lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-15 17:14:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

system: second part for #2535

Browse Source
This commit is contained in:
Franco Fichtner 2018-07-17 08:45:13 +02:00
parent 922c341974
commit 50fb5bcb0c
3 changed files with 48 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/opnsense/mvc/app/library/OPNsense/Backup/Base.php
View File

@ -1,30 +1,29 @@
<?php
/**
* Copyright (C) 2018 Deciso B.V.
/*
* Copyright (C) 2018 Deciso B.V.
* All rights reserved.
*
* All rights reserved.
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
namespace OPNsense\Backup;
@ -41,7 +40,7 @@ abstract class Base
* @param string $pass passphrase to use
* @return string base64 encoded crypted data
*/
public function encrypt($data, $pass)
public function encrypt($data, $pass, $tag = 'config.xml')
{
$file = tempnam(sys_get_temp_dir(), 'php-encrypt');
@unlink($file);
@ -56,9 +55,15 @@ abstract class Base
@unlink("{$file}.dec");
if (file_exists("{$file}.enc")) {
$result = file_get_contents("{$file}.enc");
$version = strtok(file_get_contents('/usr/local/opnsense/version/opnsense'), '-');
$result = "---- BEGIN {$tag} ----\n";
$result .= "Version: OPNsense {$version}\n"; /* XXX hardcoded product name */
$result .= "Cipher: AES-256-CBC\n";
$result .= "Hash: MD5\n\n";
$result .= chunk_split(base64_encode(file_get_contents("{$file}.enc")));
$result .= "\n---- END {$tag} ----\n";
@unlink("{$file}.enc");
return base64_encode($result);
return $result;
} else {
syslog(LOG_ERR, 'Failed to encrypt data!');
return null;
@ -71,11 +76,26 @@ abstract class Base
* @param string $pass passphrase to use
* @return string data
*/
public function decrypt($data, $pass)
public function decrypt($data, $pass, $tag = 'config.xml')
{
$file = tempnam(sys_get_temp_dir(), 'php-encrypt');
@unlink($file);
$data = explode("\n", $out);
foreach ($data as $key => $val) {
/* XXX remove helper lines for now */
if (strpos($val, ':') !== false) {
unset($out[$key]);
} else if (strpos($val, "---- BEGIN {$tag} ----")) {
unset($out[$key]);
} else if (strpos($val, "---- END {$tag} ----")) {
unset($out[$key]);
}
}
$data = implode("\n", $data);
file_put_contents("{$file}.dec", base64_decode($data));
exec(sprintf(
'/usr/local/bin/openssl enc -d -aes-256-cbc -md md5 -in %s -out %s -pass pass:%s',

4
src/opnsense/mvc/app/library/OPNsense/Backup/GDrive.php
View File

@ -199,9 +199,7 @@ class Gdrive extends Base implements IBackupProvider
// backup source data to local strings (plain/encrypted)
$confdata = file_get_contents('/conf/config.xml');
$confdata_enc = chunk_split(
$this->encrypt($confdata, (string)$config->system->remotebackup->GDrivePassword)
);
$confdata_enc = $this->encrypt($confdata, (string)$config->system->remotebackup->GDrivePassword);
// read filelist ({prefix}*.xml)
try {

4
src/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php
View File

@ -141,9 +141,7 @@ class Nextcloud extends Base implements IBackupProvider
// backup source data to local strings (plain/encrypted)
$confdata = file_get_contents('/conf/config.xml');
if (!empty($crypto_password)) {
$confdata = chunk_split(
$this->encrypt($confdata, $crypto_password)
);
$confdata = $this->encrypt($confdata, $crypto_password)
}
try {
$directories = $this->listFiles($url, $username, $password, '/');