Merge pull request #203 from acv/remove-hardcoded-servers

Remove hardcoded servers

Author: acv

src/centralserver.c

@@ -159,15 +159,10 @@ _connect_auth_server(int level)
 {
     s_config *config = config_get_config();
     t_auth_serv *auth_server = NULL;
+    t_popular_server *popular_server = NULL;
     struct in_addr *h_addr;
     int num_servers = 0;
     char *hostname = NULL;
-    char *popular_servers[] = {
-        "www.google.com",
-        "www.yahoo.com",
-        NULL
-    };
-    char **popularserver;
     char *ip;
     struct sockaddr_in their_addr;
     int sockfd;
@@ -207,20 +202,18 @@ _connect_auth_server(int level)
     if (!h_addr) {
         /*
          * DNS resolving it failed
-         *
-         * Can we resolve any of the popular servers ?
          */
         debug(LOG_DEBUG, "Level %d: Resolving auth server [%s] failed", level, hostname);
 
-        for (popularserver = popular_servers; *popularserver; popularserver++) {
-            debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, *popularserver);
-            h_addr = wd_gethostbyname(*popularserver);
+        for (popular_server = config->popular_servers; popular_server; popular_server = popular_server->next) {
+            debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, popular_server->hostname);
+            h_addr = wd_gethostbyname(popular_server->hostname);
             if (h_addr) {
-                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] succeeded = [%s]", level, *popularserver,
+                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] succeeded = [%s]", level, popular_server->hostname,
                       inet_ntoa(*h_addr));
                 break;
             } else {
-                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] failed", level, *popularserver);
+                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] failed", level, popular_server->hostname);
             }
         }
 

src/conf.c

@@ -96,6 +96,7 @@ typedef enum {
     oFirewallRule,
     oFirewallRuleSet,
     oTrustedMACList,
+    oPopularServers,
     oHtmlMessageFile,
     oProxyPort,
     oSSLPeerVerification,
@@ -140,20 +141,25 @@ static const struct {
     "firewallruleset", oFirewallRuleSet}, {
     "firewallrule", oFirewallRule}, {
     "trustedmaclist", oTrustedMACList}, {
+    "popularservers", oPopularServers}, {
     "htmlmessagefile", oHtmlMessageFile}, {
     "proxyport", oProxyPort}, {
     "sslpeerverification", oSSLPeerVerification}, {
     "sslcertpath", oSSLCertPath}, {
     "sslallowedcipherlist", oSSLAllowedCipherList}, {
 NULL, oBadOption},};
 
-static void config_notnull(const void *parm, const char *parmname);
+static void config_notnull(const void *, const char *);
 static int parse_boolean_value(char *);
 static void parse_auth_server(FILE *, const char *, int *);
-static int _parse_firewall_rule(const char *ruleset, char *leftover);
+static int _parse_firewall_rule(const char *, char *);
 static void parse_firewall_ruleset(const char *, FILE *, const char *, int *);
+static void parse_trusted_mac_list(const char *);
+static void parse_popular_servers(const char *);
+static void validate_popular_servers(void);
+static void add_popular_server(const char *);
 
-static OpCodes config_parse_token(const char *cp, const char *filename, int linenum);
+static OpCodes config_parse_token(const char *, const char *, int);
 
 /** Accessor for the current gateway configuration
 @return:  A pointer to the current config.  The pointer isn't opaque, but should be treated as READ-ONLY
@@ -189,6 +195,7 @@ config_init(void)
     config.internal_sock = safe_strdup(DEFAULT_INTERNAL_SOCK);
     config.rulesets = NULL;
     config.trustedmaclist = NULL;
+    config.popular_servers = NULL;
     config.proxy_port = 0;
     config.ssl_certs = safe_strdup(DEFAULT_AUTHSERVSSLCERTPATH);
     config.ssl_verify = DEFAULT_AUTHSERVSSLPEERVER;
@@ -630,7 +637,7 @@ void
 config_read(const char *filename)
 {
     FILE *fd;
-    char line[MAX_BUF], *s, *p1, *p2;
+    char line[MAX_BUF], *s, *p1, *p2, *rawarg = NULL;
     int linenum = 0, opcode, value;
     size_t len;
 
@@ -666,7 +673,7 @@ config_read(const char *filename)
                     break;
                 len = strlen(p1);
             }
-
+            rawarg = safe_strdup(p1);
             if ((p2 = strchr(p1, ' '))) {
                 p2[0] = '\0';
             } else if ((p2 = strstr(p1, "\r\n"))) {
@@ -718,6 +725,9 @@ config_read(const char *filename)
                 case oTrustedMACList:
                     parse_trusted_mac_list(p1);
                     break;
+                case oPopularServers:
+                    parse_popular_servers(rawarg);
+                    break;
                 case oHTTPDName:
                     config.httpdname = safe_strdup(p1);
                     break;
@@ -785,6 +795,10 @@ config_read(const char *filename)
                 }
             }
         }
+        if (rawarg) {
+            free(rawarg);
+            rawarg = NULL;
+        }
     }
 
     if (config.httpdusername && !config.httpdpassword) {
@@ -817,7 +831,8 @@ parse_boolean_value(char *line)
     return -1;
 }
 
-/* Parse possiblemac to see if it is valid MAC address format */
+/**
+ * Parse possiblemac to see if it is valid MAC address format */
 int
 check_mac_format(char *possiblemac)
 {
@@ -828,7 +843,10 @@ check_mac_format(char *possiblemac)
                hex2, hex2, hex2, hex2, hex2, hex2) == 6;
 }
 
-void
+/** @internal
+ * Parse the trusted mac list.
+ */
+static void
 parse_trusted_mac_list(const char *ptr)
 {
     char *ptrcopy = NULL;
@@ -843,7 +861,7 @@ parse_trusted_mac_list(const char *ptr)
     /* strsep modifies original, so let's make a copy */
     ptrcopy = safe_strdup(ptr);
 
-    while ((possiblemac = strsep(&ptrcopy, ", "))) {
+    while ((possiblemac = strsep(&ptrcopy, ","))) {
         /* check for valid format */
         if (!check_mac_format(possiblemac)) {
             debug(LOG_ERR,
@@ -900,19 +918,90 @@ parse_trusted_mac_list(const char *ptr)
 
 }
 
+/** @internal
+ * Add a popular server to the list. It prepends for simplicity.
+ * @param server The hostname to add.
+ */
+static void
+add_popular_server(const char *server)
+{
+    t_popular_server *p = NULL;
+
+    p = (t_popular_server *)safe_malloc(sizeof(t_popular_server));
+    p->hostname = safe_strdup(server);
+
+    if (config.popular_servers == NULL) {
+        p->next = NULL;
+        config.popular_servers = p;
+    } else {
+        p->next = config.popular_servers;
+        config.popular_servers = p;
+    }
+}
+
+static void
+parse_popular_servers(const char *ptr)
+{
+    char *ptrcopy = NULL;
+    char *hostname = NULL;
+    char *tmp = NULL;
+
+    debug(LOG_DEBUG, "Parsing string [%s] for popular servers", ptr);
+
+    /* strsep modifies original, so let's make a copy */
+    ptrcopy = safe_strdup(ptr);
+
+    while ((hostname = strsep(&ptrcopy, ","))) {  /* hostname does *not* need allocation. strsep
+                                                     provides a pointer in ptrcopy. */
+        /* Skip leading spaces. */
+        while (*hostname != '\0' && isblank(*hostname)) { 
+            hostname++;
+        }
+        if (*hostname == '\0') {  /* Equivalent to strcmp(hostname, "") == 0 */
+            continue;
+        }
+        /* Remove any trailing blanks. */
+        tmp = hostname;
+        while (*tmp != '\0' && !isblank(*tmp)) {
+            tmp++;
+        }
+        if (*tmp != '\0' && isblank(*tmp)) {
+            *tmp = '\0';
+        }
+        debug(LOG_DEBUG, "Adding Popular Server [%s] to list", hostname);
+        add_popular_server(hostname);
+    }
+
+    free(ptrcopy);
+}
+
 /** Verifies if the configuration is complete and valid.  Terminates the program if it isn't */
 void
 config_validate(void)
 {
     config_notnull(config.gw_interface, "GatewayInterface");
     config_notnull(config.auth_servers, "AuthServer");
+    validate_popular_servers();
 
     if (missing_parms) {
         debug(LOG_ERR, "Configuration is not complete, exiting...");
         exit(-1);
     }
 }
 
+/** @internal
+ * Validate that popular servers are populated or log a warning and set a default.
+ */
+static void
+validate_popular_servers(void)
+{
+    if (config.popular_servers == NULL) {
+        debug(LOG_WARNING, "PopularServers not set in config file, this will become fatal in a future version.");
+        add_popular_server("www.google.com");
+        add_popular_server("www.yahoo.com");
+    }
+}
+
 /** @internal
     Verifies that a required parameter is not a null pointer
 */

src/conf.h

@@ -143,6 +143,14 @@ typedef struct _trusted_mac_t {
     struct _trusted_mac_t *next;
 } t_trusted_mac;
 
+/**
+ * Popular Servers
+ */
+typedef struct _popular_server_t {
+    char *hostname;
+    struct _popular_server_t *next;
+} t_popular_server;
+
 /**
  * Configuration structure
  */
@@ -183,6 +191,7 @@ typedef struct {
     t_trusted_mac *trustedmaclist; /**< @brief list of trusted macs */
     char *arp_table_path; /**< @brief Path to custom ARP table, formatted
         like /proc/net/arp */
+    t_popular_server *popular_servers; /**< @brief list of popular servers */
 } s_config;
 
 /** @brief Get the current gateway configuration */
@@ -209,7 +218,6 @@ void mark_auth_server_bad(t_auth_serv *);
 /** @brief Fetch a firewall rule set. */
 t_firewall_rule *get_ruleset(const char *);
 
-void parse_trusted_mac_list(const char *);
 
 #define LOCK_CONFIG() do { \
 	debug(LOG_DEBUG, "Locking config"); \

wifidog.conf

@@ -221,6 +221,10 @@ ClientTimeout 5
 # Default: none
 # Optional
 #
+
+# Check DNS health by querying IPs of these hosts
+PopularServers kernel.org,ieee.org
+
 # Comma separated list of MAC addresses who are allowed to pass
 # through without authentication.
 # N.B.: weak security, since MAC addresses are easy to spoof.