lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-16 17:44:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

sync with master

Browse Source
This commit is contained in:
Ad Schellevis 2015-03-19 09:34:39 +01:00
parent a156c466fe
commit 93907b65ce
4 changed files with 0 additions and 1034 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/etc/rc.create_full_backup
View File

@ -1,18 +0,0 @@
#!/bin/sh
FILENAME="pfSense-full-backup-`date "+%Y%m%d-%H%M"`.tgz"
echo ">>> Creating full backup to /root/$FILENAME"
tar czPf /root/$FILENAME \
--exclude dev/* \
--exclude tmp/* \
--exclude var/db \
--exclude var/run/* \
--exclude root/* \
--exclude var/empty/* \
--exclude var/empty \
--exclude var/etc \
/
echo ">>> Backup completed. Note: this backup includes config.xml!"
echo ">>> To restore this backup run this command:"
echo " /usr/local/etc/rc.restore_full_backup /root/$FILENAME"

508
src/etc/rc.firmware
View File

@ -1,508 +0,0 @@
#!/bin/sh
# originally part of m0n0wall (http://neon1.net/m0n0wall)
# Copyright (C) 2005-2009 Scott Ullrich <sullrich@pfsense.org>.
# Copyright (C) 2003 Manuel Kasper <mk@neon1.net>.
# All rights reserved.
# Reset file(s)
echo "" >/conf/upgrade_log.txt
echo "" >/conf/firmware_update_misc_log.txt
echo "" >/conf/fdisk_upgrade_log.txt
exec 3>&2 2>>/conf/firmware_update_misc_log.txt
export ACTION=$1
export IMG=$2
if [ $# -eq 3 ]; then
export CUSTOMIMG=$3
fi
if [ $ACTION != "upgrade" ]; then
/sbin/umount -f /ftmp > /dev/null 2>&1
fi
file_notice() {
/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDOFF
<?php
require_once("globals.inc");
require_once("functions.inc");
file_notice("$1", "$2", "$1", "");
?>
ENDOFF
}
output_env_to_log() {
date >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
ls -lah /dev/ >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
ls -lah $IMG >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
md5 $IMG >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
mount >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
top >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
}
backup_chflags() {
TOPROCESS="bin lib libexec sbin usr"
for files in $TOPROCESS; do
/usr/sbin/mtree -Pcp /${files} | bzip2 -9 > /tmp/chflags.dist.${files}.bz2 2>> /conf/upgrade_log.txt
done
}
restore_chflags() {
TOPROCESS="bin lib libexec sbin usr"
for files in $TOPROCESS; do
cd / && /usr/bin/bzcat /tmp/chflags.dist.${files}.bz2 | /usr/sbin/mtree -PU -p /${files} >> /conf/upgrade_log.txt 2>&1
done
}
remove_chflags() {
TOPROCESS="bin lib libexec sbin usr"
for files in $TOPROCESS; do
/bin/chflags -R noschg /${files}
/bin/chmod -R u+rw /${files}
done
}
binary_update() {
TGZ=$1
ERR_F="/tmp/bdiff.log"
rm ${ERR_F} 2>/dev/null
/bin/mkdir /tmp/patched /tmp/patches 2>>${ERR_F}
# Save the old shutdown binary. If we switch from i386 to amd64 (or back) the reboot binary won't run at the end since it doesn't match up.
/bin/cp -p /sbin/shutdown /sbin/shutdown.old
backup_chflags
remove_chflags
cd /tmp/patches
for i in `/usr/bin/tar tvzf $TGZ | egrep -v "(^d|_md5)" | nawk '{print $9;}'`;
do
FILE=`basename ${i}`
echo "Working on ${i}"
# Untar patch file and md5 files
/usr/bin/tar xzf ${TGZ} ${i} ${i}.old_file_md5 ${i}.new_patch_md5 ${i}.new_file_md5 2>>${ERR_F}
# Apply patch - oldfile newfile patchfile
/usr/local/bin/bspatch /${i} /tmp/patched/${FILE} /tmp/patches/${i} 2>>${ERR_F}
OLD_FILE_MD5=`cat /tmp/patches/${i}.old_file_md5 2>/dev/null`
NEW_PATCH_MD5=`cat /tmp/patches/${i}.new_patch_md5 2>/dev/null`
NEW_FILE_MD5=`cat /tmp/patches/${i}.new_file_md5 2>/dev/null`
PATCHED_MD5=`/sbin/md5 -q /tmp/patched/${FILE} 2>/dev/null`
if [ "$PATCHED_MD5" = "$NEW_PATCH_MD5" ]; then
/usr/bin/install -S /tmp/patched/${FILE} /${i}
else
#echo "${i} file does not match intended final md5."
echo "${i} file does not match intended final md5." >> ${ERR_F}
fi
/bin/rm /tmp/patched/${FILE} >> ${ERR_F}
/bin/rm /tmp/patches/${i} >> ${ERR_F}
/bin/rm /tmp/patches/${i}.* >> ${ERR_F}
done
/bin/rm -rf /tmp/patched /tmp/patches >> ${ERR_F}
restore_chflags
}
case $ACTION in
enable)
touch /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
echo "Enable" >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
;;
auto)
touch /var/run/firmwarelock.dirty
backup_chflags
remove_chflags
/usr/local/etc/rc.firmware_auto
restore_chflags
;;
pfSenseNanoBSDupgrade)
# Sanity check - bail early if there's no firmware file!
if [ ! -r $IMG ]; then
echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1
exit 1
fi
# Prevent full upgrade file from being used to upgrade
if [ `echo $IMG | grep "full"` ]; then
echo "You cannot use a full file for upgrade. Please use a file labeled nanobsd upgrade."
file_notice "NanoBSDUpgradeFailure" "You have attemped to use a full NanoBSD installation file as an upgrade. Please use a NanoBSD file labeled 'upgrade' instead."
rm -f $IMG
exit 1
fi
touch /var/run/firmwarelock.dirty
echo "NanoBSD Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade in progress..." | wall
/usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade in progress..."
# backup config
/bin/mkdir -p /tmp/configbak
cp -Rp /conf/* /tmp/configbak 2>/dev/null
# Remove logs from backup dir to avoid clobbering upon restore.
rm /tmp/configbak/*_log.txt 2>/dev/null
echo "" >> /conf/upgrade_log.txt
echo "Installing ${IMG}." >> /conf/upgrade_log.txt 2>&1
echo "Installing ${IMG}." | wall
# resolve glabel label that we booted from
BOOT_DEVICE=`/sbin/mount | /usr/bin/grep pfsense | /usr/bin/cut -d'/' -f4 | /usr/bin/cut -d' ' -f1`
# resolve glabel to the real boot dev entry
REAL_BOOT_DEVICE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/${BOOT_DEVICE} | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' '`
# grab the boot device, example ad1, ad0
BOOT_DRIVE=`/sbin/glabel list | /usr/bin/grep -B2 ufs/pfsense | /usr/bin/head -n 1 | /usr/bin/cut -f3 -d' ' | /usr/bin/cut -d's' -f1`
# test the slice. if we are on slice 1 we need to flash 2 and vica versa
if [ `echo $REAL_BOOT_DEVICE | /usr/bin/grep "s1"` ]; then
SLICE="2"
OLDSLICE="1"
TOFLASH="${BOOT_DRIVE}s${SLICE}"
COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"
GLABEL_SLICE="pfsense1"
UFS_ID="1"
OLD_UFS_ID="0"
else
SLICE="1"
OLDSLICE="2"
TOFLASH="${BOOT_DRIVE}s${SLICE}"
COMPLETE_PATH="${BOOT_DRIVE}s${SLICE}a"
GLABEL_SLICE="pfsense0"
UFS_ID="0"
OLD_UFS_ID="1"
fi
# Output specifc information that this script is using
echo "SLICE ${SLICE}" >> /conf/upgrade_log.txt
echo "OLDSLICE ${OLDSLICE}" >> /conf/upgrade_log.txt
echo "TOFLASH ${TOFLASH}" >> /conf/upgrade_log.txt
echo "COMPLETE_PATH ${COMPLETE_PATH}" >> /conf/upgrade_log.txt
echo "GLABEL_SLICE ${GLABEL_SLICE}" >> /conf/upgrade_log.txt
# First ensure the new file can fit inside the
# slice that we are going to be operating on.
NEW_IMG_SIZE=`echo $((\`gzip -l ${IMG} | grep -v compressed | awk '{ print $2}'\` / 1024 / 1024))`
SIZE=`/sbin/fdisk ${COMPLETE_PATH} | /usr/bin/grep Meg | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d"(" -f2`
# USB slices are under-reported even more than CF slices when viewed
# directly, instead of when looking at the entire disk. Compensate
# by adding exactly 6MB. 4MB was consistently 2MB too few, and
# was resulting in failing upgrades on USB Flash based installs.
SIZE=`expr $SIZE + 6`
if [ "$SIZE" -lt "$NEW_IMG_SIZE" ]; then
file_notice "UpgradeFailure" "Upgrade failed due to the upgrade image being larger than the partition that is configured on disk. Halting. Size on disk: $SIZE < Size of new image: $NEW_IMG_SIZE"
echo "Upgrade failed. Please check the system log file for more information" | wall
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
rm -f ${IMG}
exit 1
fi
# Output environment information to log file
output_env_to_log
# Grab a before upgrade look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "Before upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
# Log that we are really doing a NanoBSD upgrade
echo "" >> /conf/upgrade_log.txt
echo "NanoBSD upgrade starting" >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Remove TOFLASH and get ready for new flash image
echo "" >> /conf/upgrade_log.txt
echo "dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1" >> /conf/upgrade_log.txt
dd if=/dev/zero of=/dev/${TOFLASH} bs=1m count=1 >> /conf/upgrade_log.txt 2>&1
# Stream gzipped image to dd and explode image to new area
echo "" >> /conf/upgrade_log.txt
echo "/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k" >> /conf/upgrade_log.txt
/usr/bin/gzip -dc $IMG | /bin/dd of=/dev/${TOFLASH} obs=64k >> /conf/upgrade_log.txt 2>&1
# Grab a after upgrade look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "After upgrade fdisk/bsdlabel" >> /conf/upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
# Ensure that our new system is sound and bail if it is not and file a notice
echo "" >> /conf/upgrade_log.txt
echo "/sbin/fsck_ufs -y /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt
/sbin/fsck_ufs -y /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1
if [ $? != 0 ]; then
file_notice "UpgradeFailure" "{\$g['product_name']} upgrade has failed. Your system has been left in a usable state."
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
exit 1
fi
# Enable foot shooting
sysctl kern.geom.debugflags=16
# Add back the corresponding glabel
echo "" >> /conf/upgrade_log.txt
echo "/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH}" >> /conf/upgrade_log.txt
/sbin/tunefs -L ${GLABEL_SLICE} /dev/${COMPLETE_PATH} >> /conf/upgrade_log.txt 2>&1
# restore config
cp -Rp /tmp/configbak/* /conf 2>/dev/null
# Remove upgrade file
rm -f $IMG
# Mount newly prepared slice
mkdir /tmp/$GLABEL_SLICE
mount /dev/ufs/$GLABEL_SLICE /tmp/$GLABEL_SLICE
# If /boot/loader.conf.local exists
# copy to the other slice.
if [ -f /boot/loader.conf.local ]; then
cp /boot/loader.conf.local /tmp/$GLABEL_SLICE/boot/loader.conf.local
fi
# If /tmp/$GLABEL_SLICE/tmp/post_upgrade_command exists
# after update then execute the command.
echo "Checking for post_upgrade_command..." >> /conf/upgrade_log.txt
if [ -f /tmp/$GLABEL_SLICE/tmp/post_upgrade_command ]; then
echo "Found post_upgrade_command, executing ($GLABEL_SLICE)..." >> /conf/upgrade_log.txt
sh /tmp/$GLABEL_SLICE/tmp/post_upgrade_command $GLABEL_SLICE >> /conf/upgrade_log.txt 2>&1
fi
# Update fstab
cp /etc/fstab /tmp/$GLABEL_SLICE/etc/fstab
sed -i "" "s/pfsense${OLD_UFS_ID}/pfsense${UFS_ID}/g" /tmp/$GLABEL_SLICE/etc/fstab
if [ $? != 0 ]; then
echo "Something went wrong when trying to update the fstab entry. Aborting upgrade."
file_notice "UpgradeFailure" "Something went wrong when trying to update the fstab entry. Aborting upgrade."
rm -f $IMG
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
umount /tmp/$GLABEL_SLICE
exit 1
fi
echo "" >> /conf/upgrade_log.txt
cat /tmp/$GLABEL_SLICE/etc/fstab >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
find /tmp/$GLABEL_SLICE >/conf/file_upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Unmount newly prepared slice
umount /tmp/$GLABEL_SLICE
sync
# Set active mount slice in fdisk
echo "" >> /conf/upgrade_log.txt
echo "gpart set -a active -i ${SLICE} ${BOOT_DRIVE}" >> /conf/upgrade_log.txt
gpart set -a active -i ${SLICE} ${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1
sync
# Set active boot source - NanoBSD does not do this but otherwise we
# end up with the wrong partition being active.
echo "" >> /conf/upgrade_log.txt
echo "/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE}" >> /conf/upgrade_log.txt
/usr/sbin/boot0cfg -s ${SLICE} -v /dev/${BOOT_DRIVE} >> /conf/upgrade_log.txt 2>&1
# Disable foot shooting
sysctl kern.geom.debugflags=0
# Grab a final look at fdisk
echo "" >> /conf/fdisk_upgrade_log.txt
echo "Final upgrade fdisk/bsdlabel" >> /conf/fdisk_upgrade_log.txt
fdisk $BOOT_DRIVE >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s1 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s2 >> /conf/fdisk_upgrade_log.txt
bsdlabel -A ${BOOT_DRIVE}s3 >> /conf/fdisk_upgrade_log.txt
echo "---------------------------------------------------------------" >> /conf/fdisk_upgrade_log.txt
echo "" >> /conf/fdisk_upgrade_log.txt
date >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Trigger a package reinstallation on reobot
touch /conf/needs_package_sync
# remount /cf ro
/bin/sync
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1
echo "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds." | wall
/usr/local/etc/rc.notify_message -e -g -m "NanoBSD Firmware upgrade is complete. Rebooting in 10 seconds."
sleep 10
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
. /usr/local/etc/rc.reboot
;;
pfSenseupgrade)
# Sanity check - bail early if there's no firmware file!
if [ ! -r $IMG ]; then
echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1
exit
fi
# wait 1 seconds before beginning
sleep 1
# Log that we are really doing a pfSense upgrade
echo "" >> /conf/upgrade_log.txt
echo "pfSenseupgrade upgrade starting" >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
touch /var/run/firmwarelock.dirty
if [ -f /tmp/perform_full_backup.txt ]; then
echo "Performing full backup" >> /conf/upgrade_log.txt
/usr/local/etc/rc.create_full_backup
rm /tmp/perform_full_backup.txt
fi
touch /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# Output environment information to log file
output_env_to_log
backup_chflags
remove_chflags
# Do we have a pre-upgrade hook in the update file?
if [ `tar tvzf $IMG | grep /tmp/pre_upgrade_command | wc -l` -gt 0 ]; then
tar xzvf $IMG -C / ./tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1
chmod a+rx /tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1
sh /tmp/pre_upgrade_command >> /conf/upgrade_log.txt 2>&1
fi
echo "Firmware upgrade in progress..." >> /conf/upgrade_log.txt 2>&1
echo "Firmware upgrade in progress..." | wall
/usr/local/etc/rc.notify_message -e -g -m "Firmware upgrade in progress..."
# backup config
[ -d /tmp/configbak ] && rm -rf /tmp/configbak
/bin/mkdir -p /tmp/configbak
cp -Rp /conf/* /tmp/configbak 2>/dev/null
# Remove logs from backup dir to avoid clobbering upon restore.
rm /tmp/configbak/*_log.txt 2>/dev/null
# tar explode image onto hd
ps -a | grep "configd" | awk '{print $1;}' | kill -9
echo "Installing $IMG." >> /conf/upgrade_log.txt 2>&1
cd / && /usr/bin/tar --exclude=./dev -xzUPf $IMG >> /conf/upgrade_log.txt 2>&1
/usr/local/opnsense/service/configd.py
echo "Image installed $IMG." >> /conf/upgrade_log.txt 2>&1
# process custom image if its passed
if [ $# -eq 3 ]; then
if [ -f $CUSTOMIMG ]; then
echo "Custom image $CUSTOMIMG found." >> /conf/upgrade_log.txt 2>&1
echo "Custom image ($CUSTOMIMG) found." >> /conf/upgrade_log.txt 2>&1
PWD_DIR=`pwd`
cd / && /usr/bin/tar xzPUf $CUSTOMIMG >> /conf/upgrade_log.txt 2>&1
cd $PWD_DIR
echo "Custom image $CUSTOMIMG installed." >> /conf/upgrade_log.txt 2>&1
fi
fi
# restore config
cp -Rp /tmp/configbak/* /conf 2>/dev/null
# restore /etc symlinks
rm /etc/hosts
ln -s /var/etc/hosts /etc/hosts
restore_chflags
# Remove upgrade file
rm -f $IMG
if [ -e /etc/init_bootloader.sh ]; then
if [ ! -x /etc/init_bootloader.sh ]; then
chmod ug+x /etc/init_bootloader.sh
fi
/etc/init_bootloader.sh >> /conf/upgrade_log.txt 2>&1
fi
# If /tmp/post_upgrade_command exists after update
# then execute the command.
if [ -f /tmp/post_upgrade_command ]; then
if [ ! -x /tmp/post_upgrade_command ]; then
chmod ug+x /tmp/post_upgrade_command
fi
/tmp/post_upgrade_command >> /conf/upgrade_log.txt 2>&1
fi
date >> /conf/upgrade_log.txt
echo "" >> /conf/upgrade_log.txt
# release the firmware lock
rm -f /var/run/firmwarelock.dirty
rm -f /var/run/firmware.lock
/bin/sync
echo "Firmware upgrade is complete. Rebooting in 10 seconds." >> /conf/upgrade_log.txt 2>&1
echo "Firmware upgrade is complete. Rebooting in 10 seconds." | wall
/usr/local/etc/rc.notify_message -e -g -m "Firmware upgrade is complete. Rebooting in 10 seconds."
# Sleep and allow disks to catch up
sleep 10
# If the archive has unpacked a file called
# /tmp/no_upgrade_reboot_required then do
# not reboot after upgrade.
if [ -f /tmp/no_upgrade_reboot_required ]; then
rm /tmp/no_upgrade_reboot_required
else
. /usr/local/etc/rc.reboot
fi
;;
delta_update)
touch /var/run/firmwarelock.dirty
backup_chflags
remove_chflags
binary_update $IMG
restore_chflags
find / -name CVS -type d -exec rm {} \;
/sbin/umount -f /cf 2>/dev/null
/sbin/mount -r /cf 2>/dev/null
/sbin/umount -f / 2>/dev/null
/sbin/mount -r / 2>/dev/null
if [ -e /etc/init_bootloader.sh ]; then
sh /etc/init_bootloader.sh
fi
;;
esac

306
src/www/system_firmware.php
View File

@ -1,306 +0,0 @@
<?php
/*
Copyright (C) 2014 Deciso B.V.
Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
$d_isfwfile = 1;
$nocsrf = true;
require_once("globals.inc");
require_once("functions.inc");
require_once("guiconfig.inc");
require_once("xmlrpc_client.inc");
$curcfg = $config['system']['firmware'];
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '9999');
ini_set('max_input_time', '9999');
function file_is_for_platform($filename, $ul_name) {
global $g;
if($g['platform'] == "nanobsd") {
if(stristr($ul_name, "nanobsd"))
return true;
else
return false;
}
$_gb = exec("/usr/bin/tar xzf $filename -C /tmp/ usr/local/etc/platform");
unset($_gb);
if(!file_exists("/tmp/usr/local/etc/platform"))
return false;
$upgrade_is_for_platform = trim(file_get_contents("/tmp/usr/local/etc/platform", " \n\t\r"));
if ($g['platform'] == $upgrade_is_for_platform) {
@unlink("/tmp/usr/local/etc/platform");
return true;
}
return false;
}
function file_upload_error_message($error_code) {
switch ($error_code) {
case UPLOAD_ERR_INI_SIZE:
return gettext('The uploaded file exceeds the upload_max_filesize directive in php.ini');
case UPLOAD_ERR_FORM_SIZE:
return gettext('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form');
case UPLOAD_ERR_PARTIAL:
return gettext('The uploaded file was only partially uploaded');
case UPLOAD_ERR_NO_FILE:
return gettext('No file was uploaded');
case UPLOAD_ERR_NO_TMP_DIR:
return gettext('Missing a temporary folder');
case UPLOAD_ERR_CANT_WRITE:
return gettext('Failed to write file to disk');
case UPLOAD_ERR_EXTENSION:
return gettext('File upload stopped by extension');
default:
return gettext('Unknown upload error');
}
}
/* if upgrade in progress, alert user */
if(is_subsystem_dirty('firmwarelock')) {
$pgtitle = array(gettext("System"),gettext("Firmware"),gettext("Manual Update"));
include("head.inc");
echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n";
include("fbegin.inc");
echo "<div>\n";
print_info_box(gettext("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.") . "</p><p><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif' alt='update' /></p>");
echo "</div>\n";
include("fend.inc");
echo "</body>";
echo "</html>";
exit;
}
if($_POST['backupbeforeupgrade'])
touch("/tmp/perform_full_backup.txt");
/* Handle manual upgrade */
if ($_POST && !is_subsystem_dirty('firmwarelock')) {
unset($input_errors);
unset($sig_warning);
if (stristr($_POST['Submit'], gettext("Enable")))
$mode = "enable";
else if (stristr($_POST['Submit'], gettext("Disable")))
$mode = "disable";
else if (stristr($_POST['Submit'], gettext("Upgrade")) || $_POST['sig_override'])
$mode = "upgrade";
else if ($_POST['sig_no']) {
if(file_exists("{$g['upload_path']}/firmware.tgz"))
unlink("{$g['upload_path']}/firmware.tgz");
}
if ($mode) {
if ($mode == "enable") {
mark_subsystem_dirty('firmware');
} else if ($mode == "disable") {
clear_subsystem_dirty('firmware');
} else if ($mode == "upgrade") {
if ($_FILES['ulfile']['error'])
$errortext = "(" . file_upload_error_message($_FILES['ulfile']['error']) . ")";
if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
/* verify firmware image(s) */
if (file_is_for_platform($_FILES['ulfile']['tmp_name'], $_FILES['ulfile']['name']) == false && !$_POST['sig_override'])
$input_errors[] = gettext("The uploaded image file is not for this platform.");
else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
/* probably out of memory for the MFS */
$input_errors[] = gettext("Image upload failed (out of memory?)");
mwexec("/usr/local/etc/rc.firmware disable");
clear_subsystem_dirty('firmware');
} else {
/* move the image so PHP won't delete it */
rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
$input_errors[] = gettext("The image file is corrupt.");
unlink("{$g['upload_path']}/firmware.tgz");
}
}
}
run_plugins("/usr/local/pkg/firmware_upgrade");
/* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */
if (!$input_errors && !is_subsystem_dirty('firmwarelock') && (!$sig_warning || $_POST['sig_override'])) {
if (file_exists("{$g['upload_path']}/firmware.tgz")) {
/* fire up the update script in the background */
mark_subsystem_dirty('firmwarelock');
$savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically.");
if (stristr($_FILES['ulfile']['name'],"nanobsd") or $_POST['isnano'] == "yes")
mwexec_bg("/usr/local/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz");
else if(stristr($_FILES['ulfile']['name'],"bdiff"))
mwexec_bg("/usr/local/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz");
else {
if($g['platform'] == "nanobsd")
$whichone = "pfSenseNanoBSDupgrade";
else
$whichone = "pfSenseupgrade";
mwexec_bg("/usr/local/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz");
unset($whichone);
}
} else
$savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."),$errortext);
}
}
}
}
$pgtitle = array(gettext("System"),gettext("Firmware"));
include("head.inc");
?>
<body>
<?php include("fbegin.inc"); ?>
<!-- row -->
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<?php if ($fwinfo <> "") print_info_box($fwinfo); ?>
<section class="col-xs-12">
<? include('system_firmware_tabs.php'); ?>
<div class="content-box tab-content">
<form action="system_firmware.php" method="post" enctype="multipart/form-data">
<?php
/* Construct an upload_id for this session */
if (!session_id()) $upload_id = uniqid();
else $upload_id = session_id();
?>
<input type="hidden" name="UPLOAD_IDENTIFIER" value="<?php echo $upload_id;?>" />
<?php if ($sig_warning && !$input_errors): ?>
<?php
$sig_warning = "<strong>" . $sig_warning . "</strong><br />" . gettext("This means that the image you uploaded " .
"is not an official/supported image and may lead to unexpected behavior or security " .
"compromises. Only install images that come from sources that you trust, and make sure ".
"that the image has not been tampered with.") . "<br /><br />".
gettext("Do you want to install this image anyway (on your own risk)?");
print_info_box($sig_warning);
if(stristr($_FILES['ulfile']['name'],"nanobsd"))
echo "<input type='hidden' name='isnano' id='isnano' value='yes' />\n";
?>
<input name="sig_override" type="submit" class="btn btn-primary" id="sig_override" value=" <?=gettext("Yes");?> " />
<input name="sig_no" type="submit" class="btn btn-default" id="sig_no" value=" <?=gettext("No"); ?> " />
<?php else: ?>
<?php if (!is_subsystem_dirty('firmwarelock')): ?>
<table class="table table-striped" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
<thead>
<tr>
<th colspan="2" class="listtopic"><?=gettext("Invoke") ." ". $g['product_name'] ." ". gettext("Manual Upgrade"); ?></th>
</tr>
</thead>
<tbody>
<tr>
<td width="22%" valign="baseline" class="vncell">&nbsp;</td>
<td width="78%" class="vtable">
<?php if (!is_subsystem_dirty('rebootreq')): ?>
<?php if (!is_subsystem_dirty('firmware')): ?>
<input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Enable firmware upload");?>" />
<br />
<?php printf(gettext('Click "Enable firmware upload" to begin.'),$g['firmware_update_text']);?>
<br />
<?php else: ?>
<input name="Submit" type="submit" class="btn btn-default" value="<?=gettext("Disable firmware upload");?>" />
</td>
</tr>
<tr>
<td width="22%" valign="baseline" class="vncell">&nbsp;</td>
<td width="78%" class="vtable">
<?php
if ($g['platform'] == "nanobsd")
$type = "*.img.gz";
else
$type = "*.tgz";
?>
<strong><?=gettext("Firmware image file ($type):");?> </strong>
<input name="ulfile" type="file" class="formfld" />
<br />
<?php if ($g['hidebackupbeforeupgrade'] === false): ?>
<input type="checkbox" name='backupbeforeupgrade' id='backupbeforeupgrade' /> <?=gettext("Perform full backup prior to upgrade");?>
<br />
<?php endif; ?>
<input name="Submit" type="submit" class="btn btn-primary" value="<?=gettext("Upgrade firmware");?>" />
<?=gettext('Click "Upgrade firmware" to start the upgrade process.');?>
<?php endif; else: ?>
<strong><?=gettext("You must reboot the system before you can upgrade the firmware.");?></strong>
<?php endif; ?>
</td>
</tr>
<tr>
<td width="22%" valign="top">&nbsp;</td>
<td width="78%">
<?php if (is_subsystem_dirty('firmware')): ?>
<span class="vexpl">
<span class="red">
<strong>
<?=gettext("Warning:");?><br />
</strong>
</span>
<?=gettext("DO NOT abort the firmware upgrade once it " .
"has started. The firewall will reboot automatically after " .
"storing the new firmware. The configuration will be maintained.");?>
</span>
<?php endif; ?>
</td>
</tr>
</tbody>
</table>
<?php endif;?>
<?php endif;?>
</form>
</div>
</section>
</div>
</div>
</section>
<?php include("foot.inc"); ?>

202
src/www/system_firmware_restorefullbackup.php
View File

@ -1,202 +0,0 @@
<?php
/*
Copyright (C) 2014-2015 Deciso B.V.
Copyright (C) 2011 Scott Ullrich
Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/* Allow additional execution time 0 = no limit. */
ini_set('max_execution_time', '0');
ini_set('max_input_time', '0');
require_once("functions.inc");
require("guiconfig.inc");
require_once("filter.inc");
require_once("shaper.inc");
if($_POST['overwriteconfigxml'])
touch("/tmp/do_not_restore_config.xml");
if($_GET['backupnow'])
mwexec_bg("/usr/local/etc/rc.create_full_backup");
if($_GET['downloadbackup']) {
$filename = basename($_GET['downloadbackup']);
$path = "/root/{$filename}";
if(file_exists($path)) {
session_write_close();
ob_end_clean();
session_cache_limiter('public');
//$fd = fopen("/root/{$filename}", "rb");
$filesize = filesize("/root/{$filename}");
header("Cache-Control: ");
header("Pragma: ");
header("Content-Type: application/octet-stream");
header("Content-Length: " .(string)(filesize($path)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary\n");
if($file = fopen("/root/{$filename}", 'rb')){
while( (!feof($file)) && (connection_status()==0) ){
print(fread($file, 1024*8));
flush();
}
fclose($file);
}
exit;
}
}
if ($_GET['deletefile']) {
$filename = $_GET['deletefile'];
if(file_exists("/root/{$filename}")) {
unlink("/root/" . $filename);
$savemsg = gettext("$filename has been deleted.");
}
}
if ($_POST['restorefile']) {
$filename = $_POST['restorefile'];
if(file_exists("/root/{$filename}")) {
mwexec_bg("/usr/local/etc/rc.restore_full_backup /root/" . escapeshellcmd($filename));
$savemsg = gettext("The firewall is currently restoring $filename");
}
}
$pgtitle = array(gettext("Diagnostics"),gettext("Restore full backup"));
include("head.inc");
?>
<body>
<?php include("fbegin.inc"); ?>
<!-- row -->
<section class="page-content-main">
<div class="container-fluid">
<div class="row">
<?php
if ($input_errors) print_input_errors($input_errors);
if ($savemsg) print_info_box($savemsg);
?>
<section class="col-xs-12">
<? include('system_firmware_tabs.php'); ?>
<div class="content-box tab-content">
<?php if (is_subsystem_dirty('restore')): ?><p>
<form action="reboot.php" method="post">
<input name="Submit" type="hidden" value="Yes" />
<?php print_info_box(gettext("The firewall configuration has been changed.") . "<br />" . gettext("The firewall is now rebooting."));?><br />
</form>
<?php endif; ?>
<form action="system_firmware_restorefullbackup.php" method="post">
<table class="table table-striped __nomb" align="center" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
<thead>
<tr>
<th colspan="1" class="listtopic"><?=gettext("Filename"); ?></th>
<th colspan="1" class="listtopic"><?=gettext("Date"); ?></th>
<th colspan="2" class="listtopic"><?=gettext("Size"); ?></th>
</tr>
</thead>
<tbody>
<?php
chdir("/root");
$available_restore_files = glob("pfSense-full-backup-*");
$counter = 0;
foreach($available_restore_files as $arf) {
$counter++;
$size = exec("gzip -l /root/$arf | grep -v compressed | awk '{ print $2 }'");
echo "<tr>";
echo "<td class='listlr' width='50%' colspan='1'>";
echo "<input type='radio' name='restorefile' value='$arf' /> $arf";
echo "</td>";
echo "<td class='listr' width='30%' colspan='1'>";
echo date ("F d Y H:i:s", filemtime($arf));
echo "</td>";
echo "<td class='listr' width='40%' colspan='1'>";
echo format_bytes($size);
echo "</td>";
echo "<td class='listr nowrap' width='20%' colspan='1'>";
echo "<a onclick=\"return confirm('" . gettext("Do you really want to delete this backup?") . "')\" href='system_firmware_restorefullbackup.php?deletefile=" . htmlspecialchars($arf) . "'>";
echo gettext("Delete");
echo "</a> | ";
echo "<a href='system_firmware_restorefullbackup.php?downloadbackup=" . htmlspecialchars($arf) . "'>";
echo gettext("Download");
echo "</a>";
echo "</td>";
echo "</tr>";
}
if($counter == 0) {
echo "<tr>";
echo "<td class='listlr' width='100%' colspan='4' align='center'>";
echo gettext("Could not locate any previous backups.");
echo "</td>";
echo "</tr>";
}
?>
<tr>
<td width="78%" colspan="3">
&nbsp;<br />
<input type="checkbox" name="overwriteconfigxml" id="overwriteconfigxml" checked="checked" /> <?=gettext("do not restore config.xml."); ?>
<br />
<input name="Restore" type="submit" class="btn btn-primary" id="restore" value="<?=gettext("Restore"); ?>" />
</td>
</tr>
</tbody>
</table>
</form>
</div>
</section>
</div>
</div>
</section>
<script type="text/javascript">
//<![CDATA[
encrypt_change();
decrypt_change();
//]]>
</script>
<?php include("foot.inc"); ?>
<?php
if (is_subsystem_dirty('restore'))
system_reboot();
?>