[PATCH 1/2] perl-Net-LibIDN2: New package

[PATCH 1/2] perl-Net-LibIDN2: New package

[Stefan Schantl]

This perl package provides C bindings to the libidn2,
and can be used to convert international domain names into
the "idn ascii" format and vice versa.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/rootfiles/common/perl-Net-LibIDN2 |  6 ++
 lfs/perl-Net-LibIDN2                     | 77 ++++++++++++++++++++++++
 make.sh                                  |  1 +
 3 files changed, 84 insertions(+)
 create mode 100644 config/rootfiles/common/perl-Net-LibIDN2
 create mode 100644 lfs/perl-Net-LibIDN2

diff --git a/config/rootfiles/common/perl-Net-LibIDN2 b/config/rootfiles/common/perl-Net-LibIDN2
new file mode 100644
index 000000000..1d23bd083
--- /dev/null
+++ b/config/rootfiles/common/perl-Net-LibIDN2
@@ -0,0 +1,6 @@
+usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/Net/LibIDN2.pm
+#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Net/LibIDN2
+#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Net/LibIDN2/.packlist
+#usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Net/LibIDN2/LibIDN2.bs
+usr/lib/perl5/site_perl/5.36.0/xxxMACHINExxx-linux-thread-multi/auto/Net/LibIDN2/LibIDN2.so
+#usr/share/man/man3/Net::LibIDN2.3
diff --git a/lfs/perl-Net-LibIDN2 b/lfs/perl-Net-LibIDN2
new file mode 100644
index 000000000..5e7afb613
--- /dev/null
+++ b/lfs/perl-Net-LibIDN2
@@ -0,0 +1,77 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.02
+
+THISAPP    = Net-LibIDN2-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_BLAKE2 = 0ccbadd445fcec84d082acdc6c43566a50276fc9bb4cc5a1e954761889b2712c8fde4012e1ffacfefcea796d7d04698a74928895ce822ef84d74f44c97b36b37
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+b2 : $(subst %,%_BLAKE2,$(objects))
+
+###############################################################################
+# Downloading, checking, b2sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_BLAKE2,$(objects)) :
+	@$(B2SUM)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && perl Build.PL
+	cd $(DIR_APP) && perl Build
+	cd $(DIR_APP) && perl Build install
+	@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 5309b5675..225767f91 100755
--- a/make.sh
+++ b/make.sh
@@ -2160,6 +2160,7 @@ build_system() {
 	lfsmake2 arpwatch
 	lfsmake2 suricata-reporter
 	lfsmake2 lldpd
+	lfsmake2 perl-Net-LibIDN2
 
 	lfsmake2 linux
 	lfsmake2 linux-initrd
-- 
2.47.3

[PATCH 2/2] dnsbl.cgi: Add support for IDN

[Stefan Schantl]

Use the LibIDN2 perl module to convert international domain names
in the custom allow and block list, into the idn ascii format (punnycode).

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 html/cgi-bin/dnsbl.cgi | 122 +++++++++++++++++++++++++++++++++++------
 1 file changed, 106 insertions(+), 16 deletions(-)

diff --git a/html/cgi-bin/dnsbl.cgi b/html/cgi-bin/dnsbl.cgi
index e81b144c2..16e6dded2 100644
--- a/html/cgi-bin/dnsbl.cgi
+++ b/html/cgi-bin/dnsbl.cgi
@@ -21,6 +21,7 @@
 
 use strict;
 use JSON::PP;
+use Net::LibIDN2 ':all';
 
 # enable only the following on debugging purpose
 #use warnings;
@@ -168,6 +169,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 } elsif ($cgiparams{'CUSTOM_DOMAINS'} eq "$Lang::tr{'save'}") {
 	my @cgi_allowed_domains;
 	my @cgi_blocked_domains;
+	my @ascii_allowed_domains;
+	my @ascii_blocked_domains;
 
 	# Get the current configured custom domains to allow or block
 	&readsettings("$custom_domains_file", \%custom_domains) if (-f "$custom_domains_file");
@@ -184,36 +187,32 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 	@cgi_allowed_domains = &General::uniq(@cgi_allowed_domains);
 	@cgi_blocked_domains = &General::uniq(@cgi_blocked_domains);
 
+	# Check domains and convert into ascii format.
+	@ascii_allowed_domains = &format_domains(\@cgi_allowed_domains, "ascii");
+	@ascii_blocked_domains = &format_domains(\@cgi_blocked_domains, "ascii");
+
 	# Merge temporary merge both arrays for duplicate and valid check.
-	my @merged = (@cgi_allowed_domains, @cgi_blocked_domains);
+	my @ascii_merged = (@ascii_allowed_domains, @ascii_blocked_domains);
 
 	# Check if there are duplicate entries on the merged list.
 	# This assumes a domain which has been entered on both
-	my $dup = &check_for_duplicates(@merged);
+	my $dup = &check_for_duplicates(@ascii_merged);
 
 	# If a duplicate has been found, raise an error
 	if ($dup) {
 		push(@errormessages, "$dup - $Lang::tr{'dnsbl error domain specified twice'}");
 	}
 
-	# Loop through the arrays and check for valid domains and duplicates
-	foreach my $domain (@merged) {
-		# Check if the domain is valid
-		unless (&General::validdomainname($domain)) {
-			push(@errormessages, "$domain - $Lang::tr{'invalid domain name'}");
-		}
-	}
-
 	# Check if a domain from the posted blocked domains array is allready part of
 	# the saved allowed domains array
-	$dup = &compare_arrays(\@custom_allowed_domains, \@cgi_blocked_domains);
+	$dup = &compare_arrays(\@custom_allowed_domains, \@ascii_blocked_domains);
 	if ($dup) {
 		push(@errormessages, "$dup - $Lang::tr{'dnsbl error domain specified twice'}");
 	}
 
 	# Check if a domain from the posted allowed domains array is allready part of
 	# the saved blocked domains array.
-	$dup = &compare_arrays(\@custom_blocked_domains, \@cgi_allowed_domains);
+	$dup = &compare_arrays(\@custom_blocked_domains, \@ascii_allowed_domains);
 	if ($dup) {
 		push(@errormessages, "$dup - $Lang::tr{'dnsbl error domain specified twice'}");
 	}
@@ -222,11 +221,11 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
 		my %tmp;
 
 		# Assign the allowed and blocked domain arrays to the temporary hash
-		foreach my $domain (@cgi_allowed_domains) {
+		foreach my $domain (@ascii_allowed_domains) {
 			$tmp{$domain} = [ "allowed" ];
 		}
 
-		foreach my $domain (@cgi_blocked_domains) {
+		foreach my $domain (@ascii_blocked_domains) {
 			$tmp{$domain} = [ "blocked" ];
 		}
 
@@ -271,9 +270,9 @@ sub show_mainpage() {
 			my $status = $custom_domains{$domain}[0];
 
 			if ($status eq "allowed") {
-				push(@custom_allowed_domains, $domain);
+				push(@custom_allowed_domains, &format_domain_to_unicode($domain));
 			} elsif ($status eq "blocked") {
-				push(@custom_blocked_domains, $domain);
+				push(@custom_blocked_domains, &format_domain_to_unicode($domain));
 			}
 		}
 	}
@@ -539,3 +538,94 @@ sub compare_arrays (\@\@) {
 		}
 	}
 }
+
+sub format_domains(\@$) {
+	my ($arrayref, $format) = @_;
+	my @formated_domains;
+
+	# Deref and assign array.
+	my @domains = @{ $arrayref };
+
+	# Exit if not data passed.
+	return unless (@domains);
+
+	# Loop through the given domains array.
+	foreach my $domain (@domains) {
+		my $formated_domain;
+
+		# Check the output format and convert the domain into requested format.
+		if ($format eq "ascii") {
+			$formated_domain = &format_domain_to_ascii($domain);
+		} elsif ($format eq "unicode") {
+			$formated_domain = &format_domain_to_unicode($domain);
+		} else {
+			# Unknown format requested.
+			return;
+		}
+
+		# Check if the domain could be converted.
+		if ($formated_domain) {
+			# Add the converted domain to the array of ascii domains.
+			push(@formated_domains, $formated_domain);
+		} else {
+			# Add the invalid domain to the array of error messages.
+			push(@errormessages, "$domain - $Lang::tr{'invalid domain name'}");
+		}
+	}
+
+	return @formated_domains;
+}
+
+sub format_domain_to_ascii($) {
+	my ($domain) = @_;
+	my $ascii;
+	my $ret;
+
+	# Early exit on empty input.
+	return unless($domain);
+
+	# Spit the given domain name into parts.
+	my @parts = split(/\./, $domain);
+
+	# Exit if the given domain does not contain at least one dot.
+	return if(scalar(@parts) < 2);
+
+	# Use the perl module to convert the domain into the idn ascii format.
+	$ascii = &Net::LibIDN2::idn2_to_ascii_8($domain, "", $ret);
+
+	# Check if an error occured.
+	if ($ret) {
+		# Get the error message.
+		my $error = &Net::LibIDN2::idn2_strerror($ret);
+
+		push(@errormessages, "$domain - LibIDN2: $error");
+	}
+
+	# Exit if the given domain could not be converted.
+	return unless($ascii);
+
+	# Return the converted domain.
+	return $ascii;
+}
+
+sub format_domain_to_unicode($) {
+	my ($ascii) = @_;
+	my $unicode;
+	my $ret;
+
+	# Exit if no input has been given.
+	return unless($ascii);
+
+	# Convert the idn_ascii formated domain back to unicode and return it.
+	$unicode = &Net::LibIDN2::idn2_to_unicode_88($ascii, $ret);
+
+	# Check if an error occured.
+	if ($ret) {
+		# Get the error message.
+		my $error = &Net::LibIDN2::idn2_strerror($ret);
+
+		push(@errormessages, "$ascii - LibIDN2: $error");
+	}
+
+	return $unicode;
+}
-- 
2.47.3