[PATCH] backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup

[Adolf Belka <adolf.belka@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2990 bytes --]

- A script was added to the update.sh script to add pass/no pass to the ovpnconfig entries
   but I forgot that this was also needed in the backup.pl file to add those statuses into
   any ovpnconfig file restored from a backup before the pass/no pass entries were added.
- This patch corrects that oversight.
- Confirmed by testing on my vm. Before the script added to backup.pl a restore of older
   ovpnconfig ended up not showing any icons or status elements. With the script in
   backup.pl confirmed that the restored ovpnconfig showed up in the WUI page correctly
   with the right icons and with the status elements correctly displayed.

Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/backup/backup.pl | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/config/backup/backup.pl b/config/backup/backup.pl
index 8d990c0f1..75a0e4f60 100644
--- a/config/backup/backup.pl
+++ b/config/backup/backup.pl
@@ -205,6 +205,30 @@ restore_backup() {
 	       done
 	fi
 
+	#Update ovpnconfig to include pass or no-pass for old backup versions missing the entry
+	# Check if ovpnconfig exists and is not empty
+	if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+       	# Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+       	awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+       	# Make all N2N connections 'no-pass' since they do not use encryption
+       	awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+		# Evaluate roadwarrior connection names for *.p12 files
+       	for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+       	    # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
+       	        if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then
+       	                awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+       	        fi
+       	    # Sort all encrypted roadwarriors out and set 'pass' in [43] index
+       	        if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error')  ]]; then
+       	                awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+			 fi
+	       done
+	fi
+	# Replace existing ovpnconfig with updated index
+	mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+	# Set correct ownership
+	chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
 	return 0
 }
 
-- 
2.42.0