[ previous ] [ next ] [ threads ]
 
 From:  Pierre Nast <pierre at coldev dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] backup old firmware
 Date:  Wed, 15 Jan 2014 20:55:41 +0100
Hi,


> oops, had meant to reply-all...
>

[ ... ]

>
> Note that I'm still using 1.33 :( ... since 1.34 the API for exec_raw.php
> has changed and the above won't work.  Perhaps someone with experience with
> 1.34 and curl can advise you.
>

You need to retrieve the __csrf_magic hidden field value in a first curl 
request, then provide that value in subsequent requests.
Like in the following script that retrieves the current configuration 
from a m0n0wall box :

#! /bin/bash

PROTO='http://'
if [ -x curl ]; then
	echo "You need curl to run this script!"
fi
if [ $# -lt 1 -o $# -gt 2 ]; then
	echo "usage: $0 <m0n0wall box's IP or hostname> [ssl]"
	echo "	ssl: if used, then curl will use https to access your box."
	exit 1
elif [ $# -eq 2 -a "$2" = "ssl" ]; then
	PROTO='https://'
fi
read -s -p "Enter admin password:" PASSWORD
CURL_OPTS="--basic --user admin:${PASSWORD} --insecure --stderr /dev/null"
IP="$1"
BACKUP_URL=${PROTO}${IP}/diag_backup.php
BACKUP_FILE="config-${IP}-$(date +%Y%m%d%H%M%S).xml"
echo -e "\nTrying to retrieve configuration from ${IP}..."
echo "Step 1 - Connecting to m0n0wall box to retrieve CSRF magic..."
CSRF=$(curl ${CURL_OPTS} ${BACKUP_URL} | \
grep '__csrf_magic' | \
sed "s#.*value=\"\(.*\)\".*#\1#")
if [ -z ${CSRF} ]; then
	echo "Failed!"
	exit 1
fi
echo "Done!"
echo "Step 2 - Downloading configuration from m0n0wall box..."
UPLOADED=$(curl ${CURL_OPTS} --referer ${BACKUP_URL} \
--form Submit=Download --form __csrf_magic=${CSRF} \
${BACKUP_URL} -o ${BACKUP_FILE}; echo $?)
if [ $UPLOADED -ne 0 ]; then
	echo "Failed!"
	exit 1
fi
echo "Done!"

-- 
Pierre Nast
[ pierre at coldev dot org ]