From fded4fa17a7d0db8d27c9da501d74f64cbb1a1e6 Mon Sep 17 00:00:00 2001 From: Moritz Warning Date: Sat, 28 Jul 2018 17:16:01 +0200 Subject: [PATCH] remove unused settings RemoteAuthenticatorAction, EnablePreAuth, BinVoucher, ForceVoucher, PasswordAuthentication, UsernameAuthentication, PasswordAttempts, Username, Password --- resources/nodogsplash.conf | 41 ---------------- src/client_list.h | 1 - src/conf.c | 99 -------------------------------------- src/conf.h | 14 ------ src/ndsctl.c | 44 ----------------- src/ndsctl.h | 2 - src/ndsctl_thread.c | 48 ------------------ src/util.c | 8 --- 8 files changed, 257 deletions(-) diff --git a/resources/nodogsplash.conf b/resources/nodogsplash.conf index 15446d3..e86268a 100644 --- a/resources/nodogsplash.conf +++ b/resources/nodogsplash.conf @@ -255,47 +255,6 @@ FirewallRuleSet users-to-router { # # TrustedMACList 00:00:CA:FE:BA:BE, 00:00:C0:01:D0:0D - -# Parameter: PasswordAuthentication -# Default: no -# Set to yes (or true or 1), to require a password matching -# the Password parameter to be supplied when authenticating. -# -# -# PasswordAuthentication no - -# Parameter: Password -# Default: none -# Whitespace delimited string that is compared to user-supplied -# password when authenticating. -# -# -# Password nodog - -# Parameter: UsernameAuthentication -# Default: no -# Set to yes (or true or 1), to require a username matching -# the Username parameter to be supplied when authenticating. -# -# -# UsernameAuthentication no - -# Parameter: Username -# Default: none -# Whitespace delimited string that is compared to user-supplied -# username when authenticating. -# -# -# Username guest - -# Parameter: PasswordAttempts -# Default: 5 -# Integer number of failed password/username entries before -# a user is forced to reauthenticate. -# -# -# PasswordAttempts 5 - # Parameter: TrafficControl # Default: no # diff --git a/src/client_list.h b/src/client_list.h index d0c3f28..e7ae9d3 100644 --- a/src/client_list.h +++ b/src/client_list.h @@ -47,7 +47,6 @@ typedef struct _t_client { unsigned int fw_connection_state; /**< @brief Connection state in the firewall */ time_t added_time; /**< @brief Time client added to list */ t_counters counters; /**< @brief Counters for input/output of the client. */ - int attempts; /**< @brief Number of authentication attempts */ int download_limit; /**< @brief Download limit, kb/s */ int upload_limit; /**< @brief Upload limit, kb/s */ int idx; diff --git a/src/conf.c b/src/conf.c index c9ad78d..33a0114 100644 --- a/src/conf.c +++ b/src/conf.c @@ -71,15 +71,6 @@ typedef enum { oGatewayIPRange, oGatewayAddress, oGatewayPort, - oRemoteAuthenticatorAction, - oEnablePreAuth, - oBinVoucher, - oForceVoucher, - oPasswordAuthentication, - oUsernameAuthentication, - oPasswordAttempts, - oUsername, - oPassword, oHTTPDMaxConn, oWebRoot, oSplashPage, @@ -128,15 +119,6 @@ static const struct { { "gatewayiprange", oGatewayIPRange }, { "gatewayaddress", oGatewayAddress }, { "gatewayport", oGatewayPort }, - { "remoteauthenticatoraction", oRemoteAuthenticatorAction }, - { "enablepreauth", oEnablePreAuth }, - { "binvoucher", oBinVoucher }, - { "forcevoucher", oForceVoucher }, - { "passwordauthentication", oPasswordAuthentication }, - { "usernameauthentication", oUsernameAuthentication }, - { "passwordattempts", oPasswordAttempts }, - { "username", oUsername }, - { "password", oPassword }, { "webroot", oWebRoot }, { "splashpage", oSplashPage }, { "imagesdir", oImagesDir }, @@ -207,7 +189,6 @@ config_init(void) config.gw_iprange = safe_strdup(DEFAULT_GATEWAY_IPRANGE); config.gw_address = NULL; config.gw_port = DEFAULT_GATEWAYPORT; - config.remote_auth_action = NULL; config.webroot = safe_strdup(DEFAULT_WEBROOT); config.splashpage = safe_strdup(DEFAULT_SPLASHPAGE); config.infoskelpage = safe_strdup(DEFAULT_INFOSKELPAGE); @@ -220,11 +201,6 @@ config_init(void) config.clientforceout = DEFAULT_CLIENTFORCEOUT; config.checkinterval = DEFAULT_CHECKINTERVAL; config.daemon = -1; - config.passwordauth = DEFAULT_PASSWORD_AUTH; - config.usernameauth = DEFAULT_USERNAME_AUTH; - config.passwordattempts = DEFAULT_PASSWORD_ATTEMPTS; - config.username = NULL; - config.password = NULL; config.authenticate_immediately = DEFAULT_AUTHENTICATE_IMMEDIATELY; config.set_mss = DEFAULT_SET_MSS; config.mss_value = DEFAULT_MSS_VALUE; @@ -758,22 +734,6 @@ config_read(const char *filename) exit(-1); } break; - case oRemoteAuthenticatorAction: - config.remote_auth_action = safe_strdup(p1); - break; - case oEnablePreAuth: - value = parse_boolean_value(p1); - if (value != - 1) - config.enable_preauth = value; - break; - case oBinVoucher: - config.bin_voucher = safe_strdup(p1); - break; - case oForceVoucher: - value = parse_boolean_value(p1); - if (value != - 1) - config.force_voucher = value; - break; case oFirewallRuleSet: parse_firewall_ruleset(p1, fd, filename, &linenum); break; @@ -833,37 +793,6 @@ config_read(const char *filename) exit(-1); } break; - case oPasswordAuthentication: - if ((value = parse_boolean_value(p1)) != -1) { - config.passwordauth = value; - } else { - debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); - debug(LOG_ERR, "Exiting..."); - exit(-1); - } - break; - case oUsernameAuthentication: - if ((value = parse_boolean_value(p1)) != -1) { - config.usernameauth = value; - } else { - debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); - debug(LOG_ERR, "Exiting..."); - exit(-1); - } - break; - case oPasswordAttempts: - if (sscanf(p1, "%d", &config.passwordattempts) < 1) { - debug(LOG_ERR, "Bad arg %s to option %s on line %d in %s", p1, s, linenum, filename); - debug(LOG_ERR, "Exiting..."); - exit(-1); - } - break; - case oUsername: - set_username(p1); - break; - case oPassword: - set_password(p1); - break; case oSetMSS: if ((value = parse_boolean_value(p1)) != -1) { config.set_mss = value; @@ -1363,34 +1292,6 @@ int set_log_level(int level) return 0; } -/** Set the gateway password. - * Return 0 on success. - */ -int set_password(const char s[]) -{ - char *old = config.password; - if (s) { - config.password = safe_strdup(s); - if (old) free(old); - return 0; - } - return 1; -} - -/** Set the gateway username. - * Return 0 on success. - */ -int set_username(const char s[]) -{ - char *old = config.username; - if (s) { - config.username = safe_strdup(s); - if (old) free(old); - return 0; - } - return 1; -} - /** Verifies if the configuration is complete and valid. Terminates the program if it isn't */ void config_validate(void) diff --git a/src/conf.h b/src/conf.h index 911d636..08e8753 100644 --- a/src/conf.h +++ b/src/conf.h @@ -64,9 +64,6 @@ #define DEFAULT_AUTHDIR "nodogsplash_auth" #define DEFAULT_DENYDIR "nodogsplash_deny" #define DEFAULT_MACMECHANISM MAC_BLOCK -#define DEFAULT_PASSWORD_AUTH 0 -#define DEFAULT_USERNAME_AUTH 0 -#define DEFAULT_PASSWORD_ATTEMPTS 5 #define DEFAULT_AUTHENTICATE_IMMEDIATELY 0 #define DEFAULT_SET_MSS 1 #define DEFAULT_MSS_VALUE 0 @@ -151,10 +148,6 @@ typedef struct { char *gw_address; /**< @brief Internal IP address for our web server */ char *gw_mac; /**< @brief MAC address of the interface we manage */ unsigned int gw_port; /**< @brief Port the webserver will run on */ - char *remote_auth_action; /**< @brief Path for remote auth */ - char enable_preauth; /**< @brief enable pre-authentication support */ - char *bin_voucher; /**< @brief enable voucher support */ - char force_voucher; /**< @brief force voucher */ char *webroot; /**< @brief Directory containing splash pages, etc. */ char *splashpage; /**< @brief Name of main splash page */ char *infoskelpage; /**< @brief Name of info skeleton page */ @@ -163,11 +156,6 @@ typedef struct { char *redirectURL; /**< @brief URL to direct client to after authentication */ char *authdir; /**< @brief Notional relative dir for authentication URL */ char *denydir; /**< @brief Notional relative dir for denial URL */ - int passwordauth; /**< @brief boolean, whether to use password authentication */ - int usernameauth; /**< @brief boolean, whether to use username authentication */ - char *username; /**< @brief Username for username authentication */ - char *password; /**< @brief Password for password authentication */ - int passwordattempts; /**< @brief Number of attempted password authentications allowed */ int clienttimeout; /**< @brief How many CheckIntervals before an inactive client must be re-authenticated */ int clientforceout; /**< @brief How many CheckIntervals before a client must be re-authenticated */ int checkinterval; /**< @brief Period the the client timeout check thread will run, in seconds */ @@ -240,8 +228,6 @@ int check_mac_format(const char[]); /** config API, used in commandline.c */ int set_log_level(int); -int set_password(const char[]); -int set_username(const char[]); #define LOCK_CONFIG() do { \ debug(LOG_DEBUG, "Locking config"); \ diff --git a/src/ndsctl.c b/src/ndsctl.c index c289e8b..a24628e 100644 --- a/src/ndsctl.c +++ b/src/ndsctl.c @@ -64,8 +64,6 @@ static void ndsctl_untrust(void); static void ndsctl_auth(void); static void ndsctl_deauth(void); static void ndsctl_loglevel(void); -static void ndsctl_username(void); -static void ndsctl_password(void); /** @internal * @brief Print usage @@ -96,8 +94,6 @@ usage(void) " trust mac Trust the given MAC address\n" " untrust mac Untrust the given MAC address\n" " loglevel n Set logging level to n\n" - " password pass Set gateway password\n" - " username name Set gateway username\n" "\n" ); } @@ -229,22 +225,6 @@ parse_commandline(int argc, char **argv) exit(1); } config.param = strdup(*(argv + optind + 1)); - } else if (strcmp(*(argv + optind), "password") == 0) { - config.command = NDSCTL_PASSWORD; - if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a password\n"); - usage(); - exit(1); - } - config.param = strdup(*(argv + optind + 1)); - } else if (strcmp(*(argv + optind), "username") == 0) { - config.command = NDSCTL_USERNAME; - if ((argc - (optind + 1)) <= 0) { - fprintf(stderr, "ndsctl: Error: You must specify a username\n"); - usage(); - exit(1); - } - config.param = strdup(*(argv + optind + 1)); } else { fprintf(stderr, "ndsctl: Error: Invalid command \"%s\"\n", *(argv + optind)); usage(); @@ -396,22 +376,6 @@ ndsctl_loglevel(void) "Failed to set log level to %s.\n"); } -void -ndsctl_password(void) -{ - ndsctl_action("password", - "Password set to %s.\n", - "Failed to set password to %s.\n"); -} - -void -ndsctl_username(void) -{ - ndsctl_action("username", - "Username set to %s.\n", - "Failed to set username to %s.\n"); -} - void ndsctl_deauth(void) { @@ -536,14 +500,6 @@ main(int argc, char **argv) ndsctl_loglevel(); break; - case NDSCTL_PASSWORD: - ndsctl_password(); - break; - - case NDSCTL_USERNAME: - ndsctl_username(); - break; - default: /* XXX NEVER REACHED */ fprintf(stderr, "Unknown opcode: %d\n", config.command); diff --git a/src/ndsctl.h b/src/ndsctl.h index 1972639..ef8c4b4 100644 --- a/src/ndsctl.h +++ b/src/ndsctl.h @@ -45,8 +45,6 @@ #define NDSCTL_AUTH 11 #define NDSCTL_DEAUTH 12 #define NDSCTL_LOGLEVEL 13 -#define NDSCTL_PASSWORD 14 -#define NDSCTL_USERNAME 15 #define NDSCTL_CLIENTS 16 #define NDSCTL_JSON 17 diff --git a/src/ndsctl_thread.c b/src/ndsctl_thread.c index 8786eda..4485deb 100644 --- a/src/ndsctl_thread.c +++ b/src/ndsctl_thread.c @@ -71,8 +71,6 @@ static void ndsctl_untrust(FILE *fp, char *arg); static void ndsctl_auth(FILE *fp, char *arg); static void ndsctl_deauth(FILE *fp, char *arg); static void ndsctl_loglevel(FILE *fp, char *arg); -static void ndsctl_password(FILE *fp, char *arg); -static void ndsctl_username(FILE *fp, char *arg); static int socket_set_non_blocking(int sockfd); @@ -275,10 +273,6 @@ ndsctl_handler(int fd) ndsctl_deauth(fp, (request + 7)); } else if (strncmp(request, "loglevel", 8) == 0) { ndsctl_loglevel(fp, (request + 9)); - } else if (strncmp(request, "password", 8) == 0) { - ndsctl_password(fp, (request + 9)); - } else if (strncmp(request, "username", 8) == 0) { - ndsctl_username(fp, (request + 9)); } if (!done) { @@ -508,48 +502,6 @@ ndsctl_loglevel(FILE *fp, char *arg) debug(LOG_DEBUG, "Exiting ndsctl_loglevel."); } -static void -ndsctl_password(FILE *fp, char *arg) -{ - debug(LOG_DEBUG, "Entering ndsctl_password..."); - - LOCK_CONFIG(); - debug(LOG_DEBUG, "Argument: [%s]", arg); - - - if (!set_password(arg)) { - fprintf(fp, "Yes"); - debug(LOG_NOTICE, "Set password to %s.", arg); - } else { - fprintf(fp, "No"); - } - - UNLOCK_CONFIG(); - - debug(LOG_DEBUG, "Exiting ndsctl_password."); -} - -static void -ndsctl_username(FILE *fp, char *arg) -{ - debug(LOG_DEBUG, "Entering ndsctl_username..."); - - LOCK_CONFIG(); - debug(LOG_DEBUG, "Argument: [%s]", arg); - - - if (!set_username(arg)) { - fprintf(fp, "Yes"); - debug(LOG_NOTICE, "Set username to %s.", arg); - } else { - fprintf(fp, "No"); - } - - UNLOCK_CONFIG(); - - debug(LOG_DEBUG, "Exiting ndsctl_username."); -} - static int socket_set_non_blocking(int sockfd) { diff --git a/src/util.c b/src/util.c index e796925..9a85fe9 100644 --- a/src/util.c +++ b/src/util.c @@ -415,14 +415,6 @@ ndsctl_status(FILE *fp) fprintf(fp, "Redirect URL: %s\n", config->redirectURL); } - if (config->passwordauth) { - fprintf(fp, "Gateway password: %s\n", config->password); - } - - if (config->usernameauth) { - fprintf(fp, "Gateway username: %s\n", config->username); - } - fprintf(fp, "Traffic control: %s\n", config->traffic_control ? "yes" : "no"); if (config->traffic_control) {