]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
dns.cgi: Timeout after 2 seconds for DNS server checks
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
24d7c5ef 30require "${General::swroot}/geoip-functions.pl";
e0639d80
JPT		 31require "${General::swroot}/lang.pl";
32require "${General::swroot}/header.pl";
33
24d7c5ef
SS		 34#workaround to suppress a warning when a variable is used only once
35my @dummy = ( ${Header::colouryellow} );
36undef (@dummy);
37
38my %cgiparams=();
39my %checked=();
40my %selected=();
e0639d80
JPT		 41my $errormessage = '';
42
24d7c5ef
SS		 43# Config file which stores the DNS settings.
44my $settings_file = "${General::swroot}/dns/settings";
45
46# File which stores the configured DNS-Servers.
47my $servers_file = "${General::swroot}/dns/servers";
48
49# Create files if the does not exist.
50unless (-f $settings_file) { system("touch $settings_file") };
51unless (-f $servers_file) { system("touch $servers_file") };
52
53# File which stores the ISP assigned DNS servers.
1434fa0d 54my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 55
56# File which contains the ca-certificates.
57my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
58
59my %color = ();
60my %mainsettings = ();
61&General::readhash("${General::swroot}/main/settings", \%mainsettings);
62&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
63
e0639d80 64&Header::showhttpheaders();
24d7c5ef 65&Header::getcgihash(\%cgiparams);
e0639d80 66
24d7c5ef
SS		 67##
68# Save general settings.
69#
70if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
71 # Prevent form name from been stored in conf file.
72 delete $cgiparams{'GENERAL'};
e0639d80 73
24d7c5ef
SS		 74 # Add value for non-checked checkbox.
75 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
76 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
77 }
e0639d80 78
24d7c5ef
SS		 79 # Add value for non-checked checkbox.
80 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
81 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
82 }
e0639d80 83
24d7c5ef
SS		 84 # Store settings into settings file.
85 &General::writehash("$settings_file", \%cgiparams);
86}
87
88###
89# Add / Edit entries.
90#
91if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
92 # Hash to store the generic DNS settings.
93 my %settings = ();
94
95 # Read-in generic settings.
96 &General::readhash("$settings_file", \%settings);
e0639d80 97
24d7c5ef
SS		 98 # Check if the given DNS server is valid.
99 if(!&General::validip($cgiparams{"NAMESERVER"})) {
100 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
101 }
102
103 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
104 elsif($settings{'PROTO'} eq "TLS") {
105 unless($cgiparams{"TLS_HOSTNAME"}) {
106 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
107 } else {
108 # Check if the provided domain is valid.
109 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
110 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
111 }
e0639d80 112 }
24d7c5ef
SS		 113 }
114
115 # Check the nameserver.
116 my $status = &check_nameserver("$cgiparams{'NAMESERVER'}", "ping.ipfire.org", "$settings{'PROTO'}", "$cgiparams{'TLS_HOSTNAME'}");
117
118 # Assign errormessage, if the nameserver does not support dnssec or any other kind of error happened.
119 if ($status eq "0") {
120 $errormessage = "$Lang::tr{'dns could not add server'} $Lang::tr{'dnssec not supported'}";
121 } elsif (($status ne "1") && ($status ne "2")) {
122 $errormessage = "$Lang::tr{'dns could not add server'} $status";
123 }
124
125 # Go further if there was no error.
126 if ( ! $errormessage) {
127 # Check if a remark has been entered.
128 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
129
130 my %dns_servers = ();
131 my $id;
132 my $status;
133
134 # Read-in configfile.
135 &General::readhasharray($servers_file, \%dns_servers);
136
137 # Check if we should edit an existing entry and got an ID.
138 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
139 # Assin the provided id.
140 $id = $cgiparams{'ID'};
141
142 # Undef the given ID.
143 undef($cgiparams{'ID'});
144
145 # Grab the configured status of the corresponding entry.
146 $status = $dns_servers{$id}[2];
147 } else {
148 # Each newly added entry automatically should be enabled.
149 $status = "enabled";
150
151 # Generate the ID for the new entry.
152 #
153 # Sort the keys by their ID and store them in an array.
154 my @keys = sort { $a <=> $b } keys %dns_servers;
155
156 # Reverse the key array.
157 my @reversed = reverse(@keys);
158
159 # Obtain the last used id.
160 my $last_id = @reversed[0];
161
162 # Increase the last id by one and use it as id for the new entry.
163 $id = ++$last_id;
164
165 # The first allowed id is 3 to keep space for
166 # possible ISP assigned DNS servers.
167 if ($id le "2") {
168 $id = "3";
169 }
e0639d80 170 }
24d7c5ef
SS		 171
172 # Add/Modify the entry to/in the dns_servers hash.
173 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
174
175 # Write the changed hash to the config file.
176 &General::writehasharray($servers_file, \%dns_servers);
177 } else {
178 # Switch back to previous mode.
179 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
180 }
181###
182# Toggle enable / disable.
183#
184} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
185 my %dns_servers = ();
186
187 # Only go further, if an ID has been passed.
188 if ($cgiparams{'ID'}) {
189 # Assign the given ID.
190 my $id = $cgiparams{'ID'};
191
192 # Undef the given ID.
193 undef($cgiparams{'ID'});
194
195 # Read-in configfile.
196 &General::readhasharray($servers_file, \%dns_servers);
197
198 # Grab the configured status of the corresponding entry.
199 my $status = $dns_servers{$id}[2];
200
201 # Switch the status.
202 if ($status eq "disabled") {
203 $status = "enabled";
204 } else {
205 $status = "disabled";
e0639d80 206 }
24d7c5ef
SS		 207
208 # Modify the status of the existing entry.
209 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
210
211 # Write the changed hash back to the config file.
212 &General::writehasharray($servers_file, \%dns_servers);
e0639d80 213 }
24d7c5ef
SS		 214
215## Remove entry from DNS servers list.
216#
217} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
218 my %dns_servers = ();
219
220 # Read-in configfile.
221 &General::readhasharray($servers_file, \%dns_servers);
222
223 # Drop entry from the hash.
224 delete($dns_servers{$cgiparams{'ID'}});
225
226 # Undef the given ID.
227 undef($cgiparams{'ID'});
228
229 # Write the changed hash to the config file.
230 &General::writehasharray($servers_file, \%dns_servers);
e0639d80
JPT		 231}
232
24d7c5ef
SS		 233# Hash to store the generic DNS settings.
234my %settings = ();
235
236# Read-in general DNS settings.
237&General::readhash("$settings_file", \%settings);
238
239# Hash which contains the configured DNS servers.
240my %dns_servers = ();
241
242# Read-in config file.
243&General::readhasharray("$servers_file", \%dns_servers);
244
245&Header::openpage($Lang::tr{'dns'}, 1, '');
246
247&Header::openbigbox('100%', 'left', '', $errormessage);
248
249###
250# Error messages layout.
251#
252if ($errormessage) {
253 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
254 print "<class name='base'>$errormessage\n";
255 print "&nbsp;</class>\n";
256 &Header::closebox();
e0639d80
JPT		 257}
258
24d7c5ef
SS		 259# Handle if a nameserver should be added or edited.
260if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
261 # Display the sub page.
262 &show_add_edit_nameserver();
263
264 # Close webpage.
265 &Header::closebigbox();
266 &Header::closepage();
267
268 # Finished here for the moment.
269 exit(0);
2e1432c4
JPT		 270}
271
24d7c5ef
SS		 272$cgiparams{'GENERAL'} = '';
273$cgiparams{'SERVERS'} = '';
274$cgiparams{'NAMESERVER'} = '';
275$cgiparams{'TLS_HOSTNAME'} = '';
276$cgiparams{'REMARK'} ='';
277
278$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
279$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
280$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
281
282$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
283$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
284$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
285
286$selected{'PROTO'}{'UDP'} = '';
287$selected{'PROTO'}{'TLS'} = '';
288$selected{'PROTO'}{'TCP'} = '';
289$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
290
291$selected{'QNAME_MIN'}{'standard'} = '';
292$selected{'QNAME_MIN'}{'strict'} = '';
293$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
294
295# Display nameserver and configuration sections.
296&show_nameservers();
297&show_general_dns_configuration();
298
299&Header::closebigbox();
300&Header::closepage();
301
302###
303# General DNS-Servers sektion.
304#
305sub show_general_dns_configuration () {
306 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
307
308 print <<END;
309 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
310 <table width="100%">
311 <tr>
312 <td width="33%">
313 $Lang::tr{'dns use isp assigned nameservers'}
314 </td>
315
316 <td>
317 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
318 </td>
319 </tr>
320
321 <tr>
322 <td colspan="2">
323 <br>
324 </td>
325 </tr>
326
327 <tr>
328 <td width="33%">
329 $Lang::tr{'dns use protocol for dns queries'}
330 </td>
331
332 <td>
333 <select name="PROTO">
334 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
335 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
336 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
337 </select>
338 </td>
339 </tr>
340
341 <tr>
342 <td colspan="2">
343 <br>
344 </td>
345 </tr>
346
347 <tr>
348 <td width="33%">
349 $Lang::tr{'dns enable safe-search'}
350 </td>
351
352 <td>
353 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
354 </td>
355 </tr>
356
357 <tr>
358 <td colspan="2">
359 <br>
360 </td>
361 </tr>
362
363 <tr>
364 <td width="33%">
365 $Lang::tr{'dns mode for qname minimisation'}
366 </td>
367
368 <td>
369 <select name="QNAME_MIN">
370 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
371 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
372 </select>
373 </td>
374 </tr>
375
376 <tr>
377 <td colspan="2" align="right">
378 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
379 </td>
380 </tr>
381 </table>
382 </form>
383END
384
e0639d80
JPT		 385 &Header::closebox();
386}
387
24d7c5ef
SS		 388###
389# Section to display the configured and used DNS servers.
390#
391sub show_nameservers () {
392 &Header::openbox('100%', 'center', "DNS-Servers");
e0639d80 393
24d7c5ef
SS		 394print <<END;
395 <table class="tbl" width='100%'>
396 <tr>
397 <td align="center">
398 <strong>$Lang::tr{'nameserver'}</strong>
399 </td>
400
401 <td align="center">
402 <strong>$Lang::tr{'country'}</strong>
403 </td>
404
405 <td align="center">
406 <strong>$Lang::tr{'rdns'}</strong>
407 </td>
408
409 <td align="center">
410 <strong>$Lang::tr{'remark'}</strong>
411 </td>
412
413 <td align="center">
414 <strong>$Lang::tr{'status'}</strong>
415 </td>
e0639d80 416
24d7c5ef
SS		 417 <td align="center" colspan="3">
418 <strong>$Lang::tr{'action'}</strong>
419 </td>
420 </tr>
830f6177 421END
24d7c5ef
SS		 422
423 # Check the usage of ISP assigned nameservers is enabled.
424 if ($settings{'USE_ISP_NAMESERVERS'} eq "on") {
425 my $id="1";
426
427 # Loop through the array which stores the files.
428 foreach my $file (@ISP_nameserver_files) {
429 # Grab the address of the nameserver.
430 my $address = &grab_address_from_file($file);
431
432 # Check if we got an address.
433 if ($address) {
434 # Add the address to the hash of nameservers.
435 $dns_servers{$id} = [ "$address", "none", "enabled", "$Lang::tr{'dns isp assigned nameserver'}" ];
436
437 # Increase id by one.
438 $id++;
439 }
440 }
441 }
442
443 # Check some DNS servers have been configured. In this case
444 # the hash contains at least one key.
445 my $server_amount;
446 if (keys %dns_servers) {
447 # Sort the keys by their ID and store them in an array.
448 my @keys = sort { $a <=> $b } keys %dns_servers;
449
450 # Loop through all entries of the array/hash.
451 foreach my $id (@keys) {
452 # Inrease server_amount.
453 $server_amount++;
454
455 # Assign data array positions to some nice variable names.
456 my $nameserver = $dns_servers{$id}[0];
457 my $tls_hostname = $dns_servers{$id}[1];
458 my $enabled = $dns_servers{$id}[2];
459 my $remark = $dns_servers{$id}[3];
460
461 my $col = '';
462 my $toggle = '';
463 my $gif = '';
464 my $gdesc = '';
465 my $notice = "";
466
467 # Colorize columns.
468 if ($server_amount % 2) {
469 $col="bgcolor='$color{'color22'}'"; }
470 else {
471 $col="bgcolor='$color{'color20'}'";
472 }
473
474 if ($enabled eq 'enabled') {
475 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
476 } else {
477 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
478 }
479
480 my $status;
481 my $status_short;
482 my $status_message;
483 my $status_colour;
484
485 # Only grab the status if the nameserver is enabled.
486 if ($enabled eq "enabled") {
487 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
488 }
489
490 if (!$status) {
491 $status_short = "$Lang::tr{'disabled'}";
492
493 # DNSSEC Not supported
494 } elsif ($status eq 0) {
495 $status_short = "$Lang::tr{'broken'}";
496 $status_message = $Lang::tr{'dnssec not supported'};
497 $status_colour = ${Header::colourred};
498
499 # DNSSEC Aware
500 } elsif ($status eq 1) {
501 $status_short = "$Lang::tr{'not validating'}";
502 $status_message = $Lang::tr{'dnssec aware'};
503 $status_colour = ${Header::colourblack};
504
505 # DNSSEC Validating
506 } elsif ($status eq 2) {
507 $status_short = "$Lang::tr{'ok'}";
508 $status_message = $Lang::tr{'dnssec validating'};
509 $status_colour = ${Header::colourgreen};
510
511 # Error
512 } else {
513 $status_short = "$Lang::tr{'error'}";
514 $status_message = $status;
515 $status_colour = ${Header::colourred};
516 }
517
518 # collect more information about name server (rDNS, GeoIP country code)
519 my $ccode = &GeoIP::lookup($nameserver);
520 my $flag_icon = &GeoIP::get_flag_icon($ccode);
521
522 my $iaddr = inet_aton($nameserver);
523 my $rdns = gethostbyaddr($iaddr, AF_INET);
524
525 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
526
527print <<END;
528 <tr>
529 <td align="center" $col>
530 $nameserver
531 </td>
532
533 <td align="center" $col>
534 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
535 </td>
536
537 <td align="center" $col>
538 $rdns
539 </td>
540
541 <td align="center" $col>
542 $remark
543 </td>
544
545 <td align="center" $col>
546 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
547 </td>
830f6177 548END
24d7c5ef
SS		 549;
550 # Check if the id is greater than "2".
551 #
552 # Nameservers with an ID's of one or two are ISP assigned,
553 # and we cannot perform any actions on them, so hide the tools for
554 # them.
555 if ($id gt "2") {
556
557print <<END;
558 <td align='center' width='5%' $col>
559 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
560 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
561 <input type='hidden' name='ID' value='$id' />
562 <input type='hidden' name='ENABLE' value='$toggle' />
563 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
564 </form>
565 </td>
566
567 <td align='center' width='5%' $col>
568 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
569 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
570 <input type='hidden' name='ID' value='$id' />
571 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
572 </form>
573 </td>
574
575 <td align='center' width='5%' $col>
576 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
577 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
578 <input type='hidden' name='ID' value='$id' />
579 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
580 </form>
581 </td>
830f6177 582END
24d7c5ef
SS		 583;
584 } else {
585 print "<td colspan='3' $col>&nbsp;</td>\n";
586 }
587
588
589 print"</tr>\n";
590
591 }
592
593 print"</table>\n";
594
595 print"<table width='100%'>\n";
596
597 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
598 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
599print <<END;
600 <tr>
601 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
602 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
603 <td class='base'>$Lang::tr{'click to disable'}</td>
604 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
605 <td class='base'>$Lang::tr{'click to enable'}</td>
606 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
607 <td class='base'>$Lang::tr{'edit'}</td>
608 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
609 <td class='base'>$Lang::tr{'remove'}</td>
610 </tr>
830f6177 611END
24d7c5ef
SS		 612;
613 }
614print <<END;
615 <tr>
616 <form method="post" action="$ENV{'SCRIPT_NAME'}">
617 <td colspan="9" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
618 </form>
619 </tr>
620 </table>
830f6177 621END
24d7c5ef
SS		 622;
623
624 } else {
625print <<END;
626 <table width="100%">
627 <tr>
628 <td colspan="6" align="center">
629 <br>$Lang::tr{'guardian no entries'}<br>
630 </td>
631 </tr>
632
633 <tr>
634 <form method="post" action="$ENV{'SCRIPT_NAME'}">
635 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
636 </form>
637 </tr>
638 </table>
639
830f6177 640END
24d7c5ef
SS		 641;
642 }
643
644 &Header::closebox();
830f6177 645}
24d7c5ef
SS		 646
647###
648# Section to display the add or edit subpage.
649#
650sub show_add_edit_nameserver() {
651 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
652
653 my $buttontext = $Lang::tr{'save'};
654 my $dnssec_checked;
655 my $dot_checked;
656 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
657 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
658
659 # Update button text for upate the existing entry.
660 $buttontext = $Lang::tr{'update'};
661
662 # Add hidden input for sending ID.
663 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
664
665 # Check if an ID has been given.
666 if ($cgiparams{'ID'}) {
667 # Assign cgiparams values.
668 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
669 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
670 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
671 }
672 } else {
673 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
674 }
675
676 # Add hidden input to store the mode.
677 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
678
679print <<END
680 <table width='100%'>
681 <tr>
682 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
683 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
684 </tr>
830f6177
JPT		 685END
686;
24d7c5ef
SS		 687 # If the protocol is TLS, display the TLS hostname input.
688 if ($settings{'PROTO'} eq "TLS") {
830f6177 689print <<END
24d7c5ef
SS		 690 <tr>
691 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;<img src='/blob.gif' alt='*'></td>
692 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
693 </tr>
830f6177 694END
24d7c5ef
SS		 695;
696 }
697
698print <<END
e0639d80 699
24d7c5ef
SS		 700 <tr>
701 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
702 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
703 </tr>
704 </table>
705
706 <br>
707 <hr>
708
709 <table width='100%'>
710 <tr>
711 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
712 <td width='40%' align='right'>
713 <input type="submit" name="SERVERS" value="$buttontext">
714 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
715 </td>
716 </tr>
717 </table>
e0639d80
JPT		 718END
719;
720
24d7c5ef
SS		 721 &Header::closebox();
722 print "</form>\n";
e0639d80 723
24d7c5ef
SS		 724 &Header::closebox();
725}
e0639d80 726
24d7c5ef
SS		 727# Tiny function to grab an IP-address of a given file.
728sub grab_address_from_file($) {
729 my ($file) = @_;
e0639d80 730
24d7c5ef
SS		 731 my $address;
732
733 # Check if the given file exists.
734 if(-f $file) {
735 # Open the file for reading.
736 open(FILE, $file) or die "Could not read from $file. $!\n";
737
738 # Read the address from the file.
739 $address = <FILE>;
e0639d80 740
24d7c5ef
SS		 741 # Close filehandle.
742 close(FILE);
743
744 # Remove newlines.
745 chomp($address);
746
747 # Check if the obtained address is valid.
748 if (&General::validip($address)) {
749 # Return the address.
750 return $address;
751 }
752 }
753
754 # Return nothing.
755 return;
756}
757
758# Function to check a given nameserver against propper work.
759sub check_nameserver($$$$) {
760 my ($nameserver, $record, $proto, $tls_hostname) = @_;
761
24d7c5ef 762 # Default values.
dab1258a 763 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
3bf804e8 764 "+bufsize=1232");
24d7c5ef
SS		 765
766 # Handle different protols.
767 if ($proto eq "TCP") {
768 # Add TCP switch to the command.
769 push(@command, "+tcp");
770
771 } elsif($proto eq "TLS") {
772 # Add TLS switch to the command and provide the
773 # path to our file which contains the ca certs.
774 push(@command, "+tls-ca=$ca_certs_file");
775
776 # Check if a TLS hostname has been provided.
777 if ($tls_hostname) {
778 # Add TLS hostname to the command.
779 push(@command, "+tls-hostname=$tls_hostname");
780 } else {
781 return "$Lang::tr{'dns no tls hostname given'}";
782 }
783 }
784
785 # Add record to the command array.
786 push(@command, "$record");
787
788 # Add nameserver to the command array.
789 push(@command, "\@$nameserver");
790
791 # Connect to STDOUT and STDERR.
792 push(@command, "2>&1");
793
794 my @output = qx(@command);
795 my $output = join("", @output);
796
797 my $status = 0;
798 if ($output =~ m/WARNING: (.*)/) {
799 return $1;
800
801 }
802
803 if ($output =~ m/status: (\w+)/) {
804 $status = ($1 eq "NOERROR");
805
806 if (!$status) {
807 return -1;
808 }
809 }
810
811 my @flags = ();
812 if ($output =~ m/Flags: (.*);/) {
813 @flags = split(/ /, $1);
814 }
815
816 my $aware = ($output =~ m/RRSIG/);
817 my $validating = ("ad;" ~~ @flags);
818
819 return $aware + $validating;
820}
IPFire 2.x development tree