config_do and init_do check administration password
setting of administration password is no part of initialization anymore
This commit is contained in:
parent
b91e2da4d1
commit
816be64819
9 changed files with 97 additions and 63 deletions
|
|
@ -283,10 +283,6 @@ function init_cryptobox_part1()
|
|||
create_partitions "$device"
|
||||
create_config "$device"
|
||||
) >>"$LOG_FILE" 2>&1
|
||||
# read the admin-pw from the first line of input
|
||||
local admin_pw
|
||||
read admin_pw
|
||||
config_set_value admin_pw "$admin_pw"
|
||||
# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
|
||||
# reading the passphrase from stdin
|
||||
log_msg "Creating the crypto partition ..."
|
||||
|
|
|
|||
0
cbox-tree.d/usr/share/cryptobox/defaults/admin_pw
Normal file
0
cbox-tree.d/usr/share/cryptobox/defaults/admin_pw
Normal file
|
|
@ -17,6 +17,7 @@ Lang {
|
|||
Text {
|
||||
EnterNewCryptoPassword = Das neue Crypto-Passwort eingeben:
|
||||
EnterSameCryptoPassword = Das Crypto-Passwort wiederholen:
|
||||
EnterAdminPassword = Das Admin-Passwort eingeben:
|
||||
EnterNewAdminPassword = Das neue Admin-Passwort eingeben:
|
||||
EnterSameAdminPassword = Das Admin-Passwort wiederholen:
|
||||
InitWarning = Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT!
|
||||
|
|
@ -70,6 +71,11 @@ Lang {
|
|||
Text = Die beiden Passworte müssen identisch sein, um sicherzustellen, dass dies das gewünschte Passwort ist.
|
||||
}
|
||||
|
||||
WrongAdminPassword {
|
||||
Title = Falsches Administratons-Passwort
|
||||
Text = Das eingegebene Administrations-Passwort ist falsch. Versuchen sie es noch einmal.
|
||||
}
|
||||
|
||||
MountFailed {
|
||||
Title = Aktivierung schlug fehl
|
||||
Text = Das verschlüsselte Dateisystem konnte nicht aktiviert werden. Wahrscheinlich war das Passwort falsch.
|
||||
|
|
@ -80,7 +86,7 @@ Lang {
|
|||
Text = Das verschlüsselte Dateisystem konnte nicht abgeschaltet werden. Wahrscheinlich sind noch Dateien geöffnet. Also schließen sie alle potentiell unsauberen Programme (beispielsweise die weitverbreitete Textverarbeitung). Notfalls einfach die CryptoBox herunterfahren!
|
||||
}
|
||||
|
||||
NotConfigured {
|
||||
NotInitialized {
|
||||
Title = Keine Konfiguration gefunden
|
||||
Text = Die CryptoBox wurde noch nicht eingerichtet.
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,11 @@
|
|||
|
||||
<form action="<?cs call:getSelfURL('','') ?>" method="post"
|
||||
enctype="application/x-www-form-urlencoded">
|
||||
|
||||
<?cs if:Data.Config.AdminPasswordIsSet ?>
|
||||
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterAdminPassword,"prove_admin_pw") ?></label><br/>
|
||||
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
|
||||
<?cs /if ?>
|
||||
|
||||
<p><label for="ip"><?cs call:help_popUp(Lang.Text.IPAddress,'set_ip_address') ?></label><br/>
|
||||
<input type="text" id="ip" size="16" maxsize="15" name="ip"
|
||||
|
|
|
|||
|
|
@ -4,10 +4,15 @@
|
|||
<form action="<?cs call:getSelfURL('','') ?>" method="post" enctype="application/x-www-form-urlencoded">
|
||||
|
||||
<p class="note"><?cs var:Lang.Text.InitWarning ?></p>
|
||||
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterNewAdminPassword,"admin_pw") ?></label><br/>
|
||||
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
|
||||
<p><label for="admin_password2"><?cs call:help_popUp(Lang.Text.EnterSameAdminPassword,"admin_pw_repeat") ?></label><br/>
|
||||
<input type="password" id="admin_password2" name="admin_password2" size="20" tabindex="1" maxlength="40" /></p>
|
||||
<?cs if:Data.Config.AdminPasswordIsSet ?>
|
||||
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterAdminPassword,"prove_admin_pw") ?></label><br/>
|
||||
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
|
||||
<?cs else ?>
|
||||
<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterNewAdminPassword,"new_admin_pw") ?></label><br/>
|
||||
<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
|
||||
<p><label for="admin_password2"><?cs call:help_popUp(Lang.Text.EnterSameAdminPassword,"new_admin_pw_repeat") ?></label><br/>
|
||||
<input type="password" id="admin_password2" name="admin_password2" size="20" tabindex="1" maxlength="40" /></p>
|
||||
<?cs /if ?>
|
||||
<p><label for="crypto_password"><?cs call:help_popUp(Lang.Text.EnterNewCryptoPassword,"crypto_pw") ?></label><br/>
|
||||
<input type="password" id="crypto_password" name="crypto_password" size="20" tabindex="1" maxlength="40" /></p>
|
||||
<p><label for="crypto_password2"><?cs call:help_popUp(Lang.Text.EnterSameCryptoPassword,'crypto_pw_repeat') ?></label><br/>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
<h3>Administration password of the CryptoBox</h3>
|
||||
<p>Enter the administration password of the CryptoBox.</p>
|
||||
<p>This ensures, that only authorized people may re-initialize and re-configure the CryptoBox.</p>
|
||||
|
|
@ -30,7 +30,7 @@ $IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT});
|
|||
|
||||
#################### subs ######################
|
||||
|
||||
sub load_hdf()
|
||||
sub load_hdf
|
||||
{
|
||||
my $hdf = ClearSilver::HDF->new();
|
||||
|
||||
|
|
@ -55,7 +55,7 @@ sub load_hdf()
|
|||
}
|
||||
|
||||
|
||||
sub load_language_data()
|
||||
sub load_language_data
|
||||
# import the specified language data
|
||||
# every call overrides previously loaded values
|
||||
# it is sufficient to call it somewhere before "render"
|
||||
|
|
@ -68,7 +68,7 @@ sub load_language_data()
|
|||
}
|
||||
|
||||
|
||||
sub get_available_languages()
|
||||
sub get_available_languages
|
||||
# import the names of all available languages
|
||||
{
|
||||
my $data = shift;
|
||||
|
|
@ -88,7 +88,7 @@ sub get_available_languages()
|
|||
}
|
||||
|
||||
|
||||
sub log_msg()
|
||||
sub log_msg
|
||||
{
|
||||
my $text = shift;
|
||||
open(LOGFILE,">> $LOG_FILE");
|
||||
|
|
@ -137,7 +137,14 @@ sub get_current_ip
|
|||
}
|
||||
|
||||
|
||||
sub render()
|
||||
sub get_admin_pw
|
||||
# returns the current administration password - empty, if it is not used
|
||||
{
|
||||
return `$CB_SCRIPT get_config admin_pw`;
|
||||
}
|
||||
|
||||
|
||||
sub render
|
||||
{
|
||||
$pagedata->setValue("PageName","$pagename");
|
||||
my $pagefile = "$TEMPLATE_DIR/main.cs";
|
||||
|
|
@ -181,30 +188,32 @@ sub box_init
|
|||
|
||||
# partitioning, config and initial cryptsetup
|
||||
open(PW_INPUT, "|$CB_SCRIPT box-init-fg");
|
||||
print PW_INPUT "$admin_pw";
|
||||
print PW_INPUT "$crypto_pw";
|
||||
print PW_INPUT $crypto_pw;
|
||||
close(PW_INPUT);
|
||||
|
||||
# set administration password
|
||||
system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
|
||||
|
||||
# wipe and mkfs takes some time - it will be done in the background
|
||||
system("$CB_SCRIPT", "box-init-bg");
|
||||
}
|
||||
|
||||
|
||||
sub system_poweroff()
|
||||
sub system_poweroff
|
||||
{
|
||||
&umount_vol() if (&check_mounted());
|
||||
system("$CB_SCRIPT", "poweroff");
|
||||
}
|
||||
|
||||
|
||||
sub system_reboot()
|
||||
sub system_reboot
|
||||
{
|
||||
&umount_vol() if (&check_mounted());
|
||||
system("$CB_SCRIPT", "reboot");
|
||||
}
|
||||
|
||||
|
||||
sub validate_ip()
|
||||
sub validate_ip
|
||||
{
|
||||
my $ip = shift;
|
||||
my @octets = split /\./, $ip;
|
||||
|
|
@ -218,7 +227,7 @@ sub validate_ip()
|
|||
}
|
||||
|
||||
|
||||
sub validate_timeout()
|
||||
sub validate_timeout
|
||||
{
|
||||
my $timeout = shift;
|
||||
return 0 if ($timeout =~ /\D/);
|
||||
|
|
@ -227,7 +236,7 @@ sub validate_timeout()
|
|||
|
||||
|
||||
# check for a valid interface language
|
||||
sub validate_language()
|
||||
sub validate_language
|
||||
{
|
||||
my $language = shift;
|
||||
# check for non-alphanumeric character
|
||||
|
|
@ -239,7 +248,7 @@ sub validate_language()
|
|||
|
||||
|
||||
# check for a valid documentation language
|
||||
sub validate_doc_language()
|
||||
sub validate_doc_language
|
||||
{
|
||||
my $language = shift;
|
||||
# check for non-alphanumeric character
|
||||
|
|
@ -298,7 +307,7 @@ if ( ! &check_ssl()) {
|
|||
################ umount_do #######################
|
||||
if ($action eq 'umount_do') {
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} elsif (&check_init_running()) {
|
||||
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
||||
|
|
@ -321,7 +330,7 @@ if ( ! &check_ssl()) {
|
|||
} elsif ($action eq 'mount_do') {
|
||||
# mount requested
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} elsif (&check_init_running()) {
|
||||
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
||||
|
|
@ -347,7 +356,7 @@ if ( ! &check_ssl()) {
|
|||
################## mount_ask #######################
|
||||
} elsif ($action eq 'mount_ask') {
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} elsif (&check_init_running()) {
|
||||
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
||||
|
|
@ -361,7 +370,7 @@ if ( ! &check_ssl()) {
|
|||
################# umount_ask ########################
|
||||
} elsif ($action eq 'umount_ask') {
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} elsif ( ! &check_mounted()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotMounted');
|
||||
|
|
@ -382,7 +391,11 @@ if ( ! &check_ssl()) {
|
|||
}
|
||||
#################### init_do ########################
|
||||
} elsif ($action eq 'init_do') {
|
||||
if ($query->param('admin_password') ne $query->param('admin_password2')) {
|
||||
my $admin_pw = &get_admin_pw;
|
||||
if ($admin_pw ne '' && $admin_pw ne $query->param('admin_password'))
|
||||
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} elsif ($query->param('admin_password') ne $query->param('admin_password2')) {
|
||||
# different admin-passwords
|
||||
$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
|
|
@ -411,7 +424,7 @@ if ( ! &check_ssl()) {
|
|||
#################### config_ask ######################
|
||||
} elsif ($action eq 'config_ask') {
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} else {
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
|
|
@ -419,46 +432,49 @@ if ( ! &check_ssl()) {
|
|||
#################### config_do #######################
|
||||
} elsif ($action eq 'config_do') {
|
||||
if ( ! &check_config()) {
|
||||
$pagedata->setValue('Data.Warning', 'NotConfigured');
|
||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||
$pagedata->setValue('Data.Action', 'init_form');
|
||||
} else {
|
||||
if ( ! &validate_language($query->param('language'))) {
|
||||
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
my $admin_pw = &get_admin_pw;
|
||||
if ( $admin_pw ne '' && $admin_pw ne $query->param('admin_password'))
|
||||
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
} elsif ( ! &validate_language($query->param('language'))) {
|
||||
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
} elsif ( ! &validate_ip($query->param('ip'))) {
|
||||
$pagedata->setValue('Data.Warning', 'InvalidIP');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
$pagedata->setValue('Data.Warning', 'InvalidIP');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
} elsif ( ! &validate_timeout($query->param('timeout'))) {
|
||||
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
||||
$pagedata->setValue('Data.Action', 'config_form');
|
||||
} else {
|
||||
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
|
||||
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
|
||||
# check, if the ip was reconfigured
|
||||
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
|
||||
{
|
||||
# set the new value
|
||||
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
|
||||
# reconfigure the network interface
|
||||
system("$CB_SCRIPT", "update_ip_address");
|
||||
# redirect to the new address
|
||||
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
||||
$pagedata->setValue('Data.Redirect.Delay', "5");
|
||||
# display a warning for the redirection
|
||||
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
||||
}
|
||||
|
||||
# check for success
|
||||
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
||||
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
||||
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
||||
} else {
|
||||
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
||||
}
|
||||
$pagedata->setValue('Data.Action', 'intro');
|
||||
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
|
||||
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
|
||||
# check, if the ip was reconfigured
|
||||
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
|
||||
{
|
||||
# set the new value
|
||||
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
|
||||
# reconfigure the network interface
|
||||
system("$CB_SCRIPT", "update_ip_address");
|
||||
# redirect to the new address
|
||||
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
||||
$pagedata->setValue('Data.Redirect.Delay', "5");
|
||||
# display a warning for the redirection
|
||||
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
||||
}
|
||||
# check for success
|
||||
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
||||
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
||||
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
|
||||
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
||||
} else {
|
||||
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
||||
}
|
||||
$pagedata->setValue('Data.Action', 'intro');
|
||||
}
|
||||
}
|
||||
#################### show_log #######################
|
||||
|
|
@ -502,6 +518,9 @@ $pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0);
|
|||
my $output = &get_current_ip();
|
||||
$pagedata->setValue('Data.Status.IP', "$output");
|
||||
|
||||
$output = &get_admin_pw();
|
||||
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
|
||||
|
||||
$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
|
||||
$pagedata->setValue('Data.PartitionInfo',"$output");
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue