]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dns.cgi: Fixes bug#12395 - German umlauts not correctly displayed in remarks
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
4346cb66 30require "${General::swroot}/location-functions.pl";
8fbb12f1 31require "${General::swroot}/ids-functions.pl";
e0639d80
JPT		 32require "${General::swroot}/lang.pl";
33require "${General::swroot}/header.pl";
34
24d7c5ef
SS		 35#workaround to suppress a warning when a variable is used only once
36my @dummy = ( ${Header::colouryellow} );
37undef (@dummy);
38
39my %cgiparams=();
40my %checked=();
41my %selected=();
e0639d80
JPT		 42my $errormessage = '';
43
24d7c5ef
SS		 44# Config file which stores the DNS settings.
45my $settings_file = "${General::swroot}/dns/settings";
46
47# File which stores the configured DNS-Servers.
48my $servers_file = "${General::swroot}/dns/servers";
49
50# Create files if the does not exist.
8a1e6afe
MT		 51unless (-f $settings_file) { &General::system("touch", "$settings_file") };
52unless (-f $servers_file) { &General::system("touch", "$servers_file") };
24d7c5ef
SS		 53
54# File which stores the ISP assigned DNS servers.
1434fa0d 55my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 56
57# File which contains the ca-certificates.
58my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
770ea81e
SS		 60# Server which is used, to determine if the whole DNS system works properly.
61my $dns_test_server = "ping.ipfire.org";
62
43140993
SS		 63my $check_servers;
64
24d7c5ef
SS		 65my %color = ();
66my %mainsettings = ();
67&General::readhash("${General::swroot}/main/settings", \%mainsettings);
8186b372 68&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
24d7c5ef 69
e0639d80 70&Header::showhttpheaders();
24d7c5ef 71&Header::getcgihash(\%cgiparams);
e0639d80 72
24d7c5ef
SS		 73##
74# Save general settings.
75#
76if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
e0639d80 79
24d7c5ef
SS		 80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
e0639d80 84
24d7c5ef
SS		 85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
e0639d80 89
65ef52a3
MT		 90 if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
91 $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
92 }
93
39a6219f
SS		 94 # Check if using ISP nameservers and TLS is enabled at the same time.
95 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
96 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
97 }
98
99 # Check if there was an error.
100 if ( ! $errormessage) {
719db1cd 101
39a6219f
SS		 102 # Store settings into settings file.
103 &General::writehash("$settings_file", \%cgiparams);
104
105 # Call function to handle unbound restart, etc.
106 &_handle_unbound_and_more()
107 }
24d7c5ef
SS		 108}
109
110###
111# Add / Edit entries.
112#
113if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
114 # Hash to store the generic DNS settings.
115 my %settings = ();
116
117 # Read-in generic settings.
118 &General::readhash("$settings_file", \%settings);
e0639d80 119
038f962e
SS		 120 # Check if an IP-address has been given.
121 if ($cgiparams{"NAMESERVER"} eq "") {
122 $errormessage = "$Lang::tr{'dns no address given'}";
123 }
124
24d7c5ef 125 # Check if the given DNS server is valid.
038f962e 126 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 127 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
128 }
129
130 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
131 elsif($settings{'PROTO'} eq "TLS") {
132 unless($cgiparams{"TLS_HOSTNAME"}) {
133 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
134 } else {
135 # Check if the provided domain is valid.
136 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
137 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
138 }
e0639d80 139 }
24d7c5ef
SS		 140 }
141
24d7c5ef
SS		 142 # Go further if there was no error.
143 if ( ! $errormessage) {
5a7342fc 144 # Check if a remark has been entered.
716b8fb5
AB		 145
146 # decode the UTF-8 text so that characters with diacritical marks such as
147 # umlauts are treated correctly by the following cleanhtml command
148 $cgiparams{'REMARK'} = decode("UTF-8", $cgiparams{'REMARK'});
149
150 # run the REMARK text through cleanhtml to ensure all unsafe html characters
151 # are correctly encoded to their html entities
5a7342fc 152 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
24d7c5ef
SS		 153
154 my %dns_servers = ();
155 my $id;
156 my $status;
157
158 # Read-in configfile.
159 &General::readhasharray($servers_file, \%dns_servers);
160
161 # Check if we should edit an existing entry and got an ID.
162 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
163 # Assin the provided id.
164 $id = $cgiparams{'ID'};
165
166 # Undef the given ID.
167 undef($cgiparams{'ID'});
168
169 # Grab the configured status of the corresponding entry.
170 $status = $dns_servers{$id}[2];
171 } else {
172 # Each newly added entry automatically should be enabled.
173 $status = "enabled";
174
175 # Generate the ID for the new entry.
176 #
177 # Sort the keys by their ID and store them in an array.
178 my @keys = sort { $a <=> $b } keys %dns_servers;
179
180 # Reverse the key array.
181 my @reversed = reverse(@keys);
182
183 # Obtain the last used id.
184 my $last_id = @reversed[0];
185
186 # Increase the last id by one and use it as id for the new entry.
187 $id = ++$last_id;
188
189 # The first allowed id is 3 to keep space for
190 # possible ISP assigned DNS servers.
611587cf 191 if ($id <= "2") {
24d7c5ef
SS		 192 $id = "3";
193 }
e0639d80 194 }
24d7c5ef
SS		 195
196 # Add/Modify the entry to/in the dns_servers hash.
197 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
198
199 # Write the changed hash to the config file.
200 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 201
202 # Call function to handle unbound restart, etc.
203 &_handle_unbound_and_more();
24d7c5ef
SS		 204 } else {
205 # Switch back to previous mode.
206 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
207 }
208###
209# Toggle enable / disable.
210#
211} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
212 my %dns_servers = ();
213
214 # Only go further, if an ID has been passed.
215 if ($cgiparams{'ID'}) {
216 # Assign the given ID.
217 my $id = $cgiparams{'ID'};
218
219 # Undef the given ID.
220 undef($cgiparams{'ID'});
221
222 # Read-in configfile.
223 &General::readhasharray($servers_file, \%dns_servers);
224
225 # Grab the configured status of the corresponding entry.
226 my $status = $dns_servers{$id}[2];
227
228 # Switch the status.
229 if ($status eq "disabled") {
230 $status = "enabled";
231 } else {
232 $status = "disabled";
e0639d80 233 }
24d7c5ef
SS		 234
235 # Modify the status of the existing entry.
236 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
237
238 # Write the changed hash back to the config file.
239 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 240
241 # Call function to handle unbound restart, etc.
242 &_handle_unbound_and_more();
e0639d80 243 }
24d7c5ef
SS		 244
245## Remove entry from DNS servers list.
246#
247} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
248 my %dns_servers = ();
249
250 # Read-in configfile.
251 &General::readhasharray($servers_file, \%dns_servers);
252
253 # Drop entry from the hash.
254 delete($dns_servers{$cgiparams{'ID'}});
255
256 # Undef the given ID.
257 undef($cgiparams{'ID'});
258
259 # Write the changed hash to the config file.
260 &General::writehasharray($servers_file, \%dns_servers);
43140993 261
8f4bde65
SS		 262 # Call function to handle unbound restart, etc.
263 &_handle_unbound_and_more();
264
43140993
SS		 265## Handle request to check the servers.
266#
267} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
268 $check_servers = 1;
e0639d80
JPT		 269}
270
24d7c5ef
SS		 271# Hash to store the generic DNS settings.
272my %settings = ();
65ef52a3 273$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
24d7c5ef
SS		 274
275# Read-in general DNS settings.
276&General::readhash("$settings_file", \%settings);
277
278# Hash which contains the configured DNS servers.
279my %dns_servers = ();
280
281# Read-in config file.
282&General::readhasharray("$servers_file", \%dns_servers);
283
743808bb 284&Header::openpage($Lang::tr{'dns title'}, 1, '');
24d7c5ef
SS		 285
286&Header::openbigbox('100%', 'left', '', $errormessage);
287
288###
289# Error messages layout.
290#
291if ($errormessage) {
292 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
293 print "<class name='base'>$errormessage\n";
294 print "&nbsp;</class>\n";
295 &Header::closebox();
e0639d80
JPT		 296}
297
24d7c5ef
SS		 298# Handle if a nameserver should be added or edited.
299if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
300 # Display the sub page.
301 &show_add_edit_nameserver();
302
303 # Close webpage.
304 &Header::closebigbox();
305 &Header::closepage();
306
307 # Finished here for the moment.
308 exit(0);
2e1432c4
JPT		 309}
310
24d7c5ef
SS		 311$cgiparams{'GENERAL'} = '';
312$cgiparams{'SERVERS'} = '';
313$cgiparams{'NAMESERVER'} = '';
314$cgiparams{'TLS_HOSTNAME'} = '';
315$cgiparams{'REMARK'} ='';
316
317$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
318$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
319$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
320
321$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
322$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
323$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
324
65ef52a3
MT		 325$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
326$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
327$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
328
24d7c5ef
SS		 329$selected{'PROTO'}{'UDP'} = '';
330$selected{'PROTO'}{'TLS'} = '';
331$selected{'PROTO'}{'TCP'} = '';
332$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
333
334$selected{'QNAME_MIN'}{'standard'} = '';
335$selected{'QNAME_MIN'}{'strict'} = '';
336$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
337
338# Display nameserver and configuration sections.
339&show_nameservers();
340&show_general_dns_configuration();
341
342&Header::closebigbox();
343&Header::closepage();
344
345###
346# General DNS-Servers sektion.
347#
348sub show_general_dns_configuration () {
349 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
350
351 print <<END;
352 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
353 <table width="100%">
354 <tr>
355 <td width="33%">
356 $Lang::tr{'dns use isp assigned nameservers'}
357 </td>
358
359 <td>
360 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
361 </td>
362 </tr>
363
364 <tr>
365 <td colspan="2">
366 <br>
367 </td>
368 </tr>
369
370 <tr>
371 <td width="33%">
372 $Lang::tr{'dns use protocol for dns queries'}
373 </td>
374
375 <td>
376 <select name="PROTO">
377 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
378 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
379 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
380 </select>
381 </td>
382 </tr>
383
384 <tr>
385 <td colspan="2">
386 <br>
387 </td>
388 </tr>
389
390 <tr>
391 <td width="33%">
392 $Lang::tr{'dns enable safe-search'}
393 </td>
394
395 <td>
396 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
397 </td>
398 </tr>
399
65ef52a3
MT		 400 <tr>
401 <td width="33%">
402 &raquo; $Lang::tr{'dns enable safe-search youtube'}
403 </td>
404
405 <td>
406 <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
407 </td>
408 </tr>
409
24d7c5ef
SS		 410 <tr>
411 <td colspan="2">
412 <br>
413 </td>
414 </tr>
415
416 <tr>
417 <td width="33%">
418 $Lang::tr{'dns mode for qname minimisation'}
419 </td>
420
421 <td>
422 <select name="QNAME_MIN">
423 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
424 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
425 </select>
426 </td>
427 </tr>
428
429 <tr>
430 <td colspan="2" align="right">
431 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
432 </td>
433 </tr>
434 </table>
435 </form>
436END
437
e0639d80
JPT		 438 &Header::closebox();
439}
440
24d7c5ef
SS		 441###
442# Section to display the configured and used DNS servers.
443#
444sub show_nameservers () {
743808bb 445 &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}");
e0639d80 446
351ad526
MT		 447 # Determine if we are running in recursor mode
448 my $recursor = 0;
449 my $unbound_forward = qx(unbound-control forward);
450 if ($unbound_forward =~ m/^off/) {
451 $recursor = 1;
452 }
453
770ea81e
SS		 454 my $dns_status_string;
455 my $dns_status_col;
f03f3429 456 my $dns_working;
770ea81e 457
351ad526 458
770ea81e
SS		 459 # Test if the DNS system is working.
460 #
461 # Simple send a request to unbound and check if it can resolve the
462 # DNS test server.
f2d2c697 463 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
770ea81e
SS		 464
465 if ($dns_status_ret eq "2") {
466 $dns_status_string = "$Lang::tr{'working'}";
467 $dns_status_col = "${Header::colourgreen}";
f03f3429 468 $dns_working = 1;
770ea81e 469 } else {
46cc88ed 470 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 471 $dns_status_col = "${Header::colourred}";
472 }
473
351ad526
MT		 474 if ($recursor) {
475 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
476 }
477
18e97c76 478 print <<END;
770ea81e
SS		 479 <table width='100%'>
480 <tr>
481 <td>
482 <strong>$Lang::tr{'status'}:&nbsp;</strong>
483 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
484 </td>
485 </tr>
486 </table>
18e97c76
MT		 487END
488
489 # Check the usage of ISP assigned nameservers is enabled.
490 my $id = 1;
770ea81e 491
18e97c76
MT		 492 # Loop through the array which stores the files.
493 foreach my $file (@ISP_nameserver_files) {
494 # Grab the address of the nameserver.
495 my $address = &General::grab_address_from_file($file);
496
497 # Check if we got an address.
498 if ($address) {
499 # Add the address to the hash of nameservers.
500 $dns_servers{$id} = [ "$address", "none",
501 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
502 "$Lang::tr{'dns isp assigned nameserver'}" ];
503
504 # Increase id by one.
505 $id++;
506 }
507 }
508
509 # Check some DNS servers have been configured. In this case
510 # the hash contains at least one key.
511 my $server_amount;
512 if (keys %dns_servers) {
513 # Sort the keys by their ID and store them in an array.
514 my @keys = sort { $a <=> $b } keys %dns_servers;
515
516 print <<END;
770ea81e
SS		 517 <br>
518
24d7c5ef
SS		 519 <table class="tbl" width='100%'>
520 <tr>
521 <td align="center">
522 <strong>$Lang::tr{'nameserver'}</strong>
523 </td>
524
525 <td align="center">
526 <strong>$Lang::tr{'country'}</strong>
527 </td>
528
529 <td align="center">
530 <strong>$Lang::tr{'rdns'}</strong>
531 </td>
532
533 <td align="center">
534 <strong>$Lang::tr{'remark'}</strong>
535 </td>
43140993 536END
18e97c76
MT		 537
538 # Check if the status should be displayed.
539 if ($check_servers) {
540 print <<END;
24d7c5ef
SS		 541 <td align="center">
542 <strong>$Lang::tr{'status'}</strong>
543 </td>
43140993 544END
18e97c76 545 }
43140993 546
18e97c76 547 print <<END;
e0639d80 548
24d7c5ef
SS		 549 <td align="center" colspan="3">
550 <strong>$Lang::tr{'action'}</strong>
551 </td>
552 </tr>
830f6177 553END
24d7c5ef
SS		 554
555 # Loop through all entries of the array/hash.
556 foreach my $id (@keys) {
557 # Inrease server_amount.
558 $server_amount++;
559
560 # Assign data array positions to some nice variable names.
561 my $nameserver = $dns_servers{$id}[0];
562 my $tls_hostname = $dns_servers{$id}[1];
563 my $enabled = $dns_servers{$id}[2];
564 my $remark = $dns_servers{$id}[3];
565
566 my $col = '';
567 my $toggle = '';
568 my $gif = '';
569 my $gdesc = '';
570 my $notice = "";
571
572 # Colorize columns.
573 if ($server_amount % 2) {
574 $col="bgcolor='$color{'color22'}'"; }
575 else {
576 $col="bgcolor='$color{'color20'}'";
577 }
578
579 if ($enabled eq 'enabled') {
580 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
581 } else {
582 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
583 }
584
585 my $status;
586 my $status_short;
587 my $status_message;
588 my $status_colour;
589
590 # Only grab the status if the nameserver is enabled.
43140993 591 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 592 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
593 }
594
a25dcda2 595 if (!defined $status) {
24d7c5ef
SS		 596 $status_short = "$Lang::tr{'disabled'}";
597
598 # DNSSEC Not supported
599 } elsif ($status eq 0) {
600 $status_short = "$Lang::tr{'broken'}";
601 $status_message = $Lang::tr{'dnssec not supported'};
602 $status_colour = ${Header::colourred};
603
604 # DNSSEC Aware
605 } elsif ($status eq 1) {
606 $status_short = "$Lang::tr{'not validating'}";
607 $status_message = $Lang::tr{'dnssec aware'};
608 $status_colour = ${Header::colourblack};
609
610 # DNSSEC Validating
611 } elsif ($status eq 2) {
612 $status_short = "$Lang::tr{'ok'}";
613 $status_message = $Lang::tr{'dnssec validating'};
614 $status_colour = ${Header::colourgreen};
615
616 # Error
617 } else {
618 $status_short = "$Lang::tr{'error'}";
619 $status_message = $status;
620 $status_colour = ${Header::colourred};
621 }
622
4346cb66 623 # collect more information about name server (rDNS, country code)
07e42be9 624 my $ccode = &Location::Functions::lookup_country_code($nameserver);
4346cb66 625 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
24d7c5ef 626
25dda4a0
SS		 627 my $rdns;
628
629 # Only do the reverse lookup if the system is online.
f03f3429 630 if ($dns_working) {
25dda4a0
SS		 631 my $iaddr = inet_aton($nameserver);
632 $rdns = gethostbyaddr($iaddr, AF_INET);
633 }
24d7c5ef 634
358e42ff 635 if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; }
24d7c5ef 636
77c7a94c
MT		 637 # Mark ISP name servers as disabled
638 if ($id <= 2 && $enabled eq "disabled") {
639 $nameserver = "<del>$nameserver</del>";
640 }
641
24d7c5ef
SS		 642print <<END;
643 <tr>
644 <td align="center" $col>
645 $nameserver
646 </td>
647
648 <td align="center" $col>
649 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
650 </td>
651
652 <td align="center" $col>
653 $rdns
654 </td>
655
656 <td align="center" $col>
657 $remark
658 </td>
830f6177 659END
24d7c5ef 660;
43140993
SS		 661 # Display server status if requested.
662 if ($check_servers) {
663print <<END
664 <td align="center" $col>
665 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
666 </td>
667END
668;
669 }
670
24d7c5ef
SS		 671 # Check if the id is greater than "2".
672 #
673 # Nameservers with an ID's of one or two are ISP assigned,
674 # and we cannot perform any actions on them, so hide the tools for
675 # them.
19602b68 676 if ($id > 2) {
24d7c5ef
SS		 677
678print <<END;
679 <td align='center' width='5%' $col>
680 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
681 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
682 <input type='hidden' name='ID' value='$id' />
683 <input type='hidden' name='ENABLE' value='$toggle' />
684 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
685 </form>
686 </td>
687
688 <td align='center' width='5%' $col>
689 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
690 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
691 <input type='hidden' name='ID' value='$id' />
692 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
693 </form>
694 </td>
695
696 <td align='center' width='5%' $col>
697 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
698 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
699 <input type='hidden' name='ID' value='$id' />
700 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
701 </form>
702 </td>
830f6177 703END
24d7c5ef
SS		 704;
705 } else {
706 print "<td colspan='3' $col>&nbsp;</td>\n";
707 }
708
709
710 print"</tr>\n";
711
712 }
713
714 print"</table>\n";
715
716 print"<table width='100%'>\n";
717
718 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
19602b68 719 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
24d7c5ef
SS		 720print <<END;
721 <tr>
722 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
723 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
724 <td class='base'>$Lang::tr{'click to disable'}</td>
725 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
726 <td class='base'>$Lang::tr{'click to enable'}</td>
727 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
728 <td class='base'>$Lang::tr{'edit'}</td>
729 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
730 <td class='base'>$Lang::tr{'remove'}</td>
731 </tr>
830f6177 732END
24d7c5ef
SS		 733;
734 }
735print <<END;
736 <tr>
737 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 738 <td colspan="9" align="right">
739 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
740 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
741 </td>
24d7c5ef
SS		 742 </form>
743 </tr>
744 </table>
830f6177 745END
24d7c5ef 746;
24d7c5ef 747 } else {
351ad526 748 print <<END;
24d7c5ef 749 <table width="100%">
24d7c5ef
SS		 750 <tr>
751 <form method="post" action="$ENV{'SCRIPT_NAME'}">
752 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
753 </form>
754 </tr>
755 </table>
830f6177 756END
24d7c5ef
SS		 757 }
758
759 &Header::closebox();
830f6177 760}
24d7c5ef
SS		 761
762###
763# Section to display the add or edit subpage.
764#
765sub show_add_edit_nameserver() {
766 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
767
768 my $buttontext = $Lang::tr{'save'};
769 my $dnssec_checked;
770 my $dot_checked;
771 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
772 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
773
774 # Update button text for upate the existing entry.
775 $buttontext = $Lang::tr{'update'};
776
777 # Add hidden input for sending ID.
778 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
779
780 # Check if an ID has been given.
781 if ($cgiparams{'ID'}) {
782 # Assign cgiparams values.
783 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
784 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
785 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
786 }
787 } else {
788 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
789 }
790
f10fb4bf
SS		 791 my $tls_required_image;
792
793 # If the protocol is TLS, dispaly the required image.
794 if ($settings{'PROTO'} eq "TLS") {
795 $tls_required_image = "<img src='/blob.gif' alt='*'>";
796 }
797
24d7c5ef
SS		 798 # Add hidden input to store the mode.
799 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
800
801print <<END
802 <table width='100%'>
803 <tr>
804 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
805 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
806 </tr>
f10fb4bf
SS		 807
808
24d7c5ef 809 <tr>
f10fb4bf 810 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 811 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
812 </tr>
24d7c5ef 813
e0639d80 814
24d7c5ef
SS		 815 <tr>
816 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
817 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
818 </tr>
819 </table>
820
821 <br>
822 <hr>
823
824 <table width='100%'>
825 <tr>
826 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
827 <td width='40%' align='right'>
828 <input type="submit" name="SERVERS" value="$buttontext">
829 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
830 </td>
831 </tr>
832 </table>
e0639d80
JPT		 833END
834;
835
24d7c5ef
SS		 836 &Header::closebox();
837 print "</form>\n";
e0639d80 838
24d7c5ef
SS		 839 &Header::closebox();
840}
e0639d80 841
719db1cd
SS		 842# Private function to handle the restart of unbound and more.
843sub _handle_unbound_and_more () {
8fbb12f1
SS		 844 # Check if the IDS is running.
845 if(&IDS::ids_is_running()) {
846 # Re-generate the file which contains the DNS Server
847 # details.
848 &IDS::generate_dns_servers_file();
849
850 # Call suricatactrl to perform a reload.
851 &IDS::call_suricatactrl("restart");
852 }
80bed581 853 # Restart unbound
8a1e6afe 854 &General::system('/usr/local/bin/unboundctrl', 'reload');
719db1cd
SS		 855}
856
f36855fe
SS		 857# Check if the system is online (RED is connected).
858sub red_is_active () {
859 # Check if the "active" file is present.
860 if ( -f "${General::swroot}/red/active") {
861 # Return "1" - True.
862 return 1;
863 } else {
864 # Return nothing - False.
865 return;
866 }
867}
868
24d7c5ef 869# Function to check a given nameserver against propper work.
38f51465
MT		 870sub check_nameserver($$$$$) {
871 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
24d7c5ef 872
70187da6
SS		 873 # Check if the system is online.
874 unless (&red_is_active()) {
875 return "$Lang::tr{'system is offline'}";
876 }
877
24d7c5ef 878 # Default values.
3a5866ac 879 my @command = ("kdig", "+dnssec",
38f51465 880 "+bufsize=1232", @args);
24d7c5ef
SS		 881
882 # Handle different protols.
883 if ($proto eq "TCP") {
884 # Add TCP switch to the command.
885 push(@command, "+tcp");
886
887 } elsif($proto eq "TLS") {
888 # Add TLS switch to the command and provide the
889 # path to our file which contains the ca certs.
890 push(@command, "+tls-ca=$ca_certs_file");
891
892 # Check if a TLS hostname has been provided.
893 if ($tls_hostname) {
894 # Add TLS hostname to the command.
895 push(@command, "+tls-hostname=$tls_hostname");
896 } else {
897 return "$Lang::tr{'dns no tls hostname given'}";
898 }
899 }
900
901 # Add record to the command array.
902 push(@command, "$record");
903
904 # Add nameserver to the command array.
905 push(@command, "\@$nameserver");
906
907 # Connect to STDOUT and STDERR.
908 push(@command, "2>&1");
909
910 my @output = qx(@command);
911 my $output = join("", @output);
912
913 my $status = 0;
24d7c5ef
SS		 914
915 if ($output =~ m/status: (\w+)/) {
916 $status = ($1 eq "NOERROR");
917
918 if (!$status) {
919 return -1;
920 }
984f14bd
MT		 921 } else {
922 my $warning;
923
924 while ($output =~ m/WARNING: (.*)/g) {
925 # Add the current grabbed warning to the warning string.
926 $warning .= "$1\; ";
927 }
928
929 # Return the warning string, if we grabbed at least one.
930 if ($warning) {
931 return $warning;
932 }
24d7c5ef
SS		 933 }
934
935 my @flags = ();
936 if ($output =~ m/Flags: (.*);/) {
937 @flags = split(/ /, $1);
938 }
939
940 my $aware = ($output =~ m/RRSIG/);
71471d9b 941 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 942
943 return $aware + $validating;
944}
IPFire 2.x development tree