|
1
|
<?php
|
|
2
|
/*
|
|
3
|
* autoconfigbackup.inc
|
|
4
|
*
|
|
5
|
* part of pfSense (https://www.pfsense.org)
|
|
6
|
* Copyright (c) 2008-2013 BSD Perimeter
|
|
7
|
* Copyright (c) 2013-2016 Electric Sheep Fencing
|
|
8
|
* Copyright (c) 2014-2021 Rubicon Communications, LLC (Netgate)
|
|
9
|
* All rights reserved.
|
|
10
|
*
|
|
11
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
12
|
* you may not use this file except in compliance with the License.
|
|
13
|
* You may obtain a copy of the License at
|
|
14
|
*
|
|
15
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
16
|
*
|
|
17
|
* Unless required by applicable law or agreed to in writing, software
|
|
18
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
19
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
20
|
* See the License for the specific language governing permissions and
|
|
21
|
* limitations under the License.
|
|
22
|
*/
|
|
23
|
|
|
24
|
/*
|
|
25
|
* This file is called by CRON every few minutes to upload ACB backups to the server.
|
|
26
|
* This allows the GUI to remain responsive. Backup files are deleted after upload.
|
|
27
|
*/
|
|
28
|
|
|
29
|
require_once("filter.inc");
|
|
30
|
require_once("notices.inc");
|
|
31
|
|
|
32
|
$lockfile = "/tmp/acb.lock";
|
|
33
|
// Check for
|
|
34
|
if (file_exists($lockfile)) {
|
|
35
|
if (time()-filemtime(lockfile) > (60 * 60)) {
|
|
36
|
// The lock file is more than an hour old. Something probably went wrong
|
|
37
|
unlink($lockfile);
|
|
38
|
log_error("Stale ACB lock file removed");
|
|
39
|
} else {
|
|
40
|
exit();
|
|
41
|
}
|
|
42
|
}
|
|
43
|
|
|
44
|
touch($lockfile);
|
|
45
|
|
|
46
|
// Location of backup file pairs
|
|
47
|
$acbuploadpath = $g['acbbackuppath'];
|
|
48
|
// systems we do not allow
|
|
49
|
$badreasons = array("snort", "pfblocker", "minicron", "merged in config");
|
|
50
|
// List any ACB file pairs that have been created
|
|
51
|
$files = glob($acbuploadpath . '*.form');
|
|
52
|
|
|
53
|
if (count($files) > 0) {
|
|
54
|
// Sort them, oldest first
|
|
55
|
usort($files, function($a, $b) {
|
|
56
|
return filemtime($a) - filemtime($b);
|
|
57
|
});
|
|
58
|
|
|
59
|
// Upload them to the server
|
|
60
|
foreach ($files as $file) {
|
|
61
|
$basename = basename($file, ".form");
|
|
62
|
upload($basename);
|
|
63
|
}
|
|
64
|
}
|
|
65
|
|
|
66
|
unlink($lockfile);
|
|
67
|
|
|
68
|
function upload($basename) {
|
|
69
|
global $acbuploadpath, $badreasons;
|
|
70
|
|
|
71
|
// Retrieve the data to send
|
|
72
|
// Retrieve the form data
|
|
73
|
$formdata = file_get_contents($acbuploadpath . $basename . ".form");
|
|
74
|
$post_fields = json_decode($formdata, true);
|
|
75
|
// Add the backup data file
|
|
76
|
$post_fields['file'] = curl_file_create($acbuploadpath . $basename . ".data", 'image/jpg', 'config.jpg');
|
|
77
|
|
|
78
|
// Ensure there are no backups from systems we do not allow
|
|
79
|
foreach ($badreasons as $term) {
|
|
80
|
if (strpos(strtolower($post_fields['reason']), $term) !== false) {
|
|
81
|
unlink_if_exists($acbuploadpath . $basename . ".data");
|
|
82
|
unlink_if_exists($acbuploadpath . $basename . ".form");
|
|
83
|
return;
|
|
84
|
}
|
|
85
|
}
|
|
86
|
|
|
87
|
// Check configuration into the ESF repo (Copied from /etc/inc/acb.inc)
|
|
88
|
$curl_session = curl_init();
|
|
89
|
|
|
90
|
curl_setopt($curl_session, CURLOPT_URL, "https://acb.netgate.com/save");
|
|
91
|
curl_setopt($curl_session, CURLOPT_POST, count($post_fields));
|
|
92
|
curl_setopt($curl_session, CURLOPT_POSTFIELDS, $post_fields);
|
|
93
|
curl_setopt($curl_session, CURLOPT_RETURNTRANSFER, 1);
|
|
94
|
curl_setopt($curl_session, CURLOPT_SSL_VERIFYPEER, 1);
|
|
95
|
curl_setopt($curl_session, CURLOPT_CONNECTTIMEOUT, 55);
|
|
96
|
curl_setopt($curl_session, CURLOPT_TIMEOUT, 30);
|
|
97
|
curl_setopt($curl_session, CURLOPT_USERAGENT, $g['product_label'] . '/' . rtrim(file_get_contents("/etc/version")));
|
|
98
|
// Proxy
|
|
99
|
set_curlproxy($curl_session);
|
|
100
|
|
|
101
|
$data = curl_exec($curl_session);
|
|
102
|
|
|
103
|
if (curl_errno($curl_session)) {
|
|
104
|
$fd = fopen("/tmp/backupdebug.txt", "w");
|
|
105
|
fwrite($fd, $upload_url . "" . $fields_string . "\n\n");
|
|
106
|
fwrite($fd, $data);
|
|
107
|
fwrite($fd, curl_error($curl_session));
|
|
108
|
fclose($fd);
|
|
109
|
} else {
|
|
110
|
curl_close($curl_session);
|
|
111
|
}
|
|
112
|
|
|
113
|
// Delete the backup files, whether it worked or not
|
|
114
|
unlink_if_exists($acbuploadpath . $basename . ".data");
|
|
115
|
unlink_if_exists($acbuploadpath . $basename . ".form");
|
|
116
|
|
|
117
|
if (strpos($data, "500") != false) {
|
|
118
|
$notice_text = sprintf(gettext(
|
|
119
|
"An error occurred while uploading your %s configuration to "), $g['product_label']) .
|
|
120
|
$upload_url . " (" . htmlspecialchars($data) . ")";
|
|
121
|
log_error($notice_text . " - " . $data);
|
|
122
|
file_notice("AutoConfigBackup", $notice_text);
|
|
123
|
update_filter_reload_status($notice_text);
|
|
124
|
} else {
|
|
125
|
// Update last pfS backup time
|
|
126
|
$fd = fopen("/cf/conf/lastpfSbackup.txt", "w");
|
|
127
|
fwrite($fd, $config['revision']['time']);
|
|
128
|
fclose($fd);
|
|
129
|
$notice_text = "End of configuration backup to " . $upload_url . " (success).";
|
|
130
|
log_error($notice_text);
|
|
131
|
update_filter_reload_status($notice_text);
|
|
132
|
}
|
|
133
|
}
|