]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/dns.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
dns.cgi: restart suricata before unbound reload
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / dns.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2020 IPFire Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use IO::Socket;
24
25 # enable only the following on debugging purpose
26 #use warnings;
27 #use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/geoip-functions.pl";
31 require "${General::swroot}/ids-functions.pl";
32 require "${General::swroot}/lang.pl";
33 require "${General::swroot}/header.pl";
34
35 #workaround to suppress a warning when a variable is used only once
36 my @dummy = ( ${Header::colouryellow} );
37 undef (@dummy);
38
39 my %cgiparams=();
40 my %checked=();
41 my %selected=();
42 my $errormessage = '';
43
44 # Config file which stores the DNS settings.
45 my $settings_file = "${General::swroot}/dns/settings";
46
47 # File which stores the configured DNS-Servers.
48 my $servers_file = "${General::swroot}/dns/servers";
49
50 # Create files if the does not exist.
51 unless (-f $settings_file) { system("touch $settings_file") };
52 unless (-f $servers_file) { system("touch $servers_file") };
53
54 # File which stores the ISP assigned DNS servers.
55 my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
56
57 # File which contains the ca-certificates.
58 my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
60 # Server which is used, to determine if the whole DNS system works properly.
61 my $dns_test_server = "ping.ipfire.org";
62
63 my $check_servers;
64
65 my %color = ();
66 my %mainsettings = ();
67 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
68 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
69
70 &Header::showhttpheaders();
71 &Header::getcgihash(\%cgiparams);
72
73 ##
74 # Save general settings.
75 #
76 if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
79
80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
84
85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
89
90 # Check if using ISP nameservers and TLS is enabled at the same time.
91 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
92 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
93 }
94
95 # Check if there was an error.
96 if ( ! $errormessage) {
97
98 # Store settings into settings file.
99 &General::writehash("$settings_file", \%cgiparams);
100
101 # Call function to handle unbound restart, etc.
102 &_handle_unbound_and_more()
103 }
104 }
105
106 ###
107 # Add / Edit entries.
108 #
109 if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
110 # Hash to store the generic DNS settings.
111 my %settings = ();
112
113 # Read-in generic settings.
114 &General::readhash("$settings_file", \%settings);
115
116 # Check if an IP-address has been given.
117 if ($cgiparams{"NAMESERVER"} eq "") {
118 $errormessage = "$Lang::tr{'dns no address given'}";
119 }
120
121 # Check if the given DNS server is valid.
122 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
123 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
124 }
125
126 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
127 elsif($settings{'PROTO'} eq "TLS") {
128 unless($cgiparams{"TLS_HOSTNAME"}) {
129 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
130 } else {
131 # Check if the provided domain is valid.
132 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
133 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
134 }
135 }
136 }
137
138 # Go further if there was no error.
139 if ( ! $errormessage) {
140 # Check if a remark has been entered.
141 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
142
143 my %dns_servers = ();
144 my $id;
145 my $status;
146
147 # Read-in configfile.
148 &General::readhasharray($servers_file, \%dns_servers);
149
150 # Check if we should edit an existing entry and got an ID.
151 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
152 # Assin the provided id.
153 $id = $cgiparams{'ID'};
154
155 # Undef the given ID.
156 undef($cgiparams{'ID'});
157
158 # Grab the configured status of the corresponding entry.
159 $status = $dns_servers{$id}[2];
160 } else {
161 # Each newly added entry automatically should be enabled.
162 $status = "enabled";
163
164 # Generate the ID for the new entry.
165 #
166 # Sort the keys by their ID and store them in an array.
167 my @keys = sort { $a <=> $b } keys %dns_servers;
168
169 # Reverse the key array.
170 my @reversed = reverse(@keys);
171
172 # Obtain the last used id.
173 my $last_id = @reversed[0];
174
175 # Increase the last id by one and use it as id for the new entry.
176 $id = ++$last_id;
177
178 # The first allowed id is 3 to keep space for
179 # possible ISP assigned DNS servers.
180 if ($id <= "2") {
181 $id = "3";
182 }
183 }
184
185 # Add/Modify the entry to/in the dns_servers hash.
186 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
187
188 # Write the changed hash to the config file.
189 &General::writehasharray($servers_file, \%dns_servers);
190
191 # Call function to handle unbound restart, etc.
192 &_handle_unbound_and_more();
193 } else {
194 # Switch back to previous mode.
195 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
196 }
197 ###
198 # Toggle enable / disable.
199 #
200 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
201 my %dns_servers = ();
202
203 # Only go further, if an ID has been passed.
204 if ($cgiparams{'ID'}) {
205 # Assign the given ID.
206 my $id = $cgiparams{'ID'};
207
208 # Undef the given ID.
209 undef($cgiparams{'ID'});
210
211 # Read-in configfile.
212 &General::readhasharray($servers_file, \%dns_servers);
213
214 # Grab the configured status of the corresponding entry.
215 my $status = $dns_servers{$id}[2];
216
217 # Switch the status.
218 if ($status eq "disabled") {
219 $status = "enabled";
220 } else {
221 $status = "disabled";
222 }
223
224 # Modify the status of the existing entry.
225 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
226
227 # Write the changed hash back to the config file.
228 &General::writehasharray($servers_file, \%dns_servers);
229
230 # Call function to handle unbound restart, etc.
231 &_handle_unbound_and_more();
232 }
233
234 ## Remove entry from DNS servers list.
235 #
236 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
237 my %dns_servers = ();
238
239 # Read-in configfile.
240 &General::readhasharray($servers_file, \%dns_servers);
241
242 # Drop entry from the hash.
243 delete($dns_servers{$cgiparams{'ID'}});
244
245 # Undef the given ID.
246 undef($cgiparams{'ID'});
247
248 # Write the changed hash to the config file.
249 &General::writehasharray($servers_file, \%dns_servers);
250
251 # Call function to handle unbound restart, etc.
252 &_handle_unbound_and_more();
253
254 ## Handle request to check the servers.
255 #
256 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
257 $check_servers = 1;
258 }
259
260 # Hash to store the generic DNS settings.
261 my %settings = ();
262
263 # Read-in general DNS settings.
264 &General::readhash("$settings_file", \%settings);
265
266 # Hash which contains the configured DNS servers.
267 my %dns_servers = ();
268
269 # Read-in config file.
270 &General::readhasharray("$servers_file", \%dns_servers);
271
272 &Header::openpage($Lang::tr{'dns'}, 1, '');
273
274 &Header::openbigbox('100%', 'left', '', $errormessage);
275
276 ###
277 # Error messages layout.
278 #
279 if ($errormessage) {
280 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
281 print "<class name='base'>$errormessage\n";
282 print "&nbsp;</class>\n";
283 &Header::closebox();
284 }
285
286 # Handle if a nameserver should be added or edited.
287 if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
288 # Display the sub page.
289 &show_add_edit_nameserver();
290
291 # Close webpage.
292 &Header::closebigbox();
293 &Header::closepage();
294
295 # Finished here for the moment.
296 exit(0);
297 }
298
299 $cgiparams{'GENERAL'} = '';
300 $cgiparams{'SERVERS'} = '';
301 $cgiparams{'NAMESERVER'} = '';
302 $cgiparams{'TLS_HOSTNAME'} = '';
303 $cgiparams{'REMARK'} ='';
304
305 $checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
306 $checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
307 $checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
308
309 $checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
310 $checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
311 $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
312
313 $selected{'PROTO'}{'UDP'} = '';
314 $selected{'PROTO'}{'TLS'} = '';
315 $selected{'PROTO'}{'TCP'} = '';
316 $selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
317
318 $selected{'QNAME_MIN'}{'standard'} = '';
319 $selected{'QNAME_MIN'}{'strict'} = '';
320 $selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
321
322 # Display nameserver and configuration sections.
323 &show_nameservers();
324 &show_general_dns_configuration();
325
326 &Header::closebigbox();
327 &Header::closepage();
328
329 ###
330 # General DNS-Servers sektion.
331 #
332 sub show_general_dns_configuration () {
333 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
334
335 print <<END;
336 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
337 <table width="100%">
338 <tr>
339 <td width="33%">
340 $Lang::tr{'dns use isp assigned nameservers'}
341 </td>
342
343 <td>
344 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
345 </td>
346 </tr>
347
348 <tr>
349 <td colspan="2">
350 <br>
351 </td>
352 </tr>
353
354 <tr>
355 <td width="33%">
356 $Lang::tr{'dns use protocol for dns queries'}
357 </td>
358
359 <td>
360 <select name="PROTO">
361 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
362 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
363 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
364 </select>
365 </td>
366 </tr>
367
368 <tr>
369 <td colspan="2">
370 <br>
371 </td>
372 </tr>
373
374 <tr>
375 <td width="33%">
376 $Lang::tr{'dns enable safe-search'}
377 </td>
378
379 <td>
380 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
381 </td>
382 </tr>
383
384 <tr>
385 <td colspan="2">
386 <br>
387 </td>
388 </tr>
389
390 <tr>
391 <td width="33%">
392 $Lang::tr{'dns mode for qname minimisation'}
393 </td>
394
395 <td>
396 <select name="QNAME_MIN">
397 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
398 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
399 </select>
400 </td>
401 </tr>
402
403 <tr>
404 <td colspan="2" align="right">
405 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
406 </td>
407 </tr>
408 </table>
409 </form>
410 END
411
412 &Header::closebox();
413 }
414
415 ###
416 # Section to display the configured and used DNS servers.
417 #
418 sub show_nameservers () {
419 &Header::openbox('100%', 'center', "$Lang::tr{'dns title'}");
420
421 # Determine if we are running in recursor mode
422 my $recursor = 0;
423 my $unbound_forward = qx(unbound-control forward);
424 if ($unbound_forward =~ m/^off/) {
425 $recursor = 1;
426 }
427
428 my $dns_status_string;
429 my $dns_status_col;
430 my $dns_working;
431
432
433 # Test if the DNS system is working.
434 #
435 # Simple send a request to unbound and check if it can resolve the
436 # DNS test server.
437 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
438
439 if ($dns_status_ret eq "2") {
440 $dns_status_string = "$Lang::tr{'working'}";
441 $dns_status_col = "${Header::colourgreen}";
442 $dns_working = 1;
443 } else {
444 $dns_status_string = "$Lang::tr{'broken'}";
445 $dns_status_col = "${Header::colourred}";
446 }
447
448 if ($recursor) {
449 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
450 }
451
452 print <<END;
453 <table width='100%'>
454 <tr>
455 <td>
456 <strong>$Lang::tr{'status'}:&nbsp;</strong>
457 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
458 </td>
459 </tr>
460 </table>
461 END
462
463 # Check the usage of ISP assigned nameservers is enabled.
464 my $id = 1;
465
466 # Loop through the array which stores the files.
467 foreach my $file (@ISP_nameserver_files) {
468 # Grab the address of the nameserver.
469 my $address = &General::grab_address_from_file($file);
470
471 # Check if we got an address.
472 if ($address) {
473 # Add the address to the hash of nameservers.
474 $dns_servers{$id} = [ "$address", "none",
475 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
476 "$Lang::tr{'dns isp assigned nameserver'}" ];
477
478 # Increase id by one.
479 $id++;
480 }
481 }
482
483 # Check some DNS servers have been configured. In this case
484 # the hash contains at least one key.
485 my $server_amount;
486 if (keys %dns_servers) {
487 # Sort the keys by their ID and store them in an array.
488 my @keys = sort { $a <=> $b } keys %dns_servers;
489
490 print <<END;
491 <br>
492
493 <table class="tbl" width='100%'>
494 <tr>
495 <td align="center">
496 <strong>$Lang::tr{'nameserver'}</strong>
497 </td>
498
499 <td align="center">
500 <strong>$Lang::tr{'country'}</strong>
501 </td>
502
503 <td align="center">
504 <strong>$Lang::tr{'rdns'}</strong>
505 </td>
506
507 <td align="center">
508 <strong>$Lang::tr{'remark'}</strong>
509 </td>
510 END
511
512 # Check if the status should be displayed.
513 if ($check_servers) {
514 print <<END;
515 <td align="center">
516 <strong>$Lang::tr{'status'}</strong>
517 </td>
518 END
519 }
520
521 print <<END;
522
523 <td align="center" colspan="3">
524 <strong>$Lang::tr{'action'}</strong>
525 </td>
526 </tr>
527 END
528
529 # Loop through all entries of the array/hash.
530 foreach my $id (@keys) {
531 # Inrease server_amount.
532 $server_amount++;
533
534 # Assign data array positions to some nice variable names.
535 my $nameserver = $dns_servers{$id}[0];
536 my $tls_hostname = $dns_servers{$id}[1];
537 my $enabled = $dns_servers{$id}[2];
538 my $remark = $dns_servers{$id}[3];
539
540 my $col = '';
541 my $toggle = '';
542 my $gif = '';
543 my $gdesc = '';
544 my $notice = "";
545
546 # Colorize columns.
547 if ($server_amount % 2) {
548 $col="bgcolor='$color{'color22'}'"; }
549 else {
550 $col="bgcolor='$color{'color20'}'";
551 }
552
553 if ($enabled eq 'enabled') {
554 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
555 } else {
556 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
557 }
558
559 my $status;
560 my $status_short;
561 my $status_message;
562 my $status_colour;
563
564 # Only grab the status if the nameserver is enabled.
565 if (($check_servers) && ($enabled eq "enabled")) {
566 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
567 }
568
569 if (!defined $status) {
570 $status_short = "$Lang::tr{'disabled'}";
571
572 # DNSSEC Not supported
573 } elsif ($status eq 0) {
574 $status_short = "$Lang::tr{'broken'}";
575 $status_message = $Lang::tr{'dnssec not supported'};
576 $status_colour = ${Header::colourred};
577
578 # DNSSEC Aware
579 } elsif ($status eq 1) {
580 $status_short = "$Lang::tr{'not validating'}";
581 $status_message = $Lang::tr{'dnssec aware'};
582 $status_colour = ${Header::colourblack};
583
584 # DNSSEC Validating
585 } elsif ($status eq 2) {
586 $status_short = "$Lang::tr{'ok'}";
587 $status_message = $Lang::tr{'dnssec validating'};
588 $status_colour = ${Header::colourgreen};
589
590 # Error
591 } else {
592 $status_short = "$Lang::tr{'error'}";
593 $status_message = $status;
594 $status_colour = ${Header::colourred};
595 }
596
597 # collect more information about name server (rDNS, GeoIP country code)
598 my $ccode = &GeoIP::lookup($nameserver);
599 my $flag_icon = &GeoIP::get_flag_icon($ccode);
600
601 my $rdns;
602
603 # Only do the reverse lookup if the system is online.
604 if ($dns_working) {
605 my $iaddr = inet_aton($nameserver);
606 $rdns = gethostbyaddr($iaddr, AF_INET);
607 }
608
609 if (!$rdns) { $rdns = $Lang::tr{'lookup failed'}; }
610
611 # Mark ISP name servers as disabled
612 if ($id <= 2 && $enabled eq "disabled") {
613 $nameserver = "<del>$nameserver</del>";
614 }
615
616 print <<END;
617 <tr>
618 <td align="center" $col>
619 $nameserver
620 </td>
621
622 <td align="center" $col>
623 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
624 </td>
625
626 <td align="center" $col>
627 $rdns
628 </td>
629
630 <td align="center" $col>
631 $remark
632 </td>
633 END
634 ;
635 # Display server status if requested.
636 if ($check_servers) {
637 print <<END
638 <td align="center" $col>
639 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
640 </td>
641 END
642 ;
643 }
644
645 # Check if the id is greater than "2".
646 #
647 # Nameservers with an ID's of one or two are ISP assigned,
648 # and we cannot perform any actions on them, so hide the tools for
649 # them.
650 if ($id > 2) {
651
652 print <<END;
653 <td align='center' width='5%' $col>
654 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
655 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
656 <input type='hidden' name='ID' value='$id' />
657 <input type='hidden' name='ENABLE' value='$toggle' />
658 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
659 </form>
660 </td>
661
662 <td align='center' width='5%' $col>
663 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
664 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
665 <input type='hidden' name='ID' value='$id' />
666 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
667 </form>
668 </td>
669
670 <td align='center' width='5%' $col>
671 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
672 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
673 <input type='hidden' name='ID' value='$id' />
674 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
675 </form>
676 </td>
677 END
678 ;
679 } else {
680 print "<td colspan='3' $col>&nbsp;</td>\n";
681 }
682
683
684 print"</tr>\n";
685
686 }
687
688 print"</table>\n";
689
690 print"<table width='100%'>\n";
691
692 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
693 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
694 print <<END;
695 <tr>
696 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
697 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
698 <td class='base'>$Lang::tr{'click to disable'}</td>
699 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
700 <td class='base'>$Lang::tr{'click to enable'}</td>
701 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
702 <td class='base'>$Lang::tr{'edit'}</td>
703 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
704 <td class='base'>$Lang::tr{'remove'}</td>
705 </tr>
706 END
707 ;
708 }
709 print <<END;
710 <tr>
711 <form method="post" action="$ENV{'SCRIPT_NAME'}">
712 <td colspan="9" align="right">
713 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
714 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
715 </td>
716 </form>
717 </tr>
718 </table>
719 END
720 ;
721 } else {
722 print <<END;
723 <table width="100%">
724 <tr>
725 <form method="post" action="$ENV{'SCRIPT_NAME'}">
726 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
727 </form>
728 </tr>
729 </table>
730 END
731 }
732
733 &Header::closebox();
734 }
735
736 ###
737 # Section to display the add or edit subpage.
738 #
739 sub show_add_edit_nameserver() {
740 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
741
742 my $buttontext = $Lang::tr{'save'};
743 my $dnssec_checked;
744 my $dot_checked;
745 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
746 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
747
748 # Update button text for upate the existing entry.
749 $buttontext = $Lang::tr{'update'};
750
751 # Add hidden input for sending ID.
752 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
753
754 # Check if an ID has been given.
755 if ($cgiparams{'ID'}) {
756 # Assign cgiparams values.
757 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
758 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
759 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
760 }
761 } else {
762 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
763 }
764
765 my $tls_required_image;
766
767 # If the protocol is TLS, dispaly the required image.
768 if ($settings{'PROTO'} eq "TLS") {
769 $tls_required_image = "<img src='/blob.gif' alt='*'>";
770 }
771
772 # Add hidden input to store the mode.
773 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
774
775 print <<END
776 <table width='100%'>
777 <tr>
778 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
779 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
780 </tr>
781
782
783 <tr>
784 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
785 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
786 </tr>
787
788
789 <tr>
790 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
791 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
792 </tr>
793 </table>
794
795 <br>
796 <hr>
797
798 <table width='100%'>
799 <tr>
800 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
801 <td width='40%' align='right'>
802 <input type="submit" name="SERVERS" value="$buttontext">
803 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
804 </td>
805 </tr>
806 </table>
807 END
808 ;
809
810 &Header::closebox();
811 print "</form>\n";
812
813 &Header::closebox();
814 }
815
816 # Private function to handle the restart of unbound and more.
817 sub _handle_unbound_and_more () {
818 # Check if the IDS is running.
819 if(&IDS::ids_is_running()) {
820 # Re-generate the file which contains the DNS Server
821 # details.
822 &IDS::generate_dns_servers_file();
823
824 # Call suricatactrl to perform a reload.
825 &IDS::call_suricatactrl("restart");
826 }
827 # Restart unbound
828 system('/usr/local/bin/unboundctrl reload >/dev/null');
829 }
830
831 # Check if the system is online (RED is connected).
832 sub red_is_active () {
833 # Check if the "active" file is present.
834 if ( -f "${General::swroot}/red/active") {
835 # Return "1" - True.
836 return 1;
837 } else {
838 # Return nothing - False.
839 return;
840 }
841 }
842
843 # Function to check a given nameserver against propper work.
844 sub check_nameserver($$$$$) {
845 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
846
847 # Check if the system is online.
848 unless (&red_is_active()) {
849 return "$Lang::tr{'system is offline'}";
850 }
851
852 # Default values.
853 my @command = ("kdig", "+dnssec",
854 "+bufsize=1232", @args);
855
856 # Handle different protols.
857 if ($proto eq "TCP") {
858 # Add TCP switch to the command.
859 push(@command, "+tcp");
860
861 } elsif($proto eq "TLS") {
862 # Add TLS switch to the command and provide the
863 # path to our file which contains the ca certs.
864 push(@command, "+tls-ca=$ca_certs_file");
865
866 # Check if a TLS hostname has been provided.
867 if ($tls_hostname) {
868 # Add TLS hostname to the command.
869 push(@command, "+tls-hostname=$tls_hostname");
870 } else {
871 return "$Lang::tr{'dns no tls hostname given'}";
872 }
873 }
874
875 # Add record to the command array.
876 push(@command, "$record");
877
878 # Add nameserver to the command array.
879 push(@command, "\@$nameserver");
880
881 # Connect to STDOUT and STDERR.
882 push(@command, "2>&1");
883
884 my @output = qx(@command);
885 my $output = join("", @output);
886
887 my $status = 0;
888
889 if ($output =~ m/status: (\w+)/) {
890 $status = ($1 eq "NOERROR");
891
892 if (!$status) {
893 return -1;
894 }
895 } else {
896 my $warning;
897
898 while ($output =~ m/WARNING: (.*)/g) {
899 # Add the current grabbed warning to the warning string.
900 $warning .= "$1\; ";
901 }
902
903 # Return the warning string, if we grabbed at least one.
904 if ($warning) {
905 return $warning;
906 }
907 }
908
909 my @flags = ();
910 if ($output =~ m/Flags: (.*);/) {
911 @flags = split(/ /, $1);
912 }
913
914 my $aware = ($output =~ m/RRSIG/);
915 my $validating = (grep(/ad;/, @flags));
916
917 return $aware + $validating;
918 }
Peter's tree of IPFire 2.x