From 884fac34e50f799b357e3469868285de92e2d878 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Sat, 11 Apr 2015 08:38:14 +0200 Subject: [PATCH] services: add OpenDNS filtering feature Adapted the the GUI layout and rewrote the curl probing in PHP while at it. Many thanks for the initial code donation and idea! Donated by: gastbox.ch --- src/etc/inc/priv.defs.inc | 6 + .../app/models/OPNsense/Base/Menu/Menu.xml | 1 + .../OPNsense/Core/ACL_Legacy_Page_Map.txt | 1 + src/www/fbegin.inc | 1 + src/www/services_opendns.php | 218 ++++++++++++++++++ 5 files changed, 227 insertions(+) create mode 100644 src/www/services_opendns.php diff --git a/src/etc/inc/priv.defs.inc b/src/etc/inc/priv.defs.inc index 6413d9609..cf0882a06 100644 --- a/src/etc/inc/priv.defs.inc +++ b/src/etc/inc/priv.defs.inc @@ -854,6 +854,12 @@ $priv_list['page-services-dnsforwarder-edithost']['descr'] = gettext("Allow acce $priv_list['page-services-dnsforwarder-edithost']['match'] = array(); $priv_list['page-services-dnsforwarder-edithost']['match'][] = "services_dnsmasq_edit.php*"; +$priv_list['page-services-opendns'] = array(); +$priv_list['page-services-opendns']['name'] = gettext("WebCfg - Services: DNS Filter"); +$priv_list['page-services-opendns']['descr'] = gettext("Allow access to the 'Services: DNS Filter' page."); +$priv_list['page-services-opendns']['match'] = array(); +$priv_list['page-services-opendns']['match'][] = "services_opendns.php*"; + $priv_list['page-services-dnsresolver'] = array(); $priv_list['page-services-dnsresolver']['name'] = gettext("WebCfg - Services: DNS Resolver page"); $priv_list['page-services-dnsresolver']['descr'] = gettext("Allow access to the 'Services: DNS Resolver' page."); diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml index 8492845ed..aa6d68e0e 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml +++ b/src/opnsense/mvc/app/models/OPNsense/Base/Menu/Menu.xml @@ -83,6 +83,7 @@ + diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt index 688d11622..a3c4c3f4c 100644 --- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt +++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL_Legacy_Page_Map.txt @@ -135,6 +135,7 @@ page-services-dhcpv6relay=services_dhcpv6_relay.php* page-services-dnsforwarder=services_dnsmasq.php* page-services-dnsforwarder-editdomainoverride=services_dnsmasq_domainoverride_edit.php* page-services-dnsforwarder-edithost=services_dnsmasq_edit.php* +page-services-opendns=services_opendns.php* page-services-dnsresolver=services_unbound.php* page-services-dnsresolver-advanced=services_unbound_advanced.php* page-services-dnsresolver-acls=services_unbound_acls.php* diff --git a/src/www/fbegin.inc b/src/www/fbegin.inc index 2a43d866b..d0a8ead74 100755 --- a/src/www/fbegin.inc +++ b/src/www/fbegin.inc @@ -162,6 +162,7 @@ $firewall_menu = msort($firewall_menu,0); // Services $services_menu = array(); $services_menu[] = array(gettext("Captive Portal"), "/services_captiveportal.php"); +$services_menu[] = array(gettext("DNS Filter"), "/services_opendns.php"); $services_menu[] = array(gettext("DNS Forwarder"), "/services_dnsmasq.php"); $services_menu[] = array(gettext("DNS Resolver"), "/services_unbound.php"); $services_menu[] = array(gettext("DHCP Relay"), "/services_dhcp_relay.php"); diff --git a/src/www/services_opendns.php b/src/www/services_opendns.php new file mode 100644 index 000000000..8fabf2c9f --- /dev/null +++ b/src/www/services_opendns.php @@ -0,0 +1,218 @@ + + Copyright (c) 2008 Tellnet AG + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require_once 'guiconfig.inc'; + +if (!is_array($config['opendns'])) { + $config['opendns'] = array(); +} + +$pconfig['enable'] = isset($config['opendns']['enable']); +$pconfig['username'] = $config['opendns']['username']; +$pconfig['password'] = $config['opendns']['password']; +$pconfig['host'] = $config['opendns']['host']; + +if ($_POST) { + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + $reqdfields = array(); + $reqdfieldsn = array(); + if ($_POST['enable']) { + $reqdfields = array_merge($reqdfields, explode(" ", "host username password")); + $reqdfieldsn = array_merge($reqdfieldsn, explode(",", "Network,Username,Password")); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); + + if (($_POST['host'] && !is_domain($_POST['host']))) { + $input_errors[] = 'The host name contains invalid characters.'; + } + if (($_POST['username'] && empty($_POST['username']))) { + $input_errors[] = 'The username cannot be empty.'; + } + + if ($_POST['test']) { + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, sprintf( 'https://updates.opendns.com/nic/update?hostname=%s', $pconfig['host'])); + curl_setopt($ch, CURLOPT_USERPWD, sprintf('%s:%s', $pconfig['username'], $pconfig['password'])); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); + $output = curl_exec($ch); + curl_close($ch); + $test_results = explode("\r\n", $output); + } elseif (!$input_errors) { + $refresh = $pconfig['enable'] != $config['opendns']['enable']; + $config['opendns']['enable'] = $_POST['enable'] ? true : false; + $config['opendns']['username'] = $_POST['username']; + $config['opendns']['password'] = $_POST['password']; + $config['opendns']['host'] = $_POST['host']; + if ($refresh) { + if ($config['opendns']['enable']) { + unset($config['system']['dnsserver']); + $config['system']['dnsserver'][] = '208.67.222.222'; + $config['system']['dnsserver'][] = '208.67.220.220'; + $config['system']['dnsallowoverride'] = false; + } else { + unset($config['system']['dnsserver']); + $config['system']['dnsserver'][] = ''; + $config['system']['dnsallowoverride'] = true; + } + } + write_config('OpenDNS filter configuration change'); + if ($refresh) { + $retval = system_resolvconf_generate(); + $savemsg = get_std_save_message($retval); + } + } +} + +$pgtitle = array('Services', 'DNS Filter'); + +include 'head.inc'; + +?> + + + + + +
+
+ +
+ +
+ +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ " /> + +
+
+ + OpenDNS.com' + )); ?> + +
+ +
+ + + +
+ +
+ +
+ + ' . + gettext('Networks Dashboard of OpenDNS') .'' + )); ?> + +
+ %s
', + strpos($result, 'good') === 0 ? 'ok text-success' : 'remove text-danger', + $result + ); + } + ?> +
  + + +
+
+
+
+
+
+
+ +