]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dns.cgi: Perform server checks on user request
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
24d7c5ef 30require "${General::swroot}/geoip-functions.pl";
e0639d80
JPT		 31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
24d7c5ef
SS		 34#workaround to suppress a warning when a variable is used only once
35my @dummy = ( ${Header::colouryellow} );
36undef (@dummy);
37
38my %cgiparams=();
39my %checked=();
40my %selected=();
e0639d80
JPT		 41my $errormessage = '';
42
24d7c5ef
SS		 43# Config file which stores the DNS settings.
44my $settings_file = "${General::swroot}/dns/settings";
45
46# File which stores the configured DNS-Servers.
47my $servers_file = "${General::swroot}/dns/servers";
48
49# Create files if the does not exist.
50unless (-f $settings_file) { system("touch $settings_file") };
51unless (-f $servers_file) { system("touch $servers_file") };
52
53# File which stores the ISP assigned DNS servers.
1434fa0d 54my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 55
56# File which contains the ca-certificates.
57my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
58
43140993
SS		 59my $check_servers;
60
24d7c5ef
SS		 61my %color = ();
62my %mainsettings = ();
63&General::readhash("${General::swroot}/main/settings", \%mainsettings);
64&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
65
e0639d80 66&Header::showhttpheaders();
24d7c5ef 67&Header::getcgihash(\%cgiparams);
e0639d80 68
24d7c5ef
SS		 69##
70# Save general settings.
71#
72if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
73 # Prevent form name from been stored in conf file.
74 delete $cgiparams{'GENERAL'};
e0639d80 75
24d7c5ef
SS		 76 # Add value for non-checked checkbox.
77 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
78 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
79 }
e0639d80 80
24d7c5ef
SS		 81 # Add value for non-checked checkbox.
82 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
83 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
84 }
e0639d80 85
24d7c5ef
SS		 86 # Store settings into settings file.
87 &General::writehash("$settings_file", \%cgiparams);
88}
89
90###
91# Add / Edit entries.
92#
93if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
94 # Hash to store the generic DNS settings.
95 my %settings = ();
96
97 # Read-in generic settings.
98 &General::readhash("$settings_file", \%settings);
e0639d80 99
038f962e
SS		 100 # Check if an IP-address has been given.
101 if ($cgiparams{"NAMESERVER"} eq "") {
102 $errormessage = "$Lang::tr{'dns no address given'}";
103 }
104
24d7c5ef 105 # Check if the given DNS server is valid.
038f962e 106 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 107 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
108 }
109
110 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
111 elsif($settings{'PROTO'} eq "TLS") {
112 unless($cgiparams{"TLS_HOSTNAME"}) {
113 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
114 } else {
115 # Check if the provided domain is valid.
116 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
117 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
118 }
e0639d80 119 }
24d7c5ef
SS		 120 }
121
24d7c5ef
SS		 122 # Go further if there was no error.
123 if ( ! $errormessage) {
124 # Check if a remark has been entered.
125 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
126
127 my %dns_servers = ();
128 my $id;
129 my $status;
130
131 # Read-in configfile.
132 &General::readhasharray($servers_file, \%dns_servers);
133
134 # Check if we should edit an existing entry and got an ID.
135 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
136 # Assin the provided id.
137 $id = $cgiparams{'ID'};
138
139 # Undef the given ID.
140 undef($cgiparams{'ID'});
141
142 # Grab the configured status of the corresponding entry.
143 $status = $dns_servers{$id}[2];
144 } else {
145 # Each newly added entry automatically should be enabled.
146 $status = "enabled";
147
148 # Generate the ID for the new entry.
149 #
150 # Sort the keys by their ID and store them in an array.
151 my @keys = sort { $a <=> $b } keys %dns_servers;
152
153 # Reverse the key array.
154 my @reversed = reverse(@keys);
155
156 # Obtain the last used id.
157 my $last_id = @reversed[0];
158
159 # Increase the last id by one and use it as id for the new entry.
160 $id = ++$last_id;
161
162 # The first allowed id is 3 to keep space for
163 # possible ISP assigned DNS servers.
164 if ($id le "2") {
165 $id = "3";
166 }
e0639d80 167 }
24d7c5ef
SS		 168
169 # Add/Modify the entry to/in the dns_servers hash.
170 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
171
172 # Write the changed hash to the config file.
173 &General::writehasharray($servers_file, \%dns_servers);
174 } else {
175 # Switch back to previous mode.
176 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
177 }
178###
179# Toggle enable / disable.
180#
181} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
182 my %dns_servers = ();
183
184 # Only go further, if an ID has been passed.
185 if ($cgiparams{'ID'}) {
186 # Assign the given ID.
187 my $id = $cgiparams{'ID'};
188
189 # Undef the given ID.
190 undef($cgiparams{'ID'});
191
192 # Read-in configfile.
193 &General::readhasharray($servers_file, \%dns_servers);
194
195 # Grab the configured status of the corresponding entry.
196 my $status = $dns_servers{$id}[2];
197
198 # Switch the status.
199 if ($status eq "disabled") {
200 $status = "enabled";
201 } else {
202 $status = "disabled";
e0639d80 203 }
24d7c5ef
SS		 204
205 # Modify the status of the existing entry.
206 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
207
208 # Write the changed hash back to the config file.
209 &General::writehasharray($servers_file, \%dns_servers);
e0639d80 210 }
24d7c5ef
SS		 211
212## Remove entry from DNS servers list.
213#
214} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
215 my %dns_servers = ();
216
217 # Read-in configfile.
218 &General::readhasharray($servers_file, \%dns_servers);
219
220 # Drop entry from the hash.
221 delete($dns_servers{$cgiparams{'ID'}});
222
223 # Undef the given ID.
224 undef($cgiparams{'ID'});
225
226 # Write the changed hash to the config file.
227 &General::writehasharray($servers_file, \%dns_servers);
43140993
SS		 228
229## Handle request to check the servers.
230#
231} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
232 $check_servers = 1;
e0639d80
JPT		 233}
234
24d7c5ef
SS		 235# Hash to store the generic DNS settings.
236my %settings = ();
237
238# Read-in general DNS settings.
239&General::readhash("$settings_file", \%settings);
240
241# Hash which contains the configured DNS servers.
242my %dns_servers = ();
243
244# Read-in config file.
245&General::readhasharray("$servers_file", \%dns_servers);
246
247&Header::openpage($Lang::tr{'dns'}, 1, '');
248
249&Header::openbigbox('100%', 'left', '', $errormessage);
250
251###
252# Error messages layout.
253#
254if ($errormessage) {
255 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
256 print "<class name='base'>$errormessage\n";
257 print "&nbsp;</class>\n";
258 &Header::closebox();
e0639d80
JPT		 259}
260
24d7c5ef
SS		 261# Handle if a nameserver should be added or edited.
262if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
263 # Display the sub page.
264 &show_add_edit_nameserver();
265
266 # Close webpage.
267 &Header::closebigbox();
268 &Header::closepage();
269
270 # Finished here for the moment.
271 exit(0);
2e1432c4
JPT		 272}
273
24d7c5ef
SS		 274$cgiparams{'GENERAL'} = '';
275$cgiparams{'SERVERS'} = '';
276$cgiparams{'NAMESERVER'} = '';
277$cgiparams{'TLS_HOSTNAME'} = '';
278$cgiparams{'REMARK'} ='';
279
280$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
281$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
282$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
283
284$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
285$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
286$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
287
288$selected{'PROTO'}{'UDP'} = '';
289$selected{'PROTO'}{'TLS'} = '';
290$selected{'PROTO'}{'TCP'} = '';
291$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
292
293$selected{'QNAME_MIN'}{'standard'} = '';
294$selected{'QNAME_MIN'}{'strict'} = '';
295$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
296
297# Display nameserver and configuration sections.
298&show_nameservers();
299&show_general_dns_configuration();
300
301&Header::closebigbox();
302&Header::closepage();
303
304###
305# General DNS-Servers sektion.
306#
307sub show_general_dns_configuration () {
308 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
309
310 print <<END;
311 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
312 <table width="100%">
313 <tr>
314 <td width="33%">
315 $Lang::tr{'dns use isp assigned nameservers'}
316 </td>
317
318 <td>
319 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
320 </td>
321 </tr>
322
323 <tr>
324 <td colspan="2">
325 <br>
326 </td>
327 </tr>
328
329 <tr>
330 <td width="33%">
331 $Lang::tr{'dns use protocol for dns queries'}
332 </td>
333
334 <td>
335 <select name="PROTO">
336 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
337 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
338 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
339 </select>
340 </td>
341 </tr>
342
343 <tr>
344 <td colspan="2">
345 <br>
346 </td>
347 </tr>
348
349 <tr>
350 <td width="33%">
351 $Lang::tr{'dns enable safe-search'}
352 </td>
353
354 <td>
355 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
356 </td>
357 </tr>
358
359 <tr>
360 <td colspan="2">
361 <br>
362 </td>
363 </tr>
364
365 <tr>
366 <td width="33%">
367 $Lang::tr{'dns mode for qname minimisation'}
368 </td>
369
370 <td>
371 <select name="QNAME_MIN">
372 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
373 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
374 </select>
375 </td>
376 </tr>
377
378 <tr>
379 <td colspan="2" align="right">
380 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
381 </td>
382 </tr>
383 </table>
384 </form>
385END
386
e0639d80
JPT		 387 &Header::closebox();
388}
389
24d7c5ef
SS		 390###
391# Section to display the configured and used DNS servers.
392#
393sub show_nameservers () {
a969acc7 394 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
e0639d80 395
24d7c5ef
SS		 396print <<END;
397 <table class="tbl" width='100%'>
398 <tr>
399 <td align="center">
400 <strong>$Lang::tr{'nameserver'}</strong>
401 </td>
402
403 <td align="center">
404 <strong>$Lang::tr{'country'}</strong>
405 </td>
406
407 <td align="center">
408 <strong>$Lang::tr{'rdns'}</strong>
409 </td>
410
411 <td align="center">
412 <strong>$Lang::tr{'remark'}</strong>
413 </td>
43140993
SS		 414END
415 # Check if the status should be displayed.
416 if ($check_servers) {
417print <<END
24d7c5ef
SS		 418 <td align="center">
419 <strong>$Lang::tr{'status'}</strong>
420 </td>
43140993
SS		 421END
422;
423 }
424
425print <<END
e0639d80 426
24d7c5ef
SS		 427 <td align="center" colspan="3">
428 <strong>$Lang::tr{'action'}</strong>
429 </td>
430 </tr>
830f6177 431END
43140993 432;
24d7c5ef
SS		 433
434 # Check the usage of ISP assigned nameservers is enabled.
77c7a94c
MT		 435 my $id = 1;
436
437 # Loop through the array which stores the files.
438 foreach my $file (@ISP_nameserver_files) {
439 # Grab the address of the nameserver.
440 my $address = &grab_address_from_file($file);
441
442 # Check if we got an address.
443 if ($address) {
444 # Add the address to the hash of nameservers.
445 $dns_servers{$id} = [ "$address", "none",
446 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
447 "$Lang::tr{'dns isp assigned nameserver'}" ];
448
449 # Increase id by one.
450 $id++;
24d7c5ef
SS		 451 }
452 }
453
454 # Check some DNS servers have been configured. In this case
455 # the hash contains at least one key.
456 my $server_amount;
457 if (keys %dns_servers) {
458 # Sort the keys by their ID and store them in an array.
459 my @keys = sort { $a <=> $b } keys %dns_servers;
460
461 # Loop through all entries of the array/hash.
462 foreach my $id (@keys) {
463 # Inrease server_amount.
464 $server_amount++;
465
466 # Assign data array positions to some nice variable names.
467 my $nameserver = $dns_servers{$id}[0];
468 my $tls_hostname = $dns_servers{$id}[1];
469 my $enabled = $dns_servers{$id}[2];
470 my $remark = $dns_servers{$id}[3];
471
472 my $col = '';
473 my $toggle = '';
474 my $gif = '';
475 my $gdesc = '';
476 my $notice = "";
477
478 # Colorize columns.
479 if ($server_amount % 2) {
480 $col="bgcolor='$color{'color22'}'"; }
481 else {
482 $col="bgcolor='$color{'color20'}'";
483 }
484
485 if ($enabled eq 'enabled') {
486 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
487 } else {
488 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
489 }
490
491 my $status;
492 my $status_short;
493 my $status_message;
494 my $status_colour;
495
496 # Only grab the status if the nameserver is enabled.
43140993 497 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 498 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
499 }
500
501 if (!$status) {
502 $status_short = "$Lang::tr{'disabled'}";
503
504 # DNSSEC Not supported
505 } elsif ($status eq 0) {
506 $status_short = "$Lang::tr{'broken'}";
507 $status_message = $Lang::tr{'dnssec not supported'};
508 $status_colour = ${Header::colourred};
509
510 # DNSSEC Aware
511 } elsif ($status eq 1) {
512 $status_short = "$Lang::tr{'not validating'}";
513 $status_message = $Lang::tr{'dnssec aware'};
514 $status_colour = ${Header::colourblack};
515
516 # DNSSEC Validating
517 } elsif ($status eq 2) {
518 $status_short = "$Lang::tr{'ok'}";
519 $status_message = $Lang::tr{'dnssec validating'};
520 $status_colour = ${Header::colourgreen};
521
522 # Error
523 } else {
524 $status_short = "$Lang::tr{'error'}";
525 $status_message = $status;
526 $status_colour = ${Header::colourred};
527 }
528
529 # collect more information about name server (rDNS, GeoIP country code)
530 my $ccode = &GeoIP::lookup($nameserver);
531 my $flag_icon = &GeoIP::get_flag_icon($ccode);
532
25dda4a0
SS		 533 my $rdns;
534
535 # Only do the reverse lookup if the system is online.
f36855fe 536 if (&red_is_active()) {
25dda4a0
SS		 537 my $iaddr = inet_aton($nameserver);
538 $rdns = gethostbyaddr($iaddr, AF_INET);
539 }
24d7c5ef
SS		 540
541 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
542
77c7a94c
MT		 543 # Mark ISP name servers as disabled
544 if ($id <= 2 && $enabled eq "disabled") {
545 $nameserver = "<del>$nameserver</del>";
546 }
547
24d7c5ef
SS		 548print <<END;
549 <tr>
550 <td align="center" $col>
551 $nameserver
552 </td>
553
554 <td align="center" $col>
555 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
556 </td>
557
558 <td align="center" $col>
559 $rdns
560 </td>
561
562 <td align="center" $col>
563 $remark
564 </td>
830f6177 565END
24d7c5ef 566;
43140993
SS		 567 # Display server status if requested.
568 if ($check_servers) {
569print <<END
570 <td align="center" $col>
571 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
572 </td>
573END
574;
575 }
576
24d7c5ef
SS		 577 # Check if the id is greater than "2".
578 #
579 # Nameservers with an ID's of one or two are ISP assigned,
580 # and we cannot perform any actions on them, so hide the tools for
581 # them.
582 if ($id gt "2") {
583
584print <<END;
585 <td align='center' width='5%' $col>
586 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
587 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
588 <input type='hidden' name='ID' value='$id' />
589 <input type='hidden' name='ENABLE' value='$toggle' />
590 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
591 </form>
592 </td>
593
594 <td align='center' width='5%' $col>
595 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
596 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
597 <input type='hidden' name='ID' value='$id' />
598 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
599 </form>
600 </td>
601
602 <td align='center' width='5%' $col>
603 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
604 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
605 <input type='hidden' name='ID' value='$id' />
606 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
607 </form>
608 </td>
830f6177 609END
24d7c5ef
SS		 610;
611 } else {
612 print "<td colspan='3' $col>&nbsp;</td>\n";
613 }
614
615
616 print"</tr>\n";
617
618 }
619
620 print"</table>\n";
621
622 print"<table width='100%'>\n";
623
624 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
625 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
626print <<END;
627 <tr>
628 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
629 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
630 <td class='base'>$Lang::tr{'click to disable'}</td>
631 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
632 <td class='base'>$Lang::tr{'click to enable'}</td>
633 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
634 <td class='base'>$Lang::tr{'edit'}</td>
635 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
636 <td class='base'>$Lang::tr{'remove'}</td>
637 </tr>
830f6177 638END
24d7c5ef
SS		 639;
640 }
641print <<END;
642 <tr>
643 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 644 <td colspan="9" align="right">
645 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
646 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
647 </td>
24d7c5ef
SS		 648 </form>
649 </tr>
650 </table>
830f6177 651END
24d7c5ef
SS		 652;
653
654 } else {
655print <<END;
656 <table width="100%">
657 <tr>
658 <td colspan="6" align="center">
659 <br>$Lang::tr{'guardian no entries'}<br>
660 </td>
661 </tr>
662
663 <tr>
664 <form method="post" action="$ENV{'SCRIPT_NAME'}">
665 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
666 </form>
667 </tr>
668 </table>
669
830f6177 670END
24d7c5ef
SS		 671;
672 }
673
674 &Header::closebox();
830f6177 675}
24d7c5ef
SS		 676
677###
678# Section to display the add or edit subpage.
679#
680sub show_add_edit_nameserver() {
681 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
682
683 my $buttontext = $Lang::tr{'save'};
684 my $dnssec_checked;
685 my $dot_checked;
686 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
687 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
688
689 # Update button text for upate the existing entry.
690 $buttontext = $Lang::tr{'update'};
691
692 # Add hidden input for sending ID.
693 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
694
695 # Check if an ID has been given.
696 if ($cgiparams{'ID'}) {
697 # Assign cgiparams values.
698 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
699 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
700 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
701 }
702 } else {
703 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
704 }
705
f10fb4bf
SS		 706 my $tls_required_image;
707
708 # If the protocol is TLS, dispaly the required image.
709 if ($settings{'PROTO'} eq "TLS") {
710 $tls_required_image = "<img src='/blob.gif' alt='*'>";
711 }
712
24d7c5ef
SS		 713 # Add hidden input to store the mode.
714 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
715
716print <<END
717 <table width='100%'>
718 <tr>
719 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
720 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
721 </tr>
f10fb4bf
SS		 722
723
24d7c5ef 724 <tr>
f10fb4bf 725 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 726 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
727 </tr>
24d7c5ef 728
e0639d80 729
24d7c5ef
SS		 730 <tr>
731 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
732 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
733 </tr>
734 </table>
735
736 <br>
737 <hr>
738
739 <table width='100%'>
740 <tr>
741 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
742 <td width='40%' align='right'>
743 <input type="submit" name="SERVERS" value="$buttontext">
744 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
745 </td>
746 </tr>
747 </table>
e0639d80
JPT		 748END
749;
750
24d7c5ef
SS		 751 &Header::closebox();
752 print "</form>\n";
e0639d80 753
24d7c5ef
SS		 754 &Header::closebox();
755}
e0639d80 756
f36855fe
SS		 757# Check if the system is online (RED is connected).
758sub red_is_active () {
759 # Check if the "active" file is present.
760 if ( -f "${General::swroot}/red/active") {
761 # Return "1" - True.
762 return 1;
763 } else {
764 # Return nothing - False.
765 return;
766 }
767}
768
24d7c5ef
SS		 769# Tiny function to grab an IP-address of a given file.
770sub grab_address_from_file($) {
771 my ($file) = @_;
e0639d80 772
24d7c5ef
SS		 773 my $address;
774
775 # Check if the given file exists.
776 if(-f $file) {
777 # Open the file for reading.
778 open(FILE, $file) or die "Could not read from $file. $!\n";
779
780 # Read the address from the file.
781 $address = <FILE>;
e0639d80 782
24d7c5ef
SS		 783 # Close filehandle.
784 close(FILE);
785
786 # Remove newlines.
787 chomp($address);
788
789 # Check if the obtained address is valid.
790 if (&General::validip($address)) {
791 # Return the address.
792 return $address;
793 }
794 }
795
796 # Return nothing.
797 return;
798}
799
800# Function to check a given nameserver against propper work.
801sub check_nameserver($$$$) {
802 my ($nameserver, $record, $proto, $tls_hostname) = @_;
803
70187da6
SS		 804 # Check if the system is online.
805 unless (&red_is_active()) {
806 return "$Lang::tr{'system is offline'}";
807 }
808
24d7c5ef 809 # Default values.
dab1258a 810 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
3bf804e8 811 "+bufsize=1232");
24d7c5ef
SS		 812
813 # Handle different protols.
814 if ($proto eq "TCP") {
815 # Add TCP switch to the command.
816 push(@command, "+tcp");
817
818 } elsif($proto eq "TLS") {
819 # Add TLS switch to the command and provide the
820 # path to our file which contains the ca certs.
821 push(@command, "+tls-ca=$ca_certs_file");
822
823 # Check if a TLS hostname has been provided.
824 if ($tls_hostname) {
825 # Add TLS hostname to the command.
826 push(@command, "+tls-hostname=$tls_hostname");
827 } else {
828 return "$Lang::tr{'dns no tls hostname given'}";
829 }
830 }
831
832 # Add record to the command array.
833 push(@command, "$record");
834
835 # Add nameserver to the command array.
836 push(@command, "\@$nameserver");
837
838 # Connect to STDOUT and STDERR.
839 push(@command, "2>&1");
840
841 my @output = qx(@command);
842 my $output = join("", @output);
843
844 my $status = 0;
24d7c5ef
SS		 845
846 if ($output =~ m/status: (\w+)/) {
847 $status = ($1 eq "NOERROR");
848
849 if (!$status) {
850 return -1;
851 }
984f14bd
MT		 852 } else {
853 my $warning;
854
855 while ($output =~ m/WARNING: (.*)/g) {
856 # Add the current grabbed warning to the warning string.
857 $warning .= "$1\; ";
858 }
859
860 # Return the warning string, if we grabbed at least one.
861 if ($warning) {
862 return $warning;
863 }
24d7c5ef
SS		 864 }
865
866 my @flags = ();
867 if ($output =~ m/Flags: (.*);/) {
868 @flags = split(/ /, $1);
869 }
870
871 my $aware = ($output =~ m/RRSIG/);
71471d9b 872 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 873
874 return $aware + $validating;
875}
IPFire 2.x development tree