From ff37972f8182e25db0c547e12f5c337b5e41e3fb Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 23 Nov 2023 10:27:58 +0100 Subject: [PATCH 01/11] Clients with zweo queries should not be returned unless ?withzero=true is set Signed-off-by: DL6ER --- src/api/stats.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/api/stats.c b/src/api/stats.c index 0c06b1f78..eaf8b93be 100644 --- a/src/api/stats.c +++ b/src/api/stats.c @@ -366,18 +366,18 @@ int api_stats_top_clients(struct ftl_conn *api) continue; // Skip this client if there is a filter on it - bool skip_domain = false; + bool skip_client = false; for(unsigned int j = 0; j < excludeClients; j++) { cJSON *item = cJSON_GetArrayItem(config.webserver.api.excludeClients.v.json, j); if(strcmp(getstr(client->ippos), item->valuestring) == 0 || strcmp(getstr(client->namepos), item->valuestring) == 0) { - skip_domain = true; + skip_client = true; break; } } - if(skip_domain) + if(skip_client) continue; // Hidden client, probably due to privacy level. Skip this in the top lists @@ -391,7 +391,7 @@ int api_stats_top_clients(struct ftl_conn *api) // Return this client if either // - "withzero" option is set, and/or // - the client made at least one query within the most recent 24 hours - if(includezeroclients || count > 0) + if(includezeroclients || client_count > 0) { cJSON *client_item = JSON_NEW_OBJECT(); JSON_REF_STR_IN_OBJECT(client_item, "name", client_name); From d5eb664e1f950ec22eeff20086b554105dc141be Mon Sep 17 00:00:00 2001 From: DL6ER Date: Thu, 23 Nov 2023 22:17:10 +0100 Subject: [PATCH 02/11] Remove undocumented withzero parameter Signed-off-by: DL6ER --- src/api/stats.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/api/stats.c b/src/api/stats.c index eaf8b93be..7453b5109 100644 --- a/src/api/stats.c +++ b/src/api/stats.c @@ -293,7 +293,6 @@ int api_stats_top_domains(struct ftl_conn *api) int api_stats_top_clients(struct ftl_conn *api) { int count = 10; - bool includezeroclients = false; int *temparray = calloc(2*counters->clients, sizeof(int*)); if(temparray == NULL) { @@ -325,9 +324,6 @@ int api_stats_top_clients(struct ftl_conn *api) // Does the user request a non-default number of replies? // Note: We do not accept zero query requests here get_int_var(api->request->query_string, "count", &count); - - // Show also clients which have not been active recently? - get_bool_var(api->request->query_string, "withzero", &includezeroclients); } // Lock shared memory @@ -388,10 +384,9 @@ int api_stats_top_clients(struct ftl_conn *api) const char *client_ip = getstr(client->ippos); const char *client_name = getstr(client->namepos); - // Return this client if either - // - "withzero" option is set, and/or - // - the client made at least one query within the most recent 24 hours - if(includezeroclients || client_count > 0) + // Return this client if the client made at least one query + // within the most recent 24 hours + if(client_count > 0) { cJSON *client_item = JSON_NEW_OBJECT(); JSON_REF_STR_IN_OBJECT(client_item, "name", client_name); From 0f5d3970bbbe6e59b0ca3cbf015d1acd2a76bbfe Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 26 Nov 2023 22:24:23 +0100 Subject: [PATCH 03/11] Implement wildcard X.509 SAN/CN (subject) domain checking Signed-off-by: DL6ER --- src/webserver/x509.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/webserver/x509.c b/src/webserver/x509.c index e4d224fec..0679e49ed 100644 --- a/src/webserver/x509.c +++ b/src/webserver/x509.c @@ -294,6 +294,23 @@ bool generate_certificate(const char* certfile, bool rsa, const char *domain) return true; } +static bool check_wildcard_domain(char *san, const size_t san_len, const char *domain) +{ + // Also check if the SAN is a wildcard domain and if the domain + // matches the wildcard (e.g. "*.pi-hole.net" and "abc.pi-hole.net") + const bool is_wild = san_len > 2 && san[0] == '*' && san[1] == '.'; + if(!is_wild) + return false; + + // The domain must be at least as long as the wildcard domain + if(strlen(domain) < san_len - 1) + return false; + + // Check if the domain ends with the wildcard domain + const char *wild_domain = domain + strlen(domain) - san_len + 2; + return strcasecmp(wild_domain, san + 2) == 0; +} + // This function reads a X.509 certificate from a file and prints a // human-readable representation of the certificate to stdout. If a domain is // specified, we only check if this domain is present in the certificate. @@ -363,6 +380,14 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const found = true; break; } + + // Also check if the SAN is a wildcard domain and if the domain + // matches the wildcard + if(check_wildcard_domain((char*)san.san.unstructured_name.p, san.san.unstructured_name.len, domain)) + { + found = true; + break; + } next_san: // Go to next SAN sans = sans->next; @@ -378,6 +403,10 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const // Check subject == "" else if(strcasecmp(domain, subject) == 0) found = true; + // Also check if the subject is a wildcard domain and if the domain + // matches the wildcard + else if(check_wildcard_domain(subject, strlen(subject), domain)) + found = true; } From 8b8218b2a308ba81e0a3e1e101e388ca7b1e7291 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Sun, 26 Nov 2023 22:31:51 +0100 Subject: [PATCH 04/11] Fix comment Signed-off-by: DL6ER --- src/api/stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/api/stats.c b/src/api/stats.c index 7453b5109..c1106cc54 100644 --- a/src/api/stats.c +++ b/src/api/stats.c @@ -163,7 +163,7 @@ int api_stats_top_domains(struct ftl_conn *api) // /api/stats/top_domains?blocked=true if(api->request->query_string != NULL) { - // Should blocked clients be shown? + // Should blocked domains be shown? get_bool_var(api->request->query_string, "blocked", &blocked); // Does the user request a non-default number of replies? @@ -229,7 +229,7 @@ int api_stats_top_domains(struct ftl_conn *api) // Skip this domain if there is a filter on it (but only if not in audit mode) if(!audit) { - // Check if this client should be skipped + // Check if this domain should be skipped bool skip_domain = false; for(unsigned int j = 0; j < excludeDomains; j++) { From b017c1c20c1166f593de49c064e60649452e673f Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 27 Nov 2023 13:27:04 +0100 Subject: [PATCH 05/11] The SAN is not NUL-terminated, we need to use the specified length explicitly Signed-off-by: DL6ER --- src/webserver/x509.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/webserver/x509.c b/src/webserver/x509.c index 0679e49ed..f44075964 100644 --- a/src/webserver/x509.c +++ b/src/webserver/x509.c @@ -294,21 +294,24 @@ bool generate_certificate(const char* certfile, bool rsa, const char *domain) return true; } -static bool check_wildcard_domain(char *san, const size_t san_len, const char *domain) +static bool check_wildcard_domain(const char *domain, char *san, const size_t san_len) { // Also check if the SAN is a wildcard domain and if the domain // matches the wildcard (e.g. "*.pi-hole.net" and "abc.pi-hole.net") - const bool is_wild = san_len > 2 && san[0] == '*' && san[1] == '.'; + const bool is_wild = san_len > 1 && san[0] == '*'; if(!is_wild) return false; // The domain must be at least as long as the wildcard domain - if(strlen(domain) < san_len - 1) + const size_t domain_len = strlen(domain); + if(domain_len < san_len - 1) return false; // Check if the domain ends with the wildcard domain - const char *wild_domain = domain + strlen(domain) - san_len + 2; - return strcasecmp(wild_domain, san + 2) == 0; + // Attention: The SAN is not NUL-terminated, so we need to + // use the length field + const char *wild_domain = domain + domain_len - san_len + 1; + return strncasecmp(wild_domain, san + 1, san_len) == 0; } // This function reads a X.509 certificate from a file and prints a @@ -375,20 +378,27 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const goto next_san; // Check if the SAN matches the domain + // Attention: The SAN is not NUL-terminated, so we need to + // use the length field if(strncasecmp(domain, (char*)san.san.unstructured_name.p, san.san.unstructured_name.len) == 0) { found = true; + mbedtls_x509_free_subject_alt_name(&san); break; } // Also check if the SAN is a wildcard domain and if the domain // matches the wildcard - if(check_wildcard_domain((char*)san.san.unstructured_name.p, san.san.unstructured_name.len, domain)) + if(check_wildcard_domain(domain, (char*)san.san.unstructured_name.p, san.san.unstructured_name.len)) { found = true; + mbedtls_x509_free_subject_alt_name(&san); break; } next_san: + // Free resources + mbedtls_x509_free_subject_alt_name(&san); + // Go to next SAN sans = sans->next; } @@ -405,7 +415,7 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const found = true; // Also check if the subject is a wildcard domain and if the domain // matches the wildcard - else if(check_wildcard_domain(subject, strlen(subject), domain)) + else if(check_wildcard_domain(domain, subject, strlen(subject))) found = true; } From 4f0800b85464d93764ee6d212dccbc2970a88b12 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 27 Nov 2023 14:07:26 +0100 Subject: [PATCH 06/11] Update embedded SQLite3 engine to version 3.44.2 Signed-off-by: DL6ER --- src/database/shell.c | 6 +++--- src/database/sqlite3.c | 43 +++++++++++++++++++++++++----------------- src/database/sqlite3.h | 6 +++--- 3 files changed, 32 insertions(+), 23 deletions(-) diff --git a/src/database/shell.c b/src/database/shell.c index 8b63b8542..6704b7b11 100644 --- a/src/database/shell.c +++ b/src/database/shell.c @@ -896,8 +896,8 @@ static PerStreamTags * getDesignatedEmitStream(FILE *pf, unsigned chix, ** chix equals 1 or 2, or for an arbitrary stream when chix == 0. ** In either case, ppst references a caller-owned PerStreamTags ** struct which may be filled in if none of the known writable -** streams is being held by consoleInfo. The ppf parameter is an -** output when chix!=0 and an input when chix==0. +** streams is being held by consoleInfo. The ppf parameter is a +** byref output when chix!=0 and a byref input when chix==0. */ static PerStreamTags * getEmitStreamInfo(unsigned chix, PerStreamTags *ppst, @@ -910,7 +910,7 @@ getEmitStreamInfo(unsigned chix, PerStreamTags *ppst, ppstTry = &consoleInfo.pstSetup[chix]; pfEmit = ppst->pf; }else pfEmit = ppstTry->pf; - if( !isValidStreamInfo(ppst) ){ + if( !isValidStreamInfo(ppstTry) ){ pfEmit = (chix > 1)? stderr : stdout; ppstTry = ppst; streamOfConsole(pfEmit, ppstTry); diff --git a/src/database/sqlite3.c b/src/database/sqlite3.c index 592320ff6..a28b3a7bf 100644 --- a/src/database/sqlite3.c +++ b/src/database/sqlite3.c @@ -1,6 +1,6 @@ /****************************************************************************** ** This file is an amalgamation of many separate C source files from SQLite -** version 3.44.1. By combining all the individual C code files into this +** version 3.44.2. By combining all the individual C code files into this ** single large file, the entire code can be compiled as a single translation ** unit. This allows many compilers to do optimizations that would not be ** possible if the files were compiled separately. Performance improvements @@ -18,7 +18,7 @@ ** separate file. This file contains only code for the core SQLite library. ** ** The content in this amalgamation comes from Fossil check-in -** d295f48e8f367b066b881780c98bdf980a1d. +** ebead0e7230cd33bcec9f95d2183069565b9. */ #define SQLITE_CORE 1 #define SQLITE_AMALGAMATION 1 @@ -459,9 +459,9 @@ extern "C" { ** [sqlite3_libversion_number()], [sqlite3_sourceid()], ** [sqlite_version()] and [sqlite_source_id()]. */ -#define SQLITE_VERSION "3.44.1" -#define SQLITE_VERSION_NUMBER 3044001 -#define SQLITE_SOURCE_ID "2023-11-22 14:18:12 d295f48e8f367b066b881780c98bdf980a1d550397d5ba0b0e49842c95b3e8b4" +#define SQLITE_VERSION "3.44.2" +#define SQLITE_VERSION_NUMBER 3044002 +#define SQLITE_SOURCE_ID "2023-11-24 11:41:44 ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f" /* ** CAPI3REF: Run-Time Library Version Numbers @@ -84183,10 +84183,11 @@ static int growOpArray(Vdbe *v, int nOp){ ** sqlite3CantopenError(lineno) */ static void test_addop_breakpoint(int pc, Op *pOp){ - static int n = 0; + static u64 n = 0; (void)pc; (void)pOp; n++; + if( n==LARGEST_UINT64 ) abort(); /* so that n is used, preventing a warning */ } #endif @@ -92330,11 +92331,12 @@ SQLITE_API int sqlite3_found_count = 0; ** sqlite3CantopenError(lineno) */ static void test_trace_breakpoint(int pc, Op *pOp, Vdbe *v){ - static int n = 0; + static u64 n = 0; (void)pc; (void)pOp; (void)v; n++; + if( n==LARGEST_UINT64 ) abort(); /* So that n is used, preventing a warning */ } #endif @@ -143612,7 +143614,8 @@ SQLITE_PRIVATE void sqlite3SubqueryColumnTypes( NameContext sNC; assert( pSelect!=0 ); - assert( (pSelect->selFlags & SF_Resolved)!=0 ); + testcase( (pSelect->selFlags & SF_Resolved)==0 ); + assert( (pSelect->selFlags & SF_Resolved)!=0 || IN_RENAME_OBJECT ); assert( pTab->nCol==pSelect->pEList->nExpr || pParse->nErr>0 ); assert( aff==SQLITE_AFF_NONE || aff==SQLITE_AFF_BLOB ); if( db->mallocFailed || IN_RENAME_OBJECT ) return; @@ -241504,18 +241507,24 @@ static void fts5DoSecureDelete( iOff = iStart; - /* Set variable bLastInDoclist to true if this entry happens to be - ** the last rowid in the doclist for its term. */ + /* If the position-list for the entry being removed flows over past + ** the end of this page, delete the portion of the position-list on the + ** next page and beyond. + ** + ** Set variable bLastInDoclist to true if this entry happens + ** to be the last rowid in the doclist for its term. */ + if( iNextOff>=iPgIdx ){ + int pgno = pSeg->iLeafPgno+1; + fts5SecureDeleteOverflow(p, pSeg->pSeg, pgno, &bLastInDoclist); + iNextOff = iPgIdx; + } + if( pSeg->bDel==0 ){ - if( iNextOff>=iPgIdx ){ - int pgno = pSeg->iLeafPgno+1; - fts5SecureDeleteOverflow(p, pSeg->pSeg, pgno, &bLastInDoclist); - iNextOff = iPgIdx; - }else{ + if( iNextOff!=iPgIdx ){ /* Loop through the page-footer. If iNextOff (offset of the ** entry following the one we are removing) is equal to the ** offset of a key on this page, then the entry is the last - ** in its doclist. */ + ** in its doclist. */ int iKeyOff = 0; for(iIdx=0; iIdx Date: Mon, 27 Nov 2023 14:25:25 +0100 Subject: [PATCH 07/11] Also check wildcards prefixed by "CN=" in the subject name of the certificate Signed-off-by: DL6ER --- src/webserver/x509.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/webserver/x509.c b/src/webserver/x509.c index f44075964..4dbd714c1 100644 --- a/src/webserver/x509.c +++ b/src/webserver/x509.c @@ -405,17 +405,24 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const // Also check against the common name (CN) field char subject[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - if(mbedtls_x509_dn_gets(subject, sizeof(subject), &crt.subject) > 0) + const size_t subject_len = mbedtls_x509_dn_gets(subject, sizeof(subject), &crt.subject); + if(subject_len > 0) { - // Check subject == "CN=" - if(strlen(subject) > 3 && strncasecmp(subject, "CN=", 3) == 0 && strcasecmp(domain, subject + 3) == 0) - found = true; + if(subject_len > 3 && strncasecmp(subject, "CN=", 3) == 0) + { + // Check subject + 3 == "CN=" to skip the "CN=" prefix + if(strncasecmp(domain, subject + 3, subject_len) == 0) + found = true; + // Also check if the subject is a wildcard domain + else if(check_wildcard_domain(domain, subject + 3, subject_len - 3)) + found = true; + } // Check subject == "" else if(strcasecmp(domain, subject) == 0) found = true; // Also check if the subject is a wildcard domain and if the domain // matches the wildcard - else if(check_wildcard_domain(domain, subject, strlen(subject))) + else if(check_wildcard_domain(domain, subject, subject_len)) found = true; } From 3f4502c01b1aae4f12420492ab8f6e0d8b0f5a80 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Mon, 27 Nov 2023 14:41:38 +0100 Subject: [PATCH 08/11] Add comments Signed-off-by: DL6ER --- src/webserver/x509.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/webserver/x509.c b/src/webserver/x509.c index 4dbd714c1..432c17b5a 100644 --- a/src/webserver/x509.c +++ b/src/webserver/x509.c @@ -383,6 +383,7 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const if(strncasecmp(domain, (char*)san.san.unstructured_name.p, san.san.unstructured_name.len) == 0) { found = true; + // Free resources mbedtls_x509_free_subject_alt_name(&san); break; } @@ -392,6 +393,7 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const if(check_wildcard_domain(domain, (char*)san.san.unstructured_name.p, san.san.unstructured_name.len)) { found = true; + // Free resources mbedtls_x509_free_subject_alt_name(&san); break; } @@ -408,10 +410,11 @@ enum cert_check read_certificate(const char* certfile, const char *domain, const const size_t subject_len = mbedtls_x509_dn_gets(subject, sizeof(subject), &crt.subject); if(subject_len > 0) { + // Check subjects prefixed with "CN=" if(subject_len > 3 && strncasecmp(subject, "CN=", 3) == 0) { - // Check subject + 3 == "CN=" to skip the "CN=" prefix - if(strncasecmp(domain, subject + 3, subject_len) == 0) + // Check subject + 3 to skip the prefix + if(strncasecmp(domain, subject + 3, subject_len - 3) == 0) found = true; // Also check if the subject is a wildcard domain else if(check_wildcard_domain(domain, subject + 3, subject_len - 3)) From b9b373504c795188cd9e1dfebad8c427a9df25ec Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 28 Nov 2023 00:09:33 +0100 Subject: [PATCH 09/11] Increase default value of webserver.session.timeout Signed-off-by: DL6ER --- src/config/config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/config/config.c b/src/config/config.c index 4e756198c..345bee06e 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -869,7 +869,7 @@ void initConfig(struct config *conf) conf->webserver.session.timeout.k = "webserver.session.timeout"; conf->webserver.session.timeout.h = "Session timeout in seconds. If a session is inactive for more than this time, it will be terminated. Sessions are continuously refreshed by the web interface, preventing sessions from timing out while the web interface is open.\n This option may also be used to make logins persistent for long times, e.g. 86400 seconds (24 hours), 604800 seconds (7 days) or 2592000 seconds (30 days). Note that the total number of concurrent sessions is limited so setting this value too high may result in users being rejected and unable to log in if there are already too many sessions active."; conf->webserver.session.timeout.t = CONF_UINT; - conf->webserver.session.timeout.d.ui = 300u; + conf->webserver.session.timeout.d.ui = 1800u; conf->webserver.session.restore.k = "webserver.session.restore"; conf->webserver.session.restore.h = "Should Pi-hole backup and restore sessions from the database? This is useful if you want to keep your sessions after a restart of the web interface."; From 71d726c1745275290765f78628583ccfe2999419 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 28 Nov 2023 09:31:48 +0100 Subject: [PATCH 10/11] Remove deprecated dhcp.domain setting Signed-off-by: DL6ER --- src/api/docs/content/specs/config.yaml | 5 ----- src/config/config.c | 11 ++--------- src/config/config.h | 1 - src/config/toml_writer.c | 22 ---------------------- test/pihole.toml | 11 +---------- 5 files changed, 3 insertions(+), 47 deletions(-) diff --git a/src/api/docs/content/specs/config.yaml b/src/api/docs/content/specs/config.yaml index 66a48f5b8..46577c5f5 100644 --- a/src/api/docs/content/specs/config.yaml +++ b/src/api/docs/content/specs/config.yaml @@ -311,10 +311,6 @@ components: netmask: type: string x-format: ipv4 - domain: - type: string - description: | - *Note:* This setting is deprecated and will be removed in a future release. Use dns.domain instead. leaseTime: type: string ipv6: @@ -645,7 +641,6 @@ components: start: "192.168.0.10" end: "192.168.0.250" router: "192.168.0.1" - domain: "lan" netmask: "0.0.0.0" leaseTime: "24h" ipv6: true diff --git a/src/config/config.c b/src/config/config.c index 4e756198c..888034c00 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -681,8 +681,8 @@ void initConfig(struct config *conf) conf->dns.revServer.target.f = FLAG_RESTART_FTL; conf->dns.revServer.domain.k = "dns.revServer.domain"; - conf->dns.revServer.domain.h = "Domain used for the reverse server feature"; - conf->dns.revServer.domain.a = cJSON_CreateStringReference(", typically set to the same value as dhcp.domain"); + conf->dns.revServer.domain.h = "Domain used for the reverse server feature (e.g., \"fritz.box\")"; + conf->dns.revServer.domain.a = cJSON_CreateStringReference(""); conf->dns.revServer.domain.t = CONF_STRING; conf->dns.revServer.domain.d.s = (char*)""; conf->dns.revServer.domain.f = FLAG_RESTART_FTL; @@ -715,13 +715,6 @@ void initConfig(struct config *conf) conf->dhcp.router.f = FLAG_RESTART_FTL; memset(&conf->dhcp.router.d.in_addr, 0, sizeof(struct in_addr)); - conf->dhcp.domain.k = "dhcp.domain"; - conf->dhcp.domain.h = "The DNS domain used by your Pi-hole (*** DEPRECATED ***)\n This setting is deprecated and will be removed in a future version. Please use dns.domain instead. Setting it to any non-default value will overwrite the value of dns.domain if it is still set to its default value."; - conf->dhcp.domain.a = cJSON_CreateStringReference(""); - conf->dhcp.domain.t = CONF_STRING; - conf->dhcp.domain.f = FLAG_RESTART_FTL | FLAG_ADVANCED_SETTING; - conf->dhcp.domain.d.s = (char*)"lan"; - conf->dhcp.netmask.k = "dhcp.netmask"; conf->dhcp.netmask.h = "The netmask used by your Pi-hole. For directly connected networks (i.e., networks on which the machine running Pi-hole has an interface) the netmask is optional and may be set to an empty string (\"\"): it will then be determined from the interface configuration itself. For networks which receive DHCP service via a relay agent, we cannot determine the netmask itself, so it should explicitly be specified, otherwise Pi-hole guesses based on the class (A, B or C) of the network address."; conf->dhcp.netmask.a = cJSON_CreateStringReference(" (e.g., \"255.255.255.0\") or empty string (\"\") for auto-discovery"); diff --git a/src/config/config.h b/src/config/config.h index cdacdbe38..12dd51944 100644 --- a/src/config/config.h +++ b/src/config/config.h @@ -183,7 +183,6 @@ struct config { struct conf_item start; struct conf_item end; struct conf_item router; - struct conf_item domain; struct conf_item netmask; struct conf_item leaseTime; struct conf_item ipv6; diff --git a/src/config/toml_writer.c b/src/config/toml_writer.c index 5f892daf4..340900963 100644 --- a/src/config/toml_writer.c +++ b/src/config/toml_writer.c @@ -25,25 +25,6 @@ // defined in config/config.c extern uint8_t last_checksum[SHA256_DIGEST_SIZE]; -static void migrate_config(void) -{ - // Migrating dhcp.domain -> dns.domain - if(strcmp(config.dns.domain.v.s, config.dns.domain.d.s) == 0) - { - // If the domain is the same as the default, check if the dhcp domain - // is different from the default. If so, migrate it - if(strcmp(config.dhcp.domain.v.s, config.dhcp.domain.d.s) != 0) - { - // Migrate dhcp.domain -> dns.domain - log_info("Migrating dhcp.domain = \"%s\" -> dns.domain", config.dhcp.domain.v.s); - if(config.dns.domain.t == CONF_STRING_ALLOCATED) - free(config.dns.domain.v.s); - config.dns.domain.v.s = strdup(config.dhcp.domain.v.s); - config.dns.domain.t = CONF_STRING_ALLOCATED; - } - } -} - bool writeFTLtoml(const bool verbose) { // Try to open a temporary config file for writing @@ -68,9 +49,6 @@ bool writeFTLtoml(const bool verbose) fputs(timestring, fp); fputs("\n\n", fp); - // Perform possible config migration - migrate_config(); - // Iterate over configuration and store it into the file char *last_path = (char*)""; for(unsigned int i = 0; i < CONFIG_ELEMENTS; i++) diff --git a/test/pihole.toml b/test/pihole.toml index 3aaa217d9..33b189745 100644 --- a/test/pihole.toml +++ b/test/pihole.toml @@ -370,7 +370,7 @@ # Domain used for the reverse server feature # # Possible values are: - # , typically set to the same value as dhcp.domain + # (e.g., "fritz.box") domain = "" [dhcp] @@ -396,15 +396,6 @@ # , e.g., "192.168.0.1" router = "" - # The DNS domain used by your Pi-hole (*** DEPRECATED ***) - # This setting is deprecated and will be removed in a future version. Please use - # dns.domain instead. Setting it to any non-default value will overwrite the value of - # dns.domain if it is still set to its default value. - # - # Possible values are: - # - domain = "lan" - # The netmask used by your Pi-hole. For directly connected networks (i.e., networks on # which the machine running Pi-hole has an interface) the netmask is optional and may # be set to "0.0.0.0": it will then be determined from the interface configuration From 4422c3930790cc5a562ff58c0a9f20efef44a771 Mon Sep 17 00:00:00 2001 From: DL6ER Date: Tue, 28 Nov 2023 19:22:20 +0100 Subject: [PATCH 11/11] Minor config comment fix Signed-off-by: DL6ER --- src/config/config.c | 2 +- test/pihole.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/config/config.c b/src/config/config.c index 345bee06e..862b51fc8 100644 --- a/src/config/config.c +++ b/src/config/config.c @@ -970,7 +970,7 @@ void initConfig(struct config *conf) conf->webserver.api.excludeDomains.k = "webserver.api.excludeDomains"; conf->webserver.api.excludeDomains.h = "Array of domains to be excluded from certain API responses\n Example: [ \"google.de\", \"pi-hole.net\" ]"; - conf->webserver.api.excludeDomains.a = cJSON_CreateStringReference("array of IP addresses and/or hostnames"); + conf->webserver.api.excludeDomains.a = cJSON_CreateStringReference("array of domains"); conf->webserver.api.excludeDomains.t = CONF_JSON_STRING_ARRAY; conf->webserver.api.excludeDomains.d.json = cJSON_CreateArray(); diff --git a/test/pihole.toml b/test/pihole.toml index 3aaa217d9..dfd974f33 100644 --- a/test/pihole.toml +++ b/test/pihole.toml @@ -694,7 +694,7 @@ # Example: [ "google.de", "pi-hole.net" ] # # Possible values are: - # array of IP addresses and/or hostnames + # array of domains excludeDomains = [] # How much history should be imported from the database [seconds]? (max 24*60*60 =