Merge pull request #283 from nodogsplash/init_fas_remoteip

initialize fas_remote with gw_address
nodogsplash · Sep 1, 2018 · fe97e16 · fe97e16
2 parents 09b2116 + 84cc640
commit fe97e16
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 18 deletions.
diff --git a/src/fw_iptables.c b/src/fw_iptables.c
@@ -384,7 +384,7 @@ iptables_fw_init(void)
 	gw_address = safe_strdup(config->gw_address);    /* must free */
 	gw_iprange = safe_strdup(config->gw_iprange);    /* must free */
 	gw_port = config->gw_port;
-	fas_remoteip = config->fas_remoteip;
+	fas_remoteip = safe_strdup(config->fas_remoteip);    /* must free */
 	fas_port = config->fas_port;
 	pt = config->trustedmaclist;
 	pb = config->blockedmaclist;
@@ -501,7 +501,7 @@ iptables_fw_init(void)
 	rc |= _iptables_append_ruleset("nat", "preauthenticated-users", CHAIN_OUTGOING);
 
 	// Allow access to remote FAS - CHAIN_OUTGOING and CHAIN_TO_INTERNET packets for remote FAS, ACCEPT
-	if (fas_port && fas_remoteip) {
+	if (fas_port && strcmp(fas_remoteip, gw_address)) {
 		rc |= iptables_do_command("-t nat -A " CHAIN_OUTGOING " -p tcp --destination %s --dport %d -j ACCEPT", fas_remoteip, fas_port);
 	}
 
@@ -548,7 +548,7 @@ iptables_fw_init(void)
 	rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -p tcp --dport %d -j ACCEPT", gw_port);
 
 	// CHAIN_TO_ROUTER, packets to HTTP listening on fas_port on router ACCEPT
-	if (fas_port && !fas_remoteip) {
+	if (fas_port && !strcmp(fas_remoteip, gw_address)) {
 		rc |= iptables_do_command("-t filter -A " CHAIN_TO_ROUTER " -p tcp --dport %d -j ACCEPT", fas_port);
 	}
 
@@ -612,7 +612,7 @@ iptables_fw_init(void)
 
 
 	// Allow access to remote FAS - CHAIN_OUTGOING and CHAIN_TO_INTERNET packets for remote FAS, ACCEPT
-	if (fas_remoteip && fas_port) {
+	if (fas_port && strcmp(fas_remoteip, gw_address)) {
 		rc |= iptables_do_command("-t filter -A " CHAIN_TO_INTERNET " -p tcp --destination %s --dport %d -j ACCEPT", fas_remoteip, fas_port);
 	}
 
@@ -678,6 +678,7 @@ iptables_fw_init(void)
 	free(gw_interface);
 	free(gw_iprange);
 	free(gw_address);
+	free(fas_remoteip);
 
 	return rc;
 }

diff --git a/src/gateway.c b/src/gateway.c
@@ -235,7 +235,8 @@ main_loop(void)
 	/* If we don't have the Gateway IP address, get it. Exit on failure. */
 	if (!config->gw_address) {
 		debug(LOG_DEBUG, "Finding IP address of %s", config->gw_interface);
-		if ((config->gw_address = get_iface_ip(config->gw_interface)) == NULL) {
+		config->gw_address = get_iface_ip(config->gw_interface);
+		if (!config->gw_address) {
 			debug(LOG_ERR, "Could not get IP address information of %s, exiting...", config->gw_interface);
 			exit(1);
 		}
@@ -267,13 +268,13 @@ main_loop(void)
 		httpdAddC404Content(webserver, http_nodogsplash_callback_404);
 	*/
 
+	if (!config->fas_remoteip) {
+		config->fas_remoteip = safe_strdup(config->gw_address);
+	}
+
 	if (config->fas_port) {
 		debug(LOG_NOTICE, "Forwarding Authentication is Enabled.\n");
-		if (config->fas_remoteip) {
-			debug(LOG_NOTICE, "FAS URL is http://%s:%u%s\n", config->fas_remoteip, config->fas_port, config->fas_path);
-		} else {
-			debug(LOG_NOTICE, "FAS URL is http://%s:%u%s\n", config->gw_address, config->fas_port, config->fas_path);
-		}
+		debug(LOG_NOTICE, "FAS URL is http://%s:%u%s\n", config->fas_remoteip, config->fas_port, config->fas_path);
 	}
 
 	if (config->fas_secure_enabled != 1 && config->fas_port) {

diff --git a/src/http_microhttpd.c b/src/http_microhttpd.c
@@ -495,7 +495,6 @@ static int authenticated(struct MHD_Connection *connection,
 	s_config *config = config_get_config();
 	const char *host = NULL;
 	char redirect_to_us[128];
-	char *target = NULL;
 	char *fasurl = NULL;
 	int ret;
 
@@ -516,9 +515,8 @@ static int authenticated(struct MHD_Connection *connection,
 
 	if (check_authdir_match(url, config->authdir)) {
 		if (config->fas_port) {
-			target = (config->fas_remoteip ? config->fas_remoteip : config->gw_address);
 			safe_asprintf(&fasurl, "http://%s:%u%s?clientip=%s&gatewayname=%s&status=authenticated",
-				target, config->fas_port, config->fas_path, client->ip, config->gw_name);
+				config->fas_remoteip, config->fas_port, config->fas_path, client->ip, config->gw_name);
 			ret = send_redirect_temp(connection, fasurl);
 			free(fasurl);
 			return ret;
@@ -594,7 +592,6 @@ static int preauthenticated(struct MHD_Connection *connection,
 static int encode_and_redirect_to_splashpage(struct MHD_Connection *connection, const char *originurl, const char *querystr)
 {
 	char *splashpageurl = NULL;
-	char *target = NULL;
 	char encoded[2048];
 	s_config *config;
 	int ret;
@@ -611,15 +608,14 @@ static int encode_and_redirect_to_splashpage(struct MHD_Connection *connection,
 	}
 
 	if (config->fas_port) {
-		target = (config->fas_remoteip ? config->fas_remoteip : config->gw_address);
 		// Generate secure query string or authaction url
 		// Note: config->fas_path contains a leading / as it is the path from the FAS web root.
 		if (config->fas_secure_enabled) {
 			safe_asprintf(&splashpageurl, "http://%s:%u%s%s&redir=%s",
-				target, config->fas_port, config->fas_path, querystr, encoded);
+				config->fas_remoteip, config->fas_port, config->fas_path, querystr, encoded);
 		} else {
 			safe_asprintf(&splashpageurl, "http://%s:%u%s?authaction=http://%s:%u/%s/%s&redir=%s",
-				target, config->fas_port, config->fas_path, config->gw_address,
+				config->fas_remoteip, config->fas_port, config->fas_path, config->gw_address,
 				config->gw_port, config->authdir, querystr, encoded);
 		}
 	} else {

diff --git a/src/util.c b/src/util.c
@@ -448,7 +448,7 @@ ndsctl_status(FILE *fp)
 	if (config->fas_port) {
 		fprintf(fp, "FAS: Secure=%u URL: http://%s:%u%s\n",
 			config->fas_secure_enabled,
-			config->fas_remoteip ? config->fas_remoteip : config->gw_address,
+			config->fas_remoteip,
 			config->fas_port, config->fas_path);
 	} else {
 		fprintf(fp, "FAS: Disabled\n");