Merge pull request #101 from sinkcup/master

sinkcup · sinkcup · commit 66522fe5e7e4 · 2015-03-19T09:58:20.000+08:00
start to use Semantic Versioning, will release 1.2.0 tag after this merge
diff --git a/ChangeLog b/ChangeLog
@@ -1,4 +1,7 @@
 # $Id$
+2015-03-18
+	* Add possibility to use domain whitelist in conf, and auto pass subdomains.
+	(https://github.com/wifidog/wifidog-gateway/issues/14)
 2015-02-20
 	* Add possibility to use a port range in wifidog
 	(https://github.com/wifidog/wifidog-gateway/commit/d1c3b596dcae6eb1f4980687a3633482613ca231)
diff --git a/NEWS b/NEWS
@@ -1,4 +1,9 @@
 # $Id$
+WiFiDog 1.2.0:
+	* Add possibility to use domain whitelist in conf, and auto pass subdomains.
+        * Use Semantic Versioning, yymmdd version number is out of use.
+        * Use tag for release, don't using master for release.
+
 WiFiDog 1.1.5:
 	* First supported version on OpenWRT kamikaze
 
diff --git a/configure.in b/configure.in
@@ -18,10 +18,11 @@ AC_PROG_CXX
 
 AC_SUBST(BUILDROOT)
 
+# we use Semantic Versioning x.y.z tag for release, docs: http://semver.org/
 WIFIDOG_MAJOR_VERSION=1
-WIFIDOG_MINOR_VERSION=1
-WIFIDOG_MICRO_VERSION=6
-WIFIDOG_VERSION=20130917
+WIFIDOG_MINOR_VERSION=2
+WIFIDOG_MICRO_VERSION=0
+WIFIDOG_VERSION=$WIFIDOG_MAJOR_VERSION.$WIFIDOG_MINOR_VERSION.$WIFIDOG_MICRO_VERSION
 
 AC_SUBST(WIFIDOG_MAJOR_VERSION)
 AC_SUBST(WIFIDOG_MINOR_VERSION)
diff --git a/src/conf.c b/src/conf.c
@@ -557,21 +557,6 @@ _parse_firewall_rule(const char *ruleset, char *leftover)
 		}
 		if (strncmp(other_kw, "to-ipset", 8) == 0 && !finished)  {
 			mask_is_ipset = 1;
-		} else if (strncmp(other_kw, "to", 2) == 0 && !finished) {
-			/* Check if mask is valid */
-			all_nums = 1;
-			for (i = 0; *(mask + i) != '\0'; i++)
-				if (!isdigit((unsigned char)*(mask + i)) && (*(mask + i) != '.')
-						&& (*(mask + i) != '/'))
-					all_nums = 0; /*< No longer only digits */
-			if (!all_nums) {
-				debug(LOG_ERR, "Invalid mask %s", mask);
-				return -3; /*< Fail */
-			}
-		} else {
-			debug(LOG_ERR, "Invalid or unexpected keyword %s, "
-					"expecting \"port\", \"to\" or \"to-ipset\"", other_kw);
-			return -4; /*< Fail */
 		}
 		TO_NEXT_WORD(leftover, finished);
 		if (!finished) {
diff --git a/src/http.c b/src/http.c
@@ -134,25 +134,37 @@ http_callback_404(httpd *webserver, request *r, int error_code)
             free(mac);
 		}
 
-                debug(LOG_INFO, "Check host %s is in whitelist or not", r->request.host); // eg. www.example.com
+                // if host is not in whitelist, maybe not in conf or domain'IP changed, it will go to here.
+                debug(LOG_INFO, "Check host %s is in whitelist or not", r->request.host); // e.g. www.example.com
                 t_firewall_rule *rule;
-                //eg. example.com is in whitelist
+                //e.g. example.com is in whitelist
+                // if request http://www.example.com/, it's not equal example.com.
                 for (rule = get_ruleset("global"); rule != NULL; rule = rule->next) {
-                    // if request http://www.example.com/, it's not equal example.com. if request http://example.com, it will not go to here, it had been added into "iptables allow" when wifidog start.
-                    if (strstr(r->request.host, rule->mask)) {
-                        int host_length = strlen(r->request.host);
-                        int mask_length = strlen(rule->mask);
+                    debug(LOG_INFO, "rule mask %s", rule->mask);
+                    if (strstr(r->request.host, rule->mask) == NULL) {
+                        debug(LOG_INFO, "host %s is not in %s, contiue", r->request.host, rule->mask);
+                        continue;
+                    }
+                    int host_length = strlen(r->request.host);
+                    int mask_length = strlen(rule->mask);
+                    if (host_length != mask_length) {
                         char prefix[1024] = {0};
-                        // must be *.example.com, if not have ".", maybe Phishing. eg. phishingexample.com
-                        strncpy(prefix, r->request.host, host_length - mask_length - 1); // www
+                        // must be *.example.com, if not have ".", maybe Phishing. e.g. phishingexample.com
+                        strncpy(prefix, r->request.host, host_length - mask_length - 1); // e.g. www
                         strcat(prefix, "."); // www.
                         strcat(prefix, rule->mask); // www.example.com
                         if (strcasecmp(r->request.host, prefix) == 0) {
-                            debug(LOG_INFO, "allow subdomain, auto refresh request");
+                            debug(LOG_INFO, "allow subdomain");
                             fw_allow_host(r->request.host);
                             http_send_redirect(r, tmp_url, "allow subdomain");
                             return;
                         }
+                    } else {
+                        // e.g. "example.com" is in conf, so it had been parse to IP and added into "iptables allow" when wifidog start. but then its' A record(IP) changed, it will go to here.
+                        debug(LOG_INFO, "allow domain again, because IP changed");
+                        fw_allow_host(r->request.host);
+                        http_send_redirect(r, tmp_url, "allow domain");
+                        return;
                     }
                 }
 
