init python rewrite
This commit is contained in:
parent
d0029c26c7
commit
e0ec6cb9a4
126 changed files with 15064 additions and 0 deletions
340
pythonrewrite/LICENSE
Normal file
340
pythonrewrite/LICENSE
Normal file
|
@ -0,0 +1,340 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 2, June 1991
|
||||
|
||||
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||
51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The licenses for most software are designed to take away your
|
||||
freedom to share and change it. By contrast, the GNU General Public
|
||||
License is intended to guarantee your freedom to share and change free
|
||||
software--to make sure the software is free for all its users. This
|
||||
General Public License applies to most of the Free Software
|
||||
Foundation's software and to any other program whose authors commit to
|
||||
using it. (Some other Free Software Foundation software is covered by
|
||||
the GNU Library General Public License instead.) You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
this service if you wish), that you receive source code or can get it
|
||||
if you want it, that you can change the software or use pieces of it
|
||||
in new free programs; and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to make restrictions that forbid
|
||||
anyone to deny you these rights or to ask you to surrender the rights.
|
||||
These restrictions translate to certain responsibilities for you if you
|
||||
distribute copies of the software, or if you modify it.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must give the recipients all the rights that
|
||||
you have. You must make sure that they, too, receive or can get the
|
||||
source code. And you must show them these terms so they know their
|
||||
rights.
|
||||
|
||||
We protect your rights with two steps: (1) copyright the software, and
|
||||
(2) offer you this license which gives you legal permission to copy,
|
||||
distribute and/or modify the software.
|
||||
|
||||
Also, for each author's protection and ours, we want to make certain
|
||||
that everyone understands that there is no warranty for this free
|
||||
software. If the software is modified by someone else and passed on, we
|
||||
want its recipients to know that what they have is not the original, so
|
||||
that any problems introduced by others will not reflect on the original
|
||||
authors' reputations.
|
||||
|
||||
Finally, any free program is threatened constantly by software
|
||||
patents. We wish to avoid the danger that redistributors of a free
|
||||
program will individually obtain patent licenses, in effect making the
|
||||
program proprietary. To prevent this, we have made it clear that any
|
||||
patent must be licensed for everyone's free use or not licensed at all.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
GNU GENERAL PUBLIC LICENSE
|
||||
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||
|
||||
0. This License applies to any program or other work which contains
|
||||
a notice placed by the copyright holder saying it may be distributed
|
||||
under the terms of this General Public License. The "Program", below,
|
||||
refers to any such program or work, and a "work based on the Program"
|
||||
means either the Program or any derivative work under copyright law:
|
||||
that is to say, a work containing the Program or a portion of it,
|
||||
either verbatim or with modifications and/or translated into another
|
||||
language. (Hereinafter, translation is included without limitation in
|
||||
the term "modification".) Each licensee is addressed as "you".
|
||||
|
||||
Activities other than copying, distribution and modification are not
|
||||
covered by this License; they are outside its scope. The act of
|
||||
running the Program is not restricted, and the output from the Program
|
||||
is covered only if its contents constitute a work based on the
|
||||
Program (independent of having been made by running the Program).
|
||||
Whether that is true depends on what the Program does.
|
||||
|
||||
1. You may copy and distribute verbatim copies of the Program's
|
||||
source code as you receive it, in any medium, provided that you
|
||||
conspicuously and appropriately publish on each copy an appropriate
|
||||
copyright notice and disclaimer of warranty; keep intact all the
|
||||
notices that refer to this License and to the absence of any warranty;
|
||||
and give any other recipients of the Program a copy of this License
|
||||
along with the Program.
|
||||
|
||||
You may charge a fee for the physical act of transferring a copy, and
|
||||
you may at your option offer warranty protection in exchange for a fee.
|
||||
|
||||
2. You may modify your copy or copies of the Program or any portion
|
||||
of it, thus forming a work based on the Program, and copy and
|
||||
distribute such modifications or work under the terms of Section 1
|
||||
above, provided that you also meet all of these conditions:
|
||||
|
||||
a) You must cause the modified files to carry prominent notices
|
||||
stating that you changed the files and the date of any change.
|
||||
|
||||
b) You must cause any work that you distribute or publish, that in
|
||||
whole or in part contains or is derived from the Program or any
|
||||
part thereof, to be licensed as a whole at no charge to all third
|
||||
parties under the terms of this License.
|
||||
|
||||
c) If the modified program normally reads commands interactively
|
||||
when run, you must cause it, when started running for such
|
||||
interactive use in the most ordinary way, to print or display an
|
||||
announcement including an appropriate copyright notice and a
|
||||
notice that there is no warranty (or else, saying that you provide
|
||||
a warranty) and that users may redistribute the program under
|
||||
these conditions, and telling the user how to view a copy of this
|
||||
License. (Exception: if the Program itself is interactive but
|
||||
does not normally print such an announcement, your work based on
|
||||
the Program is not required to print an announcement.)
|
||||
|
||||
These requirements apply to the modified work as a whole. If
|
||||
identifiable sections of that work are not derived from the Program,
|
||||
and can be reasonably considered independent and separate works in
|
||||
themselves, then this License, and its terms, do not apply to those
|
||||
sections when you distribute them as separate works. But when you
|
||||
distribute the same sections as part of a whole which is a work based
|
||||
on the Program, the distribution of the whole must be on the terms of
|
||||
this License, whose permissions for other licensees extend to the
|
||||
entire whole, and thus to each and every part regardless of who wrote it.
|
||||
|
||||
Thus, it is not the intent of this section to claim rights or contest
|
||||
your rights to work written entirely by you; rather, the intent is to
|
||||
exercise the right to control the distribution of derivative or
|
||||
collective works based on the Program.
|
||||
|
||||
In addition, mere aggregation of another work not based on the Program
|
||||
with the Program (or with a work based on the Program) on a volume of
|
||||
a storage or distribution medium does not bring the other work under
|
||||
the scope of this License.
|
||||
|
||||
3. You may copy and distribute the Program (or a work based on it,
|
||||
under Section 2) in object code or executable form under the terms of
|
||||
Sections 1 and 2 above provided that you also do one of the following:
|
||||
|
||||
a) Accompany it with the complete corresponding machine-readable
|
||||
source code, which must be distributed under the terms of Sections
|
||||
1 and 2 above on a medium customarily used for software interchange; or,
|
||||
|
||||
b) Accompany it with a written offer, valid for at least three
|
||||
years, to give any third party, for a charge no more than your
|
||||
cost of physically performing source distribution, a complete
|
||||
machine-readable copy of the corresponding source code, to be
|
||||
distributed under the terms of Sections 1 and 2 above on a medium
|
||||
customarily used for software interchange; or,
|
||||
|
||||
c) Accompany it with the information you received as to the offer
|
||||
to distribute corresponding source code. (This alternative is
|
||||
allowed only for noncommercial distribution and only if you
|
||||
received the program in object code or executable form with such
|
||||
an offer, in accord with Subsection b above.)
|
||||
|
||||
The source code for a work means the preferred form of the work for
|
||||
making modifications to it. For an executable work, complete source
|
||||
code means all the source code for all modules it contains, plus any
|
||||
associated interface definition files, plus the scripts used to
|
||||
control compilation and installation of the executable. However, as a
|
||||
special exception, the source code distributed need not include
|
||||
anything that is normally distributed (in either source or binary
|
||||
form) with the major components (compiler, kernel, and so on) of the
|
||||
operating system on which the executable runs, unless that component
|
||||
itself accompanies the executable.
|
||||
|
||||
If distribution of executable or object code is made by offering
|
||||
access to copy from a designated place, then offering equivalent
|
||||
access to copy the source code from the same place counts as
|
||||
distribution of the source code, even though third parties are not
|
||||
compelled to copy the source along with the object code.
|
||||
|
||||
4. You may not copy, modify, sublicense, or distribute the Program
|
||||
except as expressly provided under this License. Any attempt
|
||||
otherwise to copy, modify, sublicense or distribute the Program is
|
||||
void, and will automatically terminate your rights under this License.
|
||||
However, parties who have received copies, or rights, from you under
|
||||
this License will not have their licenses terminated so long as such
|
||||
parties remain in full compliance.
|
||||
|
||||
5. You are not required to accept this License, since you have not
|
||||
signed it. However, nothing else grants you permission to modify or
|
||||
distribute the Program or its derivative works. These actions are
|
||||
prohibited by law if you do not accept this License. Therefore, by
|
||||
modifying or distributing the Program (or any work based on the
|
||||
Program), you indicate your acceptance of this License to do so, and
|
||||
all its terms and conditions for copying, distributing or modifying
|
||||
the Program or works based on it.
|
||||
|
||||
6. Each time you redistribute the Program (or any work based on the
|
||||
Program), the recipient automatically receives a license from the
|
||||
original licensor to copy, distribute or modify the Program subject to
|
||||
these terms and conditions. You may not impose any further
|
||||
restrictions on the recipients' exercise of the rights granted herein.
|
||||
You are not responsible for enforcing compliance by third parties to
|
||||
this License.
|
||||
|
||||
7. If, as a consequence of a court judgment or allegation of patent
|
||||
infringement or for any other reason (not limited to patent issues),
|
||||
conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot
|
||||
distribute so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you
|
||||
may not distribute the Program at all. For example, if a patent
|
||||
license would not permit royalty-free redistribution of the Program by
|
||||
all those who receive copies directly or indirectly through you, then
|
||||
the only way you could satisfy both it and this License would be to
|
||||
refrain entirely from distribution of the Program.
|
||||
|
||||
If any portion of this section is held invalid or unenforceable under
|
||||
any particular circumstance, the balance of the section is intended to
|
||||
apply and the section as a whole is intended to apply in other
|
||||
circumstances.
|
||||
|
||||
It is not the purpose of this section to induce you to infringe any
|
||||
patents or other property right claims or to contest validity of any
|
||||
such claims; this section has the sole purpose of protecting the
|
||||
integrity of the free software distribution system, which is
|
||||
implemented by public license practices. Many people have made
|
||||
generous contributions to the wide range of software distributed
|
||||
through that system in reliance on consistent application of that
|
||||
system; it is up to the author/donor to decide if he or she is willing
|
||||
to distribute software through any other system and a licensee cannot
|
||||
impose that choice.
|
||||
|
||||
This section is intended to make thoroughly clear what is believed to
|
||||
be a consequence of the rest of this License.
|
||||
|
||||
8. If the distribution and/or use of the Program is restricted in
|
||||
certain countries either by patents or by copyrighted interfaces, the
|
||||
original copyright holder who places the Program under this License
|
||||
may add an explicit geographical distribution limitation excluding
|
||||
those countries, so that distribution is permitted only in or among
|
||||
countries not thus excluded. In such case, this License incorporates
|
||||
the limitation as if written in the body of this License.
|
||||
|
||||
9. The Free Software Foundation may publish revised and/or new versions
|
||||
of the General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the Program
|
||||
specifies a version number of this License which applies to it and "any
|
||||
later version", you have the option of following the terms and conditions
|
||||
either of that version or of any later version published by the Free
|
||||
Software Foundation. If the Program does not specify a version number of
|
||||
this License, you may choose any version ever published by the Free Software
|
||||
Foundation.
|
||||
|
||||
10. If you wish to incorporate parts of the Program into other free
|
||||
programs whose distribution conditions are different, write to the author
|
||||
to ask for permission. For software which is copyrighted by the Free
|
||||
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||
make exceptions for this. Our decision will be guided by the two goals
|
||||
of preserving the free status of all derivatives of our free software and
|
||||
of promoting the sharing and reuse of software generally.
|
||||
|
||||
NO WARRANTY
|
||||
|
||||
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||
REPAIR OR CORRECTION.
|
||||
|
||||
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||
POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
convey the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program; if not, write to the Free Software
|
||||
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program is interactive, make it output a short notice like this
|
||||
when it starts in an interactive mode:
|
||||
|
||||
Gnomovision version 69, Copyright (C) year name of author
|
||||
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, the commands you use may
|
||||
be called something other than `show w' and `show c'; they could even be
|
||||
mouse-clicks or menu items--whatever suits your program.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or your
|
||||
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||
necessary. Here is a sample; alter the names:
|
||||
|
||||
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||
|
||||
<signature of Ty Coon>, 1 April 1989
|
||||
Ty Coon, President of Vice
|
||||
|
||||
This General Public License does not permit incorporating your program into
|
||||
proprietary programs. If your program is a subroutine library, you may
|
||||
consider it more useful to permit linking proprietary applications with the
|
||||
library. If this is what you want to do, use the GNU Library General
|
||||
Public License instead of this License.
|
70
pythonrewrite/Makefile
Normal file
70
pythonrewrite/Makefile
Normal file
|
@ -0,0 +1,70 @@
|
|||
#
|
||||
# Makefile for the cryptobox web-interface
|
||||
#
|
||||
# Copyright (c) 02006 senselab
|
||||
#
|
||||
|
||||
CRYPTOBOX_ROOT = .
|
||||
|
||||
PREFIX = /usr/local
|
||||
SHARE_DIR = $(PREFIX)/share/cryptobox
|
||||
LIB_DIR = $(PREFIX)/lib/cryptobox
|
||||
DOC_DIR = $(PREFIX)/share/doc/cryptobox
|
||||
BUILD_DIR = build_dir
|
||||
INSTALL = install
|
||||
|
||||
OS_TYPE=$(shell uname -o | tr [:upper:] [:lower:] | sed s/[^a-z0-9\._\-]/_/g)
|
||||
|
||||
.PHONY: install clean build
|
||||
|
||||
build:
|
||||
$(INSTALL) -d -m 755 $(BUILD_DIR)/etc
|
||||
$(INSTALL) -c -m 644 conf-examples/cryptobox.conf $(BUILD_DIR)/etc/
|
||||
@sed -i 's#^HTML_TEMPLATE_DIR=.*$$#HTML_TEMPLATE_DIR=$(SHARE_DIR)/templates#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||
@sed -i 's#^LANGUAGE_DIR=.*$$#LANGUAGE_DIR=$(SHARE_DIR)/lang#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||
@sed -i 's#^DOC_DIR=.*$$#DOC_DIR=$(DOC_DIR)/html#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||
@sed -i 's#^CONFIG_DEFAULTS_DIR=.*$$#CONFIG_DEFAULTS_DIR=$(SHARE_DIR)/defaults#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||
|
||||
# choose the appropriate program_locations.conf
|
||||
if test -e conf-examples/distributions/$(OS_TYPE) ; \
|
||||
then cat conf-examples/distributions/$(OS_TYPE) ;\
|
||||
else cat conf-examples/distributions/default ;\
|
||||
fi >$(BUILD_DIR)/etc/distribution.conf
|
||||
|
||||
# compile the suid wrapper
|
||||
$(MAKE) -C bin LIB_DIR=$(LIB_DIR)
|
||||
@touch $(BUILD_DIR)-stamp
|
||||
|
||||
|
||||
install: $(BUILD_DIR)-stamp
|
||||
$(INSTALL) -d -m 755 $(LIB_DIR)
|
||||
$(INSTALL) -c -m 755 bin/cbox-manage.sh $(LIB_DIR)
|
||||
$(INSTALL) -c -m 755 bin/cbox-root-actions.sh $(LIB_DIR)
|
||||
$(INSTALL) -c -m 755 bin/cryptobox.pl $(LIB_DIR)
|
||||
$(INSTALL) -c -m 755 bin/cryptobox_cgi_wrapper $(LIB_DIR)
|
||||
$(INSTALL) -c -m 4755 bin/cryptobox_root_wrapper $(LIB_DIR)
|
||||
$(INSTALL) -d -m 755 $(SHARE_DIR)/lang
|
||||
$(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/
|
||||
$(INSTALL) -d -m 755 $(SHARE_DIR)/templates
|
||||
$(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates
|
||||
$(INSTALL) -d -m 755 $(SHARE_DIR)/defaults
|
||||
$(INSTALL) -c -m 644 conf-examples/default-settings/* $(SHARE_DIR)/defaults/
|
||||
$(INSTALL) -d -m 755 $(SHARE_DIR)/html
|
||||
$(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/
|
||||
$(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/
|
||||
$(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/
|
||||
#$(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots
|
||||
#$(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/
|
||||
$(INSTALL) -d -m 755 $(DOC_DIR)/html/en
|
||||
$(INSTALL) -d -m 755 $(DOC_DIR)/html/de
|
||||
$(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/
|
||||
$(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/
|
||||
$(INSTALL) -d -m 755 $(SHARE_DIR)/distributions
|
||||
$(INSTALL) -c -m 644 conf-examples/distributions/* $(SHARE_DIR)/distributions/
|
||||
|
||||
|
||||
clean:
|
||||
$(MAKE) -C bin clean
|
||||
-rm -rf $(BUILD_DIR)
|
||||
-rm -f $(BUILD_DIR)-stamp
|
||||
|
1
pythonrewrite/README
Normal file
1
pythonrewrite/README
Normal file
|
@ -0,0 +1 @@
|
|||
link cbox-tree.d/usr/share/doc/cryptobox/README
|
37
pythonrewrite/bin/Makefile
Normal file
37
pythonrewrite/bin/Makefile
Normal file
|
@ -0,0 +1,37 @@
|
|||
# Makefile to compile the binary suid-wrapper for cryptobox
|
||||
#
|
||||
# LIB_DIR should be defined in the higher level Makefile
|
||||
#
|
||||
|
||||
HEADER_FILE = cryptobox_wrapper.h
|
||||
SRC_FILE = cryptobox_wrapper.c
|
||||
CGI_SUID_FILE = cryptobox_cgi_wrapper
|
||||
ROOT_SUID_FILE = cryptobox_root_wrapper
|
||||
|
||||
CGI_FILENAME = cryptobox.pl
|
||||
ROOT_SCRIPT_FILENAME = cbox-root-actions.sh
|
||||
# fall back to default, if not overwritten
|
||||
LIB_DIR = /usr/local/lib/cryptobox
|
||||
|
||||
|
||||
# _always_ recompile (in case of a changed LIB_DIR)
|
||||
.PHONY: build clean $(CGI_SUID_FILE) $(ROOT_SUID_FILE)
|
||||
|
||||
build: $(CGI_SUID_FILE) $(ROOT_SUID_FILE)
|
||||
|
||||
|
||||
$(CGI_SUID_FILE): $(SRC_FILE)
|
||||
@echo '#define EXEC_PATH "$(LIB_DIR)/$(CGI_FILENAME)"' >$(HEADER_FILE)
|
||||
$(CC) -o $(CGI_SUID_FILE) $(SRC_FILE)
|
||||
-rm $(HEADER_FILE)
|
||||
|
||||
|
||||
$(ROOT_SUID_FILE): $(SRC_FILE)
|
||||
@echo '#define EXEC_PATH "$(LIB_DIR)/$(ROOT_SCRIPT_FILENAME)"' >$(HEADER_FILE)
|
||||
$(CC) -o $(ROOT_SUID_FILE) $(SRC_FILE)
|
||||
-rm $(HEADER_FILE)
|
||||
|
||||
|
||||
clean:
|
||||
-rm -f $(CGI_SUID_FILE) $(ROOT_SUID_FILE) $(HEADER_FILE)
|
||||
|
474
pythonrewrite/bin/cbox-manage.sh
Executable file
474
pythonrewrite/bin/cbox-manage.sh
Executable file
|
@ -0,0 +1,474 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||
#
|
||||
# License: This script is distributed under the terms of version 2
|
||||
# of the GNU GPL. See the LICENSE file included with the package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# this script does EVERYTHING
|
||||
# all other scripts are only frontends :)
|
||||
#
|
||||
# called by:
|
||||
# - some rc-scripts
|
||||
# - the web frontend cgi
|
||||
#
|
||||
|
||||
# TODO: check permissions and owners of config files, directories and scripts before
|
||||
# running cbox-root-actions.sh
|
||||
|
||||
set -eu
|
||||
|
||||
|
||||
# default location of config file
|
||||
CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||
|
||||
LIB_DIR=$(dirname "$0")
|
||||
|
||||
# to determine a nice default partition name
|
||||
DEVICE_NAME_PREFIX="Disk #"
|
||||
|
||||
# read the default setting file, if it exists
|
||||
test -e /etc/default/cryptobox && . /etc/default/cryptobox
|
||||
|
||||
test ! -e "$CONF_FILE" && echo "Could not find the configuration file: $CONF_FILE" >&2 && exit 1
|
||||
|
||||
# parse config file
|
||||
. "$CONF_FILE"
|
||||
|
||||
test ! -e "$CONF_FILE" && echo "Could not find the distribution specific configuration file: $CONF_FILE" >&2 && exit 1
|
||||
|
||||
# parse the distribution specific file
|
||||
. "$DISTRIBUTION_CONF"
|
||||
|
||||
# check for writable log file
|
||||
test -w "$LOG_FILE" || LOG_FILE=/tmp/$(basename "$LOG_FILE")
|
||||
|
||||
# retrieve configuration directory
|
||||
CONFIG_DIR="$(getent passwd $CRYPTOBOX_USER | cut -d ':' -f 6)/config"
|
||||
CONFIG_MARKER=cryptobox.marker
|
||||
|
||||
## configuration
|
||||
ROOT_PERM_SCRIPT="$LIB_DIR/cryptobox_root_wrapper"
|
||||
# ROOT_PERM_SCRIPT needs the MNT_PARENT setting
|
||||
export MNT_PARENT="$(cd ~; pwd)/mnt"
|
||||
|
||||
######## stuff ##########
|
||||
|
||||
# all partitions with a trailing number
|
||||
ALL_PARTITIONS=$(cat /proc/partitions | sed '1,2d; s/ */ /g; s/^ *//' | cut -d " " -f 4 | grep '[0-9]$')
|
||||
|
||||
#########################
|
||||
|
||||
function log_msg()
|
||||
{
|
||||
# the log file is (maybe) not writable during boot - try
|
||||
# before writing ...
|
||||
test -w "$LOG_FILE" || return 0
|
||||
echo >>"$LOG_FILE"
|
||||
echo "##### `date` #####" >>"$LOG_FILE"
|
||||
echo "$1" >>"$LOG_FILE"
|
||||
}
|
||||
|
||||
|
||||
function error_msg()
|
||||
# parameters: ExitCode ErrorMessage
|
||||
{
|
||||
local all=$@
|
||||
test $# -ne 2 && error_msg 1 "*** invalid call of error_msg *** $all"
|
||||
echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2
|
||||
# print the execution stack - not usable with busybox
|
||||
# caller | sed 's/^/\t/' >&2
|
||||
exit "$1"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: device
|
||||
function is_device_allowed() {
|
||||
# check for invalid characters and exit if one is found
|
||||
local device=$(echo "$1" | sed 's#[^a-zA-Z0-9_\-\./]##g')
|
||||
test "$1" = "$device" || return 1
|
||||
# remove leading "/dev/"
|
||||
device=$(echo "$device" | sed 's#^/dev/##')
|
||||
# return for empty name
|
||||
test -z "$device" && return 1
|
||||
for a in $ALL_PARTITIONS
|
||||
do echo "$device" | grep -q "^$a.*" && return 0
|
||||
done
|
||||
# no matching device found - exit with error
|
||||
return 1
|
||||
}
|
||||
|
||||
function config_set_value()
|
||||
# parameters: SettingName [SettingValue]
|
||||
# read from stdin if SettingValue is not defined
|
||||
{
|
||||
if test $# -gt 1
|
||||
then echo "$2" > "$CONFIG_DIR/$1"
|
||||
else cat - >"$CONFIG_DIR/$1"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function config_get_value()
|
||||
# parameters: SettingName
|
||||
{
|
||||
# use mounted config, if it exists - otherwise use defaults
|
||||
local conf_dir
|
||||
test -z "$1" && error_msg 1 "empty setting name"
|
||||
# check for existence - maybe use default values (even for old
|
||||
# releases that did not contain this setting)
|
||||
if test -e "$CONFIG_DIR/$1"
|
||||
then cat "$CONFIG_DIR/$1"
|
||||
elif test -e "$CONFIG_DEFAULTS_DIR/$1"
|
||||
then cat "$CONFIG_DEFAULTS_DIR/$1"
|
||||
else case "$1" in
|
||||
# you may place default values for older versions here
|
||||
# for compatibility
|
||||
* )
|
||||
error_msg 2 "unknown configuration value ($1)"
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
function list_partitions_of_type()
|
||||
# parameter: { config | crypto | plaindata | unused }
|
||||
{
|
||||
local config=
|
||||
local crypto=
|
||||
local plaindata=
|
||||
local unused=
|
||||
for a in $ALL_PARTITIONS
|
||||
do if "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
|
||||
then crypto="$crypto /dev/$a"
|
||||
elif "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
|
||||
then config="$config /dev/$a"
|
||||
elif "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
|
||||
then plaindata="$plaindata /dev/$a"
|
||||
else unused="$unused /dev/$a"
|
||||
fi
|
||||
done
|
||||
case "$1" in
|
||||
config )
|
||||
echo "$config"
|
||||
;;
|
||||
crypto )
|
||||
echo "$crypto"
|
||||
;;
|
||||
plaindata )
|
||||
echo "$plaindata"
|
||||
;;
|
||||
unused )
|
||||
echo "$unused"
|
||||
;;
|
||||
* )
|
||||
error_msg 11 "wrong parameter ($1) for list_partition_types in $(basename $0)"
|
||||
;;
|
||||
esac | tr " " "\n" | grep -v '^$'
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function get_device_mnt_name() {
|
||||
"$ROOT_PERM_SCRIPT" get_device_mnt_name "$1"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function get_device_uuid() {
|
||||
"$ROOT_PERM_SCRIPT" get_device_uuid "$1"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
# return the readable name of the crypto container, if it is already defined
|
||||
# if undefined - return the uuid
|
||||
function get_device_name() {
|
||||
local uuid=$(get_device_uuid "$1")
|
||||
local dbname=$(config_get_value "names.db" | grep "^$uuid:" | cut -d ":" -f 2-)
|
||||
# return dbname if it exists
|
||||
test -n "$dbname" && echo "$dbname" && return 0
|
||||
# find a nice name for the new partition
|
||||
local counter=1
|
||||
local test_name
|
||||
local test_uuid
|
||||
local test_result
|
||||
# try to find a name with the defined "prefix" followed by a number ...
|
||||
while true
|
||||
do test_name="$DEVICE_NAME_PREFIX$counter"
|
||||
if config_get_value "names.db" | grep -q ":$test_name$"
|
||||
then counter=$((counter+1))
|
||||
else # save it for next time
|
||||
set_device_name "$1" "$test_name"
|
||||
echo "$test_name"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
function set_device_name()
|
||||
# TODO: the implementation is quite ugly, but it works (tm)
|
||||
# Parameter: DEVICE NAME
|
||||
{
|
||||
local uuid=$(get_device_uuid "$1")
|
||||
# remove the old setting for this device and every possible entry with the same name
|
||||
local new_config=$(config_get_value 'names.db' | sed "/^$uuid:/d; /^[^:]*:$2$/d"; echo "$uuid:$2")
|
||||
echo "$new_config" | config_set_value "names.db"
|
||||
}
|
||||
|
||||
|
||||
function does_crypto_name_exist()
|
||||
# Parameter: NAME
|
||||
{
|
||||
config_get_value 'names.db' | grep -q "^[^:]*:$1$"
|
||||
}
|
||||
|
||||
|
||||
function create_crypto()
|
||||
# Parameter: DEVICE NAME KEYFILE
|
||||
# keyfile is necessary, to allow background execution via 'at'
|
||||
{
|
||||
local device=$1
|
||||
local name=$2
|
||||
local keyfile=$3
|
||||
# otherwise the web interface will hang
|
||||
# passphrase may be passed via command line
|
||||
local key=$(<"$keyfile")
|
||||
# remove the passphrase-file as soon as possible
|
||||
dd if=/dev/zero of="$keyfile" bs=512 count=1 2>/dev/null
|
||||
rm "$keyfile"
|
||||
|
||||
log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device"
|
||||
echo "$key" | "$ROOT_PERM_SCRIPT" create_crypto "$device"
|
||||
|
||||
set_crypto_name "$device" "$name"
|
||||
}
|
||||
|
||||
|
||||
function is_config_active() {
|
||||
test -f "$CONFIG_DIR/$CONFIG_MARKER"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function is_mounted() {
|
||||
local name=$(get_device_mnt_name "$1")
|
||||
test -n "$name" && mountpoint -q "$MNT_PARENT/$name"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function is_plain() {
|
||||
"$ROOT_PERM_SCRIPT" is_plain_partition "$1"
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function is_encrypted() {
|
||||
"$ROOT_PERM_SCRIPT" is_crypto_partition "$1"
|
||||
}
|
||||
|
||||
|
||||
# list which allowed disks are at the moment connected with the cbox
|
||||
function get_available_disks() {
|
||||
for scan in $SCAN_DEVICES
|
||||
do for avail in $ALL_PARTITIONS
|
||||
do echo "$avail" | grep -q "^$scan[^/]*" && echo "/dev/$avail"
|
||||
done
|
||||
done
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# Parameter: DEVICE
|
||||
function mount_crypto() {
|
||||
local device=$1
|
||||
test -z "$device" && error_msg 4 'No valid harddisk found!'
|
||||
is_mounted "$device" && echo "The crypto filesystem is already active!" && return
|
||||
# passphrase is read from stdin
|
||||
log_msg "Mounting a crypto partition from $device"
|
||||
"$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
|
||||
}
|
||||
|
||||
|
||||
function umount_partition() {
|
||||
# Parameter: device
|
||||
local container=$(get_device_name "$1")
|
||||
"$ROOT_PERM_SCRIPT" umount "$1"
|
||||
}
|
||||
|
||||
|
||||
function box_purge()
|
||||
# removing just the first bytes from the harddisk should be enough
|
||||
# every harddisk will be overriden!
|
||||
# this feature is only useful for validation
|
||||
{
|
||||
# TODO: not ALL harddisks, please!
|
||||
get_available_disks | while read a
|
||||
do log_msg "Purging $a ..."
|
||||
"$ROOT_PERM_SCRIPT" trash_device "$a"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
function turn_off_all_containers() {
|
||||
# TODO - needs to be implemented
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
### main ###
|
||||
|
||||
# set PATH because thttpd removes /sbin and /usr/sbin for cgis
|
||||
export PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
|
||||
ACTION=help
|
||||
test $# -gt 0 && ACTION=$1 && shift
|
||||
|
||||
case "$ACTION" in
|
||||
crypto-up )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'crypto-up'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
mount_crypto "$1"
|
||||
;;
|
||||
crypto-down )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'crypto-down'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
umount_partition "$1"
|
||||
;;
|
||||
init )
|
||||
init_cryptobox </dev/null >>"$LOG_FILE" 2>&1
|
||||
;;
|
||||
list_container )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'list_container'"
|
||||
case "$1" in
|
||||
config | unused | plaindata | crypto )
|
||||
list_partitions_of_type "$1"
|
||||
;;
|
||||
* )
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
return 0
|
||||
;;
|
||||
get_device_name )
|
||||
# Parameter: DEVICE
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'get_device_name'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
get_device_name "$1"
|
||||
;;
|
||||
set_device_name )
|
||||
# Parameter: DEVICE NAME
|
||||
test $# -ne 2 && error_msg 10 "invalid number of parameters for 'set_device_name'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
set_device_name "$1" "$2"
|
||||
;;
|
||||
device_init )
|
||||
# Parameter: DEVICE [KEYFILE]
|
||||
test $# -lt 1 && error_msg 10 "invalid number of parameters for 'device_init' ($@)"
|
||||
test $# -gt 2 && error_msg 10 "invalid number of parameters for 'device_init' ($@)"
|
||||
if test $# -eq 2
|
||||
then test -z "$2" -o ! -e "$2" && error_msg 11 "invalid keyfile ($2) given for 'device_init'"
|
||||
fi
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
if test $# -eq 2
|
||||
then "$ROOT_PERM_SCRIPT" create_crypto "$1" "$2"
|
||||
else "$ROOT_PERM_SCRIPT" create_plain "$1"
|
||||
fi
|
||||
true
|
||||
;;
|
||||
is_mounted )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_mounted'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
is_mounted "$1"
|
||||
;;
|
||||
is_encrypted )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_encrypted'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
is_encrypted "$1"
|
||||
;;
|
||||
is_plain )
|
||||
test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_plain'"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
is_plain "$1"
|
||||
;;
|
||||
check_config)
|
||||
is_config_active
|
||||
;;
|
||||
get_available_disks )
|
||||
get_available_disks
|
||||
;;
|
||||
set_config )
|
||||
test $# -ne 2 && error_msg 7 "'set_config' requires two parameters"
|
||||
config_set_value "$1" "$2"
|
||||
;;
|
||||
get_config )
|
||||
test $# -ne 1 && error_msg 6 "'get_config' requires exactly one parameter"
|
||||
config_get_value "$1"
|
||||
;;
|
||||
get_capacity_info )
|
||||
test $# -ne 1 && error_msg 6 "'get_capacity_info' requires exactly one parameter"
|
||||
is_device_allowed "$1" || error_msg 12 "invalid device: $1"
|
||||
is_mounted "$1" || error_msg 13 "the device is not mounted: $1"
|
||||
name=$(get_device_mnt_name "$1")
|
||||
df -h "$MNT_PARENT/$name" | tail -1
|
||||
;;
|
||||
diskinfo )
|
||||
get_available_disks | while read a
|
||||
do "$ROOT_PERM_SCRIPT" diskinfo "$a"
|
||||
done 2>/dev/null
|
||||
;;
|
||||
box-purge )
|
||||
log_msg "Cleaning the CryptoBox ..."
|
||||
turn_off_all_containers
|
||||
"$0" config-down
|
||||
box_purge >>"$LOG_FILE" 2>&1
|
||||
;;
|
||||
poweroff )
|
||||
log_msg "Shutting down the Cryptobox ..."
|
||||
turn_off_all_containers
|
||||
"$ROOT_PERM_SCRIPT" poweroff
|
||||
;;
|
||||
reboot )
|
||||
log_msg "Rebooting the Cryptobox ..."
|
||||
turn_off_all_containers
|
||||
"$ROOT_PERM_SCRIPT" reboot
|
||||
;;
|
||||
umount_all )
|
||||
log_msg "Unmounting all volumes ..."
|
||||
turn_off_all_containers
|
||||
;;
|
||||
* )
|
||||
echo "[$(basename $0)] - unknown action: $ACTION" >&2
|
||||
echo "Syntax: $(basename $0) ACTION [PARAMS]"
|
||||
echo " crypto-up - mount crypto partition"
|
||||
echo " crypto-down - unmount crypto partition"
|
||||
echo " crypto-create - a wrapper for 'crypto-create-bg'"
|
||||
echo " crypto-create-bg - create encrypted blockdevice and run mkfs"
|
||||
echo " is_mounted - check, if crypto partition is mounted"
|
||||
echo " check_config - check, if the configuration is usable"
|
||||
echo " get_available_disks - shows all accessible disks"
|
||||
echo " get_current_ip - get the current IP of the network interface"
|
||||
echo " set_config NAME VALUE - change a configuration setting"
|
||||
echo " get_config NAME - retrieve a configuration setting"
|
||||
echo " get_device_name DEVICE - retrieve the human readable name of a partition"
|
||||
echo " set_device_name DEVICE - set the human readable name of a partition"
|
||||
echo " device_init DEVICE KEYFILE - initialize the filesystem of a partition (the keyfile just contains the passphrase)"
|
||||
echo " get_capacity_info - print the output of 'df' for the (mounted) partition"
|
||||
echo " diskinfo - show the partition table of the harddisk"
|
||||
echo " box-purge - destroy the partition tables of all harddisks (delete everything)"
|
||||
echo " poweroff - turn off the computer"
|
||||
echo " reboot - reboot the computer"
|
||||
echo
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
341
pythonrewrite/bin/cbox-root-actions.sh
Executable file
341
pythonrewrite/bin/cbox-root-actions.sh
Executable file
|
@ -0,0 +1,341 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||
#
|
||||
# License: This script is distributed under the terms of version 2
|
||||
# of the GNU GPL. See the LICENSE file included with the package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# this script is responsible for all dangerous actions, that require root privileges
|
||||
# every action should be checked at least TWICE a day for open holes :)
|
||||
# usually will get call via sudo
|
||||
#
|
||||
# called by:
|
||||
# - cbox-manage.sh
|
||||
#
|
||||
|
||||
set -eu
|
||||
|
||||
LIB_DIR=$(dirname "$0")
|
||||
LIB_DIR=$(cd "$LIB_DIR"; pwd)
|
||||
|
||||
test "$(id -u)" -ne 0 && echo "$(basename $0) - only root may call this script" >&2 && exit 100
|
||||
|
||||
# read the default setting file, if it exists
|
||||
test -e /etc/default/cryptobox && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. "$CONF_FILE"
|
||||
# parse distribution specific file
|
||||
. "$DISTRIBUTION_CONF"
|
||||
|
||||
CB_SCRIPT="$LIB_DIR/cbox-manage.sh"
|
||||
CONFIG_MARKER=cryptobox.marker
|
||||
|
||||
|
||||
############ some useful functions ###############
|
||||
|
||||
# check if the given device is part of the SCAN_DEVICE list
|
||||
# every entry in SCAN_DEVICES is matched as "^/dev/${SCAN_DEVICE}[^/]*$" against
|
||||
# the given device
|
||||
# other devices may not be touched
|
||||
function is_device_allowed()
|
||||
# parameter: device
|
||||
{
|
||||
for a in $SCAN_DEVICES
|
||||
do echo "$1" | grep -q "^/dev/${a}[^/]*$" && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
# return the uuid of the partition (if possible)
|
||||
# this works at least for luks, ext2/3 and vfat partitions
|
||||
function get_device_uuid() {
|
||||
local UUID
|
||||
# check for luksUUID or ext2/3-uuid
|
||||
if is_luks_device "$1"
|
||||
then UUID=$("$CRYPTSETUP" luksUUID "$1")
|
||||
else test -x "$BLKID" && UUID=$("$BLKID" -s UUID -o value -c /dev/null -w /dev/null "$1" 2>/dev/null)
|
||||
fi
|
||||
if test -z "$UUID"
|
||||
then get_device_flat_name "$1"
|
||||
else echo "$UUID"
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# the device name is "flattened"
|
||||
function get_device_flat_name() {
|
||||
echo "$1" | sed 's#/#_#g'
|
||||
}
|
||||
|
||||
|
||||
# the basename of the mountpoint for this device - should be somehow human_readable
|
||||
function get_device_mnt_name() {
|
||||
"$CB_SCRIPT" get_device_name "$1"
|
||||
}
|
||||
|
||||
|
||||
# every devmapper name should look like a UUID
|
||||
function is_uuid_valid() {
|
||||
local hex=[0-9a-f]
|
||||
echo "$1" | grep -q "^$hex\{8\}-$hex\{4\}-$hex\{4\}-$hex\{4\}-$hex\{12\}$"
|
||||
}
|
||||
|
||||
|
||||
# parameter ExitCode ErrorMessage
|
||||
function error_msg() {
|
||||
echo "CBOX-ERROR: [$(basename $0) - $ACTION] - $2" >&2
|
||||
exit $1
|
||||
}
|
||||
|
||||
|
||||
# parameter: device sfdisk_layout_setup
|
||||
# e.g.: /dev/hda "0,1,L \n,,L\n"
|
||||
function partition_device() {
|
||||
# TODO: allow different layouts
|
||||
# TODO: skip config partition if a configuration is already active
|
||||
# sfdisk -n doesn't actually write (for testing purpose)
|
||||
if echo -e "$2" | "$SFDISK" -n "$1"
|
||||
then echo -e "$2" | "$SFDISK" "$1" || return 1
|
||||
else return 2
|
||||
fi
|
||||
true
|
||||
}
|
||||
|
||||
|
||||
function is_luks_device()
|
||||
# parameter: device
|
||||
{
|
||||
"$CRYPTSETUP" isLuks "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
|
||||
################ main ####################
|
||||
|
||||
ACTION=unknown
|
||||
test $# -gt 0 && ACTION=$1 && shift
|
||||
|
||||
|
||||
case "$ACTION" in
|
||||
partition_disk )
|
||||
test $# -ne 2 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
partition_device "$1" "$2" || \
|
||||
error_msg 2 "failed to create new partition table on device $1"
|
||||
;;
|
||||
mount )
|
||||
# parameters: device
|
||||
# returns the relative name of the mointpoint for success
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
mnt_name=$(get_device_mnt_name "$1")
|
||||
mountpoint -q "$MNT_PARENT/$mnt_name" && \
|
||||
error_msg 5 "a device with the same name ($mnt_name) is already mounted"
|
||||
mkdir -p "$MNT_PARENT/$mnt_name"
|
||||
if is_luks_device "$1"
|
||||
then "$CRYPTSETUP" luksOpen "$1" "$mnt_name" || \
|
||||
error_msg 6 "could not open encrypted device $1"
|
||||
if mount "$DEV_MAPPER_DIR/$mnt_name" "$MNT_PARENT/$mnt_name"
|
||||
then true
|
||||
else "$CRYPTSETUP" luksClose "$mnt_name" || true
|
||||
error_msg 7 "wrong password for $1 supplied"
|
||||
fi
|
||||
else mount "$1" "$MNT_PARENT/$mnt_name" || \
|
||||
error_msg 8 "invalid filesystem on device $1"
|
||||
fi
|
||||
# just in case, that there is no ext2/3 filesystem:
|
||||
# set uid option (will fail silently for ext2/3)
|
||||
# TODO: there is no FILE_USER setting anymore - do we still need it?
|
||||
#mount -o remount,uid="$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true
|
||||
# adapt top-level permission to current setup - again: may fail silently
|
||||
#chown "$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true
|
||||
true
|
||||
;;
|
||||
umount )
|
||||
#parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
mnt_name=$(get_device_mnt_name "$1")
|
||||
mountpoint -q "$MNT_PARENT/$mnt_name" || \
|
||||
error_msg 9 "the device ($1) is not mounted as '$mnt_name'"
|
||||
# try to unmount - do it in lazy mode
|
||||
umount -l "$MNT_PARENT/$mnt_name"
|
||||
# TODO: check, what happens, if there are open files - does the device gets mapping removed?
|
||||
# remove (if necessary) the device mapping
|
||||
if test -e "$DEV_MAPPER_DIR/$mnt_name"
|
||||
then "$CRYPTSETUP" luksClose "$mnt_name" || \
|
||||
error_msg 11 "could not remove the device mapper ($mnt_name) for device $1"
|
||||
fi
|
||||
# try to remove the mountpoint - a failure is not important
|
||||
rmdir "$MNT_PARENT/$mnt_name" || true
|
||||
# set exitcode
|
||||
mountpoint -q "$MNT_PARENT/$mnt_name" && exit 1
|
||||
true
|
||||
;;
|
||||
create_crypto )
|
||||
# parameter: device keyfile
|
||||
test $# -ne 2 && error_msg 1 "wrong number of parameters"
|
||||
keyfile=$2
|
||||
test -e "$keyfile" || error_msg 2 "keyfile ($keyfile) not found"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
# read the passphrase from stdin
|
||||
# the iter-time is in milliseconds - keep it low for fast mounting
|
||||
cat "$keyfile" | \
|
||||
"$CRYPTSETUP" --cipher "$DEFAULT_CIPHER" --iter-time 2000 --batch-mode luksFormat "$1" || \
|
||||
error_msg 11 "failed to create the encrypted partition"
|
||||
name=$(get_device_mnt_name "$1")
|
||||
cat "$keyfile" | "$CRYPTSETUP" --batch-mode luksOpen "$1" "$name" || \
|
||||
error_msg 12 "failed to open the encrypted partition"
|
||||
# trash the passphrase in keyfile
|
||||
echo "0123456789abcdefghijklmnopqrstuvwxyz" > "$keyfile"
|
||||
# the disk cache surely prevents the previous line from being written, but we do it anyway ...
|
||||
echo "zyxwvutsrqponmlkjihgfedcba9876543210" > "$keyfile"
|
||||
rm "$keyfile"
|
||||
# complete in background
|
||||
(
|
||||
"$MKFS_DATA" "$DEV_MAPPER_DIR/$name" || \
|
||||
error_msg 13 "failed to create the encrypted filesystem"
|
||||
"$CRYPTSETUP" --batch-mode luksClose "$name" || \
|
||||
error_msg 14 "failed to close the encrypted mapped device"
|
||||
) </dev/null >/dev/null 2>/dev/null &
|
||||
true
|
||||
;;
|
||||
create_plain )
|
||||
# parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters for 'create_plain'"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
# complete in background
|
||||
(
|
||||
"$MKFS_DATA" "$1" || \
|
||||
error_msg 15 "failed to create the plaintext filesystem"
|
||||
) </dev/null >/dev/null 2>/dev/null &
|
||||
true
|
||||
;;
|
||||
get_device_mnt_name )
|
||||
# parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
get_device_mnt_name "$1"
|
||||
;;
|
||||
get_device_uuid )
|
||||
# parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
get_device_uuid "$1"
|
||||
;;
|
||||
is_config_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a configuration
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
is_config=0
|
||||
tmp_dir=/tmp/$(basename $0)-$$-mnt
|
||||
mkdir -p "$tmp_dir"
|
||||
# error means "no config partition"
|
||||
if mount "$1" "$CONFIG_DIR"
|
||||
then test -e "$CONFIG_DIR/$CONFIG_MARKER" && is_config=1
|
||||
umount "$CONFIG_DIR" || \
|
||||
error_msg 14 "unable to unmount configation partition after probing"
|
||||
fi
|
||||
rmdir "$tmp_dir" || true
|
||||
# return 0 if $device is a config partition
|
||||
test "$is_config" -eq 1 && exit 0
|
||||
exit 1
|
||||
;;
|
||||
is_crypto_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a luks header
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
is_luks_device "$1"
|
||||
;;
|
||||
is_plain_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a readable filesystem
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
status=0
|
||||
tmp_dir=/tmp/$(basename $0)-$$-mnt
|
||||
mkdir -p "$tmp_dir"
|
||||
if mount "$1" "$tmp_dir" >/dev/null 2>/dev/null
|
||||
then test ! -e "$tmp_dir/$CONFIG_MARKER" && status=1
|
||||
umount "$tmp_dir"
|
||||
fi
|
||||
rmdir "$tmp_dir" || true
|
||||
test "$status" -eq 1 && exit 0
|
||||
exit 1
|
||||
;;
|
||||
trash_device )
|
||||
# parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
dd if=/dev/urandom of="$1" bs=512 count=1 2>/dev/null
|
||||
;;
|
||||
diskinfo )
|
||||
# parameter: device
|
||||
test $# -ne 1 && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
"$SFDISK" -L -q -l "$1"
|
||||
;;
|
||||
update_network )
|
||||
# parameter: none
|
||||
ip=
|
||||
# TODO: can we avoid to hard-code the filename ($CONFIG_DIR/ip) here?
|
||||
test -e "$CONFIG_DIR/ip" && ip=$(<"$CONFIG_DIR/ip")
|
||||
test -n "$z" && ifconfig "$NET_IFACE" "$ip"
|
||||
;;
|
||||
poweroff )
|
||||
# TODO: check configuration setting before
|
||||
"$POWEROFF"
|
||||
;;
|
||||
reboot )
|
||||
# TODO: check configuration setting before
|
||||
"$REBOOT"
|
||||
;;
|
||||
* )
|
||||
echo "[$(basename $0)] - unknown action: $ACTION" >&2
|
||||
echo "Syntax: $(basename $0) ACTION PARAMETERS"
|
||||
echo ' partition_disk $device $disk_layout'
|
||||
echo ' get_device_name $device'
|
||||
echo ' get_device_uuid $device'
|
||||
echo ' create_crypto $device'
|
||||
echo ' mount $device'
|
||||
echo ' umount $name'
|
||||
echo ' create_config $device'
|
||||
echo ' mount_config $device'
|
||||
echo ' remount_config { ro | rw }'
|
||||
echo ' umount_config'
|
||||
echo ' is_config_partition $device'
|
||||
echo ' is_plain_partition $device'
|
||||
echo ' is_crypto_partition $device'
|
||||
echo ' trash_device $device'
|
||||
echo ' diskinfo $device'
|
||||
echo ' update_network'
|
||||
echo ' poweroff'
|
||||
echo ' reboot'
|
||||
echo ' help'
|
||||
echo
|
||||
test "$ACTION" = "help" && exit 0
|
||||
# return error for any unknown/unspecified action
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
946
pythonrewrite/bin/cryptobox.pl
Executable file
946
pythonrewrite/bin/cryptobox.pl
Executable file
|
@ -0,0 +1,946 @@
|
|||
#!/usr/bin/perl
|
||||
#
|
||||
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||
#
|
||||
# License: This script is distributed under the terms of version 2
|
||||
# of the GNU GPL. See the LICENSE file included with the package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# the web interface of the CryptoBox
|
||||
#
|
||||
|
||||
|
||||
###############################################
|
||||
|
||||
use strict;
|
||||
use CGI;
|
||||
use ClearSilver;
|
||||
use ConfigFile;
|
||||
use English;
|
||||
use CGI::Carp;
|
||||
use IO::File;
|
||||
use POSIX;
|
||||
|
||||
use constant CRYPTOBOX_VERSION => 0.3;
|
||||
|
||||
# debug levels
|
||||
use constant DEBUG_NONE => 0;
|
||||
use constant DEBUG_ERROR => 1;
|
||||
use constant DEBUG_WARN => 2;
|
||||
use constant DEBUG_INFO => 3;
|
||||
|
||||
# drop privileges
|
||||
$UID = $EUID;
|
||||
$GID = $EGID;
|
||||
|
||||
# necessary for suid perl scripts (see 'man perlsec' for details)
|
||||
$ENV{'PATH'} = '/bin:/usr/bin';
|
||||
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
|
||||
|
||||
my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
|
||||
|
||||
my $pagedata;
|
||||
|
||||
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
|
||||
my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL, $DEBUG_LEVEL);
|
||||
|
||||
# get the directory of the cryptobox scripts/binaries and untaint it
|
||||
$CB_SCRIPT = $0;
|
||||
$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/;
|
||||
$CB_SCRIPT = ($1)? "$1/cbox-manage.sh" : './cbox-manage.sh';
|
||||
|
||||
&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
|
||||
my $config = ConfigFile::read_config_file($CONFIG_FILE);
|
||||
|
||||
$LOG_FILE = $config->{LOG_FILE};
|
||||
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
||||
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
|
||||
$HTML_TEMPLATE_DIR = $config->{HTML_TEMPLATE_DIR};
|
||||
$DOC_DIR = $config->{DOC_DIR};
|
||||
$IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT});
|
||||
$STYLESHEET_URL = $config->{STYLESHEET_URL};
|
||||
if (defined($config->{DEBUG_LEVEL})) {
|
||||
$DEBUG_LEVEL = $config->{DEBUG_LEVEL};
|
||||
} else {
|
||||
$DEBUG_LEVEL = DEBUG_ERROR; # default debug level
|
||||
}
|
||||
|
||||
my $query = new CGI;
|
||||
|
||||
#################### subs ######################
|
||||
|
||||
# for fatal errors without the chance of clearsilver-rendering
|
||||
sub fatal_error() {
|
||||
my $message = shift;
|
||||
|
||||
print "Content-Type: text/html\n\n";
|
||||
print "<html><head><title>CryptoBox</title></head>\n";
|
||||
print "<body>\n";
|
||||
print '<h1 align="center">' . $message . "</h1>\n";
|
||||
print "</body></html>\n";
|
||||
die "[CryptoBox]: $message";
|
||||
}
|
||||
|
||||
|
||||
sub debug_msg() {
|
||||
my ($level, $message) = @_;
|
||||
return 0 unless ($level >= $DEBUG_LEVEL);
|
||||
warn "[cryptobox]: $message";
|
||||
}
|
||||
|
||||
|
||||
sub load_hdf {
|
||||
my $hdf = ClearSilver::HDF->new();
|
||||
|
||||
my $fname = "$HTML_TEMPLATE_DIR/main.cs";
|
||||
&fatal_error ("Template directory is invalid ($fname not found)!") unless (-e "$fname");
|
||||
$hdf->setValue("Settings.TemplateDir","$HTML_TEMPLATE_DIR");
|
||||
|
||||
&fatal_error ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR");
|
||||
$hdf->setValue("Settings.DocDir","$DOC_DIR");
|
||||
|
||||
# if it was requested as directory index (link from index.html), we should
|
||||
# set a real script name - otherwise links with a query string will break
|
||||
# ignore POST part of the SCRIPT_NAME (after "&")
|
||||
(my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/;
|
||||
$hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url );
|
||||
|
||||
# set stylesheet url
|
||||
$hdf->setValue("Settings.Stylesheet",$STYLESHEET_URL);
|
||||
|
||||
&load_selected_language($hdf);
|
||||
|
||||
&get_available_languages($hdf);
|
||||
|
||||
return $hdf;
|
||||
}
|
||||
|
||||
|
||||
sub load_selected_language {
|
||||
my $data = shift;
|
||||
my $config_language;
|
||||
|
||||
# load $DEFAULT_LANGUAGE - this is necessary, if a translation is incomplete
|
||||
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
|
||||
|
||||
# load configured language, if it is valid
|
||||
$config_language = &get_cbox_config("language");
|
||||
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
|
||||
|
||||
# check for preferred browser language, if the box was not initialized yet
|
||||
if ( ! &check_config())
|
||||
{
|
||||
my $prefLang = &get_browser_language();
|
||||
# take it, if a supported browser language was found
|
||||
$config_language = $prefLang unless ($prefLang eq '');
|
||||
}
|
||||
|
||||
######### temporary language setting? ############
|
||||
# the default language can be overriden by the language links in the
|
||||
# upper right of the page
|
||||
if ($query->param('weblang')) {
|
||||
my $weblang = $query->param('weblang');
|
||||
if (&validate_language($weblang)) {
|
||||
# load the data
|
||||
$config_language = "$weblang";
|
||||
# add the setting to every link
|
||||
# how it should be done now ...
|
||||
$data->setValue('Settings.LinkAttrs.weblang', "$weblang");
|
||||
# old way of doing this ... (TODO: to be removed)
|
||||
$data->setValue('Data.PostData.weblang', "$weblang");
|
||||
} else {
|
||||
# no valid language was selected - so you may ignore it
|
||||
$data->setValue('Data.Warning', 'InvalidLanguage');
|
||||
}
|
||||
}
|
||||
# import the configured resp. the temporarily selected language
|
||||
$data->readFile("$LANGUAGE_DIR/$config_language" . ".hdf");
|
||||
|
||||
########## select documentation language ##########
|
||||
if (&validate_doc_language($config_language)) {
|
||||
# selected web interface language
|
||||
$data->setValue('Settings.DocLang', "$config_language");
|
||||
} elsif (&validate_doc_language($DEFAULT_LANGUAGE)) {
|
||||
# configured CryptoBox language
|
||||
$data->setValue('Settings.DocLang', "$DEFAULT_LANGUAGE");
|
||||
} else {
|
||||
# default hardcoded language (english)
|
||||
$data->setValue('Settings.DocLang', "en");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# import the names of all available languages
|
||||
sub get_available_languages {
|
||||
my $data = shift;
|
||||
my ($file, @files, $hdf, $lang_name);
|
||||
|
||||
opendir(DIR, $LANGUAGE_DIR) or &fatal_error ("Language directory ($LANGUAGE_DIR) not accessible!");
|
||||
@files = sort grep { /.*\.hdf$/ } readdir(DIR);
|
||||
close(DIR);
|
||||
|
||||
foreach $file (@files) {
|
||||
$hdf = ClearSilver::HDF->new();
|
||||
$hdf->readFile("$LANGUAGE_DIR/$file");
|
||||
substr($file, -4) = "";
|
||||
$lang_name = $hdf->getValue("Lang.Name", "$file");
|
||||
$data->setValue("Data.Languages." . "$file", "$lang_name");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# look for preferred browser language setting
|
||||
# this code was adapted from Per Cederberg - http://www.percederberg.net/home/perl/select.perl
|
||||
# it returns an empty string, if no supported language was found
|
||||
sub get_browser_language {
|
||||
my ($str, @langs, @res);
|
||||
|
||||
# Use language preference settings
|
||||
if ($ENV{'HTTP_ACCEPT_LANGUAGE'} ne '')
|
||||
{
|
||||
@langs = split(/,/, $ENV{'HTTP_ACCEPT_LANGUAGE'});
|
||||
foreach (@langs)
|
||||
{
|
||||
# get the first part of the language setting
|
||||
($str) = ($_ =~ m/([a-z]+)/);
|
||||
# check, if it supported by the cryptobox
|
||||
$res[$#res+1] = $str if validate_language($str);
|
||||
}
|
||||
}
|
||||
|
||||
# if everything fails - return empty string
|
||||
$res[0] = "" if ($#res lt 0);
|
||||
return $res[0];
|
||||
}
|
||||
|
||||
|
||||
sub log_msg {
|
||||
my $text = shift;
|
||||
open(LOGFILE,">> $LOG_FILE");
|
||||
print LOGFILE "$text";
|
||||
close(LOGFILE);
|
||||
}
|
||||
|
||||
|
||||
sub check_ssl {
|
||||
# check, if we are behind a proxy with ssl (e.g. pound)
|
||||
return (0==0) if ($ENV{'HTTP_FRONT_END_HTTPS'} =~ m/^on$/i);
|
||||
# environment variable set (e.g. via apache directive "SetEnv HTTPS On")
|
||||
return (0==0) if ($ENV{'HTTPS'} =~ m/^on$/i);
|
||||
# port 80 -> not encrypted
|
||||
return (0==1) if ($ENV{'SERVER_PORT'} == 80);
|
||||
# other ports -> maybe ok - we accept it
|
||||
return (0==0);
|
||||
}
|
||||
|
||||
|
||||
# check, if the given device is mounted/used somehow
|
||||
# Paramter: device
|
||||
sub check_mounted {
|
||||
my ($dev) = @_;
|
||||
return (system($CB_SCRIPT,"is_mounted",$dev) == 0);
|
||||
}
|
||||
|
||||
|
||||
sub check_config {
|
||||
return (system($CB_SCRIPT,"check_config") == 0);
|
||||
}
|
||||
|
||||
|
||||
sub exec_cb_script {
|
||||
my (@params) = @_;
|
||||
my ($pid, @result);
|
||||
&fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|"));
|
||||
if (!$pid) {
|
||||
# child
|
||||
exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!");
|
||||
exit 0;
|
||||
} else {
|
||||
# parent
|
||||
# only read lines containing at least one non-whitespace character
|
||||
@result = grep /\S/, <PROG_OUT>;
|
||||
foreach (@result) { chomp; }
|
||||
unless (close PROG_OUT) {
|
||||
&debug_msg(DEBUG_WARN, "error while running $CB_SCRIPT (params:" . join(" ",@params) . "): $?");
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
if (wantarray) {
|
||||
return @result;
|
||||
} elsif (@result > 0) {
|
||||
return join('',@result);
|
||||
} else {
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
sub check_init_running {
|
||||
# TODO: improve this
|
||||
return (0==1);
|
||||
}
|
||||
|
||||
|
||||
# Parameter: device
|
||||
sub check_device_plaintext {
|
||||
return (system("$CB_SCRIPT","is_plain",$1) == 0);
|
||||
}
|
||||
|
||||
|
||||
# Parameter: device
|
||||
sub check_device_encryption {
|
||||
return (system("$CB_SCRIPT","is_encrypted",$1) == 0);
|
||||
}
|
||||
|
||||
|
||||
sub is_harddisk_available {
|
||||
my @all_disks = &exec_cb_script("get_available_disks");
|
||||
return @all_disks > 0;
|
||||
}
|
||||
|
||||
|
||||
sub get_available_disks {
|
||||
my @all_disks = &exec_cb_script("get_available_disks");
|
||||
my ($disk, @return_disks);
|
||||
foreach $disk (@all_disks) {
|
||||
$disk =~ m#^([/\._\-\w]*)$#;
|
||||
push @return_disks, $1 if ($1);
|
||||
}
|
||||
return @return_disks;
|
||||
}
|
||||
|
||||
|
||||
sub get_disk_name {
|
||||
my ($dev) = @_;
|
||||
my $disk_name = &exec_cb_script("get_device_name", $dev);
|
||||
return $disk_name;
|
||||
}
|
||||
|
||||
|
||||
# return the value of a configuration setting (timeout, language, ip, ...)
|
||||
# Parameter: setting_name
|
||||
sub get_cbox_config {
|
||||
my ($setting) = @_;
|
||||
# tell the exec function, that we want a scalar instead of an array
|
||||
my $scalar = &exec_cb_script("get_config",$setting);
|
||||
return $scalar;
|
||||
}
|
||||
|
||||
|
||||
sub render {
|
||||
my $pagefile = "$HTML_TEMPLATE_DIR/main.cs";
|
||||
print "Content-Type: text/html\n\n";
|
||||
|
||||
my $cs = ClearSilver::CS->new($pagedata);
|
||||
$cs->parseFile($pagefile);
|
||||
|
||||
print $cs->render();
|
||||