Backup script problem since pfSense 2.2.6
-
Hello,
Since pfSense 2.2.6 (CSRF), the backup script doesn't work. I use the new documentation : https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later
The first command witch generate csrf.txt seems OK :
$wget -O- --keep-session-cookies --save-cookies cookies.txt --no-check-certificate https://X.X.X.X/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt --2016-05-23 16:17:04-- https://X.X.X.X/diag_backup.php Connexion vers X.X.X.X... connecté. AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» : Récupération d'un certificat auto-signé. AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X». requête HTTP transmise, en attente de la réponse... 200 OK Taille : non spécifié [text/html] Enregistre : «STDOUT» [ <=> ] 3 976 --.-K/s ds 0s 2016-05-23 16:17:04 (105 MB/s) - envoi sur stdout [3976]
$ cat csrf.txt sid:40cd77611dd43035f2977d732de534802315ade1,1464013094;ip:c909354356740834bd7573ef85313f90883ef9e3,1464013094
The second command witch generate csrf2.txt returns 403 forbidden error :
$ wget -O- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data 'login=Login&usernamefld=XXXXX&passwordfld=XXXXX&__csrf_magic=$(cat csrf.txt)' https://X.X.X.X/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt --2016-05-24 15:18:58-- https://X.X.X.X/diag_backup.php Connexion vers X.X.X.X... connecté. AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» : Récupération d'un certificat auto-signé. AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X». requête HTTP transmise, en attente de la réponse... 403 Forbidden 2016-05-24 15:18:58 ERREUR 403: Forbidden.
$ cat csrf2.txt
I use wget 1.14 on Linux Mint 16.
Best regards,
Footman.
-
Hello,
I tried with a more recent version :
Debian 8.4.0
wget 1.16Unfortunately, I have the same problem…
Is this script functional for everybody ?
Best regards,
Footman.
-
Here is my version of a Backup-Script for pre-2.3 versions and post-2.3 versions
Hope this helps you.
#!/bin/bash die () { echo >&2 "$@" exit 1 } SOURCE="${BASH_SOURCE[0]}" while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" SOURCE="$(readlink "$SOURCE")" [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located done DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )" if [ -z "$6" ] then set -- "${@:1:5}" $DIR fi [ "$#" -eq 6 ] || die "6 arguments required, $# provided. parameters required are: IP PORT username password (1|2 for pre2.3 or post2.3) DIRECTORY" echo $2 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $2 provided" echo $3 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $3 provided" echo $4 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $4 provided" echo $5 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $5 provided" echo $(date +"%d.%m.%Y %H:%M:%S") $1 $2 $3 $4 $5 $6/$1 >> $6/logfile.txt mkdir -p $6/$1 if [ "$5" -eq "1" ] then #pre 2.3 wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml else #post 2.3 wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml fi rm -r $1-cookies.txt rm -r $1-csrf.txt rm -r $1-csrf2.txt
Example usage:
Pre 2.3 Version (1 at the end) ./pfbackup.sh IP PORT USERNAME PASSWORD 1
Post 2.3 Version (2 at the end) ./pfbackup.sh IP PORT USERNAME PASSWORD 2 -
Hello azekiel,
Thanks a lot ! I blocked on this problem for weeks and it was just a quote problem (' instead of ") ! I can see the difference with your script, witch worked well. :)
Best regards,
Footman.
-
This script has solved my similar problem reported in:
https://forum.pfsense.org/index.php?topic=114445.0
-
Script works for 2.4 also!