]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
setup: Remove DNS settings
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
24d7c5ef 30require "${General::swroot}/geoip-functions.pl";
8fbb12f1 31require "${General::swroot}/ids-functions.pl";
e0639d80
JPT		 32require "${General::swroot}/lang.pl";
33require "${General::swroot}/header.pl";
34
24d7c5ef
SS		 35#workaround to suppress a warning when a variable is used only once
36my @dummy = ( ${Header::colouryellow} );
37undef (@dummy);
38
39my %cgiparams=();
40my %checked=();
41my %selected=();
e0639d80
JPT		 42my $errormessage = '';
43
24d7c5ef
SS		 44# Config file which stores the DNS settings.
45my $settings_file = "${General::swroot}/dns/settings";
46
47# File which stores the configured DNS-Servers.
48my $servers_file = "${General::swroot}/dns/servers";
49
50# Create files if the does not exist.
51unless (-f $settings_file) { system("touch $settings_file") };
52unless (-f $servers_file) { system("touch $servers_file") };
53
54# File which stores the ISP assigned DNS servers.
1434fa0d 55my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 56
57# File which contains the ca-certificates.
58my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
770ea81e
SS		 60# Server which is used, to determine if the whole DNS system works properly.
61my $dns_test_server = "ping.ipfire.org";
62
43140993
SS		 63my $check_servers;
64
24d7c5ef
SS		 65my %color = ();
66my %mainsettings = ();
67&General::readhash("${General::swroot}/main/settings", \%mainsettings);
68&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
69
e0639d80 70&Header::showhttpheaders();
24d7c5ef 71&Header::getcgihash(\%cgiparams);
e0639d80 72
24d7c5ef
SS		 73##
74# Save general settings.
75#
76if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
e0639d80 79
24d7c5ef
SS		 80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
e0639d80 84
24d7c5ef
SS		 85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
e0639d80 89
24d7c5ef
SS		 90 # Store settings into settings file.
91 &General::writehash("$settings_file", \%cgiparams);
719db1cd
SS		 92
93 # Call function to handle unbound restart, etc.
94 &_handle_unbound_and_more()
24d7c5ef
SS		 95}
96
97###
98# Add / Edit entries.
99#
100if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
101 # Hash to store the generic DNS settings.
102 my %settings = ();
103
104 # Read-in generic settings.
105 &General::readhash("$settings_file", \%settings);
e0639d80 106
038f962e
SS		 107 # Check if an IP-address has been given.
108 if ($cgiparams{"NAMESERVER"} eq "") {
109 $errormessage = "$Lang::tr{'dns no address given'}";
110 }
111
24d7c5ef 112 # Check if the given DNS server is valid.
038f962e 113 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 114 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
115 }
116
117 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
118 elsif($settings{'PROTO'} eq "TLS") {
119 unless($cgiparams{"TLS_HOSTNAME"}) {
120 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
121 } else {
122 # Check if the provided domain is valid.
123 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
124 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
125 }
e0639d80 126 }
24d7c5ef
SS		 127 }
128
24d7c5ef
SS		 129 # Go further if there was no error.
130 if ( ! $errormessage) {
131 # Check if a remark has been entered.
132 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
133
134 my %dns_servers = ();
135 my $id;
136 my $status;
137
138 # Read-in configfile.
139 &General::readhasharray($servers_file, \%dns_servers);
140
141 # Check if we should edit an existing entry and got an ID.
142 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
143 # Assin the provided id.
144 $id = $cgiparams{'ID'};
145
146 # Undef the given ID.
147 undef($cgiparams{'ID'});
148
149 # Grab the configured status of the corresponding entry.
150 $status = $dns_servers{$id}[2];
151 } else {
152 # Each newly added entry automatically should be enabled.
153 $status = "enabled";
154
155 # Generate the ID for the new entry.
156 #
157 # Sort the keys by their ID and store them in an array.
158 my @keys = sort { $a <=> $b } keys %dns_servers;
159
160 # Reverse the key array.
161 my @reversed = reverse(@keys);
162
163 # Obtain the last used id.
164 my $last_id = @reversed[0];
165
166 # Increase the last id by one and use it as id for the new entry.
167 $id = ++$last_id;
168
169 # The first allowed id is 3 to keep space for
170 # possible ISP assigned DNS servers.
611587cf 171 if ($id <= "2") {
24d7c5ef
SS		 172 $id = "3";
173 }
e0639d80 174 }
24d7c5ef
SS		 175
176 # Add/Modify the entry to/in the dns_servers hash.
177 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
178
179 # Write the changed hash to the config file.
180 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 181
182 # Call function to handle unbound restart, etc.
183 &_handle_unbound_and_more();
24d7c5ef
SS		 184 } else {
185 # Switch back to previous mode.
186 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
187 }
188###
189# Toggle enable / disable.
190#
191} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
192 my %dns_servers = ();
193
194 # Only go further, if an ID has been passed.
195 if ($cgiparams{'ID'}) {
196 # Assign the given ID.
197 my $id = $cgiparams{'ID'};
198
199 # Undef the given ID.
200 undef($cgiparams{'ID'});
201
202 # Read-in configfile.
203 &General::readhasharray($servers_file, \%dns_servers);
204
205 # Grab the configured status of the corresponding entry.
206 my $status = $dns_servers{$id}[2];
207
208 # Switch the status.
209 if ($status eq "disabled") {
210 $status = "enabled";
211 } else {
212 $status = "disabled";
e0639d80 213 }
24d7c5ef
SS		 214
215 # Modify the status of the existing entry.
216 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
217
218 # Write the changed hash back to the config file.
219 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 220
221 # Call function to handle unbound restart, etc.
222 &_handle_unbound_and_more();
e0639d80 223 }
24d7c5ef
SS		 224
225## Remove entry from DNS servers list.
226#
227} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
228 my %dns_servers = ();
229
230 # Read-in configfile.
231 &General::readhasharray($servers_file, \%dns_servers);
232
233 # Drop entry from the hash.
234 delete($dns_servers{$cgiparams{'ID'}});
235
236 # Undef the given ID.
237 undef($cgiparams{'ID'});
238
239 # Write the changed hash to the config file.
240 &General::writehasharray($servers_file, \%dns_servers);
43140993 241
8f4bde65
SS		 242 # Call function to handle unbound restart, etc.
243 &_handle_unbound_and_more();
244
43140993
SS		 245## Handle request to check the servers.
246#
247} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
248 $check_servers = 1;
e0639d80
JPT		 249}
250
24d7c5ef
SS		 251# Hash to store the generic DNS settings.
252my %settings = ();
253
254# Read-in general DNS settings.
255&General::readhash("$settings_file", \%settings);
256
257# Hash which contains the configured DNS servers.
258my %dns_servers = ();
259
260# Read-in config file.
261&General::readhasharray("$servers_file", \%dns_servers);
262
263&Header::openpage($Lang::tr{'dns'}, 1, '');
264
265&Header::openbigbox('100%', 'left', '', $errormessage);
266
267###
268# Error messages layout.
269#
270if ($errormessage) {
271 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
272 print "<class name='base'>$errormessage\n";
273 print "&nbsp;</class>\n";
274 &Header::closebox();
e0639d80
JPT		 275}
276
24d7c5ef
SS		 277# Handle if a nameserver should be added or edited.
278if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
279 # Display the sub page.
280 &show_add_edit_nameserver();
281
282 # Close webpage.
283 &Header::closebigbox();
284 &Header::closepage();
285
286 # Finished here for the moment.
287 exit(0);
2e1432c4
JPT		 288}
289
24d7c5ef
SS		 290$cgiparams{'GENERAL'} = '';
291$cgiparams{'SERVERS'} = '';
292$cgiparams{'NAMESERVER'} = '';
293$cgiparams{'TLS_HOSTNAME'} = '';
294$cgiparams{'REMARK'} ='';
295
296$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
297$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
298$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
299
300$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
301$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
302$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
303
304$selected{'PROTO'}{'UDP'} = '';
305$selected{'PROTO'}{'TLS'} = '';
306$selected{'PROTO'}{'TCP'} = '';
307$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
308
309$selected{'QNAME_MIN'}{'standard'} = '';
310$selected{'QNAME_MIN'}{'strict'} = '';
311$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
312
313# Display nameserver and configuration sections.
314&show_nameservers();
315&show_general_dns_configuration();
316
317&Header::closebigbox();
318&Header::closepage();
319
320###
321# General DNS-Servers sektion.
322#
323sub show_general_dns_configuration () {
324 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
325
326 print <<END;
327 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
328 <table width="100%">
329 <tr>
330 <td width="33%">
331 $Lang::tr{'dns use isp assigned nameservers'}
332 </td>
333
334 <td>
335 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
336 </td>
337 </tr>
338
339 <tr>
340 <td colspan="2">
341 <br>
342 </td>
343 </tr>
344
345 <tr>
346 <td width="33%">
347 $Lang::tr{'dns use protocol for dns queries'}
348 </td>
349
350 <td>
351 <select name="PROTO">
352 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
353 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
354 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
355 </select>
356 </td>
357 </tr>
358
359 <tr>
360 <td colspan="2">
361 <br>
362 </td>
363 </tr>
364
365 <tr>
366 <td width="33%">
367 $Lang::tr{'dns enable safe-search'}
368 </td>
369
370 <td>
371 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
372 </td>
373 </tr>
374
375 <tr>
376 <td colspan="2">
377 <br>
378 </td>
379 </tr>
380
381 <tr>
382 <td width="33%">
383 $Lang::tr{'dns mode for qname minimisation'}
384 </td>
385
386 <td>
387 <select name="QNAME_MIN">
388 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
389 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
390 </select>
391 </td>
392 </tr>
393
394 <tr>
395 <td colspan="2" align="right">
396 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
397 </td>
398 </tr>
399 </table>
400 </form>
401END
402
e0639d80
JPT		 403 &Header::closebox();
404}
405
24d7c5ef
SS		 406###
407# Section to display the configured and used DNS servers.
408#
409sub show_nameservers () {
a969acc7 410 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
e0639d80 411
770ea81e
SS		 412 my $dns_status_string;
413 my $dns_status_col;
f03f3429 414 my $dns_working;
770ea81e
SS		 415
416 # Test if the DNS system is working.
417 #
418 # Simple send a request to unbound and check if it can resolve the
419 # DNS test server.
420 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
421
422 if ($dns_status_ret eq "2") {
423 $dns_status_string = "$Lang::tr{'working'}";
424 $dns_status_col = "${Header::colourgreen}";
f03f3429 425 $dns_working = 1;
770ea81e 426 } else {
46cc88ed 427 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 428 $dns_status_col = "${Header::colourred}";
429 }
430
24d7c5ef 431print <<END;
770ea81e
SS		 432 <table width='100%'>
433 <tr>
434 <td>
435 <strong>$Lang::tr{'status'}:&nbsp;</strong>
436 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
437 </td>
438 </tr>
439 </table>
440
441 <br>
442
24d7c5ef
SS		 443 <table class="tbl" width='100%'>
444 <tr>
445 <td align="center">
446 <strong>$Lang::tr{'nameserver'}</strong>
447 </td>
448
449 <td align="center">
450 <strong>$Lang::tr{'country'}</strong>
451 </td>
452
453 <td align="center">
454 <strong>$Lang::tr{'rdns'}</strong>
455 </td>
456
457 <td align="center">
458 <strong>$Lang::tr{'remark'}</strong>
459 </td>
43140993
SS		 460END
461 # Check if the status should be displayed.
462 if ($check_servers) {
463print <<END
24d7c5ef
SS		 464 <td align="center">
465 <strong>$Lang::tr{'status'}</strong>
466 </td>
43140993
SS		 467END
468;
469 }
470
471print <<END
e0639d80 472
24d7c5ef
SS		 473 <td align="center" colspan="3">
474 <strong>$Lang::tr{'action'}</strong>
475 </td>
476 </tr>
830f6177 477END
43140993 478;
24d7c5ef
SS		 479
480 # Check the usage of ISP assigned nameservers is enabled.
77c7a94c
MT		 481 my $id = 1;
482
483 # Loop through the array which stores the files.
484 foreach my $file (@ISP_nameserver_files) {
485 # Grab the address of the nameserver.
97022524 486 my $address = &General::grab_address_from_file($file);
77c7a94c
MT		 487
488 # Check if we got an address.
489 if ($address) {
490 # Add the address to the hash of nameservers.
491 $dns_servers{$id} = [ "$address", "none",
492 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
493 "$Lang::tr{'dns isp assigned nameserver'}" ];
494
495 # Increase id by one.
496 $id++;
24d7c5ef
SS		 497 }
498 }
499
500 # Check some DNS servers have been configured. In this case
501 # the hash contains at least one key.
502 my $server_amount;
503 if (keys %dns_servers) {
504 # Sort the keys by their ID and store them in an array.
505 my @keys = sort { $a <=> $b } keys %dns_servers;
506
507 # Loop through all entries of the array/hash.
508 foreach my $id (@keys) {
509 # Inrease server_amount.
510 $server_amount++;
511
512 # Assign data array positions to some nice variable names.
513 my $nameserver = $dns_servers{$id}[0];
514 my $tls_hostname = $dns_servers{$id}[1];
515 my $enabled = $dns_servers{$id}[2];
516 my $remark = $dns_servers{$id}[3];
517
518 my $col = '';
519 my $toggle = '';
520 my $gif = '';
521 my $gdesc = '';
522 my $notice = "";
523
524 # Colorize columns.
525 if ($server_amount % 2) {
526 $col="bgcolor='$color{'color22'}'"; }
527 else {
528 $col="bgcolor='$color{'color20'}'";
529 }
530
531 if ($enabled eq 'enabled') {
532 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
533 } else {
534 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
535 }
536
537 my $status;
538 my $status_short;
539 my $status_message;
540 my $status_colour;
541
542 # Only grab the status if the nameserver is enabled.
43140993 543 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 544 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
545 }
546
547 if (!$status) {
548 $status_short = "$Lang::tr{'disabled'}";
549
550 # DNSSEC Not supported
551 } elsif ($status eq 0) {
552 $status_short = "$Lang::tr{'broken'}";
553 $status_message = $Lang::tr{'dnssec not supported'};
554 $status_colour = ${Header::colourred};
555
556 # DNSSEC Aware
557 } elsif ($status eq 1) {
558 $status_short = "$Lang::tr{'not validating'}";
559 $status_message = $Lang::tr{'dnssec aware'};
560 $status_colour = ${Header::colourblack};
561
562 # DNSSEC Validating
563 } elsif ($status eq 2) {
564 $status_short = "$Lang::tr{'ok'}";
565 $status_message = $Lang::tr{'dnssec validating'};
566 $status_colour = ${Header::colourgreen};
567
568 # Error
569 } else {
570 $status_short = "$Lang::tr{'error'}";
571 $status_message = $status;
572 $status_colour = ${Header::colourred};
573 }
574
575 # collect more information about name server (rDNS, GeoIP country code)
576 my $ccode = &GeoIP::lookup($nameserver);
577 my $flag_icon = &GeoIP::get_flag_icon($ccode);
578
25dda4a0
SS		 579 my $rdns;
580
581 # Only do the reverse lookup if the system is online.
f03f3429 582 if ($dns_working) {
25dda4a0
SS		 583 my $iaddr = inet_aton($nameserver);
584 $rdns = gethostbyaddr($iaddr, AF_INET);
585 }
24d7c5ef
SS		 586
587 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
588
77c7a94c
MT		 589 # Mark ISP name servers as disabled
590 if ($id <= 2 && $enabled eq "disabled") {
591 $nameserver = "<del>$nameserver</del>";
592 }
593
24d7c5ef
SS		 594print <<END;
595 <tr>
596 <td align="center" $col>
597 $nameserver
598 </td>
599
600 <td align="center" $col>
601 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
602 </td>
603
604 <td align="center" $col>
605 $rdns
606 </td>
607
608 <td align="center" $col>
609 $remark
610 </td>
830f6177 611END
24d7c5ef 612;
43140993
SS		 613 # Display server status if requested.
614 if ($check_servers) {
615print <<END
616 <td align="center" $col>
617 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
618 </td>
619END
620;
621 }
622
24d7c5ef
SS		 623 # Check if the id is greater than "2".
624 #
625 # Nameservers with an ID's of one or two are ISP assigned,
626 # and we cannot perform any actions on them, so hide the tools for
627 # them.
628 if ($id gt "2") {
629
630print <<END;
631 <td align='center' width='5%' $col>
632 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
633 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
634 <input type='hidden' name='ID' value='$id' />
635 <input type='hidden' name='ENABLE' value='$toggle' />
636 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
637 </form>
638 </td>
639
640 <td align='center' width='5%' $col>
641 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
642 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
643 <input type='hidden' name='ID' value='$id' />
644 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
645 </form>
646 </td>
647
648 <td align='center' width='5%' $col>
649 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
650 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
651 <input type='hidden' name='ID' value='$id' />
652 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
653 </form>
654 </td>
830f6177 655END
24d7c5ef
SS		 656;
657 } else {
658 print "<td colspan='3' $col>&nbsp;</td>\n";
659 }
660
661
662 print"</tr>\n";
663
664 }
665
666 print"</table>\n";
667
668 print"<table width='100%'>\n";
669
670 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
671 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
672print <<END;
673 <tr>
674 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
675 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
676 <td class='base'>$Lang::tr{'click to disable'}</td>
677 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
678 <td class='base'>$Lang::tr{'click to enable'}</td>
679 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
680 <td class='base'>$Lang::tr{'edit'}</td>
681 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
682 <td class='base'>$Lang::tr{'remove'}</td>
683 </tr>
830f6177 684END
24d7c5ef
SS		 685;
686 }
687print <<END;
688 <tr>
689 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 690 <td colspan="9" align="right">
691 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
692 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
693 </td>
24d7c5ef
SS		 694 </form>
695 </tr>
696 </table>
830f6177 697END
24d7c5ef
SS		 698;
699
700 } else {
701print <<END;
702 <table width="100%">
703 <tr>
704 <td colspan="6" align="center">
705 <br>$Lang::tr{'guardian no entries'}<br>
706 </td>
707 </tr>
708
709 <tr>
710 <form method="post" action="$ENV{'SCRIPT_NAME'}">
711 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
712 </form>
713 </tr>
714 </table>
715
830f6177 716END
24d7c5ef
SS		 717;
718 }
719
720 &Header::closebox();
830f6177 721}
24d7c5ef
SS		 722
723###
724# Section to display the add or edit subpage.
725#
726sub show_add_edit_nameserver() {
727 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
728
729 my $buttontext = $Lang::tr{'save'};
730 my $dnssec_checked;
731 my $dot_checked;
732 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
733 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
734
735 # Update button text for upate the existing entry.
736 $buttontext = $Lang::tr{'update'};
737
738 # Add hidden input for sending ID.
739 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
740
741 # Check if an ID has been given.
742 if ($cgiparams{'ID'}) {
743 # Assign cgiparams values.
744 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
745 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
746 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
747 }
748 } else {
749 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
750 }
751
f10fb4bf
SS		 752 my $tls_required_image;
753
754 # If the protocol is TLS, dispaly the required image.
755 if ($settings{'PROTO'} eq "TLS") {
756 $tls_required_image = "<img src='/blob.gif' alt='*'>";
757 }
758
24d7c5ef
SS		 759 # Add hidden input to store the mode.
760 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
761
762print <<END
763 <table width='100%'>
764 <tr>
765 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
766 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
767 </tr>
f10fb4bf
SS		 768
769
24d7c5ef 770 <tr>
f10fb4bf 771 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 772 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
773 </tr>
24d7c5ef 774
e0639d80 775
24d7c5ef
SS		 776 <tr>
777 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
778 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
779 </tr>
780 </table>
781
782 <br>
783 <hr>
784
785 <table width='100%'>
786 <tr>
787 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
788 <td width='40%' align='right'>
789 <input type="submit" name="SERVERS" value="$buttontext">
790 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
791 </td>
792 </tr>
793 </table>
e0639d80
JPT		 794END
795;
796
24d7c5ef
SS		 797 &Header::closebox();
798 print "</form>\n";
e0639d80 799
24d7c5ef
SS		 800 &Header::closebox();
801}
e0639d80 802
719db1cd
SS		 803# Private function to handle the restart of unbound and more.
804sub _handle_unbound_and_more () {
805 # Restart unbound
4caa0efc 806 system('/usr/local/bin/unboundctrl reload >/dev/null');
8fbb12f1
SS		 807
808 # Check if the IDS is running.
809 if(&IDS::ids_is_running()) {
810 # Re-generate the file which contains the DNS Server
811 # details.
812 &IDS::generate_dns_servers_file();
813
814 # Call suricatactrl to perform a reload.
815 &IDS::call_suricatactrl("restart");
816 }
719db1cd
SS		 817}
818
f36855fe
SS		 819# Check if the system is online (RED is connected).
820sub red_is_active () {
821 # Check if the "active" file is present.
822 if ( -f "${General::swroot}/red/active") {
823 # Return "1" - True.
824 return 1;
825 } else {
826 # Return nothing - False.
827 return;
828 }
829}
830
24d7c5ef
SS		 831# Function to check a given nameserver against propper work.
832sub check_nameserver($$$$) {
833 my ($nameserver, $record, $proto, $tls_hostname) = @_;
834
70187da6
SS		 835 # Check if the system is online.
836 unless (&red_is_active()) {
837 return "$Lang::tr{'system is offline'}";
838 }
839
24d7c5ef 840 # Default values.
dab1258a 841 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
3bf804e8 842 "+bufsize=1232");
24d7c5ef
SS		 843
844 # Handle different protols.
845 if ($proto eq "TCP") {
846 # Add TCP switch to the command.
847 push(@command, "+tcp");
848
849 } elsif($proto eq "TLS") {
850 # Add TLS switch to the command and provide the
851 # path to our file which contains the ca certs.
852 push(@command, "+tls-ca=$ca_certs_file");
853
854 # Check if a TLS hostname has been provided.
855 if ($tls_hostname) {
856 # Add TLS hostname to the command.
857 push(@command, "+tls-hostname=$tls_hostname");
858 } else {
859 return "$Lang::tr{'dns no tls hostname given'}";
860 }
861 }
862
863 # Add record to the command array.
864 push(@command, "$record");
865
866 # Add nameserver to the command array.
867 push(@command, "\@$nameserver");
868
869 # Connect to STDOUT and STDERR.
870 push(@command, "2>&1");
871
872 my @output = qx(@command);
873 my $output = join("", @output);
874
875 my $status = 0;
24d7c5ef
SS		 876
877 if ($output =~ m/status: (\w+)/) {
878 $status = ($1 eq "NOERROR");
879
880 if (!$status) {
881 return -1;
882 }
984f14bd
MT		 883 } else {
884 my $warning;
885
886 while ($output =~ m/WARNING: (.*)/g) {
887 # Add the current grabbed warning to the warning string.
888 $warning .= "$1\; ";
889 }
890
891 # Return the warning string, if we grabbed at least one.
892 if ($warning) {
893 return $warning;
894 }
24d7c5ef
SS		 895 }
896
897 my @flags = ();
898 if ($output =~ m/Flags: (.*);/) {
899 @flags = split(/ /, $1);
900 }
901
902 my $aware = ($output =~ m/RRSIG/);
71471d9b 903 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 904
905 return $aware + $validating;
906}
IPFire 2.x development tree