]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/dns.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
suricata: Change midstream policy to "pass-flow"
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / dns.cgi
CommitLineData
e0639d80
JPT		 1#!/usr/bin/perl
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
cd7a9011 5# Copyright (C) 2005-2024 IPFire Team <info@ipfire.org> #
e0639d80
JPT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
21
22use strict;
24d7c5ef 23use IO::Socket;
cd7a9011 24use Encode;
e0639d80
JPT		 25
26# enable only the following on debugging purpose
27#use warnings;
28#use CGI::Carp 'fatalsToBrowser';
29
30require '/var/ipfire/general-functions.pl';
4346cb66 31require "${General::swroot}/location-functions.pl";
8fbb12f1 32require "${General::swroot}/ids-functions.pl";
e0639d80
JPT		 33require "${General::swroot}/lang.pl";
34require "${General::swroot}/header.pl";
35
24d7c5ef
SS		 36#workaround to suppress a warning when a variable is used only once
37my @dummy = ( ${Header::colouryellow} );
38undef (@dummy);
39
40my %cgiparams=();
41my %checked=();
42my %selected=();
e0639d80
JPT		 43my $errormessage = '';
44
24d7c5ef
SS		 45# Config file which stores the DNS settings.
46my $settings_file = "${General::swroot}/dns/settings";
47
48# File which stores the configured DNS-Servers.
49my $servers_file = "${General::swroot}/dns/servers";
50
51# Create files if the does not exist.
8a1e6afe
MT		 52unless (-f $settings_file) { &General::system("touch", "$settings_file") };
53unless (-f $servers_file) { &General::system("touch", "$servers_file") };
24d7c5ef
SS		 54
55# File which stores the ISP assigned DNS servers.
1434fa0d 56my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
24d7c5ef
SS		 57
58# File which contains the ca-certificates.
59my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
60
770ea81e
SS		 61# Server which is used, to determine if the whole DNS system works properly.
62my $dns_test_server = "ping.ipfire.org";
63
43140993
SS		 64my $check_servers;
65
24d7c5ef
SS		 66my %color = ();
67my %mainsettings = ();
68&General::readhash("${General::swroot}/main/settings", \%mainsettings);
8186b372 69&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
24d7c5ef 70
e0639d80 71&Header::showhttpheaders();
24d7c5ef 72&Header::getcgihash(\%cgiparams);
e0639d80 73
24d7c5ef
SS		 74##
75# Save general settings.
76#
77if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
78 # Prevent form name from been stored in conf file.
79 delete $cgiparams{'GENERAL'};
e0639d80 80
24d7c5ef
SS		 81 # Add value for non-checked checkbox.
82 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
83 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
84 }
e0639d80 85
24d7c5ef
SS		 86 # Add value for non-checked checkbox.
87 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
88 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
89 }
e0639d80 90
65ef52a3
MT		 91 if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
92 $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
93 }
94
39a6219f
SS		 95 # Check if using ISP nameservers and TLS is enabled at the same time.
96 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
97 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
98 }
99
100 # Check if there was an error.
101 if ( ! $errormessage) {
719db1cd 102
39a6219f
SS		 103 # Store settings into settings file.
104 &General::writehash("$settings_file", \%cgiparams);
105
106 # Call function to handle unbound restart, etc.
107 &_handle_unbound_and_more()
108 }
24d7c5ef
SS		 109}
110
111###
112# Add / Edit entries.
113#
114if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
115 # Hash to store the generic DNS settings.
116 my %settings = ();
117
118 # Read-in generic settings.
119 &General::readhash("$settings_file", \%settings);
e0639d80 120
038f962e
SS		 121 # Check if an IP-address has been given.
122 if ($cgiparams{"NAMESERVER"} eq "") {
123 $errormessage = "$Lang::tr{'dns no address given'}";
124 }
125
24d7c5ef 126 # Check if the given DNS server is valid.
038f962e 127 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
24d7c5ef
SS		 128 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
129 }
130
131 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
132 elsif($settings{'PROTO'} eq "TLS") {
133 unless($cgiparams{"TLS_HOSTNAME"}) {
134 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
135 } else {
136 # Check if the provided domain is valid.
137 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
138 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
139 }
e0639d80 140 }
24d7c5ef
SS		 141 }
142
24d7c5ef
SS		 143 # Go further if there was no error.
144 if ( ! $errormessage) {
5a7342fc 145 # Check if a remark has been entered.
716b8fb5
AB		 146
147 # decode the UTF-8 text so that characters with diacritical marks such as
148 # umlauts are treated correctly by the following cleanhtml command
149 $cgiparams{'REMARK'} = decode("UTF-8", $cgiparams{'REMARK'});
150
151 # run the REMARK text through cleanhtml to ensure all unsafe html characters
152 # are correctly encoded to their html entities
5a7342fc 153 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
24d7c5ef 154
cd7a9011
AB		 155 # encode the text back to UTF-8 after running the cleanhtml command
156 $cgiparams{'REMARK'} = encode("UTF-8", $cgiparams{'REMARK'});
ee9b7365 157
24d7c5ef
SS		 158 my %dns_servers = ();
159 my $id;
160 my $status;
161
162 # Read-in configfile.
163 &General::readhasharray($servers_file, \%dns_servers);
164
165 # Check if we should edit an existing entry and got an ID.
166 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
167 # Assin the provided id.
168 $id = $cgiparams{'ID'};
169
170 # Undef the given ID.
171 undef($cgiparams{'ID'});
172
173 # Grab the configured status of the corresponding entry.
174 $status = $dns_servers{$id}[2];
175 } else {
176 # Each newly added entry automatically should be enabled.
177 $status = "enabled";
178
179 # Generate the ID for the new entry.
180 #
181 # Sort the keys by their ID and store them in an array.
182 my @keys = sort { $a <=> $b } keys %dns_servers;
183
184 # Reverse the key array.
185 my @reversed = reverse(@keys);
186
187 # Obtain the last used id.
188 my $last_id = @reversed[0];
189
190 # Increase the last id by one and use it as id for the new entry.
191 $id = ++$last_id;
192
193 # The first allowed id is 3 to keep space for
194 # possible ISP assigned DNS servers.
611587cf 195 if ($id <= "2") {
24d7c5ef
SS		 196 $id = "3";
197 }
e0639d80 198 }
24d7c5ef
SS		 199
200 # Add/Modify the entry to/in the dns_servers hash.
201 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
202
203 # Write the changed hash to the config file.
204 &General::writehasharray($servers_file, \%dns_servers);
719db1cd
SS		 205
206 # Call function to handle unbound restart, etc.
207 &_handle_unbound_and_more();
24d7c5ef
SS		 208 } else {
209 # Switch back to previous mode.
210 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
211 }
212###
213# Toggle enable / disable.
214#
215} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
216 my %dns_servers = ();
217
218 # Only go further, if an ID has been passed.
219 if ($cgiparams{'ID'}) {
220 # Assign the given ID.
221 my $id = $cgiparams{'ID'};
222
223 # Undef the given ID.
224 undef($cgiparams{'ID'});
225
226 # Read-in configfile.
227 &General::readhasharray($servers_file, \%dns_servers);
228
229 # Grab the configured status of the corresponding entry.
230 my $status = $dns_servers{$id}[2];
231
232 # Switch the status.
233 if ($status eq "disabled") {
234 $status = "enabled";
235 } else {
236 $status = "disabled";
e0639d80 237 }
24d7c5ef
SS		 238
239 # Modify the status of the existing entry.
240 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
241
242 # Write the changed hash back to the config file.
243 &General::writehasharray($servers_file, \%dns_servers);
8f4bde65
SS		 244
245 # Call function to handle unbound restart, etc.
246 &_handle_unbound_and_more();
e0639d80 247 }
24d7c5ef
SS		 248
249## Remove entry from DNS servers list.
250#
251} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
252 my %dns_servers = ();
253
254 # Read-in configfile.
255 &General::readhasharray($servers_file, \%dns_servers);
256
257 # Drop entry from the hash.
258 delete($dns_servers{$cgiparams{'ID'}});
259
260 # Undef the given ID.
261 undef($cgiparams{'ID'});
262
263 # Write the changed hash to the config file.
264 &General::writehasharray($servers_file, \%dns_servers);
43140993 265
8f4bde65
SS		 266 # Call function to handle unbound restart, etc.
267 &_handle_unbound_and_more();
268
43140993
SS		 269## Handle request to check the servers.
270#
271} elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
272 $check_servers = 1;
e0639d80
JPT		 273}
274
24d7c5ef
SS		 275# Hash to store the generic DNS settings.
276my %settings = ();
65ef52a3 277$settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
24d7c5ef
SS		 278
279# Read-in general DNS settings.
280&General::readhash("$settings_file", \%settings);
281
282# Hash which contains the configured DNS servers.
283my %dns_servers = ();
284
285# Read-in config file.
286&General::readhasharray("$servers_file", \%dns_servers);
287
743808bb 288&Header::openpage($Lang::tr{'dns title'}, 1, '');
24d7c5ef
SS		 289
290&Header::openbigbox('100%', 'left', '', $errormessage);
291
292###
293# Error messages layout.
294#
295if ($errormessage) {
296 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
297 print "<class name='base'>$errormessage\n";
298 print "&nbsp;</class>\n";
299 &Header::closebox();
e0639d80
JPT		 300}
301
24d7c5ef
SS		 302# Handle if a nameserver should be added or edited.
303if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
304 # Display the sub page.
305 &show_add_edit_nameserver();
306
307 # Close webpage.
308 &Header::closebigbox();
309 &Header::closepage();
310
311 # Finished here for the moment.
312 exit(0);
2e1432c4
JPT		 313}
314
24d7c5ef
SS		 315$cgiparams{'GENERAL'} = '';
316$cgiparams{'SERVERS'} = '';
317$cgiparams{'NAMESERVER'} = '';
318$cgiparams{'TLS_HOSTNAME'} = '';
319$cgiparams{'REMARK'} ='';
320
321$checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
322$checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
323$checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
324
325$checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
326$checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
327$checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
328
65ef52a3
MT		 329$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
330$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
331$checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
332
24d7c5ef
SS		 333$selected{'PROTO'}{'UDP'} = '';
334$selected{'PROTO'}{'TLS'} = '';
335$selected{'PROTO'}{'TCP'} = '';
336$selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
337
338$selected{'QNAME_MIN'}{'standard'} = '';
339$selected{'QNAME_MIN'}{'strict'} = '';
340$selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
341
342# Display nameserver and configuration sections.
343&show_nameservers();
344&show_general_dns_configuration();
345
346&Header::closebigbox();
347&Header::closepage();
348
349###
350# General DNS-Servers sektion.
351#
352sub show_general_dns_configuration () {
353 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
354
355 print <<END;
356 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
357 <table width="100%">
358 <tr>
359 <td width="33%">
360 $Lang::tr{'dns use isp assigned nameservers'}
361 </td>
362
363 <td>
364 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
365 </td>
366 </tr>
367
368 <tr>
369 <td colspan="2">
370 <br>
371 </td>
372 </tr>
373
374 <tr>
375 <td width="33%">
376 $Lang::tr{'dns use protocol for dns queries'}
377 </td>
378
379 <td>
380 <select name="PROTO">
381 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
382 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
383 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
384 </select>
385 </td>
386 </tr>
387
388 <tr>
389 <td colspan="2">
390 <br>
391 </td>
392 </tr>
393
394 <tr>
395 <td width="33%">
396 $Lang::tr{'dns enable safe-search'}
397 </td>
398
399 <td>
400 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
401 </td>
402 </tr>
403
65ef52a3
MT		 404 <tr>
405 <td width="33%">
406 &raquo; $Lang::tr{'dns enable safe-search youtube'}
407 </td>
408
409 <td>
410 <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
411 </td>
412 </tr>
413
24d7c5ef
SS		 414 <tr>
415 <td colspan="2">
416 <br>
417 </td>
418 </tr>
419
420 <tr>
421 <td width="33%">
422 $Lang::tr{'dns mode for qname minimisation'}
423 </td>
424
425 <td>
426 <select name="QNAME_MIN">
427 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
428 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
429 </select>
430 </td>
431 </tr>
432
433 <tr>
434 <td colspan="2" align="right">
435 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
436 </td>
437 </tr>
438 </table>
439 </form>
440END
441
e0639d80
JPT		 442 &Header::closebox();
443}
444
24d7c5ef
SS		 445###
446# Section to display the configured and used DNS servers.
447#
448sub show_nameservers () {
743808bb 449 &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}");
e0639d80 450
351ad526
MT		 451 # Determine if we are running in recursor mode
452 my $recursor = 0;
453 my $unbound_forward = qx(unbound-control forward);
454 if ($unbound_forward =~ m/^off/) {
455 $recursor = 1;
456 }
457
770ea81e
SS		 458 my $dns_status_string;
459 my $dns_status_col;
f03f3429 460 my $dns_working;
770ea81e 461
351ad526 462
770ea81e
SS		 463 # Test if the DNS system is working.
464 #
465 # Simple send a request to unbound and check if it can resolve the
466 # DNS test server.
f2d2c697 467 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
770ea81e
SS		 468
469 if ($dns_status_ret eq "2") {
470 $dns_status_string = "$Lang::tr{'working'}";
471 $dns_status_col = "${Header::colourgreen}";
f03f3429 472 $dns_working = 1;
770ea81e 473 } else {
46cc88ed 474 $dns_status_string = "$Lang::tr{'broken'}";
770ea81e
SS		 475 $dns_status_col = "${Header::colourred}";
476 }
477
351ad526
MT		 478 if ($recursor) {
479 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
480 }
481
18e97c76 482 print <<END;
770ea81e
SS		 483 <table width='100%'>
484 <tr>
485 <td>
486 <strong>$Lang::tr{'status'}:&nbsp;</strong>
487 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
488 </td>
489 </tr>
490 </table>
18e97c76
MT		 491END
492
493 # Check the usage of ISP assigned nameservers is enabled.
494 my $id = 1;
770ea81e 495
18e97c76
MT		 496 # Loop through the array which stores the files.
497 foreach my $file (@ISP_nameserver_files) {
498 # Grab the address of the nameserver.
499 my $address = &General::grab_address_from_file($file);
500
501 # Check if we got an address.
502 if ($address) {
503 # Add the address to the hash of nameservers.
504 $dns_servers{$id} = [ "$address", "none",
505 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
506 "$Lang::tr{'dns isp assigned nameserver'}" ];
507
508 # Increase id by one.
509 $id++;
510 }
511 }
512
513 # Check some DNS servers have been configured. In this case
514 # the hash contains at least one key.
515 my $server_amount;
516 if (keys %dns_servers) {
517 # Sort the keys by their ID and store them in an array.
518 my @keys = sort { $a <=> $b } keys %dns_servers;
519
520 print <<END;
770ea81e
SS		 521 <br>
522
24d7c5ef
SS		 523 <table class="tbl" width='100%'>
524 <tr>
525 <td align="center">
526 <strong>$Lang::tr{'nameserver'}</strong>
527 </td>
528
529 <td align="center">
530 <strong>$Lang::tr{'country'}</strong>
531 </td>
532
533 <td align="center">
534 <strong>$Lang::tr{'rdns'}</strong>
535 </td>
536
537 <td align="center">
538 <strong>$Lang::tr{'remark'}</strong>
539 </td>
43140993 540END
18e97c76
MT		 541
542 # Check if the status should be displayed.
543 if ($check_servers) {
544 print <<END;
24d7c5ef
SS		 545 <td align="center">
546 <strong>$Lang::tr{'status'}</strong>
547 </td>
43140993 548END
18e97c76 549 }
43140993 550
18e97c76 551 print <<END;
e0639d80 552
24d7c5ef
SS		 553 <td align="center" colspan="3">
554 <strong>$Lang::tr{'action'}</strong>
555 </td>
556 </tr>
830f6177 557END
24d7c5ef
SS		 558
559 # Loop through all entries of the array/hash.
560 foreach my $id (@keys) {
561 # Inrease server_amount.
562 $server_amount++;
563
564 # Assign data array positions to some nice variable names.
565 my $nameserver = $dns_servers{$id}[0];
566 my $tls_hostname = $dns_servers{$id}[1];
567 my $enabled = $dns_servers{$id}[2];
568 my $remark = $dns_servers{$id}[3];
569
570 my $col = '';
571 my $toggle = '';
572 my $gif = '';
573 my $gdesc = '';
574 my $notice = "";
575
576 # Colorize columns.
577 if ($server_amount % 2) {
578 $col="bgcolor='$color{'color22'}'"; }
579 else {
580 $col="bgcolor='$color{'color20'}'";
581 }
582
583 if ($enabled eq 'enabled') {
584 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
585 } else {
586 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
587 }
588
589 my $status;
590 my $status_short;
591 my $status_message;
592 my $status_colour;
593
594 # Only grab the status if the nameserver is enabled.
43140993 595 if (($check_servers) && ($enabled eq "enabled")) {
24d7c5ef
SS		 596 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
597 }
598
a25dcda2 599 if (!defined $status) {
24d7c5ef
SS		 600 $status_short = "$Lang::tr{'disabled'}";
601
602 # DNSSEC Not supported
603 } elsif ($status eq 0) {
604 $status_short = "$Lang::tr{'broken'}";
605 $status_message = $Lang::tr{'dnssec not supported'};
606 $status_colour = ${Header::colourred};
607
608 # DNSSEC Aware
609 } elsif ($status eq 1) {
610 $status_short = "$Lang::tr{'not validating'}";
611 $status_message = $Lang::tr{'dnssec aware'};
612 $status_colour = ${Header::colourblack};
613
614 # DNSSEC Validating
615 } elsif ($status eq 2) {
616 $status_short = "$Lang::tr{'ok'}";
617 $status_message = $Lang::tr{'dnssec validating'};
618 $status_colour = ${Header::colourgreen};
619
620 # Error
621 } else {
622 $status_short = "$Lang::tr{'error'}";
623 $status_message = $status;
624 $status_colour = ${Header::colourred};
625 }
626
4346cb66 627 # collect more information about name server (rDNS, country code)
07e42be9 628 my $ccode = &Location::Functions::lookup_country_code($nameserver);
4346cb66 629 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
24d7c5ef 630
25dda4a0
SS		 631 my $rdns;
632
633 # Only do the reverse lookup if the system is online.
f03f3429 634 if ($dns_working) {
25dda4a0
SS		 635 my $iaddr = inet_aton($nameserver);
636 $rdns = gethostbyaddr($iaddr, AF_INET);
637 }
24d7c5ef 638
358e42ff 639 if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; }
24d7c5ef 640
77c7a94c
MT		 641 # Mark ISP name servers as disabled
642 if ($id <= 2 && $enabled eq "disabled") {
643 $nameserver = "<del>$nameserver</del>";
644 }
645
24d7c5ef
SS		 646print <<END;
647 <tr>
648 <td align="center" $col>
649 $nameserver
650 </td>
651
652 <td align="center" $col>
653 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
654 </td>
655
656 <td align="center" $col>
657 $rdns
658 </td>
659
660 <td align="center" $col>
661 $remark
662 </td>
830f6177 663END
24d7c5ef 664;
43140993
SS		 665 # Display server status if requested.
666 if ($check_servers) {
667print <<END
668 <td align="center" $col>
669 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
670 </td>
671END
672;
673 }
674
24d7c5ef
SS		 675 # Check if the id is greater than "2".
676 #
677 # Nameservers with an ID's of one or two are ISP assigned,
678 # and we cannot perform any actions on them, so hide the tools for
679 # them.
19602b68 680 if ($id > 2) {
24d7c5ef
SS		 681
682print <<END;
683 <td align='center' width='5%' $col>
684 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
685 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
686 <input type='hidden' name='ID' value='$id' />
687 <input type='hidden' name='ENABLE' value='$toggle' />
688 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
689 </form>
690 </td>
691
692 <td align='center' width='5%' $col>
693 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
694 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
695 <input type='hidden' name='ID' value='$id' />
696 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
697 </form>
698 </td>
699
700 <td align='center' width='5%' $col>
701 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
702 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
703 <input type='hidden' name='ID' value='$id' />
704 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
705 </form>
706 </td>
830f6177 707END
24d7c5ef
SS		 708;
709 } else {
710 print "<td colspan='3' $col>&nbsp;</td>\n";
711 }
712
713
714 print"</tr>\n";
715
716 }
717
718 print"</table>\n";
719
720 print"<table width='100%'>\n";
721
722 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
19602b68 723 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
24d7c5ef
SS		 724print <<END;
725 <tr>
726 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
727 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
728 <td class='base'>$Lang::tr{'click to disable'}</td>
729 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
730 <td class='base'>$Lang::tr{'click to enable'}</td>
731 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
732 <td class='base'>$Lang::tr{'edit'}</td>
733 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
734 <td class='base'>$Lang::tr{'remove'}</td>
735 </tr>
830f6177 736END
24d7c5ef
SS		 737;
738 }
739print <<END;
740 <tr>
741 <form method="post" action="$ENV{'SCRIPT_NAME'}">
43140993
SS		 742 <td colspan="9" align="right">
743 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
744 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
745 </td>
24d7c5ef
SS		 746 </form>
747 </tr>
748 </table>
830f6177 749END
24d7c5ef 750;
24d7c5ef 751 } else {
351ad526 752 print <<END;
24d7c5ef 753 <table width="100%">
24d7c5ef
SS		 754 <tr>
755 <form method="post" action="$ENV{'SCRIPT_NAME'}">
756 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
757 </form>
758 </tr>
759 </table>
830f6177 760END
24d7c5ef
SS		 761 }
762
763 &Header::closebox();
830f6177 764}
24d7c5ef
SS		 765
766###
767# Section to display the add or edit subpage.
768#
769sub show_add_edit_nameserver() {
770 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
771
772 my $buttontext = $Lang::tr{'save'};
773 my $dnssec_checked;
774 my $dot_checked;
775 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
776 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
777
778 # Update button text for upate the existing entry.
779 $buttontext = $Lang::tr{'update'};
780
781 # Add hidden input for sending ID.
782 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
783
784 # Check if an ID has been given.
785 if ($cgiparams{'ID'}) {
786 # Assign cgiparams values.
787 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
788 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
789 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
790 }
791 } else {
792 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
793 }
794
f10fb4bf
SS		 795 my $tls_required_image;
796
797 # If the protocol is TLS, dispaly the required image.
798 if ($settings{'PROTO'} eq "TLS") {
799 $tls_required_image = "<img src='/blob.gif' alt='*'>";
800 }
801
24d7c5ef
SS		 802 # Add hidden input to store the mode.
803 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
804
805print <<END
806 <table width='100%'>
807 <tr>
808 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
809 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
810 </tr>
f10fb4bf
SS		 811
812
24d7c5ef 813 <tr>
f10fb4bf 814 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
24d7c5ef
SS		 815 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
816 </tr>
24d7c5ef 817
e0639d80 818
24d7c5ef
SS		 819 <tr>
820 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
821 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
822 </tr>
823 </table>
824
825 <br>
826 <hr>
827
828 <table width='100%'>
829 <tr>
830 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
831 <td width='40%' align='right'>
832 <input type="submit" name="SERVERS" value="$buttontext">
833 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
834 </td>
835 </tr>
836 </table>
e0639d80
JPT		 837END
838;
839
24d7c5ef
SS		 840 &Header::closebox();
841 print "</form>\n";
e0639d80 842
24d7c5ef
SS		 843 &Header::closebox();
844}
e0639d80 845
719db1cd
SS		 846# Private function to handle the restart of unbound and more.
847sub _handle_unbound_and_more () {
8fbb12f1
SS		 848 # Check if the IDS is running.
849 if(&IDS::ids_is_running()) {
850 # Re-generate the file which contains the DNS Server
851 # details.
852 &IDS::generate_dns_servers_file();
853
854 # Call suricatactrl to perform a reload.
855 &IDS::call_suricatactrl("restart");
856 }
80bed581 857 # Restart unbound
8a1e6afe 858 &General::system('/usr/local/bin/unboundctrl', 'reload');
719db1cd
SS		 859}
860
f36855fe
SS		 861# Check if the system is online (RED is connected).
862sub red_is_active () {
863 # Check if the "active" file is present.
864 if ( -f "${General::swroot}/red/active") {
865 # Return "1" - True.
866 return 1;
867 } else {
868 # Return nothing - False.
869 return;
870 }
871}
872
24d7c5ef 873# Function to check a given nameserver against propper work.
38f51465
MT		 874sub check_nameserver($$$$$) {
875 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
24d7c5ef 876
70187da6
SS		 877 # Check if the system is online.
878 unless (&red_is_active()) {
879 return "$Lang::tr{'system is offline'}";
880 }
881
24d7c5ef 882 # Default values.
3a5866ac 883 my @command = ("kdig", "+dnssec",
38f51465 884 "+bufsize=1232", @args);
24d7c5ef
SS		 885
886 # Handle different protols.
887 if ($proto eq "TCP") {
888 # Add TCP switch to the command.
889 push(@command, "+tcp");
890
891 } elsif($proto eq "TLS") {
892 # Add TLS switch to the command and provide the
893 # path to our file which contains the ca certs.
894 push(@command, "+tls-ca=$ca_certs_file");
895
896 # Check if a TLS hostname has been provided.
897 if ($tls_hostname) {
898 # Add TLS hostname to the command.
899 push(@command, "+tls-hostname=$tls_hostname");
900 } else {
901 return "$Lang::tr{'dns no tls hostname given'}";
902 }
903 }
904
905 # Add record to the command array.
906 push(@command, "$record");
907
908 # Add nameserver to the command array.
909 push(@command, "\@$nameserver");
910
911 # Connect to STDOUT and STDERR.
912 push(@command, "2>&1");
913
914 my @output = qx(@command);
915 my $output = join("", @output);
916
917 my $status = 0;
24d7c5ef
SS		 918
919 if ($output =~ m/status: (\w+)/) {
920 $status = ($1 eq "NOERROR");
921
922 if (!$status) {
923 return -1;
924 }
984f14bd
MT		 925 } else {
926 my $warning;
927
928 while ($output =~ m/WARNING: (.*)/g) {
929 # Add the current grabbed warning to the warning string.
930 $warning .= "$1\; ";
931 }
932
933 # Return the warning string, if we grabbed at least one.
934 if ($warning) {
935 return $warning;
936 }
24d7c5ef
SS		 937 }
938
939 my @flags = ();
940 if ($output =~ m/Flags: (.*);/) {
941 @flags = split(/ /, $1);
942 }
943
944 my $aware = ($output =~ m/RRSIG/);
71471d9b 945 my $validating = (grep(/ad;/, @flags));
24d7c5ef
SS		 946
947 return $aware + $validating;
948}
Peter's tree of IPFire 2.x