Project

General

Profile

Download (11.9 KB) Statistics
| Branch: | Tag: | Revision:

univnautes / usr / local / www / system_firmware.php @ a1b66bec

1
<?php
2
/* $Id$ */
3
/*
4
	system_firmware.php
5
	Copyright (C) 2008 Scott Ullrich <sullrich@gmail.com>
6
	All rights reserved.
7

    
8
	originally part of m0n0wall (http://m0n0.ch/wall)
9
	Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
10
	All rights reserved.
11

    
12
	Redistribution and use in source and binary forms, with or without
13
	modification, are permitted provided that the following conditions are met:
14

    
15
	1. Redistributions of source code must retain the above copyright notice,
16
	   this list of conditions and the following disclaimer.
17

    
18
	2. Redistributions in binary form must reproduce the above copyright
19
	   notice, this list of conditions and the following disclaimer in the
20
	   documentation and/or other materials provided with the distribution.
21

    
22
	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
23
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
24
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
26
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
29
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
31
	POSSIBILITY OF SUCH DAMAGE.
32
*/
33
/*
34
	pfSense_BUILDER_BINARIES:	/usr/bin/tar
35
	pfSense_MODULE:	firmware
36
*/
37

    
38
##|+PRIV
39
##|*IDENT=page-system-firmware-manualupdate
40
##|*NAME=System: Firmware: Manual Update page
41
##|*DESCR=Allow access to the 'System: Firmware: Manual Update' page.
42
##|*MATCH=system_firmware.php*
43
##|-PRIV
44

    
45
$d_isfwfile = 1;
46
$nocsrf = true;
47

    
48
require_once("globals.inc");
49
require_once("functions.inc");
50
require_once("guiconfig.inc");
51
require_once("xmlrpc_client.inc");
52

    
53
$curcfg = $config['system']['firmware'];
54

    
55
/* Allow additional execution time 0 = no limit. */
56
ini_set('max_execution_time', '9999');
57
ini_set('max_input_time', '9999');
58

    
59
function file_is_for_platform($filename, $ul_name) {
60
	global $g;
61
	if($g['platform'] == "nanobsd") {
62
		if(stristr($ul_name, "nanobsd"))
63
			return true;
64
		else
65
			return false;
66
	}
67
	$_gb = exec("/usr/bin/tar xzf $filename -C /tmp/ etc/platform");
68
	unset($_gb);
69
	if(!file_exists("/tmp/etc/platform"))
70
		return false;
71
	$upgrade_is_for_platform = trim(file_get_contents("/tmp/etc/platform", " \n\t\r"));
72
	if ($g['platform'] == $upgrade_is_for_platform) {
73
		@unlink("/tmp/etc/platform");
74
		return true;
75
	}
76
	return false;
77
}
78

    
79
function file_upload_error_message($error_code) {
80
	switch ($error_code) {
81
	case UPLOAD_ERR_INI_SIZE:
82
		return gettext('The uploaded file exceeds the upload_max_filesize directive in php.ini');
83
	case UPLOAD_ERR_FORM_SIZE:
84
		return gettext('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form');
85
	case UPLOAD_ERR_PARTIAL:
86
		return gettext('The uploaded file was only partially uploaded');
87
	case UPLOAD_ERR_NO_FILE:
88
		return gettext('No file was uploaded');
89
	case UPLOAD_ERR_NO_TMP_DIR:
90
		return gettext('Missing a temporary folder');
91
	case UPLOAD_ERR_CANT_WRITE:
92
		return gettext('Failed to write file to disk');
93
	case UPLOAD_ERR_EXTENSION:
94
		return gettext('File upload stopped by extension');
95
	default:
96
		return gettext('Unknown upload error');
97
	}
98
}
99

    
100
/* if upgrade in progress, alert user */
101
if(is_subsystem_dirty('firmwarelock')) {
102
	$pgtitle = array(gettext("System"),gettext("Firmware"),gettext("Manual Update"));
103
	include("head.inc");
104
	echo "<body link=\"#0000CC\" vlink=\"#0000CC\" alink=\"#0000CC\">\n";
105
	include("fbegin.inc");
106
	echo "<div>\n";
107
	print_info_box(gettext("An upgrade is currently in progress.<p>The firewall will reboot when the operation is complete.") . "</p><p><img src='/themes/{$g['theme']}/images/icons/icon_fw-update.gif' alt='update' /></p>");
108
	echo "</div>\n";
109
	include("fend.inc");
110
	echo "</body>";
111
	echo "</html>";
112
	exit;
113
}
114

    
115
if($_POST['backupbeforeupgrade'])
116
	touch("/tmp/perform_full_backup.txt");
117

    
118
/* Handle manual upgrade */
119
if ($_POST && !is_subsystem_dirty('firmwarelock')) {
120

    
121
	unset($input_errors);
122
	unset($sig_warning);
123

    
124
	if (stristr($_POST['Submit'], gettext("Enable")))
125
		$mode = "enable";
126
	else if (stristr($_POST['Submit'], gettext("Disable")))
127
		$mode = "disable";
128
	else if (stristr($_POST['Submit'], gettext("Upgrade")) || $_POST['sig_override'])
129
		$mode = "upgrade";
130
	else if ($_POST['sig_no']) {
131
		if(file_exists("{$g['upload_path']}/firmware.tgz"))
132
				unlink("{$g['upload_path']}/firmware.tgz");
133
	}
134
	if ($mode) {
135
		if ($mode == "enable") {
136
			conf_mount_rw();
137
			mark_subsystem_dirty('firmware');
138
		} else if ($mode == "disable") {
139
			conf_mount_ro();
140
			clear_subsystem_dirty('firmware');
141
		} else if ($mode == "upgrade") {
142
			if ($_FILES['ulfile']['error'])
143
				$errortext = "(" . file_upload_error_message($_FILES['ulfile']['error']) . ")";
144
			if (is_uploaded_file($_FILES['ulfile']['tmp_name'])) {
145
				/* verify firmware image(s) */
146
				if (file_is_for_platform($_FILES['ulfile']['tmp_name'], $_FILES['ulfile']['name']) == false && !$_POST['sig_override'])
147
					$input_errors[] = gettext("The uploaded image file is not for this platform.");
148
				else if (!file_exists($_FILES['ulfile']['tmp_name'])) {
149
					/* probably out of memory for the MFS */
150
					$input_errors[] = gettext("Image upload failed (out of memory?)");
151
					mwexec("/etc/rc.firmware disable");
152
					clear_subsystem_dirty('firmware');
153
				} else {
154
					/* move the image so PHP won't delete it */
155
					rename($_FILES['ulfile']['tmp_name'], "{$g['upload_path']}/firmware.tgz");
156

    
157
					/* check digital signature */
158
					$sigchk = verify_digital_signature("{$g['upload_path']}/firmware.tgz");
159

    
160
					if ($sigchk == 1)
161
						$sig_warning = gettext("The digital signature on this image is invalid.");
162
					else if ($sigchk == 2 && !isset($config['system']['firmware']['allowinvalidsig']))
163
						$sig_warning = gettext("This image is not digitally signed.");
164
					else if (($sigchk >= 3))
165
						$sig_warning = gettext("There has been an error verifying the signature on this image.");
166

    
167
					if (!verify_gzip_file("{$g['upload_path']}/firmware.tgz")) {
168
						$input_errors[] = gettext("The image file is corrupt.");
169
						unlink("{$g['upload_path']}/firmware.tgz");
170
					}
171
				}
172
			}
173

    
174
			run_plugins("/usr/local/pkg/firmware_upgrade");
175

    
176
			/* Check for input errors, firmware locks, warnings, then check for firmware if sig_override is set */
177
			if (!$input_errors && !is_subsystem_dirty('firmwarelock') && (!$sig_warning || $_POST['sig_override'])) {
178
				if (file_exists("{$g['upload_path']}/firmware.tgz")) {
179
					/* fire up the update script in the background */
180
					mark_subsystem_dirty('firmwarelock');
181
					$savemsg = gettext("The firmware is now being updated. The firewall will reboot automatically.");
182
					if (stristr($_FILES['ulfile']['name'],"nanobsd") or $_POST['isnano'] == "yes")
183
						mwexec_bg("/etc/rc.firmware pfSenseNanoBSDupgrade {$g['upload_path']}/firmware.tgz");
184
					else if(stristr($_FILES['ulfile']['name'],"bdiff"))
185
						mwexec_bg("/etc/rc.firmware delta_update {$g['upload_path']}/firmware.tgz");
186
					else  {
187
						if($g['platform'] == "nanobsd")
188
							$whichone = "pfSenseNanoBSDupgrade";
189
						else
190
							$whichone = "pfSenseupgrade";
191
						mwexec_bg("/etc/rc.firmware {$whichone} {$g['upload_path']}/firmware.tgz");
192
						unset($whichone);
193
					}
194
				} else
195
					$savemsg = sprintf(gettext("Firmware image missing or other error, please try again %s."),$errortext);
196
			}
197
		}
198
	}
199
}
200

    
201
$pgtitle = array(gettext("System"),gettext("Firmware"));
202
include("head.inc");
203

    
204
?>
205
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
206
<form action="system_firmware.php" method="post" enctype="multipart/form-data">
207
<?php
208
	/* Construct an upload_id for this session */
209
	if (!session_id())
210
		$upload_id = uniqid();
211
	else
212
		$upload_id = session_id();
213
?>
214
<input type="hidden" name="UPLOAD_IDENTIFIER" value="<?php echo $upload_id;?>" />
215
<?php include("fbegin.inc"); ?>
216
<?php if ($input_errors) print_input_errors($input_errors); ?>
217
<?php if ($savemsg) print_info_box($savemsg); ?>
218
<?php if ($fwinfo <> "") print_info_box($fwinfo); ?>
219
<?php if ($sig_warning && !$input_errors): ?>
220
<?php
221
	$sig_warning = "<strong>" . $sig_warning . "</strong><br />" . gettext("This means that the image you uploaded " .
222
		"is not an official/supported image and may lead to unexpected behavior or security " .
223
		"compromises. Only install images that come from sources that you trust, and make sure ".
224
		"that the image has not been tampered with.") . "<br /><br />".
225
		gettext("Do you want to install this image anyway (on your own risk)?");
226
print_info_box($sig_warning);
227
if(stristr($_FILES['ulfile']['name'],"nanobsd"))
228
	echo "<input type='hidden' name='isnano' id='isnano' value='yes' />\n";
229
?>
230
<input name="sig_override" type="submit" class="formbtn" id="sig_override" value=" <?=gettext("Yes");?> " />
231
<input name="sig_no" type="submit" class="formbtn" id="sig_no" value=" <?=gettext("No"); ?> " />
232
<?php else: ?>
233
<?php if (!is_subsystem_dirty('firmwarelock')): ?>
234
	<table width="100%" border="0" cellpadding="0" cellspacing="0" summary="firmware">
235
		<tr>
236
			<td>
237
<?php
238
	$tab_array = array();
239
	$tab_array[] = array(gettext("Manual Update"), true, "system_firmware.php");
240
	$tab_array[] = array(gettext("Auto Update"), false, "system_firmware_check.php");
241
	$tab_array[] = array(gettext("Updater Settings"), false, "system_firmware_settings.php");
242
	if($g['hidedownloadbackup'] == false)
243
		$tab_array[] = array(gettext("Restore Full Backup"), false, "system_firmware_restorefullbackup.php");
244
	display_top_tabs($tab_array);
245
?>
246
			</td>
247
		</tr>
248
		<tr>
249
			<td>
250
				<div id="mainarea">
251
					<table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0" summary="main area">
252
					<tr>
253
						<td colspan="2" class="listtopic"><?=gettext("Invoke") ." ". $g['product_name'] ." ".  gettext("Manual Upgrade"); ?></td>
254
					</tr>
255
					<tr>
256
						<td width="22%" valign="baseline" class="vncell">&nbsp;</td>
257
						<td width="78%" class="vtable">
258
						<?php if (!is_subsystem_dirty('rebootreq')): ?>
259
						<?php if (!is_subsystem_dirty('firmware')): ?>
260
						<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Enable firmware upload");?>" />
261
						<br />
262
							<?php printf(gettext('Click "Enable firmware upload" to begin.'),$g['firmware_update_text']);?>
263
						<br />
264
						<?php else: ?>
265
							<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Disable firmware upload");?>" />
266
					</td>
267
					</tr>
268
					<tr>
269
						<td width="22%" valign="baseline" class="vncell">&nbsp;</td>
270
						<td width="78%" class="vtable">
271
							<?php
272
								if ($g['platform'] == "nanobsd")
273
									$type = "*.img.gz";
274
								else
275
									$type = "*.tgz";
276
							?>
277
							<strong><?=gettext("Firmware image file ($type):");?> </strong>
278
							<input name="ulfile" type="file" class="formfld" />
279
							<br />
280
							<?php if ($g['hidebackupbeforeupgrade'] === false): ?>
281
							<input type="checkbox" name='backupbeforeupgrade' id='backupbeforeupgrade' /> <?=gettext("Perform full backup prior to upgrade");?>
282
							<br />
283
							<?php endif; ?>
284
							<input name="Submit" type="submit" class="formbtn" value="<?=gettext("Upgrade firmware");?>" />
285
							<?=gettext('Click "Upgrade firmware" to start the upgrade process.');?>
286
						<?php endif; else: ?>
287
							<strong><?=gettext("You must reboot the system before you can upgrade the firmware.");?></strong>
288
						<?php endif; ?>
289
				</td>
290
			</tr>
291
			<tr>
292
				<td width="22%" valign="top">&nbsp;</td>
293
				<td width="78%">
294
						<?php if (is_subsystem_dirty('firmware')): ?>
295
					<span class="vexpl">
296
						<span class="red">
297
							<strong>
298
								<?=gettext("Warning:");?><br />
299
							</strong>
300
						</span>
301
						<?=gettext("DO NOT abort the firmware upgrade once it " .
302
								"has started. The firewall will reboot automatically after " .
303
								"storing the new firmware. The configuration will be maintained.");?>
304
					</span>
305
						<?php endif; ?>
306
				</td></tr>
307
			</table>
308
		</div>
309
	</td></tr>
310
</table>
311

    
312
<?php endif; endif; ?>
313
<?php include("fend.inc"); ?>
314
</form>
315
</body>
316
</html>
(215-215/256)