Project

General

Profile

Download (26.1 KB) Statistics
| Branch: | Tag: | Revision:
1
<?php
2
/*
3
	diag_backup.php
4
*/
5
/* ====================================================================
6
 *	Copyright (c)  2004-2015  Electric Sheep Fencing, LLC. All rights reserved.
7
 *
8
 *  Some or all of this file is based on the m0n0wall project which is
9
 *  Copyright (c)  2004 Manuel Kasper (BSD 2 clause)
10
 *
11
 *	Redistribution and use in source and binary forms, with or without modification,
12
 *	are permitted provided that the following conditions are met:
13
 *
14
 *	1. Redistributions of source code must retain the above copyright notice,
15
 *		this list of conditions and the following disclaimer.
16
 *
17
 *	2. Redistributions in binary form must reproduce the above copyright
18
 *		notice, this list of conditions and the following disclaimer in
19
 *		the documentation and/or other materials provided with the
20
 *		distribution.
21
 *
22
 *	3. All advertising materials mentioning features or use of this software
23
 *		must display the following acknowledgment:
24
 *		"This product includes software developed by the pfSense Project
25
 *		 for use in the pfSense software distribution. (http://www.pfsense.org/).
26
 *
27
 *	4. The names "pfSense" and "pfSense Project" must not be used to
28
 *		 endorse or promote products derived from this software without
29
 *		 prior written permission. For written permission, please contact
30
 *		 coreteam@pfsense.org.
31
 *
32
 *	5. Products derived from this software may not be called "pfSense"
33
 *		nor may "pfSense" appear in their names without prior written
34
 *		permission of the Electric Sheep Fencing, LLC.
35
 *
36
 *	6. Redistributions of any form whatsoever must retain the following
37
 *		acknowledgment:
38
 *
39
 *	"This product includes software developed by the pfSense Project
40
 *	for use in the pfSense software distribution (http://www.pfsense.org/).
41
 *
42
 *	THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
43
 *	EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
44
 *	IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
45
 *	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
46
 *	ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
47
 *	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
48
 *	NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
49
 *	LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50
 *	HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51
 *	STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52
 *	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53
 *	OF THE POSSIBILITY OF SUCH DAMAGE.
54
 *
55
 *	====================================================================
56
 *
57
 */
58

    
59
##|+PRIV
60
##|*IDENT=page-diagnostics-backup/restore
61
##|*NAME=Diagnostics: Backup/restore
62
##|*DESCR=Allow access to the 'Diagnostics: Backup/restore' page.
63
##|*MATCH=diag_backup.php*
64
##|-PRIV
65

    
66
/* Allow additional execution time 0 = no limit. */
67
ini_set('max_execution_time', '0');
68
ini_set('max_input_time', '0');
69

    
70
/* omit no-cache headers because it confuses IE with file downloads */
71
$omit_nocacheheaders = true;
72
$nocsrf = true;
73
require("guiconfig.inc");
74
require_once("functions.inc");
75
require_once("filter.inc");
76
require_once("shaper.inc");
77

    
78
$rrddbpath = "/var/db/rrd";
79
$rrdtool = "/usr/bin/nice -n20 /usr/local/bin/rrdtool";
80

    
81
function rrd_data_xml() {
82
	global $rrddbpath;
83
	global $rrdtool;
84

    
85
	$result = "\t<rrddata>\n";
86
	$rrd_files = glob("{$rrddbpath}/*.rrd");
87
	$xml_files = array();
88
	foreach ($rrd_files as $rrd_file) {
89
		$basename = basename($rrd_file);
90
		$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
91
		exec("$rrdtool dump '{$rrd_file}' '{$xml_file}'");
92
		$xml_data = file_get_contents($xml_file);
93
		unlink($xml_file);
94
		if ($xml_data !== false) {
95
			$result .= "\t\t<rrddatafile>\n";
96
			$result .= "\t\t\t<filename>{$basename}</filename>\n";
97
			$result .= "\t\t\t<xmldata>" . base64_encode(gzdeflate($xml_data)) . "</xmldata>\n";
98
			$result .= "\t\t</rrddatafile>\n";
99
		}
100
	}
101
	$result .= "\t</rrddata>\n";
102
	return $result;
103
}
104

    
105
function restore_rrddata() {
106
	global $config, $g, $rrdtool, $input_errors;
107
	foreach ($config['rrddata']['rrddatafile'] as $rrd) {
108
		if ($rrd['xmldata']) {
109
			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
110
			$xml_file = preg_replace('/\.rrd$/', ".xml", $rrd_file);
111
			if (file_put_contents($xml_file, gzinflate(base64_decode($rrd['xmldata']))) === false) {
112
				log_error("Cannot write $xml_file");
113
				continue;
114
			}
115
			$output = array();
116
			$status = null;
117
			exec("$rrdtool restore -f '{$xml_file}' '{$rrd_file}'", $output, $status);
118
			if ($status) {
119
				log_error("rrdtool restore -f '{$xml_file}' '{$rrd_file}' failed returning {$status}.");
120
				continue;
121
			}
122
			unlink($xml_file);
123
		} else if ($rrd['data']) {
124
			$rrd_file = "{$g['vardb_path']}/rrd/{$rrd['filename']}";
125
			$rrd_fd = fopen($rrd_file, "w");
126
			if (!$rrd_fd) {
127
				log_error("Cannot write $rrd_file");
128
				continue;
129
			}
130
			$data = base64_decode($rrd['data']);
131
			/* Try to decompress the data. */
132
			$dcomp = @gzinflate($data);
133
			if ($dcomp) {
134
				/* If the decompression worked, write the decompressed data */
135
				if (fwrite($rrd_fd, $dcomp) === false) {
136
					log_error("fwrite $rrd_file failed");
137
					continue;
138
				}
139
			} else {
140
				/* If the decompression failed, it wasn't compressed, so write raw data */
141
				if (fwrite($rrd_fd, $data) === false) {
142
					log_error("fwrite $rrd_file failed");
143
					continue;
144
				}
145
			}
146
			if (fclose($rrd_fd) === false) {
147
				log_error("fclose $rrd_file failed");
148
				continue;
149
			}
150
		}
151
	}
152
}
153

    
154
function add_base_packages_menu_items() {
155
	global $g, $config;
156
	$base_packages = explode(",", $g['base_packages']);
157
	$modified_config = false;
158
	foreach ($base_packages as $bp) {
159
		$basepkg_path = "/usr/local/pkg/{$bp}";
160
		$tmpinfo = pathinfo($basepkg_path, PATHINFO_EXTENSION);
161
		if ($tmpinfo['extension'] == "xml" && file_exists($basepkg_path)) {
162
			$pkg_config = parse_xml_config_pkg($basepkg_path, "packagegui");
163
			if ($pkg_config['menu'] != "") {
164
				if (is_array($pkg_config['menu'])) {
165
					foreach ($pkg_config['menu'] as $menu) {
166
						if (is_array($config['installedpackages']['menu'])) {
167
							foreach ($config['installedpackages']['menu'] as $amenu) {
168
								if ($amenu['name'] == $menu['name']) {
169
									continue;
170
								}
171
							}
172
						}
173
						$config['installedpackages']['menu'][] = $menu;
174
						$modified_config = true;
175
					}
176
				}
177
			}
178
		}
179
	}
180
	if ($modified_config) {
181
		write_config(gettext("Restored base_package menus after configuration restore."));
182
		$config = parse_config(true);
183
	}
184
}
185

    
186
function remove_bad_chars($string) {
187
	return preg_replace('/[^a-z_0-9]/i', '', $string);
188
}
189

    
190
function check_and_returnif_section_exists($section) {
191
	global $config;
192
	if (is_array($config[$section])) {
193
		return true;
194
	}
195
	return false;
196
}
197

    
198
if ($_POST['apply']) {
199
	ob_flush();
200
	flush();
201
	conf_mount_rw();
202
	clear_subsystem_dirty("restore");
203
	conf_mount_ro();
204
	exit;
205
}
206

    
207
if ($_POST) {
208
	unset($input_errors);
209
	if (stristr($_POST['Submit'], gettext("Restore configuration"))) {
210
		$mode = "restore";
211
	} else if (stristr($_POST['Submit'], gettext("Reinstall"))) {
212
		$mode = "reinstallpackages";
213
	} else if (stristr($_POST['Submit'], gettext("Clear Package Lock"))) {
214
		$mode = "clearpackagelock";
215
	} else if (stristr($_POST['Submit'], gettext("Download"))) {
216
		$mode = "download";
217
	} else if (stristr($_POST['Submit'], gettext("Restore version"))) {
218
		$mode = "restore_ver";
219
	}
220
	if ($_POST["nopackages"] <> "") {
221
		$options = "nopackages";
222
	}
223
	if ($_POST["ver"] <> "") {
224
		$ver2restore = $_POST["ver"];
225
	}
226
	if ($mode) {
227
		if ($mode == "download") {
228
			if ($_POST['encrypt']) {
229
				if (!$_POST['encrypt_password'] || !$_POST['encrypt_passconf']) {
230
					$input_errors[] = gettext("You must supply and confirm the password for encryption.");
231
				}
232
				if ($_POST['encrypt_password'] != $_POST['encrypt_passconf']) {
233
					$input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match.");
234
				}
235
			}
236

    
237
			if (!$input_errors) {
238

    
239
				//$lockbckp = lock('config');
240

    
241
				$host = "{$config['system']['hostname']}.{$config['system']['domain']}";
242
				$name = "config-{$host}-".date("YmdHis").".xml";
243
				$data = "";
244

    
245
				if ($options == "nopackages") {
246
					if (!$_POST['backuparea']) {
247
						/* backup entire configuration */
248
						$data = file_get_contents("{$g['conf_path']}/config.xml");
249
					} else {
250
						/* backup specific area of configuration */
251
						$data = backup_config_section($_POST['backuparea']);
252
						$name = "{$_POST['backuparea']}-{$name}";
253
					}
254
					$sfn = "{$g['tmp_path']}/config.xml.nopkg";
255
					file_put_contents($sfn, $data);
256
					exec("sed '/<installedpackages>/,/<\/installedpackages>/d' {$sfn} > {$sfn}-new");
257
					$data = file_get_contents($sfn . "-new");
258
				} else {
259
					if (!$_POST['backuparea']) {
260
						/* backup entire configuration */
261
						$data = file_get_contents("{$g['conf_path']}/config.xml");
262
					} else if ($_POST['backuparea'] === "rrddata") {
263
						$data = rrd_data_xml();
264
						$name = "{$_POST['backuparea']}-{$name}";
265
					} else {
266
						/* backup specific area of configuration */
267
						$data = backup_config_section($_POST['backuparea']);
268
						$name = "{$_POST['backuparea']}-{$name}";
269
					}
270
				}
271

    
272
				//unlock($lockbckp);
273

    
274
				/*
275
				 *	Backup RRD Data
276
				 */
277
				if ($_POST['backuparea'] !== "rrddata" && !$_POST['donotbackuprrd']) {
278
					$rrd_data_xml = rrd_data_xml();
279
					$closing_tag = "</" . $g['xml_rootobj'] . ">";
280
					$data = str_replace($closing_tag, $rrd_data_xml . $closing_tag, $data);
281
				}
282

    
283
				if ($_POST['encrypt']) {
284
					$data = encrypt_data($data, $_POST['encrypt_password']);
285
					tagfile_reformat($data, $data, "config.xml");
286
				}
287

    
288
				$size = strlen($data);
289
				header("Content-Type: application/octet-stream");
290
				header("Content-Disposition: attachment; filename={$name}");
291
				header("Content-Length: $size");
292
				if (isset($_SERVER['HTTPS'])) {
293
					header('Pragma: ');
294
					header('Cache-Control: ');
295
				} else {
296
					header("Pragma: private");
297
					header("Cache-Control: private, must-revalidate");
298
				}
299
				echo $data;
300

    
301
				exit;
302
			}
303
		}
304

    
305
		if ($mode == "restore") {
306
			if ($_POST['decrypt']) {
307
				if (!$_POST['decrypt_password'] || !$_POST['decrypt_passconf']) {
308
					$input_errors[] = gettext("You must supply and confirm the password for decryption.");
309
				}
310
				if ($_POST['decrypt_password'] != $_POST['decrypt_passconf']) {
311
					$input_errors[] = gettext("The supplied 'Password' and 'Confirm' field values must match.");
312
				}
313
			}
314

    
315
			if (!$input_errors) {
316
				if (is_uploaded_file($_FILES['conffile']['tmp_name'])) {
317

    
318
					/* read the file contents */
319
					$data = file_get_contents($_FILES['conffile']['tmp_name']);
320
					if (!$data) {
321
						log_error(sprintf(gettext("Warning, could not read file %s"), $_FILES['conffile']['tmp_name']));
322
						return 1;
323
					}
324

    
325
					if ($_POST['decrypt']) {
326
						if (!tagfile_deformat($data, $data, "config.xml")) {
327
							$input_errors[] = gettext("The uploaded file does not appear to contain an encrypted pfsense configuration.");
328
							return 1;
329
						}
330
						$data = decrypt_data($data, $_POST['decrypt_password']);
331
					}
332

    
333
					if (stristr($data, "<m0n0wall>")) {
334
						log_error(gettext("Upgrading m0n0wall configuration to pfsense."));
335
						/* m0n0wall was found in config.  convert it. */
336
						$data = str_replace("m0n0wall", "pfsense", $data);
337
						$m0n0wall_upgrade = true;
338
					}
339
					if ($_POST['restorearea']) {
340
						/* restore a specific area of the configuration */
341
						if (!stristr($data, "<" . $_POST['restorearea'] . ">")) {
342
							$input_errors[] = gettext("You have selected to restore an area but we could not locate the correct xml tag.");
343
						} else {
344
							if (!restore_config_section($_POST['restorearea'], $data)) {
345
								$input_errors[] = gettext("You have selected to restore an area but we could not locate the correct xml tag.");
346
							} else {
347
								if ($config['rrddata']) {
348
									restore_rrddata();
349
									unset($config['rrddata']);
350
									unlink_if_exists("{$g['tmp_path']}/config.cache");
351
									write_config();
352
									add_base_packages_menu_items();
353
									convert_config();
354
									conf_mount_ro();
355
								}
356
								filter_configure();
357
								$savemsg = gettext("The configuration area has been restored.  You may need to reboot the firewall.");
358
							}
359
						}
360
					} else {
361
						if (!stristr($data, "<" . $g['xml_rootobj'] . ">")) {
362
							$input_errors[] = sprintf(gettext("You have selected to restore the full configuration but we could not locate a %s tag."), $g['xml_rootobj']);
363
						} else {
364
							/* restore the entire configuration */
365
							file_put_contents($_FILES['conffile']['tmp_name'], $data);
366
							if (config_install($_FILES['conffile']['tmp_name']) == 0) {
367
								/* this will be picked up by /index.php */
368
								conf_mount_rw();
369
								mark_subsystem_dirty("restore");
370
								touch("/conf/needs_package_sync_after_reboot");
371
								/* remove cache, we will force a config reboot */
372
								if (file_exists("{$g['tmp_path']}/config.cache")) {
373
									unlink("{$g['tmp_path']}/config.cache");
374
								}
375
								$config = parse_config(true);
376
								if (file_exists("/boot/loader.conf")) {
377
									$loaderconf = file_get_contents("/boot/loader.conf");
378
									if (strpos($loaderconf, "console=\"comconsole")) {
379
										$config['system']['enableserial'] = true;
380
										write_config("Restore serial console enabling in configuration.");
381
									}
382
									unset($loaderconf);
383
								}
384
								/* extract out rrd items, unset from $config when done */
385
								if ($config['rrddata']) {
386
									restore_rrddata();
387
									unset($config['rrddata']);
388
									unlink_if_exists("{$g['tmp_path']}/config.cache");
389
									write_config();
390
									add_base_packages_menu_items();
391
									convert_config();
392
									conf_mount_ro();
393
								}
394
								if ($m0n0wall_upgrade == true) {
395
									if ($config['system']['gateway'] <> "") {
396
										$config['interfaces']['wan']['gateway'] = $config['system']['gateway'];
397
									}
398
									unset($config['shaper']);
399
									/* optional if list */
400
									$ifdescrs = get_configured_interface_list(true, true);
401
									/* remove special characters from interface descriptions */
402
									if (is_array($ifdescrs)) {
403
										foreach ($ifdescrs as $iface) {
404
											$config['interfaces'][$iface]['descr'] = remove_bad_chars($config['interfaces'][$iface]['descr']);
405
										}
406
									}
407
									/* check for interface names with an alias */
408
									if (is_array($ifdescrs)) {
409
										foreach ($ifdescrs as $iface) {
410
											if (is_alias($config['interfaces'][$iface]['descr'])) {
411
												// Firewall rules
412
												$origname = $config['interfaces'][$iface]['descr'];
413
												$newname = $config['interfaces'][$iface]['descr'] . "Alias";
414
												update_alias_names_upon_change(array('filter', 'rule'), array('source', 'address'), $newname, $origname);
415
												update_alias_names_upon_change(array('filter', 'rule'), array('destination', 'address'), $newname, $origname);
416
												// NAT Rules
417
												update_alias_names_upon_change(array('nat', 'rule'), array('source', 'address'), $newname, $origname);
418
												update_alias_names_upon_change(array('nat', 'rule'), array('destination', 'address'), $newname, $origname);
419
												update_alias_names_upon_change(array('nat', 'rule'), array('target'), $newname, $origname);
420
												// Alias in an alias
421
												update_alias_names_upon_change(array('aliases', 'alias'), array('address'), $newname, $origname);
422
											}
423
										}
424
									}
425
									unlink_if_exists("{$g['tmp_path']}/config.cache");
426
									// Reset configuration version to something low
427
									// in order to force the config upgrade code to
428
									// run through with all steps that are required.
429
									$config['system']['version'] = "1.0";
430
									// Deal with descriptions longer than 63 characters
431
									for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) {
432
										if (count($config['filter']['rule'][$i]['descr']) > 63) {
433
											$config['filter']['rule'][$i]['descr'] = substr($config['filter']['rule'][$i]['descr'], 0, 63);
434
										}
435
									}
436
									// Move interface from ipsec to enc0
437
									for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) {
438
										if ($config['filter']['rule'][$i]['interface'] == "ipsec") {
439
											$config['filter']['rule'][$i]['interface'] = "enc0";
440
										}
441
									}
442
									// Convert icmp types
443
									// http://www.openbsd.org/cgi-bin/man.cgi?query=icmp&sektion=4&arch=i386&apropos=0&manpath=OpenBSD+Current
444
									for ($i = 0; isset($config["filter"]["rule"][$i]); $i++) {
445
										if ($config["filter"]["rule"][$i]['icmptype']) {
446
											switch ($config["filter"]["rule"][$i]['icmptype']) {
447
												case "echo":
448
													$config["filter"]["rule"][$i]['icmptype'] = "echoreq";
449
													break;
450
												case "unreach":
451
													$config["filter"]["rule"][$i]['icmptype'] = "unreach";
452
													break;
453
												case "echorep":
454
													$config["filter"]["rule"][$i]['icmptype'] = "echorep";
455
													break;
456
												case "squench":
457
													$config["filter"]["rule"][$i]['icmptype'] = "squench";
458
													break;
459
												case "redir":
460
													$config["filter"]["rule"][$i]['icmptype'] = "redir";
461
													break;
462
												case "timex":
463
													$config["filter"]["rule"][$i]['icmptype'] = "timex";
464
													break;
465
												case "paramprob":
466
													$config["filter"]["rule"][$i]['icmptype'] = "paramprob";
467
													break;
468
												case "timest":
469
													$config["filter"]["rule"][$i]['icmptype'] = "timereq";
470
													break;
471
												case "timestrep":
472
													$config["filter"]["rule"][$i]['icmptype'] = "timerep";
473
													break;
474
												case "inforeq":
475
													$config["filter"]["rule"][$i]['icmptype'] = "inforeq";
476
													break;
477
												case "inforep":
478
													$config["filter"]["rule"][$i]['icmptype'] = "inforep";
479
													break;
480
												case "maskreq":
481
													$config["filter"]["rule"][$i]['icmptype'] = "maskreq";
482
													break;
483
												case "maskrep":
484
													$config["filter"]["rule"][$i]['icmptype'] = "maskrep";
485
													break;
486
											}
487
										}
488
									}
489
									$config['diag']['ipv6nat'] = true;
490
									write_config();
491
									add_base_packages_menu_items();
492
									convert_config();
493
									conf_mount_ro();
494
									$savemsg = gettext("The m0n0wall configuration has been restored and upgraded to pfSense.");
495
									mark_subsystem_dirty("restore");
496
								}
497
								if (is_array($config['captiveportal'])) {
498
									foreach ($config['captiveportal'] as $cp) {
499
										if (isset($cp['enable'])) {
500
											/* for some reason ipfw doesn't init correctly except on bootup sequence */
501
											mark_subsystem_dirty("restore");
502
											break;
503
										}
504
									}
505
								}
506
								setup_serial_port();
507
								if (is_interface_mismatch() == true) {
508
									touch("/var/run/interface_mismatch_reboot_needed");
509
									clear_subsystem_dirty("restore");
510
									convert_config();
511
									header("Location: interfaces_assign.php");
512
									exit;
513
								}
514
								if (is_interface_vlan_mismatch() == true) {
515
									touch("/var/run/interface_mismatch_reboot_needed");
516
									clear_subsystem_dirty("restore");
517
									convert_config();
518
									header("Location: interfaces_assign.php");
519
									exit;
520
								}
521
							} else {
522
								$input_errors[] = gettext("The configuration could not be restored.");
523
							}
524
						}
525
					}
526
				} else {
527
					$input_errors[] = gettext("The configuration could not be restored (file upload error).");
528
				}
529
			}
530
		}
531

    
532
		if ($mode == "reinstallpackages") {
533
			header("Location: pkg_mgr_install.php?mode=reinstallall");
534
			exit;
535
		} else if ($mode == "clearpackagelock") {
536
			clear_subsystem_dirty('packagelock');
537
			$savemsg = "Package Lock Cleared";
538
		} else if ($mode == "restore_ver") {
539
			$input_errors[] = gettext("XXX - this feature may hose your config (do NOT backrev configs!) - billm");
540
			if ($ver2restore <> "") {
541
				$conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml";
542
				if (config_install($conf_file) == 0) {
543
					mark_subsystem_dirty("restore");
544
				} else {
545
					$input_errors[] = gettext("The configuration could not be restored.");
546
				}
547
			} else {
548
				$input_errors[] = gettext("No version selected.");
549
			}
550
		}
551
	}
552
}
553

    
554
$id = rand() . '.' . time();
555

    
556
$mth = ini_get('upload_progress_meter.store_method');
557
$dir = ini_get('upload_progress_meter.file.filename_template');
558

    
559
function build_area_list($showall) {
560
	global $config;
561

    
562
	$areas = array(
563
		"aliases" => gettext("Aliases"),
564
		"captiveportal" => gettext("Captive Portal"),
565
		"voucher" => gettext("Captive Portal Vouchers"),
566
		"dnsmasq" => gettext("DNS Forwarder"),
567
		"unbound" => gettext("DNS Resolver"),
568
		"dhcpd" => gettext("DHCP Server"),
569
		"dhcpdv6" => gettext("DHCPv6 Server"),
570
		"filter" => gettext("Firewall Rules"),
571
		"interfaces" => gettext("Interfaces"),
572
		"ipsec" => gettext("IPSEC"),
573
		"nat" => gettext("NAT"),
574
		"openvpn" => gettext("OpenVPN"),
575
		"installedpackages" => gettext("Package Manager"),
576
		"rrddata" => gettext("RRD Data"),
577
		"cron" => gettext("Scheduled Tasks"),
578
		"syslog" => gettext("Syslog"),
579
		"system" => gettext("System"),
580
		"staticroutes" => gettext("Static routes"),
581
		"sysctl" => gettext("System tunables"),
582
		"snmpd" => gettext("SNMP Server"),
583
		"shaper" => gettext("Traffic Shaper"),
584
		"vlans" => gettext("VLANS"),
585
		"wol" => gettext("Wake on LAN")
586
		);
587

    
588
	$list = array("" => gettext("All"));
589

    
590
	if ($showall) {
591
		return($list + $areas);
592
	} else {
593
		foreach ($areas as $area => $areaname) {
594
			if ($area === "rrddata" || check_and_returnif_section_exists($area) == true) {
595
				$list[$area] = $areaname;
596
			}
597
		}
598

    
599
		return($list);
600
	}
601
}
602

    
603
$pgtitle = array(gettext("Diagnostics"), gettext("Backup/Restore"));
604
include("head.inc");
605

    
606
if ($input_errors) {
607
	print_input_errors($input_errors);
608
}
609

    
610
if ($savemsg) {
611
	print_info_box($savemsg, 'success');
612
}
613

    
614
if (is_subsystem_dirty('restore')):
615
?>
616
	<br/>
617
	<form action="diag_reboot.php" method="post">
618
		<input name="Submit" type="hidden" value="Yes" />
619
		<?=print_info_box(gettext("The firewall configuration has been changed.") . "<br />" . gettext("The firewall is now rebooting."))?>
620
		<br />
621
	</form>
622
<?php
623
endif;
624

    
625
$tab_array = array();
626
$tab_array[] = array(gettext("Config History"), false, "diag_confbak.php");
627
$tab_array[] = array(gettext("Backup/Restore"), true, "diag_backup.php");
628
display_top_tabs($tab_array);
629

    
630
$form = new Form(false);
631
$form->setMultipartEncoding();	// Allow file uploads
632

    
633
$section = new Form_Section('Backup configuration');
634

    
635
$section->addInput(new Form_Select(
636
	'backuparea',
637
	'Backup area',
638
	'',
639
	build_area_list(false)
640
));
641

    
642
$section->addInput(new Form_Checkbox(
643
	'nopackages',
644
	'Skip packages',
645
	'Do not backup package information.',
646
	false
647
));
648

    
649
$section->addInput(new Form_Checkbox(
650
	'donotbackuprrd',
651
	'Skip RRD data',
652
	'Do not backup RRD data (NOTE: RRD Data can consume 4+ megabytes of config.xml space!)',
653
	true
654
));
655

    
656
$section->addInput(new Form_Checkbox(
657
	'encrypt',
658
	'Encryption',
659
	'Encrypt this configuration file.',
660
	false
661
));
662

    
663
$section->addInput(new Form_Input(
664
	'encrypt_password',
665
	null,
666
	'password',
667
	null,
668
	['placeholder' => 'Password']
669
));
670

    
671
$section->addInput(new Form_Input(
672
	'encrypt_passconf',
673
	null,
674
	'password',
675
	null,
676
	['placeholder' => 'Confirm password']
677
));
678

    
679
$group = new Form_Group('');
680
$group->add(new Form_Button(
681
	'Submit',
682
	'Download configuration as XML'
683
));
684

    
685
$section->add($group);
686
$form->add($section);
687

    
688
$section = new Form_Section('Restore backup');
689

    
690
$section->addInput(new Form_StaticText(
691
	null,
692
	gettext("Open a ") . $g['[product_name'] . gettext(" configuration XML file and click the button below to restore the configuration.")
693
));
694

    
695
$section->addInput(new Form_Select(
696
	'restorearea',
697
	'Restore area',
698
	'',
699
	build_area_list(false)
700
));
701

    
702
$section->addInput(new Form_Input(
703
	'conffile',
704
	'Configuration file',
705
	'file',
706
	null
707
));
708

    
709
$section->addInput(new Form_Checkbox(
710
	'decrypt',
711
	'Encryption',
712
	'Configuration file is encrypted.',
713
	false
714
));
715

    
716
$section->addInput(new Form_Input(
717
	'decrypt_password',
718
	null,
719
	'password',
720
	null,
721
	['placeholder' => 'Password']
722
));
723

    
724
$section->addInput(new Form_Input(
725
	'decrypt_passconf',
726
	null,
727
	'password',
728
	null,
729
	['placeholder' => 'Confirm password']
730
));
731

    
732
$group = new Form_Group('');
733
$group->add(new Form_Button(
734
	'Submit',
735
	'Restore Configuration'
736
))->setHelp('The firewall will reboot after restoring the configuration.')->removeClass('btn-primary')->addClass('btn-danger restore');
737

    
738
$section->add($group);
739

    
740
$form->add($section);
741

    
742
if (($config['installedpackages']['package'] != "") || (is_subsystem_dirty("packagelock"))) {
743
	$section = new Form_Section('Package functions');
744

    
745
	if ($config['installedpackages']['package'] != "") {
746
		$group = new Form_Group('');
747
		$group->add(new Form_Button(
748
			'Submit',
749
			'Reinstall Packages'
750
		))->setHelp('Click this button to reinstall all system packages.  This may take a while.')->removeClass('btn-primary')->addClass('btn-success');
751

    
752
		$section->add($group);
753
	}
754

    
755
	if (is_subsystem_dirty("packagelock")) {
756
		$group = new Form_Group('');
757
		$group->add(new Form_Button(
758
			'Submit',
759
			'Clear Package Lock'
760
		))->setHelp('Click this button to clear the package lock if a package fails to reinstall properly after an upgrade.')->removeClass('btn-primary')->addClass('btn-warning');
761

    
762
		$section->add($group);
763
	}
764

    
765
	$form->add($section);
766
}
767

    
768
print($form);
769
?>
770
<script type="text/javascript">
771
//<![CDATA[
772
events.push(function() {
773

    
774
	// ------- Show/hide sections based on checkbox settings --------------------------------------
775

    
776
	function hideSections(hide) {
777
		hidePasswords();
778
	}
779

    
780
	function hidePasswords() {
781

    
782
		encryptHide = !($('input[name="encrypt"]').is(':checked'));
783
		decryptHide = !($('input[name="decrypt"]').is(':checked'));
784

    
785
		hideInput('encrypt_password', encryptHide);
786
		hideInput('encrypt_passconf', encryptHide);
787
		hideInput('decrypt_password', decryptHide);
788
		hideInput('decrypt_passconf', decryptHide);
789
	}
790

    
791
	// ---------- Click handlers ------------------------------------------------------------------
792

    
793
	$('input[name="encrypt"]').on('change', function() {
794
		hidePasswords();
795
	});
796

    
797
	$('input[name="decrypt"]').on('change', function() {
798
		hidePasswords();
799
	});
800

    
801
	$('#conffile').change(function () {
802
		$('.restore').prop('disabled', false);
803
    });
804
	// ---------- On initial page load ------------------------------------------------------------
805

    
806
	hideSections();
807
	$('.restore').prop('disabled', true);
808
});
809
//]]>
810
</script>
811

    
812
<?php
813
include("foot.inc");
814

    
815
if (is_subsystem_dirty('restore')) {
816
	system_reboot();
817
}
(7-7/228)