Merge branch 'issue-78' of github.com:sinkcup/wifidog-gateway into remove-hardcoded-servers

Conflicts:
	src/conf.h

Author: acv

src/centralserver.c

@@ -159,15 +159,10 @@ _connect_auth_server(int level)
 {
     s_config *config = config_get_config();
     t_auth_serv *auth_server = NULL;
+    t_popular_server *popular_server = NULL;
     struct in_addr *h_addr;
     int num_servers = 0;
     char *hostname = NULL;
-    char *popular_servers[] = {
-        "www.google.com",
-        "www.yahoo.com",
-        NULL
-    };
-    char **popularserver;
     char *ip;
     struct sockaddr_in their_addr;
     int sockfd;
@@ -207,20 +202,18 @@ _connect_auth_server(int level)
     if (!h_addr) {
         /*
          * DNS resolving it failed
-         *
-         * Can we resolve any of the popular servers ?
          */
         debug(LOG_DEBUG, "Level %d: Resolving auth server [%s] failed", level, hostname);
 
-        for (popularserver = popular_servers; *popularserver; popularserver++) {
-            debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, *popularserver);
-            h_addr = wd_gethostbyname(*popularserver);
+        for (popular_server = config->popular_servers; popular_server; popular_server = popular_server->next) {
+            debug(LOG_DEBUG, "Level %d: Resolving popular server [%s]", level, popular_server->hostname);
+            h_addr = wd_gethostbyname(popular_server->hostname);
             if (h_addr) {
-                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] succeeded = [%s]", level, *popularserver,
+                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] succeeded = [%s]", level, popular_server->hostname,
                       inet_ntoa(*h_addr));
                 break;
             } else {
-                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] failed", level, *popularserver);
+                debug(LOG_DEBUG, "Level %d: Resolving popular server [%s] failed", level, popular_server->hostname);
             }
         }
 

src/conf.c

@@ -96,6 +96,7 @@ typedef enum {
     oFirewallRule,
     oFirewallRuleSet,
     oTrustedMACList,
+    oPopularServers,
     oHtmlMessageFile,
     oProxyPort,
     oSSLPeerVerification,
@@ -140,6 +141,7 @@ static const struct {
     "firewallruleset", oFirewallRuleSet}, {
     "firewallrule", oFirewallRule}, {
     "trustedmaclist", oTrustedMACList}, {
+    "popularservers", oPopularServers}, {
     "htmlmessagefile", oHtmlMessageFile}, {
     "proxyport", oProxyPort}, {
     "sslpeerverification", oSSLPeerVerification}, {
@@ -189,6 +191,7 @@ config_init(void)
     config.internal_sock = safe_strdup(DEFAULT_INTERNAL_SOCK);
     config.rulesets = NULL;
     config.trustedmaclist = NULL;
+    config.popular_servers = NULL;
     config.proxy_port = 0;
     config.ssl_certs = safe_strdup(DEFAULT_AUTHSERVSSLCERTPATH);
     config.ssl_verify = DEFAULT_AUTHSERVSSLPEERVER;
@@ -718,6 +721,9 @@ config_read(const char *filename)
                 case oTrustedMACList:
                     parse_trusted_mac_list(p1);
                     break;
+                case oPopularServers:
+                    parse_popular_servers(p1);
+                    break;
                 case oHTTPDName:
                     config.httpdname = safe_strdup(p1);
                     break;
@@ -900,6 +906,48 @@ parse_trusted_mac_list(const char *ptr)
 
 }
 
+void
+parse_popular_servers(const char *ptr)
+{
+    char *ptrcopy = NULL;
+    char *hostname = NULL;
+    t_popular_server *p = NULL;
+
+    debug(LOG_DEBUG, "Parsing string [%s] for popular servers", ptr);
+
+    // max length of domain name is 253 characters
+    hostname = safe_malloc(254);
+
+    /* strsep modifies original, so let's make a copy */
+    ptrcopy = safe_strdup(ptr);
+
+    while ((hostname = strsep(&ptrcopy, ", "))) {
+        if (strcmp(hostname, "") == 0) {
+            continue;
+        }
+        debug(LOG_DEBUG, "Adding Popular Server [%s] to list", hostname);
+
+        if (config.popular_servers == NULL) {
+            config.popular_servers = safe_malloc(sizeof(t_popular_server));
+            config.popular_servers->hostname = safe_strdup(hostname);
+            config.popular_servers->next = NULL;
+        } else {
+            p = config.popular_servers;
+            /* Advance to the last entry */
+            while (p->next != NULL) {
+                p = p->next;
+            }
+            p->next = safe_malloc(sizeof(t_popular_server));
+            p = p->next;
+            p->hostname = safe_strdup(hostname);
+            p->next = NULL;
+        }
+    }
+
+    free(ptrcopy);
+    free(hostname);
+}
+
 /** Verifies if the configuration is complete and valid.  Terminates the program if it isn't */
 void
 config_validate(void)

src/conf.h

@@ -143,6 +143,14 @@ typedef struct _trusted_mac_t {
     struct _trusted_mac_t *next;
 } t_trusted_mac;
 
+/**
+ * Popular Servers
+ */
+typedef struct _popular_server_t {
+    char *hostname;
+    struct _popular_server_t *next;
+} t_popular_server;
+
 /**
  * Configuration structure
  */
@@ -183,6 +191,7 @@ typedef struct {
     t_trusted_mac *trustedmaclist; /**< @brief list of trusted macs */
     char *arp_table_path; /**< @brief Path to custom ARP table, formatted
         like /proc/net/arp */
+    t_popular_server *popular_servers; /**< @brief list of popular servers */
 } s_config;
 
 /** @brief Get the current gateway configuration */
@@ -211,6 +220,8 @@ t_firewall_rule *get_ruleset(const char *);
 
 void parse_trusted_mac_list(const char *);
 
+void parse_popular_servers(const char *);
+
 #define LOCK_CONFIG() do { \
 	debug(LOG_DEBUG, "Locking config"); \
 	pthread_mutex_lock(&config_mutex); \

wifidog.conf

@@ -221,6 +221,10 @@ ClientTimeout 5
 # Default: none
 # Optional
 #
+
+# Check DNS health by querying IPs of these hosts
+PopularServers kernel.org,ieee.org
+
 # Comma separated list of MAC addresses who are allowed to pass
 # through without authentication.
 # N.B.: weak security, since MAC addresses are easy to spoof.