]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
usb-modeswitch: Update rootfile
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
24d7c5ef 5# Copyright (C) 2020 IPFire Development Team #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
e0639d80
JPT		 24
25# enable only the following on debugging purpose
26#use warnings;
27#use CGI::Carp 'fatalsToBrowser';
28
29require '/var/ipfire/general-functions.pl';
4346cb66 30require "${General::swroot}/location-functions.pl";
8fbb12f1 31require "${General::swroot}/ids-functions.pl";
e0639d80
JPT		 32require "${General::swroot}/lang.pl";
33require "${General::swroot}/header.pl";
34
24d7c5ef
SS		 35#workaround to suppress a warning when a variable is used only once
36my @dummy = ( ${Header::colouryellow} );
37undef (@dummy);
38
39my %cgiparams=();
40my %checked=();
41my %selected=();
e0639d80
JPT		 42my $errormessage = '';
43
24d7c5ef
SS		 44# Config file which stores the DNS settings.
45my $settings_file = "${General::swroot}/dns/settings";
46
47# File which stores the configured DNS-Servers.
48my $servers_file = "${General::swroot}/dns/servers";
49
50# Create files if the does not exist.
51unless (-f $settings_file) { system("touch $settings_file") };
52unless (-f $servers_file) { system("touch $servers_file") };
53
54# File which stores the ISP assigned DNS servers.
1434fa0d 55my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 56
57# File which contains the ca-certificates.
58my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
770ea81e
SS		 60# Server which is used, to determine if the whole DNS system works properly.
61my $dns_test_server = "ping.ipfire.org";
62
43140993
SS		 63my $check_servers;
64
24d7c5ef
SS		 65my %color = ();
66my %mainsettings = ();
67&General::readhash("${General::swroot}/main/settings", \%mainsettings);
68&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
69
e0639d80 70&Header::showhttpheaders();
24d7c5ef 71&Header::getcgihash(\%cgiparams);
e0639d80 72
24d7c5ef
SS		 73##
74# Save general settings.
75#
76if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
e0639d80 79
24d7c5ef
SS		 80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
e0639d80 84
24d7c5ef
SS		 85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
e0639d80 89
39a6219f
SS		 90 # Check if using ISP nameservers and TLS is enabled at the same time.
91 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
92 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
93 }
94
95 # Check if there was an error.
96 if ( ! $errormessage) {
719db1cd 97
39a6219f
SS		 98 # Store settings into settings file.
99 &General::writehash("$settings_file", \%cgiparams);
100
101 # Call function to handle unbound restart, etc.
102 &_handle_unbound_and_more()
103 }
24d7c5ef
SS		 104}
105
106###
107# Add / Edit entries.
108#
109if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
110 # Hash to store the generic DNS settings.
111 my %settings = ();
112
113 # Read-in generic settings.
114 &General::readhash("$settings_file", \%settings);
e0639d80 115
038f962e
SS		 116 # Check if an IP-address has been given.
117 if ($cgiparams{"NAMESERVER"} eq "") {
118 $errormessage = "$Lang::tr{'dns no address given'}";
119 }
120
24d7c5ef 121 # Check if the given DNS server is valid.
038f962e 122 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 123 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
124 }
125
126 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
127 elsif($settings{'PROTO'} eq "TLS") {
128 unless($cgiparams{"TLS_HOSTNAME"}) {
129 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
130 } else {
131 # Check if the provided domain is valid.
132 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
133 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
134 }
e0639d80 135 }
24d7c5ef
SS		 136 }
137
24d7c5ef
SS		 138 # Go further if there was no error.
139 if ( ! $errormessage) {
140 # Check if a remark has been entered.
141 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
142
143 my %dns_servers = ();
144 my $id;
145 my $status;
146
147 # Read-in configfile.
148 &General::readhasharray($servers_file, \%dns_servers);
149
150 # Check if we should edit an existing entry and got an ID.
151 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
152 # Assin the provided id.
153 $id = $cgiparams{'ID'};
154
155 # Undef the given ID.
156 undef($cgiparams{'ID'});
157
158 # Grab the configured status of the corresponding entry.
159 $status = $dns_servers{$id}[2];
160 } else {
161 # Each newly added entry automatically should be enabled.
162 $status = "enabled";
163
164 # Generate the ID for the new entry.
165 #
166 # Sort the keys by their ID and store them in an array.
167 my @keys = sort { $a <=> $b } keys %dns_servers;
168
169 # Reverse the key array.
170 my @reversed = reverse(@keys);
171
172 # Obtain the last used id.
173 my $last_id = @reversed[0];
174
175 # Increase the last id by one and use it as id for the new entry.
176 $id = ++$last_id;
177
178 # The first allowed id is 3 to keep space for
179 # possible ISP assigned DNS servers.
611587cf 180 if ($id <= "2") {
24d7c5ef
SS		 181 $id = "3";
182 }
e0639d80 183 }
24d7c5ef
SS		 184
185 # Add/Modify the entry to/in the dns_servers hash.
186 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
187
188 # Write the changed hash to the config file.
189 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 190
191 # Call function to handle unbound restart, etc.
192 &_handle_unbound_and_more();
24d7c5ef
SS		 193 } else {
194 # Switch back to previous mode.
195 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
196 }
197###
198# Toggle enable / disable.
199#
200} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
201 my %dns_servers = ();
202
203 # Only go further, if an ID has been passed.
204 if ($cgiparams{'ID'}) {
205 # Assign the given ID.
206 my $id = $cgiparams{'ID'};
207
208 # Undef the given ID.
209 undef($cgiparams{'ID'});
210
211 # Read-in configfile.
212 &General::readhasharray($servers_file, \%dns_servers);
213
214 # Grab the configured status of the corresponding entry.
215 my $status = $dns_servers{$id}[2];
216
217 # Switch the status.
218 if ($status eq "disabled") {
219 $status = "enabled";
220 } else {
221 $status = "disabled";
e0639d80 222 }
24d7c5ef
SS		 223
224 # Modify the status of the existing entry.
225 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
226
227 # Write the changed hash back to the config file.
228 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 229
230 # Call function to handle unbound restart, etc.
231 &_handle_unbound_and_more();
e0639d80 232 }
24d7c5ef
SS		 233
234## Remove entry from DNS servers list.
235#
236} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
237 my %dns_servers = ();
238
239 # Read-in configfile.
240 &General::readhasharray($servers_file, \%dns_servers);
241
242 # Drop entry from the hash.
243 delete($dns_servers{$cgiparams{'ID'}});
244
245 # Undef the given ID.
246 undef($cgiparams{'ID'});
247
248 # Write the changed hash to the config file.
249 &General::writehasharray($servers_file, \%dns_servers);
43140993 250
8f4bde65
SS		 251 # Call function to handle unbound restart, etc.
252 &_handle_unbound_and_more();
253
43140993
SS		 254## Handle request to check the servers.
255#
256} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
257 $check_servers = 1;
e0639d80
JPT		 258}
259
24d7c5ef
SS		 260# Hash to store the generic DNS settings.
261my %settings = ();
262
263# Read-in general DNS settings.
264&General::readhash("$settings_file", \%settings);
265
266# Hash which contains the configured DNS servers.
267my %dns_servers = ();
268
269# Read-in config file.
270&General::readhasharray("$servers_file", \%dns_servers);
271
4346cb66
SS		 272# Libloc database handle
273my $libloc_db_handle = &Location::Functions::init();
274
24d7c5ef
SS		 275&Header::openpage($Lang::tr{'dns'}, 1, '');
276
277&Header::openbigbox('100%', 'left', '', $errormessage);
278
279###
280# Error messages layout.
281#
282if ($errormessage) {
283 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
284 print "<class name='base'>$errormessage\n";
285 print "&nbsp;</class>\n";
286 &Header::closebox();
e0639d80
JPT		 287}
288
24d7c5ef
SS		 289# Handle if a nameserver should be added or edited.
290if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
291 # Display the sub page.
292 &show_add_edit_nameserver();
293
294 # Close webpage.
295 &Header::closebigbox();
296 &Header::closepage();
297
298 # Finished here for the moment.
299 exit(0);
2e1432c4
JPT		 300}
301
24d7c5ef
SS		 302$cgiparams{'GENERAL'} = '';
303$cgiparams{'SERVERS'} = '';
304$cgiparams{'NAMESERVER'} = '';
305$cgiparams{'TLS_HOSTNAME'} = '';
306$cgiparams{'REMARK'} ='';
307
308$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
309$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
310$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
311
312$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
313$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
314$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
315
316$selected{'PROTO'}{'UDP'} = '';
317$selected{'PROTO'}{'TLS'} = '';
318$selected{'PROTO'}{'TCP'} = '';
319$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
320
321$selected{'QNAME_MIN'}{'standard'} = '';
322$selected{'QNAME_MIN'}{'strict'} = '';
323$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
324
325# Display nameserver and configuration sections.
326&show_nameservers();
327&show_general_dns_configuration();
328
329&Header::closebigbox();
330&Header::closepage();
331
332###
333# General DNS-Servers sektion.
334#
335sub show_general_dns_configuration () {
336 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
337
338 print <<END;
339 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
340 <table width="100%">
341 <tr>
342 <td width="33%">
343 $Lang::tr{'dns use isp assigned nameservers'}
344 </td>
345
346 <td>
347 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
348 </td>
349 </tr>
350
351 <tr>
352 <td colspan="2">
353 <br>
354 </td>
355 </tr>
356
357 <tr>
358 <td width="33%">
359 $Lang::tr{'dns use protocol for dns queries'}
360 </td>
361
362 <td>
363 <select name="PROTO">
364 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
365 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
366 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
367 </select>
368 </td>
369 </tr>
370
371 <tr>
372 <td colspan="2">
373 <br>
374 </td>
375 </tr>
376
377 <tr>
378 <td width="33%">
379 $Lang::tr{'dns enable safe-search'}
380 </td>
381
382 <td>
383 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
384 </td>
385 </tr>
386
387 <tr>
388 <td colspan="2">
389 <br>
390 </td>
391 </tr>
392
393 <tr>
394 <td width="33%">
395 $Lang::tr{'dns mode for qname minimisation'}
396 </td>
397
398 <td>
399 <select name="QNAME_MIN">
400 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
401 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
402 </select>
403 </td>
404 </tr>
405
406 <tr>
407 <td colspan="2" align="right">
408 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
409 </td>
410 </tr>
411 </table>
412 </form>
413END
414
e0639d80
JPT		 415 &Header::closebox();
416}
417
24d7c5ef
SS		 418###
419# Section to display the configured and used DNS servers.
420#
421sub show_nameservers () {
a969acc7 422 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
e0639d80 423
351ad526
MT		 424 # Determine if we are running in recursor mode
425 my $recursor = 0;
426 my $unbound_forward = qx(unbound-control forward);
427 if ($unbound_forward =~ m/^off/) {
428 $recursor = 1;
429 }
430
770ea81e
SS		 431 my $dns_status_string;
432 my $dns_status_col;
f03f3429 433 my $dns_working;
770ea81e 434
351ad526 435
770ea81e
SS		 436 # Test if the DNS system is working.
437 #
438 # Simple send a request to unbound and check if it can resolve the
439 # DNS test server.
f2d2c697 440 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
770ea81e
SS		 441
442 if ($dns_status_ret eq "2") {
443 $dns_status_string = "$Lang::tr{'working'}";
444 $dns_status_col = "${Header::colourgreen}";
f03f3429 445 $dns_working = 1;
770ea81e 446 } else {
46cc88ed 447 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 448 $dns_status_col = "${Header::colourred}";
449 }
450
351ad526
MT		 451 if ($recursor) {
452 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
453 }
454
18e97c76 455 print <<END;
770ea81e
SS		 456 <table width='100%'>
457 <tr>
458 <td>
459 <strong>$Lang::tr{'status'}:&nbsp;</strong>
460 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
461 </td>
462 </tr>
463 </table>
18e97c76
MT		 464END
465
466 # Check the usage of ISP assigned nameservers is enabled.
467 my $id = 1;
770ea81e 468
18e97c76
MT		 469 # Loop through the array which stores the files.
470 foreach my $file (@ISP_nameserver_files) {
471 # Grab the address of the nameserver.
472 my $address = &General::grab_address_from_file($file);
473
474 # Check if we got an address.
475 if ($address) {
476 # Add the address to the hash of nameservers.
477 $dns_servers{$id} = [ "$address", "none",
478 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
479 "$Lang::tr{'dns isp assigned nameserver'}" ];
480
481 # Increase id by one.
482 $id++;
483 }
484 }
485
486 # Check some DNS servers have been configured. In this case
487 # the hash contains at least one key.
488 my $server_amount;
489 if (keys %dns_servers) {
490 # Sort the keys by their ID and store them in an array.
491 my @keys = sort { $a <=> $b } keys %dns_servers;
492
493 print <<END;
770ea81e
SS		 494 <br>
495
24d7c5ef
SS		 496 <table class="tbl" width='100%'>
497 <tr>
498 <td align="center">
499 <strong>$Lang::tr{'nameserver'}</strong>
500 </td>
501
502 <td align="center">
503 <strong>$Lang::tr{'country'}</strong>
504 </td>
505
506 <td align="center">
507 <strong>$Lang::tr{'rdns'}</strong>
508 </td>
509
510 <td align="center">
511 <strong>$Lang::tr{'remark'}</strong>
512 </td>
43140993 513END
18e97c76
MT		 514
515 # Check if the status should be displayed.
516 if ($check_servers) {
517 print <<END;
24d7c5ef
SS		 518 <td align="center">
519 <strong>$Lang::tr{'status'}</strong>
520 </td>
43140993 521END
18e97c76 522 }
43140993 523
18e97c76 524 print <<END;
e0639d80 525
24d7c5ef
SS		 526 <td align="center" colspan="3">
527 <strong>$Lang::tr{'action'}</strong>
528 </td>
529 </tr>
830f6177 530END
24d7c5ef
SS		 531
532 # Loop through all entries of the array/hash.
533 foreach my $id (@keys) {
534 # Inrease server_amount.
535 $server_amount++;
536
537 # Assign data array positions to some nice variable names.
538 my $nameserver = $dns_servers{$id}[0];
539 my $tls_hostname = $dns_servers{$id}[1];
540 my $enabled = $dns_servers{$id}[2];
541 my $remark = $dns_servers{$id}[3];
542
543 my $col = '';
544 my $toggle = '';
545 my $gif = '';
546 my $gdesc = '';
547 my $notice = "";
548
549 # Colorize columns.
550 if ($server_amount % 2) {
551 $col="bgcolor='$color{'color22'}'"; }
552 else {
553 $col="bgcolor='$color{'color20'}'";
554 }
555
556 if ($enabled eq 'enabled') {
557 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
558 } else {
559 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
560 }
561
562 my $status;
563 my $status_short;
564 my $status_message;
565 my $status_colour;
566
567 # Only grab the status if the nameserver is enabled.
43140993 568 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 569 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
570 }
571
a25dcda2 572 if (!defined $status) {
24d7c5ef
SS		 573 $status_short = "$Lang::tr{'disabled'}";
574
575 # DNSSEC Not supported
576 } elsif ($status eq 0) {
577 $status_short = "$Lang::tr{'broken'}";
578 $status_message = $Lang::tr{'dnssec not supported'};
579 $status_colour = ${Header::colourred};
580
581 # DNSSEC Aware
582 } elsif ($status eq 1) {
583 $status_short = "$Lang::tr{'not validating'}";
584 $status_message = $Lang::tr{'dnssec aware'};
585 $status_colour = ${Header::colourblack};
586
587 # DNSSEC Validating
588 } elsif ($status eq 2) {
589 $status_short = "$Lang::tr{'ok'}";
590 $status_message = $Lang::tr{'dnssec validating'};
591 $status_colour = ${Header::colourgreen};
592
593 # Error
594 } else {
595 $status_short = "$Lang::tr{'error'}";
596 $status_message = $status;
597 $status_colour = ${Header::colourred};
598 }
599
4346cb66
SS		 600 # collect more information about name server (rDNS, country code)
601 my $ccode = &Location::Functions::lookup_country_code($libloc_db_handle, $nameserver);
602 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
24d7c5ef 603
25dda4a0
SS		 604 my $rdns;
605
606 # Only do the reverse lookup if the system is online.
f03f3429 607 if ($dns_working) {
25dda4a0
SS		 608 my $iaddr = inet_aton($nameserver);
609 $rdns = gethostbyaddr($iaddr, AF_INET);
610 }
24d7c5ef
SS		 611
612 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
613
77c7a94c
MT		 614 # Mark ISP name servers as disabled
615 if ($id <= 2 && $enabled eq "disabled") {
616 $nameserver = "<del>$nameserver</del>";
617 }
618
24d7c5ef
SS		 619print <<END;
620 <tr>
621 <td align="center" $col>
622 $nameserver
623 </td>
624
625 <td align="center" $col>
626 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
627 </td>
628
629 <td align="center" $col>
630 $rdns
631 </td>
632
633 <td align="center" $col>
634 $remark
635 </td>
830f6177 636END
24d7c5ef 637;
43140993
SS		 638 # Display server status if requested.
639 if ($check_servers) {
640print <<END
641 <td align="center" $col>
642 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
643 </td>
644END
645;
646 }
647
24d7c5ef
SS		 648 # Check if the id is greater than "2".
649 #
650 # Nameservers with an ID's of one or two are ISP assigned,
651 # and we cannot perform any actions on them, so hide the tools for
652 # them.
19602b68 653 if ($id > 2) {
24d7c5ef
SS		 654
655print <<END;
656 <td align='center' width='5%' $col>
657 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
658 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
659 <input type='hidden' name='ID' value='$id' />
660 <input type='hidden' name='ENABLE' value='$toggle' />
661 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
662 </form>
663 </td>
664
665 <td align='center' width='5%' $col>
666 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
667 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
668 <input type='hidden' name='ID' value='$id' />
669 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
670 </form>
671 </td>
672
673 <td align='center' width='5%' $col>
674 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
675 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
676 <input type='hidden' name='ID' value='$id' />
677 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
678 </form>
679 </td>
830f6177 680END
24d7c5ef
SS		 681;
682 } else {
683 print "<td colspan='3' $col>&nbsp;</td>\n";
684 }
685
686
687 print"</tr>\n";
688
689 }
690
691 print"</table>\n";
692
693 print"<table width='100%'>\n";
694
695 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
19602b68 696 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
24d7c5ef
SS		 697print <<END;
698 <tr>
699 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
700 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
701 <td class='base'>$Lang::tr{'click to disable'}</td>
702 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
703 <td class='base'>$Lang::tr{'click to enable'}</td>
704 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
705 <td class='base'>$Lang::tr{'edit'}</td>
706 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
707 <td class='base'>$Lang::tr{'remove'}</td>
708 </tr>
830f6177 709END
24d7c5ef
SS		 710;
711 }
712print <<END;
713 <tr>
714 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 715 <td colspan="9" align="right">
716 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
717 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
718 </td>
24d7c5ef
SS		 719 </form>
720 </tr>
721 </table>
830f6177 722END
24d7c5ef 723;
24d7c5ef 724 } else {
351ad526 725 print <<END;
24d7c5ef 726 <table width="100%">
24d7c5ef
SS		 727 <tr>
728 <form method="post" action="$ENV{'SCRIPT_NAME'}">
729 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
730 </form>
731 </tr>
732 </table>
830f6177 733END
24d7c5ef
SS		 734 }
735
736 &Header::closebox();
830f6177 737}
24d7c5ef
SS		 738
739###
740# Section to display the add or edit subpage.
741#
742sub show_add_edit_nameserver() {
743 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
744
745 my $buttontext = $Lang::tr{'save'};
746 my $dnssec_checked;
747 my $dot_checked;
748 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
749 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
750
751 # Update button text for upate the existing entry.
752 $buttontext = $Lang::tr{'update'};
753
754 # Add hidden input for sending ID.
755 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
756
757 # Check if an ID has been given.
758 if ($cgiparams{'ID'}) {
759 # Assign cgiparams values.
760 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
761 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
762 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
763 }
764 } else {
765 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
766 }
767
f10fb4bf
SS		 768 my $tls_required_image;
769
770 # If the protocol is TLS, dispaly the required image.
771 if ($settings{'PROTO'} eq "TLS") {
772 $tls_required_image = "<img src='/blob.gif' alt='*'>";
773 }
774
24d7c5ef
SS		 775 # Add hidden input to store the mode.
776 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
777
778print <<END
779 <table width='100%'>
780 <tr>
781 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
782 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
783 </tr>
f10fb4bf
SS		 784
785
24d7c5ef 786 <tr>
f10fb4bf 787 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 788 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
789 </tr>
24d7c5ef 790
e0639d80 791
24d7c5ef
SS		 792 <tr>
793 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
794 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
795 </tr>
796 </table>
797
798 <br>
799 <hr>
800
801 <table width='100%'>
802 <tr>
803 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
804 <td width='40%' align='right'>
805 <input type="submit" name="SERVERS" value="$buttontext">
806 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
807 </td>
808 </tr>
809 </table>
e0639d80
JPT		 810END
811;
812
24d7c5ef
SS		 813 &Header::closebox();
814 print "</form>\n";
e0639d80 815
24d7c5ef
SS		 816 &Header::closebox();
817}
e0639d80 818
719db1cd
SS		 819# Private function to handle the restart of unbound and more.
820sub _handle_unbound_and_more () {
8fbb12f1
SS		 821 # Check if the IDS is running.
822 if(&IDS::ids_is_running()) {
823 # Re-generate the file which contains the DNS Server
824 # details.
825 &IDS::generate_dns_servers_file();
826
827 # Call suricatactrl to perform a reload.
828 &IDS::call_suricatactrl("restart");
829 }
80bed581
AF		 830 # Restart unbound
831 system('/usr/local/bin/unboundctrl reload >/dev/null');
719db1cd
SS		 832}
833
f36855fe
SS		 834# Check if the system is online (RED is connected).
835sub red_is_active () {
836 # Check if the "active" file is present.
837 if ( -f "${General::swroot}/red/active") {
838 # Return "1" - True.
839 return 1;
840 } else {
841 # Return nothing - False.
842 return;
843 }
844}
845
24d7c5ef 846# Function to check a given nameserver against propper work.
38f51465
MT		 847sub check_nameserver($$$$$) {
848 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
24d7c5ef 849
70187da6
SS		 850 # Check if the system is online.
851 unless (&red_is_active()) {
852 return "$Lang::tr{'system is offline'}";
853 }
854
24d7c5ef 855 # Default values.
3a5866ac 856 my @command = ("kdig", "+dnssec",
38f51465 857 "+bufsize=1232", @args);
24d7c5ef
SS		 858
859 # Handle different protols.
860 if ($proto eq "TCP") {
861 # Add TCP switch to the command.
862 push(@command, "+tcp");
863
864 } elsif($proto eq "TLS") {
865 # Add TLS switch to the command and provide the
866 # path to our file which contains the ca certs.
867 push(@command, "+tls-ca=$ca_certs_file");
868
869 # Check if a TLS hostname has been provided.
870 if ($tls_hostname) {
871 # Add TLS hostname to the command.
872 push(@command, "+tls-hostname=$tls_hostname");
873 } else {
874 return "$Lang::tr{'dns no tls hostname given'}";
875 }
876 }
877
878 # Add record to the command array.
879 push(@command, "$record");
880
881 # Add nameserver to the command array.
882 push(@command, "\@$nameserver");
883
884 # Connect to STDOUT and STDERR.
885 push(@command, "2>&1");
886
887 my @output = qx(@command);
888 my $output = join("", @output);
889
890 my $status = 0;
24d7c5ef
SS		 891
892 if ($output =~ m/status: (\w+)/) {
893 $status = ($1 eq "NOERROR");
894
895 if (!$status) {
896 return -1;
897 }
984f14bd
MT		 898 } else {
899 my $warning;
900
901 while ($output =~ m/WARNING: (.*)/g) {
902 # Add the current grabbed warning to the warning string.
903 $warning .= "$1\; ";
904 }
905
906 # Return the warning string, if we grabbed at least one.
907 if ($warning) {
908 return $warning;
909 }
24d7c5ef
SS		 910 }
911
912 my @flags = ();
913 if ($output =~ m/Flags: (.*);/) {
914 @flags = split(/ /, $1);
915 }
916
917 my $aware = ($output =~ m/RRSIG/);
71471d9b 918 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 919
920 return $aware + $validating;
921}
Peter's tree of IPFire 2.x