diff options
author | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 14:34:28 +0200 |
---|---|---|
committer | Martin Fuchs <martin.fuchs@trendchiller.com> | 2011-09-30 14:34:28 +0200 |
commit | ab7858145f9fca43afaa22791911ddfbbb997656 (patch) | |
tree | 4bb01d249327d244e9d0ca94befbec793d6d0a64 /config/unbound | |
parent | c635d9e80797e99c78db01f2023ad6607dd2c65b (diff) | |
parent | 4763db0d8ca282fc0e3d0165ba9804fae2e7aefe (diff) | |
download | pfsense-packages-ab7858145f9fca43afaa22791911ddfbbb997656.tar.gz pfsense-packages-ab7858145f9fca43afaa22791911ddfbbb997656.tar.bz2 pfsense-packages-ab7858145f9fca43afaa22791911ddfbbb997656.zip |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'config/unbound')
-rw-r--r-- | config/unbound/unbound.inc | 26 | ||||
-rw-r--r-- | config/unbound/unbound.xml | 6 | ||||
-rw-r--r-- | config/unbound/unbound_acls.php | 371 | ||||
-rw-r--r-- | config/unbound/unbound_advanced.xml | 2 | ||||
-rw-r--r-- | config/unbound/unbound_status.php | 2 |
5 files changed, 400 insertions, 7 deletions
diff --git a/config/unbound/unbound.inc b/config/unbound/unbound.inc index 001f05d7..afb3c0b7 100644 --- a/config/unbound/unbound.inc +++ b/config/unbound/unbound.inc @@ -200,7 +200,7 @@ function unbound_control($action) { unbound_ctl_exec("start"); /* Link dnsmasq.pid to prevent dhcpleases logging error */ if (!file_exists("/var/run/dnsmasq.pid")) - mwexec("/bin/ln -s /var/run/dnsmasq.pid /var/run/unbound.pid"); + mwexec("/bin/ln -s /var/run/unbound.pid /var/run/dnsmasq.pid"); fetch_root_hints(); } break; @@ -311,6 +311,8 @@ function unbound_acls_config() { foreach($unbound_acls as $unbound_acl){ $unboundcfg .= "#{$unbound_acl['aclname']}\n"; foreach($unbound_acl['row'] as $network) { + if ($unbound_acl['aclaction'] == "allow snoop") + $unbound_acl['aclaction'] = "allow_snoop"; $unboundcfg .= "access-control: {$network['acl_network']}/{$network['mask']} {$unbound_acl['aclaction']}\n"; } } @@ -526,7 +528,7 @@ function unbound_ctl_exec($cmd) { function unbound_optimization() { global $config; - $unbound_config = $config['installedpackages']['unbound']['config'][0]; + $unbound_config = $config['installedpackages']['unboundadvanced']['config'][0]; $optimization_settings = array(); // Set the number of threads equal to number of CPUs. @@ -861,4 +863,24 @@ function unbound_add_domain_overrides($pvt=false) { } } +function unbound_acl_id_used($id) { + global $config; + + if (is_array($config['installedpackages']['unboundacls']['config'])) + foreach ($config['installedpackages']['unboundacls']['config'] as & $acls) + if ($id == $acls['aclid']) + return true; + + return false; +} + +function unbound_get_next_id() { + + $aclid = 0; + while(unbound_acl_id_used($aclid)) + $aclid++; + + return $aclid; +} + ?>
\ No newline at end of file diff --git a/config/unbound/unbound.xml b/config/unbound/unbound.xml index ff73d1ed..5e6361d5 100644 --- a/config/unbound/unbound.xml +++ b/config/unbound/unbound.xml @@ -66,9 +66,9 @@ <item>http://www.pfsense.org/packages/config/unbound/unbound_status.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> + <prefix>/usr/local/www/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.xml</item> + <item>http://www.pfsense.org/packages/config/unbound/unbound_acls.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -89,7 +89,7 @@ </tab> <tab> <text>Unbound DNS ACLs</text> - <url>/pkg.php?xml=unbound_acls.xml</url> + <url>/unbound_acls.php</url> </tab> <tab> <text>Unbound DNS Status</text> diff --git a/config/unbound/unbound_acls.php b/config/unbound/unbound_acls.php new file mode 100644 index 00000000..40f21595 --- /dev/null +++ b/config/unbound/unbound_acls.php @@ -0,0 +1,371 @@ +<?php +/* $Id$ */ +/* + unbound_acls.php + part of pfSense (http://www.pfsense.com/) + + Copyright (C) 2011 Warren Baker <warren@decoy.co.za> + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); +require("unbound.inc"); + +if(!is_process_running("unbound")) { + Header("Location: /pkg_edit.php?xml=unbound.xml&id=0"); + exit; +} + +if (!is_array($config['installedpackages']['unboundacls']['config'])) + $config['installedpackages']['unboundacls']['config'] = array(); + +$a_acls = &$config['installedpackages']['unboundacls']['config']; + +$id = $_GET['id']; +if (isset($_POST['aclid'])) + $id = $_POST['aclid']; + +$act = $_GET['act']; +if (isset($_POST['act'])) + $act = $_POST['act']; + +if ($act == "del") { + if (!$a_acls[$id]) { + pfSenseHeader("unbound_acls.php"); + exit; + } + + unset($a_acls[$id]); + write_config(); + unbound_reconfigure(); + $savemsg = gettext("Access List successfully deleted")."<br/>"; +} + +if ($act == "new") { + $id = unbound_get_next_id(); +} + +if ($act == "edit") { + if (isset($id) && $a_acls[$id]) { + $pconfig = $a_acls[$id]; + $networkacl = $a_acls[$id]['row']; + } +} + +if ($_POST) { + + unset($input_errors); + $pconfig = $_POST; + + /* input validation - only allow 50 entries in a single ACL*/ + for($x=0; $x<50; $x++) { + if(isset($pconfig["acl_network{$x}"])) { + $networkacl[$x] = array(); + $networkacl[$x]['acl_network'] = $pconfig["acl_network{$x}"]; + $networkacl[$x]['mask'] = $pconfig["mask{$x}"]; + $networkacl[$x]['description'] = $pconfig["description{$x}"]; + if (!is_ipaddr($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid network IP address for {$networkacl[$x]['acl_network']}."); + + if (is_ipaddrv4($networkacl[$x]['acl_network'])) { + if (!is_subnet($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv4 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else if (function_exists("is_ipaddrv6")) { + if (!is_ipaddrv6($networkacl[$x]['acl_network'])) + $input_errors[] = gettext("You must enter a valid IPv6 address for {$networkacl[$x]['acl_network']}."); + else if (!is_subnetv6($networkacl[$x]['acl_network']."/".$networkacl[$x]['mask'])) + $input_errors[] = gettext("You must enter a valid IPv6 netmask for {$networkacl[$x]['acl_network']}/{$networkacl[$x]['mask']}."); + } else + $input_errors[] = gettext("You must enter a valid IPv4 address for {$networkacl[$x]['acl_network']}."); + } + } + + if (!$input_errors) { + + if(!$a_acls[$id]) + $a_acls[$id]['aclid'] = $id; + + if (isset($id) && $a_acls[$id]) { + $a_acls[$id]['aclid'] = $pconfig['aclid']; + $a_acls[$id]['aclname'] = $pconfig['aclname']; + $a_acls[$id]['aclaction'] = $pconfig['aclaction']; + $a_acls[$id]['description'] = $pconfig['description']; + $a_acls[$id]['row'] = array(); + foreach ($networkacl as $acl) + $a_acls[$id]['row'][] = $acl; + write_config(); + unbound_reconfigure(); + } + header("Location: unbound_acls.php"); + exit; + } +} + + +$pgtitle = "Services: Unbound DNS Forwarder: Access Lists"; +include("head.inc"); + +?> + +<script type="text/javascript" src="/javascript/row_helper.js"> +</script> + +<script type="text/javascript"> + function mask_field(fieldname, fieldsize, n) { + return '<select name="' + fieldname + n + '" class="formselect" id="' + fieldname + n + '"><?php + for ($i = 128; $i >= 0; $i--) { + echo "<option value=\"$i\">$i</option>"; + } + ?></select>'; + } + + rowtype[0] = "textbox"; + rowname[0] = "acl_network"; + rowsize[0] = "30"; + rowname[1] = "mask"; + rowtype[1] = mask_field; + rowtype[2] = "textbox"; + rowname[2] = "description"; + rowsize[2] = "40"; +</script> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> + +<?php include("fbegin.inc"); ?> +<?php +if (!$savemsg) + $savemsg = ""; + +if ($input_errors) + print_input_errors($input_errors); + +if ($savemsg) + print_info_box($savemsg); +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr> + <td class="tabnavtbl"> + <ul id="tabnav"> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&id=0"); + $tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&id=0"); + $tab_array[] = array(gettext("Unbound DNS ACLs"), true, "/unbound_acls.php"); + $tab_array[] = array(gettext("Unbound DNS Status"), false, "/unbound_status.php"); + display_top_tabs($tab_array, true); + ?> + </ul> + </td> + </tr> + <tr> + <td class="tabcont"> + + <?php if($act=="new" || $act=="edit"): ?> + + <form action="unbound_acls.php" method="post" name="iform" id="iform"> + <input name="aclid" type="hidden" value="<?=$id;?>"> + <input name="act" type="hidden" value="<?=$act;?>"> + + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=sprintf(gettext("%s ACL"),$act);?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("ACL name");?></td> + <td width="78%" class="vtable"> + <input name="aclname" type="text" class="formfld" id="aclname" size="30" maxlength="30" value="<?=htmlspecialchars($pconfig['aclname']);?>"> + <br /> + <span class="vexpl"><?=gettext("Provide an ACL name.");?></span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Action");?></td> + <td width="78%" class="vtable"> + <select name="aclaction" class="formselect"> + <?php $types = explode(",", "Allow,Deny,Refuse,Allow Snoop"); foreach ($types as $type): ?> + <option value="<?=strtolower($type);?>" <?php if (strtolower($type) == strtolower($pconfig['aclaction'])) echo "selected"; ?>> + <?=htmlspecialchars($type);?> + </option> + <?php endforeach; ?> + </select> + <br/> + <span class="vexpl"> + <?=gettext("Choose what to do with DNS requests that match the criteria specified below.");?> <br/> + <?=gettext("<b>Deny:</b> This actions stops queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Refuse:</b> This actions also stops queries from hosts within the netblock defined below, but sends back DNS rcode REFUSED error message back tot eh client.");?> <br/> + <?=gettext("<b>Allow:</b> This actions allows queries from hosts within the netblock defined below.");?> <br/> + <?=gettext("<b>Allow Snoop:</b> This actions allows recursive and nonrecursive access from hosts within the netblock defined below. Used for cache snooping and ideally should only be configured for your administrative host.");?> <br/> + </span> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Networks");?></td> + <td width="78%" class="vtable"> + <table id="maintable"> + <tbody> + <tr> + <td><div id="onecolumn"><?=gettext("Network");?></div></td> + <td><div id="twocolumn"><?=gettext("CIDR");?></div></td> + <td><div id="threecolumn"><?=gettext("Description");?></div></td> + </tr> + <?php $counter = 0; ?> + <?php + if($networkacl) + foreach($networkacl as $item): + ?> + <?php + $network = $item['acl_network']; + $cidr = $item['mask']; + $description = $item['description']; + ?> + <tr> + <td> + <input autocomplete="off" name="acl_network<?=$counter;?>" type="text" class="formfld unknown" id="acl_network<?=$counter;?>" size="40" value="<?=htmlspecialchars($network);?>" /> + </td> + <td> + <select name="mask<?=$counter;?>" class="formselect" id="mask<?=$counter;?>"> + <?php + for ($i = 128; $i > 0; $i--) { + echo "<option value=\"$i\" "; + if ($i == $cidr) echo "selected"; + echo ">" . $i . "</option>"; + } + ?> + </select> + </td> + <td> + <input autocomplete="off" name="description<?=$counter;?>" type="text" class="listbg" id="description<?=$counter;?>" size="40" value="<?=htmlspecialchars($description);?>" /> + </td> + <td> + <a onclick="removeRow(this); return false;" href="#"><img border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" /></a> + </td> + </tr> + <?php $counter++; ?> + <?php endforeach; ?> + </tbody> + <tfoot> + </tfoot> + </table> + <a onclick="javascript:addRowTo('maintable', 'formfldalias'); return false;" href="#"> + <img border="0" src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" alt="" title="<?=gettext("add another entry");?>" /> + </a> + <script type="text/javascript"> + field_counter_js = 3; + rows = 1; + totalrows = <?php echo $counter; ?>; + loaded = <?php echo $counter; ?>; + </script> + + </td> + </tr> + + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Description");?></td> + <td width="78%" class="vtable"> + <input name="description" type="text" class="formfld unknown" id="description" size="52" maxlength="52" value="<?=htmlspecialchars($pconfig['description']);?>"> + <br /> + <span class="vexpl"><?=gettext("You may enter a description here for your reference.");?></span> + </td> + </tr> + <tr> + <td> </td> + </tr> + <tr> + <td width="22%" valign="top"> </td> + <td width="78%"> + <br> + <input name="Submit" type="submit" class="formbtn" value="<?=gettext("Save"); ?>"> <input type="button" class="formbtn" value="<?=gettext("Cancel"); ?>" onclick="history.back()"> + </td> + </tr> + </table> + </form> + + <?php else: ?> + + <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> + <thead> + <tr> + <td width="25%" class="listhdrr"><?=gettext("Access List Name"); ?></td> + <td width="25%" class="listhdrr"><?=gettext("Action"); ?></td> + <td width="40%" class="listhdrr"><?=gettext("Description"); ?></td> + <td width="10%" class="list"></td> + </tr> + </thead> + <tbody> + <?php + $i = 0; + foreach($a_acls as $acl): + ?> + <tr ondblclick="document.location='unbound_acls.php?act=edit&id=<?=$i;?>'"> + <td class="listlr"> + <?=$acl['aclname'];?> + </td> + <td class="listr"> + <?=htmlspecialchars($acl['aclaction']);?> + </td> + <td class="listbg"> + <?=htmlspecialchars($acl['description']);?> + </td> + <td valign="middle" nowrap class="list"> + <a href="unbound_acls.php?act=edit&id=<?=$i;?>"> + <img src="./themes/<?=$g['theme'];?>/images/icons/icon_e.gif" title="<?=gettext("edit client"); ?>" width="17" height="17" border="0"> + </a> + + <a href="unbound_acls.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this client?"); ?>')"> + <img src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete client"); ?>" width="17" height="17" border="0"> + </a> + </td> + </tr> + <?php + $i++; + endforeach; + ?> + </tbody> + <tfoot> + <tr> + <td class="list" colspan="4"></td> + <td class="list"> + <a href="unbound_acls.php?act=new"><img src="./themes/<?=$g['theme'];?>/images/icons/icon_plus.gif" title="<?=gettext("Add new ACL"); ?>" width="17" height="17" border="0"> + </a> + </td> + </tr> + <tr> + <td colspan="4"> + <p> + <?=gettext("Access Lists to control access to Unbound can be defined here.");?> + </p> + </td> + </tr> + </tfoot> + </table> + + <?php endif; ?> + + </td> + </tr> +</table> +</body> +<?php include("fend.inc"); ?> + +?>
\ No newline at end of file diff --git a/config/unbound/unbound_advanced.xml b/config/unbound/unbound_advanced.xml index 10449b2d..239c39ee 100644 --- a/config/unbound/unbound_advanced.xml +++ b/config/unbound/unbound_advanced.xml @@ -68,7 +68,7 @@ </tab> <tab> <text>Unbound DNS ACLs</text> - <url>/pkg.php?xml=unbound_acls.xml</url> + <url>/unbound_acls.php</url> </tab> <tab> <text>Unbound DNS Status</text> diff --git a/config/unbound/unbound_status.php b/config/unbound/unbound_status.php index 405b24d4..d011b109 100644 --- a/config/unbound/unbound_status.php +++ b/config/unbound/unbound_status.php @@ -127,7 +127,7 @@ function execCmds() { $tab_array = array(); $tab_array[] = array(gettext("Unbound DNS Settings"), false, "/pkg_edit.php?xml=unbound.xml&id=0"); $tab_array[] = array(gettext("Unbound DNS Advanced Settings"), false, "/pkg_edit.php?xml=unbound_advanced.xml&id=0"); - $tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/pkg.php?xml=unbound_acls.xml"); + $tab_array[] = array(gettext("Unbound DNS ACLs"), false, "/unbound_acls.php"); $tab_array[] = array(gettext("Unbound DNS Status"), true, "/unbound_status.php"); display_top_tabs($tab_array, true); ?> |