diff options
-rw-r--r-- | config/autoconfigbackup/autoconfigbackup.inc | 292 |
1 files changed, 152 insertions, 140 deletions
diff --git a/config/autoconfigbackup/autoconfigbackup.inc b/config/autoconfigbackup/autoconfigbackup.inc index 7050aab6..dc69ab62 100644 --- a/config/autoconfigbackup/autoconfigbackup.inc +++ b/config/autoconfigbackup/autoconfigbackup.inc @@ -1,69 +1,74 @@ <?php -/* $Id$ */ /* - autoconfigbackup.inc - Copyright (C) 2008-2014 Electric Sheep Fencing LP - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + autoconfigbackup.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008-2015 Electric Sheep Fencing LP + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ - require_once("filter.inc"); require_once("notices.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version < 2.0) { require_once("crypt_acb.php"); +} // Plugin moved to save only -if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.inc")) - unlink("/usr/local/pkg/parse_config/parse_config_upload.inc"); -if(file_exists("/usr/local/pkg/parse_config/parse_config_upload.php")) - unlink("/usr/local/pkg/parse_config/parse_config_upload.php"); +unlink_if_exists("/usr/local/pkg/parse_config/parse_config_upload.inc"); +unlink_if_exists("/usr/local/pkg/parse_config/parse_config_upload.php"); -/* ensures patches match */ +// Ensures patches match function custom_php_validation_command($post, &$input_errors) { global $_POST, $savemsg, $config; - if(!$post['username']) + if (!$post['username']) { $input_errors[] = "Username is required."; + } - if(!$post['password'] or !$post['passwordagain']) + if (!$post['password'] or !$post['passwordagain']) { $input_errors[] = "The subscription password is required."; + } - if(!$post['crypto_password'] or !$post['crypto_password2']) + if (!$post['crypto_password'] or !$post['crypto_password2']) { $input_errors[] = "The encryption password is required."; + } - if($post['password'] <> $post['passwordagain']) + if ($post['password'] <> $post['passwordagain']) { $input_errors[] = "Sorry, the entered portal.pfsense.org passwords do not match."; + } - if($post['crypto_password'] <> $post['crypto_password2']) + if ($post['crypto_password'] <> $post['crypto_password2']) { $input_errors[] = "Sorry, the entered encryption passwords do not match."; + } - if($post['testconnection']) { + if ($post['testconnection']) { $status = test_connection($post); - if($status) + if ($status) { $savemsg = "Connection to portal.pfsense.org was tested with no errors."; + } } - + // We do not need to store this value. unset($_POST['testconnection']); } @@ -73,8 +78,9 @@ function configure_proxy() { $ret = array(); if (!empty($config['system']['proxyurl'])) { $ret[CURLOPT_PROXY] = $config['system']['proxyurl']; - if (!empty($config['system']['proxyport'])) + if (!empty($config['system']['proxyport'])) { $ret[CURLOPT_PROXYPORT] = $config['system']['proxyport']; + } if (!empty($config['system']['proxyuser']) && !empty($config['system']['proxypass'])) { $ret[CURLOPT_PROXYAUTH] = CURLAUTH_ANY | CURLAUTH_ANYSAFE; $ret[CURLOPT_PROXYUSERPWD] = "{$config['system']['proxyuser']}:{$config['system']['proxypass']}"; @@ -86,27 +92,28 @@ function configure_proxy() { function test_connection($post) { global $savemsg, $config, $g; - /* do nothing when booting */ - if($g['booting']) + // Do nothing when booting + if (platform_booting()) { return; + } // Seperator used during client / server communications - $oper_sep = "\|\|"; + $oper_sep = "\|\|"; // Encryption password - $decrypt_password = $post['crypto_password']; + $decrypt_password = $post['crypto_password']; // Defined username - $username = $post['username']; + $username = $post['username']; // Defined password - $password = $post['password']; + $password = $post['password']; // Set hostname - $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; + $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; // URL to restore.php - $get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php"; + $get_url = "https://portal.pfsense.org/pfSconfigbackups/restore.php"; // Populate available backups $curl_session = curl_init(); @@ -124,29 +131,30 @@ function test_connection($post) { curl_setopt($curl_session, CURLOPT_POSTFIELDS, "action=showbackups&hostname={$hostname}"); $data = curl_exec($curl_session); - if (curl_errno($curl_session)) + if (curl_errno($curl_session)) { return("An error occurred " . curl_error($curl_session)); - else + } else { curl_close($curl_session); - + } return; } function upload_config($reasonm = "") { global $config, $g, $input_errors; - /* do nothing when booting */ - if($g['booting']) + // Do nothing when booting + if (platform_booting()) { return; + } /* - * pfSense upload config to pfSense.org script - * This file plugs into config.inc (/usr/local/pkg/parse_config) - * and runs every time the running firewall filter changes. - * + * pfSense upload config to pfSense.org script + * This file plugs into config.inc (/usr/local/pkg/parse_config) + * and runs every time the running firewall filter changes. + * */ - - if(file_exists("/tmp/acb_nooverwrite")) { + + if (file_exists("/tmp/acb_nooverwrite")) { unlink("/tmp/acb_nooverwrite"); $nooverwrite = "true"; } else { @@ -154,28 +162,30 @@ function upload_config($reasonm = "") { } // Define some needed variables - if(file_exists("/cf/conf/lastpfSbackup.txt")) + if (file_exists("/cf/conf/lastpfSbackup.txt")) { $last_backup_date = str_replace("\n", "", file_get_contents("/cf/conf/lastpfSbackup.txt")); - else + } else { $last_backup_date = ""; + } $last_config_change = $config['revision']['time']; - $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; - if($reasonm) + $hostname = $config['system']['hostname'] . "." . $config['system']['domain']; + if ($reasonm) { $reason = $reasonm; - else - $reason = $config['revision']['description']; - $username = $config['installedpackages']['autoconfigbackup']['config'][0]['username']; - $password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; - $encryptpw = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password']; + } else { + $reason = $config['revision']['description']; + } + $username = $config['installedpackages']['autoconfigbackup']['config'][0]['username']; + $password = $config['installedpackages']['autoconfigbackup']['config'][0]['password']; + $encryptpw = $config['installedpackages']['autoconfigbackup']['config'][0]['crypto_password']; // Define upload_url, must be present after other variable definitions due to username, password $upload_url = "https://portal.pfsense.org/pfSconfigbackups/backup.php"; - if(!$username or !$password or !$encryptpw) { - if(!file_exists("/cf/conf/autoconfigback.notice")) { - $notice_text = "Either the username, password or encryption password is not set for Automatic Configuration Backup. "; - $notice_text .= "Please correct this in Diagnostics -> AutoConfigBackup -> Settings."; + if (!$username or !$password or !$encryptpw) { + if (!file_exists("/cf/conf/autoconfigback.notice")) { + $notice_text = "Either the username, password or encryption password is not set for Automatic Configuration Backup."; + $notice_text .= " Please correct this in Diagnostics -> AutoConfigBackup -> Settings."; //log_error($notice_text); //file_notice("AutoConfigBackup", $notice_text, $notice_text, ""); conf_mount_rw(); @@ -184,81 +194,83 @@ function upload_config($reasonm = "") { } } else { /* If configuration has changed, upload to pfS */ - if($last_backup_date <> $last_config_change) { + if ($last_backup_date <> $last_config_change) { - // Mount RW (if needed) - conf_mount_rw(); + // Mount RW (if needed) + conf_mount_rw(); - $notice_text = "Beginning https://portal.pfsense.org configuration backup."; + $notice_text = "Beginning https://portal.pfsense.org configuration backup."; + log_error($notice_text); + update_filter_reload_status($notice_text); + + // Encrypt config.xml + $data = file_get_contents("/cf/conf/config.xml"); + $raw_config_sha256_hash = trim(shell_exec("/sbin/sha256 /cf/conf/config.xml | /usr/bin/awk '{ print $4 }'")); + $data = encrypt_data($data, $encryptpw); + tagfile_reformat($data, $data, "config.xml"); + + $post_fields = array( + 'reason' => urlencode((string)$reason), + 'hostname' => urlencode($hostname), + 'configxml' => urlencode($data), + 'nooverwrite' => urlencode($nooverwrite), + 'raw_config_sha256_hash' => urlencode($raw_config_sha256_hash) + ); + + // URL-ify the data for the POST + foreach ($post_fields as $key=>$value) { + $fields_string .= $key . '=' . $value . '&'; + } + rtrim($fields_string,'&'); + + // Check configuration into the ESF repo + $curl_session = curl_init(); + curl_setopt($curl_session, CURLOPT_URL, $upload_url); + curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); + curl_setopt($curl_session, CURLOPT_POST, count($post_fields)); + curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string); + curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); + curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); + curl_setopt($curl_session, CURLOPT_TIMEOUT, 30); + curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); + // Proxy + curl_setopt_array($curl_session, configure_proxy()); + + $data = curl_exec($curl_session); + if (curl_errno($curl_session)) { + $fd = fopen("/tmp/backupdebug.txt", "w"); + fwrite($fd, $upload_url . "" . $fields_string . "\n\n"); + fwrite($fd, $data); + fwrite($fd, curl_error($curl_session)); + fclose($fd); + } else { + curl_close($curl_session); + } + + if (!strstr($data, "500")) { + $notice_text = "An error occurred while uploading your pfSense configuration to portal.pfsense.org"; + log_error($notice_text . " - " . $data); + file_notice("autoconfigurationbackup", $notice_text, $data, ""); + update_filter_reload_status($notice_text . " - " . $data); + } else { + // Update last pfS backup time + $fd = fopen("/cf/conf/lastpfSbackup.txt", "w"); + fwrite($fd, $config['revision']['time']); + fclose($fd); + $notice_text = "End of portal.pfsense.org configuration backup (success)."; log_error($notice_text); update_filter_reload_status($notice_text); + } - // Encrypt config.xml - $data = file_get_contents("/cf/conf/config.xml"); - $raw_config_sha256_hash = trim(`/sbin/sha256 /cf/conf/config.xml | awk '{ print $4 }'`); - $data = encrypt_data($data, $encryptpw); - tagfile_reformat($data, $data, "config.xml"); - - $post_fields = array( - 'reason' => urlencode((string)$reason), - 'hostname' => urlencode($hostname), - 'configxml' => urlencode($data), - 'nooverwrite' => urlencode($nooverwrite), - 'raw_config_sha256_hash' => urlencode($raw_config_sha256_hash) - ); - - //url-ify the data for the POST - foreach($post_fields as $key=>$value) - $fields_string .= $key.'='.$value.'&'; - rtrim($fields_string,'&'); - - // Check configuration into the ESF repo - $curl_session = curl_init(); - curl_setopt($curl_session, CURLOPT_URL, $upload_url); - curl_setopt($curl_session, CURLOPT_HTTPHEADER, array("Authorization: Basic " . base64_encode("{$username}:{$password}"))); - curl_setopt($curl_session, CURLOPT_POST, count($post_fields)); - curl_setopt($curl_session, CURLOPT_POSTFIELDS, $fields_string); - curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 0); - curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55); - curl_setopt($curl_session, CURLOPT_TIMEOUT, 30); - curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_name'] . '/' . rtrim(file_get_contents("/etc/version"))); - // Proxy - curl_setopt_array($curl_session, configure_proxy()); - - $data = curl_exec($curl_session); - if (curl_errno($curl_session)) { - $fd = fopen("/tmp/backupdebug.txt", "w"); - fwrite($fd, $upload_url . "" . $fields_string . "\n\n"); - fwrite($fd, $data); - fwrite($fd, curl_error($curl_session)); - fclose($fd); - } else { - curl_close($curl_session); - } - - if(!strstr($data, "500")) { - $notice_text = "An error occurred while uploading your pfSense configuration to portal.pfsense.org"; - log_error($notice_text . " - " . $data); - file_notice("autoconfigurationbackup", $notice_text, $data, ""); - update_filter_reload_status($notice_text . " - " . $data); - } else { - // Update last pfS backup time - $fd = fopen("/cf/conf/lastpfSbackup.txt", "w"); - fwrite($fd, $config['revision']['time']); - fclose($fd); - $notice_text = "End of portal.pfsense.org configuration backup (success)."; - log_error($notice_text); - update_filter_reload_status($notice_text); - } - - // Mount image RO (if needed) - conf_mount_ro(); + // Mount image RO (if needed) + conf_mount_ro(); } else { - // debugging + // Debugging //log_error("No https://portal.pfsense.org backup required."); } - } + } } +?> |