privilege dropping replaced by a separate python script for root actions
syslog support added moved program locations to config file removed obsolete CryptoBoxPreferences added some requests for comments (RFC)
This commit is contained in:
parent
975b2bb14a
commit
b951efdd9c
7 changed files with 156 additions and 269 deletions
|
|
@ -19,15 +19,6 @@ import re
|
|||
|
||||
class CryptoBoxContainer:
|
||||
|
||||
Progs = {
|
||||
"cryptsetup":"/sbin/cryptsetup",
|
||||
"mkfs-data":"/sbin/mkfs.ext3",
|
||||
"mkfs-config":"/sbin/mkfs.ext2",
|
||||
"blkid":"/sbin/blkid",
|
||||
"mount":"/bin/mount",
|
||||
"umount":"/bin/umount"}
|
||||
|
||||
|
||||
Types = {
|
||||
"unused":0,
|
||||
"plain":1,
|
||||
|
|
@ -47,8 +38,7 @@ class CryptoBoxContainer:
|
|||
self.device = device
|
||||
self.cbox = cbox
|
||||
self.debugMessage = self.cbox.debugMessage
|
||||
self.__dropPrivileges = self.cbox.dropPrivileges
|
||||
self.__risePrivileges = self.cbox.risePrivileges
|
||||
self.Progs = self.cbox.cbxPrefs["Programs"]
|
||||
self.__resetObject()
|
||||
|
||||
|
||||
|
|
@ -119,7 +109,6 @@ class CryptoBoxContainer:
|
|||
"remove any potential open luks mapping"
|
||||
self.__umountLuks()
|
||||
"create the luks header"
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = subprocess.PIPE,
|
||||
|
|
@ -131,7 +120,6 @@ class CryptoBoxContainer:
|
|||
"luksAddKey",
|
||||
self.device])
|
||||
proc.stdin.write("%s\n%s" % (oldpw, newpw))
|
||||
self.__dropPrivileges()
|
||||
(output, errout) = proc.communicate()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not add a new luks key: %s - %s" % (output.strip(), errout.strip(), )
|
||||
|
|
@ -143,7 +131,6 @@ class CryptoBoxContainer:
|
|||
else:
|
||||
raise "ChangePasswordError", "could not get the old key slot"
|
||||
"remove the old key"
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -156,7 +143,6 @@ class CryptoBoxContainer:
|
|||
self.device,
|
||||
"%d" % (keyslot, )])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not remove the old luks key: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg)
|
||||
|
|
@ -207,7 +193,6 @@ class CryptoBoxContainer:
|
|||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell=False,
|
||||
stdin=None,
|
||||
|
|
@ -221,7 +206,6 @@ class CryptoBoxContainer:
|
|||
self.device])
|
||||
proc.wait()
|
||||
result = proc.stdout.read().strip()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
|
|
@ -252,7 +236,6 @@ class CryptoBoxContainer:
|
|||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell=False,
|
||||
stdin=None,
|
||||
|
|
@ -266,7 +249,6 @@ class CryptoBoxContainer:
|
|||
self.device])
|
||||
proc.wait()
|
||||
output = proc.stdout.read().strip()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
|
|
@ -285,7 +267,6 @@ class CryptoBoxContainer:
|
|||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -297,7 +278,6 @@ class CryptoBoxContainer:
|
|||
"isLuks",
|
||||
self.device])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
devnull.close()
|
||||
return proc.returncode == 0
|
||||
|
||||
|
|
@ -326,7 +306,6 @@ class CryptoBoxContainer:
|
|||
errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), )
|
||||
self.debugMessage("error", errorMsg)
|
||||
raise "MountError", errorMsg
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = subprocess.PIPE,
|
||||
|
|
@ -340,12 +319,10 @@ class CryptoBoxContainer:
|
|||
self.name])
|
||||
proc.stdin.write(password)
|
||||
(output, errout) = proc.communicate()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not open the luks mapping: %s" % (errout.strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
raise "MountError", errorMsg
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -356,7 +333,6 @@ class CryptoBoxContainer:
|
|||
os.path.join(self.__dmDir, self.name),
|
||||
self.__getMountPoint()])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
|
|
@ -374,7 +350,6 @@ class CryptoBoxContainer:
|
|||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
if self.isMounted():
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -382,13 +357,11 @@ class CryptoBoxContainer:
|
|||
stderr = subprocess.PIPE,
|
||||
args = [self.Progs["umount"], "-l", self.__getMountPoint()])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
raise "MountError", errorMsg
|
||||
if os.path.exists(os.path.join(self.__dmDir, self.name)):
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -400,7 +373,6 @@ class CryptoBoxContainer:
|
|||
"luksClose",
|
||||
self.name])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not remove the luks mapping: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
|
|
@ -425,7 +397,6 @@ class CryptoBoxContainer:
|
|||
errorMsg = "Could not create mountpoint (%s)" % (self.__getMountPoint(), )
|
||||
self.debugMessage("error", errorMsg)
|
||||
raise "MountError", errorMsg
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -436,7 +407,6 @@ class CryptoBoxContainer:
|
|||
self.device,
|
||||
self.__getMountPoint()])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not mount the filesystem: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
|
|
@ -454,7 +424,6 @@ class CryptoBoxContainer:
|
|||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
if self.isMounted():
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -465,7 +434,6 @@ class CryptoBoxContainer:
|
|||
"-l",
|
||||
self.__getMountPoint()])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not umount the filesystem: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["warn"], errorMsg)
|
||||
|
|
@ -485,7 +453,6 @@ class CryptoBoxContainer:
|
|||
self.debugMessage(
|
||||
CryptoBoxLogger.DebugLevels["warn"],
|
||||
"Could not open %s" % (os.devnull, ))
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -495,7 +462,6 @@ class CryptoBoxContainer:
|
|||
self.Progs["mkfs-data"],
|
||||
self.device])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not create the filesystem: %s" % (proc.stderr.read().strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg)
|
||||
|
|
@ -520,7 +486,6 @@ class CryptoBoxContainer:
|
|||
"remove any potential open luks mapping"
|
||||
self.__umountLuks()
|
||||
"create the luks header"
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = subprocess.PIPE,
|
||||
|
|
@ -535,13 +500,11 @@ class CryptoBoxContainer:
|
|||
self.device])
|
||||
proc.stdin.write(password)
|
||||
(output, errout) = proc.communicate()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not create the luks header: %s" % (errout.strip(), )
|
||||
self.debugMessage("error", errorMsg)
|
||||
raise "CreateError", errorMsg
|
||||
"open the luks container for mkfs"
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = subprocess.PIPE,
|
||||
|
|
@ -555,13 +518,11 @@ class CryptoBoxContainer:
|
|||
self.name])
|
||||
proc.stdin.write(password)
|
||||
(output, errout) = proc.communicate()
|
||||
self.__dropPrivileges()
|
||||
if proc.returncode != 0:
|
||||
errorMsg = "Could not open the new luks mapping: %s" % (errout.strip(), )
|
||||
self.debugMessage(CryptoBoxLogger.DebugLevels["error"], errorMsg)
|
||||
raise "CreateError", errorMsg
|
||||
"make the filesystem"
|
||||
self.__risePrivileges()
|
||||
proc = subprocess.Popen(
|
||||
shell = False,
|
||||
stdin = None,
|
||||
|
|
@ -571,7 +532,6 @@ class CryptoBoxContainer:
|
|||
self.Progs["mkfs-data"],
|
||||
os.path.join(self.__dmDir, self.name)])
|
||||
proc.wait()
|
||||
self.__dropPrivileges()
|
||||
"remove the mapping - for every exit status"
|
||||
self.__umountLuks()
|
||||
if proc.returncode != 0:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue