Browse Source

config_do and init_do check administration password

setting of administration password is no part of initialization anymore
master
lars 17 years ago
parent
commit
816be64819
  1. 4
      cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
  2. 0
      cbox-tree.d/usr/share/cryptobox/defaults/admin_pw
  3. 8
      cbox-tree.d/usr/share/cryptobox/lang/de.hdf
  4. 5
      cbox-tree.d/usr/share/cryptobox/templates/config_form.cs
  5. 13
      cbox-tree.d/usr/share/cryptobox/templates/init_form.cs
  6. 0
      cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw.html
  7. 0
      cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw_repeat.html
  8. 3
      cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/prove_admin_pw.html
  9. 127
      cbox-tree.d/var/www/cgi-bin/cryptobox.pl

4
cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh

@ -283,10 +283,6 @@ function init_cryptobox_part1()
create_partitions "$device"
create_config "$device"
) >>"$LOG_FILE" 2>&1
# read the admin-pw from the first line of input
local admin_pw
read admin_pw
config_set_value admin_pw "$admin_pw"
# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
# reading the passphrase from stdin
log_msg "Creating the crypto partition ..."

0
cbox-tree.d/usr/share/cryptobox/defaults/admin_pw

8
cbox-tree.d/usr/share/cryptobox/lang/de.hdf

@ -17,6 +17,7 @@ Lang {
Text {
EnterNewCryptoPassword = Das neue Crypto-Passwort eingeben:
EnterSameCryptoPassword = Das Crypto-Passwort wiederholen:
EnterAdminPassword = Das Admin-Passwort eingeben:
EnterNewAdminPassword = Das neue Admin-Passwort eingeben:
EnterSameAdminPassword = Das Admin-Passwort wiederholen:
InitWarning = Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT!
@ -70,6 +71,11 @@ Lang {
Text = Die beiden Passworte müssen identisch sein, um sicherzustellen, dass dies das gewünschte Passwort ist.
}
WrongAdminPassword {
Title = Falsches Administratons-Passwort
Text = Das eingegebene Administrations-Passwort ist falsch. Versuchen sie es noch einmal.
}
MountFailed {
Title = Aktivierung schlug fehl
Text = Das verschlüsselte Dateisystem konnte nicht aktiviert werden. Wahrscheinlich war das Passwort falsch.
@ -80,7 +86,7 @@ Lang {
Text = Das verschlüsselte Dateisystem konnte nicht abgeschaltet werden. Wahrscheinlich sind noch Dateien geöffnet. Also schließen sie alle potentiell unsauberen Programme (beispielsweise die weitverbreitete Textverarbeitung). Notfalls einfach die CryptoBox herunterfahren!
}
NotConfigured {
NotInitialized {
Title = Keine Konfiguration gefunden
Text = Die CryptoBox wurde noch nicht eingerichtet.
}

5
cbox-tree.d/usr/share/cryptobox/templates/config_form.cs

@ -3,6 +3,11 @@
<form action="<?cs call:getSelfURL('','') ?>" method="post"
enctype="application/x-www-form-urlencoded">
<?cs if:Data.Config.AdminPasswordIsSet ?>
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterAdminPassword,"prove_admin_pw") ?></label><br/>
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
<?cs /if ?>
<p><label for="ip"><?cs call:help_popUp(Lang.Text.IPAddress,'set_ip_address') ?></label><br/>
<input type="text" id="ip" size="16" maxsize="15" name="ip"

13
cbox-tree.d/usr/share/cryptobox/templates/init_form.cs

@ -4,10 +4,15 @@
<form action="<?cs call:getSelfURL('','') ?>" method="post" enctype="application/x-www-form-urlencoded">
<p class="note"><?cs var:Lang.Text.InitWarning ?></p>
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterNewAdminPassword,"admin_pw") ?></label><br/>
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
<p><label for="admin_password2"><?cs call:help_popUp(Lang.Text.EnterSameAdminPassword,"admin_pw_repeat") ?></label><br/>
<input type="password" id="admin_password2" name="admin_password2" size="20" tabindex="1" maxlength="40" /></p>
<?cs if:Data.Config.AdminPasswordIsSet ?>
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterAdminPassword,"prove_admin_pw") ?></label><br/>
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
<?cs else ?>
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterNewAdminPassword,"new_admin_pw") ?></label><br/>
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
<p><label for="admin_password2"><?cs call:help_popUp(Lang.Text.EnterSameAdminPassword,"new_admin_pw_repeat") ?></label><br/>
<input type="password" id="admin_password2" name="admin_password2" size="20" tabindex="1" maxlength="40" /></p>
<?cs /if ?>
<p><label for="crypto_password"><?cs call:help_popUp(Lang.Text.EnterNewCryptoPassword,"crypto_pw") ?></label><br/>
<input type="password" id="crypto_password" name="crypto_password" size="20" tabindex="1" maxlength="40" /></p>
<p><label for="crypto_password2"><?cs call:help_popUp(Lang.Text.EnterSameCryptoPassword,'crypto_pw_repeat') ?></label><br/>

0
cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw.html → cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw.html

0
cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw_repeat.html → cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw_repeat.html

3
cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/prove_admin_pw.html

@ -0,0 +1,3 @@
<h3>Administration password of the CryptoBox</h3>
<p>Enter the administration password of the CryptoBox.</p>
<p>This ensures, that only authorized people may re-initialize and re-configure the CryptoBox.</p>

127
cbox-tree.d/var/www/cgi-bin/cryptobox.pl

@ -30,7 +30,7 @@ $IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT});
#################### subs ######################
sub load_hdf()
sub load_hdf
{
my $hdf = ClearSilver::HDF->new();
@ -55,7 +55,7 @@ sub load_hdf()
}
sub load_language_data()
sub load_language_data
# import the specified language data
# every call overrides previously loaded values
# it is sufficient to call it somewhere before "render"
@ -68,7 +68,7 @@ sub load_language_data()
}
sub get_available_languages()
sub get_available_languages
# import the names of all available languages
{
my $data = shift;
@ -88,7 +88,7 @@ sub get_available_languages()
}
sub log_msg()
sub log_msg
{
my $text = shift;
open(LOGFILE,">> $LOG_FILE");
@ -137,7 +137,14 @@ sub get_current_ip
}
sub render()
sub get_admin_pw
# returns the current administration password - empty, if it is not used
{
return `$CB_SCRIPT get_config admin_pw`;
}
sub render
{
$pagedata->setValue("PageName","$pagename");
my $pagefile = "$TEMPLATE_DIR/main.cs";
@ -181,30 +188,32 @@ sub box_init
# partitioning, config and initial cryptsetup
open(PW_INPUT, "|$CB_SCRIPT box-init-fg");
print PW_INPUT "$admin_pw";
print PW_INPUT "$crypto_pw";
print PW_INPUT $crypto_pw;
close(PW_INPUT);
# set administration password
system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
# wipe and mkfs takes some time - it will be done in the background
system("$CB_SCRIPT", "box-init-bg");
}
sub system_poweroff()
sub system_poweroff
{
&umount_vol() if (&check_mounted());
system("$CB_SCRIPT", "poweroff");
}
sub system_reboot()
sub system_reboot
{
&umount_vol() if (&check_mounted());
system("$CB_SCRIPT", "reboot");
}
sub validate_ip()
sub validate_ip
{
my $ip = shift;
my @octets = split /\./, $ip;
@ -218,7 +227,7 @@ sub validate_ip()
}
sub validate_timeout()
sub validate_timeout
{
my $timeout = shift;
return 0 if ($timeout =~ /\D/);
@ -227,7 +236,7 @@ sub validate_timeout()
# check for a valid interface language
sub validate_language()
sub validate_language
{
my $language = shift;
# check for non-alphanumeric character
@ -239,7 +248,7 @@ sub validate_language()
# check for a valid documentation language
sub validate_doc_language()
sub validate_doc_language
{
my $language = shift;
# check for non-alphanumeric character
@ -298,7 +307,7 @@ if ( ! &check_ssl()) {
################ umount_do #######################
if ($action eq 'umount_do') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
@ -321,7 +330,7 @@ if ( ! &check_ssl()) {
} elsif ($action eq 'mount_do') {
# mount requested
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
@ -347,7 +356,7 @@ if ( ! &check_ssl()) {
################## mount_ask #######################
} elsif ($action eq 'mount_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
@ -361,7 +370,7 @@ if ( ! &check_ssl()) {
################# umount_ask ########################
} elsif ($action eq 'umount_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ( ! &check_mounted()) {
$pagedata->setValue('Data.Warning', 'NotMounted');
@ -382,7 +391,11 @@ if ( ! &check_ssl()) {
}
#################### init_do ########################
} elsif ($action eq 'init_do') {
if ($query->param('admin_password') ne $query->param('admin_password2')) {
my $admin_pw = &get_admin_pw;
if ($admin_pw ne '' && $admin_pw ne $query->param('admin_password'))
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ($query->param('admin_password') ne $query->param('admin_password2')) {
# different admin-passwords
$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
$pagedata->setValue('Data.Action', 'init_form');
@ -411,7 +424,7 @@ if ( ! &check_ssl()) {
#################### config_ask ######################
} elsif ($action eq 'config_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} else {
$pagedata->setValue('Data.Action', 'config_form');
@ -419,46 +432,49 @@ if ( ! &check_ssl()) {
#################### config_do #######################
} elsif ($action eq 'config_do') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotConfigured');
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} else {
if ( ! &validate_language($query->param('language'))) {
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
$pagedata->setValue('Data.Action', 'config_form');
my $admin_pw = &get_admin_pw;
if ( $admin_pw ne '' && $admin_pw ne $query->param('admin_password'))
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_language($query->param('language'))) {
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_ip($query->param('ip'))) {
$pagedata->setValue('Data.Warning', 'InvalidIP');
$pagedata->setValue('Data.Action', 'config_form');
$pagedata->setValue('Data.Warning', 'InvalidIP');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_timeout($query->param('timeout'))) {
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
$pagedata->setValue('Data.Action', 'config_form');
} else {
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
# check, if the ip was reconfigured
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
{
# set the new value
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
# reconfigure the network interface
system("$CB_SCRIPT", "update_ip_address");
# redirect to the new address
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
$pagedata->setValue('Data.Redirect.Delay', "5");
# display a warning for the redirection
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
}
# check for success
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
$pagedata->setValue('Data.Action', 'config_form');
} else {
$pagedata->setValue('Data.Success', 'ConfigSaved');
}
$pagedata->setValue('Data.Action', 'intro');
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
# check, if the ip was reconfigured
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
{
# set the new value
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
# reconfigure the network interface
system("$CB_SCRIPT", "update_ip_address");
# redirect to the new address
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
$pagedata->setValue('Data.Redirect.Delay', "5");
# display a warning for the redirection
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
}
# check for success
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
} else {
$pagedata->setValue('Data.Success', 'ConfigSaved');
}
$pagedata->setValue('Data.Action', 'intro');
}
}
#################### show_log #######################
@ -502,6 +518,9 @@ $pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0);
my $output = &get_current_ip();
$pagedata->setValue('Data.Status.IP', "$output");
$output = &get_admin_pw();
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
$pagedata->setValue('Data.PartitionInfo',"$output");

Loading…
Cancel
Save