From 62bb0ae8cc2e8b288f3fa1821e57ed23a56d8ceb Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Wed, 7 Jun 2017 16:49:21 +0200
Subject: [PATCH] dns: rework log files, split ACLs #1491

---
 plist                                         |  3 +
 src/etc/inc/plugins.inc.d/dnsmasq.inc         |  9 +++
 src/etc/inc/system.inc                        |  2 +-
 .../mvc/app/models/OPNsense/Core/ACL/ACL.xml  | 60 -------------------
 .../app/models/OPNsense/Dnsmasq/ACL/ACL.xml   | 26 ++++++++
 .../app/models/OPNsense/Dnsmasq/Menu/Menu.xml |  5 +-
 .../app/models/OPNsense/Unbound/ACL/ACL.xml   | 44 ++++++++++++++
 src/www/diag_logs_dnsmasq.php                 |  8 +++
 src/www/diag_logs_settings.php                | 10 +++-
 9 files changed, 104 insertions(+), 63 deletions(-)
 create mode 100644 src/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml
 create mode 100644 src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
 create mode 100644 src/www/diag_logs_dnsmasq.php

diff --git a/plist b/plist
index 5db3527e3..aa32b59cd 100644
--- a/plist
+++ b/plist
@@ -454,6 +454,7 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
 /usr/local/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/DynamicDNS/ACL/ACL.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/DynamicDNS/Menu/Menu.xml
@@ -476,6 +477,7 @@
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/Migrations/M1_0_0.php
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.php
 /usr/local/opnsense/mvc/app/models/OPNsense/TrafficShaper/TrafficShaper.xml
+/usr/local/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
 /usr/local/opnsense/mvc/app/models/OPNsense/Unbound/Menu/Menu.xml
 /usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/clients.volt
 /usr/local/opnsense/mvc/app/views/OPNsense/CaptivePortal/index.volt
@@ -974,6 +976,7 @@
 /usr/local/www/diag_logs_auth.php
 /usr/local/www/diag_logs_common.inc
 /usr/local/www/diag_logs_dhcp.php
+/usr/local/www/diag_logs_dnsmasq.php
 /usr/local/www/diag_logs_filter.php
 /usr/local/www/diag_logs_filter_dynamic.php
 /usr/local/www/diag_logs_filter_plain.php
diff --git a/src/etc/inc/plugins.inc.d/dnsmasq.inc b/src/etc/inc/plugins.inc.d/dnsmasq.inc
index 2c527a080..91c501a24 100644
--- a/src/etc/inc/plugins.inc.d/dnsmasq.inc
+++ b/src/etc/inc/plugins.inc.d/dnsmasq.inc
@@ -63,6 +63,15 @@ function dnsmasq_services()
     return $services;
 }
 
+function dnsmasq_syslog()
+{
+    $logfacilities = array();
+
+    $logfacilities['dnsmasq'] = array('facility' => array('dnsmasq'), 'remote' => 'dns');
+
+    return $logfacilities;
+}
+
 function dnsmasq_xmlrpc_sync()
 {
     $result = array();
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index b72ce4dd3..96a0bee12 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -798,7 +798,7 @@ function system_syslogd_start($verbose = false)
         $syslogconfs['gateways'] = array('facility' => array('apinger'), 'remote' => 'apinger');
         $syslogconfs['portalauth'] = array('facility' => array('captiveportal'), 'remote' => 'portalauth');
         $syslogconfs['ppps'] = array('facility' => array('ppp'));
-        $syslogconfs['resolver'] = array('facility' => array('dnsmasq', 'filterdns', 'unbound'));
+        $syslogconfs['resolver'] = array('facility' => array('filterdns', 'unbound'), 'remote' => 'dns');
         $syslogconfs['routing'] = array('facility' => array('radvd', 'routed', 'rtsold', 'olsrd', 'zebra', 'ospfd', 'bgpd', 'miniupnpd'));
         $syslogconfs['wireless'] = array('facility' => array('hostapd'), 'remote' => 'hostapd');
 
diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
index c14574aad..3ba0ce622 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
@@ -106,12 +106,6 @@
             <pattern>diag_logs_gateways.php*</pattern>
         </patterns>
     </page-diagnostics-logs-gateways>
-    <page-diagnostics-logs-resolver>
-        <name>Diagnostics: Logs: Resolver</name>
-        <patterns>
-            <pattern>diag_logs_resolver.php*</pattern>
-        </patterns>
-    </page-diagnostics-logs-resolver>
     <page-diagnostics-logs-settings>
         <name>Diagnostics: Logs: Settings</name>
         <patterns>
@@ -497,60 +491,6 @@
             <pattern>services_opendns.php*</pattern>
         </patterns>
     </page-services-opendns>
-    <page-services-dnsforwarder>
-        <name>Services: DNS Forwarder</name>
-        <patterns>
-            <pattern>services_dnsmasq.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder>
-    <page-services-dnsforwarder-editdomainoverride>
-        <name>Services: DNS Forwarder: Edit Domain Override</name>
-        <patterns>
-            <pattern>services_dnsmasq_domainoverride_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder-editdomainoverride>
-    <page-services-dnsforwarder-edithost>
-        <name>Services: DNS Forwarder: Edit host</name>
-        <patterns>
-            <pattern>services_dnsmasq_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsforwarder-edithost>
-    <page-services-dnsresolver>
-        <name>Services: DNS Resolver</name>
-        <patterns>
-            <pattern>services_unbound.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver>
-    <page-services-dnsresolver-acls>
-        <name>Services: DNS Resolver: Access Lists</name>
-        <patterns>
-            <pattern>services_unbound_acls.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-acls>
-    <page-services-dnsresolver-editacls>
-        <name>Services: DNS Resolver: Access Lists: Edit</name>
-        <patterns>
-            <pattern>services_unbound_acls_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-editacls>
-    <page-services-dnsresolver-advanced>
-        <name>Services: DNS Resolver: Advanced</name>
-        <patterns>
-            <pattern>services_unbound_advanced.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-advanced>
-    <page-services-dnsresolver-editdomainoverride>
-        <name>Services: DNS Resolver: Edit Domain Override</name>
-        <patterns>
-            <pattern>services_unbound_domainoverride_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-editdomainoverride>
-    <page-services-dnsresolver-edithost>
-        <name>Services: DNS Resolver: Edit host</name>
-        <patterns>
-            <pattern>services_unbound_host_edit.php*</pattern>
-        </patterns>
-    </page-services-dnsresolver-edithost>
     <page-services-router-advertisements>
         <name>Services: Router advertisements</name>
         <patterns>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml
new file mode 100644
index 000000000..450e8a528
--- /dev/null
+++ b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/ACL/ACL.xml
@@ -0,0 +1,26 @@
+<acl>
+    <page-services-dnsforwarder>
+        <name>Services: Dnsmasq DNS: Settings</name>
+        <patterns>
+            <pattern>services_dnsmasq.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder>
+    <page-services-dnsforwarder-editdomainoverride>
+        <name>Services: Dnsmasq DNS: Edit Domain Override</name>
+        <patterns>
+            <pattern>services_dnsmasq_domainoverride_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder-editdomainoverride>
+    <page-services-dnsforwarder-edithost>
+        <name>Services: Dnsmasq DNS: Edit Host</name>
+        <patterns>
+            <pattern>services_dnsmasq_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsforwarder-edithost>
+    <page-diagnostics-logs-dnsmasq>
+        <name>Services: Dnsmasq DNS: Log File</name>
+        <patterns>
+            <pattern>diag_logs_dnsmasq.php*</pattern>
+        </patterns>
+    </page-diagnostics-logs-dnsmasq>
+</acl>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
index 27fdcd6cc..e2839eb0a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Menu/Menu.xml
@@ -1,8 +1,11 @@
 <menu>
     <Services>
-        <Dnsmasq VisibleName="Dnsmasq DNS" url="/services_dnsmasq.php" cssClass="fa fa-tags fa-fw">
+        <Dnsmasq VisibleName="Dnsmasq DNS" cssClass="fa fa-tags fa-fw">
+          <Settings order="10" url="/services_dnsmasq.php">
             <Hosts url="/services_dnsmasq_edit.php*" visibility="hidden"/>
             <Domains url="/services_dnsmasq_domainoverride_edit.php*" visibility="hidden"/>
+          </Settings>
+          <LogFile VisibleName="Log File" order="50" url="/diag_logs_resolver.php"/>
         </Dnsmasq>
     </Services>
 </menu>
diff --git a/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
new file mode 100644
index 000000000..f978d49bf
--- /dev/null
+++ b/src/opnsense/mvc/app/models/OPNsense/Unbound/ACL/ACL.xml
@@ -0,0 +1,44 @@
+<acl>
+    <page-services-dnsresolver>
+        <name>Services: Unbound DNS: General</name>
+        <patterns>
+            <pattern>services_unbound.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver>
+    <page-services-dnsresolver-acls>
+        <name>Services: Unbound DNS: Access Lists</name>
+        <patterns>
+            <pattern>services_unbound_acls.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-acls>
+    <page-services-dnsresolver-editacls>
+        <name>Services: Unbound DNS: Access Lists Edit</name>
+        <patterns>
+            <pattern>services_unbound_acls_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-editacls>
+    <page-services-dnsresolver-advanced>
+        <name>Services: Unbound DNS: Advanced</name>
+        <patterns>
+            <pattern>services_unbound_advanced.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-advanced>
+    <page-services-dnsresolver-editdomainoverride>
+        <name>Services: Unbound DNS: Edit Domain Override</name>
+        <patterns>
+            <pattern>services_unbound_domainoverride_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-editdomainoverride>
+    <page-services-dnsresolver-edithost>
+        <name>Services: Unbound DNS: Edit Host</name>
+        <patterns>
+            <pattern>services_unbound_host_edit.php*</pattern>
+        </patterns>
+    </page-services-dnsresolver-edithost>
+    <page-diagnostics-logs-resolver>
+        <name>Services: Unbound DNS: Log File</name>
+        <patterns>
+            <pattern>diag_logs_resolver.php*</pattern>
+        </patterns>
+    </page-diagnostics-logs-resolver>
+</acl>
diff --git a/src/www/diag_logs_dnsmasq.php b/src/www/diag_logs_dnsmasq.php
new file mode 100644
index 000000000..b086f1d04
--- /dev/null
+++ b/src/www/diag_logs_dnsmasq.php
@@ -0,0 +1,8 @@
+<?php
+
+$logfile = '/var/log/dnsmasq.log';
+$logclog = true;
+
+$service_hook = 'dnsmasq';
+
+require_once 'diag_logs_template.inc';
diff --git a/src/www/diag_logs_settings.php b/src/www/diag_logs_settings.php
index 4837cb070..cbb08bcaf 100644
--- a/src/www/diag_logs_settings.php
+++ b/src/www/diag_logs_settings.php
@@ -70,7 +70,6 @@ function clear_all_log_files()
         system_clear_clog("/var/log/{$lfile}.log", false);
     }
 
-
     foreach ($log_files as $lfile) {
         system_clear_log("/var/log/{$lfile}.log", false);
     }
@@ -100,6 +99,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig['dhcp'] = isset($config['syslog']['dhcp']);
     $pconfig['portalauth'] = isset($config['syslog']['portalauth']);
     $pconfig['vpn'] = isset($config['syslog']['vpn']);
+    $pconfig['dns'] = isset($config['syslog']['dns']);
     $pconfig['apinger'] = isset($config['syslog']['apinger']);
     $pconfig['relayd'] = isset($config['syslog']['relayd']);
     $pconfig['hostapd'] = isset($config['syslog']['hostapd']);
@@ -159,6 +159,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $config['syslog']['dhcp'] = !empty($pconfig['dhcp']);
             $config['syslog']['portalauth'] = !empty($pconfig['portalauth']);
             $config['syslog']['vpn'] = !empty($pconfig['vpn']);
+            $config['syslog']['dns'] = !empty($pconfig['dns']);
             $config['syslog']['apinger'] = !empty($pconfig['apinger']);
             $config['syslog']['relayd'] = !empty($pconfig['relayd']);
             $config['syslog']['hostapd'] = !empty($pconfig['hostapd']);
@@ -224,6 +225,7 @@ function enable_change(enable_over) {
     document.iform.dhcp.disabled = 0;
     document.iform.portalauth.disabled = 0;
     document.iform.vpn.disabled = 0;
+    document.iform.dns.disabled = 0;
     document.iform.apinger.disabled = 0;
     document.iform.relayd.disabled = 0;
     document.iform.hostapd.disabled = 0;
@@ -238,6 +240,7 @@ function enable_change(enable_over) {
     document.iform.dhcp.disabled = 1;
     document.iform.portalauth.disabled = 1;
     document.iform.vpn.disabled = 1;
+    document.iform.dns.disabled = 1;
     document.iform.apinger.disabled = 1;
     document.iform.relayd.disabled = 1;
     document.iform.hostapd.disabled = 1;
@@ -255,6 +258,8 @@ function check_everything() {
     document.iform.portalauth.checked = false;
     document.iform.vpn.disabled = 1;
     document.iform.vpn.checked = false;
+    document.iform.dns.disabled = 1;
+    document.iform.dns.checked = false;
     document.iform.apinger.disabled = 1;
     document.iform.apinger.checked = false;
     document.iform.relayd.disabled = 1;
@@ -268,6 +273,7 @@ function check_everything() {
     document.iform.dhcp.disabled = 0;
     document.iform.portalauth.disabled = 0;
     document.iform.vpn.disabled = 0;
+    document.iform.dns.disabled = 0;
     document.iform.apinger.disabled = 0;
     document.iform.relayd.disabled = 0;
     document.iform.hostapd.disabled = 0;
@@ -503,6 +509,8 @@ $(document).ready(function() {
                         <?=gettext("Firewall events");?><br />
                         <input name="dhcp" id="dhcp" type="checkbox" value="yes" <?=!empty($pconfig['dhcp']) ? "checked=\"checked\"" : ""; ?> />
                         <?=gettext("DHCP service events");?><br />
+                        <input name="dns" id="dns" type="checkbox" value="yes" <?=!empty($pconfig['dns']) ? "checked=\"checked\"" : ""; ?> />
+                        <?=gettext("DNS (Unbound, Dnsmasq, Bind) events");?><br />
                         <input name="portalauth" id="portalauth" type="checkbox" value="yes" <?=!empty($pconfig['portalauth']) ? "checked=\"checked\"" : ""; ?> />
                         <?=gettext("Portal Auth events");?><br />
                         <input name="vpn" id="vpn" type="checkbox" value="yes" <?=!empty($pconfig['vpn']) ? "checked=\"checked\"" : ""; ?> />