From 46bc6e545a17e77202aaf01ec0cd8d5a46567525 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Tue, 25 Aug 2015 08:08:24 -0300 Subject: Move main pfSense content to src/ --- src/usr/local/www/system_firmware.php | 343 ++++++++++++++++++++++++++++++++++ 1 file changed, 343 insertions(+) create mode 100644 src/usr/local/www/system_firmware.php (limited to 'src/usr/local/www/system_firmware.php') diff --git a/src/usr/local/www/system_firmware.php b/src/usr/local/www/system_firmware.php new file mode 100644 index 0000000..d6d48ee --- /dev/null +++ b/src/usr/local/www/system_firmware.php @@ -0,0 +1,343 @@ + + Copyright (C) 2013-2015 Electric Sheep Fencing, LP + All rights reserved. + + originally part of m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2004 Manuel Kasper . + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* + pfSense_BUILDER_BINARIES: /usr/bin/tar + pfSense_MODULE: firmware +*/ + +##|+PRIV +##|*IDENT=page-system-firmware-manualupdate +##|*NAME=System: Firmware: Manual Update page +##|*DESCR=Allow access to the 'System: Firmware: Manual Update' page. +##|*MATCH=system_firmware.php* +##|-PRIV + +$d_isfwfile = 1; +$nocsrf = true; + +require_once("globals.inc"); +require_once("functions.inc"); +require_once("guiconfig.inc"); +require_once("xmlrpc_client.inc"); + +$curcfg = $config['system']['firmware']; + +/* Allow additional execution time 0 = no limit. */ +ini_set('max_execution_time', '9999'); +ini_set('max_input_time', '9999'); + +function file_is_for_platform($filename, $ul_name) { + global $g; + if ($g['platform'] == "nanobsd") { + if (stristr($ul_name, "nanobsd")) { + return true; + } else { + return false; + } + } + $_gb = exec("/usr/bin/tar xzf $filename -C /tmp/ etc/platform"); + unset($_gb); + if (!file_exists("/tmp/etc/platform")) { + return false; + } + $upgrade_is_for_platform = trim(file_get_contents("/tmp/etc/platform", " \n\t\r")); + if ($g['platform'] == $upgrade_is_for_platform) { + @unlink("/tmp/etc/platform"); + return true; + } + return false; +} + +function file_upload_error_message($error_code) { + switch ($error_code) { + case UPLOAD_ERR_INI_SIZE: + return gettext('The uploaded file exceeds the upload_max_filesize directive in php.ini'); + case UPLOAD_ERR_FORM_SIZE: + return gettext('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'); + case UPLOAD_ERR_PARTIAL: + return gettext('The uploaded file was only partially uploaded'); + case UPLOAD_ERR_NO_FILE: + return gettext('No file was uploaded'); + case UPLOAD_ERR_NO_TMP_DIR: + return gettext('Missing a temporary folder'); + case UPLOAD_ERR_CANT_WRITE: + return gettext('Failed to write file to disk'); + case UPLOAD_ERR_EXTENSION: + return gettext('File upload stopped by extension'); + default: + return gettext('Unknown upload error'); + } +} + +/* if upgrade in progress, alert user */ +if (is_subsystem_dirty('firmwarelock')) { + $pgtitle = array(gettext("System"), gettext("Firmware"), gettext("Manual Update")); + include("head.inc"); + echo "\n"; + include("fbegin.inc"); + echo "
\n"; + print_info_box(gettext("An upgrade is currently in progress.

The firewall will reboot when the operation is complete.") . "

update

"); + echo "
\n"; + include("fend.inc"); + echo ""; + echo ""; + exit; +} + +if ($_POST['backupbeforeupgrade']) { + touch("/tmp/perform_full_backup.txt"); +} + +/* Handle manual upgrade */ +if ($_POST && !is_subsystem_dirty('firmwarelock')) { + + unset($input_errors); + unset($sig_warning); + + if (stristr($_POST['Submit'], gettext("Enable"))) { + $mode = "enable"; + } else if (stristr($_POST['Submit'], gettext("Disable"))) { + $mode = "disable"; + } else if (stristr($_POST['Submit'], gettext("Upgrade")) || $_POST['sig_override']) { + $mode = "upgrade"; + } else if ($_POST['sig_no']) { + if (file_exists("{$g['upload_path']}/firmware.tgz")) { + unlink("{$g['upload_path']}/firmware.tgz"); + } + } + if ($mode) { + if ($mode == "enable") { + conf_mount_rw(); + mark_subsystem_dirty('firmware'); + } else if ($mode == "disable") { + conf_mount_ro(); + clear_subsystem_dirty('firmware'); + } else if ($mode == "upgrade") { + if ($_FILES['ulfile']['error']) { + $errortext = "(" . file_upload_error_message($_FILES['ulfile']['error']) . ")"; + } + if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) { + /* verify firmware image(s) */ + if (file_is_for_platform($_FILES['ulfile']['tmp_name'], $_FILES['ulfile']['name']) == false && !$_POST['sig_override']) { + $input_errors[] = gettext("The uploaded image file is not for this platform."); + } else if (!file_exists($_FILES['ulfile']['tmp_name'])) { + /* probably out of memory for the MFS */ + $input_errors[] = gettext("Image upload failed (out of memory?)"); + mwexec("/etc/rc.firmware disable"); + clear_subsystem_dirty('firmware'); + } else { + /* move the image so PHP won't delete it */ + rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz"); + + /* check digital signature */ + $sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz"); + + if ($sigchk == 1) { + $sig_warning = gettext("The digital signature on this image is invalid."); + } else if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig'])) { + $sig_warning = gettext("This image is not digitally signed."); + } else if (($sigchk >= 3)) { + $sig_warning = gettext("There has been an error verifying the signature on this image."); + } + + if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) { + $input_errors[] = gettext("The image file is corrupt."); + unlink("{$g['upload_path']}/firmware.tgz"); + } + } + } + + run_plugins("/usr/local/pkg/firmware_upgrade"); + + /* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */ + if (!$input_errors && !is_subsystem_dirty('firmwarelock') && (!$sig_warning || $_POST['sig_override'])) { + if (file_exists("{$g['upload_path']}/firmware.tgz")) { + /* fire up the update script in the background */ + mark_subsystem_dirty('firmwarelock'); + $savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically."); + if (stristr($_FILES['ulfile']['name'], "nanobsd") or $_POST['isnano'] == "yes") { + mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz"); + } else { + if ($g['platform'] == "nanobsd") { + $whichone = "pfSenseNanoBSDupgrade"; + } else { + $whichone = "pfSenseupgrade"; + } + mwexec_bg("/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz"); + unset($whichone); + } + } else { + $savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."), $errortext); + } + } + } + } +} + +$pgtitle = array(gettext("System"), gettext("Firmware")); +include("head.inc"); + +?> + +
+ + + + + + "") print_info_box($fwinfo); ?> +" . $sig_warning . "
" . gettext("This means that the image you uploaded " . + "is not an official/supported image and may lead to unexpected behavior or security " . + "compromises. Only install images that come from sources that you trust, and make sure " . + "that the image has not been tampered with.") . "

" . + gettext("Do you want to install this image anyway (on your own risk)?"); + print_info_box($sig_warning); + if (stristr($_FILES['ulfile']['name'], "nanobsd")) { + echo "\n"; + } +?> + " /> + " /> + + + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + +
  + + " /> +
+ +
+ + " /> +
  + + + +
+ + +
+ + " /> + + + + +
  + + + + +
+ + + + + +
+
+
+ + + +
+ + -- cgit v1.1