#!/usr/bin/perl # # web interface of the CryptoBox # ############################################### use strict; use CGI; use ClearSilver; use ConfigFile; my ($pagedata, $pagename); my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR); my ($CB_SCRIPT, $LOG_FILE, $IS_DEV); my $config = ConfigFile::read_config_file('/etc/cryptobox/cryptobox.conf'); $CB_SCRIPT = $config->{CB_SCRIPT}; $LOG_FILE = $config->{LOG_FILE}; $LANGUAGE_DIR = $config->{LANGUAGE_DIR}; $DEFAULT_LANGUAGE = $config->{LANGUAGE}; $HTML_TEMPLATE_DIR = $config->{HTML_TEMPLATE_DIR}; $DOC_DIR = $config->{DOC_DIR}; $IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT}); my $query = new CGI; #################### subs ###################### sub load_hdf { my $hdf = ClearSilver::HDF->new(); my $fname = "$HTML_TEMPLATE_DIR/main.cs"; die ("Template directory is invalid ($fname not found)!") unless (-e "$fname"); $hdf->setValue("Settings.TemplateDir","$HTML_TEMPLATE_DIR"); die ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR"); $hdf->setValue("Settings.DocDir","$DOC_DIR"); # if it was requested as directory index (link from index.html), we should # set a real script name - otherwise links with a query string will break # ignore POST part of the SCRIPT_NAME (after "&") (my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/; $hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url ); &load_selected_language($hdf); &get_available_languages($hdf); return $hdf; } sub load_selected_language { my $data = shift; my $config_language; # load $DEFAULT_LANGUAGE - this is necessary, if a translation is incomplete $data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf"); # load configured language, if it is valid $config_language = `$CB_SCRIPT get_config language`; $config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language")); ######### temporary language setting? ############ # the default language can be overriden by the language links in the # upper right of the page if ($query->param('weblang')) { my $weblang = $query->param('weblang'); if (&validate_language($weblang)) { # load the data $config_language = "$weblang"; # add the setting to every link $data->setValue('Data.PostData.weblang', "$weblang"); } else { $data->setValue('Data.Warning', 'InvalidLanguage'); } } # import the configured resp. the temporarily selected language $data->readFile("$LANGUAGE_DIR/$config_language" . ".hdf"); ########## select documentation language ########## if (&validate_doc_language($config_language)) { # selected web interface language $data->setValue('Settings.DocLang', "$config_language"); } elsif (&validate_doc_language($DEFAULT_LANGUAGE)) { # configured CryptoBox language $data->setValue('Settings.DocLang', "$DEFAULT_LANGUAGE"); } else { # default hardcoded language (english) $data->setValue('Settings.DocLang', "en"); } } sub get_available_languages # import the names of all available languages { my $data = shift; my ($file, @files, $hdf, $lang_name); opendir(DIR, $LANGUAGE_DIR) or die ("Language directory ($LANGUAGE_DIR) not accessible!"); @files = sort grep { /.*\.hdf$/ } readdir(DIR); close(DIR); foreach $file (@files) { $hdf = ClearSilver::HDF->new(); $hdf->readFile("$LANGUAGE_DIR/$file"); substr($file, -4) = ""; $lang_name = $hdf->getValue("Lang.Name", "$file"); $data->setValue("Data.Languages." . "$file", "$lang_name"); } } sub log_msg { my $text = shift; open(LOGFILE,">> $LOG_FILE"); print LOGFILE "$text"; close(LOGFILE); } sub check_ssl { # BEWARE: dirty trick - is there a better way? # stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with # its own IP (localhost, of course) return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1'); } sub check_mounted { return (system("$CB_SCRIPT","is_crypto_mounted") == 0); } sub check_config { return (system("$CB_SCRIPT","is_config_mounted") == 0); } sub check_init_running { return (system("$CB_SCRIPT","is_init_running") == 0); } sub is_harddisk_available { return (system("$CB_SCRIPT","is_harddisk_available") == 0); } sub get_current_ip # the IP of eth0 - not the configured value of the box (only for validation) { return `$CB_SCRIPT get_current_ip`; } sub get_admin_pw # returns the current administration password - empty, if it is not used { return `$CB_SCRIPT get_config admin_pw`; } sub render { $pagedata->setValue("PageName","$pagename"); my $pagefile = "$HTML_TEMPLATE_DIR/main.cs"; print "Content-Type: text/html\n\n"; my $cs = ClearSilver::CS->new($pagedata); $cs->parseFile($pagefile); print $cs->render(); } sub mount_vol { my $pw = shift; if (&check_mounted) { $pagedata->setValue('Data.Warning', 'IsMounted'); } else { open(PW_INPUT, "| $CB_SCRIPT crypto-up"); print PW_INPUT $pw; close(PW_INPUT); } } sub umount_vol { if (&check_mounted) { system("$CB_SCRIPT", "crypto-down"); } else { $pagedata->setValue('Data.Warning', 'NotMounted'); } } sub box_init { my ($crypto_pw, $admin_pw) = @_; # partitioning, config and initial cryptsetup open(PW_INPUT, "|$CB_SCRIPT box-init-fg"); print PW_INPUT $crypto_pw; close(PW_INPUT); # set administration password system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw"); # wipe and mkfs takes some time - it will be done in the background system("$CB_SCRIPT", "box-init-bg"); } sub system_poweroff { &umount_vol() if (&check_mounted()); system("$CB_SCRIPT", "poweroff"); } sub system_reboot { &umount_vol() if (&check_mounted()); system("$CB_SCRIPT", "reboot"); } sub validate_ip { my $ip = shift; my @octets = split /\./, $ip; return 0 if ($#octets == 4); # check for values and non-digits return 0 if ((@octets[0] <= 0) || (@octets[0] >= 255) || (@octets[0] =~ /\D/)); return 0 if ((@octets[1] < 0) || (@octets[1] >= 255) || (@octets[1] =~ /\D/)); return 0 if ((@octets[2] < 0) || (@octets[2] >= 255) || (@octets[2] =~ /\D/)); return 0 if ((@octets[3] <= 0) || (@octets[3] >= 255) || (@octets[3] =~ /\D/)); return 1; } sub validate_timeout { my $timeout = shift; return 0 if ($timeout =~ /\D/); return 1; } # check for a valid interface language sub validate_language { my $language = shift; # check for non-alphanumeric character return 0 if ($language =~ /\W/); return 0 if ($language eq ""); return 0 if ( ! -e "$LANGUAGE_DIR/$language" . '.hdf'); return 1; } # check for a valid documentation language sub validate_doc_language { my $language = shift; # check for non-alphanumeric character return 0 if ($language =~ /\W/); return 0 if ($language eq ""); return 0 if ( ! -e "$DOC_DIR/$language"); return 1; } ################### main ######################### $pagedata = load_hdf(); # first: check for ssl! if ( ! &check_ssl()) { $pagedata->setValue('Data.Error', 'NoSSL'); $pagedata->setValue('Data.Redirect.URL', "https://" . $ENV{'HTTP_HOST'} . $ENV{'SCRIPT_NAME'}); $pagedata->setValue('Data.Redirect.Delay', "3"); } elsif ( ! &is_harddisk_available()) { $pagedata->setValue('Data.Error', 'NoHardDisk'); } elsif ($query->param('action')) { my $action = $query->param('action'); ################ umount_do ####################### if ($action eq 'umount_do') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'config_form'); $pagedata->setValue('Data.Redirect.Delay', "30"); } elsif ( ! &check_mounted()) { $pagedata->setValue('Data.Warning', 'NotMounted'); $pagedata->setValue('Data.Action', 'empty'); } else { # unmounten &umount_vol(); if (&check_mounted()) { $pagedata->setValue('Data.Warning', 'UmountFailed'); $pagedata->setValue('Data.Action', 'umount_form'); } else { $pagedata->setValue('Data.Success', 'UmountDone'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } } ################ mount_do ######################## } elsif ($action eq 'mount_do') { # mount requested if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'config_form'); $pagedata->setValue('Data.Redirect.Delay', "30"); } elsif (&check_mounted()) { $pagedata->setValue('Data.Warning', 'IsMounted'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } elsif ($query->param('crypto_password') eq '') { # leeres Passwort $pagedata->setValue('Data.Warning', 'EmptyCryptoPassword'); $pagedata->setValue('Data.Action', 'mount_form'); } else { # mounten &mount_vol($query->param('crypto_password')); if (!&check_mounted()) { $pagedata->setValue('Data.Warning', 'MountFailed'); $pagedata->setValue('Data.Action', 'mount_form'); } else { $pagedata->setValue('Data.Success', 'MountDone'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } } ################## mount_ask ####################### } elsif ($action eq 'mount_ask') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'config_form'); $pagedata->setValue('Data.Redirect.Delay', "30"); } elsif (&check_mounted()) { $pagedata->setValue('Data.Warning', 'IsMounted'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } else { $pagedata->setValue('Data.Action', 'mount_form'); } ################# umount_ask ######################## } elsif ($action eq 'umount_ask') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ( ! &check_mounted()) { $pagedata->setValue('Data.Warning', 'NotMounted'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } else { $pagedata->setValue('Data.Action', 'umount_form'); } ################## init_ask ######################### } elsif ($action eq 'init_ask') { if (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'config_form'); } elsif (&check_config()) { $pagedata->setValue('Data.Warning', 'AlreadyConfigured'); $pagedata->setValue('Data.Action', 'init_form'); } else { $pagedata->setValue('Data.Action', 'init_form'); } #################### init_do ######################## } elsif ($action eq 'init_do') { my $current_admin_pw = &get_admin_pw; if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) { $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ($query->param('admin_password') ne $query->param('admin_password2')) { # different admin-passwords $pagedata->setValue('Data.Warning', 'DifferentAdminPasswords'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) { # different crypto-passwords $pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ($query->param('crypto_password') eq '') { # empty password $pagedata->setValue('Data.Warning', 'EmptyCryptoPassword'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) { # wrong confirm string $pagedata->setValue('Data.Warning', 'InitNotConfirmed'); $pagedata->setValue('Data.Action', 'init_form'); } else { # do init &box_init($query->param('crypto_password'),$query->param('admin_password')); if (!&check_init_running()) { $pagedata->setValue('Data.Error', 'InitFailed'); } else { $pagedata->setValue('Data.Success', 'InitRunning'); $pagedata->setValue('Data.Action', 'config_form'); } } #################### config_ask ###################### } elsif ($action eq 'config_ask') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } else { $pagedata->setValue('Data.Action', 'config_form'); } #################### config_do ####################### } elsif ($action eq 'config_do') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } else { my $current_admin_pw = &get_admin_pw; if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) { $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); $pagedata->setValue('Data.Action', 'config_form'); } elsif ( ! &validate_language($query->param('language'))) { $pagedata->setValue('Data.Warning', 'InvalidLanguage'); $pagedata->setValue('Data.Action', 'config_form'); } elsif ( ! &validate_ip($query->param('ip'))) { $pagedata->setValue('Data.Warning', 'InvalidIP'); $pagedata->setValue('Data.Action', 'config_form'); } elsif ( ! &validate_timeout($query->param('timeout'))) { $pagedata->setValue('Data.Warning', 'InvalidTimeOut'); $pagedata->setValue('Data.Action', 'config_form'); } else { system("$CB_SCRIPT", "set_config", "language", $query->param('language')); &load_selected_language($pagedata); system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout')); # check, if the ip was reconfigured if ($query->param('ip') ne `$CB_SCRIPT get_config ip`) { # set the new value system("$CB_SCRIPT", "set_config", "ip", $query->param('ip')); # reconfigure the network interface system("$CB_SCRIPT", "update_ip_address"); # redirect to the new address $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'}); $pagedata->setValue('Data.Redirect.Delay', "5"); # display a warning for the redirection $pagedata->setValue('Data.Warning', 'IPAddressChanged'); } # check for success if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) { $pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed'); } elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) { $pagedata->setValue('Data.Warning', 'ConfigIPFailed'); } elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) { $pagedata->setValue('Data.Warning', 'ConfigLanguageFailed'); } else { $pagedata->setValue('Data.Success', 'ConfigSaved'); } $pagedata->setValue('Data.Action', 'status'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "30"); } } #################### show_log ####################### } elsif ($action eq 'show_log') { $pagedata->setValue('Data.Action', 'show_log'); ##################### doc ############################ } elsif ($action eq 'doc') { if ($query->param('page')) { $pagedata->setValue('Data.Doc.Page', $query->param('page')); $pagedata->setValue('Data.Action', 'doc'); } else { $pagedata->setValue('Data.Doc.Page', 'CryptoBoxUser'); $pagedata->setValue('Data.Action', 'doc'); } ##################### poweroff ###################### } elsif ($action eq 'shutdown_ask') { $pagedata->setValue('Data.Action', 'shutdown_form'); ##################### reboot ######################## } elsif ($action eq 'shutdown_do') { if ($query->param('type') eq 'reboot') { &system_reboot(); $pagedata->setValue('Data.Success', 'ReBoot'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "180"); } else { &system_poweroff(); $pagedata->setValue('Data.Success', 'PowerOff'); } $pagedata->setValue('Data.Action', 'empty'); #################### status ######################### } elsif ($action eq 'status') { if ( ! &check_config()) { $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'config_form'); $pagedata->setValue('Data.Redirect.Delay', "30"); } else { $pagedata->setValue('Data.Action', 'status'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "60"); } ################### unknown ######################### } else { $pagedata->setValue('Data.Error', 'UnknownAction'); } ###################### default ########################## } else { if (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); $pagedata->setValue('Data.Action', 'empty'); $pagedata->setValue('Data.Redirect.Action', 'config_form'); $pagedata->setValue('Data.Redirect.Delay', "60"); } elsif (&check_config()) { $pagedata->setValue('Data.Action', 'status'); $pagedata->setValue('Data.Redirect.Action', 'status'); $pagedata->setValue('Data.Redirect.Delay', "60"); } else { $pagedata->setValue('Data.Action', 'init_form'); } } # check state of the cryptobox $pagedata->setValue('Data.Status.Config', &check_config() ? 1 : 0); $pagedata->setValue('Data.Status.InitRunning', &check_init_running() ? 1 : 0); $pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0); my $output = &get_current_ip(); $pagedata->setValue('Data.Status.IP', "$output"); $output = &get_admin_pw(); $pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne ''); $output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#
#'`; $pagedata->setValue('Data.PartitionInfo',"$output"); # preset config settings for clearsilver $pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`); $pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`); $pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`); # read log and add html linebreaks $output = ''; if (-e "$LOG_FILE") { open(LOGFILE, "< $LOG_FILE"); while () { $output .= "$_
" } close(LOGFILE); } $pagedata->setValue('Data.Log',"$output"); $pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEV); # save QUERY_STRING (e.g. for weblang-links) my $querystring = $ENV{'QUERY_STRING'}; # remove weblang setting $querystring =~ s/weblang=\w\w&?//; $pagedata->setValue('Data.QueryString', "$querystring") if ($querystring ne ''); &render(); exit 0;