aboutsummaryrefslogtreecommitdiffstats
path: root/packages/autoconfigbackup
diff options
context:
space:
mode:
Diffstat (limited to 'packages/autoconfigbackup')
-rw-r--r--packages/autoconfigbackup/autoconfigbackup.inc12
-rw-r--r--packages/autoconfigbackup/autoconfigbackup.php9
2 files changed, 15 insertions, 6 deletions
diff --git a/packages/autoconfigbackup/autoconfigbackup.inc b/packages/autoconfigbackup/autoconfigbackup.inc
index e2062ea8..818f154a 100644
--- a/packages/autoconfigbackup/autoconfigbackup.inc
+++ b/packages/autoconfigbackup/autoconfigbackup.inc
@@ -89,7 +89,7 @@ function test_connection($post) {
}
function upload_config() {
- global $config, $g;
+ global $config, $g, $input_errors;
/*
* pfSense upload config to pfSense.org script
@@ -143,15 +143,17 @@ function upload_config() {
update_filter_reload_status($notice_text);
// Encrypt config.xml
+ $raw_config_sha256_hash = trim(`/sbin/sha256 /cf/conf/config.xml | awk '{ print $4 }'`);
$data = file_get_contents("/cf/conf/config.xml");
$data = encrypt_data($data, $encryptpw);
tagfile_reformat($data, $data, "config.xml");
$post_fields = array(
- 'reason' => urlencode($reason),
- 'hostname' => urlencode($hostname),
- 'configxml' => urlencode($data)
- );
+ 'reason' => urlencode($reason),
+ 'hostname' => urlencode($hostname),
+ 'configxml' => urlencode($data),
+ 'raw_config_sha256_hash' => urlencode($raw_config_sha256_hash)
+ );
//url-ify the data for the POST
foreach($post_fields as $key=>$value)
diff --git a/packages/autoconfigbackup/autoconfigbackup.php b/packages/autoconfigbackup/autoconfigbackup.php
index 8be99fa8..afcdfc56 100644
--- a/packages/autoconfigbackup/autoconfigbackup.php
+++ b/packages/autoconfigbackup/autoconfigbackup.php
@@ -108,11 +108,18 @@ if($_REQUEST['newver'] != "") {
$data = curl_exec($curl_session);
if (!tagfile_deformat($data, $data, "config.xml"))
$input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration.";
- $data = decrypt_data($data, $decrypt_password);
+ $data_split = split("\n", $data);
+ $sha256 = $data_split[0]; // sha256
+ $data = decrypt_data($data_split[1], $decrypt_password);
$fd = fopen("/tmp/config_restore.xml", "w");
fwrite($fd, $data);
fclose($fd);
+ $ondisksha256 = trim(`/sbin/sha256 /tmp/backupdebug.txt | awk '{ print $4 }'`);
+ if($sha256) // we might not have a sha256 on file for older backups
+ if($ondisksha256 <> $sha256)
+ $input_errors[] = "SHA256 does not match, cannot restore. $sha256 $ondisksha256";
if (curl_errno($curl_session)) {
+ /* If an error occured, log the error in /tmp/ */
$fd = fopen("/tmp/backupdebug.txt", "w");
fwrite($fd, $get_url . "" . "action=restore&hostname={$hostname}&revision=" . urlencode($_REQUEST['newver']) . "\n\n");
fwrite($fd, $data);