webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup

Browse Source 
- A script was added to the update.sh script to add pass/no pass to the ovpnconfig entries
   but I forgot that this was also needed in the backup.pl file to add those statuses into
   any ovpnconfig file restored from a backup before the pass/no pass entries were added.
- This patch corrects that oversight.
- Confirmed by testing on my vm. Before the script added to backup.pl a restore of older
   ovpnconfig ended up not showing any icons or status elements. With the script in
   backup.pl confirmed that the restored ovpnconfig showed up in the WUI page correctly
   with the right icons and with the status elements correctly displayed.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Adolf Belka
2023-10-15 18:28:22 +02:00
committed by Michael Tremer
parent 6c829050c8
commit 3f18addede
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
config/backup/backup.pl
View File

@@ -205,6 +205,30 @@ restore_backup() {
done
fi
#Update ovpnconfig to include pass or no-pass for old backup versions missing the entry
# Check if ovpnconfig exists and is not empty
if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
# Make all N2N connections 'no-pass' since they do not use encryption
awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
# Evaluate roadwarrior connection names for *.p12 files
for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
# Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then
awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
fi
# Sort all encrypted roadwarriors out and set 'pass' in [43] index
if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error') ]]; then
awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
fi
done
fi
# Replace existing ovpnconfig with updated index
mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
# Set correct ownership
chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
return 0
}