0) | ||
77 | goto name_is_IP_address; | ||
78 | |||
79 | /* Perform the upcall */ | ||
80 | rc = dns_query(NULL, hostname, len, NULL, ip_addr, NULL); | ||
81 | if (rc < 0) | ||
82 | cERROR(1, "%s: unable to resolve: %*.*s", | ||
83 | __func__, len, len, hostname); | ||
84 | else | ||
85 | cFYI(1, "%s: resolved: %*.*s to %s", | ||
86 | __func__, len, len, hostname, *ip_addr); | ||
177 | return rc; | 87 | return rc; |
178 | } | ||
179 | 88 | ||
180 | int __init cifs_init_dns_resolver(void) | 89 | name_is_IP_address: |
181 | { | 90 | name = kmalloc(len + 1, GFP_KERNEL); |
182 | struct cred *cred; | 91 | if (!name) |
183 | struct key *keyring; | ||
184 | int ret; | ||
185 | |||
186 | printk(KERN_NOTICE "Registering the %s key type\n", | ||
187 | key_type_dns_resolver.name); | ||
188 | |||
189 | /* create an override credential set with a special thread keyring in | ||
190 | * which DNS requests are cached | ||
191 | * | ||
192 | * this is used to prevent malicious redirections from being installed | ||
193 | * with add_key(). | ||
194 | */ | ||
195 | cred = prepare_kernel_cred(NULL); | ||
196 | if (!cred) | ||
197 | return -ENOMEM; | 92 | return -ENOMEM; |
198 | 93 | memcpy(name, hostname, len); | |
199 | keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred, | 94 | name[len] = 0; |
200 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | | 95 | cFYI(1, "%s: unc is IP, skipping dns upcall: %s", __func__, name); |
201 | KEY_USR_VIEW | KEY_USR_READ, | 96 | *ip_addr = name; |
202 | KEY_ALLOC_NOT_IN_QUOTA); | ||
203 | if (IS_ERR(keyring)) { | ||
204 | ret = PTR_ERR(keyring); | ||
205 | goto failed_put_cred; | ||
206 | } | ||
207 | |||
208 | ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL); | ||
209 | if (ret < 0) | ||
210 | goto failed_put_key; | ||
211 | |||
212 | ret = register_key_type(&key_type_dns_resolver); | ||
213 | if (ret < 0) | ||
214 | goto failed_put_key; | ||
215 | |||
216 | /* instruct request_key() to use this special keyring as a cache for | ||
217 | * the results it looks up */ | ||
218 | cred->thread_keyring = keyring; | ||
219 | cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; | ||
220 | dns_resolver_cache = cred; | ||
221 | return 0; | 97 | return 0; |
222 | |||
223 | failed_put_key: | ||
224 | key_put(keyring); | ||
225 | failed_put_cred: | ||
226 | put_cred(cred); | ||
227 | return ret; | ||
228 | } | ||
229 | |||
230 | void cifs_exit_dns_resolver(void) | ||
231 | { | ||
232 | key_revoke(dns_resolver_cache->thread_keyring); | ||
233 | unregister_key_type(&key_type_dns_resolver); | ||
234 | put_cred(dns_resolver_cache); | ||
235 | printk(KERN_NOTICE "Unregistered %s key type\n", | ||
236 | key_type_dns_resolver.name); | ||
237 | } | 98 | } |
diff --git a/fs/cifs/dns_resolve.h b/fs/cifs/dns_resolve.h index 5d7f291df162..d3f5d27f4d06 100644 --- a/fs/cifs/dns_resolve.h +++ b/fs/cifs/dns_resolve.h | |||
@@ -24,8 +24,6 @@ | |||
24 | #define _DNS_RESOLVE_H | 24 | #define _DNS_RESOLVE_H |
25 | 25 | ||
26 | #ifdef __KERNEL__ | 26 | #ifdef __KERNEL__ |
27 | extern int __init cifs_init_dns_resolver(void); | ||
28 | extern void cifs_exit_dns_resolver(void); | ||
29 | extern int dns_resolve_server_name_to_ip(const char *unc, char **ip_addr); | 27 | extern int dns_resolve_server_name_to_ip(const char *unc, char **ip_addr); |
30 | #endif /* KERNEL */ | 28 | #endif /* KERNEL */ |
31 | 29 | ||
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c index a15b3a9bbff4..dc4c47ab9588 100644 --- a/fs/cifs/inode.c +++ b/fs/cifs/inode.c | |||
@@ -732,15 +732,9 @@ cifs_find_inode(struct inode *inode, void *opaque) | |||
732 | if ((inode->i_mode & S_IFMT) != (fattr->cf_mode & S_IFMT)) | 732 | if ((inode->i_mode & S_IFMT) != (fattr->cf_mode & S_IFMT)) |
733 | return 0; | 733 | return 0; |
734 | 734 | ||
735 | /* | 735 | /* if it's not a directory or has no dentries, then flag it */ |
736 | * uh oh -- it's a directory. We can't use it since hardlinked dirs are | 736 | if (S_ISDIR(inode->i_mode) && !list_empty(&inode->i_dentry)) |
737 | * verboten. Disable serverino and return it as if it were found, the | ||
738 | * caller can discard it, generate a uniqueid and retry the find | ||
739 | */ | ||
740 | if (S_ISDIR(inode->i_mode) && !list_empty(&inode->i_dentry)) { | ||
741 | fattr->cf_flags |= CIFS_FATTR_INO_COLLISION; | 737 | fattr->cf_flags |= CIFS_FATTR_INO_COLLISION; |
742 | cifs_autodisable_serverino(CIFS_SB(inode->i_sb)); | ||
743 | } | ||
744 | 738 | ||
745 | return 1; | 739 | return 1; |
746 | } | 740 | } |
@@ -754,6 +748,27 @@ cifs_init_inode(struct inode *inode, void *opaque) | |||
754 | return 0; | 748 | return 0; |
755 | } | 749 | } |
756 | 750 | ||
751 | /* | ||
752 | * walk dentry list for an inode and report whether it has aliases that | ||
753 | * are hashed. We use this to determine if a directory inode can actually | ||
754 | * be used. | ||
755 | */ | ||
756 | static bool | ||
757 | inode_has_hashed_dentries(struct inode *inode) | ||
758 | { | ||
759 | struct dentry *dentry; | ||
760 | |||
761 | spin_lock(&dcache_lock); | ||
762 | list_for_each_entry(dentry, &inode->i_dentry, d_alias) { | ||
763 | if (!d_unhashed(dentry) || IS_ROOT(dentry)) { | ||
764 | spin_unlock(&dcache_lock); | ||
765 | return true; | ||
766 | } | ||
767 | } | ||
768 | spin_unlock(&dcache_lock); | ||
769 | return false; | ||
770 | } | ||
771 | |||
757 | /* Given fattrs, get a corresponding inode */ | 772 | /* Given fattrs, get a corresponding inode */ |
758 | struct inode * | 773 | struct inode * |
759 | cifs_iget(struct super_block *sb, struct cifs_fattr *fattr) | 774 | cifs_iget(struct super_block *sb, struct cifs_fattr *fattr) |
@@ -769,12 +784,16 @@ retry_iget5_locked: | |||
769 | 784 | ||
770 | inode = iget5_locked(sb, hash, cifs_find_inode, cifs_init_inode, fattr); | 785 | inode = iget5_locked(sb, hash, cifs_find_inode, cifs_init_inode, fattr); |
771 | if (inode) { | 786 | if (inode) { |
772 | /* was there a problematic inode number collision? */ | 787 | /* was there a potentially problematic inode collision? */ |
773 | if (fattr->cf_flags & CIFS_FATTR_INO_COLLISION) { | 788 | if (fattr->cf_flags & CIFS_FATTR_INO_COLLISION) { |
774 | iput(inode); | ||
775 | fattr->cf_uniqueid = iunique(sb, ROOT_I); | ||
776 | fattr->cf_flags &= ~CIFS_FATTR_INO_COLLISION; | 789 | fattr->cf_flags &= ~CIFS_FATTR_INO_COLLISION; |
777 | goto retry_iget5_locked; | 790 | |
791 | if (inode_has_hashed_dentries(inode)) { | ||
792 | cifs_autodisable_serverino(CIFS_SB(sb)); | ||
793 | iput(inode); | ||
794 | fattr->cf_uniqueid = iunique(sb, ROOT_I); | ||
795 | goto retry_iget5_locked; | ||
796 | } | ||
778 | } | 797 | } |
779 | 798 | ||
780 | cifs_fattr_to_inode(inode, fattr); | 799 | cifs_fattr_to_inode(inode, fattr); |
diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c index c6721ee26dbc..f97851119e6c 100644 --- a/fs/cifs/netmisc.c +++ b/fs/cifs/netmisc.c | |||
@@ -140,17 +140,18 @@ static const struct smb_to_posix_error mapping_table_ERRHRD[] = { | |||
140 | * Returns 0 on failure. | 140 | * Returns 0 on failure. |
141 | */ | 141 | */ |
142 | static int | 142 | static int |
143 | cifs_inet_pton(const int address_family, const char *cp, void *dst) | 143 | cifs_inet_pton(const int address_family, const char *cp, int len, void *dst) |
144 | { | 144 | { |
145 | int ret = 0; | 145 | int ret = 0; |
146 | 146 | ||
147 | /* calculate length by finding first slash or NULL */ | 147 | /* calculate length by finding first slash or NULL */ |
148 | if (address_family == AF_INET) | 148 | if (address_family == AF_INET) |
149 | ret = in4_pton(cp, -1 /* len */, dst, '\\', NULL); | 149 | ret = in4_pton(cp, len, dst, '\\', NULL); |
150 | else if (address_family == AF_INET6) | 150 | else if (address_family == AF_INET6) |
151 | ret = in6_pton(cp, -1 /* len */, dst , '\\', NULL); | 151 | ret = in6_pton(cp, len, dst , '\\', NULL); |
152 | 152 | ||
153 | cFYI(DBG2, "address conversion returned %d for %s", ret, cp); | 153 | cFYI(DBG2, "address conversion returned %d for %*.*s", |
154 | ret, len, len, cp); | ||
154 | if (ret > 0) | 155 | if (ret > 0) |
155 | ret = 1; | 156 | ret = 1; |
156 | return ret; | 157 | return ret; |
@@ -165,37 +166,39 @@ cifs_inet_pton(const int address_family, const char *cp, void *dst) | |||
165 | * Returns 0 on failure. | 166 | * Returns 0 on failure. |
166 | */ | 167 | */ |
167 | int | 168 | int |
168 | cifs_convert_address(struct sockaddr *dst, char *src) | 169 | cifs_convert_address(struct sockaddr *dst, const char *src, int len) |
169 | { | 170 | { |
170 | int rc; | 171 | int rc, alen, slen; |
171 | char *pct, *endp; | 172 | const char *pct; |
173 | char *endp, scope_id[13]; | ||
172 | struct sockaddr_in *s4 = (struct sockaddr_in *) dst; | 174 | struct sockaddr_in *s4 = (struct sockaddr_in *) dst; |
173 | struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst; | 175 | struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) dst; |
174 | 176 | ||
175 | /* IPv4 address */ | 177 | /* IPv4 address */ |
176 | if (cifs_inet_pton(AF_INET, src, &s4->sin_addr.s_addr)) { | 178 | if (cifs_inet_pton(AF_INET, src, len, &s4->sin_addr.s_addr)) { |
177 | s4->sin_family = AF_INET; | 179 | s4->sin_family = AF_INET; |
178 | return 1; | 180 | return 1; |
179 | } | 181 | } |
180 | 182 | ||
181 | /* temporarily terminate string */ | 183 | /* attempt to exclude the scope ID from the address part */ |
182 | pct = strchr(src, '%'); | 184 | pct = memchr(src, '%', len); |
183 | if (pct) | 185 | alen = pct ? pct - src : len; |
184 | *pct = '\0'; | ||
185 | |||
186 | rc = cifs_inet_pton(AF_INET6, src, &s6->sin6_addr.s6_addr); | ||
187 | |||
188 | /* repair temp termination (if any) and make pct point to scopeid */ | ||
189 | if (pct) | ||
190 | *pct++ = '%'; | ||
191 | 186 | ||
187 | rc = cifs_inet_pton(AF_INET6, src, alen, &s6->sin6_addr.s6_addr); | ||
192 | if (!rc) | 188 | if (!rc) |
193 | return rc; | 189 | return rc; |
194 | 190 | ||
195 | s6->sin6_family = AF_INET6; | 191 | s6->sin6_family = AF_INET6; |
196 | if (pct) { | 192 | if (pct) { |
193 | /* grab the scope ID */ | ||
194 | slen = len - (alen + 1); | ||
195 | if (slen <= 0 || slen > 12) | ||
196 | return 0; | ||
197 | memcpy(scope_id, pct + 1, slen); | ||
198 | scope_id[slen] = '\0'; | ||
199 | |||
197 | s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0); | 200 | s6->sin6_scope_id = (u32) simple_strtoul(pct, &endp, 0); |
198 | if (!*pct || *endp) | 201 | if (endp != scope_id + slen) |
199 | return 0; | 202 | return 0; |
200 | } | 203 | } |
201 | 204 | ||
@@ -203,10 +206,10 @@ cifs_convert_address(struct sockaddr *dst, char *src) | |||
203 | } | 206 | } |
204 | 207 | ||
205 | int | 208 | int |
206 | cifs_fill_sockaddr(struct sockaddr *dst, char *src, | 209 | cifs_fill_sockaddr(struct sockaddr *dst, const char *src, int len, |
207 | const unsigned short int port) | 210 | const unsigned short int port) |
208 | { | 211 | { |
209 | if (!cifs_convert_address(dst, src)) | 212 | if (!cifs_convert_address(dst, src, len)) |
210 | return 0; | 213 | return 0; |
211 | 214 | ||
212 | switch (dst->sa_family) { | 215 | switch (dst->sa_family) { |
diff --git a/include/keys/dns_resolver-type.h b/include/keys/dns_resolver-type.h new file mode 100644 index 000000000000..9284a19393aa --- /dev/null +++ b/include/keys/dns_resolver-type.h | |||
@@ -0,0 +1,23 @@ | |||
1 | /* DNS resolver key type | ||
2 | * | ||
3 | * Copyright (C) 2010 Wang Lei. All Rights Reserved. | ||
4 | * Written by Wang Lei (wang840925@gmail.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _KEYS_DNS_RESOLVER_TYPE_H | ||
13 | #define _KEYS_DNS_RESOLVER_TYPE_H | ||
14 | |||
15 | #include <linux/key-type.h> | ||
16 | |||
17 | extern struct key_type key_type_dns_resolver; | ||
18 | |||
19 | extern int request_dns_resolver_key(const char *description, | ||
20 | const char *callout_info, | ||
21 | char **data); | ||
22 | |||
23 | #endif /* _KEYS_DNS_RESOLVER_TYPE_H */ | ||
diff --git a/include/linux/dns_resolver.h b/include/linux/dns_resolver.h new file mode 100644 index 000000000000..cc92268af89a --- /dev/null +++ b/include/linux/dns_resolver.h | |||
@@ -0,0 +1,34 @@ | |||
1 | /* | ||
2 | * DNS Resolver upcall management for CIFS DFS and AFS | ||
3 | * Handles host name to IP address resolution and DNS query for AFSDB RR. | ||
4 | * | ||
5 | * Copyright (c) International Business Machines Corp., 2008 | ||
6 | * Author(s): Steve French (sfrench@us.ibm.com) | ||
7 | * Wang Lei (wang840925@gmail.com) | ||
8 | * | ||
9 | * This library is free software; you can redistribute it and/or modify | ||
10 | * it under the terms of the GNU Lesser General Public License as published | ||
11 | * by the Free Software Foundation; either version 2.1 of the License, or | ||
12 | * (at your option) any later version. | ||
13 | * | ||
14 | * This library is distributed in the hope that it will be useful, | ||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | ||
17 | * the GNU Lesser General Public License for more details. | ||
18 | * | ||
19 | * You should have received a copy of the GNU Lesser General Public License | ||
20 | * along with this library; if not, write to the Free Software | ||
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
22 | */ | ||
23 | |||
24 | #ifndef _LINUX_DNS_RESOLVER_H | ||
25 | #define _LINUX_DNS_RESOLVER_H | ||
26 | |||
27 | #ifdef __KERNEL__ | ||
28 | |||
29 | extern int dns_query(const char *type, const char *name, size_t namelen, | ||
30 | const char *options, char **_result, time_t *_expiry); | ||
31 | |||
32 | #endif /* KERNEL */ | ||
33 | |||
34 | #endif /* _LINUX_DNS_RESOLVER_H */ | ||
diff --git a/net/Kconfig b/net/Kconfig index e24fa0873f32..e330594d3709 100644 --- a/net/Kconfig +++ b/net/Kconfig | |||
@@ -213,6 +213,7 @@ source "net/phonet/Kconfig" | |||
213 | source "net/ieee802154/Kconfig" | 213 | source "net/ieee802154/Kconfig" |
214 | source "net/sched/Kconfig" | 214 | source "net/sched/Kconfig" |
215 | source "net/dcb/Kconfig" | 215 | source "net/dcb/Kconfig" |
216 | source "net/dns_resolver/Kconfig" | ||
216 | 217 | ||
217 | config RPS | 218 | config RPS |
218 | boolean | 219 | boolean |
diff --git a/net/Makefile b/net/Makefile index 41d420070a38..ea60fbce9b1b 100644 --- a/net/Makefile +++ b/net/Makefile | |||
@@ -67,3 +67,4 @@ ifeq ($(CONFIG_NET),y) | |||
67 | obj-$(CONFIG_SYSCTL) += sysctl_net.o | 67 | obj-$(CONFIG_SYSCTL) += sysctl_net.o |
68 | endif | 68 | endif |
69 | obj-$(CONFIG_WIMAX) += wimax/ | 69 | obj-$(CONFIG_WIMAX) += wimax/ |
70 | obj-$(CONFIG_DNS_RESOLVER) += dns_resolver/ | ||
diff --git a/net/dns_resolver/Kconfig b/net/dns_resolver/Kconfig new file mode 100644 index 000000000000..50d49f7e0472 --- /dev/null +++ b/net/dns_resolver/Kconfig | |||
@@ -0,0 +1,27 @@ | |||
1 | # | ||
2 | # Configuration for DNS Resolver | ||
3 | # | ||
4 | config DNS_RESOLVER | ||
5 | tristate "DNS Resolver support" | ||
6 | depends on NET && KEYS | ||
7 | help | ||
8 | Saying Y here will include support for the DNS Resolver key type | ||
9 | which can be used to make upcalls to perform DNS lookups in | ||
10 | userspace. | ||
11 | |||
12 | DNS Resolver is used to query DNS server for information. Examples | ||
13 | being resolving a UNC hostname element to an IP address for CIFS or | ||
14 | performing a DNS query for AFSDB records so that AFS can locate a | ||
15 | cell's volume location database servers. | ||
16 | |||
17 | DNS Resolver is used by the CIFS and AFS modules, and would support | ||
18 | SMB2 later. DNS Resolver is supported by the userspace upcall | ||
19 | helper "/sbin/dns.resolver" via /etc/request-key.conf. | ||
20 | |||
21 | See <file:Documentation/networking/dns_resolver.txt> for further | ||
22 | information. | ||
23 | |||
24 | To compile this as a module, choose M here: the module will be called | ||
25 | dnsresolver. | ||
26 | |||
27 | If unsure, say N. | ||
diff --git a/net/dns_resolver/Makefile b/net/dns_resolver/Makefile new file mode 100644 index 000000000000..c0ef4e71dc49 --- /dev/null +++ b/net/dns_resolver/Makefile | |||
@@ -0,0 +1,7 @@ | |||
1 | # | ||
2 | # Makefile for the Linux DNS Resolver. | ||
3 | # | ||
4 | |||
5 | obj-$(CONFIG_DNS_RESOLVER) += dns_resolver.o | ||
6 | |||
7 | dns_resolver-objs := dns_key.o dns_query.o | ||
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c new file mode 100644 index 000000000000..400a04d5c9a1 --- /dev/null +++ b/net/dns_resolver/dns_key.c | |||
@@ -0,0 +1,211 @@ | |||
1 | /* Key type used to cache DNS lookups made by the kernel | ||
2 | * | ||
3 | * See Documentation/networking/dns_resolver.txt | ||
4 | * | ||
5 | * Copyright (c) 2007 Igor Mammedov | ||
6 | * Author(s): Igor Mammedov (niallain@gmail.com) | ||
7 | * Steve French (sfrench@us.ibm.com) | ||
8 | * Wang Lei (wang840925@gmail.com) | ||
9 | * David Howells (dhowells@redhat.com) | ||
10 | * | ||
11 | * This library is free software; you can redistribute it and/or modify | ||
12 | * it under the terms of the GNU Lesser General Public License as published | ||
13 | * by the Free Software Foundation; either version 2.1 of the License, or | ||
14 | * (at your option) any later version. | ||
15 | * | ||
16 | * This library is distributed in the hope that it will be useful, | ||
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | ||
19 | * the GNU Lesser General Public License for more details. | ||
20 | * | ||
21 | * You should have received a copy of the GNU Lesser General Public License | ||
22 | * along with this library; if not, write to the Free Software | ||
23 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
24 | */ | ||
25 | #include <linux/module.h> | ||
26 | #include <linux/moduleparam.h> | ||
27 | #include <linux/slab.h> | ||
28 | #include <linux/string.h> | ||
29 | #include <linux/kernel.h> | ||
30 | #include <linux/keyctl.h> | ||
31 | #include <linux/err.h> | ||
32 | #include <keys/dns_resolver-type.h> | ||
33 | #include <keys/user-type.h> | ||
34 | #include "internal.h" | ||
35 | |||
36 | MODULE_DESCRIPTION("DNS Resolver"); | ||
37 | MODULE_AUTHOR("Wang Lei"); | ||
38 | MODULE_LICENSE("GPL"); | ||
39 | |||
40 | unsigned dns_resolver_debug; | ||
41 | module_param_named(debug, dns_resolver_debug, uint, S_IWUSR | S_IRUGO); | ||
42 | MODULE_PARM_DESC(debug, "DNS Resolver debugging mask"); | ||
43 | |||
44 | const struct cred *dns_resolver_cache; | ||
45 | |||
46 | /* | ||
47 | * Instantiate a user defined key for dns_resolver. | ||
48 | * | ||
49 | * The data must be a NUL-terminated string, with the NUL char accounted in | ||
50 | * datalen. | ||
51 | * | ||
52 | * If the data contains a '#' characters, then we take the clause after each | ||
53 | * one to be an option of the form 'key=value'. The actual data of interest is | ||
54 | * the string leading up to the first '#'. For instance: | ||
55 | * | ||
56 | * "ip1,ip2,...#foo=bar" | ||
57 | */ | ||
58 | static int | ||
59 | dns_resolver_instantiate(struct key *key, const void *_data, size_t datalen) | ||
60 | { | ||
61 | struct user_key_payload *upayload; | ||
62 | int ret; | ||
63 | size_t result_len = 0; | ||
64 | const char *data = _data, *opt; | ||
65 | |||
66 | kenter("%%%d,%s,'%s',%zu", | ||
67 | key->serial, key->description, data, datalen); | ||
68 | |||
69 | if (datalen <= 1 || !data || data[datalen - 1] != '\0') | ||
70 | return -EINVAL; | ||
71 | datalen--; | ||
72 | |||
73 | /* deal with any options embedded in the data */ | ||
74 | opt = memchr(data, '#', datalen); | ||
75 | if (!opt) { | ||
76 | kdebug("no options currently supported"); | ||
77 | return -EINVAL; | ||
78 | } | ||
79 | |||
80 | result_len = datalen; | ||
81 | ret = key_payload_reserve(key, result_len); | ||
82 | if (ret < 0) | ||
83 | return -EINVAL; | ||
84 | |||
85 | upayload = kmalloc(sizeof(*upayload) + result_len + 1, GFP_KERNEL); | ||
86 | if (!upayload) { | ||
87 | kleave(" = -ENOMEM"); | ||
88 | return -ENOMEM; | ||
89 | } | ||
90 | |||
91 | upayload->datalen = result_len; | ||
92 | memcpy(upayload->data, data, result_len); | ||
93 | upayload->data[result_len] = '\0'; | ||
94 | rcu_assign_pointer(key->payload.data, upayload); | ||
95 | |||
96 | kleave(" = 0"); | ||
97 | return 0; | ||
98 | } | ||
99 | |||
100 | /* | ||
101 | * The description is of the form "[<type>:]<domain_name>" | ||
102 | * | ||
103 | * The domain name may be a simple name or an absolute domain name (which | ||
104 | * should end with a period). The domain name is case-independent. | ||
105 | */ | ||
106 | static int | ||
107 | dns_resolver_match(const struct key *key, const void *description) | ||
108 | { | ||
109 | int slen, dlen, ret = 0; | ||
110 | const char *src = key->description, *dsp = description; | ||
111 | |||
112 | kenter("%s,%s", src, dsp); | ||
113 | |||
114 | if (!src || !dsp) | ||
115 | goto no_match; | ||
116 | |||
117 | if (strcasecmp(src, dsp) == 0) | ||
118 | goto matched; | ||
119 | |||
120 | slen = strlen(src); | ||
121 | dlen = strlen(dsp); | ||
122 | if (slen <= 0 || dlen <= 0) | ||
123 | goto no_match; | ||
124 | if (src[slen - 1] == '.') | ||
125 | slen--; | ||
126 | if (dsp[dlen - 1] == '.') | ||
127 | dlen--; | ||
128 | if (slen != dlen || strncasecmp(src, dsp, slen) != 0) | ||
129 | goto no_match; | ||
130 | |||
131 | matched: | ||
132 | ret = 1; | ||
133 | no_match: | ||
134 | kleave(" = %d", ret); | ||
135 | return ret; | ||
136 | } | ||
137 | |||
138 | struct key_type key_type_dns_resolver = { | ||
139 | .name = "dns_resolver", | ||
140 | .instantiate = dns_resolver_instantiate, | ||
141 | .match = dns_resolver_match, | ||
142 | .revoke = user_revoke, | ||
143 | .destroy = user_destroy, | ||
144 | .describe = user_describe, | ||
145 | .read = user_read, | ||
146 | }; | ||
147 | |||
148 | static int __init init_dns_resolver(void) | ||
149 | { | ||
150 | struct cred *cred; | ||
151 | struct key *keyring; | ||
152 | int ret; | ||
153 | |||
154 | printk(KERN_NOTICE "Registering the %s key type\n", | ||
155 | key_type_dns_resolver.name); | ||
156 | |||
157 | /* create an override credential set with a special thread keyring in | ||
158 | * which DNS requests are cached | ||
159 | * | ||
160 | * this is used to prevent malicious redirections from being installed | ||
161 | * with add_key(). | ||
162 | */ | ||
163 | cred = prepare_kernel_cred(NULL); | ||
164 | if (!cred) | ||
165 | return -ENOMEM; | ||
166 | |||
167 | keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred, | ||
168 | (KEY_POS_ALL & ~KEY_POS_SETATTR) | | ||
169 | KEY_USR_VIEW | KEY_USR_READ, | ||
170 | KEY_ALLOC_NOT_IN_QUOTA); | ||
171 | if (IS_ERR(keyring)) { | ||
172 | ret = PTR_ERR(keyring); | ||
173 | goto failed_put_cred; | ||
174 | } | ||
175 | |||
176 | ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL); | ||
177 | if (ret < 0) | ||
178 | goto failed_put_key; | ||
179 | |||
180 | ret = register_key_type(&key_type_dns_resolver); | ||
181 | if (ret < 0) | ||
182 | goto failed_put_key; | ||
183 | |||
184 | /* instruct request_key() to use this special keyring as a cache for | ||
185 | * the results it looks up */ | ||
186 | cred->thread_keyring = keyring; | ||
187 | cred->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING; | ||
188 | dns_resolver_cache = cred; | ||
189 | |||
190 | kdebug("DNS resolver keyring: %d\n", key_serial(keyring)); | ||
191 | return 0; | ||
192 | |||
193 | failed_put_key: | ||
194 | key_put(keyring); | ||
195 | failed_put_cred: | ||
196 | put_cred(cred); | ||
197 | return ret; | ||
198 | } | ||
199 | |||
200 | static void __exit exit_dns_resolver(void) | ||
201 | { | ||
202 | key_revoke(dns_resolver_cache->thread_keyring); | ||
203 | unregister_key_type(&key_type_dns_resolver); | ||
204 | put_cred(dns_resolver_cache); | ||
205 | printk(KERN_NOTICE "Unregistered %s key type\n", | ||
206 | key_type_dns_resolver.name); | ||
207 | } | ||
208 | |||
209 | module_init(init_dns_resolver) | ||
210 | module_exit(exit_dns_resolver) | ||
211 | MODULE_LICENSE("GPL"); | ||
diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c new file mode 100644 index 000000000000..03d5255f5cf2 --- /dev/null +++ b/net/dns_resolver/dns_query.c | |||
@@ -0,0 +1,160 @@ | |||
1 | /* Upcall routine, designed to work as a key type and working through | ||
2 | * /sbin/request-key to contact userspace when handling DNS queries. | ||
3 | * | ||
4 | * See Documentation/networking/dns_resolver.txt | ||
5 | * | ||
6 | * Copyright (c) 2007 Igor Mammedov | ||
7 | * Author(s): Igor Mammedov (niallain@gmail.com) | ||
8 | * Steve French (sfrench@us.ibm.com) | ||
9 | * Wang Lei (wang840925@gmail.com) | ||
10 | * David Howells (dhowells@redhat.com) | ||
11 | * | ||
12 | * The upcall wrapper used to make an arbitrary DNS query. | ||
13 | * | ||
14 | * This function requires the appropriate userspace tool dns.upcall to be | ||
15 | * installed and something like the following lines should be added to the | ||
16 | * /etc/request-key.conf file: | ||
17 | * | ||
18 | * create dns_resolver * * /sbin/dns.upcall %k | ||
19 | * | ||
20 | * For example to use this module to query AFSDB RR: | ||
21 | * | ||
22 | * create dns_resolver afsdb:* * /sbin/dns.afsdb %k | ||
23 | * | ||
24 | * This library is free software; you can redistribute it and/or modify | ||
25 | * it under the terms of the GNU Lesser General Public License as published | ||
26 | * by the Free Software Foundation; either version 2.1 of the License, or | ||
27 | * (at your option) any later version. | ||
28 | * | ||
29 | * This library is distributed in the hope that it will be useful, | ||
30 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
31 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | ||
32 | * the GNU Lesser General Public License for more details. | ||
33 | * | ||
34 | * You should have received a copy of the GNU Lesser General Public License | ||
35 | * along with this library; if not, write to the Free Software | ||
36 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
37 | */ | ||
38 | |||
39 | #include <linux/module.h> | ||
40 | #include <linux/slab.h> | ||
41 | #include <linux/dns_resolver.h> | ||
42 | #include <linux/err.h> | ||
43 | #include <keys/dns_resolver-type.h> | ||
44 | #include <keys/user-type.h> | ||
45 | |||
46 | #include "internal.h" | ||
47 | |||
48 | /** | ||
49 | * dns_query - Query the DNS | ||
50 | * @type: Query type (or NULL for straight host->IP lookup) | ||
51 | * @name: Name to look up | ||
52 | * @namelen: Length of name | ||
53 | * @options: Request options (or NULL if no options) | ||
54 | * @_result: Where to place the returned data. | ||
55 | * @_expiry: Where to store the result expiry time (or NULL) | ||
56 | * | ||
57 | * The data will be returned in the pointer at *result, and the caller is | ||
58 | * responsible for freeing it. | ||
59 | * | ||
60 | * The description should be of the form "[<query_type>:]<domain_name>", and | ||
61 | * the options need to be appropriate for the query type requested. If no | ||
62 | * query_type is given, then the query is a straight hostname to IP address | ||
63 | * lookup. | ||
64 | * | ||
65 | * The DNS resolution lookup is performed by upcalling to userspace by way of | ||
66 | * requesting a key of type dns_resolver. | ||
67 | * | ||
68 | * Returns the size of the result on success, -ve error code otherwise. | ||
69 | */ | ||
70 | int dns_query(const char *type, const char *name, size_t namelen, | ||
71 | const char *options, char **_result, time_t *_expiry) | ||
72 | { | ||
73 | struct key *rkey; | ||
74 | struct user_key_payload *upayload; | ||
75 | const struct cred *saved_cred; | ||
76 | size_t typelen, desclen; | ||
77 | char *desc, *cp; | ||
78 | int ret, len; | ||
79 | |||
80 | kenter("%s,%*.*s,%zu,%s", | ||
81 | type, (int)namelen, (int)namelen, name, namelen, options); | ||
82 | |||
83 | if (!name || namelen == 0 || !_result) | ||
84 | return -EINVAL; | ||
85 | |||
86 | /* construct the query key description as "[<type>:]<name>" */ | ||
87 | typelen = 0; | ||
88 | desclen = 0; | ||
89 | if (type) { | ||
90 | typelen = strlen(type); | ||
91 | if (typelen < 1) | ||
92 | return -EINVAL; | ||
93 | desclen += typelen + 1; | ||
94 | } | ||
95 | |||
96 | if (!namelen) | ||
97 | namelen = strlen(name); | ||
98 | if (namelen < 3) | ||
99 | return -EINVAL; | ||
100 | desclen += namelen + 1; | ||
101 | |||
102 | desc = kmalloc(desclen, GFP_KERNEL); | ||
103 | if (!desc) | ||
104 | return -ENOMEM; | ||
105 | |||
106 | cp = desc; | ||
107 | if (type) { | ||
108 | memcpy(cp, type, typelen); | ||
109 | cp += typelen; | ||
110 | *cp++ = ':'; | ||
111 | } | ||
112 | memcpy(cp, name, namelen); | ||
113 | cp += namelen; | ||
114 | *cp = '\0'; | ||
115 | |||
116 | if (!options) | ||
117 | options = ""; | ||
118 | kdebug("call request_key(,%s,%s)", desc, options); | ||
119 | |||
120 | /* make the upcall, using special credentials to prevent the use of | ||
121 | * add_key() to preinstall malicious redirections | ||
122 | */ | ||
123 | saved_cred = override_creds(dns_resolver_cache); | ||
124 | rkey = request_key(&key_type_dns_resolver, desc, options); | ||
125 | revert_creds(saved_cred); | ||
126 | kfree(desc); | ||
127 | if (IS_ERR(rkey)) { | ||
128 | ret = PTR_ERR(rkey); | ||
129 | goto out; | ||
130 | } | ||
131 | |||
132 | down_read(&rkey->sem); | ||
133 | rkey->perm |= KEY_USR_VIEW; | ||
134 | |||
135 | ret = key_validate(rkey); | ||
136 | if (ret < 0) | ||
137 | goto put; | ||
138 | |||
139 | upayload = rcu_dereference_protected(rkey->payload.data, | ||
140 | lockdep_is_held(&rkey->sem)); | ||
141 | len = upayload->datalen; | ||
142 | |||
143 | ret = -ENOMEM; | ||
144 | *_result = kmalloc(len + 1, GFP_KERNEL); | ||
145 | if (!*_result) | ||
146 | goto put; | ||
147 | |||
148 | memcpy(*_result, upayload->data, len + 1); | ||
149 | if (_expiry) | ||
150 | *_expiry = rkey->expiry; | ||
151 | |||
152 | ret = len; | ||
153 | put: | ||
154 | up_read(&rkey->sem); | ||
155 | key_put(rkey); | ||
156 | out: | ||
157 | kleave(" = %d", ret); | ||
158 | return ret; | ||
159 | } | ||
160 | EXPORT_SYMBOL(dns_query); | ||
diff --git a/net/dns_resolver/internal.h b/net/dns_resolver/internal.h new file mode 100644 index 000000000000..189ca9e9b785 --- /dev/null +++ b/net/dns_resolver/internal.h | |||
@@ -0,0 +1,44 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2010 Wang Lei | ||
3 | * Author(s): Wang Lei (wang840925@gmail.com). All Rights Reserved. | ||
4 | * | ||
5 | * Internal DNS Rsolver stuff | ||
6 | * | ||
7 | * This library is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU Lesser General Public License as published | ||
9 | * by the Free Software Foundation; either version 2.1 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | ||
15 | * the GNU Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public License | ||
18 | * along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
20 | */ | ||
21 | |||
22 | #include <linux/compiler.h> | ||
23 | #include <linux/kernel.h> | ||
24 | #include <linux/sched.h> | ||
25 | |||
26 | /* | ||
27 | * dns_key.c | ||
28 | */ | ||
29 | extern const struct cred *dns_resolver_cache; | ||
30 | |||
31 | /* | ||
32 | * debug tracing | ||
33 | */ | ||
34 | extern unsigned dns_resolver_debug; | ||
35 | |||
36 | #define kdebug(FMT, ...) \ | ||
37 | do { \ | ||
38 | if (unlikely(dns_resolver_debug)) \ | ||
39 | printk(KERN_DEBUG "[%-6.6s] "FMT"\n", \ | ||
40 | current->comm, ##__VA_ARGS__); \ | ||
41 | } while (0) | ||
42 | |||
43 | #define kenter(FMT, ...) kdebug("==> %s("FMT")", __func__, ##__VA_ARGS__) | ||
44 | #define kleave(FMT, ...) kdebug("<== %s()"FMT"", __func__, ##__VA_ARGS__) | ||