diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/squid/squid.inc | 60 | ||||
-rw-r--r-- | config/squid/squid_nac.xml | 4 | ||||
-rw-r--r-- | config/squid3/squid_nac.xml | 4 | ||||
-rw-r--r-- | config/tinydns/new_zone_wizard.xml | 29 | ||||
-rw-r--r-- | config/tinydns/tinydns.inc | 59 | ||||
-rw-r--r-- | config/tinydns/tinydns_domains.xml | 38 |
6 files changed, 143 insertions, 51 deletions
diff --git a/config/squid/squid.inc b/config/squid/squid.inc index ed610205..113bc09f 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -1221,30 +1221,36 @@ function squid_generate_rules($type) { switch($type) { case 'nat': $rules .= "\n# Setup Squid proxy redirect\n"; - if ($squid_conf['private_subnet_proxy_off'] == 'on') { - foreach ($ifaces as $iface){ - $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n"; - } - } - - if (!empty($squid_conf['defined_ip_proxy_off'])) { - $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); - $exempt_ip = ""; - foreach ($defined_ip_proxy_off as $ip_proxy_off) { - if(!empty($ip_proxy_off)) { - $ip_proxy_off = trim($ip_proxy_off); - $exempt_ip .= ", $ip_proxy_off"; - } - } - $exempt_ip = substr($exempt_ip,2); - foreach ($ifaces as $iface){ - $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; - } - } - - foreach ($ifaces as $iface){ + if ($squid_conf['private_subnet_proxy_off'] == 'on') { + foreach ($ifaces as $iface){ + $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80\n"; + } + } + if (!empty($squid_conf['defined_ip_proxy_off'])) { + $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); + $exempt_ip = ""; + foreach ($defined_ip_proxy_off as $ip_proxy_off) { + if(!empty($ip_proxy_off)) { + $ip_proxy_off = trim($ip_proxy_off); + $exempt_ip .= ", $ip_proxy_off"; + } + } + $exempt_ip = substr($exempt_ip,2); + foreach ($ifaces as $iface) { + $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port 80\n"; + } + } + foreach ($ifaces as $iface) { $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n"; - }; + } + /* Handle PPPOE case */ + if($config['pppoe']['mode'] == "off") { + $rules .= "rdr on \$pppoe proto tcp from any to !(\$pppoe) port 80 -> 127.0.0.1 port 80\n"; + } + /* Handle PPTP case */ + if($config['pptpd']['mode'] != "off") { + $rules .= "rdr on \$pptp proto tcp from any to !(\$pptp) port 80 -> 127.0.0.1 port 80\n"; + } $rules .= "\n"; break; case 'filter': @@ -1253,7 +1259,13 @@ function squid_generate_rules($type) { $rules .= "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state\n"; $rules .= "pass in quick on $iface proto tcp from any to !($iface) port $port flags S/SA keep state\n"; $rules .= "\n"; - }; + }; + if($config['pppoe']['mode'] == "off") { + $rules .= "pass in quick on \$pppoe proto tcp from any to !(\$pppoe) port $port flags S/SA keep state\n"; + } + if($config['pptpd']['mode'] != "off") { + $rules .= "pass in quick on \$pptp proto tcp from any to !(\$pptp) port $port flags S/SA keep state\n"; + } break; default: break; diff --git a/config/squid/squid_nac.xml b/config/squid/squid_nac.xml index e0489f8e..a61471ec 100644 --- a/config/squid/squid_nac.xml +++ b/config/squid/squid_nac.xml @@ -111,7 +111,7 @@ <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> - <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -120,7 +120,7 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> diff --git a/config/squid3/squid_nac.xml b/config/squid3/squid_nac.xml index 73c4cae5..56e3fa8b 100644 --- a/config/squid3/squid_nac.xml +++ b/config/squid3/squid_nac.xml @@ -111,7 +111,7 @@ <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> - <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -120,7 +120,7 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy.</description> + <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> <type>textarea</type> <cols>50</cols> <rows>5</rows> diff --git a/config/tinydns/new_zone_wizard.xml b/config/tinydns/new_zone_wizard.xml index 82d8d62b..0f75291f 100644 --- a/config/tinydns/new_zone_wizard.xml +++ b/config/tinydns/new_zone_wizard.xml @@ -92,7 +92,7 @@ <name>Mail exchanger record IP address</name> <type>input</type> <arraynum>1</arraynum> - <description>Enter the IP address of your Mail exchanger (MX) - (example: 9.10.11.12)</description> + <description>Enter the IP address of your Mail exchanger (MX) - (not needed if hostname above is in a different domain)</description> </field> <field> <name>First A record (optional)</name> @@ -151,12 +151,14 @@ <![CDATA[ $changed = false; - + if($_POST['domainname'] and $_POST['primarynameserver']) { $tmp = array(); $tmp['hostname'] = $_POST['domainname']; - $tmp['recordtype'] = "SOA"; + $tmp['recordtype'] = "SOA"; $tmp['ipaddress'] = $_POST['primarynameserver']; + if(!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$tmp['ipaddress']) && substr($tmp['ipaddress'],-1) != ".") + $tmp['ipaddress'] = $tmp['ipaddress'] . "."; $config['installedpackages']['tinydnsdomains']['config'][] = $tmp; unset($tmp); $changed = true; @@ -167,6 +169,8 @@ $tmp['hostname'] = $_POST['domainname']; $tmp['recordtype'] = "SOA"; $tmp['ipaddress'] = $_POST['secondarynameserver']; + if(!preg_match("/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/",$tmp['ipaddress']) && substr($tmp['ipaddress'],-1) != ".") + $tmp['ipaddress'] = $tmp['ipaddress'] . "."; $config['installedpackages']['tinydnsdomains']['config'][] = $tmp; unset($tmp); $changed = true; @@ -202,13 +206,26 @@ $changed = true; } - if($_POST['mailexchangerrecordipaddress'] and $_POST['mailexchangerrecordhostname']) { + if($_POST['mailexchangerrecordhostname']) { $tmp = array(); - $tmp['hostname'] = $_POST['mailexchangerrecordhostname']; + $tmp['hostname'] = $_POST['domainname']; $tmp['recordtype'] = "MX"; - $tmp['ipaddress'] = $_POST['secondarecordipaddress']; + $tmp['ipaddress'] = $_POST['mailexchangerrecordhostname']; + if(substr($tmp['ipaddress'],-1) != ".") + $tmp['ipaddress'] = $tmp['ipaddress'] . "."; + $config['installedpackages']['tinydnsdomains']['config'][] = $tmp; unset($tmp); $changed = true; + + if($_POST['mailexchangerrecordipaddress']) { + $tmp = array(); + $tmp['hostname'] = $_POST['mailexchangerrecordhostname']; + $tmp['recordtype'] = "A"; + $tmp['ipaddress'] = $_POST['mailexchangerrecordipaddress']; + $config['installedpackages']['tinydnsdomains']['config'][] = $tmp; + unset($tmp); + $changed = true; + } } if($changed) { diff --git a/config/tinydns/tinydns.inc b/config/tinydns/tinydns.inc index 24de1cab..ead705e6 100644 --- a/config/tinydns/tinydns.inc +++ b/config/tinydns/tinydns.inc @@ -431,6 +431,7 @@ function tinydns_create_zone_file() { $hostname = $domain['hostname']; $ipaddress = $domain['ipaddress']; $ttl = $domain['ttl']; + $dist = $domain['dist']; /* check record status, if it is down request * backup server if defined. */ @@ -446,7 +447,7 @@ function tinydns_create_zone_file() { log_error("tinydns_get_backup_record returned $ipaddress "); } } - $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns']); + $record_data = tinydns_get_rowline_data($ipaddress, $domain['recordtype'], $ttl, $hostname, $domain['rdns'], $dist); if($record_data) fwrite($fd, $record_data . "\n"); /* process load balanced items */ @@ -588,12 +589,15 @@ function tinydns_do_xmlrpc_sync($sync_to_ip, $password) { /* formats data as a tinydns data row item */ /* A full description of the data format is available at 'man tinydns-data' */ -function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns) { +function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns, $dist) { if($ttl) $ttl_string = ":{$ttl}"; else $ttl_string = ""; + switch ($recordtype) { + + /* Note that some of these are simplistic versions of TinyDNS record handling. Uber-users can always do "raw" entries... */ case "SOA": $record_data = ".{$hostname}::{$recordip}{$ttl_string}"; break; @@ -601,7 +605,7 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns $record_data = "&{$hostname}:{$recordip}{$ttl_string}"; break; case "MX": - $record_data = "@{$hostname}:{$recordip}::{$ttl_string}"; + $record_data = "@{$hostname}::{$recordip}:{$dist}{$ttl_string}"; break; case "PTR": /* "^" creates "PTR" record only to allow reverse DNS */ @@ -619,9 +623,36 @@ function tinydns_get_rowline_data($recordip, $recordtype, $ttl, $hostname, $rdns $record_data = "C{$hostname}:{$recordip}{$ttl_string}"; break; case "TXT": - /* "'" creates "TXT" record that can be used for SPF */ - $record_data = "'{$hostname}:{$recordip}{$ttl_string}"; + /* "'" creates "TXT" record */ + /* ":" creates a generic record entry, (and record code 16 below makes it a TXT record) */ + /* Q: Why bother with generic? */ + /* A: TinyDNS TXT records get split up every 127 chars and some clients have trouble re-assembling them. */ + /* TinyDNS generic records allow up to the maximum DNS record size of 255 chars but it is a hard limit, no splitting of larger strings */ + /* ...so try to always create the best record for the need */ + + /* Initial cleanup required for TXT records in TinyDNS where we substitute Octal escape codes for certain chars*/ + $saferecordip = str_replace(":", "\\072", $recordip); + $saferecordip = str_replace(" ", "\\040", $saferecordip); + $saferecordip = str_replace("\r", "\\015", $saferecordip); + $saferecordip = str_replace("\n", "\\012", $saferecordip); + + /* Logically this should be comparing against 127 and 255 but PHP has a boundary error? */ + /* Boundary errors or not, 128 and 256 at least evaluate properly!!! */ + /* Also note that reclen checks against the original string and not the "safe" one we generated above. */ + $reclen = mb_strlen($recordip, '8bit'); + if($reclen > 128 && $reclen <= 256) { + /* TinyDNS generic records require an escaped Octal string length padded to three chars before the actual string! */ + /* The logic here shouldn't ever require padding but including it anyway in case somebody changes code down the road */ + $reclen = str_pad(decoct($reclen),3,"0",STR_PAD_LEFT); + $record_data = ":{$hostname}:16:\\{$reclen}{$saferecordip}{$ttl_string}"; + } else { + $record_data = "'{$hostname}:{$saferecordip}{$ttl_string}"; + } break; + case "raw": + /* We don't know or care what is in a raw entry, just pass it along as-is */ + $record_data = "{$recordip}"; + break; } return $record_data; } @@ -961,4 +992,22 @@ EOD; fclose($fr); } +function tinydns_cleanup_addedit_form_record() { + /* Clean some things up and simplify per limited subset of TinyDNS record syntax before saving. */ + if((($_POST['recordtype'] == "SOA") || ($_POST['recordtype'] == "NS") || ($_POST['recordtype'] == "MX")) && substr($_POST['ipaddress'],-1) != ".") + $_POST['ipaddress'] = $_POST['ipaddress'] . "."; + + if($_POST['recordtype'] == "TXT") { + /* TinyDNS provides surrounding quotes for TXT records automatically so we check & remove them here */ + if(substr($_POST['ipaddress'],-1) == "\"") + $_POST['ipaddress'] = substr($_POST['ipaddress'],0,-1); + if(substr($_POST['ipaddress'],0,1) == "\"") + $_POST['ipaddress'] = substr($_POST['ipaddress'],1); + if(substr($_POST['ipaddress'],0,5) == "v=spf") { + /* more cleanup specific to SPF records - strip newlines and carriage returns) */ + $_POST['ipaddress'] = str_replace("\r", "", $_POST['ipaddress']); + $_POST['ipaddress'] = str_replace("\n", "", $_POST['ipaddress']); + } + } +} ?>
\ No newline at end of file diff --git a/config/tinydns/tinydns_domains.xml b/config/tinydns/tinydns_domains.xml index 3e313511..19468213 100644 --- a/config/tinydns/tinydns_domains.xml +++ b/config/tinydns/tinydns_domains.xml @@ -37,7 +37,7 @@ */ /* ========================================================================== */ ]]> - </copyright> + </copyright> <description>Describe your package here</description> <requirements>Describe your package requirements here</requirements> <faq>Currently there are no FAQ items provided.</faq> @@ -75,11 +75,11 @@ <configpath>installedpackages->package->tinydnsdomains</configpath> <adddeleteeditpagefields> <columnitem> - <fielddescr>Fully Qualified Domain Name (Hostname)</fielddescr> + <fielddescr>Record Name</fielddescr> <fieldname>hostname</fieldname> </columnitem> <columnitem> - <fielddescr>Record type</fielddescr> + <fielddescr>Record Type</fielddescr> <fieldname>recordtype</fieldname> </columnitem> <columnitem> @@ -87,9 +87,13 @@ <fieldname>rdns</fieldname> </columnitem> <columnitem> - <fielddescr>IP Address</fielddescr> + <fielddescr>Record Data</fielddescr> <fieldname>ipaddress</fieldname> </columnitem> + <columnitem> + <fielddescr>TTL</fielddescr> + <fieldname>ttl</fieldname> + </columnitem> </adddeleteeditpagefields> <fields> <field> @@ -98,7 +102,7 @@ <fieldname>temp</fieldname> </field> <field> - <fielddescr>Hostname or FQDN www.exampledomain.com</fielddescr> + <fielddescr>Record Name (Hostname or FQDN. E.g. www.exampledomain.com)</fielddescr> <fieldname>hostname</fieldname> <description>The DNS server will supply Records for the Fully Qualified Domain Name that is entered</description> <type>input</type> @@ -106,9 +110,9 @@ <required/> </field> <field> - <fielddescr>Record type</fielddescr> + <fielddescr>Record Type</fielddescr> <fieldname>recordtype</fieldname> - <description>DNS Record types. A, PTR, MX, NS, SOA, TXT, CNAME</description> + <description>Supported Record types: A, PTR, MX, NS, SOA, TXT, CNAME, raw ("raw" allows direct entry of a complete TinyDNS record in the FQDN field below)</description> <type>select</type> <size>1</size> <required/> @@ -121,18 +125,25 @@ <option><name>PTR</name><value>PTR</value></option> <option><name>CNAME</name><value>CNAME</value></option> <option><name>TXT</name><value>TXT</value></option> + <option><name>raw</name><value>raw</value></option> </options> </field> <field> - <fielddescr> FQDN or IP Address</fielddescr> + <fielddescr>Record Data (FQDN, IP Address, or "raw" TinyDNS record)</fielddescr> <fieldname>ipaddress</fieldname> - <description>IP Address for A Records. FQDN or Hostname for SOA, PTR, CNAME Records. For NS Records an IP:FQDN</description> + <description>Use IP Address for A Records - FQDN or Hostname for SOA, PTR, CNAME Records - NS Records use colon-separated IP and FQDN, e.g. 1.2.3.4:mydomain.com</description> <type>input</type> - <size>40</size> + <size>80</size> <required/> </field> <field> - <fielddescr>DNS record time to live</fielddescr> + <fielddescr>MX priority (only used for MX records)</fielddescr> + <fieldname>dist</fieldname> + <type>input</type> + <size>4</size> + </field> + <field> + <fielddescr>DNS record time to live (in seconds)</fielddescr> <fieldname>ttl</fieldname> <type>input</type> <size>35</size> @@ -212,8 +223,11 @@ tinydns_setup_ping_items(); tinydns_sync_on_changes(); </custom_delete_php_command> + <custom_php_validation_command> + tinydns_cleanup_addedit_form_record(); + </custom_php_validation_command> <custom_add_php_command> - log_error("Begin tinydns add"); + log_error("Begin tinydns add"); tinydns_create_zone_file(); log_error("Zone file done."); tinydns_setup_ping_items(); |