1
/* Upcall routine, designed to work as a key type and working through
2
 * /sbin/request-key to contact userspace when handling DNS queries.
3
 *
4
 * See Documentation/networking/dns_resolver.rst
5
 *
6
 *   Copyright (c) 2007 Igor Mammedov
7
 *   Author(s): Igor Mammedov ([email protected])
8
 *              Steve French ([email protected])
9
 *              Wang Lei ([email protected])
10
 *		David Howells ([email protected])
11
 *
12
 *   The upcall wrapper used to make an arbitrary DNS query.
13
 *
14
 *   This function requires the appropriate userspace tool dns.upcall to be
15
 *   installed and something like the following lines should be added to the
16
 *   /etc/request-key.conf file:
17
 *
18
 *	create dns_resolver * * /sbin/dns.upcall %k
19
 *
20
 *   For example to use this module to query AFSDB RR:
21
 *
22
 *	create dns_resolver afsdb:* * /sbin/dns.afsdb %k
23
 *
24
 *   This library is free software; you can redistribute it and/or modify
25
 *   it under the terms of the GNU Lesser General Public License as published
26
 *   by the Free Software Foundation; either version 2.1 of the License, or
27
 *   (at your option) any later version.
28
 *
29
 *   This library is distributed in the hope that it will be useful,
30
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
31
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
32
 *   the GNU Lesser General Public License for more details.
33
 *
34
 *   You should have received a copy of the GNU Lesser General Public License
35
 *   along with this library; if not, see <http://www.gnu.org/licenses/>.
36
 */
37

38
#include <linux/module.h>
39
#include <linux/slab.h>
40
#include <linux/cred.h>
41
#include <linux/dns_resolver.h>
42
#include <linux/err.h>
43
#include <net/net_namespace.h>
44

45
#include <keys/dns_resolver-type.h>
46
#include <keys/user-type.h>
47

48
#include "internal.h"
49

50
/**
51
 * dns_query - Query the DNS
52
 * @net: The network namespace to operate in.
53
 * @type: Query type (or NULL for straight host->IP lookup)
54
 * @name: Name to look up
55
 * @namelen: Length of name
56
 * @options: Request options (or NULL if no options)
57
 * @_result: Where to place the returned data (or NULL)
58
 * @_expiry: Where to store the result expiry time (or NULL)
59
 * @invalidate: Always invalidate the key after use
60
 *
61
 * The data will be returned in the pointer at *result, if provided, and the
62
 * caller is responsible for freeing it.
63
 *
64
 * The description should be of the form "[<query_type>:]<domain_name>", and
65
 * the options need to be appropriate for the query type requested.  If no
66
 * query_type is given, then the query is a straight hostname to IP address
67
 * lookup.
68
 *
69
 * The DNS resolution lookup is performed by upcalling to userspace by way of
70
 * requesting a key of type dns_resolver.
71
 *
72
 * Returns the size of the result on success, -ve error code otherwise.
73
 */
74
int dns_query(struct net *net,
75
	      const char *type, const char *name, size_t namelen,
76
	      const char *options, char **_result, time64_t *_expiry,
77
	      bool invalidate)
78
{
79
	struct key *rkey;
80
	struct user_key_payload *upayload;
81
	size_t typelen, desclen;
82
	char *desc, *cp;
83
	int ret, len;
84

85
	kenter("%s,%*.*s,%zu,%s",
86
	       type, (int)namelen, (int)namelen, name, namelen, options);
87

88
	if (!name || namelen == 0)
89
		return -EINVAL;
90

91
	/* construct the query key description as "[<type>:]<name>" */
92
	typelen = 0;
93
	desclen = 0;
94
	if (type) {
95
		typelen = strlen(type);
96
		if (typelen < 1)
97
			return -EINVAL;
98
		desclen += typelen + 1;
99
	}
100

101
	if (namelen < 3 || namelen > 255)
102
		return -EINVAL;
103
	desclen += namelen + 1;
104

105
	desc = kmalloc(desclen, GFP_KERNEL);
106
	if (!desc)
107
		return -ENOMEM;
108

109
	cp = desc;
110
	if (type) {
111
		memcpy(cp, type, typelen);
112
		cp += typelen;
113
		*cp++ = ':';
114
	}
115
	memcpy(cp, name, namelen);
116
	cp += namelen;
117
	*cp = '\0';
118

119
	if (!options)
120
		options = "";
121
	kdebug("call request_key(,%s,%s)", desc, options);
122

123
	/* make the upcall, using special credentials to prevent the use of
124
	 * add_key() to preinstall malicious redirections
125
	 */
126
	scoped_with_creds(dns_resolver_cache)
127
		rkey = request_key_net(&key_type_dns_resolver, desc, net, options);
128
	kfree(desc);
129
	if (IS_ERR(rkey)) {
130
		ret = PTR_ERR(rkey);
131
		goto out;
132
	}
133

134
	down_read(&rkey->sem);
135
	set_bit(KEY_FLAG_ROOT_CAN_INVAL, &rkey->flags);
136
	rkey->perm |= KEY_USR_VIEW;
137

138
	ret = key_validate(rkey);
139
	if (ret < 0)
140
		goto put;
141

142
	/* If the DNS server gave an error, return that to the caller */
143
	ret = PTR_ERR(rkey->payload.data[dns_key_error]);
144
	if (ret)
145
		goto put;
146

147
	upayload = user_key_payload_locked(rkey);
148
	len = upayload->datalen;
149

150
	if (_result) {
151
		ret = -ENOMEM;
152
		*_result = kmemdup_nul(upayload->data, len, GFP_KERNEL);
153
		if (!*_result)
154
			goto put;
155
	}
156

157
	if (_expiry)
158
		*_expiry = rkey->expiry;
159

160
	ret = len;
161
put:
162
	up_read(&rkey->sem);
163
	if (invalidate)
164
		key_invalidate(rkey);
165
	key_put(rkey);
166
out:
167
	kleave(" = %d", ret);
168
	return ret;
169
}
170
EXPORT_SYMBOL(dns_query);
171

172