]> git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/dns.cgi
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dns.cgi: Remove accidently commited debug code
[ipfire-2.x.git] / html / cgi-bin / dns.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2020 IPFire Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use IO::Socket;
24
25 # enable only the following on debugging purpose
26 #use warnings;
27 #use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/geoip-functions.pl";
31 require "${General::swroot}/lang.pl";
32 require "${General::swroot}/header.pl";
33
34 #workaround to suppress a warning when a variable is used only once
35 my @dummy = ( ${Header::colouryellow} );
36 undef (@dummy);
37
38 my %cgiparams=();
39 my %checked=();
40 my %selected=();
41 my $errormessage = '';
42
43 # Config file which stores the DNS settings.
44 my $settings_file = "${General::swroot}/dns/settings";
45
46 # File which stores the configured DNS-Servers.
47 my $servers_file = "${General::swroot}/dns/servers";
48
49 # Create files if the does not exist.
50 unless (-f $settings_file) { system("touch $settings_file") };
51 unless (-f $servers_file) { system("touch $servers_file") };
52
53 # File which stores the ISP assigned DNS servers.
54 my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
55
56 # File which contains the ca-certificates.
57 my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
58
59 # Server which is used, to determine if the whole DNS system works properly.
60 my $dns_test_server = "ping.ipfire.org";
61
62 my $check_servers;
63
64 my %color = ();
65 my %mainsettings = ();
66 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
67 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
68
69 &Header::showhttpheaders();
70 &Header::getcgihash(\%cgiparams);
71
72 ##
73 # Save general settings.
74 #
75 if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
76 # Prevent form name from been stored in conf file.
77 delete $cgiparams{'GENERAL'};
78
79 # Add value for non-checked checkbox.
80 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
81 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
82 }
83
84 # Add value for non-checked checkbox.
85 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
86 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
87 }
88
89 # Store settings into settings file.
90 &General::writehash("$settings_file", \%cgiparams);
91
92 # Call function to handle unbound restart, etc.
93 &_handle_unbound_and_more()
94 }
95
96 ###
97 # Add / Edit entries.
98 #
99 if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
100 # Hash to store the generic DNS settings.
101 my %settings = ();
102
103 # Read-in generic settings.
104 &General::readhash("$settings_file", \%settings);
105
106 # Check if an IP-address has been given.
107 if ($cgiparams{"NAMESERVER"} eq "") {
108 $errormessage = "$Lang::tr{'dns no address given'}";
109 }
110
111 # Check if the given DNS server is valid.
112 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
113 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
114 }
115
116 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
117 elsif($settings{'PROTO'} eq "TLS") {
118 unless($cgiparams{"TLS_HOSTNAME"}) {
119 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
120 } else {
121 # Check if the provided domain is valid.
122 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
123 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
124 }
125 }
126 }
127
128 # Go further if there was no error.
129 if ( ! $errormessage) {
130 # Check if a remark has been entered.
131 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
132
133 my %dns_servers = ();
134 my $id;
135 my $status;
136
137 # Read-in configfile.
138 &General::readhasharray($servers_file, \%dns_servers);
139
140 # Check if we should edit an existing entry and got an ID.
141 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
142 # Assin the provided id.
143 $id = $cgiparams{'ID'};
144
145 # Undef the given ID.
146 undef($cgiparams{'ID'});
147
148 # Grab the configured status of the corresponding entry.
149 $status = $dns_servers{$id}[2];
150 } else {
151 # Each newly added entry automatically should be enabled.
152 $status = "enabled";
153
154 # Generate the ID for the new entry.
155 #
156 # Sort the keys by their ID and store them in an array.
157 my @keys = sort { $a <=> $b } keys %dns_servers;
158
159 # Reverse the key array.
160 my @reversed = reverse(@keys);
161
162 # Obtain the last used id.
163 my $last_id = @reversed[0];
164
165 # Increase the last id by one and use it as id for the new entry.
166 $id = ++$last_id;
167
168 # The first allowed id is 3 to keep space for
169 # possible ISP assigned DNS servers.
170 if ($id le "2") {
171 $id = "3";
172 }
173 }
174
175 # Add/Modify the entry to/in the dns_servers hash.
176 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
177
178 # Write the changed hash to the config file.
179 &General::writehasharray($servers_file, \%dns_servers);
180
181 # Call function to handle unbound restart, etc.
182 &_handle_unbound_and_more();
183 } else {
184 # Switch back to previous mode.
185 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
186 }
187 ###
188 # Toggle enable / disable.
189 #
190 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
191 my %dns_servers = ();
192
193 # Only go further, if an ID has been passed.
194 if ($cgiparams{'ID'}) {
195 # Assign the given ID.
196 my $id = $cgiparams{'ID'};
197
198 # Undef the given ID.
199 undef($cgiparams{'ID'});
200
201 # Read-in configfile.
202 &General::readhasharray($servers_file, \%dns_servers);
203
204 # Grab the configured status of the corresponding entry.
205 my $status = $dns_servers{$id}[2];
206
207 # Switch the status.
208 if ($status eq "disabled") {
209 $status = "enabled";
210 } else {
211 $status = "disabled";
212 }
213
214 # Modify the status of the existing entry.
215 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
216
217 # Write the changed hash back to the config file.
218 &General::writehasharray($servers_file, \%dns_servers);
219 }
220
221 ## Remove entry from DNS servers list.
222 #
223 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
224 my %dns_servers = ();
225
226 # Read-in configfile.
227 &General::readhasharray($servers_file, \%dns_servers);
228
229 # Drop entry from the hash.
230 delete($dns_servers{$cgiparams{'ID'}});
231
232 # Undef the given ID.
233 undef($cgiparams{'ID'});
234
235 # Write the changed hash to the config file.
236 &General::writehasharray($servers_file, \%dns_servers);
237
238 ## Handle request to check the servers.
239 #
240 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
241 $check_servers = 1;
242 }
243
244 # Hash to store the generic DNS settings.
245 my %settings = ();
246
247 # Read-in general DNS settings.
248 &General::readhash("$settings_file", \%settings);
249
250 # Hash which contains the configured DNS servers.
251 my %dns_servers = ();
252
253 # Read-in config file.
254 &General::readhasharray("$servers_file", \%dns_servers);
255
256 &Header::openpage($Lang::tr{'dns'}, 1, '');
257
258 &Header::openbigbox('100%', 'left', '', $errormessage);
259
260 ###
261 # Error messages layout.
262 #
263 if ($errormessage) {
264 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
265 print "<class name='base'>$errormessage\n";
266 print "&nbsp;</class>\n";
267 &Header::closebox();
268 }
269
270 # Handle if a nameserver should be added or edited.
271 if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
272 # Display the sub page.
273 &show_add_edit_nameserver();
274
275 # Close webpage.
276 &Header::closebigbox();
277 &Header::closepage();
278
279 # Finished here for the moment.
280 exit(0);
281 }
282
283 $cgiparams{'GENERAL'} = '';
284 $cgiparams{'SERVERS'} = '';
285 $cgiparams{'NAMESERVER'} = '';
286 $cgiparams{'TLS_HOSTNAME'} = '';
287 $cgiparams{'REMARK'} ='';
288
289 $checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
290 $checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
291 $checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
292
293 $checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
294 $checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
295 $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
296
297 $selected{'PROTO'}{'UDP'} = '';
298 $selected{'PROTO'}{'TLS'} = '';
299 $selected{'PROTO'}{'TCP'} = '';
300 $selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
301
302 $selected{'QNAME_MIN'}{'standard'} = '';
303 $selected{'QNAME_MIN'}{'strict'} = '';
304 $selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
305
306 # Display nameserver and configuration sections.
307 &show_nameservers();
308 &show_general_dns_configuration();
309
310 &Header::closebigbox();
311 &Header::closepage();
312
313 ###
314 # General DNS-Servers sektion.
315 #
316 sub show_general_dns_configuration () {
317 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
318
319 print <<END;
320 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
321 <table width="100%">
322 <tr>
323 <td width="33%">
324 $Lang::tr{'dns use isp assigned nameservers'}
325 </td>
326
327 <td>
328 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
329 </td>
330 </tr>
331
332 <tr>
333 <td colspan="2">
334 <br>
335 </td>
336 </tr>
337
338 <tr>
339 <td width="33%">
340 $Lang::tr{'dns use protocol for dns queries'}
341 </td>
342
343 <td>
344 <select name="PROTO">
345 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
346 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
347 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
348 </select>
349 </td>
350 </tr>
351
352 <tr>
353 <td colspan="2">
354 <br>
355 </td>
356 </tr>
357
358 <tr>
359 <td width="33%">
360 $Lang::tr{'dns enable safe-search'}
361 </td>
362
363 <td>
364 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
365 </td>
366 </tr>
367
368 <tr>
369 <td colspan="2">
370 <br>
371 </td>
372 </tr>
373
374 <tr>
375 <td width="33%">
376 $Lang::tr{'dns mode for qname minimisation'}
377 </td>
378
379 <td>
380 <select name="QNAME_MIN">
381 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
382 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
383 </select>
384 </td>
385 </tr>
386
387 <tr>
388 <td colspan="2" align="right">
389 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
390 </td>
391 </tr>
392 </table>
393 </form>
394 END
395
396 &Header::closebox();
397 }
398
399 ###
400 # Section to display the configured and used DNS servers.
401 #
402 sub show_nameservers () {
403 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
404
405 my $dns_status_string;
406 my $dns_status_col;
407
408 # Test if the DNS system is working.
409 #
410 # Simple send a request to unbound and check if it can resolve the
411 # DNS test server.
412 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP");
413
414 if ($dns_status_ret eq "2") {
415 $dns_status_string = "$Lang::tr{'working'}";
416 $dns_status_col = "${Header::colourgreen}";
417 } else {
418 $dns_status_string = "$Lang::tr{'broken'}";
419 $dns_status_col = "${Header::colourred}";
420 }
421
422 print <<END;
423 <table width='100%'>
424 <tr>
425 <td>
426 <strong>$Lang::tr{'status'}:&nbsp;</strong>
427 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
428 </td>
429 </tr>
430 </table>
431
432 <br>
433
434 <table class="tbl" width='100%'>
435 <tr>
436 <td align="center">
437 <strong>$Lang::tr{'nameserver'}</strong>
438 </td>
439
440 <td align="center">
441 <strong>$Lang::tr{'country'}</strong>
442 </td>
443
444 <td align="center">
445 <strong>$Lang::tr{'rdns'}</strong>
446 </td>
447
448 <td align="center">
449 <strong>$Lang::tr{'remark'}</strong>
450 </td>
451 END
452 # Check if the status should be displayed.
453 if ($check_servers) {
454 print <<END
455 <td align="center">
456 <strong>$Lang::tr{'status'}</strong>
457 </td>
458 END
459 ;
460 }
461
462 print <<END
463
464 <td align="center" colspan="3">
465 <strong>$Lang::tr{'action'}</strong>
466 </td>
467 </tr>
468 END
469 ;
470
471 # Check the usage of ISP assigned nameservers is enabled.
472 my $id = 1;
473
474 # Loop through the array which stores the files.
475 foreach my $file (@ISP_nameserver_files) {
476 # Grab the address of the nameserver.
477 my $address = &grab_address_from_file($file);
478
479 # Check if we got an address.
480 if ($address) {
481 # Add the address to the hash of nameservers.
482 $dns_servers{$id} = [ "$address", "none",
483 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
484 "$Lang::tr{'dns isp assigned nameserver'}" ];
485
486 # Increase id by one.
487 $id++;
488 }
489 }
490
491 # Check some DNS servers have been configured. In this case
492 # the hash contains at least one key.
493 my $server_amount;
494 if (keys %dns_servers) {
495 # Sort the keys by their ID and store them in an array.
496 my @keys = sort { $a <=> $b } keys %dns_servers;
497
498 # Loop through all entries of the array/hash.
499 foreach my $id (@keys) {
500 # Inrease server_amount.
501 $server_amount++;
502
503 # Assign data array positions to some nice variable names.
504 my $nameserver = $dns_servers{$id}[0];
505 my $tls_hostname = $dns_servers{$id}[1];
506 my $enabled = $dns_servers{$id}[2];
507 my $remark = $dns_servers{$id}[3];
508
509 my $col = '';
510 my $toggle = '';
511 my $gif = '';
512 my $gdesc = '';
513 my $notice = "";
514
515 # Colorize columns.
516 if ($server_amount % 2) {
517 $col="bgcolor='$color{'color22'}'"; }
518 else {
519 $col="bgcolor='$color{'color20'}'";
520 }
521
522 if ($enabled eq 'enabled') {
523 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
524 } else {
525 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
526 }
527
528 my $status;
529 my $status_short;
530 my $status_message;
531 my $status_colour;
532
533 # Only grab the status if the nameserver is enabled.
534 if (($check_servers) && ($enabled eq "enabled")) {
535 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
536 }
537
538 if (!$status) {
539 $status_short = "$Lang::tr{'disabled'}";
540
541 # DNSSEC Not supported
542 } elsif ($status eq 0) {
543 $status_short = "$Lang::tr{'broken'}";
544 $status_message = $Lang::tr{'dnssec not supported'};
545 $status_colour = ${Header::colourred};
546
547 # DNSSEC Aware
548 } elsif ($status eq 1) {
549 $status_short = "$Lang::tr{'not validating'}";
550 $status_message = $Lang::tr{'dnssec aware'};
551 $status_colour = ${Header::colourblack};
552
553 # DNSSEC Validating
554 } elsif ($status eq 2) {
555 $status_short = "$Lang::tr{'ok'}";
556 $status_message = $Lang::tr{'dnssec validating'};
557 $status_colour = ${Header::colourgreen};
558
559 # Error
560 } else {
561 $status_short = "$Lang::tr{'error'}";
562 $status_message = $status;
563 $status_colour = ${Header::colourred};
564 }
565
566 # collect more information about name server (rDNS, GeoIP country code)
567 my $ccode = &GeoIP::lookup($nameserver);
568 my $flag_icon = &GeoIP::get_flag_icon($ccode);
569
570 my $rdns;
571
572 # Only do the reverse lookup if the system is online.
573 if (&red_is_active()) {
574 my $iaddr = inet_aton($nameserver);
575 $rdns = gethostbyaddr($iaddr, AF_INET);
576 }
577
578 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
579
580 # Mark ISP name servers as disabled
581 if ($id <= 2 && $enabled eq "disabled") {
582 $nameserver = "<del>$nameserver</del>";
583 }
584
585 print <<END;
586 <tr>
587 <td align="center" $col>
588 $nameserver
589 </td>
590
591 <td align="center" $col>
592 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
593 </td>
594
595 <td align="center" $col>
596 $rdns
597 </td>
598
599 <td align="center" $col>
600 $remark
601 </td>
602 END
603 ;
604 # Display server status if requested.
605 if ($check_servers) {
606 print <<END
607 <td align="center" $col>
608 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
609 </td>
610 END
611 ;
612 }
613
614 # Check if the id is greater than "2".
615 #
616 # Nameservers with an ID's of one or two are ISP assigned,
617 # and we cannot perform any actions on them, so hide the tools for
618 # them.
619 if ($id gt "2") {
620
621 print <<END;
622 <td align='center' width='5%' $col>
623 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
624 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
625 <input type='hidden' name='ID' value='$id' />
626 <input type='hidden' name='ENABLE' value='$toggle' />
627 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
628 </form>
629 </td>
630
631 <td align='center' width='5%' $col>
632 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
633 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
634 <input type='hidden' name='ID' value='$id' />
635 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
636 </form>
637 </td>
638
639 <td align='center' width='5%' $col>
640 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
641 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
642 <input type='hidden' name='ID' value='$id' />
643 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
644 </form>
645 </td>
646 END
647 ;
648 } else {
649 print "<td colspan='3' $col>&nbsp;</td>\n";
650 }
651
652
653 print"</tr>\n";
654
655 }
656
657 print"</table>\n";
658
659 print"<table width='100%'>\n";
660
661 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
662 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount gt "2")) {
663 print <<END;
664 <tr>
665 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
666 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
667 <td class='base'>$Lang::tr{'click to disable'}</td>
668 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
669 <td class='base'>$Lang::tr{'click to enable'}</td>
670 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
671 <td class='base'>$Lang::tr{'edit'}</td>
672 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
673 <td class='base'>$Lang::tr{'remove'}</td>
674 </tr>
675 END
676 ;
677 }
678 print <<END;
679 <tr>
680 <form method="post" action="$ENV{'SCRIPT_NAME'}">
681 <td colspan="9" align="right">
682 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
683 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
684 </td>
685 </form>
686 </tr>
687 </table>
688 END
689 ;
690
691 } else {
692 print <<END;
693 <table width="100%">
694 <tr>
695 <td colspan="6" align="center">
696 <br>$Lang::tr{'guardian no entries'}<br>
697 </td>
698 </tr>
699
700 <tr>
701 <form method="post" action="$ENV{'SCRIPT_NAME'}">
702 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
703 </form>
704 </tr>
705 </table>
706
707 END
708 ;
709 }
710
711 &Header::closebox();
712 }
713
714 ###
715 # Section to display the add or edit subpage.
716 #
717 sub show_add_edit_nameserver() {
718 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
719
720 my $buttontext = $Lang::tr{'save'};
721 my $dnssec_checked;
722 my $dot_checked;
723 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
724 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
725
726 # Update button text for upate the existing entry.
727 $buttontext = $Lang::tr{'update'};
728
729 # Add hidden input for sending ID.
730 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
731
732 # Check if an ID has been given.
733 if ($cgiparams{'ID'}) {
734 # Assign cgiparams values.
735 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
736 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
737 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
738 }
739 } else {
740 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
741 }
742
743 my $tls_required_image;
744
745 # If the protocol is TLS, dispaly the required image.
746 if ($settings{'PROTO'} eq "TLS") {
747 $tls_required_image = "<img src='/blob.gif' alt='*'>";
748 }
749
750 # Add hidden input to store the mode.
751 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
752
753 print <<END
754 <table width='100%'>
755 <tr>
756 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
757 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
758 </tr>
759
760
761 <tr>
762 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
763 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
764 </tr>
765
766
767 <tr>
768 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
769 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
770 </tr>
771 </table>
772
773 <br>
774 <hr>
775
776 <table width='100%'>
777 <tr>
778 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
779 <td width='40%' align='right'>
780 <input type="submit" name="SERVERS" value="$buttontext">
781 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
782 </td>
783 </tr>
784 </table>
785 END
786 ;
787
788 &Header::closebox();
789 print "</form>\n";
790
791 &Header::closebox();
792 }
793
794 # Private function to handle the restart of unbound and more.
795 sub _handle_unbound_and_more () {
796 # Restart unbound
797 system('/usr/local/bin/unboundctrl restart >/dev/null');
798 }
799
800 # Check if the system is online (RED is connected).
801 sub red_is_active () {
802 # Check if the "active" file is present.
803 if ( -f "${General::swroot}/red/active") {
804 # Return "1" - True.
805 return 1;
806 } else {
807 # Return nothing - False.
808 return;
809 }
810 }
811
812 # Tiny function to grab an IP-address of a given file.
813 sub grab_address_from_file($) {
814 my ($file) = @_;
815
816 my $address;
817
818 # Check if the given file exists.
819 if(-f $file) {
820 # Open the file for reading.
821 open(FILE, $file) or die "Could not read from $file. $!\n";
822
823 # Read the address from the file.
824 $address = <FILE>;
825
826 # Close filehandle.
827 close(FILE);
828
829 # Remove newlines.
830 chomp($address);
831
832 # Check if the obtained address is valid.
833 if (&General::validip($address)) {
834 # Return the address.
835 return $address;
836 }
837 }
838
839 # Return nothing.
840 return;
841 }
842
843 # Function to check a given nameserver against propper work.
844 sub check_nameserver($$$$) {
845 my ($nameserver, $record, $proto, $tls_hostname) = @_;
846
847 # Check if the system is online.
848 unless (&red_is_active()) {
849 return "$Lang::tr{'system is offline'}";
850 }
851
852 # Default values.
853 my @command = ("kdig", "+timeout=2", "+retry=0", "+dnssec",
854 "+bufsize=1232");
855
856 # Handle different protols.
857 if ($proto eq "TCP") {
858 # Add TCP switch to the command.
859 push(@command, "+tcp");
860
861 } elsif($proto eq "TLS") {
862 # Add TLS switch to the command and provide the
863 # path to our file which contains the ca certs.
864 push(@command, "+tls-ca=$ca_certs_file");
865
866 # Check if a TLS hostname has been provided.
867 if ($tls_hostname) {
868 # Add TLS hostname to the command.
869 push(@command, "+tls-hostname=$tls_hostname");
870 } else {
871 return "$Lang::tr{'dns no tls hostname given'}";
872 }
873 }
874
875 # Add record to the command array.
876 push(@command, "$record");
877
878 # Add nameserver to the command array.
879 push(@command, "\@$nameserver");
880
881 # Connect to STDOUT and STDERR.
882 push(@command, "2>&1");
883
884 my @output = qx(@command);
885 my $output = join("", @output);
886
887 my $status = 0;
888
889 if ($output =~ m/status: (\w+)/) {
890 $status = ($1 eq "NOERROR");
891
892 if (!$status) {
893 return -1;
894 }
895 } else {
896 my $warning;
897
898 while ($output =~ m/WARNING: (.*)/g) {
899 # Add the current grabbed warning to the warning string.
900 $warning .= "$1\; ";
901 }
902
903 # Return the warning string, if we grabbed at least one.
904 if ($warning) {
905 return $warning;
906 }
907 }
908
909 my @flags = ();
910 if ($output =~ m/Flags: (.*);/) {
911 @flags = split(/ /, $1);
912 }
913
914 my $aware = ($output =~ m/RRSIG/);
915 my $validating = (grep(/ad;/, @flags));
916
917 return $aware + $validating;
918 }
IPFire 2.x development tree