]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/dns.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
IPsec: Allow sending DNS server addresses to RW clients
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / dns.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2020 IPFire Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 use strict;
23 use IO::Socket;
24
25 # enable only the following on debugging purpose
26 #use warnings;
27 #use CGI::Carp 'fatalsToBrowser';
28
29 require '/var/ipfire/general-functions.pl';
30 require "${General::swroot}/location-functions.pl";
31 require "${General::swroot}/ids-functions.pl";
32 require "${General::swroot}/lang.pl";
33 require "${General::swroot}/header.pl";
34
35 #workaround to suppress a warning when a variable is used only once
36 my @dummy = ( ${Header::colouryellow} );
37 undef (@dummy);
38
39 my %cgiparams=();
40 my %checked=();
41 my %selected=();
42 my $errormessage = '';
43
44 # Config file which stores the DNS settings.
45 my $settings_file = "${General::swroot}/dns/settings";
46
47 # File which stores the configured DNS-Servers.
48 my $servers_file = "${General::swroot}/dns/servers";
49
50 # Create files if the does not exist.
51 unless (-f $settings_file) { system("touch $settings_file") };
52 unless (-f $servers_file) { system("touch $servers_file") };
53
54 # File which stores the ISP assigned DNS servers.
55 my @ISP_nameserver_files = ( "/var/run/dns1", "/var/run/dns2" );
56
57 # File which contains the ca-certificates.
58 my $ca_certs_file = "/etc/ssl/certs/ca-bundle.crt";
59
60 # Server which is used, to determine if the whole DNS system works properly.
61 my $dns_test_server = "ping.ipfire.org";
62
63 my $check_servers;
64
65 my %color = ();
66 my %mainsettings = ();
67 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
68 &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
69
70 &Header::showhttpheaders();
71 &Header::getcgihash(\%cgiparams);
72
73 ##
74 # Save general settings.
75 #
76 if ($cgiparams{'GENERAL'} eq $Lang::tr{'save'}) {
77 # Prevent form name from been stored in conf file.
78 delete $cgiparams{'GENERAL'};
79
80 # Add value for non-checked checkbox.
81 if ($cgiparams{'USE_ISP_NAMESERVERS'} ne "on") {
82 $cgiparams{'USE_ISP_NAMESERVERS'} = "off";
83 }
84
85 # Add value for non-checked checkbox.
86 if ($cgiparams{'ENABLE_SAFE_SEARCH'} ne "on") {
87 $cgiparams{'ENABLE_SAFE_SEARCH'} = "off";
88 }
89
90 if ($cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} ne "on") {
91 $cgiparams{'ENABLE_SAFE_SEARCH_YOUTUBE'} = "off";
92 }
93
94 # Check if using ISP nameservers and TLS is enabled at the same time.
95 if (($cgiparams{'USE_ISP_NAMESERVERS'} eq "on") && ($cgiparams{'PROTO'} eq "TLS")) {
96 $errormessage = $Lang::tr{'dns isp nameservers and tls not allowed'}
97 }
98
99 # Check if there was an error.
100 if ( ! $errormessage) {
101
102 # Store settings into settings file.
103 &General::writehash("$settings_file", \%cgiparams);
104
105 # Call function to handle unbound restart, etc.
106 &_handle_unbound_and_more()
107 }
108 }
109
110 ###
111 # Add / Edit entries.
112 #
113 if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $Lang::tr{'update'})) {
114 # Hash to store the generic DNS settings.
115 my %settings = ();
116
117 # Read-in generic settings.
118 &General::readhash("$settings_file", \%settings);
119
120 # Check if an IP-address has been given.
121 if ($cgiparams{"NAMESERVER"} eq "") {
122 $errormessage = "$Lang::tr{'dns no address given'}";
123 }
124
125 # Check if the given DNS server is valid.
126 elsif(!&General::validip($cgiparams{"NAMESERVER"})) {
127 $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
128 }
129
130 # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
131 elsif($settings{'PROTO'} eq "TLS") {
132 unless($cgiparams{"TLS_HOSTNAME"}) {
133 $errormessage = "$Lang::tr{'dns no tls hostname given'}";
134 } else {
135 # Check if the provided domain is valid.
136 unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
137 $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
138 }
139 }
140 }
141
142 # Go further if there was no error.
143 if ( ! $errormessage) {
144 # Check if a remark has been entered.
145 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
146
147 my %dns_servers = ();
148 my $id;
149 my $status;
150
151 # Read-in configfile.
152 &General::readhasharray($servers_file, \%dns_servers);
153
154 # Check if we should edit an existing entry and got an ID.
155 if (($cgiparams{'SERVERS'} eq $Lang::tr{'update'}) && ($cgiparams{'ID'})) {
156 # Assin the provided id.
157 $id = $cgiparams{'ID'};
158
159 # Undef the given ID.
160 undef($cgiparams{'ID'});
161
162 # Grab the configured status of the corresponding entry.
163 $status = $dns_servers{$id}[2];
164 } else {
165 # Each newly added entry automatically should be enabled.
166 $status = "enabled";
167
168 # Generate the ID for the new entry.
169 #
170 # Sort the keys by their ID and store them in an array.
171 my @keys = sort { $a <=> $b } keys %dns_servers;
172
173 # Reverse the key array.
174 my @reversed = reverse(@keys);
175
176 # Obtain the last used id.
177 my $last_id = @reversed[0];
178
179 # Increase the last id by one and use it as id for the new entry.
180 $id = ++$last_id;
181
182 # The first allowed id is 3 to keep space for
183 # possible ISP assigned DNS servers.
184 if ($id <= "2") {
185 $id = "3";
186 }
187 }
188
189 # Add/Modify the entry to/in the dns_servers hash.
190 $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
191
192 # Write the changed hash to the config file.
193 &General::writehasharray($servers_file, \%dns_servers);
194
195 # Call function to handle unbound restart, etc.
196 &_handle_unbound_and_more();
197 } else {
198 # Switch back to previous mode.
199 $cgiparams{'SERVERS'} = $cgiparams{'MODE'};
200 }
201 ###
202 # Toggle enable / disable.
203 #
204 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'toggle enable disable'}) {
205 my %dns_servers = ();
206
207 # Only go further, if an ID has been passed.
208 if ($cgiparams{'ID'}) {
209 # Assign the given ID.
210 my $id = $cgiparams{'ID'};
211
212 # Undef the given ID.
213 undef($cgiparams{'ID'});
214
215 # Read-in configfile.
216 &General::readhasharray($servers_file, \%dns_servers);
217
218 # Grab the configured status of the corresponding entry.
219 my $status = $dns_servers{$id}[2];
220
221 # Switch the status.
222 if ($status eq "disabled") {
223 $status = "enabled";
224 } else {
225 $status = "disabled";
226 }
227
228 # Modify the status of the existing entry.
229 $dns_servers{$id} = ["$dns_servers{$id}[0]", "$dns_servers{$id}[1]", "$status", "$dns_servers{$id}[3]"];
230
231 # Write the changed hash back to the config file.
232 &General::writehasharray($servers_file, \%dns_servers);
233
234 # Call function to handle unbound restart, etc.
235 &_handle_unbound_and_more();
236 }
237
238 ## Remove entry from DNS servers list.
239 #
240 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'remove'}) {
241 my %dns_servers = ();
242
243 # Read-in configfile.
244 &General::readhasharray($servers_file, \%dns_servers);
245
246 # Drop entry from the hash.
247 delete($dns_servers{$cgiparams{'ID'}});
248
249 # Undef the given ID.
250 undef($cgiparams{'ID'});
251
252 # Write the changed hash to the config file.
253 &General::writehasharray($servers_file, \%dns_servers);
254
255 # Call function to handle unbound restart, etc.
256 &_handle_unbound_and_more();
257
258 ## Handle request to check the servers.
259 #
260 } elsif ($cgiparams{'SERVERS'} eq $Lang::tr{'dns check servers'}) {
261 $check_servers = 1;
262 }
263
264 # Hash to store the generic DNS settings.
265 my %settings = ();
266 $settings{"ENABLE_SAFE_SEARCH_YOUTUBE"} = "on";
267
268 # Read-in general DNS settings.
269 &General::readhash("$settings_file", \%settings);
270
271 # Hash which contains the configured DNS servers.
272 my %dns_servers = ();
273
274 # Read-in config file.
275 &General::readhasharray("$servers_file", \%dns_servers);
276
277 &Header::openpage($Lang::tr{'dns title'}, 1, '');
278
279 &Header::openbigbox('100%', 'left', '', $errormessage);
280
281 ###
282 # Error messages layout.
283 #
284 if ($errormessage) {
285 &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
286 print "<class name='base'>$errormessage\n";
287 print "&nbsp;</class>\n";
288 &Header::closebox();
289 }
290
291 # Handle if a nameserver should be added or edited.
292 if (($cgiparams{'SERVERS'} eq "$Lang::tr{'add'}") || ($cgiparams{'SERVERS'} eq "$Lang::tr{'edit'}")) {
293 # Display the sub page.
294 &show_add_edit_nameserver();
295
296 # Close webpage.
297 &Header::closebigbox();
298 &Header::closepage();
299
300 # Finished here for the moment.
301 exit(0);
302 }
303
304 $cgiparams{'GENERAL'} = '';
305 $cgiparams{'SERVERS'} = '';
306 $cgiparams{'NAMESERVER'} = '';
307 $cgiparams{'TLS_HOSTNAME'} = '';
308 $cgiparams{'REMARK'} ='';
309
310 $checked{'USE_ISP_NAMESERVERS'}{'off'} = '';
311 $checked{'USE_ISP_NAMESERVERS'}{'on'} = '';
312 $checked{'USE_ISP_NAMESERVERS'}{$settings{'USE_ISP_NAMESERVERS'}} = "checked='checked'";
313
314 $checked{'ENABLE_SAFE_SEARCH'}{'off'} = '';
315 $checked{'ENABLE_SAFE_SEARCH'}{'on'} = '';
316 $checked{'ENABLE_SAFE_SEARCH'}{$settings{'ENABLE_SAFE_SEARCH'}} = "checked='checked'";
317
318 $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'off'} = '';
319 $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'} = '';
320 $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{$settings{'ENABLE_SAFE_SEARCH_YOUTUBE'}} = "checked='checked'";
321
322 $selected{'PROTO'}{'UDP'} = '';
323 $selected{'PROTO'}{'TLS'} = '';
324 $selected{'PROTO'}{'TCP'} = '';
325 $selected{'PROTO'}{$settings{'PROTO'}} = "selected='selected'";
326
327 $selected{'QNAME_MIN'}{'standard'} = '';
328 $selected{'QNAME_MIN'}{'strict'} = '';
329 $selected{'QNAME_MIN'}{$settings{'QNAME_MIN'}} = "selected='selected'";
330
331 # Display nameserver and configuration sections.
332 &show_nameservers();
333 &show_general_dns_configuration();
334
335 &Header::closebigbox();
336 &Header::closepage();
337
338 ###
339 # General DNS-Servers sektion.
340 #
341 sub show_general_dns_configuration () {
342 &Header::openbox('100%', 'center', "$Lang::tr{'dns configuration'}");
343
344 print <<END;
345 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
346 <table width="100%">
347 <tr>
348 <td width="33%">
349 $Lang::tr{'dns use isp assigned nameservers'}
350 </td>
351
352 <td>
353 <input type="checkbox" name="USE_ISP_NAMESERVERS" $checked{'USE_ISP_NAMESERVERS'}{'on'}>
354 </td>
355 </tr>
356
357 <tr>
358 <td colspan="2">
359 <br>
360 </td>
361 </tr>
362
363 <tr>
364 <td width="33%">
365 $Lang::tr{'dns use protocol for dns queries'}
366 </td>
367
368 <td>
369 <select name="PROTO">
370 <option value="UDP" $selected{'PROTO'}{'UDP'}>UDP</option>
371 <option value="TLS" $selected{'PROTO'}{'TLS'}>TLS</option>
372 <option value="TCP" $selected{'PROTO'}{'TCP'}>TCP</option>
373 </select>
374 </td>
375 </tr>
376
377 <tr>
378 <td colspan="2">
379 <br>
380 </td>
381 </tr>
382
383 <tr>
384 <td width="33%">
385 $Lang::tr{'dns enable safe-search'}
386 </td>
387
388 <td>
389 <input type="checkbox" name="ENABLE_SAFE_SEARCH" $checked{'ENABLE_SAFE_SEARCH'}{'on'}>
390 </td>
391 </tr>
392
393 <tr>
394 <td width="33%">
395 &raquo; $Lang::tr{'dns enable safe-search youtube'}
396 </td>
397
398 <td>
399 <input type="checkbox" name="ENABLE_SAFE_SEARCH_YOUTUBE" $checked{'ENABLE_SAFE_SEARCH_YOUTUBE'}{'on'}>
400 </td>
401 </tr>
402
403 <tr>
404 <td colspan="2">
405 <br>
406 </td>
407 </tr>
408
409 <tr>
410 <td width="33%">
411 $Lang::tr{'dns mode for qname minimisation'}
412 </td>
413
414 <td>
415 <select name="QNAME_MIN">
416 <option value="standard" $selected{'QNAME_MIN'}{'standard'}>$Lang::tr{'standard'}</option>
417 <option value="strict" $selected{'QNAME_MIN'}{'strict'}>$Lang::tr{'strict'}</option>
418 </select>
419 </td>
420 </tr>
421
422 <tr>
423 <td colspan="2" align="right">
424 <input type="submit" name="GENERAL" value="$Lang::tr{'save'}">
425 </td>
426 </tr>
427 </table>
428 </form>
429 END
430
431 &Header::closebox();
432 }
433
434 ###
435 # Section to display the configured and used DNS servers.
436 #
437 sub show_nameservers () {
438 &Header::openbox('100%', 'center', "$Lang::tr{'dns servers'}");
439
440 # Determine if we are running in recursor mode
441 my $recursor = 0;
442 my $unbound_forward = qx(unbound-control forward);
443 if ($unbound_forward =~ m/^off/) {
444 $recursor = 1;
445 }
446
447 my $dns_status_string;
448 my $dns_status_col;
449 my $dns_working;
450
451
452 # Test if the DNS system is working.
453 #
454 # Simple send a request to unbound and check if it can resolve the
455 # DNS test server.
456 my $dns_status_ret = &check_nameserver("127.0.0.1", "$dns_test_server", "UDP", undef, "+timeout=5", "+retry=0");
457
458 if ($dns_status_ret eq "2") {
459 $dns_status_string = "$Lang::tr{'working'}";
460 $dns_status_col = "${Header::colourgreen}";
461 $dns_working = 1;
462 } else {
463 $dns_status_string = "$Lang::tr{'broken'}";
464 $dns_status_col = "${Header::colourred}";
465 }
466
467 if ($recursor) {
468 $dns_status_string .= " (" . $Lang::tr{'dns recursor mode'} . ")";
469 }
470
471 print <<END;
472 <table width='100%'>
473 <tr>
474 <td>
475 <strong>$Lang::tr{'status'}:&nbsp;</strong>
476 <strong><font color='$dns_status_col'>$dns_status_string</font></strong>
477 </td>
478 </tr>
479 </table>
480 END
481
482 # Check the usage of ISP assigned nameservers is enabled.
483 my $id = 1;
484
485 # Loop through the array which stores the files.
486 foreach my $file (@ISP_nameserver_files) {
487 # Grab the address of the nameserver.
488 my $address = &General::grab_address_from_file($file);
489
490 # Check if we got an address.
491 if ($address) {
492 # Add the address to the hash of nameservers.
493 $dns_servers{$id} = [ "$address", "none",
494 ($settings{'USE_ISP_NAMESERVERS'} eq "on") ? "enabled" : "disabled",
495 "$Lang::tr{'dns isp assigned nameserver'}" ];
496
497 # Increase id by one.
498 $id++;
499 }
500 }
501
502 # Check some DNS servers have been configured. In this case
503 # the hash contains at least one key.
504 my $server_amount;
505 if (keys %dns_servers) {
506 # Sort the keys by their ID and store them in an array.
507 my @keys = sort { $a <=> $b } keys %dns_servers;
508
509 print <<END;
510 <br>
511
512 <table class="tbl" width='100%'>
513 <tr>
514 <td align="center">
515 <strong>$Lang::tr{'nameserver'}</strong>
516 </td>
517
518 <td align="center">
519 <strong>$Lang::tr{'country'}</strong>
520 </td>
521
522 <td align="center">
523 <strong>$Lang::tr{'rdns'}</strong>
524 </td>
525
526 <td align="center">
527 <strong>$Lang::tr{'remark'}</strong>
528 </td>
529 END
530
531 # Check if the status should be displayed.
532 if ($check_servers) {
533 print <<END;
534 <td align="center">
535 <strong>$Lang::tr{'status'}</strong>
536 </td>
537 END
538 }
539
540 print <<END;
541
542 <td align="center" colspan="3">
543 <strong>$Lang::tr{'action'}</strong>
544 </td>
545 </tr>
546 END
547
548 # Loop through all entries of the array/hash.
549 foreach my $id (@keys) {
550 # Inrease server_amount.
551 $server_amount++;
552
553 # Assign data array positions to some nice variable names.
554 my $nameserver = $dns_servers{$id}[0];
555 my $tls_hostname = $dns_servers{$id}[1];
556 my $enabled = $dns_servers{$id}[2];
557 my $remark = $dns_servers{$id}[3];
558
559 my $col = '';
560 my $toggle = '';
561 my $gif = '';
562 my $gdesc = '';
563 my $notice = "";
564
565 # Colorize columns.
566 if ($server_amount % 2) {
567 $col="bgcolor='$color{'color22'}'"; }
568 else {
569 $col="bgcolor='$color{'color20'}'";
570 }
571
572 if ($enabled eq 'enabled') {
573 $gif='on.gif'; $toggle='off'; $gdesc=$Lang::tr{'click to disable'};
574 } else {
575 $gif='off.gif'; $toggle='on'; $gdesc=$Lang::tr{'click to enable'};
576 }
577
578 my $status;
579 my $status_short;
580 my $status_message;
581 my $status_colour;
582
583 # Only grab the status if the nameserver is enabled.
584 if (($check_servers) && ($enabled eq "enabled")) {
585 $status = &check_nameserver("$nameserver", "ping.ipfire.org", "$settings{'PROTO'}", "$tls_hostname");
586 }
587
588 if (!defined $status) {
589 $status_short = "$Lang::tr{'disabled'}";
590
591 # DNSSEC Not supported
592 } elsif ($status eq 0) {
593 $status_short = "$Lang::tr{'broken'}";
594 $status_message = $Lang::tr{'dnssec not supported'};
595 $status_colour = ${Header::colourred};
596
597 # DNSSEC Aware
598 } elsif ($status eq 1) {
599 $status_short = "$Lang::tr{'not validating'}";
600 $status_message = $Lang::tr{'dnssec aware'};
601 $status_colour = ${Header::colourblack};
602
603 # DNSSEC Validating
604 } elsif ($status eq 2) {
605 $status_short = "$Lang::tr{'ok'}";
606 $status_message = $Lang::tr{'dnssec validating'};
607 $status_colour = ${Header::colourgreen};
608
609 # Error
610 } else {
611 $status_short = "$Lang::tr{'error'}";
612 $status_message = $status;
613 $status_colour = ${Header::colourred};
614 }
615
616 # collect more information about name server (rDNS, country code)
617 my $ccode = &Location::Functions::lookup_country_code($nameserver);
618 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
619
620 my $rdns;
621
622 # Only do the reverse lookup if the system is online.
623 if ($dns_working) {
624 my $iaddr = inet_aton($nameserver);
625 $rdns = gethostbyaddr($iaddr, AF_INET);
626 }
627
628 if (!$rdns) { $rdns = $Lang::tr{'ptr lookup failed'}; }
629
630 # Mark ISP name servers as disabled
631 if ($id <= 2 && $enabled eq "disabled") {
632 $nameserver = "<del>$nameserver</del>";
633 }
634
635 print <<END;
636 <tr>
637 <td align="center" $col>
638 $nameserver
639 </td>
640
641 <td align="center" $col>
642 <a href='country.cgi#$ccode'><img src="$flag_icon" border="0" alt="$ccode" title="$ccode" /></a>
643 </td>
644
645 <td align="center" $col>
646 $rdns
647 </td>
648
649 <td align="center" $col>
650 $remark
651 </td>
652 END
653 ;
654 # Display server status if requested.
655 if ($check_servers) {
656 print <<END
657 <td align="center" $col>
658 <strong><font color="$status_colour"><abbr title="$status_message">$status_short</abbr></font></strong>
659 </td>
660 END
661 ;
662 }
663
664 # Check if the id is greater than "2".
665 #
666 # Nameservers with an ID's of one or two are ISP assigned,
667 # and we cannot perform any actions on them, so hide the tools for
668 # them.
669 if ($id > 2) {
670
671 print <<END;
672 <td align='center' width='5%' $col>
673 <form method='post' name='frma$id' action='$ENV{'SCRIPT_NAME'}'>
674 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' title='$gdesc' alt='$gdesc' />
675 <input type='hidden' name='ID' value='$id' />
676 <input type='hidden' name='ENABLE' value='$toggle' />
677 <input type='hidden' name='SERVERS' value='$Lang::tr{'toggle enable disable'}' />
678 </form>
679 </td>
680
681 <td align='center' width='5%' $col>
682 <form method='post' name='frmb$id' action='$ENV{'SCRIPT_NAME'}'>
683 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' title='$Lang::tr{'edit'}' alt='$Lang::tr{'edit'}' />
684 <input type='hidden' name='ID' value='$id' />
685 <input type='hidden' name='SERVERS' value='$Lang::tr{'edit'}' />
686 </form>
687 </td>
688
689 <td align='center' width='5%' $col>
690 <form method='post' name='frmc$id' action='$ENV{'SCRIPT_NAME'}'>
691 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' title='$Lang::tr{'remove'}' alt='$Lang::tr{'remove'}' />
692 <input type='hidden' name='ID' value='$id' />
693 <input type='hidden' name='SERVERS' value='$Lang::tr{'remove'}' />
694 </form>
695 </td>
696 END
697 ;
698 } else {
699 print "<td colspan='3' $col>&nbsp;</td>\n";
700 }
701
702
703 print"</tr>\n";
704
705 }
706
707 print"</table>\n";
708
709 print"<table width='100%'>\n";
710
711 # Check if the usage of the ISP nameservers is enabled and there are more than 2 servers.
712 if (($settings{'USE_ISP_NAMESERVERS'} eq "on") && ($server_amount > 2)) {
713 print <<END;
714 <tr>
715 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
716 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
717 <td class='base'>$Lang::tr{'click to disable'}</td>
718 <td>&nbsp; &nbsp; <img src='/images/off.gif' alt='$Lang::tr{'click to enable'}' /></td>
719 <td class='base'>$Lang::tr{'click to enable'}</td>
720 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
721 <td class='base'>$Lang::tr{'edit'}</td>
722 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
723 <td class='base'>$Lang::tr{'remove'}</td>
724 </tr>
725 END
726 ;
727 }
728 print <<END;
729 <tr>
730 <form method="post" action="$ENV{'SCRIPT_NAME'}">
731 <td colspan="9" align="right">
732 <input type="submit" name="SERVERS" value="$Lang::tr{'add'}">
733 <input type="submit" name="SERVERS" value="$Lang::tr{'dns check servers'}">
734 </td>
735 </form>
736 </tr>
737 </table>
738 END
739 ;
740 } else {
741 print <<END;
742 <table width="100%">
743 <tr>
744 <form method="post" action="$ENV{'SCRIPT_NAME'}">
745 <td colspan="6" align="right"><input type="submit" name="SERVERS" value="$Lang::tr{'add'}"></td>
746 </form>
747 </tr>
748 </table>
749 END
750 }
751
752 &Header::closebox();
753 }
754
755 ###
756 # Section to display the add or edit subpage.
757 #
758 sub show_add_edit_nameserver() {
759 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n";
760
761 my $buttontext = $Lang::tr{'save'};
762 my $dnssec_checked;
763 my $dot_checked;
764 if ($cgiparams{'SERVERS'} eq $Lang::tr{'edit'}) {
765 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward edit an entry'});
766
767 # Update button text for upate the existing entry.
768 $buttontext = $Lang::tr{'update'};
769
770 # Add hidden input for sending ID.
771 print"<input type='hidden' name='ID' value='$cgiparams{'ID'}'>\n";
772
773 # Check if an ID has been given.
774 if ($cgiparams{'ID'}) {
775 # Assign cgiparams values.
776 $cgiparams{'NAMESERVER'} = $dns_servers{$cgiparams{'ID'}}[0];
777 $cgiparams{'TLS_HOSTNAME'} = $dns_servers{$cgiparams{'ID'}}[1];
778 $cgiparams{'REMARK'} = $dns_servers{$cgiparams{'ID'}}[3];
779 }
780 } else {
781 &Header::openbox('100%', 'left', $Lang::tr{'dnsforward add a new entry'});
782 }
783
784 my $tls_required_image;
785
786 # If the protocol is TLS, dispaly the required image.
787 if ($settings{'PROTO'} eq "TLS") {
788 $tls_required_image = "<img src='/blob.gif' alt='*'>";
789 }
790
791 # Add hidden input to store the mode.
792 print "<input type='hidden' name='MODE' value='$cgiparams{'SERVERS'}'>\n";
793
794 print <<END
795 <table width='100%'>
796 <tr>
797 <td width='20%' class='base'>$Lang::tr{'ip address'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
798 <td><input type='text' name='NAMESERVER' value='$cgiparams{"NAMESERVER"}' size='24' /></td>
799 </tr>
800
801
802 <tr>
803 <td width='20%' class='base'>$Lang::tr{'dns tls hostname'}:&nbsp;$tls_required_image</td>
804 <td><input type='text' name='TLS_HOSTNAME' value='$cgiparams{'TLS_HOSTNAME'}' size='24'></td>
805 </tr>
806
807
808 <tr>
809 <td width ='20%' class='base'>$Lang::tr{'remark'}:</td>
810 <td><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='40' maxlength='50' /></td>
811 </tr>
812 </table>
813
814 <br>
815 <hr>
816
817 <table width='100%'>
818 <tr>
819 <td class='base' width='55%'><img src='/blob.gif' alt ='*' align='top' />&nbsp;$Lang::tr{'required field'}</td>
820 <td width='40%' align='right'>
821 <input type="submit" name="SERVERS" value="$buttontext">
822 <input type="submit" name="SERVERS" value="$Lang::tr{'back'}">
823 </td>
824 </tr>
825 </table>
826 END
827 ;
828
829 &Header::closebox();
830 print "</form>\n";
831
832 &Header::closebox();
833 }
834
835 # Private function to handle the restart of unbound and more.
836 sub _handle_unbound_and_more () {
837 # Check if the IDS is running.
838 if(&IDS::ids_is_running()) {
839 # Re-generate the file which contains the DNS Server
840 # details.
841 &IDS::generate_dns_servers_file();
842
843 # Call suricatactrl to perform a reload.
844 &IDS::call_suricatactrl("restart");
845 }
846 # Restart unbound
847 system('/usr/local/bin/unboundctrl reload >/dev/null');
848 }
849
850 # Check if the system is online (RED is connected).
851 sub red_is_active () {
852 # Check if the "active" file is present.
853 if ( -f "${General::swroot}/red/active") {
854 # Return "1" - True.
855 return 1;
856 } else {
857 # Return nothing - False.
858 return;
859 }
860 }
861
862 # Function to check a given nameserver against propper work.
863 sub check_nameserver($$$$$) {
864 my ($nameserver, $record, $proto, $tls_hostname, @args) = @_;
865
866 # Check if the system is online.
867 unless (&red_is_active()) {
868 return "$Lang::tr{'system is offline'}";
869 }
870
871 # Default values.
872 my @command = ("kdig", "+dnssec",
873 "+bufsize=1232", @args);
874
875 # Handle different protols.
876 if ($proto eq "TCP") {
877 # Add TCP switch to the command.
878 push(@command, "+tcp");
879
880 } elsif($proto eq "TLS") {
881 # Add TLS switch to the command and provide the
882 # path to our file which contains the ca certs.
883 push(@command, "+tls-ca=$ca_certs_file");
884
885 # Check if a TLS hostname has been provided.
886 if ($tls_hostname) {
887 # Add TLS hostname to the command.
888 push(@command, "+tls-hostname=$tls_hostname");
889 } else {
890 return "$Lang::tr{'dns no tls hostname given'}";
891 }
892 }
893
894 # Add record to the command array.
895 push(@command, "$record");
896
897 # Add nameserver to the command array.
898 push(@command, "\@$nameserver");
899
900 # Connect to STDOUT and STDERR.
901 push(@command, "2>&1");
902
903 my @output = qx(@command);
904 my $output = join("", @output);
905
906 my $status = 0;
907
908 if ($output =~ m/status: (\w+)/) {
909 $status = ($1 eq "NOERROR");
910
911 if (!$status) {
912 return -1;
913 }
914 } else {
915 my $warning;
916
917 while ($output =~ m/WARNING: (.*)/g) {
918 # Add the current grabbed warning to the warning string.
919 $warning .= "$1\; ";
920 }
921
922 # Return the warning string, if we grabbed at least one.
923 if ($warning) {
924 return $warning;
925 }
926 }
927
928 my @flags = ();
929 if ($output =~ m/Flags: (.*);/) {
930 @flags = split(/ /, $1);
931 }
932
933 my $aware = ($output =~ m/RRSIG/);
934 my $validating = (grep(/ad;/, @flags));
935
936 return $aware + $validating;
937 }
Peter's tree of IPFire 2.x