diff options
Diffstat (limited to 'packages/autoconfigbackup')
-rw-r--r-- | packages/autoconfigbackup/autoconfigbackup.inc | 12 | ||||
-rw-r--r-- | packages/autoconfigbackup/autoconfigbackup.php | 9 |
2 files changed, 15 insertions, 6 deletions
diff --git a/packages/autoconfigbackup/autoconfigbackup.inc b/packages/autoconfigbackup/autoconfigbackup.inc index e2062ea8..818f154a 100644 --- a/packages/autoconfigbackup/autoconfigbackup.inc +++ b/packages/autoconfigbackup/autoconfigbackup.inc @@ -89,7 +89,7 @@ function test_connection($post) { } function upload_config() { - global $config, $g; + global $config, $g, $input_errors; /* * pfSense upload config to pfSense.org script @@ -143,15 +143,17 @@ function upload_config() { update_filter_reload_status($notice_text); // Encrypt config.xml + $raw_config_sha256_hash = trim(`/sbin/sha256 /cf/conf/config.xml | awk '{ print $4 }'`); $data = file_get_contents("/cf/conf/config.xml"); $data = encrypt_data($data, $encryptpw); tagfile_reformat($data, $data, "config.xml"); $post_fields = array( - 'reason' => urlencode($reason), - 'hostname' => urlencode($hostname), - 'configxml' => urlencode($data) - ); + 'reason' => urlencode($reason), + 'hostname' => urlencode($hostname), + 'configxml' => urlencode($data), + 'raw_config_sha256_hash' => urlencode($raw_config_sha256_hash) + ); //url-ify the data for the POST foreach($post_fields as $key=>$value) diff --git a/packages/autoconfigbackup/autoconfigbackup.php b/packages/autoconfigbackup/autoconfigbackup.php index 8be99fa8..afcdfc56 100644 --- a/packages/autoconfigbackup/autoconfigbackup.php +++ b/packages/autoconfigbackup/autoconfigbackup.php @@ -108,11 +108,18 @@ if($_REQUEST['newver'] != "") { $data = curl_exec($curl_session); if (!tagfile_deformat($data, $data, "config.xml")) $input_errors[] = "The downloaded file does not appear to contain an encrypted pfSense configuration."; - $data = decrypt_data($data, $decrypt_password); + $data_split = split("\n", $data); + $sha256 = $data_split[0]; // sha256 + $data = decrypt_data($data_split[1], $decrypt_password); $fd = fopen("/tmp/config_restore.xml", "w"); fwrite($fd, $data); fclose($fd); + $ondisksha256 = trim(`/sbin/sha256 /tmp/backupdebug.txt | awk '{ print $4 }'`); + if($sha256) // we might not have a sha256 on file for older backups + if($ondisksha256 <> $sha256) + $input_errors[] = "SHA256 does not match, cannot restore. $sha256 $ondisksha256"; if (curl_errno($curl_session)) { + /* If an error occured, log the error in /tmp/ */ $fd = fopen("/tmp/backupdebug.txt", "w"); fwrite($fd, $get_url . "" . "action=restore&hostname={$hostname}&revision=" . urlencode($_REQUEST['newver']) . "\n\n"); fwrite($fd, $data); |