. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ ##|+PRIV ##|*IDENT=page-diagnostics-backup/restore ##|*NAME=Diagnostics: Backup/restore page ##|*DESCR=Allow access to the 'Diagnostics: Backup/restore' page. ##|*MATCH=diag_backup.php* ##|-PRIV /* Allow additional execution time 0 = no limit. */ ini_set('max_execution_time', '3600'); ini_set('max_input_time', '3600'); /* omit no-cache headers because it confuses IE with file downloads */ $omit_nocacheheaders = true; require("guiconfig.inc"); function remove_bad_chars($string) { return preg_replace('/[^a-z|_|0-9]/i','',$string); } function check_and_returnif_section_exists($section) { global $config; if(is_array($config[$section])) return true; return false; } function spit_out_select_items($area, $showall) { global $config; $areas = array("aliases" => "Aliases", "captiveportal" => "Captive Portal", "dnsmasq" => "DNS Forwarder", "dhcpd" => "DHCP Server", "filter" => "Firewall Rules", "interfaces" => "Interfaces", "ipsec" => "IPSEC", "nat" => "NAT", "ovpn" => "OpenVPN", "installedpackages" => "Package Manager", "pptpd" => "PPTP Server", "cron" => "Scheduled Tasks", "syslog" => "Syslog", "system" => "System", "staticroutes" => "Static routes", "sysctl" => "System tunables", "snmpd" => "SNMP Server", "shaper" => "Traffic Shaper", "vlans" => "VLANS", "wol" => "Wake on LAN" ); $select = "\n"; echo $select; } if ($_POST) { unset($input_errors); if (stristr($_POST['Submit'], "Restore configuration")) $mode = "restore"; else if (stristr($_POST['Submit'], "Reinstall")) $mode = "reinstallpackages"; else if (stristr($_POST['Submit'], "Download")) $mode = "download"; else if (stristr($_POST['Submit'], "Restore version")) $mode = "restore_ver"; if ($_POST["nopackages"] <> "") $options = "nopackages"; if ($_POST["ver"] <> "") $ver2restore = $_POST["ver"]; if ($mode) { if ($mode == "download") { if ($_POST['encrypt']) { if(!$_POST['encrypt_password'] || !$_POST['encrypt_passconf']) $input_errors[] = "You must supply and confirm the password for encryption."; if($_POST['encrypt_password'] != $_POST['encrypt_passconf']) $input_errors[] = "The supplied 'Password' and 'Confirm' field values must match."; } if (!$input_errors) { config_lock(); $host = "{$config['system']['hostname']}.{$config['system']['domain']}"; $name = "config-{$host}-".date("YmdHis").".xml"; $data = ""; if($options == "nopackages") { $sfn = "/tmp/config.xml.nopkg"; exec("sed '//,/<\/installedpackages>/d' /conf/config.xml > {$sfn}"); $data = file_get_contents($sfn); } else { if(!$_POST['backuparea']) { /* backup entire configuration */ $data = file_get_contents("{$g['conf_path']}/config.xml"); } else { /* backup specific area of configuration */ $data = backup_config_section($_POST['backuparea']); $name = "{$_POST['backuparea']}-{$name}"; } } if ($_POST['encrypt']) { $data = encrypt_data($data, $_POST['encrypt_password']); tagfile_reformat($data, $data, "config.xml"); } $size = strlen($data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$name}"); header("Content-Length: $size"); echo $data; config_unlock(); exit; } } if ($mode == "restore") { if ($_POST['decrypt']) { if(!$_POST['decrypt_password'] || !$_POST['decrypt_passconf']) $input_errors[] = "You must supply and confirm the password for decryption."; if($_POST['decrypt_password'] != $_POST['decrypt_passconf']) $input_errors[] = "The supplied 'Password' and 'Confirm' field values must match."; } if (!$input_errors) { if (is_uploaded_file($_FILES['conffile']['tmp_name'])) { /* read the file contents */ $data = file_get_contents($_FILES['conffile']['tmp_name']); if(!$data) { log_error("Warning, could not read file " . $_FILES['conffile']['tmp_name']); return 1; } if ($_POST['decrypt']) { if (!tagfile_deformat($data, $data, "config.xml")) { $input_errors[] = "The uploaded file does not appear to contain an encrypted pfsense configuration."; return 1; } $data = decrypt_data($data, $_POST['decrypt_password']); } if(stristr($data, "m0n0wall")) { log_error("Upgrading m0n0wall configuration to pfsense."); /* m0n0wall was found in config. convert it. */ $data = str_replace("m0n0wall", "pfsense", $data); $m0n0wall_upgrade = true; } if($_POST['restorearea']) { /* restore a specific area of the configuration */ if(!stristr($data, $_POST['restorearea'])) { $input_errors[] = "You have selected to restore a area but we could not locate the correct xml tag."; } else { restore_config_section($_POST['restorearea'], $data); filter_configure(); $savemsg = "The configuration area has been restored. You may need to reboot the firewall."; } } else { if(!stristr($data, "")) { $input_errors[] = "You have selected to restore the full configuration but we could not locate a pfsense tag."; } else { /* restore the entire configuration */ file_put_contents($_FILES['conffile']['tmp_name'], $data); if (config_install($_FILES['conffile']['tmp_name']) == 0) { /* this will be picked up by /index.php */ conf_mount_rw(); if($g['platform'] <> "cdrom") touch("/needs_package_sync"); $reboot_needed = true; $savemsg = "The configuration has been restored. The firewall is now rebooting."; /* remove cache, we will force a config reboot */ if(file_exists("/tmp/config.cache")) unlink("/tmp/config.cache"); $config = parse_config(true); if($m0n0wall_upgrade == true) { if($config['system']['gateway'] <> "") $config['interfaces']['wan']['gateway'] = $config['system']['gateway']; unset($config['shaper']); /* optional if list */ $ifdescrs = get_configured_interface_list(true, true); /* remove special characters from interface descriptions */ if(is_array($ifdescrs)) foreach($ifdescrs as $iface) $config['interfaces'][$iface]['descr'] = remove_bad_chars($config['interfaces'][$iface]['descr']); unlink_if_exists("/tmp/config.cache"); write_config(); conf_mount_ro(); $savemsg = "The m0n0wall configuration has been restored and upgraded to pfSense.

The firewall is now rebooting."; $reboot_needed = true; } if(isset($config['captiveportal']['enable'])) { /* for some reason ipfw doesn't init correctly except on bootup sequence */ $savemsg = "The configuration has been restored.

The firewall is now rebooting."; $reboot_needed = true; } setup_serial_port(); if(is_interface_mismatch() == true) { touch("/var/run/interface_mismatch_reboot_needed"); $reboot_needed = false; header("Location: interfaces_assign.php"); } } else { $input_errors[] = "The configuration could not be restored."; } } } } else { $input_errors[] = "The configuration could not be restored (file upload error)."; } } } if ($mode == "reinstallpackages") { header("Location: pkg_mgr_install.php?mode=reinstallall"); exit; } else if ($mode == "restore_ver") { $input_errors[] = "XXX - this feature may hose your config (do NOT backrev configs!) - billm"; if ($ver2restore <> "") { $conf_file = "{$g['cf_conf_path']}/bak/config-" . strtotime($ver2restore) . ".xml"; if (config_install($conf_file) == 0) { $reboot_needed = true; $savemsg = "The configuration has been restored. The firewall is now rebooting."; } else { $input_errors[] = "The configuration could not be restored."; } } else { $input_errors[] = "No version selected."; } } } } $id = rand() . '.' . time(); $mth = ini_get('upload_progress_meter.store_method'); $dir = ini_get('upload_progress_meter.file.filename_template'); $pgtitle = array("Diagnostics","Backup/restore"); include("head.inc"); ?>

Backup configuration

Click this button to download the system configuration in XML format.

Backup area:

Do not backup package information.

Encrypt this configuration file.

Password :
confirm :

Restore configuration

Open a configuration XML file and click the button below to restore the configuration.

Restore area:

Configuration file is encrypted.

Password :
confirm :

Note:
The firewall may need a reboot after restoring the configuration.

Reinstall packages

Click this button to reinstall all system packages. This may take a while.