Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Backup script problem since pfSense 2.2.6

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      footman
      last edited by

      Hello,

      Since pfSense 2.2.6 (CSRF), the backup script doesn't work. I use the new documentation : https://doc.pfsense.org/index.php/Remote_Config_Backup#2.2.6_and_Later

      The first command witch generate csrf.txt seems OK :

      $wget -O- --keep-session-cookies --save-cookies cookies.txt   --no-check-certificate https://X.X.X.X/diag_backup.php   | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
      --2016-05-23 16:17:04--  https://X.X.X.X/diag_backup.php
      Connexion vers X.X.X.X... connecté.
      AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» :
        Récupération d'un certificat auto-signé.
          AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X».
      requête HTTP transmise, en attente de la réponse... 200 OK
      Taille : non spécifié [text/html]
      Enregistre : «STDOUT»
      
          [ <=>                                                                                                                ] 3 976       --.-K/s   ds 0s      
      
      2016-05-23 16:17:04 (105 MB/s) - envoi sur stdout [3976]
      
      $ cat csrf.txt 
      sid:40cd77611dd43035f2977d732de534802315ade1,1464013094;ip:c909354356740834bd7573ef85313f90883ef9e3,1464013094
      

      The second command witch generate csrf2.txt returns 403 forbidden error :

      $ wget -O- --keep-session-cookies --load-cookies cookies.txt --save-cookies cookies.txt --no-check-certificate --post-data 'login=Login&usernamefld=XXXXX&passwordfld=XXXXX&__csrf_magic=$(cat csrf.txt)' https://X.X.X.X/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
      --2016-05-24 15:18:58--  https://X.X.X.X/diag_backup.php
      Connexion vers X.X.X.X... connecté.
      AVERTISSEMENT : impossible de vérifier l'attribut X.X.X.X du certificat, émis par «/C=US/ST=Somewhere/L=Somecity/O=CompanyName/OU=Organizational Unit Name (eg, section)/CN=Common Name (eg, YOUR name)/emailAddress=Email Address» :
        Récupération d'un certificat auto-signé.
          AVERTISSEMENT : le nom commun du certificat «Common Name (eg, YOUR name)» ne concorde pas avec le nom de l'hôte demandé «X.X.X.X».
      requête HTTP transmise, en attente de la réponse... 403 Forbidden
      2016-05-24 15:18:58 ERREUR 403: Forbidden.
      
      $ cat csrf2.txt
      

      I use wget 1.14 on Linux Mint 16.

      Best regards,

      Footman.

      1 Reply Last reply Reply Quote 0
      • F
        footman
        last edited by

        Hello,

        I tried with a more recent version :

        Debian 8.4.0
        wget 1.16

        Unfortunately, I have the same problem…

        Is this script functional for everybody ?

        Best regards,

        Footman.

        1 Reply Last reply Reply Quote 0
        • A
          azekiel
          last edited by

          Here is my version of a Backup-Script for pre-2.3 versions and post-2.3 versions

          Hope this helps you.

          
          #!/bin/bash
          die () {
              echo >&2 "$@"
              exit 1
          }
          
          SOURCE="${BASH_SOURCE[0]}"
          while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
            DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
            SOURCE="$(readlink "$SOURCE")"
            [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
          done
          DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
          
          if [ -z "$6" ] 
          then
          set -- "${@:1:5}" $DIR
          fi
          [ "$#" -eq 6 ] || die "6 arguments required, $# provided. parameters required are: IP PORT username password (1|2 for pre2.3 or post2.3) DIRECTORY"
          echo $2 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $2 provided"
          echo $3 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $3 provided"
          echo $4 | grep -E -q '^[a-zA-Z]+$' || die "Numeric argument required, $4 provided"
          echo $5 | grep -E -q '^[0-9]+$' || die "Numeric argument required, $5 provided"
          echo $(date +"%d.%m.%Y %H:%M:%S") $1 $2 $3 $4 $5 $6/$1 >> $6/logfile.txt
          
          mkdir -p $6/$1
          
          if [ "$5" -eq "1" ] 
          then
          #pre 2.3
          wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt 
          wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt
          wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(cat $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml
          else
          #post 2.3
          wget -qO- --keep-session-cookies --save-cookies $1-cookies.txt --no-check-certificate https://$1:$2/diag_backup.php | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf.txt
          wget -qO- --keep-session-cookies --load-cookies $1-cookies.txt --save-cookies $1-cookies.txt --no-check-certificate --post-data "login=Login&usernamefld=$3&passwordfld=$4&__csrf_magic=$(cat $1-csrf.txt)" https://$1:$2/diag_backup.php  | grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > $1-csrf2.txt
          wget -q --keep-session-cookies --load-cookies $1-cookies.txt --no-check-certificate --post-data "Submit=download&donotbackuprrd=yes&__csrf_magic=$(head -n 1 $1-csrf2.txt)" https://$1:$2/diag_backup.php -O $6/$1/`date +%Y%m%d%H%M%S`.xml
          fi
          rm -r $1-cookies.txt
          rm -r $1-csrf.txt
          rm -r $1-csrf2.txt
          
          

          Example usage:

          Pre 2.3 Version (1 at the end)  ./pfbackup.sh IP PORT USERNAME PASSWORD 1 
          Post 2.3 Version (2 at the end)  ./pfbackup.sh IP PORT USERNAME PASSWORD 2

          1 Reply Last reply Reply Quote 0
          • F
            footman
            last edited by

            Hello azekiel,

            Thanks a lot ! I blocked on this problem for weeks and it was just a quote problem (' instead of ") ! I can see the difference with your script, witch worked well. :)

            Best regards,

            Footman.

            1 Reply Last reply Reply Quote 0
            • I
              it-marmalade
              last edited by

              This script has solved my similar problem reported in:

              https://forum.pfsense.org/index.php?topic=114445.0

              1 Reply Last reply Reply Quote 0
              • A
                azekiel
                last edited by

                Script works for 2.4 also!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.