added "is_writeable" method to cryptobox.core.container

changed the log level of some messages
added early "not writeable" warnings to "volume_format_fs" and "partition" plugins
disable "encrypted_webinterface" by default (for cryptobox-server)

changelog

@@ -1,3 +1,12 @@
+Version 0.3.3 - 01/26/02007
+ * fixed bug in reinitializing of plugins (Closes: #111)
+ * fixed broken group membership changing of webserver (Closes: #114)
+ * fixed glitch that delayed the effect of changes made by the plugin_manager
+ * completed Slovenian translation
+ * improved German translation
+ * added: restore network settings during startup
+ * added: new plugin provides an encrypted (https) connection to the webinterface
+
 Version 0.3.2 - 01/08/02007
  * fixed bug causing ignorance towards group permissions (Closes: #114)
  * fixed bug in Plugin manager breaking web interface (Closes: #111)

conf-examples/cryptobox.conf

@@ -19,7 +19,8 @@ DefaultCipher = aes-cbc-essiv:sha256
 ConfigVolumeLabel = cbox_config
 
 # which plugins should be disabled? (comma seperated list)
-#DisabledPlugins = network, shutdown, partition
+#DisabledPlugins = encrypted_webinterface, network, shutdown, partition
+DisabledPlugins = encrypted_webinterface
 
 
 [Locations]

debian/changelog

@@ -1,8 +1,8 @@
-cryptobox (0.3.3-1) unstable; urgency=low
+cryptobox (0.3.2.1-1) unstable; urgency=low
 
   * new upstream release
 
- -- Lars Kruse <devel@sumpfralle.de>  Mon,  8 Jan 2007 06:15:20 +0100
+ -- Lars Kruse <devel@sumpfralle.de>  Fri, 26 Jan 2007 01:58:27 +0100
 
 cryptobox (0.3.1-1) unstable; urgency=low
 

plugins/partition/partition.py

@@ -65,6 +65,10 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
 		## no (or invalid) device was supplied
 		if not self.blockdevice:
 			return self.__action_select_device()
+		## exit if the blockdevice is not writeable
+		if not os.access(self.blockdevice, os.W_OK):
+			self.hdf["Data.Warning"] = "DeviceNotWriteable"
+			return self.__action_select_device()
 		## no confirm setting?
 		if not args.has_key("confirm") or (args["confirm"] != "1"):
 			self.hdf["Data.Warning"] = "Plugins.partition.FormatNotConfirmed"

plugins/volume_format_fs/volume_format_fs.py

@@ -39,12 +39,17 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin):
 
 
 	def do_action(self, store=None, fs_type="windows", container_type="luks", crypto_password=None, crypto_password2=None, confirm=None):
+		container = self.cbox.get_container(self.device)
+		## exit immediately if the device is not writeable
+		if not container.is_writeable():
+			self.hdf["Data.Warning"] = "DeviceNotWriteable"
+			return "empty"
 		if not fs_type in FSTYPES.keys():
-			self.cbox.log.info("invalid filesystem type choosen: %s" % str(fs_type))
+			self.cbox.log.info("Invalid filesystem type choosen: %s" % str(fs_type))
 			return "volume_format"
 		self.hdf[self.hdf_prefix + "fs_type"] = fs_type
 		if not container_type in ['plain', 'luks']:
-			self.cbox.log.info("invalid container type type choosen: %s" % \
+			self.cbox.log.info("Invalid container type type choosen: %s" % \
 					str(container_type))
 			return "volume_format"
 		self.hdf[self.hdf_prefix + "container_type"] = container_type
@@ -52,7 +57,7 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin):
 			self.hdf[self.hdf_prefix + "fs_types." + t] = t
 		if store == "step1":
 			if not confirm:
-				self.cbox.log.warn("missing confirmation for formatting of filesystem: %s" % self.device)
+				self.cbox.log.info("Missing confirmation for formatting of filesystem: %s" % self.device)
 				self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatNotConfirmed"
 				return "volume_format"
 			if container_type == "luks":
@@ -63,10 +68,10 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin):
 			if container_type == "luks":
 				return self.__format_luks(FSTYPES[fs_type], crypto_password, crypto_password2)
 			else:
-				self.cbox.log.info("invalid input value for 'container_type': %s" % container_type)
+				self.cbox.log.info("Invalid input value for 'container_type': %s" % container_type)
 				return "volume_format"
 		elif store:
-			self.cbox.log.info("invalid input value for 'store': %s" % store)
+			self.cbox.log.info("Invalid input value for 'store': %s" % store)
 			return "volume_format"
 		else:
 			return "volume_format"
@@ -82,27 +87,28 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin):
 			container.create(cbx_container.CONTAINERTYPES["plain"], fs_type=fs_type)
 		except CBVolumeIsActive:
 			self.hdf["Data.Warning"] = "VolumeMayNotBeMounted"
-			self.cbox.log.info("initialization is not possible as long as the device (%s) is mounted" % self.device)
+			self.cbox.log.info("Initialization is not possible as long as the device " \
+					+ "(%s) is mounted" % self.device)
 			return "volume_format"
-		except CBContainerError, errMsg:
+		except CBContainerError, err_msg:
 			self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatFailed"
-			self.cbox.log.warn("initialization of device '%s' failed" % self.device)
-			self.cbox.log.warn("reason: %s" % errMsg)
+			self.cbox.log.error("Initialization of the device (%s) failed: %s" % \
+					(self.device, err_msg))
 			return "volume_format"
 		else:
 			self.hdf["Data.Success"] = "Plugins.volume_format_fs.FormatSuccess"
-			self.cbox.log.info("successfully initialized device '%s'" % self.device)
+			self.cbox.log.info("Successfully initialized device '%s'" % self.device)
 			return { "plugin":"disks", "values":{} }
 
 
 	def __format_luks(self, fs_type, pw, pw2):
 		if not pw:
 			self.hdf["Data.Warning"] = "EmptyPassword"
-			self.cbox.log.warn("no crypto password was supplied for initialization of device '%s'" % self.device)
+			self.cbox.log.info("No crypto password was supplied for initialization of device '%s'" % self.device)
 			return "volume_format"
 		if pw != pw2:
 			self.hdf["Data.Warning"] = "DifferentPasswords"
-			self.cbox.log.warn("the crypto password was not repeated correctly for initialization of device '%s'" % self.device)
+			self.cbox.log.info("The crypto password was not repeated correctly for initialization of device '%s'" % self.device)
 			return "volume_format"
 		container = self.cbox.get_container(self.device)
 		try:
@@ -110,15 +116,16 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin):
 					fs_type=fs_type, password=pw)
 		except CBVolumeIsActive:
 			self.hdf["Data.Warning"] = "VolumeMayNotBeMounted"
-			self.cbox.log.info("initialization is not possible as long as the device (%s) is mounted" % self.device)
+			self.cbox.log.info("Initialization is not possible as long as the device " \
+					+ "(%s) is mounted" % self.device)
 			return "volume_format"
-		except CBContainerError, errMsg:
+		except CBContainerError, err_msg:
 			self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatFailed"
-			self.cbox.log.warn("initialization of device '%s' failed" % self.device)
-			self.cbox.log.warn("reason: %s" % errMsg)
+			self.cbox.log.error("Initialization of the device (%s) failed: %s" % \
+					(self.device, err_msg))
 			return "volume_format"
 		else:
 			self.hdf["Data.Success"] = "Plugins.volume_format_fs.FormatSuccess"
-			self.cbox.log.info("successfully initialized device '%s'" % self.device)
+			self.cbox.log.info("Successfully initialized device '%s'" % self.device)
 			return { "plugin":"disks", "values":{} }
 

src/cryptobox/__init__.py

@@ -10,5 +10,5 @@ __all__ = ['core', 'web', 'plugins', 'tests']
 __revision__ = "$Id$"
 
 
-__version__ = "0.3.2"
+__version__ = "0.3.2.1"
 

src/cryptobox/core/container.py

@@ -68,6 +68,8 @@ class CryptoBoxContainer:
 
 	def get_name(self):
 		"""Return a humanly readable name for the container.
+
+		Available since: 0.3.0
 		"""
 		return self.name
 
@@ -77,6 +79,7 @@ class CryptoBoxContainer:
 
 		At least there should be a uuid.
 		Other attributes may be added by features (e.g. automount).
+		Available since: 0.3.0
 		"""
 		try:
 			## is there already an entry in the database?
@@ -92,6 +95,7 @@ class CryptoBoxContainer:
 		"""Define a humanly readable name of this container.
 
 		this also manages the name database
+		Available since: 0.3.0
 		"""
 		old_name = self.get_name()
 		if new_name == self.name:
@@ -127,22 +131,38 @@ class CryptoBoxContainer:
 			self.cbox.log.warn("Failed to store volumes database after set_name")
 
 
+	def is_writeable(self):
+		"""Return if the container is writeable
+
+		this only affects actions like formatting or partitioning
+		write access for the mounted content is not considered
+		Available since: 0.3.3
+		"""
+		## symlinks are followed automatically
+		return os.access(self.get_device(), os.W_OK)
+
+
 	def get_device(self):
 		"""Return the device name of the container
 
 		e.g.: /dev/hdc1
+		Available since: 0.3.0
 		"""
 		return self.device
 
 
 	def get_type(self):
 		"""Return the type (int) of this container.
+
+		Available since: 0.3.0
 		"""
 		return self.cont_type
 
 
 	def is_mounted(self):
 		"""Check if the container is currently mounted.
+
+		Available since: 0.3.0
 		"""
 		return os.path.ismount(self.__get_mount_point())
 	
@@ -153,6 +173,7 @@ class CryptoBoxContainer:
 		the volume may not be mounted
 		the result is a tuple of values in megabyte:
 			(size, available, used)
+		Available since: 0.3.0
 		"""
 		info = os.statvfs(self.__get_mount_point())
 		return (
@@ -166,6 +187,7 @@ class CryptoBoxContainer:
 
 		the result is a value in megabyte
 		an error is indicated by "-1"
+		Available since: 0.3.0
 		"""
 		import cryptobox.core.tools as cbxtools
 		return cbxtools.get_blockdevice_size(self.device)
@@ -173,7 +195,10 @@ class CryptoBoxContainer:
 
 	def reset_object(self):
 		"""	recheck the information about this container
-			this is especially useful after changing the type via 'create'	"""
+
+		this is especially useful after changing the type via 'create'
+		Available since: 0.3.0
+		"""
 		self.uuid = self.__get_uuid()
 		self.cont_type = self.__get_type_of_partition()
 		self.name = self.__get_name_of_container()
@@ -190,6 +215,7 @@ class CryptoBoxContainer:
 		"""Format a container.
 
 		Also set a password for encrypted container.
+		Available since: 0.3.0
 		"""
 		if not fs_type in FSTYPES["plain"]:
 			raise CBInvalidType("invalid filesystem type supplied: %s" % str(fs_type))
@@ -215,6 +241,7 @@ class CryptoBoxContainer:
 		"""Change the password of an encrypted container.
 
 		Raises an exception for plaintext container.
+		Available since: 0.3.0
 		"""
 		if self.cont_type != CONTAINERTYPES["luks"]:
 			raise CBInvalidType("changing of password is possible only for luks containers")
@@ -279,6 +306,7 @@ class CryptoBoxContainer:
 
 		The busy flag is mainly used to indicate that the device may not be used
 		while it is being formatted or similar.
+		Available since: 0.3.1
 		"""
 		return self.cbox.get_device_busy_state(self.device)
 
@@ -288,6 +316,7 @@ class CryptoBoxContainer:
 
 		Either set or remove this flag.
 		The timeout is optional and defaults to five minutes.
+		Available since: 0.3.1
 		"""
 		self.cbox.set_device_busy_state(self.device, new_state, timeout)
 
@@ -639,6 +668,7 @@ class CryptoBoxContainer:
 					pass
 				self.set_busy(False)
 		bg_task = threading.Thread(target=format)
+		bg_task.setDaemon(True)
 		bg_task.start()
 		time.sleep(3)
 		## if the thread exited very fast, then it failed

src/cryptobox/web/sites.py

@@ -502,10 +502,10 @@ class WebInterfaceSites:
 		issue a warning if the device is invalid"""
 		if device and re.match(r'[\w /\-]+$', device) \
 				and self.cbox.get_container(device):
-			self.cbox.log.debug("select device: %s" % device)
+			self.cbox.log.debug("Select device: %s" % device)
 			return True
 		else:
-			self.cbox.log.warn("invalid device: %s" % device)
+			self.cbox.log.warn("Invalid device: %s" % device)
 			self.__dataset["Data.Warning"] = "InvalidDevice"
 			return False
 	

templates/language.hdf

@@ -89,5 +89,10 @@ WarningMessage {
 		Link.Attr1.name	= level
 		Link.Attr1.value	= ERROR
 	}
+
+	DeviceNotWriteable {
+		Title	= No write permissions
+		Text	= Sorry - the CryptoBox is not allowed to write on this device. Anyway it is still possible, that you can open it for writing. Please ask the administrator of the CryptoBox in case you believe, that this is a mistake.
+	}
 }