-my $errormessage = '';
-my $warnmessage = '';
-my $setdir = '/home/httpd/html/backup'; # location where sets are stored and imported
-my $datafile = hostname() . '.dat'; # file containing data backup
-my $datefile = $datafile . '.time'; # and creation date
-
-# ask if backup crypting key exists
-my $tmpkeyfile = "$setdir/key"; # import the backup key
-
-# Get GUI values
-my %settings = ();
-&Header::getcgihash(\%settings, {'wantfile' => 1, 'filevar' => 'FH'});
-
-##
-## Backup key management
-##
-
-#
-# Export the key. root pw is required to avoid user 'noboby' uses the helper to read it and creates
-# fake backup.
-#
-if ($settings{'ACTION'} eq $Lang::tr{'backup export key'}) {
-
- my $size = 0;
- if ($settings{'PASSWORD1'} ne '' && $settings{'PASSWORD1'} ne $settings{'PASSWORD2'} ){
- $errormessage = $Lang::tr{'passwords do not match'}
- } else {
- my @lines = `/usr/local/bin/ipfirebackup -keycat $settings{'PASSWORD'}`;
- # If previous operation succeded and the key need to be crypted, redo operation with pipe to openssl
- if (@lines && $settings{'PASSWORD1'}) {
- @lines = `/usr/local/bin/ipfirebackup -keycat $settings{'PASSWORD'}|openssl enc -a -e -aes256 -salt -pass pass:$settings{'PASSWORD1'} `;
- }
- if (@lines) {
- use bytes;
- foreach (@lines) {$size += length($_)};
- print "Pragma: no-cache\n";
- print "Cache-control: no-cache\n";
- print "Connection: close\n";
- print "Content-type: application/octet-stream\n";
- print "Content-Disposition: filename=backup.key\n";
- print "Content-Length: $size\n\n";
- print @lines;
- exit (0);
- } else {
- $errormessage = $Lang::tr{'incorrect password'};
- }
- }
-}
-#
-# Import the key. Fail if key exists. This avoid creating fake backup.
-#
-if ($settings{'ACTION'} eq $Lang::tr{'backup import key'}) {
- if (ref ($settings{'FH'}) ne 'Fh') {
- $errormessage = $Lang::tr{'no cfg upload'};
- } else {
- if (copy ($settings{'FH'}, $tmpkeyfile) != 1) {
- $errormessage = $Lang::tr{'save error'};
- } else {
- # if a password is given, decrypt the key received in $tmpkeyfile file with it.
- # no error is produce if the password is wrong.
- if ($settings{'PASSWORD1'}) {
- my @lines = `openssl enc -a -d -aes256 -salt -pass pass:$settings{'PASSWORD1'} -in $tmpkeyfile`;
- open(FILE,">$tmpkeyfile");
- print FILE @lines;
- close (FILE);
- }
- $errormessage = &get_bk_error(system ('/usr/local/bin/ipfirebackup -key import')>>8);
- }
- }
-}
-#
-# Import the key. Fail if key exists. Key is extracted from a non-encrypted backup (pre 1.4.10)
-#
-if ($settings{'ACTION'} eq $Lang::tr{'backup extract key'}) {
- if (ref ($settings{'FH'}) ne 'Fh') {
- $errormessage = $Lang::tr{'no cfg upload'};
- } else {
- if (copy ($settings{'FH'}, '/tmp/tmptarfile.tgz') != 1) {
- $errormessage = $Lang::tr{'save error'};
- } else {
- system( "tar -C /tmp -xzf /tmp/tmptarfile.tgz */backup/backup.key;\
- mv -f /tmp${General::swroot}/backup/backup.key $tmpkeyfile;\
- rm -rf /tmp${General::swroot};\
- rm /tmp/tmptarfile.tgz");
- $errormessage = &get_bk_error(system ('/usr/local/bin/ipfirebackup -key import')>>8);
- }
- }
-}
-#
-# Create the key. Cannot overwrite existing key to avoid difference with exported (saved) key
-#
-if ($settings{'ACTION'} eq $Lang::tr{'backup generate key'}) {
- $errormessage = &get_bk_error(system('/usr/local/bin/ipfirebackup -key new')>>8);
-}