]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dns.cgi: Display DNS system status.
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
24d7c5ef 30require "${General::swroot}/geoip-functions.pl";
e0639d80
JPT		 31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
24d7c5ef
SS		 34#workaround to suppress a warning when a variable is used only once
35my @dummy = ( ${Header::colouryellow} );
36undef (@dummy);
37
38my %cgiparams=();
39my %checked=();
40my %selected=();
e0639d80
JPT		 41my $errormessage = '';
42
24d7c5ef
SS		 43# Config file which stores the DNS settings.
44my $settings_file = "${General::swroot}/dns/settings";
45
46# File which stores the configured DNS-Servers.
47my $servers_file = "${General::swroot}/dns/servers";
48
49# Create files if the does not exist.
50unless (-f $settings_file) { system("touch $settings_file") };
51unless (-f $servers_file) { system("touch $servers_file") };
52
53# File which stores the ISP assigned DNS servers.
1434fa0d 54my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 55
56# File which contains the ca-certificates.
57my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
58
770ea81e
SS		 59# Server which is used, to determine if the whole DNS system works properly.
60my $dns_test_server = "ping.ipfire.org";
61
43140993
SS		 62my $check_servers;
63
24d7c5ef
SS		 64my %color = ();
65my %mainsettings = ();
66&General::readhash("${General::swroot}/main/settings", \%mainsettings);
67&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
68
e0639d80 69&Header::showhttpheaders();
24d7c5ef 70&Header::getcgihash(\%cgiparams);
e0639d80 71
24d7c5ef
SS		 72##
73# Save general settings.
74#
75if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
76 # Prevent form name from been stored in conf file.
77 delete $cgiparams{'GENERAL'};
e0639d80 78
24d7c5ef
SS		 79 # Add value for non-checked checkbox.
80 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
81 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
82 }
e0639d80 83
24d7c5ef
SS		 84 # Add value for non-checked checkbox.
85 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
86 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
87 }
e0639d80 88
24d7c5ef
SS		 89 # Store settings into settings file.
90 &General::writehash("$settings_file", \%cgiparams);
91}
92
93###
94# Add / Edit entries.
95#
96if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
97 # Hash to store the generic DNS settings.
98 my %settings = ();
99
100 # Read-in generic settings.
101 &General::readhash("$settings_file", \%settings);
e0639d80 102
038f962e
SS		 103 # Check if an IP-address has been given.
104 if ($cgiparams{"NAMESERVER"} eq "") {
105 $errormessage = "$Lang::tr{'dns no address given'}";
106 }
107
24d7c5ef 108 # Check if the given DNS server is valid.
038f962e 109 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 110 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
111 }
112
113 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
114 elsif($settings{'PROTO'} eq "TLS") {
115 unless($cgiparams{"TLS_HOSTNAME"}) {
116 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
117 } else {
118 # Check if the provided domain is valid.
119 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
120 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
121 }
e0639d80 122 }
24d7c5ef
SS		 123 }
124
24d7c5ef
SS		 125 # Go further if there was no error.
126 if ( ! $errormessage) {
127 # Check if a remark has been entered.
128 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
129
130 my %dns_servers = ();
131 my $id;
132 my $status;
133
134 # Read-in configfile.
135 &General::readhasharray($servers_file, \%dns_servers);
136
137 # Check if we should edit an existing entry and got an ID.
138 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
139 # Assin the provided id.
140 $id = $cgiparams{'ID'};
141
142 # Undef the given ID.
143 undef($cgiparams{'ID'});
144
145 # Grab the configured status of the corresponding entry.
146 $status = $dns_servers{$id}[2];
147 } else {
148 # Each newly added entry automatically should be enabled.
149 $status = "enabled";
150
151 # Generate the ID for the new entry.
152 #
153 # Sort the keys by their ID and store them in an array.
154 my @keys = sort { $a <=> $b } keys %dns_servers;
155
156 # Reverse the key array.
157 my @reversed = reverse(@keys);
158
159 # Obtain the last used id.
160 my $last_id = @reversed[0];
161
162 # Increase the last id by one and use it as id for the new entry.
163 $id = ++$last_id;
164
165 # The first allowed id is 3 to keep space for
166 # possible ISP assigned DNS servers.
167 if ($id le "2") {
168 $id = "3";
169 }
e0639d80 170 }
24d7c5ef
SS		 171
172 # Add/Modify the entry to/in the dns_servers hash.
173 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
174
175 # Write the changed hash to the config file.
176 &General::writehasharray($servers_file, \%dns_servers);
177 } else {
178 # Switch back to previous mode.
179 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
180 }
181###
182# Toggle enable / disable.
183#
184} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
185 my %dns_servers = ();
186
187 # Only go further, if an ID has been passed.
188 if ($cgiparams{'ID'}) {
189 # Assign the given ID.
190 my $id = $cgiparams{'ID'};
191
192 # Undef the given ID.
193 undef($cgiparams{'ID'});
194
195 # Read-in configfile.
196 &General::readhasharray($servers_file, \%dns_servers);
197
198 # Grab the configured status of the corresponding entry.
199 my $status = $dns_servers{$id}[2];
200
201 # Switch the status.
202 if ($status eq "disabled") {
203 $status = "enabled";
204 } else {
205 $status = "disabled";
e0639d80 206 }
24d7c5ef
SS		 207
208 # Modify the status of the existing entry.
209 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
210
211 # Write the changed hash back to the config file.
212 &General::writehasharray($servers_file, \%dns_servers);
e0639d80 213 }
24d7c5ef
SS		 214
215## Remove entry from DNS servers list.
216#
217} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
218 my %dns_servers = ();
219
220 # Read-in configfile.
221 &General::readhasharray($servers_file, \%dns_servers);
222
223 # Drop entry from the hash.
224 delete($dns_servers{$cgiparams{'ID'}});
225
226 # Undef the given ID.
227 undef($cgiparams{'ID'});
228
229 # Write the changed hash to the config file.
230 &General::writehasharray($servers_file, \%dns_servers);
43140993
SS		 231
232## Handle request to check the servers.
233#
234} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
235 $check_servers = 1;
e0639d80
JPT		 236}
237
24d7c5ef
SS		 238# Hash to store the generic DNS settings.
239my %settings = ();
240
241# Read-in general DNS settings.
242&General::readhash("$settings_file", \%settings);
243
244# Hash which contains the configured DNS servers.
245my %dns_servers = ();
246
247# Read-in config file.
248&General::readhasharray("$servers_file", \%dns_servers);
249
250&Header::openpage($Lang::tr{'dns'}, 1, '');
251
252&Header::openbigbox('100%', 'left', '', $errormessage);
253
254###
255# Error messages layout.
256#
257if ($errormessage) {
258 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
259 print "<class name='base'>$errormessage\n";
260 print "&nbsp;</class>\n";
261 &Header::closebox();
e0639d80
JPT		 262}
263
24d7c5ef
SS		 264# Handle if a nameserver should be added or edited.
265if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
266 # Display the sub page.
267 &show_add_edit_nameserver();
268
269 # Close webpage.
270 &Header::closebigbox();
271 &Header::closepage();
272
273 # Finished here for the moment.
274 exit(0);
2e1432c4
JPT		 275}
276
24d7c5ef
SS		 277$cgiparams{'GENERAL'} = '';
278$cgiparams{'SERVERS'} = '';
279$cgiparams{'NAMESERVER'} = '';
280$cgiparams{'TLS_HOSTNAME'} = '';
281$cgiparams{'REMARK'} ='';
282
283$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
284$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
285$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
286
287$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
288$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
289$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
290
291$selected{'PROTO'}{'UDP'} = '';
292$selected{'PROTO'}{'TLS'} = '';
293$selected{'PROTO'}{'TCP'} = '';
294$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
295
296$selected{'QNAME_MIN'}{'standard'} = '';
297$selected{'QNAME_MIN'}{'strict'} = '';
298$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
299
300# Display nameserver and configuration sections.
301&show_nameservers();
302&show_general_dns_configuration();
303
304&Header::closebigbox();
305&Header::closepage();
306
307###
308# General DNS-Servers sektion.
309#
310sub show_general_dns_configuration () {
311 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
312
313 print <<END;
314 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
315 <table width="100%">
316 <tr>
317 <td width="33%">
318 $Lang::tr{'dns use isp assigned nameservers'}
319 </td>
320
321 <td>
322 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
323 </td>
324 </tr>
325
326 <tr>
327 <td colspan="2">
328 <br>
329 </td>
330 </tr>
331
332 <tr>
333 <td width="33%">
334 $Lang::tr{'dns use protocol for dns queries'}
335 </td>
336
337 <td>
338 <select name="PROTO">
339 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
340 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
341 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
342 </select>
343 </td>
344 </tr>
345
346 <tr>
347 <td colspan="2">
348 <br>
349 </td>
350 </tr>
351
352 <tr>
353 <td width="33%">
354 $Lang::tr{'dns enable safe-search'}
355 </td>
356
357 <td>
358 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
359 </td>
360 </tr>
361
362 <tr>
363 <td colspan="2">
364 <br>
365 </td>
366 </tr>
367
368 <tr>
369 <td width="33%">
370 $Lang::tr{'dns mode for qname minimisation'}
371 </td>
372
373 <td>
374 <select name="QNAME_MIN">
375 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
376 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
377 </select>
378 </td>
379 </tr>
380
381 <tr>
382 <td colspan="2" align="right">
383 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
384 </td>
385 </tr>
386 </table>
387 </form>
388END
389
e0639d80
JPT		 390 &Header::closebox();
391}
392
24d7c5ef
SS		 393###
394# Section to display the configured and used DNS servers.
395#
396sub show_nameservers () {
a969acc7 397 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
e0639d80 398
770ea81e
SS		 399 my $dns_status_string;
400 my $dns_status_col;
401
402 # Test if the DNS system is working.
403 #
404 # Simple send a request to unbound and check if it can resolve the
405 # DNS test server.
406 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
407
408 if ($dns_status_ret eq "2") {
409 $dns_status_string = "$Lang::tr{'working'}";
410 $dns_status_col = "${Header::colourgreen}";
411 } else {
412 $dns_status_string = "$Lang::tr{'broken'} status: $dns_status_ret";
413 $dns_status_col = "${Header::colourred}";
414 }
415
24d7c5ef 416print <<END;
770ea81e
SS		 417 <table width='100%'>
418 <tr>
419 <td>
420 <strong>$Lang::tr{'status'}:&nbsp;</strong>
421 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
422 </td>
423 </tr>
424 </table>
425
426 <br>
427
24d7c5ef
SS		 428 <table class="tbl" width='100%'>
429 <tr>
430 <td align="center">
431 <strong>$Lang::tr{'nameserver'}</strong>
432 </td>
433
434 <td align="center">
435 <strong>$Lang::tr{'country'}</strong>
436 </td>
437
438 <td align="center">
439 <strong>$Lang::tr{'rdns'}</strong>
440 </td>
441
442 <td align="center">
443 <strong>$Lang::tr{'remark'}</strong>
444 </td>
43140993
SS		 445END
446 # Check if the status should be displayed.
447 if ($check_servers) {
448print <<END
24d7c5ef
SS		 449 <td align="center">
450 <strong>$Lang::tr{'status'}</strong>
451 </td>
43140993
SS		 452END
453;
454 }
455
456print <<END
e0639d80 457
24d7c5ef
SS		 458 <td align="center" colspan="3">
459 <strong>$Lang::tr{'action'}</strong>
460 </td>
461 </tr>
830f6177 462END
43140993 463;
24d7c5ef
SS		 464
465 # Check the usage of ISP assigned nameservers is enabled.
77c7a94c
MT		 466 my $id = 1;
467
468 # Loop through the array which stores the files.
469 foreach my $file (@ISP_nameserver_files) {
470 # Grab the address of the nameserver.
471 my $address = &grab_address_from_file($file);
472
473 # Check if we got an address.
474 if ($address) {
475 # Add the address to the hash of nameservers.
476 $dns_servers{$id} = [ "$address", "none",
477 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
478 "$Lang::tr{'dns isp assigned nameserver'}" ];
479
480 # Increase id by one.
481 $id++;
24d7c5ef
SS		 482 }
483 }
484
485 # Check some DNS servers have been configured. In this case
486 # the hash contains at least one key.
487 my $server_amount;
488 if (keys %dns_servers) {
489 # Sort the keys by their ID and store them in an array.
490 my @keys = sort { $a <=> $b } keys %dns_servers;
491
492 # Loop through all entries of the array/hash.
493 foreach my $id (@keys) {
494 # Inrease server_amount.
495 $server_amount++;
496
497 # Assign data array positions to some nice variable names.
498 my $nameserver = $dns_servers{$id}[0];
499 my $tls_hostname = $dns_servers{$id}[1];
500 my $enabled = $dns_servers{$id}[2];
501 my $remark = $dns_servers{$id}[3];
502
503 my $col = '';
504 my $toggle = '';
505 my $gif = '';
506 my $gdesc = '';
507 my $notice = "";
508
509 # Colorize columns.
510 if ($server_amount % 2) {
511 $col="bgcolor='$color{'color22'}'"; }
512 else {
513 $col="bgcolor='$color{'color20'}'";
514 }
515
516 if ($enabled eq 'enabled') {
517 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
518 } else {
519 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
520 }
521
522 my $status;
523 my $status_short;
524 my $status_message;
525 my $status_colour;
526
527 # Only grab the status if the nameserver is enabled.
43140993 528 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 529 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
530 }
531
532 if (!$status) {
533 $status_short = "$Lang::tr{'disabled'}";
534
535 # DNSSEC Not supported
536 } elsif ($status eq 0) {
537 $status_short = "$Lang::tr{'broken'}";
538 $status_message = $Lang::tr{'dnssec not supported'};
539 $status_colour = ${Header::colourred};
540
541 # DNSSEC Aware
542 } elsif ($status eq 1) {
543 $status_short = "$Lang::tr{'not validating'}";
544 $status_message = $Lang::tr{'dnssec aware'};
545 $status_colour = ${Header::colourblack};
546
547 # DNSSEC Validating
548 } elsif ($status eq 2) {
549 $status_short = "$Lang::tr{'ok'}";
550 $status_message = $Lang::tr{'dnssec validating'};
551 $status_colour = ${Header::colourgreen};
552
553 # Error
554 } else {
555 $status_short = "$Lang::tr{'error'}";
556 $status_message = $status;
557 $status_colour = ${Header::colourred};
558 }
559
560 # collect more information about name server (rDNS, GeoIP country code)
561 my $ccode = &GeoIP::lookup($nameserver);
562 my $flag_icon = &GeoIP::get_flag_icon($ccode);
563
25dda4a0
SS		 564 my $rdns;
565
566 # Only do the reverse lookup if the system is online.
f36855fe 567 if (&red_is_active()) {
25dda4a0
SS		 568 my $iaddr = inet_aton($nameserver);
569 $rdns = gethostbyaddr($iaddr, AF_INET);
570 }
24d7c5ef
SS		 571
572 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
573
77c7a94c
MT		 574 # Mark ISP name servers as disabled
575 if ($id <= 2 && $enabled eq "disabled") {
576 $nameserver = "<del>$nameserver</del>";
577 }
578
24d7c5ef
SS		 579print <<END;
580 <tr>
581 <td align="center" $col>
582 $nameserver
583 </td>
584
585 <td align="center" $col>
586 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
587 </td>
588
589 <td align="center" $col>
590 $rdns
591 </td>
592
593 <td align="center" $col>
594 $remark
595 </td>
830f6177 596END
24d7c5ef 597;
43140993
SS		 598 # Display server status if requested.
599 if ($check_servers) {
600print <<END
601 <td align="center" $col>
602 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
603 </td>
604END
605;
606 }
607
24d7c5ef
SS		 608 # Check if the id is greater than "2".
609 #
610 # Nameservers with an ID's of one or two are ISP assigned,
611 # and we cannot perform any actions on them, so hide the tools for
612 # them.
613 if ($id gt "2") {
614
615print <<END;
616 <td align='center' width='5%' $col>
617 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
618 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
619 <input type='hidden' name='ID' value='$id' />
620 <input type='hidden' name='ENABLE' value='$toggle' />
621 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
622 </form>
623 </td>
624
625 <td align='center' width='5%' $col>
626 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
627 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
628 <input type='hidden' name='ID' value='$id' />
629 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
630 </form>
631 </td>
632
633 <td align='center' width='5%' $col>
634 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
635 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
636 <input type='hidden' name='ID' value='$id' />
637 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
638 </form>
639 </td>
830f6177 640END
24d7c5ef
SS		 641;
642 } else {
643 print "<td colspan='3' $col>&nbsp;</td>\n";
644 }
645
646
647 print"</tr>\n";
648
649 }
650
651 print"</table>\n";
652
653 print"<table width='100%'>\n";
654
655 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
656 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
657print <<END;
658 <tr>
659 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
660 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
661 <td class='base'>$Lang::tr{'click to disable'}</td>
662 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
663 <td class='base'>$Lang::tr{'click to enable'}</td>
664 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
665 <td class='base'>$Lang::tr{'edit'}</td>
666 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
667 <td class='base'>$Lang::tr{'remove'}</td>
668 </tr>
830f6177 669END
24d7c5ef
SS		 670;
671 }
672print <<END;
673 <tr>
674 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 675 <td colspan="9" align="right">
676 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
677 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
678 </td>
24d7c5ef
SS		 679 </form>
680 </tr>
681 </table>
830f6177 682END
24d7c5ef
SS		 683;
684
685 } else {
686print <<END;
687 <table width="100%">
688 <tr>
689 <td colspan="6" align="center">
690 <br>$Lang::tr{'guardian no entries'}<br>
691 </td>
692 </tr>
693
694 <tr>
695 <form method="post" action="$ENV{'SCRIPT_NAME'}">
696 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
697 </form>
698 </tr>
699 </table>
700
830f6177 701END
24d7c5ef
SS		 702;
703 }
704
705 &Header::closebox();
830f6177 706}
24d7c5ef
SS		 707
708###
709# Section to display the add or edit subpage.
710#
711sub show_add_edit_nameserver() {
712 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
713
714 my $buttontext = $Lang::tr{'save'};
715 my $dnssec_checked;
716 my $dot_checked;
717 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
718 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
719
720 # Update button text for upate the existing entry.
721 $buttontext = $Lang::tr{'update'};
722
723 # Add hidden input for sending ID.
724 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
725
726 # Check if an ID has been given.
727 if ($cgiparams{'ID'}) {
728 # Assign cgiparams values.
729 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
730 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
731 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
732 }
733 } else {
734 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
735 }
736
f10fb4bf
SS		 737 my $tls_required_image;
738
739 # If the protocol is TLS, dispaly the required image.
740 if ($settings{'PROTO'} eq "TLS") {
741 $tls_required_image = "<img src='/blob.gif' alt='*'>";
742 }
743
24d7c5ef
SS		 744 # Add hidden input to store the mode.
745 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
746
747print <<END
748 <table width='100%'>
749 <tr>
750 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
751 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
752 </tr>
f10fb4bf
SS		 753
754
24d7c5ef 755 <tr>
f10fb4bf 756 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 757 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
758 </tr>
24d7c5ef 759
e0639d80 760
24d7c5ef
SS		 761 <tr>
762 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
763 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
764 </tr>
765 </table>
766
767 <br>
768 <hr>
769
770 <table width='100%'>
771 <tr>
772 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
773 <td width='40%' align='right'>
774 <input type="submit" name="SERVERS" value="$buttontext">
775 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
776 </td>
777 </tr>
778 </table>
e0639d80
JPT		 779END
780;
781
24d7c5ef
SS		 782 &Header::closebox();
783 print "</form>\n";
e0639d80 784
24d7c5ef
SS		 785 &Header::closebox();
786}
e0639d80 787
f36855fe
SS		 788# Check if the system is online (RED is connected).
789sub red_is_active () {
790 # Check if the "active" file is present.
791 if ( -f "${General::swroot}/red/active") {
792 # Return "1" - True.
793 return 1;
794 } else {
795 # Return nothing - False.
796 return;
797 }
798}
799
24d7c5ef
SS		 800# Tiny function to grab an IP-address of a given file.
801sub grab_address_from_file($) {
802 my ($file) = @_;
e0639d80 803
24d7c5ef
SS		 804 my $address;
805
806 # Check if the given file exists.
807 if(-f $file) {
808 # Open the file for reading.
809 open(FILE, $file) or die "Could not read from $file. $!\n";
810
811 # Read the address from the file.
812 $address = <FILE>;
e0639d80 813
24d7c5ef
SS		 814 # Close filehandle.
815 close(FILE);
816
817 # Remove newlines.
818 chomp($address);
819
820 # Check if the obtained address is valid.
821 if (&General::validip($address)) {
822 # Return the address.
823 return $address;
824 }
825 }
826
827 # Return nothing.
828 return;
829}
830
831# Function to check a given nameserver against propper work.
832sub check_nameserver($$$$) {
833 my ($nameserver, $record, $proto, $tls_hostname) = @_;
834
70187da6
SS		 835 # Check if the system is online.
836 unless (&red_is_active()) {
837 return "$Lang::tr{'system is offline'}";
838 }
839
24d7c5ef 840 # Default values.
dab1258a 841 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
3bf804e8 842 "+bufsize=1232");
24d7c5ef
SS		 843
844 # Handle different protols.
845 if ($proto eq "TCP") {
846 # Add TCP switch to the command.
847 push(@command, "+tcp");
848
849 } elsif($proto eq "TLS") {
850 # Add TLS switch to the command and provide the
851 # path to our file which contains the ca certs.
852 push(@command, "+tls-ca=$ca_certs_file");
853
854 # Check if a TLS hostname has been provided.
855 if ($tls_hostname) {
856 # Add TLS hostname to the command.
857 push(@command, "+tls-hostname=$tls_hostname");
858 } else {
859 return "$Lang::tr{'dns no tls hostname given'}";
860 }
861 }
862
863 # Add record to the command array.
864 push(@command, "$record");
865
866 # Add nameserver to the command array.
867 push(@command, "\@$nameserver");
868
869 # Connect to STDOUT and STDERR.
870 push(@command, "2>&1");
871
872 my @output = qx(@command);
873 my $output = join("", @output);
874
875 my $status = 0;
24d7c5ef
SS		 876
877 if ($output =~ m/status: (\w+)/) {
878 $status = ($1 eq "NOERROR");
879
880 if (!$status) {
881 return -1;
882 }
984f14bd
MT		 883 } else {
884 my $warning;
885
886 while ($output =~ m/WARNING: (.*)/g) {
887 # Add the current grabbed warning to the warning string.
888 $warning .= "$1\; ";
889 }
890
891 # Return the warning string, if we grabbed at least one.
892 if ($warning) {
893 return $warning;
894 }
24d7c5ef
SS		 895 }
896
897 my @flags = ();
898 if ($output =~ m/Flags: (.*);/) {
899 @flags = split(/ /, $1);
900 }
901
902 my $aware = ($output =~ m/RRSIG/);
71471d9b 903 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 904
905 return $aware + $validating;
906}
IPFire 2.x development tree