From 0c129de015b413b253302eae76aa24e95da96210 Mon Sep 17 00:00:00 2001 From: lars Date: Fri, 26 Jan 2007 21:53:24 +0000 Subject: [PATCH] added "is_writeable" method to cryptobox.core.container changed the log level of some messages added early "not writeable" warnings to "volume_format_fs" and "partition" plugins disable "encrypted_webinterface" by default (for cryptobox-server) --- changelog | 9 +++++ conf-examples/cryptobox.conf | 3 +- debian/changelog | 4 +- plugins/partition/partition.py | 4 ++ plugins/volume_format_fs/volume_format_fs.py | 41 ++++++++++++-------- src/cryptobox/__init__.py | 2 +- src/cryptobox/core/container.py | 32 ++++++++++++++- src/cryptobox/web/sites.py | 4 +- templates/language.hdf | 5 +++ 9 files changed, 80 insertions(+), 24 deletions(-) diff --git a/changelog b/changelog index 8eafa69..4ad77e9 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,12 @@ +Version 0.3.3 - 01/26/02007 + * fixed bug in reinitializing of plugins (Closes: #111) + * fixed broken group membership changing of webserver (Closes: #114) + * fixed glitch that delayed the effect of changes made by the plugin_manager + * completed Slovenian translation + * improved German translation + * added: restore network settings during startup + * added: new plugin provides an encrypted (https) connection to the webinterface + Version 0.3.2 - 01/08/02007 * fixed bug causing ignorance towards group permissions (Closes: #114) * fixed bug in Plugin manager breaking web interface (Closes: #111) diff --git a/conf-examples/cryptobox.conf b/conf-examples/cryptobox.conf index c72b5a5..ed006e3 100644 --- a/conf-examples/cryptobox.conf +++ b/conf-examples/cryptobox.conf @@ -19,7 +19,8 @@ DefaultCipher = aes-cbc-essiv:sha256 ConfigVolumeLabel = cbox_config # which plugins should be disabled? (comma seperated list) -#DisabledPlugins = network, shutdown, partition +#DisabledPlugins = encrypted_webinterface, network, shutdown, partition +DisabledPlugins = encrypted_webinterface [Locations] diff --git a/debian/changelog b/debian/changelog index 8397df8..bb7eda8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ -cryptobox (0.3.3-1) unstable; urgency=low +cryptobox (0.3.2.1-1) unstable; urgency=low * new upstream release - -- Lars Kruse Mon, 8 Jan 2007 06:15:20 +0100 + -- Lars Kruse Fri, 26 Jan 2007 01:58:27 +0100 cryptobox (0.3.1-1) unstable; urgency=low diff --git a/plugins/partition/partition.py b/plugins/partition/partition.py index 4b8c93c..7e762e4 100644 --- a/plugins/partition/partition.py +++ b/plugins/partition/partition.py @@ -65,6 +65,10 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin): ## no (or invalid) device was supplied if not self.blockdevice: return self.__action_select_device() + ## exit if the blockdevice is not writeable + if not os.access(self.blockdevice, os.W_OK): + self.hdf["Data.Warning"] = "DeviceNotWriteable" + return self.__action_select_device() ## no confirm setting? if not args.has_key("confirm") or (args["confirm"] != "1"): self.hdf["Data.Warning"] = "Plugins.partition.FormatNotConfirmed" diff --git a/plugins/volume_format_fs/volume_format_fs.py b/plugins/volume_format_fs/volume_format_fs.py index 9cce800..d9df1fd 100644 --- a/plugins/volume_format_fs/volume_format_fs.py +++ b/plugins/volume_format_fs/volume_format_fs.py @@ -39,12 +39,17 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin): def do_action(self, store=None, fs_type="windows", container_type="luks", crypto_password=None, crypto_password2=None, confirm=None): + container = self.cbox.get_container(self.device) + ## exit immediately if the device is not writeable + if not container.is_writeable(): + self.hdf["Data.Warning"] = "DeviceNotWriteable" + return "empty" if not fs_type in FSTYPES.keys(): - self.cbox.log.info("invalid filesystem type choosen: %s" % str(fs_type)) + self.cbox.log.info("Invalid filesystem type choosen: %s" % str(fs_type)) return "volume_format" self.hdf[self.hdf_prefix + "fs_type"] = fs_type if not container_type in ['plain', 'luks']: - self.cbox.log.info("invalid container type type choosen: %s" % \ + self.cbox.log.info("Invalid container type type choosen: %s" % \ str(container_type)) return "volume_format" self.hdf[self.hdf_prefix + "container_type"] = container_type @@ -52,7 +57,7 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin): self.hdf[self.hdf_prefix + "fs_types." + t] = t if store == "step1": if not confirm: - self.cbox.log.warn("missing confirmation for formatting of filesystem: %s" % self.device) + self.cbox.log.info("Missing confirmation for formatting of filesystem: %s" % self.device) self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatNotConfirmed" return "volume_format" if container_type == "luks": @@ -63,10 +68,10 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin): if container_type == "luks": return self.__format_luks(FSTYPES[fs_type], crypto_password, crypto_password2) else: - self.cbox.log.info("invalid input value for 'container_type': %s" % container_type) + self.cbox.log.info("Invalid input value for 'container_type': %s" % container_type) return "volume_format" elif store: - self.cbox.log.info("invalid input value for 'store': %s" % store) + self.cbox.log.info("Invalid input value for 'store': %s" % store) return "volume_format" else: return "volume_format" @@ -82,27 +87,28 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin): container.create(cbx_container.CONTAINERTYPES["plain"], fs_type=fs_type) except CBVolumeIsActive: self.hdf["Data.Warning"] = "VolumeMayNotBeMounted" - self.cbox.log.info("initialization is not possible as long as the device (%s) is mounted" % self.device) + self.cbox.log.info("Initialization is not possible as long as the device " \ + + "(%s) is mounted" % self.device) return "volume_format" - except CBContainerError, errMsg: + except CBContainerError, err_msg: self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatFailed" - self.cbox.log.warn("initialization of device '%s' failed" % self.device) - self.cbox.log.warn("reason: %s" % errMsg) + self.cbox.log.error("Initialization of the device (%s) failed: %s" % \ + (self.device, err_msg)) return "volume_format" else: self.hdf["Data.Success"] = "Plugins.volume_format_fs.FormatSuccess" - self.cbox.log.info("successfully initialized device '%s'" % self.device) + self.cbox.log.info("Successfully initialized device '%s'" % self.device) return { "plugin":"disks", "values":{} } def __format_luks(self, fs_type, pw, pw2): if not pw: self.hdf["Data.Warning"] = "EmptyPassword" - self.cbox.log.warn("no crypto password was supplied for initialization of device '%s'" % self.device) + self.cbox.log.info("No crypto password was supplied for initialization of device '%s'" % self.device) return "volume_format" if pw != pw2: self.hdf["Data.Warning"] = "DifferentPasswords" - self.cbox.log.warn("the crypto password was not repeated correctly for initialization of device '%s'" % self.device) + self.cbox.log.info("The crypto password was not repeated correctly for initialization of device '%s'" % self.device) return "volume_format" container = self.cbox.get_container(self.device) try: @@ -110,15 +116,16 @@ class volume_format_fs(cryptobox.plugins.base.CryptoBoxPlugin): fs_type=fs_type, password=pw) except CBVolumeIsActive: self.hdf["Data.Warning"] = "VolumeMayNotBeMounted" - self.cbox.log.info("initialization is not possible as long as the device (%s) is mounted" % self.device) + self.cbox.log.info("Initialization is not possible as long as the device " \ + + "(%s) is mounted" % self.device) return "volume_format" - except CBContainerError, errMsg: + except CBContainerError, err_msg: self.hdf["Data.Warning"] = "Plugins.volume_format_fs.FormatFailed" - self.cbox.log.warn("initialization of device '%s' failed" % self.device) - self.cbox.log.warn("reason: %s" % errMsg) + self.cbox.log.error("Initialization of the device (%s) failed: %s" % \ + (self.device, err_msg)) return "volume_format" else: self.hdf["Data.Success"] = "Plugins.volume_format_fs.FormatSuccess" - self.cbox.log.info("successfully initialized device '%s'" % self.device) + self.cbox.log.info("Successfully initialized device '%s'" % self.device) return { "plugin":"disks", "values":{} } diff --git a/src/cryptobox/__init__.py b/src/cryptobox/__init__.py index d0ffc7f..6bcfac4 100644 --- a/src/cryptobox/__init__.py +++ b/src/cryptobox/__init__.py @@ -10,5 +10,5 @@ __all__ = ['core', 'web', 'plugins', 'tests'] __revision__ = "$Id$" -__version__ = "0.3.2" +__version__ = "0.3.2.1" diff --git a/src/cryptobox/core/container.py b/src/cryptobox/core/container.py index 1a5c8c2..c5e977a 100644 --- a/src/cryptobox/core/container.py +++ b/src/cryptobox/core/container.py @@ -68,6 +68,8 @@ class CryptoBoxContainer: def get_name(self): """Return a humanly readable name for the container. + + Available since: 0.3.0 """ return self.name @@ -77,6 +79,7 @@ class CryptoBoxContainer: At least there should be a uuid. Other attributes may be added by features (e.g. automount). + Available since: 0.3.0 """ try: ## is there already an entry in the database? @@ -92,6 +95,7 @@ class CryptoBoxContainer: """Define a humanly readable name of this container. this also manages the name database + Available since: 0.3.0 """ old_name = self.get_name() if new_name == self.name: @@ -127,22 +131,38 @@ class CryptoBoxContainer: self.cbox.log.warn("Failed to store volumes database after set_name") + def is_writeable(self): + """Return if the container is writeable + + this only affects actions like formatting or partitioning + write access for the mounted content is not considered + Available since: 0.3.3 + """ + ## symlinks are followed automatically + return os.access(self.get_device(), os.W_OK) + + def get_device(self): """Return the device name of the container e.g.: /dev/hdc1 + Available since: 0.3.0 """ return self.device def get_type(self): """Return the type (int) of this container. + + Available since: 0.3.0 """ return self.cont_type def is_mounted(self): """Check if the container is currently mounted. + + Available since: 0.3.0 """ return os.path.ismount(self.__get_mount_point()) @@ -153,6 +173,7 @@ class CryptoBoxContainer: the volume may not be mounted the result is a tuple of values in megabyte: (size, available, used) + Available since: 0.3.0 """ info = os.statvfs(self.__get_mount_point()) return ( @@ -166,6 +187,7 @@ class CryptoBoxContainer: the result is a value in megabyte an error is indicated by "-1" + Available since: 0.3.0 """ import cryptobox.core.tools as cbxtools return cbxtools.get_blockdevice_size(self.device) @@ -173,7 +195,10 @@ class CryptoBoxContainer: def reset_object(self): """ recheck the information about this container - this is especially useful after changing the type via 'create' """ + + this is especially useful after changing the type via 'create' + Available since: 0.3.0 + """ self.uuid = self.__get_uuid() self.cont_type = self.__get_type_of_partition() self.name = self.__get_name_of_container() @@ -190,6 +215,7 @@ class CryptoBoxContainer: """Format a container. Also set a password for encrypted container. + Available since: 0.3.0 """ if not fs_type in FSTYPES["plain"]: raise CBInvalidType("invalid filesystem type supplied: %s" % str(fs_type)) @@ -215,6 +241,7 @@ class CryptoBoxContainer: """Change the password of an encrypted container. Raises an exception for plaintext container. + Available since: 0.3.0 """ if self.cont_type != CONTAINERTYPES["luks"]: raise CBInvalidType("changing of password is possible only for luks containers") @@ -279,6 +306,7 @@ class CryptoBoxContainer: The busy flag is mainly used to indicate that the device may not be used while it is being formatted or similar. + Available since: 0.3.1 """ return self.cbox.get_device_busy_state(self.device) @@ -288,6 +316,7 @@ class CryptoBoxContainer: Either set or remove this flag. The timeout is optional and defaults to five minutes. + Available since: 0.3.1 """ self.cbox.set_device_busy_state(self.device, new_state, timeout) @@ -639,6 +668,7 @@ class CryptoBoxContainer: pass self.set_busy(False) bg_task = threading.Thread(target=format) + bg_task.setDaemon(True) bg_task.start() time.sleep(3) ## if the thread exited very fast, then it failed diff --git a/src/cryptobox/web/sites.py b/src/cryptobox/web/sites.py index 4440ce7..8e5595f 100644 --- a/src/cryptobox/web/sites.py +++ b/src/cryptobox/web/sites.py @@ -502,10 +502,10 @@ class WebInterfaceSites: issue a warning if the device is invalid""" if device and re.match(r'[\w /\-]+$', device) \ and self.cbox.get_container(device): - self.cbox.log.debug("select device: %s" % device) + self.cbox.log.debug("Select device: %s" % device) return True else: - self.cbox.log.warn("invalid device: %s" % device) + self.cbox.log.warn("Invalid device: %s" % device) self.__dataset["Data.Warning"] = "InvalidDevice" return False diff --git a/templates/language.hdf b/templates/language.hdf index 09de2db..e103886 100644 --- a/templates/language.hdf +++ b/templates/language.hdf @@ -89,5 +89,10 @@ WarningMessage { Link.Attr1.name = level Link.Attr1.value = ERROR } + + DeviceNotWriteable { + Title = No write permissions + Text = Sorry - the CryptoBox is not allowed to write on this device. Anyway it is still possible, that you can open it for writing. Please ask the administrator of the CryptoBox in case you believe, that this is a mistake. + } }