initial commit of file from CVS for smeserver-BackupPC on Sat Sep 7 20:10:07 AEST 2024

2024-09-07 20:10:07 +10:00
parent 2bf47720f7
commit 26a891845f
51 changed files with 2421 additions and 2 deletions
--- a/root/etc/e-smith/db/accounts/defaults/backuppc/type
+++ b/root/etc/e-smith/db/accounts/defaults/backuppc/type
@@ -0,0 +1 @@
+system
--- a/root/etc/e-smith/db/configuration/defaults/backuppc/examples
+++ b/root/etc/e-smith/db/configuration/defaults/backuppc/examples
@@ -0,0 +1 @@
+enabled
--- a/root/etc/e-smith/db/configuration/defaults/backuppc/status
+++ b/root/etc/e-smith/db/configuration/defaults/backuppc/status
@@ -0,0 +1 @@
+enabled
--- a/root/etc/e-smith/db/configuration/defaults/backuppc/sudo
+++ b/root/etc/e-smith/db/configuration/defaults/backuppc/sudo
@@ -0,0 +1 @@
+/usr/bin/rsync,/bin/gtar
--- a/root/etc/e-smith/db/configuration/defaults/backuppc/type
+++ b/root/etc/e-smith/db/configuration/defaults/backuppc/type
@@ -0,0 +1 @@
+service
--- a/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/TCPPort
+++ b/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/TCPPort
@@ -0,0 +1 @@
+950
--- a/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/status
+++ b/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/status
@@ -0,0 +1 @@
+enabled
--- a/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/type
+++ b/root/etc/e-smith/db/configuration/defaults/httpd-bkpc/type
@@ -0,0 +1 @@
+service
--- a/root/etc/e-smith/events/actions/backuppc-checkupgrade
+++ b/root/etc/e-smith/events/actions/backuppc-checkupgrade
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# We may need to update some configuration if we have upgraded from smeserver-backuppc.fws
+if [ -e /etc/BackupPC/config.pl ]; then
+
+	# The new URL for backuppc images is /BackupPC/images
+	sed -i 's|^\$Conf{CgiImageDirURL} .*|$Conf{CgiImageDirURL}     = "/BackupPC/images";|' /etc/BackupPC/config.pl
+
+	# Update paths
+	sed -i 's|/opt/backuppc/files|/var/lib/BackupPC|' /etc/BackupPC/config.pl
+	sed -i 's|/usr/local/BackupPC|/usr/share/BackupPC|' /etc/BackupPC/config.pl
+	sed -i 's|/opt/backuppc/cgi-bin|/usr/share/BackupPC/sbin|' /etc/BackupPC/config.pl
+	sed -i 's|/opt/backuppc/images|/usr/share/BackupPC/html|' /etc/BackupPC/config.pl
+
+	# Update the admin user and the user whi receives the alerts
+	sed -i "s|$Conf{CgiAdminUsers}     = '';|$Conf{CgiAdminUsers}     = 'admin';|" /etc/BackupPC/config.pl
+	sed -i "s|$Conf{EMailAdminUserName} = 'backuppc';|$Conf{EMailAdminUserName} = 'admin';|" /etc/BackupPC/config.pl
+
+	# Update the CgiURL
+	SystemName=$(/sbin/e-smith/db configuration get SystemName)
+	DomainName=$(/sbin/e-smith/db configuration get DomainName)
+	sed -i "s|$Conf{CgiURL} = 'http://localhost/.*|$Conf{CgiURL} = 'https://$SystemName.$DomainName/BackupPC';|" /etc/BackupPC/config.pl
+
+	# If par2 is not present, then put /bin/true in the config file to prevent an error
+	if [ ! -x /usr/local/bin/par2 ]; then
+		sed -i 's|^$Conf{ParPath} .*|$Conf{ParPath}     = "/bin/true";|' /etc/BackupPC/config.pl
+	fi
+fi
+
+
+
+# Same for localhost.pl, the default config in previous release
+if [ -e /etc/BackupPC/pc/localhost.pl ]; then
+		sed -i "s|$Conf{DumpPreUserCmd} = '/usr/bin/sudo /usr/local/BackupPC/bin/BackupPC_SME_pre-backup';|$Conf{DumpPreUserCmd} = '/usr/bin/sudo /usr/share/BackupPC/bin/BackupPC_SME_pre-backup';|" /etc/BackupPC/pc/localhost.pl
+fi
+
+# Add the example configs
+EX=$(/sbin/e-smith/db configuration getprop backuppc examples)
+if [ $EX == 'enabled' ]; then
+	if [ $(grep -c windows-template /etc/BackupPC/hosts) -lt 1 ]; then
+		echo "windows-template 0 admin" >> /etc/BackupPC/hosts
+	fi
+	if [ $(grep -c localserver-template /etc/BackupPC/hosts) -lt 1 ]; then
+		echo "localserver-template 0 admin" >> /etc/BackupPC/hosts
+	fi
+	if [ $(grep -c smeserver-template /etc/BackupPC/hosts) -lt 1 ]; then
+		echo "smeserver-template 0 admin" >> /etc/BackupPC/hosts
+	fi
+fi
+
+# Ensure permissions are ok
+chown -R backuppc:backuppc /etc/BackupPC/
+chown -R backuppc:backuppc /var/log/BackupPC/
+find /etc/BackupPC/ -type f -exec chmod 640 {} \;
+
--- a/root/etc/e-smith/events/actions/backuppc-genkey
+++ b/root/etc/e-smith/events/actions/backuppc-genkey
@@ -0,0 +1,33 @@
+#!/usr/bin/perl -w
+
+# Generate a keyfile for archives encryption
+
+my $keyfile = '/etc/BackupPC/archive.key';
+
+if (! -e $keyfile){
+    use MIME::Base64 qw(encode_base64);
+
+    my $key = "not set due to error";
+    if ( open( RANDOM, "/dev/urandom" ) ){   
+        my $buf;
+        # 57 bytes is a full line of Base64 coding, and contains
+        # 456 bits of randomness - given a perfectly random /dev/random
+        if ( read( RANDOM, $buf, 57 ) != 57 )
+        {   
+            warn("Short read from /dev/random: $!");
+        }
+        else
+        {   
+            $key = encode_base64($buf);
+            chomp $key;
+        }
+        close RANDOM;
+    }
+    else
+    {   
+        warn "Could not open /dev/urandom: $!";
+    }
+    open( KEYFILE, ">$keyfile") || warn "Could not open $keyfile: $!";
+    print KEYFILE $key;
+    close KEYFILE;
+}
--- a/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/01localAccessString
+++ b/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/01localAccessString
@@ -0,0 +1,23 @@
+{
+    #---------------------------------------------------------------------
+    # Grab ValidFrom access list property of httpd-admin
+    # SSL enabled virtual hosts should only allow access from IP's in
+    # this list, as well as local networks.
+    #---------------------------------------------------------------------
+    use esmith::NetworksDB;
+
+    my $ndb = esmith::NetworksDB->open_ro();
+
+    my @localAccess = $ndb->local_access_spec();
+    my $validFrom = ${'httpd-admin'}{'ValidFrom'};
+    if ($validFrom)
+    {   
+        push @localAccess, split /,/, $validFrom;
+    }
+    $localAccess .= join ' ',
+        map { s:/255.255.255.255::; $_ }
+            @localAccess;
+
+    "";
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/19AuthTKT
+++ b/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/19AuthTKT
@@ -0,0 +1,8 @@
+{
+    $OUT .= "LoadModule auth_tkt_module modules/mod_auth_tkt.so\n";
+
+    my $secret = ${'httpd-admin'}{TKTAuthSecret} || "34322500-7330-4400-423A-3A00434F5245";
+    $OUT .= "TKTAuthSecret \"$secret\"\n";
+    $OUT .= "TKTAuthDigestType SHA256\n";
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/20Modules
+++ b/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/20Modules
@@ -0,0 +1,153 @@
+{
+    my $port = ${'httpd-bkpc'}{TCPPort} || '950'; 
+    $OUT .= "Listen 127.0.0.1:$port\n";
+    
+    $OUT .= <<HERE;
+    
+HostnameLookups off
+    
+ServerAdmin admin@$DomainName
+ServerRoot /etc/httpd
+ServerTokens ProductOnly
+    
+User backuppc
+Group backuppc
+    
+ErrorLog /var/log/httpd/bkpc_error_log
+LogLevel warn
+HERE
+
+foreach (qw(
+    env
+    log_config
+    mime
+    negotiation
+    status
+    info
+    include
+    autoindex
+    dir
+    asis
+    imap
+    imagemap
+    actions
+    userdir
+    proxy
+    proxy_http
+    alias
+    rewrite
+    access
+    authz_host
+    authz_user
+    auth
+    auth_anon
+    auth_digest
+    expires
+    headers
+    usertrack
+    setenvif
+    ssl
+    cgi
+    mpm_prefork
+    unixd
+    access_compat
+    authn_core
+    authz_core
+    ))
+{
+    next unless -f "/usr/lib/httpd/modules/mod_${_}.so" ||
+                -f "/usr/lib64/httpd/modules/mod_${_}.so";
+    $OUT .= "LoadModule ${_}_module modules/mod_${_}.so\n";
+}
+
+$OUT .=<<"HERE";
+
+PidFile /var/run/httpd-bkpc.pid
+ScoreBoardFile /var/run/httpd-bkpc.scoreboard
+UseCanonicalName off
+LogFormat "%h %l %u %t \\"%r\\" %>s %b" common
+LogFormat "%{User-agent}i" agent
+
+CustomLog /var/log/httpd/bkpc_access_log common
+
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 15
+
+MaxClients 150
+MaxRequestsPerChild 100
+
+ServerName www.$DomainName
+
+MinSpareServers 1
+MaxSpareServers 5
+StartServers 1
+Timeout 300
+
+DefaultIcon /icons/unknown.gif
+DirectoryIndex index.htm index.html index.php index.cgi
+IndexOptions FancyIndexing VersionSort NameWidth=*
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+AccessFileName .htaccess
+
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+TypesConfig /etc/mime.types
+
+AddEncoding x-compress Z
+AddEncoding x-gzip gz
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+AddLanguage en .en
+AddLanguage fr .fr
+AddLanguage de .de
+AddLanguage da .da
+AddLanguage el .el
+AddLanguage it .it
+
+LanguagePriority en fr de
+
+AddType text/html .shtml
+AddType application/x-pkcs7-crl    .crl
+
+AddType application/x-x509-ca-cert .crt
+
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+AddHandler cgi-script .cgi
+AddHandler server-parsed .shtml
+AddHandler imap-file map
+
+DocumentRoot         /usr/share/BackupPC/html
+
+HERE
+}
+
--- a/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/85DefaultAccess
+++ b/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/85DefaultAccess
@@ -0,0 +1,11 @@
+
+# First, we configure the "default" to be a very restrictive set of 
+# permissions.  
+
+<Directory />
+    Options None
+    AllowOverride None
+    Require all denied
+</Directory>
+
+
--- a/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/90BackupPC
+++ b/root/etc/e-smith/templates/etc/httpd/bkpc-conf/httpd.conf/90BackupPC
@@ -0,0 +1,31 @@
+
+Alias           /BackupPC/images        /usr/share/BackupPC/html/
+ScriptAlias     /BackupPC               /usr/share/BackupPC/sbin/BackupPC_Admin
+
+<Directory /usr/share/BackupPC/html/>
+    Options None
+    AllowOverride None
+    Require ip 127.0.0.1
+</Directory>
+
+<Directory /usr/share/BackupPC/sbin/>
+        Options ExecCGI
+        AllowOverride None
+        AuthName "BackupPC"
+		AuthType Basic
+        TKTAuthLoginURL /server-common/cgi-bin/login
+{
+        my $ManagerTimeout = ${'httpd-admin'}{ManagerTimeout} || "30m";
+        $OUT = "    TKTAuthTimeout $ManagerTimeout\n";
+        my $Cookie = ${'httpd-admin'}{Cookie} || "disabled";
+        $OUT .= "    TKTAuthCookieExpires $ManagerTimeout\n" if "$Cookie" eq "enabled";
+        my $ManagerTimeoutReset = ${'httpd-admin'}{ManagerTimeoutReset} || "0.66";
+        $OUT .= "    TKTAuthTimeoutRefresh $ManagerTimeoutReset\n";
+}
+	<RequireAll>
+	    Require valid-user
+	    Require ip 127.0.0.1
+        </RequireAll>
+</Directory>
+
+
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28BackupPCProxyPass
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/28BackupPCProxyPass
@@ -0,0 +1,29 @@
+{
+    # vim: ft=perl:
+
+    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
+
+    $OUT = '';
+    if ((${'backuppc'}{'status'} || 'disabled') eq 'enabled' &&
+        (${'httpd-bkpc'}{'status'} || 'disabled') eq 'enabled'){
+
+		$OUT .= "    RewriteRule ^/backuppc(/.*|\$)    https://%{HTTP_HOST}/BackupPC\$1 [L,R]\n";
+
+        if (($port eq "80") && ($haveSSL eq 'yes')){
+            $OUT .= "    RewriteRule ^/BackupPC(/.*|\$)    https://%{HTTP_HOST}/BackupPC\$1 [L,R]\n";
+        }
+        else{
+            $OUT .= "    ProxyPass /BackupPC http://127.0.0.1:${'httpd-bkpc'}{TCPPort}/BackupPC\n";
+            $OUT .= "    ProxyPassReverse /BackupPC http://127.0.0.1:${'httpd-bkpc'}{TCPPort}/BackupPC\n";
+        }
+
+        $OUT .=<<"HERE";
+
+    <Location /BackupPC>
+        SSLRequireSSL on
+        Require ip $localAccess $externalSSLAccess
+    </Location>
+
+HERE
+    }
+}
--- a/root/etc/e-smith/templates/etc/sudoers/00BackupPCAlias
+++ b/root/etc/e-smith/templates/etc/sudoers/00BackupPCAlias
@@ -0,0 +1,7 @@
+{
+$OUT .= "Cmnd_Alias      BACKUPPC_CMD = /usr/share/BackupPC/bin/BackupPC_SME_pre-backup, /etc/rc.d/init.d/backuppc *";
+foreach( split( /[;,]/,( $backuppc{'sudo'} || '' ) ) ){
+    $OUT .= ", $_";
+}
+}
+
--- a/root/etc/e-smith/templates/etc/sudoers/20BackupPC
+++ b/root/etc/e-smith/templates/etc/sudoers/20BackupPC
@@ -0,0 +1 @@
+backuppc ALL=(root) NOPASSWD: BACKUPPC_CMD
--- a/root/etc/e-smith/templates/etc/updatedb.conf/05BackupPC
+++ b/root/etc/e-smith/templates/etc/updatedb.conf/05BackupPC
@@ -0,0 +1,4 @@
+{
+  $PRUNEPATHS .= " /var/lib/BackupPC ";
+  $OUT ="";
+}
--- a/root/etc/e-smith/web/functions/backuppc
+++ b/root/etc/e-smith/web/functions/backuppc
@@ -0,0 +1,32 @@
+#!/usr/bin/perl
+#----------------------------------------------------------------------
+# heading     : Administration
+# description : BackupPC
+# navigation  : 4000 4200
+#----------------------------------------------------------------------
+
+use strict;
+use CGI':all';
+use CGI::Carp qw(fatalsToBrowser);
+
+
+BEGIN
+{
+    $ENV {'PATH'} = '/bin:/usr/bin:/sbin';
+    $ENV {'SHELL'} = '/bin/bash';
+    delete $ENV {'ENV'};
+}
+
+
+my $q = new CGI;
+my $content="0; url=https://".$ENV {'HTTP_X_FORWARDED_HOST'}."/BackupPC";
+$q->default_dtd('-//W3C//DTD XHTML 1.0 Transitional//EN');
+
+print $q->header ('text/html');
+print $q->start_html (-head=>meta({-http_equiv=>'refresh', -content=>$content}));
+
+
+
+print $q->end_html;
+
+