* stunnel4 works now

* test if uml image is writeable
* diskname may not contain special chars helptext added
This commit is contained in:
age 2007-02-09 22:12:52 +00:00
parent 617b9d81af
commit 00ca9ef1a0
6 changed files with 29 additions and 20 deletions

View File

@ -28,6 +28,10 @@ if [ ! -e "$TEST_IMG" ]
dd if=/dev/zero of="$TEST_IMG" bs=1M count=$TEST_SIZE
fi
if [ ! -w "$ROOT_IMG" ]; then
echo "Make sure \"${ROOT_IMG}\" exists and is writeable"
exit 1;
fi
# "aio=2.4" is necessary, as otherwise sfdiks hangs at "nanosleep({3,0})"
linux ubd0="$ROOT_IMG" ubd1="$TEST_IMG" con=xterm hostfs=$PROJ_DIR fakehd eth0=daemon mem=$MEM_SIZE aio=2.4

View File

@ -183,8 +183,9 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
## retrieve currently requested port (not necessarily the port served
## by cherrypy - e.g. in a proxy setup)
request_port = cherrypy.config.get("server.socket_port", 80)
self.cbox.log.debug("[encrypted_webinterface] starting stunnel \
on port %s" % request_port)
self.cbox.log.debug("[encrypted_webinterface] starting " \
+ "%s on port %s for %s" % \
(self.root_action.STUNNEL_BIN, dest_port, request_port))
proc = subprocess.Popen(
shell = False,
stdout = subprocess.PIPE,

View File

@ -20,7 +20,7 @@ EnvironmentWarning {
MissingProgramStunnel {
Title = Missing program
Text = The program 'stunnel' is not installed. Please ask the administrator of the CryptoBox server to configure it properly.
Text = The program 'stunnel4' is not installed. Please ask the administrator of the CryptoBox server to configure it properly.
}
}

View File

@ -25,19 +25,19 @@ __revision__ = "$Id"
## necessary: otherwise CryptoBoxRootActions.py will refuse to execute this script
PLUGIN_TYPE = "cryptobox"
STUNNEL_BIN = "/usr/bin/stunnel"
STUNNEL_BIN = "/usr/bin/stunnel4"
import sys
import os
def _get_username(uid):
import pwd
try:
user_entry = pwd.getpwuid(uid)
except KeyError:
return False
return user_entry[0]
def _get_username():
if ("SUPERCMD" in os.environ) and ("ORIG_USER" in os.environ):
return os.environ["ORIG_USER"]
elif "USER" in os.environ:
return os.environ["USER"]
else:
return "cryptobox"
def run_stunnel(cert_file, src_port, dst_port, pid_file):
@ -51,7 +51,7 @@ def run_stunnel(cert_file, src_port, dst_port, pid_file):
if not os.path.isfile(cert_file):
sys.stderr.write("The certificate file (%s) does not exist!" % cert_file)
return False
username = _get_username(os.getuid())
username = _get_username()
if not username:
sys.stderr.write("Could not retrieve the username with uid=%d." % os.getuid())
return False
@ -60,13 +60,17 @@ def run_stunnel(cert_file, src_port, dst_port, pid_file):
proc = subprocess.Popen(
shell = False,
env = {},
stdin = subprocess.PIPE,
args = [ STUNNEL_BIN,
"-P", pid_file,
"-p", cert_file,
"-d", dst_port,
"-r", src_port,
"-s", username ])
proc.wait()
"-fd",
"0"])
proc.stdin.write("setuid = %s\n" % username)
proc.stdin.write("pid = %s\n" % pid_file)
proc.stdin.write("[cryptobox-server]\n")
proc.stdin.write("connect = %s\n" % src_port)
proc.stdin.write("accept = %s\n" % dst_port)
proc.stdin.write("cert = %s\n" % cert_file)
(output, error) = proc.communicate()
return proc.returncode == 0

View File

@ -30,7 +30,7 @@ Python code interface:
- access the plugin's state as self.prefs
- store user supplied values in the dictionary self.prefs with indices starting with "_" (e.g.: self.prefs["_automount_uuids"])
- system wide readonly plugin settings can be specified in the main cryptobox.conf -
these settings are available as self.defaults[...]
these settings are available as self.defaults["..."]
- method "get_status":
- returns a string, that describes a state connected to this plugin (e.g. the current date and
time (for the "date" plugin))

View File

@ -10,7 +10,7 @@ Button {
ContainerNameSet = Change name
}
Help.Rename = Define a name for the volume. This should help you to manage multiple volumes easily.
Help.Rename = Define a name for the volume. This should help you to manage multiple volumes easily. (Only alphanumeric characters are allowed and one of the following: ". _ -")
AdviceMessage {
NoRenameIfActive {