From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup Date: Sun, 15 Oct 2023 18:28:22 +0200 Message-ID: <20231015162822.7763-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8476296348110518660==" List-Id: --===============8476296348110518660== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - A script was added to the update.sh script to add pass/no pass to the ovpnc= onfig entries but I forgot that this was also needed in the backup.pl file to add those = statuses into any ovpnconfig file restored from a backup before the pass/no pass entries= were added. - This patch corrects that oversight. - Confirmed by testing on my vm. Before the script added to backup.pl a resto= re of older ovpnconfig ended up not showing any icons or status elements. With the scr= ipt in backup.pl confirmed that the restored ovpnconfig showed up in the WUI page= correctly with the right icons and with the status elements correctly displayed. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/backup/backup.pl | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/config/backup/backup.pl b/config/backup/backup.pl index 8d990c0f1..75a0e4f60 100644 --- a/config/backup/backup.pl +++ b/config/backup/backup.pl @@ -205,6 +205,30 @@ restore_backup() { done fi =20 + #Update ovpnconfig to include pass or no-pass for old backup versions missi= ng the entry + # Check if ovpnconfig exists and is not empty + if [ -s /var/ipfire/ovpn/ovpnconfig ]; then + # Add blank line at top of ovpnconfig otherwise the first roadwarrio= r entry is treated like a blank line and missed out from update + awk 'NR=3D=3D1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire= /ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig + # Make all N2N connections 'no-pass' since they do not use encryption + awk '{FS=3DOFS=3D","} {if($5=3D=3D"net") {$43=3D"no-pass"; print $0}= }' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new + # Evaluate roadwarrior connection names for *.p12 files + for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconf= ig); do + # Sort all unencrypted roadwarriors out and set 'no-pass' in [43= ] index + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/$= {y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then + awk -v var=3D"$y" '{FS=3DOFS=3D","} {if($3=3D=3Dvar)= {$43=3D"no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovp= n/ovpnconfig.new + fi + # Sort all encrypted roadwarriors out and set 'pass' in [43] ind= ex + if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/$= {y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error') ]]; then + awk -v var=3D"$y" '{FS=3DOFS=3D","} {if($3=3D=3Dvar)= {$43=3D"pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/o= vpnconfig.new + fi + done + fi + # Replace existing ovpnconfig with updated index + mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig + # Set correct ownership + chown nobody:nobody /var/ipfire/ovpn/ovpnconfig + return 0 } =20 --=20 2.42.0 --===============8476296348110518660==--