char * zurl(const char * url, char * opt){
const char * host = get_host(url);
const char * uri = get_uri(url);
unsigned int m,n;
m = n = 0;
struct field * data = get_data(uri,&m);
struct field * params = get_params(uri,&n);
char * buffer = http_request("GET", host, uri, HTTP_EDITION,
params, m, data, n,1);
free_kv(data,m);
free_kv(params,n);
return buffer;
}
void exithandler(void)
{
if (main_kv)
free_kv(&main_kv);
if (fd)
fclose(fd);
if (hosts)
fclose(hosts);
}
/* delete a HashTable instance */
void hash_table_delete(HashTable* ht)
{
if (ht) {
if (ht->table) {
int i = 0;
for (i = 0; i<TABLE_SIZE; i++) {
struct kv* p = ht->table[i];
struct kv* q = NULL;
while (p) {
q = p->next;
free_kv(p);
p = q;
}
}
free(ht->table);
ht->table = NULL;
}
free(ht);
}
}
/* remove a value indexed by key */
void hash_table_rm(HashTable* ht, char* key)
{
int i = hash_33(key) % TABLE_SIZE;
struct kv* p = ht->table[i];
struct kv* prep = p;
while (p) {
if (strcmp(key, p->key) == 0) {
free_kv(p);
if (p == prep) {
ht->table[i] = NULL;
}
else {
prep->next = p->next;
}
}
prep = p;
p = p->next;
}
}
int main(int argc, char **argv)
{
int flag_test = 0;
int flag_flush = 0;
int flag_repair = 0;
int enabled_green = 0;
int transparent_green = 0;
int enabled_blue = 0;
int transparent_blue = 0;
int enabled_ovpn = 0;
int transparent_ovpn = 0;
struct stat st;
NODEKV *squid_kv = NULL;
char buffer[STRING_SIZE];
char proxy_port[STRING_SIZE];
NODEKV *ipsec_kv = NULL;
char enabled_IPsec[STRING_SIZE] = "";
static struct option long_options[] =
{
{ "flush", no_argument, 0, 'f' },
{ "repair", no_argument, 0, 'r' },
{ "test", no_argument, 0, 't' },
{ "verbose", no_argument, 0, 'v' },
{ "help", no_argument, 0, 'h' },
{ 0, 0, 0, 0}
};
int c;
int option_index = 0;
if (!(initsetuid()))
exit(1);
while ((c = getopt_long(argc, argv, "frtv", long_options, &option_index)) != -1) {
switch (c) {
case 't': /* test first */
flag_test = 1;
break;
case 'f': /* flush cache */
flag_flush = 1;
break;
case 'r': /* repair cache */
flag_repair = 1;
break;
case 'v': /* verbose */
flag_verbose++;
break;
case 'h':
usage(argv[0], 0);
default:
fprintf(stderr, "unknown option\n");
usage(argv[0], 1);
}
}
/* Retrieve the Squid pid file */
if ((access("/var/run/squid.pid", F_OK) == -1) && flag_test) {
verbose_printf(1, "Squid not running, no need to start\n");
exit(0); /* Not running, no need to start with -t */
}
if (access("/var/run/squid.pid", F_OK) != -1) {
/* Kill running squid */
verbose_printf(1, "Flush squid iptables chain ... \n");
safe_system("/sbin/iptables -t nat -F SQUID");
verbose_printf(1, "Shutdown squid ... \n");
safe_system("/usr/sbin/squid -k shutdown >/dev/null 2>/dev/null");
c = 0;
while ((c++ < 15) && (access("/var/run/squid.pid", F_OK) != -1)) {
sleep(1);
}
if (access("/var/run/squid.pid", F_OK) != -1) {
verbose_printf(1, "Really shutdown squid ... \n");
safe_system("/usr/bin/killall -9 squid >/dev/null 2>/dev/null");
}
}
if (access("/var/run/squid.pid", F_OK) != -1) {
verbose_printf(2, "Remove leftover PID file ... \n");
unlink("/var/run/squid.pid");
}
/* See if we need to flush/repair the cache */
if (flag_flush) {
struct passwd *pw;
if ((pw = getpwnam("squid"))) {
endpwent(); /* probably paranoia, but just in case.. */
verbose_printf(1, "Flushing proxy cache ... \n");
unpriv_system("/bin/rm -rf /var/log/cache/*", pw->pw_uid, pw->pw_gid);
}
else {
fprintf(stderr, "User squid not found, cache not flushed\n");
endpwent();
}
}
int saferestart = 0;
if (flag_repair) {
struct passwd *pw;
if ((pw = getpwnam("squid"))) {
endpwent(); /* probably paranoia, but just in case.. */
verbose_printf(1, "Repairing proxy cache ... \n");
if (stat("/var/log/cache/swap.state", &st) == 0) {
unpriv_system("/bin/rm -f /var/log/cache/swap.state", pw->pw_uid, pw->pw_gid);
}
saferestart = 1;
}
else {
fprintf(stderr, "User squid not found, cache not repaired\n");
endpwent();
}
}
verbose_printf(1, "Reading Proxy settings ... \n");
if (read_kv_from_file(&squid_kv, "/var/ipcop/proxy/settings") != SUCCESS) {
fprintf(stderr, "Cannot read proxy settings\n");
exit(1);
}
/* See if proxy is enabled and / or transparent */
if (test_kv(squid_kv, "ENABLED_GREEN_1", "on") == SUCCESS) {
enabled_green = 1;
}
if (test_kv(squid_kv, "TRANSPARENT_GREEN_1", "on") == SUCCESS) {
transparent_green = 1;
}
if (test_kv(squid_kv, "ENABLED_BLUE_1", "on") == SUCCESS) {
enabled_blue = 1;
}
if (test_kv(squid_kv, "TRANSPARENT_BLUE_1", "on") == SUCCESS) {
transparent_blue = 1;
}
if (test_kv(squid_kv, "ENABLED_OVPN", "on") == SUCCESS) {
enabled_ovpn = 1;
}
if (test_kv(squid_kv, "TRANSPARENT_OVPN", "on") == SUCCESS) {
transparent_ovpn = 1;
}
/* Retrieve the proxy port */
if (transparent_green || transparent_blue || transparent_ovpn) {
if (find_kv_default(squid_kv, "PROXY_PORT", proxy_port) != SUCCESS) {
strcpy(proxy_port, "8080");
}
else {
if (strspn(proxy_port, NUMBERS) != strlen(proxy_port)) {
fprintf(stderr, "Invalid proxy port: %s, defaulting to 8080\n", proxy_port);
strcpy(proxy_port, "8080");
}
}
}
free_kv(&squid_kv);
if (!enabled_green && !enabled_blue && !enabled_ovpn) {
verbose_printf(1, "Proxy not enabled ... exit ... \n");
return 0;
}
/* We can't start squid if .conf is missing */
if (access("/var/ipcop/proxy/squid.conf", F_OK) == -1) {
fprintf(stderr, "Configuration file squid.conf not found\n");
exit(1);
}
/* Fetch ethernet/settings, exit on error */
read_ethernet_settings(1);
if (enabled_green || enabled_blue || enabled_ovpn) {
/* rebuild firewall rules, proxy port may be different now */
verbose_printf(1, "Rebuild firewall rules ... \n");
safe_system("/usr/local/bin/setfwrules --ipcop");
verbose_printf(1, "Create swap directories ... \n");
if (safe_system("/usr/sbin/squid -s -z 2>/dev/null")) {
verbose_printf(1, "Error creating swap directories ... \n");
}
verbose_printf(1, "Starting squid ... \n");
if (saferestart)
safe_system("/usr/sbin/squid -s -S");
else
safe_system("/usr/sbin/squid -s");
}
/* static (green/blue) interfaces must exist if transparence is requested */
if (transparent_green && enabled_green && !ipcop_ethernet.count[GREEN]) {
fprintf(stderr, "No GREEN device, not running transparent\n");
exit(1);
}
if (transparent_blue && enabled_blue && !ipcop_ethernet.count[BLUE]) {
fprintf(stderr, "No BLUE device, not running transparent\n");
exit(1);
}
/* TODO: test for OpenVPN device if ovpn transparent is selected? */
/* For now we use fixed tun0 and expect it to be present. */
/* disable transparence for known IPsec networks */
verbose_printf(1, "Reading IPsec settings ... \n");
if (read_kv_from_file(&ipsec_kv, "/var/ipcop/ipsec/settings") != SUCCESS) {
fprintf(stderr, "Cannot read IPsec settings\n");
exit(1);
}
find_kv_default(ipsec_kv, "ENABLED_RED_1", enabled_IPsec);
if (strcmp(enabled_IPsec, "on")) {
find_kv_default(ipsec_kv, "ENABLED_BLUE_1", enabled_IPsec);
}
free_kv(&ipsec_kv);
if (!strcmp(enabled_IPsec, "on")) {
setdirectipsec (enabled_green && transparent_green,
enabled_blue && transparent_blue);
}
/* TODO: disable transparence for OpenVPN networks, but only for
OpenVPN net-2-net which we currently have not implemented */
/* choose RED destination: 'localip' or 'red_netaddress/red_netmask' */
char destination[STRING_SIZE] = "";
if (strcmp(ipcop_ethernet.red_type[1], "STATIC") == 0) {
snprintf(destination, STRING_SIZE, "%s/%s", ipcop_ethernet.address[RED][1], ipcop_ethernet.netmask[RED][1]);
}
else {
if (ipcop_ethernet.red_address[1][0] && VALID_IP(ipcop_ethernet.red_address[1])) {
snprintf(destination, STRING_SIZE, "%s", ipcop_ethernet.red_address[1]);
}
}
/* RED may be down */
if (!strlen(destination)) {
verbose_printf(1, "Cannot determine RED network.\n");
}
else {
verbose_printf(2, "Dest IP is set to: %s\n", destination);
}
/* install the transparency rules */
/* green transparent ? */
if (transparent_green && enabled_green) {
/* direct http GREEN-->RED network */
verbose_printf(1, "Setting transparent iptables rule for GREEN ... \n");
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN",
ipcop_ethernet.device[GREEN][1], destination) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
if (strlen(destination))
safe_system(buffer); /* only id known RED */
/* install the redirect for other port http destinations from green */
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s",
ipcop_ethernet.device[GREEN][1], proxy_port) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
safe_system(buffer);
}
/* blue transparent ? */
if (transparent_blue && enabled_blue) {
/* direct http BLUE-->RED network */
verbose_printf(1, "Setting transparent iptables rule for BLUE ... \n");
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN",
ipcop_ethernet.device[BLUE][1], destination) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
if (strlen(destination))
safe_system(buffer); /* only id known RED */
/* install the redirect for other port http destinations from blue */
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s",
ipcop_ethernet.device[BLUE][1], proxy_port) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
safe_system(buffer);
}
/* OpenVPN roadwarriors transparent ? */
if (transparent_ovpn && enabled_ovpn) {
/* direct http OpenVPN-->RED network */
verbose_printf(1, "Setting transparent iptables rule for OpenVPN RW ... \n");
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp -d %s --dport 80 -j RETURN",
"tun0", destination) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
if (strlen(destination))
safe_system(buffer); /* only id known RED */
/* install the redirect for other port http destinations from OpenVPN */
if (snprintf(buffer, STRING_SIZE - 1,
"/sbin/iptables -t nat -A SQUID -i %s -p tcp --dport 80 -j REDIRECT --to-port %s",
"tun0", proxy_port) >= STRING_SIZE) {
fprintf(stderr, "Command too long\n");
exit(1);
}
safe_system(buffer);
}
return 0;
}
int main(int argc, char **argv)
{
int flag_boot = 0;
int fd, config_fd, rc, pid;
char buffer[STRING_SIZE_LARGE], command[STRING_SIZE_LARGE] = "/bin/sed -e '";
NODEKV *ssh_kv = NULL;
int enabled = 0;
static struct option long_options[] =
{
{ "boot", no_argument, 0, 'b' },
{ "verbose", no_argument, 0, 'v' },
{ "help", no_argument, 0, 'h' },
{ 0, 0, 0, 0}
};
int c;
int option_index = 0;
if (!(initsetuid()))
exit(1);
while ((c = getopt_long(argc, argv, "bv", long_options, &option_index)) != -1) {
switch (c) {
case 'b': /* booting */
flag_boot = 1;
break;
case 'v': /* verbose */
flag_verbose++;
break;
case 'h':
usage(argv[0], 0);
default:
fprintf(stderr, "unknown option\n");
usage(argv[0], 1);
}
}
verbose_printf(1, "Reading SSHd settings ... \n");
if (read_kv_from_file(&ssh_kv, "/var/ipcop/remote/settings") != SUCCESS) {
fprintf(stderr, "Cannot read remote access settings\n");
exit(1);
}
/* By using O_CREAT with O_EXCL open() will fail if the file already exists,
* this prevents 2 copies of restartssh both trying to edit the config file
* at once. It also prevents race conditions, but these shouldn't be
* possible as /etc/ssh/ should only be writable by root anyhow
*/
if ((config_fd = open("/etc/ssh/sshd_config.new", O_WRONLY | O_CREAT | O_EXCL, 0644)) == -1) {
perror("Unable to open new config file");
free_kv(&ssh_kv);
exit(1);
}
verbose_printf(1, "Rebuilding SSHd config ... \n");
if (test_kv(ssh_kv, "ENABLE_SSH_PROTOCOL1", "on") == SUCCESS)
strlcat(command, "s/^Protocol .*$/Protocol 2,1/;", STRING_SIZE_LARGE - 1);
else
strlcat(command, "s/^Protocol .*$/Protocol 2/;", STRING_SIZE_LARGE - 1);
if (test_kv(ssh_kv, "ENABLE_SSH_KEYS", "off") == SUCCESS)
strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication no/;"
"s/^PubkeyAuthentication .*$/PubkeyAuthentication no/;", STRING_SIZE_LARGE - 1);
else
strlcat(command, "s/^RSAAuthentication .*$/RSAAuthentication yes/;"
"s/^PubkeyAuthentication .*$/PubkeyAuthentication yes/;", STRING_SIZE_LARGE - 1);
if (test_kv(ssh_kv, "ENABLE_SSH_PASSWORDS", "off") == SUCCESS)
strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication no/;", STRING_SIZE_LARGE - 1);
else
strlcat(command, "s/^PasswordAuthentication .*$/PasswordAuthentication yes/;", STRING_SIZE_LARGE - 1);
if (test_kv(ssh_kv, "ENABLE_SSH_PORTFW", "on") == SUCCESS)
strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding yes/", STRING_SIZE_LARGE - 1);
else
strlcat(command, "s/^AllowTcpForwarding .*$/AllowTcpForwarding no/", STRING_SIZE_LARGE - 1);
if (test_kv(ssh_kv, "ENABLE_SSH", "on") == SUCCESS)
enabled = 1;
free_kv(&ssh_kv);
snprintf(buffer, STRING_SIZE_LARGE - 1, "' /etc/ssh/sshd_config >&%d", config_fd);
strlcat(command, buffer, STRING_SIZE_LARGE - 1);
if ((rc = unpriv_system(command, 99, 99)) != 0) {
fprintf(stderr, "sed returned bad exit code: %d\n", rc);
close(config_fd);
unlink("/etc/ssh/sshd_config.new");
exit(1);
}
close(config_fd);
if (rename("/etc/ssh/sshd_config.new", "/etc/ssh/sshd_config") != 0) {
perror("Unable to replace old config file");
unlink("/etc/ssh/sshd_config.new");
exit(1);
}
memset(buffer, 0, STRING_SIZE_LARGE);
verbose_printf(1, "Shutdown SSHd ... \n");
if ((fd = open("/var/run/sshd.pid", O_RDONLY)) != -1) {
if ((read(fd, buffer, STRING_SIZE_LARGE - 1) == -1) && !flag_boot) {
fprintf(stderr, "Couldn't read from pid file\n");
}
else {
pid = atoi(buffer);
if (pid <= 1)
fprintf(stderr, "Bad pid value\n");
else {
if (kill(pid, SIGTERM) == -1)
fprintf(stderr, "Unable to send SIGTERM\n");
else
unlink("/var/run/sshd.pid");
}
}
close(fd);
}
else {
if (!flag_boot && (errno != ENOENT)) {
perror("Unable to open pid file");
exit(1);
}
}
if (enabled) {
verbose_printf(1, "Starting SSHd ... \n");
safe_system("/usr/sbin/sshd");
/* Give SSHd some time to start */
sleep(1);
if (access("/var/run/sshd.pid", F_OK) == -1) {
fprintf(stderr, "Couldn't read from pid file, SSHd not running?\n");
}
else if (flag_verbose >= 2) {
safe_system("echo -n \"SSHd running with PID \" && cat /var/run/sshd.pid");
}
}
return 0;
}
int main(int argc, char *argv[])
{
char hostname[STRING_SIZE] = "";
char domainname[STRING_SIZE] = "";
char buffer[STRING_SIZE];
char string[STRING_SIZE];
char *active, *ip, *host, *domain;
static struct option long_options[] = {
{ "nosighup", no_argument, &flag_nosighup, 1 },
{ "verbose", no_argument, 0, 'v'},
{ "help", no_argument, 0, 'h'},
{0, 0, 0, 0}
};
int c;
int option_index = 0;
if (!(initsetuid()))
exit(1);
while ((c = getopt_long(argc, argv, "hv", long_options, &option_index)) != -1) {
switch (c) {
case 0:
break;
case 'v': /* verbose */
flag_verbose++;
break;
case 'h':
usage(argv[0], 0);
default:
fprintf(stderr, "unknown option\n");
usage(argv[0], 1);
}
}
atexit(exithandler);
memset(buffer, 0, STRING_SIZE);
/* Fetch ethernet/settings, exit on error */
read_ethernet_settings(1);
if (read_kv_from_file(&main_kv, "/var/ipcop/main/settings") != SUCCESS) {
fprintf(stderr, "Couldn't read main settings\n");
exit(1);
}
strcpy(hostname, SNAME);
find_kv_default(main_kv, "HOSTNAME", hostname);
find_kv_default(main_kv, "DOMAINNAME", domainname);
free_kv(&main_kv);
main_kv = NULL;
if (!(fd = fopen("/var/ipcop/main/hosts", "r"))) {
fprintf(stderr, "Couldn't open main hosts file\n");
exit(1);
}
snprintf(string, STRING_SIZE, "/etc/hosts");
if (!(hosts = fopen(string, "w"))) {
fprintf(stderr, "Couldn't open /etc/hosts file\n");
fclose(fd);
fd = NULL;
exit(1);
}
fprintf(hosts, "127.0.0.1\tlocalhost\n");
if (strlen(domainname))
fprintf(hosts, "%s\t%s.%s\t%s\n", ipcop_ethernet.address[GREEN][1], hostname, domainname, hostname);
else
fprintf(hosts, "%s\t%s\n", ipcop_ethernet.address[GREEN][1], hostname);
while (fgets(buffer, STRING_SIZE, fd)) {
buffer[strlen(buffer) - 1] = 0;
if (buffer[0] == ',')
continue; /* disabled if empty field */
active = strtok(buffer, ",");
if (strcmp(active, "off") == 0)
continue; /* or 'off' */
ip = strtok(NULL, ",");
host = strtok(NULL, ",");
domain = strtok(NULL, ",");
if (!(ip && host))
continue; /* bad line ? skip */
if (!VALID_IP(ip)) {
fprintf(stderr, "Bad IP: %s\n", ip);
continue; /* bad ip, continue */
}
if (strspn(host, LETTERS_NUMBERS "-") != strlen(host)) {
fprintf(stderr, "Bad Host: %s\n", host);
continue; /* bad name, continue */
}
if (domain)
fprintf(hosts, "%s\t%s.%s\t%s\n", ip, host, domain, host);
else
fprintf(hosts, "%s\t%s\n", ip, host);
}
fclose(fd);
fd = NULL;
fclose(hosts);
hosts = NULL;
if (flag_nosighup) {
verbose_printf(1, "Restart dnsmasq... \n");
safe_system("/etc/rc.d/rc.dnsmasq --restart");
}
else {
verbose_printf(1, "Send SIGHUP to dnsmasq... \n");
safe_system("/etc/rc.d/rc.dnsmasq --sighup");
}
return 0;
}
int main(int argc, char *argv[])
{
int tempfd;
char command[STRING_SIZE];
char filename[STRING_SIZE];
char buffer[STRING_SIZE];
char *timestamp = NULL;
FILE *fd;
NODEKV *kv_old = NULL;
NODEKV *kv_new = NULL;
char port_gui[STRING_SIZE];
char port_ssh[STRING_SIZE];
static struct option long_options[] =
{
{ "hardware", no_argument, &flag_hardware, 1 },
{ "hostname", required_argument, &flag_hostname, 1 },
{ "import", no_argument, &flag_import, 1 },
{ "restore", required_argument, &flag_restore, 1},
{ "verbose", no_argument, 0, 'v' },
{ "help", no_argument, 0, 'h' },
{ 0, 0, 0, 0}
};
int c;
int option_index = 0;
char *opt_filename = NULL;
while ((c = getopt_long(argc, argv, "r:v", long_options, &option_index)) != -1) {
switch (c) {
case 0:
if (!strcmp("hostname", long_options[option_index].name)) {
strcpy(hostname, optarg);
}
else if (!strcmp("restore", long_options[option_index].name)) {
opt_filename = strdup(optarg);
}
break;
case 'v': /* verbose */
flag_verbose++;
break;
case 'h':
usage(argv[0], 0);
default:
fprintf(stderr, "unknown option\n");
usage(argv[0], BACKUP_ERR_PARM);
}
}
if (!flag_import && !flag_restore) {
/* need at least one of import or restore */
usage(argv[0], 1);
}
/* Init setuid */
if (!(initsetuid()))
exit(BACKUP_ERR_SUID);
if (!flag_hostname) {
gethostname(hostname, STRING_SIZE - 1);
}
if (flag_restore) {
/* check filename valid, full file name length */
if (strlen(opt_filename) != (strlen(MOUNTPOINT "/-YYYY-MM-DD_HH-MM-SS.dat")+ strlen(hostname))) {
fprintf(stderr, "ipcoprscfg : bad file name\n");
fprintf(stderr, "%s\n", hostname);
fprintf(stderr, "%s\n", opt_filename);
exit(BACKUP_ERR_FILENAME);
}
/* file in the path */
if (!strstr(opt_filename, MOUNTPOINT)) {
fprintf(stderr, "ipcoprscfg : wrong path\n");
exit(BACKUP_ERR_PATHNAME);
}
/* and exist */
if (access(opt_filename, F_OK) == -1) {
fprintf(stderr, "Missing backup\n");
exit(BACKUP_ERR_DAT);
}
strcpy(filename, opt_filename);
}
else {
snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s.dat", hostname);
}
/* key file and encrypted .dat are required */
if (access(BACKUP_KEY, F_OK) == -1) {
fprintf(stderr, "Missing encryption key\n");
exit(BACKUP_ERR_DECRYPT);
}
/* now exithandler will have something to do */
atexit(exithandler);
/* decrypt .dat file to /tmp/hostname.tar.gz */
snprintf(command, STRING_SIZE - 1,
"/usr/bin/openssl des3 -d -salt "
"-in %s " "-out /tmp/%s.tar.gz " "-kfile " BACKUP_KEY "> /dev/null 2> /dev/null", filename, hostname);
if (safe_system(command)) {
fprintf(stderr, "Couldn't decrypt %s.dat archive\n", hostname);
exit(BACKUP_ERR_DECRYPT);
}
/* create temporary directory for testing untar */
strcpy(tmpdir, "/tmp/cfg_XXXXXX");
if (mkdtemp(tmpdir) == NULL) {
exit(BACKUP_ERR_ANY);
}
/* Start (test) untarring files from compressed archive */
snprintf(command, STRING_SIZE - 1, "/bin/tar -C %s -xzvf /tmp/%s.tar.gz > /dev/null 2> /dev/null", tmpdir,
hostname);
if (safe_system(command)) {
fprintf(stderr, "Invalid archive\n");
exit(BACKUP_ERR_UNTARTST);
}
/* Backup version OK ? */
if (testbackupversion(tmpdir) != SUCCESS) {
fprintf(stderr, "No version or invalid version in archive\n");
exit(BACKUP_ERR_VERSION);
}
/* If in import mode, read tagfile if include
* or parse backup to read newest file time change */
if (flag_import) {
snprintf(filename, STRING_SIZE - 1, "%s/var/ipcop/backup.dat.time", tmpdir);
if (access(filename, F_OK) == -1) {
/* without tagfile include */
strcpy(tmpdatefile, "/tmp/date.XXXXXX");
if (!(tempfd = mkstemp(tmpdatefile)) > 0) {
fprintf(stderr, "Couldn't create temporary file.\n");
exit(BACKUP_ERR_ANY);
}
/* Parse all files of a backup
* to read last modification date.
* The most recent date is written on tmp file */
snprintf(command, STRING_SIZE - 1,
"/usr/bin/find %s -type f -exec "
"/bin/ls --time-style=+%%Y-%%m-%%d_%%H-%%M-%%S -l {} \\; | "
"/usr/bin/awk '{print $6}' | " "/usr/bin/sort -rn | /bin/head -n 1 >%s", tmpdir, tmpdatefile);
if (safe_system(command)) {
fprintf(stderr, "Couldn't write tmpdatefile\n");
exit(BACKUP_ERR_ANY);
}
/* read the date */
if (!(fd = fopen(tmpdatefile, "r"))) {
perror("ipcoprscfg : Failed opening file tagfile");
exit(BACKUP_ERR_ANY);
}
if (fgets(buffer, STRING_SIZE, fd)) {
if (buffer[strlen(buffer) - 1] == '\n')
buffer[strlen(buffer) - 1] = '\0';
}
fclose(fd);
timestamp = strtok(buffer, " ");
/* Write tagfile for backup */
snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s-%s.dat.time", hostname, timestamp);
writetagfile(filename, timestamp);
}
else {
/* date is available to be read directly */
if (!(fd = fopen(filename, "r"))) {
perror("ipcoprscfg : Failed opening file tagfile");
exit(BACKUP_ERR_ANY);
}
if (fgets(buffer, STRING_SIZE, fd)) {
timestamp = strtok(buffer, " ");
}
fclose(fd);
/* Moving from ext3 to FAT system, system warn not
* able to preserve ownership, change before */
if (chown(filename, 99, 99)) {
fprintf(stderr, "Couldn't chown .dat.time file\n");
exit(BACKUP_ERR_ANY);
}
snprintf(command, STRING_SIZE - 1,
"/bin/mv %s " MOUNTPOINT "/%s-%s.dat.time", filename, hostname, timestamp);
if (safe_system(command)) {
perror("Failed to copy tagfile");
exit(BACKUP_ERR_ANY);
}
}
/* backup is valid, move to a name with date */
snprintf(filename, STRING_SIZE - 1, MOUNTPOINT "/%s.dat", hostname);
snprintf(command, STRING_SIZE - 1, "/bin/mv %s " MOUNTPOINT "/%s-%s.dat", filename, hostname, timestamp);
if (safe_system(command)) {
perror("Failed to copy backup");
exit(BACKUP_ERR_ANY);
}
exit(0);
}
/* uncompress archive */
snprintf(command, STRING_SIZE - 1, "/bin/gunzip -d -f /tmp/%s.tar.gz", hostname);
safe_system(command);
/* remove hardware specific settings */
if (flag_hardware == 0) {
snprintf(command, STRING_SIZE - 1,
"/bin/tar --delete --file=/tmp/%s.tar -T /var/ipcop/backup/exclude.hardware", hostname);
safe_system(command);
}
/* get current ports for GUI and ssh */
if (read_kv_from_file(&kv_old, "/var/ipcop/main/settings") == SUCCESS) {
if (find_kv_default(kv_old, "GUIPORT", port_gui) != SUCCESS) {
strcpy(port_gui, "8443");
}
if (find_kv_default(kv_old, "SSHPORT", port_ssh) != SUCCESS) {
strcpy(port_ssh, "8022");
}
free_kv(&kv_old);
}
/* Start (real) untarring files from compressed archive */
snprintf(command, STRING_SIZE - 1,
"/bin/tar -X /var/ipcop/backup/exclude.system -C / -xvf /tmp/%s.tar &>/dev/null", hostname);
if (safe_system(command)) {
fprintf(stderr, "Error restoring archive\n");
exit(BACKUP_ERR_UNTAR);
}
else {
/* TODO: here we will need to add mechanism for upgrade from 1.4.xx configuration files */
/* get new ports for GUI and ssh and check for modifications */
if (read_kv_from_file(&kv_new, "/var/ipcop/main/settings") == SUCCESS) {
if (test_kv(kv_new, "GUIPORT", port_gui) != SUCCESS) {
find_kv_default(kv_new, "GUIPORT", port_gui);
snprintf(command, STRING_SIZE, "/usr/local/bin/setreservedports.pl --nocheck --gui %s", port_gui);
safe_system(command);
}
if (test_kv(kv_new, "SSHPORT", port_ssh) != SUCCESS) {
find_kv_default(kv_new, "SSHPORT", port_ssh);
snprintf(command, STRING_SIZE, "/usr/local/bin/setreservedports.pl --nocheck --ssh %s", port_ssh);
safe_system(command);
}
free_kv(&kv_new);
}
if (safe_system("/usr/local/bin/upgrade.sh &>/dev/null")) {
fprintf(stderr, "Error upgrading data from backup!\n");
exit(BACKUP_ERR_ANY);
}
}
exit(0);
}
void uninit_wc(void)
{
free_kv(global_wordcloud1);
free_kv(global_wordcloud2);
}
