WARNING: translation string unused: not enough disk space
WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
+WARNING: translation string unused: online help en
WARNING: translation string unused: openvpn client
WARNING: translation string unused: openvpn server
WARNING: translation string unused: optional data
WARNING: untranslated string: down
WARNING: untranslated string: firewall graphs
WARNING: untranslated string: invalid input for keepalive 1:2
-WARNING: untranslated string: network pakfire
-WARNING: untranslated string: network pakfire from
WARNING: untranslated string: otherip
WARNING: untranslated string: otherport
WARNING: untranslated string: pakfire configuration
WARNING: translation string unused: notes
WARNING: translation string unused: o-no
WARNING: translation string unused: o-yes
+WARNING: translation string unused: online help en
WARNING: translation string unused: openvpn client
WARNING: translation string unused: openvpn server
WARNING: translation string unused: optional data
WARNING: untranslated string: Number of IPs for the pie chart
WARNING: untranslated string: Number of Ports for the pie chart
WARNING: untranslated string: down
-WARNING: untranslated string: network pakfire
-WARNING: untranslated string: network pakfire from
WARNING: untranslated string: otherip
WARNING: untranslated string: otherport
WARNING: untranslated string: pakfire configuration
COMPILE=$(CC) $(CFLAGS)
PROGS = iowrap
-SUID_PROGS = setdmzholes setportfw setfilters setxtaccess restartdhcp restartsnort \
- restartsquid restartssh ipfirereboot \
- ipfirebkcfg ipfirerscfg installpackage installfcdsl ipsecctrl \
- setaliases ipfirebackup restartntpd \
+SUID_PROGS = setdmzholes setportfw setfilters setxtaccess \
+ restartsquid restartssh ipfirereboot setaliases \
+ ipsecctrl restartntpd restartdhcp restartsnort \
restartapplejuice setdate rebuildhosts \
restartsyslogd logwatch openvpnctrl timecheckctrl \
restartwireless getipstat qosctrl launch-ether-wake \
getipstat: getipstat.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ getipstat.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
-ipfirebackup: ipfirebackup.c setuid.o
- $(COMPILE) -lcrypt ipfirebackup.c setuid.o -o $@
+++ /dev/null
-/*\r
- * This file is part of the IPCop Firewall.\r
- *\r
- * IPCop is free software; you can redistribute it and/or modify\r
- * it under the terms of the GNU General Public License as published by\r
- * the Free Software Foundation; either version 2 of the License, or\r
- * (at your option) any later version.\r
- *\r
- * IPCop is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with IPCop; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\r
- *\r
- * Copyright (C) 2004-10-14 Gilles Espinasse <g.esp.ipcop@free.fr>\r
- *\r
- * $Id: installfcdsl.c,v 1.1.2.4 2004/12/11 08:55:37 gespinasse Exp $\r
- *\r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <sys/types.h>\r
-#include <fcntl.h>\r
-#include <grp.h>\r
-#include "setuid.h"\r
-\r
-#define FCDSL_TGZ_PATH "/var/patches/fcdsl-x.tgz"\r
-\r
-char command[STRING_SIZE],tmpdir[] = "/tmp/fcdsl_XXXXXX";\r
-\r
-void exithandler(void)\r
-{\r
- if(strcmp(tmpdir,"/tmp/fcdsl_XXXXXX"))\r
- {\r
- chdir("/tmp");\r
- snprintf(command, STRING_SIZE - 1, "/bin/rm -rf %s", tmpdir);\r
- if(safe_system(command))\r
- perror("Couldn't remove temp dir");\r
- }\r
- /* remove loaded package */\r
- snprintf (command, STRING_SIZE-1, FCDSL_TGZ_PATH);\r
- unlink (command);\r
-}\r
-\r
-int main(void)\r
-{\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- atexit(exithandler);\r
-\r
-\r
- if (close(0)) { fprintf(stderr, "Couldn't close 0\n"); exit(1); }\r
- if (open("/dev/zero", O_RDONLY) != 0) {fprintf(stderr, "Couldn't reopen stdin from /dev/zero\n"); exit(1); }\r
- if (close(2)) { fprintf(stderr, "Couldn't close 2\n"); exit(1); }\r
- if (! dup(1)) { fprintf(stderr, "Couldnt redirect stderr to stdout\n"); exit(1); }\r
-\r
- /* create temporary directory for testing untar */\r
- if (mkdtemp (tmpdir)==NULL) {\r
- exit(1);\r
- }\r
-\r
- /* Test untarring files from compressed archive */\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -C %s -xzf %s lib/modules/*/misc/fcdsl*.o.gz "\r
- "usr/lib/isdn/{fds?base.bin,fd?ubase.frm} etc/fcdsl/fcdsl*.conf etc/drdsl/drdsl* "\r
- "var/run/need-depmod-* > /dev/null 2> /dev/null", tmpdir, FCDSL_TGZ_PATH);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Invalid archive\n");\r
- exit(1);\r
- }\r
-\r
- /* Start (real) untarring files from compressed archive */\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -C / -xzvf %s lib/modules/*/misc/fcdsl*.o.gz "\r
- "usr/lib/isdn/{fds?base.bin,fd?ubase.frm} etc/fcdsl/fcdsl*.conf etc/drdsl/drdsl* "\r
- "var/run/need-depmod-* ", FCDSL_TGZ_PATH);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Error installing modules\n");\r
- exit(1);\r
- }\r
-\r
- exit(0);\r
-}\r
+++ /dev/null
-/* This file is part of the IPCop Firewall.\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * Copyright (C) 2004-05-31 Robert Kerr <rkerr@go.to>\r
- *\r
- * Loosely based on the smoothwall helper program by the same name,\r
- * portions are (c) Lawrence Manning, 2001\r
- *\r
- * $Id: installpackage.c,v 1.3.2.6 2005/08/22 20:51:38 eoberlander Exp $\r
- * \r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <errno.h>\r
-#include <sys/file.h>\r
-#include <fcntl.h>\r
-#include <syslog.h>\r
-#include <time.h>\r
-#include "setuid.h"\r
-\r
-#define ERR_ANY 1\r
-#define ERR_TMPDIR 2\r
-#define ERR_SIG 3\r
-#define ERR_TAR 4\r
-#define ERR_INFO 5\r
-#define ERR_PACKLIST 6\r
-#define ERR_INSTALLED 7\r
-#define ERR_POPEN 8\r
-#define ERR_SETUP 9\r
-#define ERR_MISSING_PREVIOUS 10\r
-#define ERR_DISK 11\r
-\r
-/* The lines in the package information file and the patches/installed list\r
- * are often longer than STRING_SIZE so we use a larger buffer */\r
-#define BUFFER_SIZE 4096\r
-\r
-char *info = NULL;\r
-FILE *infofile = NULL;\r
-char command[STRING_SIZE], tmpdir[] = "/var/log/pat_install_XXXXXX";\r
-void exithandler(void)\r
-{\r
- if(info) free(info);\r
- if(infofile)\r
- {\r
- flock(fileno(infofile), LOCK_UN);\r
- fclose(infofile);\r
- }\r
- /* Cleanup tmpdir */\r
- chdir("/var/patches"); /* get out of it before erasing */\r
- snprintf(command, STRING_SIZE - 1, "/bin/rm -rf %s", tmpdir);\r
- if(safe_system(command))\r
- perror("Couldn't remove temp dir");\r
-}\r
-\r
-int main(int argc, char *argv[])\r
-{\r
- char buffer[BUFFER_SIZE];\r
- int ret;\r
- FILE *p;\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- /* Sanitize arguments */\r
- if (argc < 2)\r
- {\r
- fprintf(stderr, "Missing arg\n");\r
- exit(1);\r
- }\r
- if (strspn(argv[1], NUMBERS) != strlen(argv[1]))\r
- {\r
- fprintf(stderr, "Bad arg\n");\r
- exit(1);\r
- }\r
-\r
- if(!mkdtemp(tmpdir))\r
- {\r
- perror("Unable to create secure temp dir");\r
- exit(ERR_TMPDIR);\r
- }\r
- \r
- /* now exithandler will have something to erase */ \r
- atexit(exithandler);\r
-\r
- /* verify and extract package */\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE-1, "/usr/bin/gpg --batch --homedir /root/.gnupg -o %s/patch.tar.gz --decrypt /var/patches/patch-%s.tar.gz.gpg", tmpdir, argv[1]);\r
- ret = safe_system(command) >> 8;\r
- if(ret==1) /* 1=> gpg-key error */\r
- {\r
- fprintf(stderr, "Invalid package: signature check failed\n");\r
- exit(ERR_SIG);\r
- }\r
- if(ret==2) /* 2=> gpg pub key not found */\r
- {\r
- fprintf(stderr, "Public signature not found (who signed package?) !\n");\r
- exit(ERR_SIG);\r
- }\r
- if(ret) /* retry extraction on other partition */\r
- { \r
- rmdir(tmpdir);\r
- strcpy (tmpdir,"/var/patches/install_XXXXXX");\r
- if(!mkdtemp(tmpdir))\r
- {\r
- perror("Unable to create secure temp dir");\r
- _exit(ERR_TMPDIR); /* no need exit handler */\r
- }\r
- memset(command, 0, STRING_SIZE);\r
- snprintf(command, STRING_SIZE-1, "/usr/bin/gpg --batch --homedir /root/.gnupg -o %s/patch.tar.gz --decrypt /var/patches/patch-%s.tar.gz.gpg", tmpdir, argv[1]);\r
- ret = safe_system(command);\r
- if(ret)\r
- {\r
- fprintf(stderr, "Not enough disk space or gpg error %d !\n",ret);\r
- exit(ERR_DISK);\r
- } \r
- }\r
- /* no more needed gpg-package & make room */\r
- snprintf(command, STRING_SIZE-1, "/var/patches/patch-%s.tar.gz.gpg", argv[1]);\r
- unlink ( command );\r
- \r
- /* unzip the package */\r
- chdir (tmpdir);\r
- if(safe_system("/bin/tar xzf patch.tar.gz"))\r
- {\r
- fprintf(stderr, "Invalid package: untar failed\n");\r
- exit(ERR_TAR);\r
- }\r
- /* And read 'information' to check validity */\r
- snprintf(buffer, STRING_SIZE-1, "%s/information", tmpdir);\r
- if(!(infofile = fopen(buffer,"r")))\r
- {\r
- if(errno == ENOENT)\r
- fprintf(stderr, "Invalid package: contains no information file\n");\r
- else\r
- perror("Unable to open package information file");\r
- exit(ERR_INFO);\r
- }\r
- if(!fgets(buffer, BUFFER_SIZE, infofile))\r
- {\r
- perror("Couldn't read package information");\r
- exit(ERR_INFO);\r
- }\r
- fclose(infofile);\r
- if(buffer[strlen(buffer)-1] == '\n')\r
- buffer[strlen(buffer)-1] = '\0';\r
- if(!strchr(buffer,'|'))\r
- {\r
- fprintf(stderr, "Invalid package: malformed information string.\n");\r
- exit(ERR_INFO);\r
- }\r
- info = strdup(buffer);\r
-\r
- /* check if package is already installed */\r
- if(!(infofile = fopen(CONFIG_ROOT "/patches/installed","r+")))\r
- {\r
- perror("Unable to open installed package list");\r
- exit(ERR_PACKLIST);\r
- }\r
- /* get exclusive lock to prevent a mess if 2 copies run at once, and set\r
- * close-on-exec flag so the FD doesn't leak to the setup script */\r
- flock(fileno(infofile), LOCK_EX);\r
- fcntl(fileno(infofile), F_SETFD, FD_CLOEXEC);\r
-\r
- while(fgets(buffer, BUFFER_SIZE, infofile))\r
- {\r
- if(!strncmp(buffer, info, strlen(info)))\r
- {\r
- fprintf(stderr,"This package is already installed\n");\r
- exit(ERR_INSTALLED);\r
- }\r
- }\r
-\r
- /* install package */\r
- openlog("installpackage", LOG_PID, LOG_USER);\r
- snprintf(command, STRING_SIZE - 1, "%s/setup", tmpdir);\r
- /* FIXME: popen suffers from the same environment problems as system() */\r
- if (!(p = popen(command, "r")))\r
- {\r
- fprintf(stderr,"popen() failed\n");\r
- closelog();\r
- exit(ERR_POPEN);\r
- }\r
- setvbuf(p, NULL, _IOLBF, 255);\r
- while (fgets(buffer, STRING_SIZE, p))\r
- {\r
- syslog(LOG_INFO, "%s", buffer);\r
- }\r
- ret = pclose(p);\r
- closelog();\r
-\r
- if(ret)\r
- {\r
- fprintf(stderr, "setup script returned exit code %d\n", ret>>8);\r
- exit(ERR_SETUP);\r
- }\r
-\r
- /* write to package db */\r
- if(strncmp(info, "000|", 4))\r
- {\r
- time_t curtime = time(NULL);\r
- strftime(buffer, STRING_SIZE, "%Y-%m-%d", gmtime(&curtime));\r
- fprintf(infofile, "%s|%s\n", info, buffer);\r
- flock(fileno(infofile), LOCK_UN);\r
- fclose(infofile);\r
- } else { /* Full system upgrade to new version */\r
- flock(fileno(infofile), LOCK_UN);\r
- fclose(infofile);\r
- unlink(CONFIG_ROOT "/patches/available");\r
- unlink(CONFIG_ROOT "/patches/installed");\r
- }\r
- free(info);\r
- exit(0);\r
-}\r
+++ /dev/null
-/*\r
- * This file is part of the IPCop Firewall.\r
- *\r
- * IPCop is free software; you can redistribute it and/or modify\r
- * it under the terms of the GNU General Public License as published by\r
- * the Free Software Foundation; either version 2 of the License, or\r
- * (at your option) any later version.\r
- *\r
- * IPCop is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with IPCop; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\r
- *\r
- * Copyright (C) 2002-06-02 Mark Wormgoor <mark@wormgoor.com>\r
- *\r
- * $Id: ipcopbackup.c,v 1.8.2.6 2006/01/20 13:30:42 franck78 Exp $\r
- *\r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <fcntl.h>\r
-#include <pwd.h>\r
-#include <shadow.h>\r
-#include <crypt.h>\r
-#include <glob.h>\r
-#include "setuid.h"\r
-\r
-// want a bigger buffer to concatenate a possibly long string\r
-#define COMMAND_SIZE 4000\r
-//Append lines contained in 'inputfile' to 'string'\r
-int catlist(char* inputfile,\r
- char* string ) {\r
-\r
- struct stat s; // input file stats\r
- char buffer[STRING_SIZE]; // read buffer\r
-\r
- if (stat(inputfile,&s) != 0) return 1;\r
- if (s.st_size+strlen(string)>COMMAND_SIZE) return 1; // too big!\r
- int f = open(inputfile, O_RDONLY);\r
- if (!f) return 1; // cannot open file\r
-\r
- int count;\r
- while ((count = read(f, buffer, STRING_SIZE - 1))) {\r
- int j;\r
- for (j=0; j<count; j++) { //replace newlines with spaces\r
- if (buffer[j] == '\n') buffer[j] = ' '; \r
- }\r
- buffer[j] = '\0';\r
- strcat (string,buffer); // append to string\r
- }\r
- close (f);\r
- return 0; //success\r
-}\r
-\r
-// make a raw backup to floppy_dev (no partitioning)\r
-int savecfg_floppy(char* floppy_dev) {\r
- char command[COMMAND_SIZE]; // because copy each filename here\r
-\r
- // want special output...\r
- if (close(0)) { fprintf(stderr, "Couldn't close 0\n"); exit(1); }\r
- if (open("/dev/zero", O_RDONLY) != 0) {fprintf(stderr, "Couldn't reopen stdin from /dev/zero\n"); exit(1); }\r
- if (close(2)) { fprintf(stderr, "Couldn't close 2\n"); exit(1); }\r
- if (! dup(1)) { fprintf(stderr, "Couldnt redirect stderr to stdout\n"); exit(1); }\r
-\r
- /* Make sure floppy device name is up to date */\r
- safe_system ("/usr/sbin/updfstab");\r
-\r
- /* Darren Critchley - check for floppy disk in disk drive before continuing */\r
- snprintf (command, STRING_SIZE-1, "dd if=%s of=/dev/null bs=1k count=1 2> /dev/null", floppy_dev);\r
- if (safe_system(command)) {\r
- perror( "Error: No floppy in drive or bad floppy in drive" );\r
- exit(1);\r
- }\r
-\r
- /* Clearing disk */\r
- snprintf (command, STRING_SIZE-1, "/bin/dd if=/dev/zero of=%s bs=1k 2> /dev/null", floppy_dev);\r
- safe_system (command);\r
-\r
- /* Start tarring files to floppy */\r
- snprintf (command, COMMAND_SIZE-1, "/bin/tar -X " CONFIG_ROOT"/backup/exclude.system "\r
- "-X " CONFIG_ROOT"/backup/exclude.user "\r
- "-C / -cvzf %s "\r
- "-T " CONFIG_ROOT"/backup/include.user ",\r
- floppy_dev);\r
- /* add include.system file content to 'command' */\r
- if (catlist(CONFIG_ROOT "/backup/include.system", command)) {\r
- fprintf(stderr, "Couldn't open backup system include file\n");\r
- exit (1);\r
- }\r
- safe_system (command);\r
-\r
- /* Now check it */\r
- snprintf (command, STRING_SIZE-1,"/bin/echo '<b>Checking</b>'; /bin/tar -tzf %s" , floppy_dev);\r
- safe_system (command);\r
-\r
- exit(0);\r
-}\r
-\r
-\r
-// Just verify that root password is ok\r
-int checkrootpass (char* passwd) {\r
-\r
- struct passwd *pw;\r
- struct spwd *spwd;\r
-\r
- if ((pw = getpwnam("root")) == NULL) {\r
- return (0); // root unknown....!\r
- }\r
-\r
- // get shadowed password \r
- spwd = getspnam("root");\r
-\r
- //and use it in right place\r
- if (spwd)\r
- pw->pw_passwd = spwd->sp_pwdp;\r
-\r
- return (strcmp ( crypt(passwd, pw->pw_passwd), //encrypt cleartext\r
- pw->pw_passwd) == 0 //compare to encrypted version\r
- ) ? 1 : 0; // true or false\r
-}\r
-\r
-\r
-int main (int argc, char *argv[]) {\r
- char command[STRING_SIZE];\r
-\r
- if (argc < 3) { // at least two args always needed, avoid some testing.\r
- fprintf (stderr, "Err %s: used from cgi only !\n", argv[0]);\r
- exit (1);\r
- }\r
-\r
- if (!initsetuid()){\r
- fprintf (stderr, "Err %s: cannot setuid !\n", argv[0]);\r
- exit (1);\r
- }\r
-\r
- // save on normal floppy for use during reinstall ONLY\r
- if ( (strcmp(argv[1],"-savecfg" ) == 0) &&\r
- (strcmp(argv[2],"floppy") == 0) ) \r
- savecfg_floppy("/dev/floppy"); // to do: mount usb floppy....\r
-\r
- if ( (strcmp(argv[1],"-proc" ) == 0) &&\r
- (strcmp(argv[2],"partitions") == 0) ) { // issue cat /proc/partitions\r
-\r
- int fi;\r
- if ( (fi = open("/proc/partitions", O_RDONLY))==-1) exit (1); // cannot open file\r
- char string[STRING_SIZE];\r
- int count;\r
- while ((count = read(fi, string, STRING_SIZE))) {\r
- write (1, string, count);\r
- }\r
- close (fi);\r
- exit (0);\r
- }\r
-\r
- // output result of 'glob' function\r
- if ( (strcmp(argv[1],"-glob" ) == 0)) {\r
- glob_t g;\r
- if (glob (argv[2],0,NULL,&g) == 0) {\r
- char** pstr = g.gl_pathv; // base array\r
- while (*pstr) { // while not NULL\r
- printf ("%s\n", *pstr); // pstr is a pointer to array of char*\r
- pstr++; // next pointer\r
- }\r
- globfree (&g);\r
- }\r
- exit (0);\r
- }\r
-\r
- // tell if the backup.key is present\r
- if ( (strcmp(argv[1],"-key" ) == 0) &&\r
- (strcmp(argv[2],"exist") == 0) ) { // check key existence\r
- if ( !(file_exists(BACKUP_KEY)) ) {\r
- fprintf (stderr, "Err %s: backup key "BACKUP_KEY" does not exist !\n", argv[0]);\r
- exit (ERR_KEY);\r
- }\r
- exit (0);\r
- }\r
-\r
- // cat the backup.key, for saving it\r
- if ( strcmp(argv[1],"-keycat" ) == 0) {\r
- if (! checkrootpass (argv[2])) exit (1); // but only if root pw provided\r
- int fi;\r
- if ( (fi = open(BACKUP_KEY, O_RDONLY))==-1) exit (1); // cannot open file\r
- char string[STRING_SIZE];\r
- int count;\r
- while ((count = read(fi, string, STRING_SIZE))) {\r
- write (1, string, count);\r
- }\r
- close (fi);\r
- exit (0);\r
- }\r
- \r
- // generate a new backup.key ONLY if inexistant\r
- if ( (strcmp(argv[1],"-key" ) == 0) &&\r
- (strcmp(argv[2],"new") == 0) ) { \r
- if ( (file_exists(BACKUP_KEY)) ) {\r
- fprintf (stderr, "Err %s: backup key "BACKUP_KEY" already exists !\n", argv[0]);\r
- exit (ERR_KEY);\r
- }\r
- //ok we can generate it\r
- if (safe_system ("/usr/sbin/ipsec ranbits 256 > " BACKUP_KEY)) {\r
- fprintf (stderr, "Err %s: couldn't create key !\n", argv[0]);\r
- exit (ERR_KEY);\r
- }\r
- chmod(BACKUP_KEY, S_IRUSR); // protect it\r
- exit (0);\r
- }\r
- \r
- // import a backup.key only if non existent\r
- if ( (strcmp(argv[1],"-key" ) == 0) &&\r
- (strcmp(argv[2],"import") == 0) ) {\r
- if ( (file_exists(BACKUP_KEY)) ) {\r
- unlink (MOUNTPOINT"/key"); // clean anyway\r
- fprintf (stderr, "Err %s: backup key "BACKUP_KEY" already exists !\n", argv[0]);\r
- exit (ERR_KEY);\r
- }\r
-\r
- int fi, fo;\r
- if ( (fi = open(MOUNTPOINT"/key", O_RDONLY))==-1) {\r
- fprintf (stderr, "Err %s: no backup key "MOUNTPOINT"/key to import !\n", argv[0]);\r
- exit (ERR_KEY); // cannot open file\r
- } \r
-\r
- if ( (fo = open(BACKUP_KEY, O_WRONLY | O_CREAT ))==-1) {\r
- close (fi);\r
- unlink (MOUNTPOINT"/key"); // clean anyway\r
- fprintf (stderr, "Err %s: backup key "BACKUP_KEY" creation error !\n", argv[0]);\r
- exit (ERR_KEY);\r
- }\r
-\r
- char buffer[STRING_SIZE];\r
- int count;\r
- while ((count = read(fi, buffer, STRING_SIZE))) {\r
- write (fo, buffer, count);\r
- }\r
- close (fo);\r
- close (fi);\r
- unlink (MOUNTPOINT"/key");\r
- exit (0);\r
- }\r
-\r
- // disk functions like mount umount,...\r
- if ((strspn(argv[2], LETTERS_NUMBERS ) == strlen(argv[2])) &&\r
- (strlen(argv[2]) >2) && (strlen(argv[2]) <6)) {\r
- if (strcmp(argv[1],"-M") == 0) { // M sda1 => mount /dev/sda1 /mountpoint\r
- //safe_system("/bin/sync");\r
- snprintf(command, STRING_SIZE - 1,"/bin/mount -t vfat -o,uid=99,gid=99 /dev/%s "MOUNTPOINT, argv[2]);\r
- safe_system(command);\r
- //safe_system("/bin/sync");\r
- }else\r
- if (strcmp(argv[1],"-U") == 0) { // U sda1 => umount /dev/sda1\r
- //safe_system("/bin/sync");\r
- snprintf(command, STRING_SIZE - 1,"/bin/umount /dev/%s", argv[2]);\r
- safe_system(command);\r
- safe_system("/bin/sync");\r
- }else\r
- if (strcmp(argv[1],"-f") == 0) { // f sda1 => mke2fs /dev/sda1\r
- snprintf(command, STRING_SIZE - 1,"/sbin/mke2fs -q /dev/%s", argv[2]);\r
- //safe_system(command);\r
- //safe_system("/bin/sync");\r
- }else\r
- if (strcmp(argv[1],"-F") == 0) { // F sda => fdisk /dev/sda\r
- //safe_system("/bin/sync");\r
- snprintf(command, STRING_SIZE - 1,"/bin/dd if=/dev/zero of=/dev/%s count=2 bs=512", argv[2]);\r
- //safe_system(command);\r
- snprintf(command, STRING_SIZE - 1,"/bin/echo \"n\np\n1\n1\n\nw\nq\n\"|/sbin/fdisk /dev/%s", argv[2]);\r
- //safe_system(command);\r
- snprintf(command, STRING_SIZE - 1,"/sbin/mke2fs -q /dev/%s1", argv[2]); // beware of %s1\r
- //safe_system(command);\r
- //safe_system("/bin/sync");\r
- }else {\r
- fprintf (stderr, "Err %s: bad command !\n", argv[0]);\r
- exit (1);\r
- }\r
- exit (0);\r
- }else {\r
- fprintf (stderr, "Err %s: bad arg !\n", argv[0]);\r
- exit (1);\r
- }\r
- return 0;\r
-}\r
+++ /dev/null
-/*\r
- * This file is part of the IPCop Firewall.\r
- *\r
- * IPCop is free software; you can redistribute it and/or modify\r
- * it under the terms of the GNU General Public License as published by\r
- * the Free Software Foundation; either version 2 of the License, or\r
- * (at your option) any later version.\r
- *\r
- * IPCop is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with IPCop; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\r
- *\r
- * Copyright (C) 2003-06-25 Tim Butterfield <timbutterfield@mindspring.com>\r
- *\r
- * $Id: ipcopbkcfg.c,v 1.2.2.6 2005/11/20 23:20:13 franck78 Exp $\r
- *\r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <fcntl.h>\r
-#include <grp.h>\r
-#include <dirent.h>\r
-#include "setuid.h"\r
-\r
-\r
-#define EXCLUDE_HARDWARE "exclude.hardware" // exclude file not used on backup but only optionally on restore\r
-#define TMP_TAR "/tmp/backup.tar"\r
-\r
-char tempincfilename[STRING_SIZE] = ""; /* temp include file name */\r
-char tempexcfilename[STRING_SIZE] = ""; /* temp exclude file name */\r
-char temptarfilename[STRING_SIZE] = "";\r
-\r
-/* add fname contents to outfile */\r
-void add_file(int outfile, const char *fname, int verbose)\r
-{\r
- FILE *freadfile;\r
- char fbuff[STRING_SIZE];\r
-\r
- if (!(freadfile = fopen(fname, "r"))) {\r
- /* skip this file */\r
- return;\r
- }\r
-\r
- while (fgets(fbuff, STRING_SIZE-1, freadfile) != NULL) {\r
- int offset=0;\r
- char *ch;\r
- char chk_space=1;\r
-\r
- /* trim string in place - don't remove spaces in middle */\r
- ch = fbuff;\r
- while (*ch) {\r
- if (*ch == '\r' || *ch == '\n') {\r
- *ch = '\0';\r
- }\r
-\r
- if (offset) {\r
- *(ch-offset) = *ch;\r
- }\r
-\r
- if (*ch == '\t' || *ch == ' ') {\r
- if (chk_space) {\r
- offset++;\r
- }\r
- } else {\r
- chk_space=0;\r
- }\r
- \r
- ch++;\r
- }\r
-\r
- /* remove trailing spaces */\r
- ch = fbuff + strlen(fbuff) - 1;\r
- while (*ch) {\r
- if (*ch == '\t' || *ch == ' ') {\r
- *ch = '\0';\r
- --ch;\r
- } else {\r
- break;\r
- }\r
- }\r
-\r
- /* validate name and add it */\r
- chdir ("/"); /* support both absolute and relative path */\r
- if (*fbuff) {\r
- if (file_exists_w(fbuff)) {\r
- strcat(fbuff, "\n");\r
- write(outfile, fbuff, strlen(fbuff));\r
- if (verbose)\r
- fprintf(stdout, " %s", fbuff);\r
- }\r
- }\r
- }\r
- fclose(freadfile);\r
-}\r
-\r
-\r
-/* combine files starting with fnamebase into outfile */\r
-int cmb_files(int outfile, const char *fnamebase, int verbose)\r
-{\r
- /* scan the directory and add matching files */\r
- struct dirent **namelist;\r
- int namecount;\r
- char addfilename[STRING_SIZE];\r
-\r
- /* scan the directory and get a count of the files */\r
- if ((namecount=scandir(CONFIG_ROOT"/backup", &namelist, 0, alphasort))<0) {\r
- fprintf(stderr, "No files found\n");\r
- exit(1);\r
- }\r
-\r
- /* process the scanned names */\r
- while (namecount--) {\r
- /* check names - compare beginning of name, ignoring case, ignore EXCLUDE_HARDWARE */\r
- if ((strncasecmp(fnamebase, namelist[namecount]->d_name, strlen(fnamebase))==0) &&\r
- (strncmp(EXCLUDE_HARDWARE,namelist[namecount]->d_name, strlen(EXCLUDE_HARDWARE)))) {\r
- /* add the contents for this name to output file */\r
- sprintf(addfilename, CONFIG_ROOT"/backup/%s", namelist[namecount]->d_name);\r
- if (verbose)\r
- fprintf(stdout, "%s\n", namelist[namecount]->d_name);\r
- add_file(outfile, addfilename, verbose);\r
- free(namelist[namecount]);\r
- if (verbose)\r
- fprintf(stdout, "\n");\r
- }\r
- }\r
- free(namelist);\r
- return 0;\r
-}\r
-\r
-void exithandler(void)\r
-{\r
- /* clean up temporary files */\r
- if (temptarfilename)\r
- unlink (temptarfilename);\r
- if (tempincfilename)\r
- unlink (tempincfilename);\r
- if (tempexcfilename)\r
- unlink (tempexcfilename);\r
-}\r
-\r
-int main(int argc, char**argv)\r
-{\r
- int verbose=0;\r
- char command[STRING_SIZE];\r
- char hostname[STRING_SIZE];\r
- int includefile, excludefile;\r
-\r
- if (!(initsetuid()))\r
- exit(1);\r
-\r
- if (argc==2 && strcmp(argv[1],"--verbose")==0)\r
- verbose=1; // display to stdout wich (ex|in)clude files are used\r
-\r
- gethostname(hostname, STRING_SIZE-1);\r
-\r
- if (!file_exists(BACKUP_KEY)) {\r
- fprintf (stderr, "Couldn't locate encryption key\n");\r
- exit (ERR_KEY);\r
- }\r
-\r
- /* now exithandler will have something to erase */ \r
- atexit(exithandler);\r
-\r
- /* combine every include and exclude files in backup directory into two temp file\r
- * at the exception of exclude.hardware only used optionally on restore */\r
- /* create/open temp output file */\r
- // Todo: use -X exclude.files and for include.files, build the list on command line\r
- // to avoid unneccesary files manipulations\r
- strcpy (tempincfilename, "/tmp/backup-inclusion.XXXXXX");\r
- strcpy (tempexcfilename, "/tmp/backup-exclusion.XXXXXX");\r
- if ( (!(includefile = mkstemp (tempincfilename)) > 0) ||\r
- (!(excludefile = mkstemp (tempexcfilename)) > 0) ){\r
- fprintf(stderr, "Couldn't create temporary file.\n");\r
- exit(1);\r
- }\r
- cmb_files(includefile, "include.", verbose);\r
- close(includefile);\r
- cmb_files(excludefile, "exclude.", verbose);\r
- close(excludefile);\r
-\r
- /* Create temporary tarfile */\r
- strcpy (temptarfilename, TMP_TAR);\r
-\r
- /* Start tarring files to temp archive\r
- W (verify) and z (compress) tar options can't be used together, so separate tar from gzip */\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -T %s -X %s -C / -cWf %s > /dev/null 2> /dev/null",\r
- tempincfilename, tempexcfilename, temptarfilename);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Couldn't create %s file\n", temptarfilename);\r
- exit (ERR_TAR);\r
- }\r
- unlink (tempincfilename);\r
- strcpy (tempincfilename,"");\r
- unlink (tempexcfilename);\r
- strcpy (tempincfilename,"");\r
-\r
- /* Compress archive */\r
- snprintf (command, STRING_SIZE-1, "/bin/gzip -c < %s > "MOUNTPOINT"/%s.tar.gz", temptarfilename, hostname);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Couldn't create "MOUNTPOINT"%s.tar.gz file\n", hostname);\r
- exit (ERR_GZ);\r
- }\r
- unlink (temptarfilename);\r
- strcpy (temptarfilename,"");\r
- \r
- /* Display to stdout include files names */\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -ztf "MOUNTPOINT"/%s.tar.gz", hostname);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Couldn't read %s.tar.gz file\n", hostname);\r
- exit (ERR_TAR);\r
- }\r
-\r
- /* Encrypt archive */\r
- snprintf (command, STRING_SIZE-1,\r
- "/usr/bin/openssl des3 -e -salt -in "MOUNTPOINT"/%s.tar.gz "\r
- "-out "MOUNTPOINT"/%s.dat -kfile " BACKUP_KEY, hostname, hostname);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Couldn't encrypt archive\n");\r
- exit (ERR_ENCRYPT);\r
- }\r
- snprintf (command, STRING_SIZE-1, MOUNTPOINT"/%s.tar.gz", hostname);\r
- unlink (command);\r
- \r
- /* Make sure web can overwrite */\r
- snprintf (command, STRING_SIZE-1, MOUNTPOINT"/%s.dat", hostname);\r
- chown (command, 99, 99);\r
-\r
- exit(0);\r
-}\r
+++ /dev/null
-/*\r
- * This file is part of the IPCop Firewall.\r
- *\r
- * IPCop is free software; you can redistribute it and/or modify\r
- * it under the terms of the GNU General Public License as published by\r
- * the Free Software Foundation; either version 2 of the License, or\r
- * (at your option) any later version.\r
- *\r
- * IPCop is distributed in the hope that it will be useful,\r
- * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\r
- * GNU General Public License for more details.\r
- *\r
- * You should have received a copy of the GNU General Public License\r
- * along with IPCop; if not, write to the Free Software\r
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA\r
- *\r
- * Copyright (C) 2003-06-25 Tim Butterfield <timbutterfield@mindspring.com>\r
- *\r
- * $Id: ipcoprscfg.c,v 1.2.2.6 2005/11/21 00:11:39 franck78 Exp $\r
- *\r
- */\r
-\r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <fcntl.h>\r
-#include <grp.h>\r
-#include <dirent.h>\r
-#include "setuid.h"\r
-\r
-#define TMP_FILEZ "/tmp/TMPFILE.tar.gz"\r
-#define TMP_FILE "/tmp/TMPFILE.tar"\r
-\r
-/* check existence of a data file */\r
-int data_exists(const char *hostname) {\r
- char fname[STRING_SIZE];\r
- snprintf (fname, STRING_SIZE-1, MOUNTPOINT"/%s.dat", hostname);\r
- return file_exists(fname);\r
-}\r
-\r
-\r
-int main(int argc, char**argv) {\r
- int rshardware=0;\r
- char command[STRING_SIZE];\r
- char hostname[STRING_SIZE];\r
-\r
- if (argc==2 && strcmp(argv[1],"--hardware")==0)\r
- rshardware=1; // restore hardware settings\r
-\r
- gethostname(hostname, STRING_SIZE-1);\r
-\r
- /* Init setuid */\r
- if (!initsetuid())\r
- exit(1);\r
-\r
- /* if a key file exists, an encrypted .dat is required */\r
- if (!file_exists(BACKUP_KEY)) {\r
- fprintf (stderr, "Missing encryption key\n");\r
- exit (ERR_DECRYPT);\r
- }\r
- \r
- \r
- if (!data_exists(hostname)) {\r
- fprintf (stderr, "Missing encrypted archive "MOUNTPOINT"/%s.dat archive\n", hostname);\r
- exit (ERR_DAT);\r
- }\r
-\r
- /* decrypt .dat file to tmp file */\r
- snprintf (command, STRING_SIZE-1, "/usr/bin/openssl des3 -d -salt -in "MOUNTPOINT"/%s.dat -out "TMP_FILEZ" -kfile "BACKUP_KEY" > /dev/null 2> /dev/null", hostname);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Couldn't decrypt "MOUNTPOINT"/%s.dat archive\n", hostname);\r
- exit (ERR_DECRYPT);\r
- }\r
-\r
- /* create temporary directory for testing untar */\r
- char tmp_dir[STRING_SIZE];\r
-\r
- strcpy (tmp_dir,"cfg_XXXXXXX");\r
- if (mkdtemp (tmp_dir)==NULL) {\r
- unlink (TMP_FILEZ);\r
- exit (ERR_ANY);\r
- }\r
-\r
- /* Start (test) untarring files from compressed archive */\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -C %s -xzvf "TMP_FILEZ" > /dev/null 2> /dev/null",tmp_dir);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Archive have errors!\n");\r
- unlink (TMP_FILEZ);\r
- exit (ERR_UNTARTST);\r
- }\r
-\r
- /* remove temporary directory */\r
- snprintf (command, STRING_SIZE-1, "/bin/rm -rf %s > /dev/null 2> /dev/null",tmp_dir);\r
- safe_system (command);\r
- \r
- /* Start (real) untarring files from compressed archive */\r
- char extraX[STRING_SIZE] = "";\r
- int retcode = 0;\r
- if (rshardware==0) { /* extra eXclusion from restore */\r
- strcpy (extraX, "-X "CONFIG_ROOT"/backup/exclude.hardware ");\r
- }\r
- snprintf (command, STRING_SIZE-1, "/bin/tar -C / -xzvf "TMP_FILEZ" -X "CONFIG_ROOT"/backup/exclude.system %s > /dev/null 2> /dev/null", extraX);\r
- if (safe_system (command)) {\r
- fprintf (stderr, "Error restoring archive\n");\r
- retcode = ERR_UNTAR;\r
- }\r
-\r
- /* remove temporary archive copy */\r
- unlink (TMP_FILEZ);\r
-\r
- exit(retcode);\r
-}\r