backup.pl: Fix for bug#11048 - add script for adding pass/no pass to ovpnconfig from backup
Commit Message
- A script was added to the update.sh script to add pass/no pass to the ovpnconfig entries
but I forgot that this was also needed in the backup.pl file to add those statuses into
any ovpnconfig file restored from a backup before the pass/no pass entries were added.
- This patch corrects that oversight.
- Confirmed by testing on my vm. Before the script added to backup.pl a restore of older
ovpnconfig ended up not showing any icons or status elements. With the script in
backup.pl confirmed that the restored ovpnconfig showed up in the WUI page correctly
with the right icons and with the status elements correctly displayed.
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
config/backup/backup.pl | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
@@ -205,6 +205,30 @@ restore_backup() {
done
fi
+ #Update ovpnconfig to include pass or no-pass for old backup versions missing the entry
+ # Check if ovpnconfig exists and is not empty
+ if [ -s /var/ipfire/ovpn/ovpnconfig ]; then
+ # Add blank line at top of ovpnconfig otherwise the first roadwarrior entry is treated like a blank line and missed out from update
+ awk 'NR==1{print ""}1' /var/ipfire/ovpn/ovpnconfig > /var/ipfire/ovpn/tmp_file && mv /var/ipfire/ovpn/tmp_file /var/ipfire/ovpn/ovpnconfig
+ # Make all N2N connections 'no-pass' since they do not use encryption
+ awk '{FS=OFS=","} {if($5=="net") {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+ # Evaluate roadwarrior connection names for *.p12 files
+ for y in $(awk -F',' '/host/ { print $3 }' /var/ipfire/ovpn/ovpnconfig); do
+ # Sort all unencrypted roadwarriors out and set 'no-pass' in [43] index
+ if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'Encrypted data') ]]; then
+ awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="no-pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+ fi
+ # Sort all encrypted roadwarriors out and set 'pass' in [43] index
+ if [[ -n $(openssl pkcs12 -info -in /var/ipfire/ovpn/certs/${y}.p12 -noout -password pass:'' 2>&1 | grep 'verify error') ]]; then
+ awk -v var="$y" '{FS=OFS=","} {if($3==var) {$43="pass"; print $0}}' /var/ipfire/ovpn/ovpnconfig >> /var/ipfire/ovpn/ovpnconfig.new
+ fi
+ done
+ fi
+ # Replace existing ovpnconfig with updated index
+ mv /var/ipfire/ovpn/ovpnconfig.new /var/ipfire/ovpn/ovpnconfig
+ # Set correct ownership
+ chown nobody:nobody /var/ipfire/ovpn/ovpnconfig
+
return 0
}