]>
Commit | Line | Data |
---|---|---|
e0639d80 JPT |
1 | #!/usr/bin/perl |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
cd7a9011 | 5 | # Copyright (C) 2005-2024 IPFire Team <info@ipfire.org> # |
e0639d80 JPT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | use strict; | |
24d7c5ef | 23 | use IO::Socket; |
cd7a9011 | 24 | use Encode; |
e0639d80 JPT |
25 | |
26 | # enable only the following on debugging purpose | |
27 | #use warnings; | |
28 | #use CGI::Carp 'fatalsToBrowser'; | |
29 | ||
30 | require '/var/ipfire/general-functions.pl'; | |
4346cb66 | 31 | require "${General::swroot}/location-functions.pl"; |
8fbb12f1 | 32 | require "${General::swroot}/ids-functions.pl"; |
e0639d80 JPT |
33 | require "${General::swroot}/lang.pl"; |
34 | require "${General::swroot}/header.pl"; | |
35 | ||
24d7c5ef SS |
36 | #workaround to suppress a warning when a variable is used only once |
37 | my @dummy = ( ${Header::colouryellow} ); | |
38 | undef (@dummy); | |
39 | ||
40 | my %cgiparams=(); | |
41 | my %checked=(); | |
42 | my %selected=(); | |
e0639d80 JPT |
43 | my $errormessage = ''; |
44 | ||
24d7c5ef SS |
45 | # Config file which stores the DNS settings. |
46 | my $settings_file = "${General::swroot}/dns/settings"; | |
47 | ||
48 | # File which stores the configured DNS-Servers. | |
49 | my $servers_file = "${General::swroot}/dns/servers"; | |
50 | ||
51 | # Create files if the does not exist. | |
8a1e6afe MT |
52 | unless (-f $settings_file) { &General::system("touch", "$settings_file") }; |
53 | unless (-f $servers_file) { &General::system("touch", "$servers_file") }; | |
24d7c5ef SS |
54 | |
55 | # File which stores the ISP assigned DNS servers. | |
1434fa0d | 56 | my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" ); |
24d7c5ef SS |
57 | |
58 | # File which contains the ca-certificates. | |
59 | my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt"; | |
60 | ||
770ea81e SS |
61 | # Server which is used, to determine if the whole DNS system works properly. |
62 | my $dns_test_server = "ping.ipfire.org"; | |
63 | ||
43140993 SS |
64 | my $check_servers; |
65 | ||
24d7c5ef SS |
66 | my %color = (); |
67 | my %mainsettings = (); | |
68 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
8186b372 | 69 | &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color); |
24d7c5ef | 70 | |
e0639d80 | 71 | &Header::showhttpheaders(); |
24d7c5ef | 72 | &Header::getcgihash(\%cgiparams); |
e0639d80 | 73 | |
24d7c5ef SS |
74 | ## |
75 | # Save general settings. | |
76 | # | |
77 | if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) { | |
78 | # Prevent form name from been stored in conf file. | |
79 | delete $cgiparams{'GENERAL'}; | |
e0639d80 | 80 | |
24d7c5ef SS |
81 | # Add value for non-checked checkbox. |
82 | if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") { | |
83 | $cgiparams{'USE_ISP_NAMESERVERS'} = "off"; | |
84 | } | |
e0639d80 | 85 | |
24d7c5ef SS |
86 | # Add value for non-checked checkbox. |
87 | if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") { | |
88 | $cgiparams{'ENABLE_SAFE_SEARCH'} = "off"; | |
89 | } | |
e0639d80 | 90 | |
65ef52a3 MT |
91 | if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") { |
92 | $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off"; | |
93 | } | |
94 | ||
39a6219f SS |
95 | # Check if using ISP nameservers and TLS is enabled at the same time. |
96 | if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) { | |
97 | $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'} | |
98 | } | |
99 | ||
100 | # Check if there was an error. | |
101 | if ( ! $errormessage) { | |
719db1cd | 102 | |
39a6219f SS |
103 | # Store settings into settings file. |
104 | &General::writehash("$settings_file", \%cgiparams); | |
105 | ||
106 | # Call function to handle unbound restart, etc. | |
107 | &_handle_unbound_and_more() | |
108 | } | |
24d7c5ef SS |
109 | } |
110 | ||
111 | ### | |
112 | # Add / Edit entries. | |
113 | # | |
114 | if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) { | |
115 | # Hash to store the generic DNS settings. | |
116 | my %settings = (); | |
117 | ||
118 | # Read-in generic settings. | |
119 | &General::readhash("$settings_file", \%settings); | |
e0639d80 | 120 | |
038f962e SS |
121 | # Check if an IP-address has been given. |
122 | if ($cgiparams{"NAMESERVER"} eq "") { | |
123 | $errormessage = "$Lang::tr{'dns no address given'}"; | |
124 | } | |
125 | ||
24d7c5ef | 126 | # Check if the given DNS server is valid. |
038f962e | 127 | elsif(!&General::validip($cgiparams{"NAMESERVER"})) { |
24d7c5ef SS |
128 | $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}"; |
129 | } | |
130 | ||
131 | # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified. | |
132 | elsif($settings{'PROTO'} eq "TLS") { | |
133 | unless($cgiparams{"TLS_HOSTNAME"}) { | |
134 | $errormessage = "$Lang::tr{'dns no tls hostname given'}"; | |
135 | } else { | |
136 | # Check if the provided domain is valid. | |
137 | unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) { | |
138 | $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}"; | |
139 | } | |
e0639d80 | 140 | } |
24d7c5ef SS |
141 | } |
142 | ||
24d7c5ef SS |
143 | # Go further if there was no error. |
144 | if ( ! $errormessage) { | |
5a7342fc | 145 | # Check if a remark has been entered. |
716b8fb5 AB |
146 | |
147 | # decode the UTF-8 text so that characters with diacritical marks such as | |
148 | # umlauts are treated correctly by the following cleanhtml command | |
149 | $cgiparams{'REMARK'} = decode("UTF-8", $cgiparams{'REMARK'}); | |
150 | ||
151 | # run the REMARK text through cleanhtml to ensure all unsafe html characters | |
152 | # are correctly encoded to their html entities | |
5a7342fc | 153 | $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); |
24d7c5ef | 154 | |
cd7a9011 AB |
155 | # encode the text back to UTF-8 after running the cleanhtml command |
156 | $cgiparams{'REMARK'} = encode("UTF-8", $cgiparams{'REMARK'}); | |
ee9b7365 | 157 | |
24d7c5ef SS |
158 | my %dns_servers = (); |
159 | my $id; | |
160 | my $status; | |
161 | ||
162 | # Read-in configfile. | |
163 | &General::readhasharray($servers_file, \%dns_servers); | |
164 | ||
165 | # Check if we should edit an existing entry and got an ID. | |
166 | if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) { | |
167 | # Assin the provided id. | |
168 | $id = $cgiparams{'ID'}; | |
169 | ||
170 | # Undef the given ID. | |
171 | undef($cgiparams{'ID'}); | |
172 | ||
173 | # Grab the configured status of the corresponding entry. | |
174 | $status = $dns_servers{$id}[2]; | |
175 | } else { | |
176 | # Each newly added entry automatically should be enabled. | |
177 | $status = "enabled"; | |
178 | ||
179 | # Generate the ID for the new entry. | |
180 | # | |
181 | # Sort the keys by their ID and store them in an array. | |
182 | my @keys = sort { $a <=> $b } keys %dns_servers; | |
183 | ||
184 | # Reverse the key array. | |
185 | my @reversed = reverse(@keys); | |
186 | ||
187 | # Obtain the last used id. | |
188 | my $last_id = @reversed[0]; | |
189 | ||
190 | # Increase the last id by one and use it as id for the new entry. | |
191 | $id = ++$last_id; | |
192 | ||
193 | # The first allowed id is 3 to keep space for | |
194 | # possible ISP assigned DNS servers. | |
611587cf | 195 | if ($id <= "2") { |
24d7c5ef SS |
196 | $id = "3"; |
197 | } | |
e0639d80 | 198 | } |
24d7c5ef SS |
199 | |
200 | # Add/Modify the entry to/in the dns_servers hash. | |
201 | $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"]; | |
202 | ||
203 | # Write the changed hash to the config file. | |
204 | &General::writehasharray($servers_file, \%dns_servers); | |
719db1cd SS |
205 | |
206 | # Call function to handle unbound restart, etc. | |
207 | &_handle_unbound_and_more(); | |
24d7c5ef SS |
208 | } else { |
209 | # Switch back to previous mode. | |
210 | $cgiparams{'SERVERS'} = $cgiparams{'MODE'}; | |
211 | } | |
212 | ### | |
213 | # Toggle enable / disable. | |
214 | # | |
215 | } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) { | |
216 | my %dns_servers = (); | |
217 | ||
218 | # Only go further, if an ID has been passed. | |
219 | if ($cgiparams{'ID'}) { | |
220 | # Assign the given ID. | |
221 | my $id = $cgiparams{'ID'}; | |
222 | ||
223 | # Undef the given ID. | |
224 | undef($cgiparams{'ID'}); | |
225 | ||
226 | # Read-in configfile. | |
227 | &General::readhasharray($servers_file, \%dns_servers); | |
228 | ||
229 | # Grab the configured status of the corresponding entry. | |
230 | my $status = $dns_servers{$id}[2]; | |
231 | ||
232 | # Switch the status. | |
233 | if ($status eq "disabled") { | |
234 | $status = "enabled"; | |
235 | } else { | |
236 | $status = "disabled"; | |
e0639d80 | 237 | } |
24d7c5ef SS |
238 | |
239 | # Modify the status of the existing entry. | |
240 | $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"]; | |
241 | ||
242 | # Write the changed hash back to the config file. | |
243 | &General::writehasharray($servers_file, \%dns_servers); | |
8f4bde65 SS |
244 | |
245 | # Call function to handle unbound restart, etc. | |
246 | &_handle_unbound_and_more(); | |
e0639d80 | 247 | } |
24d7c5ef SS |
248 | |
249 | ## Remove entry from DNS servers list. | |
250 | # | |
251 | } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) { | |
252 | my %dns_servers = (); | |
253 | ||
254 | # Read-in configfile. | |
255 | &General::readhasharray($servers_file, \%dns_servers); | |
256 | ||
257 | # Drop entry from the hash. | |
258 | delete($dns_servers{$cgiparams{'ID'}}); | |
259 | ||
260 | # Undef the given ID. | |
261 | undef($cgiparams{'ID'}); | |
262 | ||
263 | # Write the changed hash to the config file. | |
264 | &General::writehasharray($servers_file, \%dns_servers); | |
43140993 | 265 | |
8f4bde65 SS |
266 | # Call function to handle unbound restart, etc. |
267 | &_handle_unbound_and_more(); | |
268 | ||
43140993 SS |
269 | ## Handle request to check the servers. |
270 | # | |
271 | } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) { | |
272 | $check_servers = 1; | |
e0639d80 JPT |
273 | } |
274 | ||
24d7c5ef SS |
275 | # Hash to store the generic DNS settings. |
276 | my %settings = (); | |
65ef52a3 | 277 | $settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on"; |
24d7c5ef SS |
278 | |
279 | # Read-in general DNS settings. | |
280 | &General::readhash("$settings_file", \%settings); | |
281 | ||
282 | # Hash which contains the configured DNS servers. | |
283 | my %dns_servers = (); | |
284 | ||
285 | # Read-in config file. | |
286 | &General::readhasharray("$servers_file", \%dns_servers); | |
287 | ||
743808bb | 288 | &Header::openpage($Lang::tr{'dns title'}, 1, ''); |
24d7c5ef SS |
289 | |
290 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
291 | ||
292 | ### | |
293 | # Error messages layout. | |
294 | # | |
295 | if ($errormessage) { | |
296 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); | |
297 | print "<class name='base'>$errormessage\n"; | |
298 | print " </class>\n"; | |
299 | &Header::closebox(); | |
e0639d80 JPT |
300 | } |
301 | ||
24d7c5ef SS |
302 | # Handle if a nameserver should be added or edited. |
303 | if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) { | |
304 | # Display the sub page. | |
305 | &show_add_edit_nameserver(); | |
306 | ||
307 | # Close webpage. | |
308 | &Header::closebigbox(); | |
309 | &Header::closepage(); | |
310 | ||
311 | # Finished here for the moment. | |
312 | exit(0); | |
2e1432c4 JPT |
313 | } |
314 | ||
24d7c5ef SS |
315 | $cgiparams{'GENERAL'} = ''; |
316 | $cgiparams{'SERVERS'} = ''; | |
317 | $cgiparams{'NAMESERVER'} = ''; | |
318 | $cgiparams{'TLS_HOSTNAME'} = ''; | |
319 | $cgiparams{'REMARK'} =''; | |
320 | ||
321 | $checked{'USE_ISP_NAMESERVERS'}{'off'} = ''; | |
322 | $checked{'USE_ISP_NAMESERVERS'}{'on'} = ''; | |
323 | $checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'"; | |
324 | ||
325 | $checked{'ENABLE_SAFE_SEARCH'}{'off'} = ''; | |
326 | $checked{'ENABLE_SAFE_SEARCH'}{'on'} = ''; | |
327 | $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'"; | |
328 | ||
65ef52a3 MT |
329 | $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = ''; |
330 | $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = ''; | |
331 | $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'"; | |
332 | ||
24d7c5ef SS |
333 | $selected{'PROTO'}{'UDP'} = ''; |
334 | $selected{'PROTO'}{'TLS'} = ''; | |
335 | $selected{'PROTO'}{'TCP'} = ''; | |
336 | $selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'"; | |
337 | ||
338 | $selected{'QNAME_MIN'}{'standard'} = ''; | |
339 | $selected{'QNAME_MIN'}{'strict'} = ''; | |
340 | $selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'"; | |
341 | ||
342 | # Display nameserver and configuration sections. | |
343 | &show_nameservers(); | |
344 | &show_general_dns_configuration(); | |
345 | ||
346 | &Header::closebigbox(); | |
347 | &Header::closepage(); | |
348 | ||
349 | ### | |
350 | # General DNS-Servers sektion. | |
351 | # | |
352 | sub show_general_dns_configuration () { | |
353 | &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}"); | |
354 | ||
355 | print <<END; | |
356 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
357 | <table width="100%"> | |
358 | <tr> | |
359 | <td width="33%"> | |
360 | $Lang::tr{'dns use isp assigned nameservers'} | |
361 | </td> | |
362 | ||
363 | <td> | |
364 | <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}> | |
365 | </td> | |
366 | </tr> | |
367 | ||
368 | <tr> | |
369 | <td colspan="2"> | |
370 | <br> | |
371 | </td> | |
372 | </tr> | |
373 | ||
374 | <tr> | |
375 | <td width="33%"> | |
376 | $Lang::tr{'dns use protocol for dns queries'} | |
377 | </td> | |
378 | ||
379 | <td> | |
380 | <select name="PROTO"> | |
381 | <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option> | |
382 | <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option> | |
383 | <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option> | |
384 | </select> | |
385 | </td> | |
386 | </tr> | |
387 | ||
388 | <tr> | |
389 | <td colspan="2"> | |
390 | <br> | |
391 | </td> | |
392 | </tr> | |
393 | ||
394 | <tr> | |
395 | <td width="33%"> | |
396 | $Lang::tr{'dns enable safe-search'} | |
397 | </td> | |
398 | ||
399 | <td> | |
400 | <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}> | |
401 | </td> | |
402 | </tr> | |
403 | ||
65ef52a3 MT |
404 | <tr> |
405 | <td width="33%"> | |
406 | » $Lang::tr{'dns enable safe-search youtube'} | |
407 | </td> | |
408 | ||
409 | <td> | |
410 | <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}> | |
411 | </td> | |
412 | </tr> | |
413 | ||
24d7c5ef SS |
414 | <tr> |
415 | <td colspan="2"> | |
416 | <br> | |
417 | </td> | |
418 | </tr> | |
419 | ||
420 | <tr> | |
421 | <td width="33%"> | |
422 | $Lang::tr{'dns mode for qname minimisation'} | |
423 | </td> | |
424 | ||
425 | <td> | |
426 | <select name="QNAME_MIN"> | |
427 | <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option> | |
428 | <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option> | |
429 | </select> | |
430 | </td> | |
431 | </tr> | |
432 | ||
433 | <tr> | |
434 | <td colspan="2" align="right"> | |
435 | <input type="submit" name="GENERAL" value="$Lang::tr{'save'}"> | |
436 | </td> | |
437 | </tr> | |
438 | </table> | |
439 | </form> | |
440 | END | |
441 | ||
e0639d80 JPT |
442 | &Header::closebox(); |
443 | } | |
444 | ||
24d7c5ef SS |
445 | ### |
446 | # Section to display the configured and used DNS servers. | |
447 | # | |
448 | sub show_nameservers () { | |
743808bb | 449 | &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}"); |
e0639d80 | 450 | |
351ad526 MT |
451 | # Determine if we are running in recursor mode |
452 | my $recursor = 0; | |
453 | my $unbound_forward = qx(unbound-control forward); | |
454 | if ($unbound_forward =~ m/^off/) { | |
455 | $recursor = 1; | |
456 | } | |
457 | ||
770ea81e SS |
458 | my $dns_status_string; |
459 | my $dns_status_col; | |
f03f3429 | 460 | my $dns_working; |
770ea81e | 461 | |
351ad526 | 462 | |
770ea81e SS |
463 | # Test if the DNS system is working. |
464 | # | |
465 | # Simple send a request to unbound and check if it can resolve the | |
466 | # DNS test server. | |
f2d2c697 | 467 | my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0"); |
770ea81e SS |
468 | |
469 | if ($dns_status_ret eq "2") { | |
470 | $dns_status_string = "$Lang::tr{'working'}"; | |
471 | $dns_status_col = "${Header::colourgreen}"; | |
f03f3429 | 472 | $dns_working = 1; |
770ea81e | 473 | } else { |
46cc88ed | 474 | $dns_status_string = "$Lang::tr{'broken'}"; |
770ea81e SS |
475 | $dns_status_col = "${Header::colourred}"; |
476 | } | |
477 | ||
351ad526 MT |
478 | if ($recursor) { |
479 | $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")"; | |
480 | } | |
481 | ||
18e97c76 | 482 | print <<END; |
770ea81e SS |
483 | <table width='100%'> |
484 | <tr> | |
485 | <td> | |
486 | <strong>$Lang::tr{'status'}: </strong> | |
487 | <strong><font color='$dns_status_col'>$dns_status_string</font></strong> | |
488 | </td> | |
489 | </tr> | |
490 | </table> | |
18e97c76 MT |
491 | END |
492 | ||
493 | # Check the usage of ISP assigned nameservers is enabled. | |
494 | my $id = 1; | |
770ea81e | 495 | |
18e97c76 MT |
496 | # Loop through the array which stores the files. |
497 | foreach my $file (@ISP_nameserver_files) { | |
498 | # Grab the address of the nameserver. | |
499 | my $address = &General::grab_address_from_file($file); | |
500 | ||
501 | # Check if we got an address. | |
502 | if ($address) { | |
503 | # Add the address to the hash of nameservers. | |
504 | $dns_servers{$id} = [ "$address", "none", | |
505 | ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled", | |
506 | "$Lang::tr{'dns isp assigned nameserver'}" ]; | |
507 | ||
508 | # Increase id by one. | |
509 | $id++; | |
510 | } | |
511 | } | |
512 | ||
513 | # Check some DNS servers have been configured. In this case | |
514 | # the hash contains at least one key. | |
515 | my $server_amount; | |
516 | if (keys %dns_servers) { | |
517 | # Sort the keys by their ID and store them in an array. | |
518 | my @keys = sort { $a <=> $b } keys %dns_servers; | |
519 | ||
520 | print <<END; | |
770ea81e SS |
521 | <br> |
522 | ||
24d7c5ef SS |
523 | <table class="tbl" width='100%'> |
524 | <tr> | |
525 | <td align="center"> | |
526 | <strong>$Lang::tr{'nameserver'}</strong> | |
527 | </td> | |
528 | ||
529 | <td align="center"> | |
530 | <strong>$Lang::tr{'country'}</strong> | |
531 | </td> | |
532 | ||
533 | <td align="center"> | |
534 | <strong>$Lang::tr{'rdns'}</strong> | |
535 | </td> | |
536 | ||
537 | <td align="center"> | |
538 | <strong>$Lang::tr{'remark'}</strong> | |
539 | </td> | |
43140993 | 540 | END |
18e97c76 MT |
541 | |
542 | # Check if the status should be displayed. | |
543 | if ($check_servers) { | |
544 | print <<END; | |
24d7c5ef SS |
545 | <td align="center"> |
546 | <strong>$Lang::tr{'status'}</strong> | |
547 | </td> | |
43140993 | 548 | END |
18e97c76 | 549 | } |
43140993 | 550 | |
18e97c76 | 551 | print <<END; |
e0639d80 | 552 | |
24d7c5ef SS |
553 | <td align="center" colspan="3"> |
554 | <strong>$Lang::tr{'action'}</strong> | |
555 | </td> | |
556 | </tr> | |
830f6177 | 557 | END |
24d7c5ef SS |
558 | |
559 | # Loop through all entries of the array/hash. | |
560 | foreach my $id (@keys) { | |
561 | # Inrease server_amount. | |
562 | $server_amount++; | |
563 | ||
564 | # Assign data array positions to some nice variable names. | |
565 | my $nameserver = $dns_servers{$id}[0]; | |
566 | my $tls_hostname = $dns_servers{$id}[1]; | |
567 | my $enabled = $dns_servers{$id}[2]; | |
568 | my $remark = $dns_servers{$id}[3]; | |
569 | ||
570 | my $col = ''; | |
571 | my $toggle = ''; | |
572 | my $gif = ''; | |
573 | my $gdesc = ''; | |
574 | my $notice = ""; | |
575 | ||
576 | # Colorize columns. | |
577 | if ($server_amount % 2) { | |
578 | $col="bgcolor='$color{'color22'}'"; } | |
579 | else { | |
580 | $col="bgcolor='$color{'color20'}'"; | |
581 | } | |
582 | ||
583 | if ($enabled eq 'enabled') { | |
584 | $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'}; | |
585 | } else { | |
586 | $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'}; | |
587 | } | |
588 | ||
589 | my $status; | |
590 | my $status_short; | |
591 | my $status_message; | |
592 | my $status_colour; | |
593 | ||
594 | # Only grab the status if the nameserver is enabled. | |
43140993 | 595 | if (($check_servers) && ($enabled eq "enabled")) { |
24d7c5ef SS |
596 | $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname"); |
597 | } | |
598 | ||
a25dcda2 | 599 | if (!defined $status) { |
24d7c5ef SS |
600 | $status_short = "$Lang::tr{'disabled'}"; |
601 | ||
602 | # DNSSEC Not supported | |
603 | } elsif ($status eq 0) { | |
604 | $status_short = "$Lang::tr{'broken'}"; | |
605 | $status_message = $Lang::tr{'dnssec not supported'}; | |
606 | $status_colour = ${Header::colourred}; | |
607 | ||
608 | # DNSSEC Aware | |
609 | } elsif ($status eq 1) { | |
610 | $status_short = "$Lang::tr{'not validating'}"; | |
611 | $status_message = $Lang::tr{'dnssec aware'}; | |
612 | $status_colour = ${Header::colourblack}; | |
613 | ||
614 | # DNSSEC Validating | |
615 | } elsif ($status eq 2) { | |
616 | $status_short = "$Lang::tr{'ok'}"; | |
617 | $status_message = $Lang::tr{'dnssec validating'}; | |
618 | $status_colour = ${Header::colourgreen}; | |
619 | ||
620 | # Error | |
621 | } else { | |
622 | $status_short = "$Lang::tr{'error'}"; | |
623 | $status_message = $status; | |
624 | $status_colour = ${Header::colourred}; | |
625 | } | |
626 | ||
4346cb66 | 627 | # collect more information about name server (rDNS, country code) |
07e42be9 | 628 | my $ccode = &Location::Functions::lookup_country_code($nameserver); |
4346cb66 | 629 | my $flag_icon = &Location::Functions::get_flag_icon($ccode); |
24d7c5ef | 630 | |
25dda4a0 SS |
631 | my $rdns; |
632 | ||
633 | # Only do the reverse lookup if the system is online. | |
f03f3429 | 634 | if ($dns_working) { |
25dda4a0 SS |
635 | my $iaddr = inet_aton($nameserver); |
636 | $rdns = gethostbyaddr($iaddr, AF_INET); | |
637 | } | |
24d7c5ef | 638 | |
358e42ff | 639 | if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; } |
24d7c5ef | 640 | |
77c7a94c MT |
641 | # Mark ISP name servers as disabled |
642 | if ($id <= 2 && $enabled eq "disabled") { | |
643 | $nameserver = "<del>$nameserver</del>"; | |
644 | } | |
645 | ||
24d7c5ef SS |
646 | print <<END; |
647 | <tr> | |
648 | <td align="center" $col> | |
649 | $nameserver | |
650 | </td> | |
651 | ||
652 | <td align="center" $col> | |
653 | <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a> | |
654 | </td> | |
655 | ||
656 | <td align="center" $col> | |
657 | $rdns | |
658 | </td> | |
659 | ||
660 | <td align="center" $col> | |
661 | $remark | |
662 | </td> | |
830f6177 | 663 | END |
24d7c5ef | 664 | ; |
43140993 SS |
665 | # Display server status if requested. |
666 | if ($check_servers) { | |
667 | print <<END | |
668 | <td align="center" $col> | |
669 | <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong> | |
670 | </td> | |
671 | END | |
672 | ; | |
673 | } | |
674 | ||
24d7c5ef SS |
675 | # Check if the id is greater than "2". |
676 | # | |
677 | # Nameservers with an ID's of one or two are ISP assigned, | |
678 | # and we cannot perform any actions on them, so hide the tools for | |
679 | # them. | |
19602b68 | 680 | if ($id > 2) { |
24d7c5ef SS |
681 | |
682 | print <<END; | |
683 | <td align='center' width='5%' $col> | |
684 | <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'> | |
685 | <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' /> | |
686 | <input type='hidden' name='ID' value='$id' /> | |
687 | <input type='hidden' name='ENABLE' value='$toggle' /> | |
688 | <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' /> | |
689 | </form> | |
690 | </td> | |
691 | ||
692 | <td align='center' width='5%' $col> | |
693 | <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'> | |
694 | <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' /> | |
695 | <input type='hidden' name='ID' value='$id' /> | |
696 | <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' /> | |
697 | </form> | |
698 | </td> | |
699 | ||
700 | <td align='center' width='5%' $col> | |
701 | <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'> | |
702 | <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' /> | |
703 | <input type='hidden' name='ID' value='$id' /> | |
704 | <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' /> | |
705 | </form> | |
706 | </td> | |
830f6177 | 707 | END |
24d7c5ef SS |
708 | ; |
709 | } else { | |
710 | print "<td colspan='3' $col> </td>\n"; | |
711 | } | |
712 | ||
713 | ||
714 | print"</tr>\n"; | |
715 | ||
716 | } | |
717 | ||
718 | print"</table>\n"; | |
719 | ||
720 | print"<table width='100%'>\n"; | |
721 | ||
722 | # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers. | |
19602b68 | 723 | if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) { |
24d7c5ef SS |
724 | print <<END; |
725 | <tr> | |
726 | <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> | |
727 | <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> | |
728 | <td class='base'>$Lang::tr{'click to disable'}</td> | |
729 | <td> <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td> | |
730 | <td class='base'>$Lang::tr{'click to enable'}</td> | |
731 | <td> <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td> | |
732 | <td class='base'>$Lang::tr{'edit'}</td> | |
733 | <td> <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td> | |
734 | <td class='base'>$Lang::tr{'remove'}</td> | |
735 | </tr> | |
830f6177 | 736 | END |
24d7c5ef SS |
737 | ; |
738 | } | |
739 | print <<END; | |
740 | <tr> | |
741 | <form method="post" action="$ENV{'SCRIPT_NAME'}"> | |
43140993 SS |
742 | <td colspan="9" align="right"> |
743 | <input type="submit" name="SERVERS" value="$Lang::tr{'add'}"> | |
744 | <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}"> | |
745 | </td> | |
24d7c5ef SS |
746 | </form> |
747 | </tr> | |
748 | </table> | |
830f6177 | 749 | END |
24d7c5ef | 750 | ; |
24d7c5ef | 751 | } else { |
351ad526 | 752 | print <<END; |
24d7c5ef | 753 | <table width="100%"> |
24d7c5ef SS |
754 | <tr> |
755 | <form method="post" action="$ENV{'SCRIPT_NAME'}"> | |
756 | <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td> | |
757 | </form> | |
758 | </tr> | |
759 | </table> | |
830f6177 | 760 | END |
24d7c5ef SS |
761 | } |
762 | ||
763 | &Header::closebox(); | |
830f6177 | 764 | } |
24d7c5ef SS |
765 | |
766 | ### | |
767 | # Section to display the add or edit subpage. | |
768 | # | |
769 | sub show_add_edit_nameserver() { | |
770 | print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; | |
771 | ||
772 | my $buttontext = $Lang::tr{'save'}; | |
773 | my $dnssec_checked; | |
774 | my $dot_checked; | |
775 | if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) { | |
776 | &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'}); | |
777 | ||
778 | # Update button text for upate the existing entry. | |
779 | $buttontext = $Lang::tr{'update'}; | |
780 | ||
781 | # Add hidden input for sending ID. | |
782 | print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n"; | |
783 | ||
784 | # Check if an ID has been given. | |
785 | if ($cgiparams{'ID'}) { | |
786 | # Assign cgiparams values. | |
787 | $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0]; | |
788 | $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1]; | |
789 | $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3]; | |
790 | } | |
791 | } else { | |
792 | &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'}); | |
793 | } | |
794 | ||
f10fb4bf SS |
795 | my $tls_required_image; |
796 | ||
797 | # If the protocol is TLS, dispaly the required image. | |
798 | if ($settings{'PROTO'} eq "TLS") { | |
799 | $tls_required_image = "<img src='/blob.gif' alt='*'>"; | |
800 | } | |
801 | ||
24d7c5ef SS |
802 | # Add hidden input to store the mode. |
803 | print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n"; | |
804 | ||
805 | print <<END | |
806 | <table width='100%'> | |
807 | <tr> | |
808 | <td width='20%' class='base'>$Lang::tr{'ip address'}: <img src='/blob.gif' alt='*' /></td> | |
809 | <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td> | |
810 | </tr> | |
f10fb4bf SS |
811 | |
812 | ||
24d7c5ef | 813 | <tr> |
f10fb4bf | 814 | <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}: $tls_required_image</td> |
24d7c5ef SS |
815 | <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td> |
816 | </tr> | |
24d7c5ef | 817 | |
e0639d80 | 818 | |
24d7c5ef SS |
819 | <tr> |
820 | <td width ='20%' class='base'>$Lang::tr{'remark'}:</td> | |
821 | <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td> | |
822 | </tr> | |
823 | </table> | |
824 | ||
825 | <br> | |
826 | <hr> | |
827 | ||
828 | <table width='100%'> | |
829 | <tr> | |
830 | <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' /> $Lang::tr{'required field'}</td> | |
831 | <td width='40%' align='right'> | |
832 | <input type="submit" name="SERVERS" value="$buttontext"> | |
833 | <input type="submit" name="SERVERS" value="$Lang::tr{'back'}"> | |
834 | </td> | |
835 | </tr> | |
836 | </table> | |
e0639d80 JPT |
837 | END |
838 | ; | |
839 | ||
24d7c5ef SS |
840 | &Header::closebox(); |
841 | print "</form>\n"; | |
e0639d80 | 842 | |
24d7c5ef SS |
843 | &Header::closebox(); |
844 | } | |
e0639d80 | 845 | |
719db1cd SS |
846 | # Private function to handle the restart of unbound and more. |
847 | sub _handle_unbound_and_more () { | |
8fbb12f1 SS |
848 | # Check if the IDS is running. |
849 | if(&IDS::ids_is_running()) { | |
850 | # Re-generate the file which contains the DNS Server | |
851 | # details. | |
852 | &IDS::generate_dns_servers_file(); | |
853 | ||
854 | # Call suricatactrl to perform a reload. | |
855 | &IDS::call_suricatactrl("restart"); | |
856 | } | |
80bed581 | 857 | # Restart unbound |
8a1e6afe | 858 | &General::system('/usr/local/bin/unboundctrl', 'reload'); |
719db1cd SS |
859 | } |
860 | ||
f36855fe SS |
861 | # Check if the system is online (RED is connected). |
862 | sub red_is_active () { | |
863 | # Check if the "active" file is present. | |
864 | if ( -f "${General::swroot}/red/active") { | |
865 | # Return "1" - True. | |
866 | return 1; | |
867 | } else { | |
868 | # Return nothing - False. | |
869 | return; | |
870 | } | |
871 | } | |
872 | ||
24d7c5ef | 873 | # Function to check a given nameserver against propper work. |
38f51465 MT |
874 | sub check_nameserver($$$$$) { |
875 | my ($nameserver, $record, $proto, $tls_hostname, @args) = @_; | |
24d7c5ef | 876 | |
70187da6 SS |
877 | # Check if the system is online. |
878 | unless (&red_is_active()) { | |
879 | return "$Lang::tr{'system is offline'}"; | |
880 | } | |
881 | ||
24d7c5ef | 882 | # Default values. |
3a5866ac | 883 | my @command = ("kdig", "+dnssec", |
38f51465 | 884 | "+bufsize=1232", @args); |
24d7c5ef SS |
885 | |
886 | # Handle different protols. | |
887 | if ($proto eq "TCP") { | |
888 | # Add TCP switch to the command. | |
889 | push(@command, "+tcp"); | |
890 | ||
891 | } elsif($proto eq "TLS") { | |
892 | # Add TLS switch to the command and provide the | |
893 | # path to our file which contains the ca certs. | |
894 | push(@command, "+tls-ca=$ca_certs_file"); | |
895 | ||
896 | # Check if a TLS hostname has been provided. | |
897 | if ($tls_hostname) { | |
898 | # Add TLS hostname to the command. | |
899 | push(@command, "+tls-hostname=$tls_hostname"); | |
900 | } else { | |
901 | return "$Lang::tr{'dns no tls hostname given'}"; | |
902 | } | |
903 | } | |
904 | ||
905 | # Add record to the command array. | |
906 | push(@command, "$record"); | |
907 | ||
908 | # Add nameserver to the command array. | |
909 | push(@command, "\@$nameserver"); | |
910 | ||
911 | # Connect to STDOUT and STDERR. | |
912 | push(@command, "2>&1"); | |
913 | ||
914 | my @output = qx(@command); | |
915 | my $output = join("", @output); | |
916 | ||
917 | my $status = 0; | |
24d7c5ef SS |
918 | |
919 | if ($output =~ m/status: (\w+)/) { | |
920 | $status = ($1 eq "NOERROR"); | |
921 | ||
922 | if (!$status) { | |
923 | return -1; | |
924 | } | |
984f14bd MT |
925 | } else { |
926 | my $warning; | |
927 | ||
928 | while ($output =~ m/WARNING: (.*)/g) { | |
929 | # Add the current grabbed warning to the warning string. | |
930 | $warning .= "$1\; "; | |
931 | } | |
932 | ||
933 | # Return the warning string, if we grabbed at least one. | |
934 | if ($warning) { | |
935 | return $warning; | |
936 | } | |
24d7c5ef SS |
937 | } |
938 | ||
939 | my @flags = (); | |
940 | if ($output =~ m/Flags: (.*);/) { | |
941 | @flags = split(/ /, $1); | |
942 | } | |
943 | ||
944 | my $aware = ($output =~ m/RRSIG/); | |
71471d9b | 945 | my $validating = (grep(/ad;/, @flags)); |
24d7c5ef SS |
946 | |
947 | return $aware + $validating; | |
948 | } |