|
1
|
/*
|
|
2
|
* cryptconfig
|
|
3
|
*
|
|
4
|
* part of pfSense (https://www.pfsense.org)
|
|
5
|
* Copyright (c) 2022 Rubicon Communications, LLC (Netgate)
|
|
6
|
* All rights reserved.
|
|
7
|
*
|
|
8
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
9
|
* you may not use this file except in compliance with the License.
|
|
10
|
* You may obtain a copy of the License at
|
|
11
|
*
|
|
12
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
13
|
*
|
|
14
|
* Unless required by applicable law or agreed to in writing, software
|
|
15
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
16
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
17
|
* See the License for the specific language governing permissions and
|
|
18
|
* limitations under the License.
|
|
19
|
*/
|
|
20
|
|
|
21
|
require_once("config.inc");
|
|
22
|
require_once("crypt.inc");
|
|
23
|
|
|
24
|
function usage() {
|
|
25
|
echo "Usage: playback cryptconfig <action> <input filename> <output filename>\n\n";
|
|
26
|
echo "Script will prompt for password input.\n\n";
|
|
27
|
echo "Examples:\n";
|
|
28
|
echo "playback crypt encrypt /conf/config.xml /root/config-backup.xml\n";
|
|
29
|
echo "playback crypt decrypt /root/config-backup.xml /root/config.xml\n";
|
|
30
|
echo "\n";
|
|
31
|
}
|
|
32
|
|
|
33
|
global $g, $config, $argv, $command_split;
|
|
34
|
|
|
35
|
if (is_array($command_split)) {
|
|
36
|
$args = array_slice($command_split, 2);
|
|
37
|
} else {
|
|
38
|
$args = array_slice($argv, 3);
|
|
39
|
}
|
|
40
|
|
|
41
|
if (empty($args[0])) {
|
|
42
|
usage();
|
|
43
|
}
|
|
44
|
|
|
45
|
$extras = array();
|
|
46
|
|
|
47
|
// encrypt, decrypt
|
|
48
|
$action = $args[0];
|
|
49
|
|
|
50
|
// input file
|
|
51
|
$in_file = $args[1];
|
|
52
|
|
|
53
|
if (!file_exists($in_file)) {
|
|
54
|
echo gettext("Input file does not exist.") . "\n";
|
|
55
|
exit(-1);
|
|
56
|
}
|
|
57
|
|
|
58
|
// input file
|
|
59
|
$out_file = $args[2];
|
|
60
|
|
|
61
|
if (file_exists($out_file)) {
|
|
62
|
echo gettext("Output file already exists.") . "\n";
|
|
63
|
exit(-1);
|
|
64
|
}
|
|
65
|
|
|
66
|
$password = "";
|
|
67
|
$confpassword = "";
|
|
68
|
|
|
69
|
$fp = fopen('php://stdin', 'r');
|
|
70
|
while (empty($password)) {
|
|
71
|
echo gettext("Enter the encryption password") . ": ";
|
|
72
|
exec('/bin/stty -echo');
|
|
73
|
$password = trim(fgets($fp));
|
|
74
|
exec('/bin/stty echo');
|
|
75
|
echo "\n";
|
|
76
|
}
|
|
77
|
|
|
78
|
if ($action == 'encrypt') {
|
|
79
|
// Confirm password
|
|
80
|
while (empty($confpassword)) {
|
|
81
|
echo gettext("Confirm encryption password") . ": ";
|
|
82
|
exec('/bin/stty -echo');
|
|
83
|
$confpassword = trim(fgets($fp));
|
|
84
|
exec('/bin/stty echo');
|
|
85
|
echo "\n";
|
|
86
|
}
|
|
87
|
if ($password != $confpassword) {
|
|
88
|
echo gettext("New and Confirm passwords did not match.") . "\n";
|
|
89
|
exit(-1);
|
|
90
|
}
|
|
91
|
}
|
|
92
|
|
|
93
|
$data = file_get_contents($in_file);
|
|
94
|
|
|
95
|
if (!$data) {
|
|
96
|
echo gettext("Could not read input file, or input file is empty.") . "\n";
|
|
97
|
exit(-1);
|
|
98
|
}
|
|
99
|
|
|
100
|
if ($action == 'decrypt') {
|
|
101
|
if (!tagfile_deformat($data, $data, "config.xml")) {
|
|
102
|
echo gettext("The input file does not appear to contain an ecnrypted config.xml.") . "\n";
|
|
103
|
exit(-1);
|
|
104
|
} else {
|
|
105
|
echo gettext("Decrypting data...");
|
|
106
|
$data = decrypt_data($data, $password);
|
|
107
|
if (empty($data)) {
|
|
108
|
echo gettext("File decryption failed. Incorrect password or file is invalid.") . "\n";
|
|
109
|
exit(-1);
|
|
110
|
}
|
|
111
|
}
|
|
112
|
} elseif ($action == 'encrypt') {
|
|
113
|
echo gettext("Encrypting data...");
|
|
114
|
$data = encrypt_data($data, $password);
|
|
115
|
tagfile_reformat($data, $data, "config.xml");
|
|
116
|
}
|
|
117
|
file_put_contents($out_file, $data);
|
|
118
|
echo gettext("Done") . "\n";
|