diff --git a/pythonrewrite/bin2/CryptoBox.py b/pythonrewrite/bin2/CryptoBox.py index 9f30c52..32ae799 100644 --- a/pythonrewrite/bin2/CryptoBox.py +++ b/pythonrewrite/bin2/CryptoBox.py @@ -1,6 +1,6 @@ #!/usr/bin/env python ''' -This is a secure fileserver with encrypted filesystem and webinterface. +This is the web interface for a fileserver managing encrypted filesystems. It was originally written in bash/perl. Now a complete rewrite is in progress. So things might be confusing here. Hopefully not for long. @@ -9,71 +9,80 @@ progress. So things might be confusing here. Hopefully not for long. import CryptoBoxLogger import CryptoBoxContainer -import CryptoBoxPreferences +import configobj # to read and write the config file import re import os +import sys +import types + + +CONF_LOCATIONS = [ + "./cryptobox.conf", + "~/.cryptobox.conf", + "/etc/cryptobox/cryptobox.conf"] -CONFIG_FILE = "cbx.conf" class CryptoBoxProps: '''Get and set the properties of a CryptoBox - This class returns the available _and_ allowed devices, which will - be used further. + This class contains all available devices that may be accessed. + All properties of the cryptobox can be accessed by this class. ''' - def __init__(self): + def __init__(self, conf_file=None): '''read config and fill class variables''' - print CONFIG_FILE - self.cbxPrefs = CryptoBoxPreferences.Preferences(CONFIG_FILE) + if os.geteuid() != 0: + sys.stderr.write("You need to be root to run this program!\n") + sys.exit(1) + if conf_file == None: + for f in CONF_LOCATIONS: + if os.path.exists(os.path.expanduser(f)): + conf_file = os.path.expanduser(f) + break + else: + sys.stderr.write("Could not find a configuration file. I give up.\n") + sys.exit(1) + try: + self.cbxPrefs = configobj.ConfigObj(conf_file) + except SyntaxError: + sys.stderr.write("Error during parsing of configuration file (%s).\n" % (conf_file, )) + sys.exit(1) + try: + nameDB_file = os.path.join( + self.cbxPrefs["Main"]["DataDir"], + self.cbxPrefs["Main"]["NameDatabase"]) + if os.path.exists(nameDB_file): + self.nameDB = configobj.ConfigObj(nameDB_file, create_empty=True) + else: + self.nameDB = configobj.ConfigObj(nameDB_file) + except SyntaxError: + sys.stderr.write("Error during parsing of name database file (%s).\n" % (nameDB_file, )) + sys.exit(1) + self.__cboxUID = int(self.cbxPrefs["System"]["User"]) self.debug = CryptoBoxLogger.CryptoBoxLogger( - self.cbxPrefs["debuglevel"], - self.cbxPrefs["debugfacility"], - self.cbxPrefs["logfile"] ) - "TODO: move this to config file" - self.config = {} - self.config["ContainerNameDatabase"] = { - "4edc83f1-9ecd-4182-820f-b7815725a957":"Alpha", - "7dee9ef8-d69a-400b-8b74-33d828d8bea6":"Beta"} + self.cbxPrefs["Log"]["Level"], + self.cbxPrefs["Log"]["Facility"], + self.cbxPrefs["Log"]["Destination"], + self.__cboxUID) + self.dropPrivileges() + self.debugMessage = self.debug.printMessage self.containers = [] for device in self.__getAvailablePartitions(): if self.isDeviceAllowed(device): - self.containers.append(CryptoBoxContainer.CryptoBoxContainer(device, self, self.debug)) - - - def debugMessage(self, level, text): - "print a debug message to the previously choosen debugging facility" - self.debug.printMessage(level,text) + self.containers.append(CryptoBoxContainer.CryptoBoxContainer(device, self)) def isDeviceAllowed(self, devicename): "check if a device is white-listed for being used as cryptobox containers" "TODO: broken!" - for a_dev in self.cbxPrefs["allowed_devices"]: + allowed = self.cbxPrefs["Main"]["AllowedDevices"] + if type(allowed) == types.StringType: allowed = [allowed] + for a_dev in allowed: if a_dev and re.search('^' + a_dev, devicename): return True return False - def getConfigValue(self, name): - "returns the value of a config setting" - try: - "TODO: return copy instead of original" - return self.cbxPrefs[name] - except KeyError: - return None - - - def setConfigValue(self, name, value): - "set the value of a config setting" - if not name: return False - try: - self.cbxPrefs[name] = value - except AttributeError: - self.cbxPrefs = {} - self.cbxPrefs[name] = value - - def getContainerList(self, filterType=None, filterName=None): "retrieve the list of all containers of this cryptobox" try: @@ -83,8 +92,7 @@ class CryptoBoxProps: return [e for e in self.containers if e.getType() == filterType] else: self.logger.debugMessage( - CryptoBoxLogger.DebugLevels["info"], - "invalid filterType (%d)" % filterType) + "info", "invalid filterType (%d)" % filterType) result.clear() if filterName != None: result = [e for e in self.containers if e.getName() == filterName] @@ -97,14 +105,15 @@ class CryptoBoxProps: "assign a name to a uuid in the ContainerNameDatabase" used_uuid = self.getUUIDForName(name) "first remove potential conflicting uuid/name combination" - if used_uuid: del self.config["ContainerNameDatabase"][used_uuid] - self.config["ContainerNameDatabase"][uuid] = name + if used_uuid: del self.nameDB[used_uuid] + self.nameDB[uuid] = name + self.nameDB.write() def getNameForUUID(self, uuid): "get the name belonging to a specified key (usually the UUID of a fs)" try: - return self.config["ContainerNameDatabase"][uuid] + return self.nameDB[uuid] except KeyError: return None @@ -112,12 +121,26 @@ class CryptoBoxProps: def getUUIDForName(self, name): """ get the key belonging to a value in the ContainerNameDatabase this is the reverse action of 'getNameForUUID' """ - for key in self.config["ContainerNameDatabase"].keys(): - if self.config["ContainerNameDatabase"][key] == name: return key + for key in self.nameDB.keys(): + if self.nameDB[key] == name: return key "the uuid was not found" return None + def dropPrivileges(self): + "change the effective uid to 'User' specified in section 'System'" + if os.getuid() != os.geteuid(): + raise "PrivilegeManager", "we already dropped privileges" + os.seteuid(self.__cboxUID) + + + def risePrivileges(self): + "regain superuser privileges temporarily - call dropPrivileges afterwards!" + if os.getuid() == os.geteuid(): + raise "PrivilegeManager", "we already have superuser privileges" + os.seteuid(os.getuid()) + + """ ************ internal stuff starts here *********** """ def __getAvailablePartitions(self): @@ -151,9 +174,7 @@ class CryptoBoxProps: fpart.close() return [self.__getAbsoluteDeviceName(e) for e in ret_list] except IOError: - self.debugMessage( - "Could not read /proc/partitions", - CryptoBoxLogger.DebugLevels["warn"]) + self.debugMessage("Could not read /proc/partitions", "warn") return [] @@ -217,12 +238,3 @@ class CryptoBoxProps: return [] - def __csv2list(self, csvstring): - '''transform a csv preferences string into a list''' - commalist = csvstring.split(",") # split the csv by "," - list = [] - for element in commalist: - list.append(element.strip()) # remove whitespaces - return list - - diff --git a/pythonrewrite/bin2/CryptoBoxContainer.py b/pythonrewrite/bin2/CryptoBoxContainer.py index e3e3d6e..f295dc9 100644 --- a/pythonrewrite/bin2/CryptoBoxContainer.py +++ b/pythonrewrite/bin2/CryptoBoxContainer.py @@ -5,10 +5,11 @@ import re """exceptions: VolumeIsActive - InvalidName NameActivelyUsed + InvalidName InvalidPassword InvalidType + CreateError MountError ChangePasswordError """ @@ -39,10 +40,12 @@ class CryptoBoxContainer: __dmDir = "/dev/mapper" - def __init__(self, device, cbox, logger): + def __init__(self, device, cbox): self.device = device - self.logger = logger self.cbox = cbox + self.debugMessage = self.cbox.debugMessage + self.__dropPrivileges = self.cbox.dropPrivileges + self.__risePrivileges = self.cbox.risePrivileges self.__resetObject() @@ -55,7 +58,7 @@ class CryptoBoxContainer: if new_name == self.name: return if self.isMounted(): raise "VolumeIsActive", "the container must be inactive during renaming" - if not re.search(r'^[a-zA-Z0-9_\.\- ]$', new_name): + if not re.search(r'^[a-zA-Z0-9_\.\- ]+$', new_name): raise "InvalidName", "the supplied new name contains illegal characters" "check for active partitions with the same name" prev_name_owner = self.cbox.getContainerList(filterName=new_name) @@ -107,12 +110,13 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) "remove any potential open luks mapping" self.__umountLuks() "create the luks header" + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = subprocess.PIPE, @@ -124,12 +128,11 @@ class CryptoBoxContainer: "luksAddKey", self.device]) proc.stdin.write("%s\n%s" % (oldpw, newpw)) + self.__dropPrivileges() (output, errout) = proc.communicate() if proc.returncode != 0: errorMsg = "Could not add a new luks key: %s - %s" % (output.strip(), errout.strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg) raise "ChangePasswordError", errorMsg keys_found = re.search(r'key slot (\d{1,3}) unlocked', output).groups() if keys_found: @@ -137,6 +140,7 @@ class CryptoBoxContainer: else: raise "ChangePasswordError", "could not get the old key slot" "remove the old key" + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, @@ -149,11 +153,10 @@ class CryptoBoxContainer: self.device, "%d" % (keyslot, )]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not remove the old luks key: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg) raise "ChangePasswordError", errorMsg @@ -179,7 +182,7 @@ class CryptoBoxContainer: def_name = self.cbox.getNameForUUID(self.uuid) if def_name: return def_name "there is no name defined for this uuid - we will propose a good one" - prefix = self.cbox.getConfigValue("DefaultNamePrefix") + prefix = self.cbox.cbxPrefs["Main"]["DefaultVolumePrefix"] unused_found = False counter = 1 while not unused_found: @@ -198,9 +201,10 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) + self.__risePrivileges() proc = subprocess.Popen( shell=False, stdin=None, @@ -213,12 +217,13 @@ class CryptoBoxContainer: "-w", os.devnull, self.device]) proc.wait() + result = proc.stdout.read().strip() + self.__dropPrivileges() if proc.returncode != 0: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "retrieving of partition type via 'blkid' failed: %s" % (proc.stderr.read().strip(), )) return None - result = proc.stdout.read().strip() devnull.close() if result: return result return self.device.replace(os.path.sep, "_") @@ -241,9 +246,10 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) + self.__risePrivileges() proc = subprocess.Popen( shell=False, stdin=None, @@ -256,12 +262,13 @@ class CryptoBoxContainer: "-w", os.devnull, self.device]) proc.wait() + output = proc.stdout.read().strip() + self.__dropPrivileges() if proc.returncode != 0: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "retrieving of partition type via 'blkid' failed: %s" % (proc.stderr.read().strip(), )) return None - output = proc.stdout.read().strip() devnull.close() return output @@ -272,9 +279,10 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, @@ -286,13 +294,14 @@ class CryptoBoxContainer: "isLuks", self.device]) proc.wait() + self.__dropPrivileges() devnull.close() return proc.returncode == 0 def __getMountPoint(self): "return the name of the mountpoint of this volume" - return os.path.join(self.cbox.getConfigValue("MountParent"), self.name) + return os.path.join(self.cbox.cbxPrefs["System"]["MountParentDir"], self.name) def __mountLuks(self, password): @@ -304,9 +313,17 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) + self.__cleanMountDirs() + if not os.path.exists(self.__getMountPoint()): + os.mkdir(self.__getMountPoint()) + if not os.path.exists(self.__getMountPoint()): + errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), ) + self.debugMessage("error", errorMsg) + raise "MountError", errorMsg + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = subprocess.PIPE, @@ -320,27 +337,26 @@ class CryptoBoxContainer: self.name]) proc.stdin.write(password) (output, errout) = proc.communicate() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not open the luks mapping: %s" % (errout.strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) raise "MountError", errorMsg + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, stdout = devnull, - stderr = devnull, + stderr = subprocess.PIPE, args = [ self.Progs["mount"], os.path.join(self.__dmDir, self.name), self.__getMountPoint()]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) raise "MountError", errorMsg devnull.close() @@ -351,24 +367,25 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) if self.isMounted(): + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, stdout = devnull, - stderr = devnull, + stderr = subprocess.PIPE, args = [self.Progs["umount"], "-l", self.__getMountPoint()]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) raise "MountError", errorMsg if os.path.exists(os.path.join(self.__dmDir, self.name)): + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, @@ -380,27 +397,32 @@ class CryptoBoxContainer: "luksClose", self.name]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not remove the luks mapping: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) raise "MountError", errorMsg devnull.close() def __mountPlain(self): "mount a plaintext partition" + if self.isMounted(): raise "VolumeIsActive", "this container is already active" devnull = None try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) self.__cleanMountDirs() if not os.path.exists(self.__getMountPoint()): os.mkdir(self.__getMountPoint()) + if not os.path.exists(self.__getMountPoint()): + errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), ) + self.debugMessage("error", errorMsg) + raise "MountError", errorMsg + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, @@ -411,11 +433,10 @@ class CryptoBoxContainer: self.device, self.__getMountPoint()]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) raise "MountError", errorMsg devnull.close() @@ -426,25 +447,26 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) - proc = subprocess.Popen( - shell = False, - stdin = None, - stdout = devnull, - stderr = subprocess.PIPE, - args = [ - self.Progs["umount"], - "-l", - self.__getMountPoint()]) - proc.wait() - if proc.returncode != 0: - errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["warn"], - errorMsg) - raise "MountError", errorMsg + if self.isMounted(): + self.__risePrivileges() + proc = subprocess.Popen( + shell = False, + stdin = None, + stdout = devnull, + stderr = subprocess.PIPE, + args = [ + self.Progs["umount"], + "-l", + self.__getMountPoint()]) + proc.wait() + self.__dropPrivileges() + if proc.returncode != 0: + errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), ) + self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg) + raise "MountError", errorMsg devnull.close() @@ -457,9 +479,10 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, @@ -469,11 +492,10 @@ class CryptoBoxContainer: self.Progs["mkfs-data"], self.device]) proc.wait() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not create the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg) raise "CreateError", errorMsg devnull.close() @@ -489,12 +511,13 @@ class CryptoBoxContainer: try: devnull = open(os.devnull, "w") except IOError: - self.logger.printMessage( + self.debugMessage( CryptoBoxLogger.DebugLevels["warn"], "Could not open %s" % (os.devnull, )) "remove any potential open luks mapping" self.__umountLuks() "create the luks header" + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = subprocess.PIPE, @@ -503,19 +526,19 @@ class CryptoBoxContainer: args = [ self.Progs["cryptsetup"], "--batch-mode", - "--cipher", self.cbox.getConfigValue("DefaultCipher"), + "--cipher", self.cbox.cbxPrefs["System"]["DefaultCipher"], "--iter-time", "2000", "luksFormat", self.device]) proc.stdin.write(password) (output, errout) = proc.communicate() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not create the luks header: %s" % (errout.strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage("error", errorMsg) raise "CreateError", errorMsg "open the luks container for mkfs" + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = subprocess.PIPE, @@ -529,29 +552,28 @@ class CryptoBoxContainer: self.name]) proc.stdin.write(password) (output, errout) = proc.communicate() + self.__dropPrivileges() if proc.returncode != 0: errorMsg = "Could not open the new luks mapping: %s" % (errout.strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg) raise "CreateError", errorMsg "make the filesystem" + self.__risePrivileges() proc = subprocess.Popen( shell = False, stdin = None, stdout = devnull, - stderr = devnull, + stderr = subprocess.PIPE, args = [ self.Progs["mkfs-data"], os.path.join(self.__dmDir, self.name)]) proc.wait() + self.__dropPrivileges() "remove the mapping - for every exit status" self.__umountLuks() if proc.returncode != 0: errorMsg = "Could not create the filesystem: %s" % (proc.stderr.read().strip(), ) - self.logger.printMessage( - CryptoBoxLogger.DebugLevels["error"], - errorMsg) + self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg) "remove the luks mapping" raise "CreateError", errorMsg devnull.close() @@ -560,9 +582,9 @@ class CryptoBoxContainer: def __cleanMountDirs(self): """ remove all unnecessary subdirs of the mount parent directory this should be called for every (u)mount """ - subdirs = os.listdir(self.cbox.getConfigValue("MountParent")) + subdirs = os.listdir(self.cbox.cbxPrefs["System"]["MountParentDir"]) for dir in subdirs: - abs_dir = os.path.join(self.cbox.getConfigValue("MountParent"), dir) + abs_dir = os.path.join(self.cbox.cbxPrefs["System"]["MountParentDir"], dir) if (not os.path.islink(abs_dir)) and os.path.isdir(abs_dir) and (not os.path.ismount(abs_dir)): os.rmdir(abs_dir) diff --git a/pythonrewrite/bin2/CryptoBoxLogger.py b/pythonrewrite/bin2/CryptoBoxLogger.py index 90268bc..0e9481e 100644 --- a/pythonrewrite/bin2/CryptoBoxLogger.py +++ b/pythonrewrite/bin2/CryptoBoxLogger.py @@ -2,6 +2,7 @@ manages logging events of the CryptoBox ''' import sys +import os class CryptoBoxLogger: ''' @@ -11,9 +12,17 @@ class CryptoBoxLogger: DebugLevels = {"debug":0, "info":3, "warn":6, "error":9} DebugFacilities = {"file":0} - def __init__(self, level, facility, name=None): - self.debug_level = int(level) - if int(facility) == self.DebugFacilities["file"]: + def __init__(self, level, facility, name=None, user=None): + try: + facility = int(facility) + except ValueError: + facility = self.DebugFacilities[facility] + try: + level = int(level) + except ValueError: + level = self.DebugLevels[level] + self.debug_level = level + if facility == self.DebugFacilities["file"]: self.logFunc = self.message2file if name is not None: self.logFile = name @@ -22,6 +31,12 @@ class CryptoBoxLogger: try: fsock = open(self.logFile, "a") fsock.close() + # TODO: check before, if this file was owned + # by someone else than the cryptobox user - in this case, + # we may not chown it - very baaaad! + "change ownership of log file" + if user != None: + os.chown(self.logFile, user, os.getegid()) return except IOError: sys.stderr.write("Unable to open logfile (%s) for writing.\n" % (self.logFile, )) @@ -32,8 +47,13 @@ class CryptoBoxLogger: sys.exit(1) - def printMessage(self, text, msg_level=None): + def printMessage(self, msg_level, text): if msg_level is None: msg_level = self.DebugLevels["debug"] + "convert debuglevel from string to int, if necessary" + try: + msg_level = int(msg_level) + except ValueError: + msg_level = self.DebugLevels[msg_level] if msg_level >= self.debug_level: self.logFunc("[CryptoBox] - %s\n" % (text, )) diff --git a/pythonrewrite/bin2/cbx.conf b/pythonrewrite/bin2/cbx.conf deleted file mode 100644 index 9541290..0000000 --- a/pythonrewrite/bin2/cbx.conf +++ /dev/null @@ -1,9 +0,0 @@ -[Main] -allowed_devices = /dev/loop -defaultcipher = aes-cbc-essiv:sha256 -defaultnameprefix = "Data " -mountparent = /var/cache/cryptobox/mnt -debugfacility = 0 -debuglevel = 0 -logfile = cbox.log - diff --git a/pythonrewrite/bin2/cryptobox.conf b/pythonrewrite/bin2/cryptobox.conf new file mode 100644 index 0000000..87b4a9c --- /dev/null +++ b/pythonrewrite/bin2/cryptobox.conf @@ -0,0 +1,51 @@ +[Main] + +# comma separated list of possible prefixes for accesible devices +# beware: .e.g "/dev/hd" grants access to _all_ harddisks +AllowedDevices = /dev/loop + +# the default prefix of not yet named containers + +DefaultVolumePrefix = "Data " + +# where should we put the local configuration and the mountpoints? +# this directory must be accessible by the cryptobox user (see below) +#DataDir = /var/cache/cryptobox +DataDir = . + +# the name-database file - inside of DataDir +NameDatabase = cryptobox_names.db + + +[System] +# most actions of the cryptobox are not executed as root - choose a limited +# user here - for now only numeric ids are allowed +User = 1000 + +# where should we mount volumes? +# this directory must be writeable by the cryptobox user (see above) +MountParentDir = /var/cache/cryptobox/mnt + +# which cipher should cryptsetup-luks use? +DefaultCipher = aes-cbc-essiv:sha256 + + +[Log] +# possible values are "debug", "info", "warn" and "error" or numbers from +# 0 (debug) to 9 (error) +Level = debug + +# where to write the log messages to? +# possible values are: file +# syslog support will be added later +Facility = file + +# depending on the choosen facility (see above) you may select a +# destination. Possible values for the different facilities are: +# file: $FILENAME +# syslog: $LOG_FACILITY +# The log file will get created as root and then handed over to the +# cryptobox user 8see above) +#Destination = /var/log/cryptobox.log +Destination = ./cryptobox.log + diff --git a/pythonrewrite/bin2/test.py b/pythonrewrite/bin2/test.py new file mode 100644 index 0000000..b591f92 --- /dev/null +++ b/pythonrewrite/bin2/test.py @@ -0,0 +1,93 @@ +""" +BEWARE: this script may overwrite the data of one of your loop devices. You +should restrict the AllowedDevices directive in cryptobox.conf to exclude +your precious black devices from being used by this script. + +the following script runs a number of tests for different parts +""" + +from CryptoBox import CryptoBoxProps +from CryptoBoxContainer import CryptoBoxContainer +import sys + + +def main(): + cb = CryptoBoxProps() + + print "Confguration:" + print "\tConfig file:\t\t%s" % (cb.cbxPrefs.filename, ) + print "\tAllowed devices:\t%s" % (cb.cbxPrefs["Main"]["AllowedDevices"], ) + + """for e in cb.getContainerList(filterType=CryptoBoxContainer.Types["luks"]):""" + for e in cb.getContainerList(): + print "\t\t%d\t\t%s - %s - %d" % (cb.getContainerList().index(e), e.getDevice(), e.getName(), e.getType()) + + if not cb.getContainerList(): + print "no loop devices found for testing" + sys.exit(1) + + if len(cb.getContainerList()) > 1: + print "I found more than one available loop device - I will stop now to avoid risking data loss." + print "Please change the 'AllowedDevices' setting in 'cryptobox.conf' to reduce the number of allowed devices to only one." + sys.exit(1) + + testElement = cb.getContainerList()[0] + print "\nRunning some tests now ..." + if not luke_tests(testElement): + print "some previous tests failed - we should stop now" + sys.exit(1) + plain_tests(testElement) + + +" ***************** some functions ******************** " + +def luke_tests(e): + e.create(e.Types["luks"], "alt") + print "\tluks create:\tok" + + e.changePassword("alt","neu") + print "\tluks changepw:\tok" + + e.setName("lalla") + print "\tluks setName:\tok" + + try: + e.mount("neu") + except "MountError": + pass + if e.isMounted(): print "\tluks mount:\tok" + else: print "\tluks mount:\tfailed" + + try: + e.umount() + except "MountError": + pass + if e.isMounted(): print "\tluks umount:\tfailed" + else: print "\tluks umount:\tok" + + if e.isMounted(): return False + else: return True + + +def plain_tests(e): + e.create(e.Types["plain"]) + print "\tplain create:\tok" + + e.setName("plain-lili") + print "\tplain setName:\tok" + + try: + e.mount() + except "MountError": + pass + if e.isMounted(): print "\tplain mount:\tok" + else: print "\tplain mount:\tfailed" + + try: + e.umount() + except "MountError": + pass + if e.isMounted(): print "\tplain umount:\tfailed" + else: print "\tplain umount:\tok" + +main()