From 7c2df9c96bc238c5f5e9a43c0f31c78f78d059be Mon Sep 17 00:00:00 2001
From: Nick Peng <pymumu@gmail.com>
Date: Sun, 24 Feb 2019 00:51:58 +0800
Subject: [PATCH] LUCI support SPKI

---
 .../luci/files/luci/i18n/smartdns.zh-cn.po    | 20 ++++++++-
 .../luci/model/cbi/smartdns/upstream.lua      | 43 ++++++++++++++++++-
 package/openwrt/files/etc/init.d/smartdns     | 13 +++++-
 src/dns_client.c                              | 28 +++++++++---
 4 files changed, 96 insertions(+), 8 deletions(-)

diff --git a/package/luci/files/luci/i18n/smartdns.zh-cn.po b/package/luci/files/luci/i18n/smartdns.zh-cn.po
index 4a576a2..0ba7246 100644
--- a/package/luci/files/luci/i18n/smartdns.zh-cn.po
+++ b/package/luci/files/luci/i18n/smartdns.zh-cn.po
@@ -139,18 +139,36 @@ msgstr "协议类型"
 msgid "Domain Address"
 msgstr "域名地址"
 
+msgid "Server Group"
+msgstr "服务器组"
+
+msgid "DNS Server group belongs to, used with nameserver, such as offlce, home."
+msgsr "DNS服务器所属组， 配合nameserver使用，例如：office，home。"
+
 msgid "IP Blacklist Filtering"
 msgstr "IP黑名单过滤"
 
 msgid "Anti Answer Forgery"
 msgstr "反回答伪造"
 
-msgid "anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"
+msgid "Anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"
 msgstr "反回答伪造，如果启用后DNS工作不正常，请关闭此功能。"
 
 msgid "Filtering IP with blacklist"
 msgstr "使用IP黑名单过滤"
 
+msgid "TLS SPKI Pinning"
+msgstr "TLS SPKI 指纹"
+
+msgid "Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, leaving blank to indicate that the validity of TLS is not verified."
+msgstr "用于校验TLS服务器的有效性，数值为Base64编码的SPKI指纹, 留空表示不验证TLS的合法性"
+
+msgid "Additional Server Args"
+msgstr "额外的服务器参数"
+
+msgid "Additional Args for upstream dns servers"
+msgstr "额外的上游DNS服务器参数"
+
 msgid "Upstream DNS Server Configuration"
 msgstr "上游DNS服务器配置"
 
diff --git a/package/luci/files/luci/model/cbi/smartdns/upstream.lua b/package/luci/files/luci/model/cbi/smartdns/upstream.lua
index 1f446ce..896f3c2 100644
--- a/package/luci/files/luci/model/cbi/smartdns/upstream.lua
+++ b/package/luci/files/luci/model/cbi/smartdns/upstream.lua
@@ -13,6 +13,35 @@ s = m:section(NamedSection, sid, "server")
 s.anonymous = true
 s.addremove   = false
 
+---- name
+s:option(Value, "name", translate("DNS Server Name"), translate("DNS Server Name"))
+
+---- IP address
+o = s:option(Value, "ip", translate("ip"), translate("DNS Server ip"))
+o.datatype = "ipaddr"
+o.rmempty = false 
+---- port
+o = s:option(Value, "port", translate("port"), translate("DNS Server port"))
+o.placeholder = "default"
+o.datatype    = "port"
+o.rempty      = true
+
+---- type
+o = s:option(ListValue, "type", translate("type"), translate("DNS Server type"))
+o.placeholder = "udp"
+o:value("udp", translate("udp"))
+o:value("tcp", translate("tcp"))
+o:value("tls", translate("tls"))
+o.default     = "udp"
+o.rempty      = false
+
+---- server group
+o = s:option(Value, "server_group", translate("Server Group"), translate("DNS Server group belongs to, used with nameserver, such as offlce, home."))
+o.rmempty     = true
+o.placeholder = "default"
+o.datatype    = "hostname"
+o.rempty      = true
+
 ---- blacklist_ip
 o = s:option(Flag, "blacklist_ip", translate("IP Blacklist Filtering"), translate("Filtering IP with blacklist"))
 o.rmempty     = false
@@ -22,11 +51,23 @@ o.cfgvalue    = function(...)
 end
 
 ---- anti-Answer-Forgery
-o = s:option(Flag, "check_edns", translate("Anti Answer Forgery"), translate("anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"))
+o = s:option(Flag, "check_edns", translate("Anti Answer Forgery"), translate("Anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"))
 o.rmempty     = false
 o.default     = o.disabled
 o.cfgvalue    = function(...)
     return Flag.cfgvalue(...) or "0"
 end
 
+---- SPKI pin
+o = s:option(Value, "spki_pin", translate("TLS SPKI Pinning"), translate("Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, leaving blank to indicate that the validity of TLS is not verified."))
+o.default     = ""
+o.datatype    = "wpakey"
+o.rempty      = true
+
+---- other args
+o = s:option(Value, "addition_arg", translate("Additional Server Args"), translate("Additional Args for upstream dns servers"))
+o.default     = ""
+o.rempty      = true
+o.optional    = true
+
 return m
\ No newline at end of file
diff --git a/package/openwrt/files/etc/init.d/smartdns b/package/openwrt/files/etc/init.d/smartdns
index a9b3706..7e746f6 100644
--- a/package/openwrt/files/etc/init.d/smartdns
+++ b/package/openwrt/files/etc/init.d/smartdns
@@ -136,8 +136,11 @@ load_server()
 	config_get "port" "$section" "port" ""
 	config_get "type" "$section" "type" "udp"
 	config_get "ip" "$section" "ip" ""
+	config_get "server_group" "$section" "server_group" ""
 	config_get "blacklist_ip" "$section" "blacklist_ip" "0"
 	config_get "check_edns" "$section" "check_edns" "0"
+	config_get "spki_pin" "$section" "spki_pin" ""
+	config_get "addition_arg" "$section" "addition_arg" ""
 
 	if [ "$enabled" = "0" ]; then
 		return
@@ -160,6 +163,10 @@ load_server()
 		fi
 	fi
 
+	if [ ! -z "$server_group" ]; then
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -group $server_group"
+	fi
+
 	if [ "$blacklist_ip" != "0" ]; then
 		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -blacklist-ip"
 	fi
@@ -168,13 +175,17 @@ load_server()
 		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -check-edns"
 	fi
 
+	if [ ! -z "$spki_pin" ]; then
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -spki-pin $spki_pin"
+	fi
+
 	if [ ! -z "$port" ]; then
 		DNS_ADDRESS="$ip:$port"
 	else
 		DNS_ADDRESS="$ip"
 	fi
 
-	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS"
+	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg"
 }
 
 load_service() {
diff --git a/src/dns_client.c b/src/dns_client.c
index 9eb4bff..5fc1ee3 100644
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -363,6 +363,26 @@ static struct dns_server_group *_dns_client_get_group(const char *group_name)
 	return NULL;
 }
 
+/* get server group by name */
+static struct dns_server_group *_dns_client_get_dnsserver_group(const char *group_name)
+{
+	struct dns_server_group *group = _dns_client_get_group(group_name);
+
+	if (group == NULL) {
+		group = client.default_group;
+		tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
+	} else {
+		if (list_empty(&group->head)) {
+			group = client.default_group;
+			tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
+		} else {
+			tlog(TLOG_DEBUG, "send query to group %s", group_name);
+		}
+	}
+
+	return group;
+}
+
 /* add server to group */
 static int _dns_client_add_to_group(char *group_name, struct dns_server_info *server_info)
 {
@@ -2208,12 +2228,10 @@ int dns_client_query(char *domain, int qtype, dns_client_callback callback, void
 	query->qtype = qtype;
 	query->send_tick = 0;
 	query->sid = atomic_inc_return(&dns_client_sid);
-	query->server_group = _dns_client_get_group(group_name);
+	query->server_group = _dns_client_get_dnsserver_group(group_name);
 	if (query->server_group == NULL) {
-		query->server_group = client.default_group;
-		tlog(TLOG_DEBUG, "send query to group %s", DNS_SERVER_GROUP_DEFAULT);
-	} else {
-		tlog(TLOG_DEBUG, "send query to group %s", group_name);
+		tlog(TLOG_ERROR, "get dns server group %s failed.", group_name);
+		goto errout;
 	}
 
 	_dns_client_query_get(query);