From a5f7b621c0a9ae84a64b98ff83fd654a0692e2f0 Mon Sep 17 00:00:00 2001
From: Philipp Schafft <lion@lion.leolix.org>
Date: Thu, 22 Oct 2020 09:49:10 +0000
Subject: [PATCH] Feature: Work around and warn user if no PRNG seeds are
 configured

---
 src/admin.c              |  2 ++
 src/cfgfile.c            | 17 +++++++++++++++++
 src/cfgfile.h            |  1 +
 web/assets/css/style.css |  5 +++++
 4 files changed, 25 insertions(+)

diff --git a/src/admin.c b/src/admin.c
index bfc57cc6..5923bd96 100644
--- a/src/admin.c
+++ b/src/admin.c
@@ -1472,6 +1472,8 @@ static void command_dashboard           (client_t *client, source_t *source, adm
         __reportxml_add_maintenance(reportnode, config->reportxml_db, "8defae31-a52e-4bba-b904-76db5362860f", "warning", "No useful location is given in <location>.", NULL);
     if (config->config_problems & CONFIG_PROBLEM_ADMIN)
         __reportxml_add_maintenance(reportnode, config->reportxml_db, "cf86d88e-dc20-4359-b446-110e7065d17a", "warning", "No admin contact given in <admin>. YP directory support will is disabled.", NULL);
+    if (config->config_problems & CONFIG_PROBLEM_PRNG)
+        __reportxml_add_maintenance(reportnode, config->reportxml_db, "e2ba5a8b-4e4f-41ca-b455-68ae5fb6cae0", "error", "No PRNG seed configured. PRNG is insecure.", NULL);
 
     if (!has_sources)
         __reportxml_add_maintenance(reportnode, config->reportxml_db, "f68dd8a3-22b1-4118-aba6-b039f2c5b51e", "info", "Currently no sources are connected to this server.", NULL);
diff --git a/src/cfgfile.c b/src/cfgfile.c
index 7abc99f5..39b279c3 100644
--- a/src/cfgfile.c
+++ b/src/cfgfile.c
@@ -1166,6 +1166,23 @@ static void _parse_root(xmlDocPtr       doc,
     if (configuration->port == 0)
         configuration->port = 8000;
 
+    if (!configuration->prng_seed) {
+        configuration->config_problems |= CONFIG_PROBLEM_PRNG;
+#ifndef _WIN32
+        configuration->prng_seed = calloc(1, sizeof(prng_seed_config_t));
+        if (configuration->prng_seed) {
+            configuration->prng_seed->filename = (char*)xmlStrdup(XMLSTR("linux")); // the linux profile is also fine on BSD.
+            configuration->prng_seed->type = PRNG_SEED_TYPE_PROFILE;
+            configuration->prng_seed->size = -1;
+            ICECAST_LOG_WARN("Warning, no PRNG seed configured, using default profile \"linux\".");
+        } else {
+            ICECAST_LOG_ERROR("No PRNG seed configured and unable to add one. PRNG is insecure.");
+        }
+#else
+        ICECAST_LOG_ERROR("No PRNG seed configured and unable to add one. PRNG is insecure.");
+#endif
+    }
+
     /* issue some warnings on bad configurations */
     if (!configuration->fileserve)
         ICECAST_LOG_WARN("Warning, serving of static files has been disabled "
diff --git a/src/cfgfile.h b/src/cfgfile.h
index eeece6d9..3f621a6d 100644
--- a/src/cfgfile.h
+++ b/src/cfgfile.h
@@ -31,6 +31,7 @@
 #define CONFIG_PROBLEM_HOSTNAME         0x0001U
 #define CONFIG_PROBLEM_LOCATION         0x0002U
 #define CONFIG_PROBLEM_ADMIN            0x0004U
+#define CONFIG_PROBLEM_PRNG             0x0008U
 
 typedef enum _http_header_type {
     /* static: headers are passed as is to the client. */
diff --git a/web/assets/css/style.css b/web/assets/css/style.css
index 00e63468..1a130624 100644
--- a/web/assets/css/style.css
+++ b/web/assets/css/style.css
@@ -343,6 +343,11 @@ aside {
     list-style: none;
 }
 
+.maintenance-level-error > *:first-child::before {
+    font-weight: bold;
+    content: "Error: ";
+}
+
 .maintenance-level-warning > *:first-child::before {
     font-weight: bold;
     content: "Warning: ";