diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2019-11-27 17:09:13 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2019-11-27 17:09:13 +0000 |
| commit | ef8ac29ba3d237a19175ad7252d709c9a74bc051 (patch) | |
| tree | b0730c77a5711b1dc33eb1195ded6d2306cd0a14 /sbin | |
| parent | eea03b2cf9ebda5eab296063580192f3601c9f64 (diff) | |
Nuke http captive portal detection; something better is coming.
OK otto
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/unwind/Makefile | 7 | ||||
| -rw-r--r-- | sbin/unwind/captiveportal.c | 676 | ||||
| -rw-r--r-- | sbin/unwind/captiveportal.h | 41 | ||||
| -rw-r--r-- | sbin/unwind/control.c | 8 | ||||
| -rw-r--r-- | sbin/unwind/frontend.c | 95 | ||||
| -rw-r--r-- | sbin/unwind/frontend.h | 4 | ||||
| -rw-r--r-- | sbin/unwind/parse.y | 72 | ||||
| -rw-r--r-- | sbin/unwind/printconf.c | 15 | ||||
| -rw-r--r-- | sbin/unwind/resolver.c | 308 | ||||
| -rw-r--r-- | sbin/unwind/resolver.h | 3 | ||||
| -rw-r--r-- | sbin/unwind/unwind.c | 245 | ||||
| -rw-r--r-- | sbin/unwind/unwind.conf.5 | 43 | ||||
| -rw-r--r-- | sbin/unwind/unwind.h | 19 |
13 files changed, 31 insertions, 1505 deletions
diff --git a/sbin/unwind/Makefile b/sbin/unwind/Makefile index b48a14ce4b1..cac03af8556 100644 --- a/sbin/unwind/Makefile +++ b/sbin/unwind/Makefile @@ -1,8 +1,7 @@ -# $OpenBSD: Makefile,v 1.4 2019/03/01 08:02:25 florian Exp $ +# $OpenBSD: Makefile,v 1.5 2019/11/27 17:09:12 florian Exp $ PROG= unwind SRCS= control.c resolver.c frontend.c log.c unwind.c parse.y printconf.c -SRCS+= captiveportal.c MAN= unwind.8 unwind.conf.5 .include "${.CURDIR}/libunbound/Makefile.inc" @@ -15,7 +14,7 @@ CFLAGS+= -Wmissing-declarations CFLAGS+= -Wshadow -Wpointer-arith CFLAGS+= -Wsign-compare YFLAGS= -LDADD+= -levent -lutil -ltls -lssl -lcrypto -DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} +LDADD+= -levent -lutil -lssl -lcrypto +DPADD+= ${LIBEVENT} ${LIBUTIL} ${LIBSSL} ${LIBCRYPTO} .include <bsd.prog.mk> diff --git a/sbin/unwind/captiveportal.c b/sbin/unwind/captiveportal.c deleted file mode 100644 index 0c7b0c1f207..00000000000 --- a/sbin/unwind/captiveportal.c +++ /dev/null @@ -1,676 +0,0 @@ -/* $OpenBSD: captiveportal.c,v 1.12 2019/05/14 14:51:31 florian Exp $ */ - -/* - * Copyright (c) 2018 Florian Obser <florian@openbsd.org> - * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> - * Copyright (c) 2004 Esben Norby <norby@openbsd.org> - * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <sys/types.h> -#include <sys/queue.h> -#include <sys/socket.h> -#include <sys/syslog.h> -#include <sys/uio.h> - -#include <netinet/in.h> -#include <net/if.h> -#include <net/route.h> - -#include <ctype.h> -#include <errno.h> -#include <event.h> -#include <imsg.h> -#include <limits.h> -#include <netdb.h> -#include <pwd.h> -#include <signal.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> -#include <vis.h> - -#include "log.h" -#include "unwind.h" -#include "captiveportal.h" - -enum http_global_state { - IDLE, - READING -}; - -enum http_state { - INIT, - SENT_QUERY, - HEADER_READ -}; - -struct http_ctx { - TAILQ_ENTRY(http_ctx) entry; - struct event ev; - int fd; - enum http_state state; - char *buf; - size_t bufsz; - int status; - int content_length; -}; - -__dead void captiveportal_shutdown(void); -void captiveportal_sig_handler(int, short, void *); -void captiveportal_startup(void); -void http_callback(int, short, void *); -int parse_http_header(struct http_ctx *); -void check_http_body(struct http_ctx *ctx); -void free_http_ctx(struct http_ctx *); -void close_other_http_contexts(struct http_ctx *); - -struct uw_conf *captiveportal_conf; -struct imsgev *iev_main; -struct imsgev *iev_resolver; -struct imsgev *iev_frontend; - -#define MAX_SERVERS_DNS 8 -enum http_global_state http_global_state = IDLE; -TAILQ_HEAD(, http_ctx) http_contexts; -int http_contexts_count; - -struct timeval tv = {5, 0}; - -void -captiveportal_sig_handler(int sig, short event, void *bula) -{ - /* - * Normal signal handler rules don't apply because libevent - * decouples for us. - */ - - switch (sig) { - case SIGINT: - case SIGTERM: - captiveportal_shutdown(); - default: - fatalx("unexpected signal"); - } -} - -void -captiveportal(int debug, int verbose) -{ - struct event ev_sigint, ev_sigterm; - struct passwd *pw; - - captiveportal_conf = config_new_empty(); - - log_init(debug, LOG_DAEMON); - log_setverbose(verbose); - - if ((pw = getpwnam(UNWIND_USER)) == NULL) - fatal("getpwnam"); - - if (chroot(pw->pw_dir) == -1) - fatal("chroot"); - if (chdir("/") == -1) - fatal("chdir(\"/\")"); - - uw_process = PROC_CAPTIVEPORTAL; - setproctitle("%s", log_procnames[uw_process]); - log_procinit(log_procnames[uw_process]); - - if (setgroups(1, &pw->pw_gid) || - setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || - setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) - fatal("can't drop privileges"); - - if (pledge("stdio recvfd", NULL) == -1) - fatal("pledge"); - - event_init(); - - /* Setup signal handler. */ - signal_set(&ev_sigint, SIGINT, captiveportal_sig_handler, NULL); - signal_set(&ev_sigterm, SIGTERM, captiveportal_sig_handler, NULL); - signal_add(&ev_sigint, NULL); - signal_add(&ev_sigterm, NULL); - signal(SIGPIPE, SIG_IGN); - signal(SIGHUP, SIG_IGN); - - /* Setup pipe and event handler to the parent process. */ - if ((iev_main = malloc(sizeof(struct imsgev))) == NULL) - fatal(NULL); - imsg_init(&iev_main->ibuf, 3); - iev_main->handler = captiveportal_dispatch_main; - iev_main->events = EV_READ; - event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events, - iev_main->handler, iev_main); - event_add(&iev_main->ev, NULL); - - TAILQ_INIT(&http_contexts); - - event_dispatch(); - - captiveportal_shutdown(); -} - -__dead void -captiveportal_shutdown(void) -{ - /* Close pipes. */ - msgbuf_write(&iev_resolver->ibuf.w); - msgbuf_clear(&iev_resolver->ibuf.w); - close(iev_resolver->ibuf.fd); - msgbuf_write(&iev_frontend->ibuf.w); - msgbuf_clear(&iev_frontend->ibuf.w); - close(iev_frontend->ibuf.fd); - msgbuf_write(&iev_main->ibuf.w); - msgbuf_clear(&iev_main->ibuf.w); - close(iev_main->ibuf.fd); - - config_clear(captiveportal_conf); - - free(iev_resolver); - free(iev_frontend); - free(iev_main); - - log_info("captiveportal exiting"); - exit(0); -} - -int -captiveportal_imsg_compose_main(int type, pid_t pid, void *data, - uint16_t datalen) -{ - return (imsg_compose_event(iev_main, type, 0, pid, -1, data, datalen)); -} - -int -captiveportal_imsg_compose_resolver(int type, pid_t pid, void *data, - uint16_t datalen) -{ - return (imsg_compose_event(iev_resolver, type, 0, pid, -1, data, - datalen)); -} - -int -captiveportal_imsg_compose_frontend(int type, pid_t pid, void *data, - uint16_t datalen) -{ - return (imsg_compose_event(iev_frontend, type, 0, pid, -1, data, - datalen)); -} - -void -captiveportal_dispatch_main(int fd, short event, void *bula) -{ - static struct uw_conf *nconf; - struct imsg imsg; - struct imsgev *iev = bula; - struct imsgbuf *ibuf = &iev->ibuf; - struct http_ctx *ctx; - int n, shut = 0; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("%s: imsg_get error", __func__); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { - case IMSG_SOCKET_IPC_RESOLVER: - /* - * Setup pipe and event handler to the resolver - * process. - */ - if (iev_resolver) { - fatalx("%s: received unexpected imsg fd " - "to captiveportal", __func__); - break; - } - if ((fd = imsg.fd) == -1) { - fatalx("%s: expected to receive imsg fd to " - "captiveportal but didn't receive any", - __func__); - break; - } - - iev_resolver = malloc(sizeof(struct imsgev)); - if (iev_resolver == NULL) - fatal(NULL); - - imsg_init(&iev_resolver->ibuf, fd); - iev_resolver->handler = captiveportal_dispatch_resolver; - iev_resolver->events = EV_READ; - - event_set(&iev_resolver->ev, iev_resolver->ibuf.fd, - iev_resolver->events, iev_resolver->handler, - iev_resolver); - event_add(&iev_resolver->ev, NULL); - break; - case IMSG_SOCKET_IPC_FRONTEND: - /* - * Setup pipe and event handler to the frontend - * process. - */ - if (iev_frontend) { - fatalx("%s: received unexpected imsg fd " - "to frontend", __func__); - break; - } - if ((fd = imsg.fd) == -1) { - fatalx("%s: expected to receive imsg fd to " - "frontend but didn't receive any", - __func__); - break; - } - - iev_frontend = malloc(sizeof(struct imsgev)); - if (iev_frontend == NULL) - fatal(NULL); - - imsg_init(&iev_frontend->ibuf, fd); - iev_frontend->handler = captiveportal_dispatch_frontend; - iev_frontend->events = EV_READ; - - event_set(&iev_frontend->ev, iev_frontend->ibuf.fd, - iev_frontend->events, iev_frontend->handler, - iev_frontend); - event_add(&iev_frontend->ev, NULL); - break; - case IMSG_RECONF_CONF: - case IMSG_RECONF_CAPTIVE_PORTAL_HOST: - case IMSG_RECONF_CAPTIVE_PORTAL_PATH: - case IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE: - case IMSG_RECONF_BLOCKLIST_FILE: - case IMSG_RECONF_FORWARDER: - case IMSG_RECONF_DOT_FORWARDER: - imsg_receive_config(&imsg, &nconf); - break; - case IMSG_RECONF_END: - if (nconf == NULL) - fatalx("%s: IMSG_RECONF_END without " - "IMSG_RECONF_CONF", __func__); - merge_config(captiveportal_conf, nconf); - nconf = NULL; - break; - case IMSG_HTTPSOCK: - if ((fd = imsg.fd) == -1) { - fatalx("%s: expected to receive imsg fd to " - "captiveportal but didn't receive any", - __func__); - break; - } - - if (http_global_state == READING || - http_contexts_count >= MAX_SERVERS_DNS) { - /* don't try more servers */ - close(fd); - break; - } - - if ((ctx = malloc(sizeof(*ctx))) == NULL) { - close(fd); - break; - } - - ctx->state = INIT; - ctx->fd = fd; - ctx->bufsz = 0; - ctx->buf = NULL; - ctx->status = -1; - ctx->content_length = -1; - - event_set(&ctx->ev, fd, EV_READ | EV_WRITE | - EV_PERSIST, http_callback, ctx); - event_add(&ctx->ev, &tv); - - TAILQ_INSERT_TAIL(&http_contexts, ctx, entry); - - http_contexts_count++; - - break; - default: - log_debug("%s: error handling imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void -captiveportal_dispatch_resolver(int fd, short event, void *bula) -{ - struct imsgev *iev = bula; - struct imsgbuf *ibuf = &iev->ibuf; - struct imsg imsg; - int n, shut = 0; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("%s: imsg_get error", __func__); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { - default: - log_debug("%s: error handling imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void -captiveportal_dispatch_frontend(int fd, short event, void *bula) -{ - struct imsgev *iev = bula; - struct imsgbuf *ibuf = &iev->ibuf; - struct imsg imsg; - int n, verbose, shut = 0; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("%s: imsg_get error", __func__); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { - case IMSG_CTL_LOG_VERBOSE: - if (IMSG_DATA_SIZE(imsg) != sizeof(verbose)) - fatalx("%s: IMSG_CTL_LOG_VERBOSE wrong length: " - "%lu", __func__, IMSG_DATA_SIZE(imsg)); - memcpy(&verbose, imsg.data, sizeof(verbose)); - log_setverbose(verbose); - break; - default: - log_debug("%s: error handling imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void -http_callback(int fd, short events, void *arg) -{ - struct http_ctx *ctx; - ssize_t n; - char *query, buf[512], *vis_str, *p, *ep; - - ctx = (struct http_ctx *)arg; - - if (events & EV_TIMEOUT) { - log_debug("%s: TIMEOUT", __func__); - goto err; - } - - if (events & EV_READ) { - if ((n = read(fd, buf, sizeof(buf))) == -1) { - if (errno == EAGAIN || errno == EINTR) - return; - else { - log_warn("%s: read", __func__); - if (http_global_state == READING) - http_global_state = IDLE; - goto err; - } - } - - if (http_contexts_count > 1) - close_other_http_contexts(ctx); - http_global_state = READING; - - if (n == 0) { - check_http_body(ctx); - return; - } - p = recallocarray(ctx->buf, ctx->bufsz, ctx->bufsz + n, 1); - if (p == NULL) { - log_warn("%s", __func__); - goto err; - } - ctx->buf = p; - memcpy(ctx->buf + ctx->bufsz, buf, n); - ctx->bufsz += n; - - if (ctx->state == HEADER_READ && ctx->content_length != -1 && - ctx->bufsz >= (size_t)ctx->content_length) { - check_http_body(ctx); - return; - } - - if (ctx->state == SENT_QUERY) { - ep = memmem(ctx->buf, ctx->bufsz, "\r\n\r\n", 4); - if (ep != NULL) { - ctx->state = HEADER_READ; - *ep = '\0'; - if (strlen(ctx->buf) != (uintptr_t) - (ep - ctx->buf)) { - log_warnx("binary data in header"); - goto err; - } - stravis(&vis_str, ctx->buf, - VIS_NL | VIS_CSTYLE); - log_debug("header\n%s", vis_str); - free(vis_str); - - if (parse_http_header(ctx) != 0) - goto err; - - p = ctx->buf; - ep += 4; - ctx->bufsz = (ctx->buf + ctx->bufsz) - ep; - ctx->buf = malloc(ctx->bufsz); - memcpy(ctx->buf, ep, ctx->bufsz); - free(p); - } - } - } - - if (events & EV_WRITE) { - if (ctx->state == INIT) { - n = asprintf(&query, - "GET %s HTTP/1.1\r\nHost: %s\r\n" - "Connection: close\r\n\r\n", - captiveportal_conf->captive_portal_path, - captiveportal_conf->captive_portal_host); - write(fd, query, n); - free(query); - event_del(&ctx->ev); - event_set(&ctx->ev, fd, EV_READ | EV_PERSIST, - http_callback, ctx); - event_add(&ctx->ev, &tv); - ctx->state = SENT_QUERY; - } else { - log_warnx("invalid state: %d", ctx->state); - goto err; - } - } - return; -err: - free_http_ctx(ctx); -} - -int -parse_http_header(struct http_ctx *ctx) -{ - char *p, *ep; - const char *errstr; - - /* scan past HTTP/1.x */ - p = strchr(ctx->buf, ' '); - if (p == NULL) - return (1); - while (isspace((int)*p)) - p++; - ep = strchr(p, ' '); - if (ep == NULL) - return (1); - *ep = '\0'; - ctx->status = strtonum(p, 100, 599, &errstr); - if (errstr != NULL) { - log_warnx("%s: status is %s: %s", __func__, errstr, p); - return (1); - } - - log_debug("%s: status: %d", __func__, ctx->status); - - /* ignore parse errors from here on out, we got the status */ - - p = strcasestr(ep + 1, "Content-Length:"); - if (p == NULL) - return (0); - - p += sizeof("Content-Length:") - 1; - while (isspace((int)*p)) - p++; - - ep = strchr(p, '\r'); - if (ep == NULL) - return (0); - - *ep = '\0'; - ctx->content_length = strtonum(p, 0, INT_MAX, &errstr); - if (errstr != NULL) { - log_warnx("%s: Content-Lenght is %s: %s", __func__, errstr, p); - ctx->content_length = -1; - return (0); - } - log_debug("content-length: %d", ctx->content_length); - return (0); -} - -void -check_http_body(struct http_ctx *ctx) -{ - enum captive_portal_state state; - char *p, *vis_str; - - p = recallocarray(ctx->buf, ctx->bufsz, ctx->bufsz + 1, 1); - if (p == NULL) { - log_warn("%s", __func__); - free_http_ctx(ctx); - return; - } - ctx->buf = p; - *(ctx->buf + ctx->bufsz) = '\0'; - ctx->bufsz++; - stravis(&vis_str, ctx->buf, VIS_NL | VIS_CSTYLE); - log_debug("body[%ld]\n%s", ctx->bufsz, vis_str); - - if (ctx->status == captiveportal_conf->captive_portal_expected_status && - strcmp(vis_str, - captiveportal_conf->captive_portal_expected_response) == 0) { - log_debug("%s: not behind captive portal", __func__); - state = NOT_BEHIND; - } else { - log_debug("%s: behind captive portal", __func__); - state = BEHIND; - } - captiveportal_imsg_compose_resolver(IMSG_CAPTIVEPORTAL_STATE, 0, - &state, sizeof(state)); - free_http_ctx(ctx); - http_global_state = IDLE; -} - -void -free_http_ctx(struct http_ctx *ctx) -{ - if (ctx == NULL) - return; - - event_del(&ctx->ev); - close(ctx->fd); - TAILQ_REMOVE(&http_contexts, ctx, entry); - free(ctx->buf); - free(ctx); - http_contexts_count--; -} - -void -close_other_http_contexts(struct http_ctx *octx) -{ - struct http_ctx *ctx, *t; - - log_debug("%s", __func__); - TAILQ_FOREACH_SAFE(ctx, &http_contexts, entry, t) - if(ctx != octx) - free_http_ctx(ctx); -} diff --git a/sbin/unwind/captiveportal.h b/sbin/unwind/captiveportal.h deleted file mode 100644 index cee72005e5c..00000000000 --- a/sbin/unwind/captiveportal.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: captiveportal.h,v 1.1 2019/02/03 12:02:30 florian Exp $ */ - -/* - * Copyright (c) 2018 Florian Obser <florian@openbsd.org> - * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - - -enum captive_portal_state { - PORTAL_UNCHECKED, - PORTAL_UNKNOWN, - BEHIND, - NOT_BEHIND -}; - -static const char * const captive_portal_state_str[] = { - "unchecked", - "unknown", - "behind", - "not behind" -}; - -void captiveportal(int, int); -void captiveportal_dispatch_main(int, short, void *); -void captiveportal_dispatch_resolver(int, short, void *); -void captiveportal_dispatch_frontend(int, short, void *); -int captiveportal_imsg_compose_main(int, pid_t, void *, uint16_t); -int captiveportal_imsg_compose_resolver(int, pid_t, void *, uint16_t); -int captiveportal_imsg_compose_frontend(int, pid_t, void *, uint16_t); diff --git a/sbin/unwind/control.c b/sbin/unwind/control.c index f2dd612dc46..e1b417eff33 100644 --- a/sbin/unwind/control.c +++ b/sbin/unwind/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.11 2019/11/11 05:51:05 florian Exp $ */ +/* $OpenBSD: control.c,v 1.12 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -259,10 +259,6 @@ control_dispatch_imsg(int fd, short event, void *bula) case IMSG_CTL_RELOAD: frontend_imsg_compose_main(imsg.hdr.type, 0, NULL, 0); break; - case IMSG_CTL_RECHECK_CAPTIVEPORTAL: - frontend_imsg_compose_resolver(imsg.hdr.type, - imsg.hdr.pid, NULL, 0); - break; case IMSG_CTL_LOG_VERBOSE: if (IMSG_DATA_SIZE(imsg) != sizeof(verbose)) break; @@ -272,8 +268,6 @@ control_dispatch_imsg(int fd, short event, void *bula) imsg.data, IMSG_DATA_SIZE(imsg)); frontend_imsg_compose_resolver(imsg.hdr.type, imsg.hdr.pid, imsg.data, IMSG_DATA_SIZE(imsg)); - frontend_imsg_compose_captiveportal(imsg.hdr.type, - imsg.hdr.pid, imsg.data, IMSG_DATA_SIZE(imsg)); memcpy(&verbose, imsg.data, sizeof(verbose)); log_setverbose(verbose); diff --git a/sbin/unwind/frontend.c b/sbin/unwind/frontend.c index e81c7b247ef..d02f7e61f88 100644 --- a/sbin/unwind/frontend.c +++ b/sbin/unwind/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.39 2019/11/25 17:36:48 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.40 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -121,7 +121,6 @@ void free_bl(void); struct uw_conf *frontend_conf; struct imsgev *iev_main; struct imsgev *iev_resolver; -struct imsgev *iev_captiveportal; struct event ev_route; int udp4sock = -1, udp6sock = -1, routesock = -1; int ta_fd = -1; @@ -247,9 +246,6 @@ frontend_shutdown(void) msgbuf_write(&iev_resolver->ibuf.w); msgbuf_clear(&iev_resolver->ibuf.w); close(iev_resolver->ibuf.fd); - msgbuf_write(&iev_captiveportal->ibuf.w); - msgbuf_clear(&iev_captiveportal->ibuf.w); - close(iev_captiveportal->ibuf.fd); msgbuf_write(&iev_main->ibuf.w); msgbuf_clear(&iev_main->ibuf.w); close(iev_main->ibuf.fd); @@ -257,7 +253,6 @@ frontend_shutdown(void) config_clear(frontend_conf); free(iev_resolver); - free(iev_captiveportal); free(iev_main); log_info("frontend exiting"); @@ -278,14 +273,6 @@ frontend_imsg_compose_resolver(int type, pid_t pid, void *data, datalen)); } -int -frontend_imsg_compose_captiveportal(int type, pid_t pid, void *data, - uint16_t datalen) -{ - return (imsg_compose_event(iev_captiveportal, type, 0, pid, -1, data, - datalen)); -} - void frontend_dispatch_main(int fd, short event, void *bula) { @@ -345,42 +332,7 @@ frontend_dispatch_main(int fd, short event, void *bula) iev_resolver); event_add(&iev_resolver->ev, NULL); break; - case IMSG_SOCKET_IPC_CAPTIVEPORTAL: - /* - * Setup pipe and event handler to the captiveportal - * process. - */ - if (iev_captiveportal) { - fatalx("%s: received unexpected imsg fd " - "to frontend", __func__); - break; - } - if ((fd = imsg.fd) == -1) { - fatalx("%s: expected to receive imsg fd to " - "frontend but didn't receive any", - __func__); - break; - } - - iev_captiveportal = malloc(sizeof(struct imsgev)); - if (iev_captiveportal == NULL) - fatal(NULL); - - imsg_init(&iev_captiveportal->ibuf, fd); - iev_captiveportal->handler = - frontend_dispatch_captiveportal; - iev_captiveportal->events = EV_READ; - - event_set(&iev_captiveportal->ev, - iev_captiveportal->ibuf.fd, - iev_captiveportal->events, - iev_captiveportal->handler, iev_captiveportal); - event_add(&iev_captiveportal->ev, NULL); - break; case IMSG_RECONF_CONF: - case IMSG_RECONF_CAPTIVE_PORTAL_HOST: - case IMSG_RECONF_CAPTIVE_PORTAL_PATH: - case IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE: case IMSG_RECONF_BLOCKLIST_FILE: case IMSG_RECONF_FORWARDER: case IMSG_RECONF_DOT_FORWARDER: @@ -533,7 +485,6 @@ frontend_dispatch_resolver(int fd, short event, void *bula) send_answer(pq); break; case IMSG_CTL_RESOLVER_INFO: - case IMSG_CTL_CAPTIVEPORTAL_INFO: case IMSG_CTL_RESOLVER_WHY_BOGUS: case IMSG_CTL_RESOLVER_HISTOGRAM: case IMSG_CTL_AUTOCONF_RESOLVER_INFO: @@ -580,50 +531,6 @@ frontend_dispatch_resolver(int fd, short event, void *bula) } void -frontend_dispatch_captiveportal(int fd, short event, void *bula) -{ - struct imsgev *iev = bula; - struct imsgbuf *ibuf = &iev->ibuf; - struct imsg imsg; - int n, shut = 0; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("%s: imsg_get error", __func__); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { - default: - log_debug("%s: error handling imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void frontend_startup(void) { if (!event_initialized(&ev_route)) diff --git a/sbin/unwind/frontend.h b/sbin/unwind/frontend.h index 10ee9952bf9..48e5aee028c 100644 --- a/sbin/unwind/frontend.h +++ b/sbin/unwind/frontend.h @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.h,v 1.5 2019/11/19 14:47:46 florian Exp $ */ +/* $OpenBSD: frontend.h,v 1.6 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -35,10 +35,8 @@ struct imsg_rdns_proposal { void frontend(int, int); void frontend_dispatch_main(int, short, void *); void frontend_dispatch_resolver(int, short, void *); -void frontend_dispatch_captiveportal(int, short, void *); int frontend_imsg_compose_main(int, pid_t, void *, uint16_t); int frontend_imsg_compose_resolver(int, pid_t, void *, uint16_t); -int frontend_imsg_compose_captiveportal(int, pid_t, void *, uint16_t); char *ip_port(struct sockaddr *); void add_new_ta(struct trust_anchor_head *, char *); void free_tas(struct trust_anchor_head *); diff --git a/sbin/unwind/parse.y b/sbin/unwind/parse.y index 77e2749e86b..7196ce72348 100644 --- a/sbin/unwind/parse.y +++ b/sbin/unwind/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.17 2019/11/26 19:35:13 kn Exp $ */ +/* $OpenBSD: parse.y,v 1.18 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -98,9 +98,9 @@ typedef struct { %} -%token YES NO INCLUDE ERROR -%token FORWARDER DOT PORT CAPTIVE PORTAL URL EXPECTED RESPONSE -%token STATUS AUTO AUTHENTICATION NAME PREFERENCE RECURSOR DHCP STUB +%token INCLUDE ERROR +%token FORWARDER DOT PORT +%token AUTHENTICATION NAME PREFERENCE RECURSOR DHCP STUB %token BLOCK LIST LOG %token <v.string> STRING @@ -116,7 +116,6 @@ grammar : /* empty */ | grammar varset '\n' | grammar uw_pref '\n' | grammar uw_forwarder '\n' - | grammar captive_portal '\n' | grammar block_list '\n' | grammar error '\n' { file->errors++; } ; @@ -149,10 +148,6 @@ string : string STRING { | STRING ; -yesno : YES { $$ = 1; } - | NO { $$ = 0; } - ; - varset : STRING '=' string { char *s = $1; if (cmd_opts & OPT_VERBOSE) @@ -194,56 +189,6 @@ block_list : BLOCK LIST STRING log { } ; -captive_portal : CAPTIVE PORTAL captive_portal_block - ; -captive_portal_block : '{' optnl captive_portal_opts_l '}' - | captive_portal_optsl - ; - -captive_portal_opts_l : captive_portal_opts_l captive_portal_optsl optnl - | captive_portal_optsl optnl - ; - -captive_portal_optsl : URL STRING { - char *ep; - if (strncmp($2, "http://", 7) != 0) { - yyerror("only http:// urls are " - "supported: %s", $2); - free($2); - YYERROR; - } - if ((ep = strchr($2 + 7, '/')) != NULL) { - conf->captive_portal_path = - strdup(ep); - *ep = '\0'; - } else - conf->captive_portal_path = strdup("/"); - if (conf->captive_portal_path == NULL) - err(1, "strdup"); - if ((conf->captive_portal_host = - strdup($2 + 7)) == NULL) - err(1, "strdup"); - free($2); - } - | EXPECTED RESPONSE STRING { - if ((conf->captive_portal_expected_response = - strdup($3)) == NULL) - err(1, "strdup"); - free($3); - } - | EXPECTED STATUS NUMBER { - if ($3 < 100 || $3 > 599) { - yyerror("%lld is an invalid http " - "status", $3); - YYERROR; - } - conf->captive_portal_expected_status = $3; - } - | AUTO yesno { - conf->captive_portal_auto = $2; - } - ; - uw_pref : PREFERENCE { conf->res_pref_len = 0; } pref_block ; @@ -405,28 +350,19 @@ lookup(char *s) static const struct keywords keywords[] = { {"DoT", DOT}, {"authentication", AUTHENTICATION}, - {"auto", AUTO}, {"block", BLOCK}, - {"captive", CAPTIVE}, {"dhcp", DHCP}, {"dot", DOT}, - {"expected", EXPECTED}, {"forwarder", FORWARDER}, {"include", INCLUDE}, {"list", LIST}, {"log", LOG}, {"name", NAME}, - {"no", NO}, {"port", PORT}, - {"portal", PORTAL}, {"preference", PREFERENCE}, {"recursor", RECURSOR}, - {"response", RESPONSE}, - {"status", STATUS}, {"stub", STUB}, {"tls", DOT}, - {"url", URL}, - {"yes", YES}, }; const struct keywords *p; diff --git a/sbin/unwind/printconf.c b/sbin/unwind/printconf.c index e84a99bfeb6..3e8ce2240bf 100644 --- a/sbin/unwind/printconf.c +++ b/sbin/unwind/printconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printconf.c,v 1.12 2019/11/09 16:28:10 florian Exp $ */ +/* $OpenBSD: printconf.c,v 1.13 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -93,19 +93,6 @@ print_config(struct uw_conf *conf) printf("}\n"); } - if (conf->captive_portal_host != NULL) { - printf("captive portal {\n"); - printf("\turl \"http://%s%s\"\n", conf->captive_portal_host, - conf->captive_portal_path); - printf("\texpected status %d\n", - conf->captive_portal_expected_status); - if (conf->captive_portal_expected_response != NULL) - printf("\texpected response \"%s\"\n", - conf->captive_portal_expected_response); - printf("\tauto %s\n", yesno(conf->captive_portal_auto)); - printf("}\n"); - } - if (conf->blocklist_file != NULL) printf("block list \"%s\"%s\n", conf->blocklist_file, conf->blocklist_log ? " log" : ""); diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c index 39bee165c87..a2f0447cf9d 100644 --- a/sbin/unwind/resolver.c +++ b/sbin/unwind/resolver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: resolver.c,v 1.77 2019/11/25 18:10:42 otto Exp $ */ +/* $OpenBSD: resolver.c,v 1.78 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -54,21 +54,18 @@ #include <openssl/crypto.h> -#include "captiveportal.h" #include "log.h" #include "frontend.h" #include "unwind.h" #include "resolver.h" +#define TLS_DEFAULT_CA_CERT_FILE "/etc/ssl/cert.pem" #define UB_LOG_VERBOSE 4 #define UB_LOG_BRIEF 0 #define RESOLVER_CHECK_SEC 1 #define RESOLVER_CHECK_MAXSEC 1024 /* ~17 minutes */ -#define PORTAL_CHECK_SEC 15 -#define PORTAL_CHECK_MAXSEC 600 - #define TRUST_ANCHOR_RETRY_INTERVAL 8640 #define TRUST_ANCHOR_QUERY_INTERVAL 43200 @@ -105,7 +102,6 @@ struct resolver_cb_data { __dead void resolver_shutdown(void); void resolver_sig_handler(int sig, short, void *); void resolver_dispatch_frontend(int, short, void *); -void resolver_dispatch_captiveportal(int, short, void *); void resolver_dispatch_main(int, short, void *); int resolve(struct uw_resolver *, const char*, int, int, void*, resolve_cb_t); @@ -147,12 +143,6 @@ void send_detailed_resolver_info(struct uw_resolver *, pid_t); void send_resolver_histogram_info(struct uw_resolver *, pid_t); -void check_captive_portal(int); -void check_captive_portal_timo(int, short, void *); -int check_captive_portal_changed(struct uw_conf *, - struct uw_conf *); -void captive_portal_resolve_done(struct uw_resolver *, - void *, int, void *, int, int, char *); void trust_anchor_resolve(void); void trust_anchor_timo(int, short, void *); void trust_anchor_resolve_done(struct uw_resolver *, void *, @@ -164,13 +154,9 @@ struct uw_forwarder *find_forwarder(struct uw_forwarder_head *, struct uw_conf *resolver_conf; struct imsgev *iev_frontend; -struct imsgev *iev_captiveportal; struct imsgev *iev_main; struct uw_forwarder_head autoconf_forwarder_list; struct uw_resolver *resolvers[UW_RES_NONE]; -struct timeval captive_portal_check_tv = - {PORTAL_CHECK_SEC, 0}; -struct event captive_portal_check_ev; struct event trust_anchor_timer; @@ -178,8 +164,6 @@ static struct trust_anchor_head trust_anchors, new_trust_anchors; struct event_base *ev_base; -enum captive_portal_state captive_portal_state = PORTAL_UNCHECKED; - static const char * const as112_zones[] = { /* RFC1918 */ "10.in-addr.arpa. transparent", @@ -318,7 +302,7 @@ resolver(int debug, int verbose) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); - if (unveil(tls_default_ca_cert_file(), "r") == -1) + if (unveil(TLS_DEFAULT_CA_CERT_FILE, "r") == -1) fatal("unveil"); if (pledge("stdio inet dns rpath recvfd", NULL) == -1) @@ -347,7 +331,6 @@ resolver(int debug, int verbose) iev_main->handler, iev_main); event_add(&iev_main->ev, NULL); - evtimer_set(&captive_portal_check_ev, check_captive_portal_timo, NULL); evtimer_set(&trust_anchor_timer, trust_anchor_timo, NULL); new_recursor(); @@ -369,15 +352,12 @@ resolver_shutdown(void) /* Close pipes. */ msgbuf_clear(&iev_frontend->ibuf.w); close(iev_frontend->ibuf.fd); - msgbuf_clear(&iev_captiveportal->ibuf.w); - close(iev_captiveportal->ibuf.fd); msgbuf_clear(&iev_main->ibuf.w); close(iev_main->ibuf.fd); config_clear(resolver_conf); free(iev_frontend); - free(iev_captiveportal); free(iev_main); log_info("resolver exiting"); @@ -398,14 +378,6 @@ resolver_imsg_compose_frontend(int type, pid_t pid, void *data, data, datalen)); } -int -resolver_imsg_compose_captiveportal(int type, pid_t pid, void *data, - uint16_t datalen) -{ - return (imsg_compose_event(iev_captiveportal, type, 0, pid, -1, - data, datalen)); -} - void resolver_dispatch_frontend(int fd, short event, void *bula) { @@ -493,9 +465,6 @@ resolver_dispatch_frontend(int fd, short event, void *bula) memcpy(&type, imsg.data, sizeof(type)); show_status(type, imsg.hdr.pid); break; - case IMSG_CTL_RECHECK_CAPTIVEPORTAL: - check_captive_portal(1); - break; case IMSG_NEW_TA: /* make sure this is a string */ ((char *)imsg.data)[IMSG_DATA_SIZE(imsg) - 1] = '\0'; @@ -544,70 +513,6 @@ resolver_dispatch_frontend(int fd, short event, void *bula) } void -resolver_dispatch_captiveportal(int fd, short event, void *bula) -{ - struct imsgev *iev = bula; - struct imsgbuf *ibuf; - struct imsg imsg; - ssize_t n; - int shut = 0; - - - ibuf = &iev->ibuf; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("%s: imsg_get error", __func__); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { - case IMSG_CAPTIVEPORTAL_STATE: - if (IMSG_DATA_SIZE(imsg) != - sizeof(captive_portal_state)) - fatalx("%s: IMSG_CAPTIVEPORTAL_STATE wrong " - "length: %lu", __func__, - IMSG_DATA_SIZE(imsg)); - memcpy(&captive_portal_state, imsg.data, - sizeof(captive_portal_state)); - log_debug("%s: IMSG_CAPTIVEPORTAL_STATE: %s", __func__, - captive_portal_state_str[captive_portal_state]); - - if (captive_portal_state == NOT_BEHIND) { - evtimer_del(&captive_portal_check_ev); - schedule_recheck_all_resolvers(); - } - break; - default: - log_debug("%s: unexpected imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void resolver_dispatch_main(int fd, short event, void *bula) { static struct uw_conf *nconf; @@ -617,7 +522,6 @@ resolver_dispatch_main(int fd, short event, void *bula) ssize_t n; int shut = 0, forwarders_changed; int dot_forwarders_changed; - int captive_portal_changed; ibuf = &iev->ibuf; @@ -667,42 +571,12 @@ resolver_dispatch_main(int fd, short event, void *bula) iev_frontend); event_add(&iev_frontend->ev, NULL); break; - case IMSG_SOCKET_IPC_CAPTIVEPORTAL: - /* - * Setup pipe and event handler to the captiveportal - * process. - */ - if (iev_captiveportal) - fatalx("%s: received unexpected imsg fd " - "to resolver", __func__); - - if ((fd = imsg.fd) == -1) - fatalx("%s: expected to receive imsg fd to " - "resolver but didn't receive any", __func__); - - iev_captiveportal = malloc(sizeof(struct imsgev)); - if (iev_captiveportal == NULL) - fatal(NULL); - - imsg_init(&iev_captiveportal->ibuf, fd); - iev_captiveportal->handler = - resolver_dispatch_captiveportal; - iev_captiveportal->events = EV_READ; - event_set(&iev_captiveportal->ev, - iev_captiveportal->ibuf.fd, - iev_captiveportal->events, iev_captiveportal->handler, - iev_captiveportal); - event_add(&iev_captiveportal->ev, NULL); - break; case IMSG_STARTUP: if (pledge("stdio inet dns rpath", NULL) == -1) fatal("pledge"); break; case IMSG_RECONF_CONF: - case IMSG_RECONF_CAPTIVE_PORTAL_HOST: - case IMSG_RECONF_CAPTIVE_PORTAL_PATH: - case IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE: case IMSG_RECONF_BLOCKLIST_FILE: case IMSG_RECONF_FORWARDER: case IMSG_RECONF_DOT_FORWARDER: @@ -718,8 +592,6 @@ resolver_dispatch_main(int fd, short event, void *bula) dot_forwarders_changed = check_forwarders_changed( &resolver_conf->uw_dot_forwarder_list, &nconf->uw_dot_forwarder_list); - captive_portal_changed = check_captive_portal_changed( - resolver_conf, nconf); merge_config(resolver_conf, nconf); nconf = NULL; if (forwarders_changed) { @@ -730,14 +602,6 @@ resolver_dispatch_main(int fd, short event, void *bula) log_debug("static DoT forwarders changed"); new_static_dot_forwarders(); } - if (captive_portal_changed) { - if (resolver_conf->captive_portal_auto) - check_captive_portal(1); - else { - captive_portal_state = PORTAL_UNCHECKED; - schedule_recheck_all_resolvers(); - } - } break; default: log_debug("%s: unexpected imsg %d", __func__, @@ -1087,7 +951,7 @@ create_resolver(enum uw_resolver_type type, int oppdot) set_forwarders_oppdot(res, &autoconf_forwarder_list, 853); ub_ctx_set_option(res->ctx, "tls-cert-bundle:", - tls_default_ca_cert_file()); + TLS_DEFAULT_CA_CERT_FILE); ub_ctx_set_tls(res->ctx, 1); } else { set_forwarders_oppdot(res, &autoconf_forwarder_list, @@ -1100,7 +964,7 @@ create_resolver(enum uw_resolver_type type, int oppdot) set_forwarders_oppdot(res, &resolver_conf->uw_forwarder_list, 853); ub_ctx_set_option(res->ctx, "tls-cert-bundle:", - tls_default_ca_cert_file()); + TLS_DEFAULT_CA_CERT_FILE); ub_ctx_set_tls(res->ctx, 1); } else set_forwarders_oppdot(res, @@ -1109,7 +973,7 @@ create_resolver(enum uw_resolver_type type, int oppdot) case UW_RES_DOT: set_forwarders(res, &resolver_conf->uw_dot_forwarder_list); ub_ctx_set_option(res->ctx, "tls-cert-bundle:", - tls_default_ca_cert_file()); + TLS_DEFAULT_CA_CERT_FILE); ub_ctx_set_tls(res->ctx, 1); break; default: @@ -1477,8 +1341,7 @@ best_resolver(void) struct uw_resolver *res = NULL; int i; - log_debug("%s: %s: %s, %s: %s%s, %s: %s%s, %s: %s, %s: %s, " - "captive_portal: %s", + log_debug("%s: %s: %s, %s: %s%s, %s: %s%s, %s: %s, %s: %s", __func__, uw_resolver_type_str[UW_RES_RECURSOR], resolvers[UW_RES_RECURSOR] != NULL ? uw_resolver_state_str[resolvers[UW_RES_RECURSOR]->state] @@ -1497,17 +1360,7 @@ best_resolver(void) uw_resolver_state_str[resolvers[UW_RES_DOT]->state] : "NA", uw_resolver_type_str[UW_RES_ASR], resolvers[UW_RES_ASR] != NULL ? - uw_resolver_state_str[resolvers[UW_RES_ASR]->state] : "NA", - captive_portal_state_str[captive_portal_state]); - - if (captive_portal_state == PORTAL_UNKNOWN || captive_portal_state == - BEHIND) { - if (resolvers[UW_RES_ASR] != NULL && resolvers[UW_RES_ASR]-> - state != DEAD) { - res = resolvers[UW_RES_ASR]; - goto out; - } - } + uw_resolver_state_str[resolvers[UW_RES_ASR]->state] : "NA"); res = resolvers[resolver_conf->res_pref[0]]; @@ -1515,7 +1368,7 @@ best_resolver(void) if (resolver_cmp(res, resolvers[resolver_conf->res_pref[i]]) < 0) res = resolvers[resolver_conf->res_pref[i]]; -out: + if (res != NULL) log_debug("%s: %s state: %s%s", __func__, uw_resolver_type_str[res->type], @@ -1570,8 +1423,6 @@ show_status(enum uw_resolver_type type, pid_t pid) switch(type) { case UW_RES_NONE: - resolver_imsg_compose_frontend(IMSG_CTL_CAPTIVEPORTAL_INFO, - pid, &captive_portal_state, sizeof(captive_portal_state)); for (i = 0; i < resolver_conf->res_pref_len; i++) send_resolver_info( resolvers[resolver_conf->res_pref[i]], @@ -1649,145 +1500,6 @@ send_resolver_histogram_info(struct uw_resolver *res, pid_t pid) } void -check_captive_portal_timo(int fd, short events, void *arg) -{ - captive_portal_check_tv.tv_sec *= 2; - if (captive_portal_check_tv.tv_sec > PORTAL_CHECK_MAXSEC) - captive_portal_check_tv.tv_sec = PORTAL_CHECK_MAXSEC; - check_captive_portal(0); -} - -void -check_captive_portal(int timer_reset) -{ - struct uw_resolver *res; - - log_debug("%s", __func__); - - if (resolver_conf->captive_portal_host == NULL) { - log_debug("%s: no captive portal url configured", __func__); - captive_portal_state = PORTAL_UNCHECKED; - schedule_recheck_all_resolvers(); - return; - } - - if (timer_reset) - captive_portal_check_tv.tv_sec = PORTAL_CHECK_SEC; - - evtimer_add(&captive_portal_check_ev, &captive_portal_check_tv); - - captive_portal_state = PORTAL_UNKNOWN; - - if ((res = best_resolver()) == NULL) - return; - - resolve(res, resolver_conf->captive_portal_host, - LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, NULL, - captive_portal_resolve_done); -} - -void -captive_portal_resolve_done(struct uw_resolver *res, void *arg, int rcode, - void *answer_packet, int answer_len, int sec, char *why_bogus) -{ - struct ub_result *result = NULL; - sldns_buffer *buf = NULL; - struct regional *region = NULL; - struct in_addr *in; - int i; - char *str, rdata_buf[sizeof("xxx.xxx.xxx.xxx")]; - - if (answer_len < LDNS_HEADER_SIZE) { - log_warnx("bad packet: too short"); - goto out; - } - - if ((result = calloc(1, sizeof(*result))) == NULL) - goto out; - - log_debug("%s: rcode: %d", __func__, rcode); - if ((str = sldns_wire2str_pkt(answer_packet, answer_len)) != NULL) { - log_debug("%s", str); - free(str); - } - - if ((buf = sldns_buffer_new(answer_len)) == NULL) - goto out; - if ((region = regional_create()) == NULL) - goto out; - result->rcode = LDNS_RCODE_SERVFAIL; - - sldns_buffer_clear(buf); - sldns_buffer_write(buf, answer_packet, answer_len); - sldns_buffer_flip(buf); - libworker_enter_result(result, buf, region, sec); - result->answer_packet = NULL; - result->answer_len = 0; - - if (result->rcode != LDNS_RCODE_NOERROR) { - log_debug("%s: result->rcode: %d", __func__, - result->rcode); - goto out; - } - - i = 0; - while(result->data[i] != NULL) { - if (result->len[i] == 4) { - in = (struct in_addr*) result->data[i]; - log_debug("%s: %s", __func__, inet_ntop(AF_INET, - in, rdata_buf, sizeof(rdata_buf))); - resolver_imsg_compose_main( - IMSG_CONNECT_CAPTIVE_PORTAL_HOST, 0, in, - sizeof(*in)); - } - i++; - } - out: - sldns_buffer_free(buf); - regional_destroy(region); - ub_resolve_free(result); -} - -int -check_captive_portal_changed(struct uw_conf *a, struct uw_conf *b) -{ - - if (a->captive_portal_expected_status != - b->captive_portal_expected_status) - return (1); - - if (a->captive_portal_host == NULL && b->captive_portal_host != NULL) - return (1); - if (a->captive_portal_host != NULL && b->captive_portal_host == NULL) - return (1); - if (a->captive_portal_host != NULL && b->captive_portal_host != NULL && - strcmp(a->captive_portal_host, b->captive_portal_host) != 0) - return (1); - - if (a->captive_portal_path == NULL && b->captive_portal_path != NULL) - return (1); - if (a->captive_portal_path != NULL && b->captive_portal_path == NULL) - return (1); - if (a->captive_portal_path != NULL && b->captive_portal_path != NULL && - strcmp(a->captive_portal_path, b->captive_portal_path) != 0) - return (1); - - if (a->captive_portal_expected_response == NULL && - b->captive_portal_expected_response != NULL) - return (1); - if (a->captive_portal_expected_response != NULL && - b->captive_portal_expected_response == NULL) - return (1); - if (a->captive_portal_expected_response != NULL && - b->captive_portal_expected_response != NULL && - strcmp(a->captive_portal_expected_response, - b->captive_portal_expected_response) != 0) - return (1); - - return (0); -} - -void trust_anchor_resolve(void) { struct uw_resolver *res; @@ -1994,8 +1706,6 @@ replace_autoconf_forwarders(struct imsg_rdns_proposal *rdns_proposal) &autoconf_forwarder_list); new_forwarders(0); new_asr_forwarders(); - if (resolver_conf->captive_portal_auto) - check_captive_portal(1); log_debug("%s: forwarders changed", __func__); } else { log_debug("%s: forwarders didn't change", __func__); diff --git a/sbin/unwind/resolver.h b/sbin/unwind/resolver.h index 9be94385c4c..17df609e249 100644 --- a/sbin/unwind/resolver.h +++ b/sbin/unwind/resolver.h @@ -1,4 +1,4 @@ -/* $OpenBSD: resolver.h,v 1.10 2019/11/25 18:10:42 otto Exp $ */ +/* $OpenBSD: resolver.h,v 1.11 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -62,4 +62,3 @@ struct ctl_forwarder_info { void resolver(int, int); int resolver_imsg_compose_main(int, pid_t, void *, uint16_t); int resolver_imsg_compose_frontend(int, pid_t, void *, uint16_t); -int resolver_imsg_compose_captiveportal(int, pid_t, void *, uint16_t); diff --git a/sbin/unwind/unwind.c b/sbin/unwind/unwind.c index e514868fc22..6e94bb89f40 100644 --- a/sbin/unwind/unwind.c +++ b/sbin/unwind/unwind.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.c,v 1.39 2019/11/26 19:35:13 kn Exp $ */ +/* $OpenBSD: unwind.c,v 1.40 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -47,7 +47,6 @@ #include "frontend.h" #include "resolver.h" #include "control.h" -#include "captiveportal.h" #define TRUST_ANCHOR_FILE "/var/db/unwind.key" @@ -60,28 +59,23 @@ static pid_t start_child(int, char *, int, int, int); void main_dispatch_frontend(int, short, void *); void main_dispatch_resolver(int, short, void *); -void main_dispatch_captiveportal(int, short, void *); -static int main_imsg_send_ipc_sockets(struct imsgbuf *, struct imsgbuf *, - struct imsgbuf *); +static int main_imsg_send_ipc_sockets(struct imsgbuf *, struct imsgbuf *); static int main_imsg_send_config(struct uw_conf *); int main_reload(void); int main_sendall(enum imsg_type, void *, uint16_t); void open_ports(void); void solicit_dns_proposals(void); -void connect_captive_portal_host(struct in_addr *); void send_blocklist_fd(void); struct uw_conf *main_conf; struct imsgev *iev_frontend; struct imsgev *iev_resolver; -struct imsgev *iev_captiveportal; char *conffile; pid_t frontend_pid; pid_t resolver_pid; -pid_t captiveportal_pid; uint32_t cmd_opts; @@ -126,9 +120,8 @@ main(int argc, char *argv[]) { struct event ev_sigint, ev_sigterm, ev_sighup; int ch, debug = 0, resolver_flag = 0, frontend_flag = 0; - int captiveportal_flag = 0, frontend_routesock, rtfilter; + int frontend_routesock, rtfilter; int pipe_main2frontend[2], pipe_main2resolver[2]; - int pipe_main2captiveportal[2]; int control_fd, ta_fd; char *csock, *saved_argv0; @@ -141,11 +134,8 @@ main(int argc, char *argv[]) if (saved_argv0 == NULL) saved_argv0 = "unwind"; - while ((ch = getopt(argc, argv, "CdEFf:ns:v")) != -1) { + while ((ch = getopt(argc, argv, "dEFf:ns:v")) != -1) { switch (ch) { - case 'C': - captiveportal_flag = 1; - break; case 'd': debug = 1; break; @@ -176,15 +166,13 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - if (argc > 0 || (resolver_flag && frontend_flag && captiveportal_flag)) + if (argc > 0 || (resolver_flag && frontend_flag)) usage(); if (resolver_flag) resolver(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2)); else if (frontend_flag) frontend(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2)); - else if (captiveportal_flag) - captiveportal(debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2)); if ((main_conf = parse_config(conffile)) == NULL) exit(1); @@ -219,9 +207,6 @@ main(int argc, char *argv[]) if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, PF_UNSPEC, pipe_main2resolver) == -1) fatal("main2resolver socketpair"); - if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, - PF_UNSPEC, pipe_main2captiveportal) == -1) - fatal("main2captiveportal socketpair"); /* Start children. */ resolver_pid = start_child(PROC_RESOLVER, saved_argv0, @@ -230,9 +215,6 @@ main(int argc, char *argv[]) frontend_pid = start_child(PROC_FRONTEND, saved_argv0, pipe_main2frontend[1], debug, cmd_opts & (OPT_VERBOSE | OPT_VERBOSE2)); - captiveportal_pid = start_child(PROC_CAPTIVEPORTAL, saved_argv0, - pipe_main2captiveportal[1], debug, cmd_opts & (OPT_VERBOSE | - OPT_VERBOSE2)); uw_process = PROC_MAIN; log_procinit(log_procnames[uw_process]); @@ -251,15 +233,12 @@ main(int argc, char *argv[]) /* Setup pipes to children. */ if ((iev_frontend = malloc(sizeof(struct imsgev))) == NULL || - (iev_captiveportal = malloc(sizeof(struct imsgev))) == NULL || (iev_resolver = malloc(sizeof(struct imsgev))) == NULL) fatal(NULL); imsg_init(&iev_frontend->ibuf, pipe_main2frontend[0]); iev_frontend->handler = main_dispatch_frontend; imsg_init(&iev_resolver->ibuf, pipe_main2resolver[0]); iev_resolver->handler = main_dispatch_resolver; - imsg_init(&iev_captiveportal->ibuf, pipe_main2captiveportal[0]); - iev_captiveportal->handler = main_dispatch_captiveportal; /* Setup event handlers for pipes. */ iev_frontend->events = EV_READ; @@ -272,14 +251,8 @@ main(int argc, char *argv[]) iev_resolver->events, iev_resolver->handler, iev_resolver); event_add(&iev_resolver->ev, NULL); - iev_captiveportal->events = EV_READ; - event_set(&iev_captiveportal->ev, iev_captiveportal->ibuf.fd, - iev_captiveportal->events, iev_captiveportal->handler, - iev_captiveportal); - event_add(&iev_captiveportal->ev, NULL); - if (main_imsg_send_ipc_sockets(&iev_frontend->ibuf, - &iev_resolver->ibuf, &iev_captiveportal->ibuf)) + &iev_resolver->ibuf)) fatal("could not establish imsg links"); if ((control_fd = control_init(csock)) == -1) @@ -335,8 +308,6 @@ main_shutdown(void) close(iev_frontend->ibuf.fd); msgbuf_clear(&iev_resolver->ibuf.w); close(iev_resolver->ibuf.fd); - msgbuf_clear(&iev_captiveportal->ibuf.w); - close(iev_captiveportal->ibuf.fd); config_clear(main_conf); @@ -354,7 +325,6 @@ main_shutdown(void) free(iev_frontend); free(iev_resolver); - free(iev_captiveportal); log_info("terminating"); exit(0); @@ -393,9 +363,6 @@ start_child(int p, char *argv0, int fd, int debug, int verbose) case PROC_FRONTEND: argv[argc++] = "-F"; break; - case PROC_CAPTIVEPORTAL: - argv[argc++] = "-C"; - break; } if (debug) argv[argc++] = "-d"; @@ -479,7 +446,6 @@ main_dispatch_resolver(int fd, short event, void *bula) struct imsgev *iev = bula; struct imsgbuf *ibuf; struct imsg imsg; - struct in_addr *in; ssize_t n; int shut = 0; @@ -505,61 +471,6 @@ main_dispatch_resolver(int fd, short event, void *bula) break; switch (imsg.hdr.type) { - case IMSG_CONNECT_CAPTIVE_PORTAL_HOST: - if (IMSG_DATA_SIZE(imsg) != sizeof(*in)) - fatalx("%s: IMSG_CONNECT_CAPTIVE_PORTAL_HOST " - "wrong length: %lu", __func__, - IMSG_DATA_SIZE(imsg)); - in = (struct in_addr *)imsg.data; - connect_captive_portal_host(in); - break; - default: - log_debug("%s: error handling imsg %d", __func__, - imsg.hdr.type); - break; - } - imsg_free(&imsg); - } - if (!shut) - imsg_event_add(iev); - else { - /* This pipe is dead. Remove its event handler. */ - event_del(&iev->ev); - event_loopexit(NULL); - } -} - -void -main_dispatch_captiveportal(int fd, short event, void *bula) -{ - struct imsgev *iev = bula; - struct imsgbuf *ibuf; - struct imsg imsg; - ssize_t n; - int shut = 0; - - ibuf = &iev->ibuf; - - if (event & EV_READ) { - if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) - fatal("imsg_read error"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - if (event & EV_WRITE) { - if ((n = msgbuf_write(&ibuf->w)) == -1 && errno != EAGAIN) - fatal("msgbuf_write"); - if (n == 0) /* Connection closed. */ - shut = 1; - } - - for (;;) { - if ((n = imsg_get(ibuf, &imsg)) == -1) - fatal("imsg_get"); - if (n == 0) /* No more messages. */ - break; - - switch (imsg.hdr.type) { default: log_debug("%s: error handling imsg %d", __func__, imsg.hdr.type); @@ -600,23 +511,6 @@ main_imsg_compose_resolver(int type, pid_t pid, void *data, uint16_t datalen) } void -main_imsg_compose_captiveportal(int type, pid_t pid, void *data, - uint16_t datalen) -{ - if (iev_captiveportal) - imsg_compose_event(iev_captiveportal, type, 0, pid, -1, data, - datalen); -} - -void -main_imsg_compose_captiveportal_fd(int type, pid_t pid, int fd) -{ - if (iev_frontend) - imsg_compose_event(iev_captiveportal, type, 0, pid, fd, NULL, - 0); -} - -void imsg_event_add(struct imsgev *iev) { iev->events = EV_READ; @@ -643,24 +537,14 @@ imsg_compose_event(struct imsgev *iev, uint16_t type, uint32_t peerid, static int main_imsg_send_ipc_sockets(struct imsgbuf *frontend_buf, - struct imsgbuf *resolver_buf, struct imsgbuf *captiveportal_buf) + struct imsgbuf *resolver_buf) { int pipe_frontend2resolver[2]; - int pipe_frontend2captiveportal[2]; - int pipe_resolver2captiveportal[2]; if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, PF_UNSPEC, pipe_frontend2resolver) == -1) return (-1); - if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, - PF_UNSPEC, pipe_frontend2captiveportal) == -1) - return (-1); - - if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK, - PF_UNSPEC, pipe_resolver2captiveportal) == -1) - return (-1); - if (imsg_compose(frontend_buf, IMSG_SOCKET_IPC_RESOLVER, 0, 0, pipe_frontend2resolver[0], NULL, 0) == -1) return (-1); @@ -668,20 +552,6 @@ main_imsg_send_ipc_sockets(struct imsgbuf *frontend_buf, pipe_frontend2resolver[1], NULL, 0) == -1) return (-1); - if (imsg_compose(frontend_buf, IMSG_SOCKET_IPC_CAPTIVEPORTAL, 0, 0, - pipe_frontend2captiveportal[0], NULL, 0) == -1) - return (-1); - if (imsg_compose(captiveportal_buf, IMSG_SOCKET_IPC_FRONTEND, 0, 0, - pipe_frontend2captiveportal[1], NULL, 0) == -1) - return (-1); - - if (imsg_compose(resolver_buf, IMSG_SOCKET_IPC_CAPTIVEPORTAL, 0, 0, - pipe_resolver2captiveportal[0], NULL, 0) == -1) - return (-1); - if (imsg_compose(captiveportal_buf, IMSG_SOCKET_IPC_RESOLVER, 0, 0, - pipe_resolver2captiveportal[1], NULL, 0) == -1) - return (-1); - return (0); } @@ -712,27 +582,6 @@ main_imsg_send_config(struct uw_conf *xconf) /* Send fixed part of config to children. */ if (main_sendall(IMSG_RECONF_CONF, xconf, sizeof(*xconf)) == -1) return (-1); - if (xconf->captive_portal_host != NULL) { - if (main_sendall(IMSG_RECONF_CAPTIVE_PORTAL_HOST, - xconf->captive_portal_host, - strlen(xconf->captive_portal_host) + 1) == -1) - return (-1); - } - - if (xconf->captive_portal_path != NULL) { - if (main_sendall(IMSG_RECONF_CAPTIVE_PORTAL_PATH, - xconf->captive_portal_path, - strlen(xconf->captive_portal_path) + 1) == -1) - return (-1); - } - - if (xconf->captive_portal_expected_response != NULL) { - if (main_sendall(IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE, - xconf->captive_portal_expected_response, - strlen(xconf->captive_portal_expected_response) + 1) - == -1) - return (-1); - } if (xconf->blocklist_file != NULL) { if (main_sendall(IMSG_RECONF_BLOCKLIST_FILE, @@ -770,9 +619,6 @@ main_sendall(enum imsg_type type, void *buf, uint16_t len) return (-1); if (imsg_compose_event(iev_resolver, type, 0, 0, -1, buf, len) == -1) return (-1); - if (imsg_compose_event(iev_captiveportal, type, 0, 0, -1, buf, len) == - -1) - return (-1); return (0); } @@ -797,21 +643,6 @@ merge_config(struct uw_conf *conf, struct uw_conf *xconf) memcpy(&conf->res_pref, &xconf->res_pref, sizeof(conf->res_pref)); - free(conf->captive_portal_host); - conf->captive_portal_host = xconf->captive_portal_host; - - free(conf->captive_portal_path); - conf->captive_portal_path = xconf->captive_portal_path; - - free(conf->captive_portal_expected_response); - conf->captive_portal_expected_response = - xconf->captive_portal_expected_response; - - conf->captive_portal_expected_status = - xconf->captive_portal_expected_status; - - conf->captive_portal_auto = xconf->captive_portal_auto; - free(conf->blocklist_file); conf->blocklist_file = xconf->blocklist_file; conf->blocklist_log = xconf->blocklist_log; @@ -856,12 +687,6 @@ config_new_empty(void) TAILQ_INIT(&xconf->uw_forwarder_list); TAILQ_INIT(&xconf->uw_dot_forwarder_list); - if ((xconf->captive_portal_expected_response = strdup("")) == NULL) - fatal(NULL); - - xconf->captive_portal_expected_status = 200; - xconf->captive_portal_auto = 1; - return (xconf); } @@ -951,38 +776,6 @@ solicit_dns_proposals(void) } void -connect_captive_portal_host(struct in_addr *in) -{ - struct sockaddr *sa; - struct sockaddr_in sin; - int httpsock; - - sa = (struct sockaddr *)&sin; - memset(&sin, 0, sizeof(sin)); - sin.sin_len = sizeof(sin); - sin.sin_family = AF_INET; - sin.sin_addr = *in; - sin.sin_port = htons(80); - log_debug("%s: ip_port: %s", __func__, ip_port(sa)); - - if ((httpsock = socket(AF_INET, SOCK_STREAM | - SOCK_CLOEXEC | SOCK_NONBLOCK, 0)) == -1) { - log_warn("%s: socket", __func__); - return; - } - if (connect(httpsock, sa, sizeof(sin)) == -1) { - if (errno != EINPROGRESS) { - log_warn("%s: connect", __func__); - close(httpsock); - return; - } - } - - main_imsg_compose_captiveportal_fd(IMSG_HTTPSOCK, 0, - httpsock); -} - -void send_blocklist_fd(void) { int bl_fd; @@ -1013,33 +806,9 @@ imsg_receive_config(struct imsg *imsg, struct uw_conf **xconf) fatal(NULL); nconf = *xconf; memcpy(nconf, imsg->data, sizeof(struct uw_conf)); - nconf->captive_portal_host = NULL; - nconf->captive_portal_path = NULL; - nconf->captive_portal_expected_response = NULL; TAILQ_INIT(&nconf->uw_forwarder_list); TAILQ_INIT(&nconf->uw_dot_forwarder_list); break; - case IMSG_RECONF_CAPTIVE_PORTAL_HOST: - /* make sure this is a string */ - ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0'; - if ((nconf->captive_portal_host = strdup(imsg->data)) == - NULL) - fatal("%s: strdup", __func__); - break; - case IMSG_RECONF_CAPTIVE_PORTAL_PATH: - /* make sure this is a string */ - ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0'; - if ((nconf->captive_portal_path = strdup(imsg->data)) == - NULL) - fatal("%s: strdup", __func__); - break; - case IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE: - /* make sure this is a string */ - ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0'; - if ((nconf->captive_portal_expected_response = - strdup(imsg->data)) == NULL) - fatal("%s: strdup", __func__); - break; case IMSG_RECONF_BLOCKLIST_FILE: /* make sure this is a string */ ((char *)imsg->data)[IMSG_DATA_SIZE(*imsg) - 1] = '\0'; diff --git a/sbin/unwind/unwind.conf.5 b/sbin/unwind/unwind.conf.5 index 597c989b17d..20909de432e 100644 --- a/sbin/unwind/unwind.conf.5 +++ b/sbin/unwind/unwind.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: unwind.conf.5,v 1.17 2019/11/06 14:19:59 florian Exp $ +.\" $OpenBSD: unwind.conf.5,v 1.18 2019/11/27 17:09:12 florian Exp $ .\" .\" Copyright (c) 2018 Florian Obser <florian@openbsd.org> .\" Copyright (c) 2005 Esben Norby <norby@openbsd.org> @@ -18,7 +18,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 6 2019 $ +.Dd $Mdocdate: November 27 2019 $ .Dt UNWIND.CONF 5 .Os .Sh NAME @@ -72,45 +72,6 @@ answers with a return code of With .Cm log blocked queries are logged. -.It Ic captive portal Brq ... -.Nm unwind -can detect when it is running behind a -.Dq captive portal -by sending an HTTP request and checking the response against the -configured expected response. -The check is triggered when -.Xr dhclient 8 -reports new nameservers. -If the response does not match, -.Nm unwind -uses the DHCP provided nameservers and periodically re-checks if the user -passed the captive portal. -.Bl -tag -width Ds -.It Ic auto Op Cm yes | no -When -.Ic auto -is set to -.Cm yes -.Nm unwind -automatically triggers a captive portal check -when the network is changed. -When set to -.Cm no -a captive portal check can be triggered by -.Xr unwindctl 8 . -The default is -.Cm yes . -.It Ic expected response Ar response -The body of the HTTP response is compared to -.Ar response . -The default is the empty string. -.It Ic expected status Ar status -The expected HTTP status code. -The default is 200. -.It Ic url Ar URL -URL to send HTTP queries to. -This parameter is required. -.El .It Ic forwarder Brq Ar address Oo Ic port Ar number Oc Oo Oo Ic authentication name Ar name Oc Ic DoT Oc ... A list of addresses of DNS name servers to forward queries to. .Ic port diff --git a/sbin/unwind/unwind.h b/sbin/unwind/unwind.h index af0a4bbe80a..f4f6316a4e3 100644 --- a/sbin/unwind/unwind.h +++ b/sbin/unwind/unwind.h @@ -1,4 +1,4 @@ -/* $OpenBSD: unwind.h,v 1.36 2019/11/26 19:35:13 kn Exp $ */ +/* $OpenBSD: unwind.h,v 1.37 2019/11/27 17:09:12 florian Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -44,14 +44,12 @@ enum { PROC_MAIN, PROC_RESOLVER, PROC_FRONTEND, - PROC_CAPTIVEPORTAL, } uw_process; static const char * const log_procnames[] = { "main", "resolver", "frontend", - "captive portal", }; enum uw_resolver_type { @@ -83,11 +81,7 @@ enum imsg_type { IMSG_CTL_LOG_VERBOSE, IMSG_CTL_RELOAD, IMSG_CTL_STATUS, - IMSG_CTL_CAPTIVEPORTAL_INFO, IMSG_RECONF_CONF, - IMSG_RECONF_CAPTIVE_PORTAL_HOST, - IMSG_RECONF_CAPTIVE_PORTAL_PATH, - IMSG_RECONF_CAPTIVE_PORTAL_EXPECTED_RESPONSE, IMSG_RECONF_BLOCKLIST_FILE, IMSG_RECONF_FORWARDER, IMSG_RECONF_DOT_FORWARDER, @@ -100,7 +94,6 @@ enum imsg_type { IMSG_STARTUP_DONE, IMSG_SOCKET_IPC_FRONTEND, IMSG_SOCKET_IPC_RESOLVER, - IMSG_SOCKET_IPC_CAPTIVEPORTAL, IMSG_QUERY, IMSG_ANSWER_HEADER, IMSG_ANSWER, @@ -109,15 +102,12 @@ enum imsg_type { IMSG_CTL_RESOLVER_HISTOGRAM, IMSG_CTL_AUTOCONF_RESOLVER_INFO, IMSG_CTL_END, - IMSG_CTL_RECHECK_CAPTIVEPORTAL, IMSG_HTTPSOCK, - IMSG_CAPTIVEPORTAL_STATE, IMSG_TAFD, IMSG_NEW_TA, IMSG_NEW_TAS_ABORT, IMSG_NEW_TAS_DONE, IMSG_NETWORK_CHANGED, - IMSG_CONNECT_CAPTIVE_PORTAL_HOST, IMSG_BLFD, IMSG_REPLACE_DNS, }; @@ -136,11 +126,6 @@ struct uw_conf { struct uw_forwarder_head uw_dot_forwarder_list; enum uw_resolver_type res_pref[UW_RES_NONE]; int res_pref_len; - char *captive_portal_host; - char *captive_portal_path; - char *captive_portal_expected_response; - int captive_portal_expected_status; - int captive_portal_auto; char *blocklist_file; int blocklist_log; }; @@ -161,8 +146,6 @@ extern uint32_t cmd_opts; void main_imsg_compose_frontend(int, pid_t, void *, uint16_t); void main_imsg_compose_frontend_fd(int, pid_t, int); void main_imsg_compose_resolver(int, pid_t, void *, uint16_t); -void main_imsg_compose_captiveportal(int, pid_t, void *, uint16_t); -void main_imsg_compose_captiveportal_fd(int, pid_t, int); void merge_config(struct uw_conf *, struct uw_conf *); void imsg_event_add(struct imsgev *); int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, pid_t, |