diff --git a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh index a5c694b..875b194 100755 --- a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh +++ b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh @@ -283,10 +283,6 @@ function init_cryptobox_part1() create_partitions "$device" create_config "$device" ) >>"$LOG_FILE" 2>&1 - # read the admin-pw from the first line of input - local admin_pw - read admin_pw - config_set_value admin_pw "$admin_pw" # the output of create_crypto may NOT be redirected - this would prevent cryptsetup from # reading the passphrase from stdin log_msg "Creating the crypto partition ..." diff --git a/cbox-tree.d/usr/share/cryptobox/defaults/admin_pw b/cbox-tree.d/usr/share/cryptobox/defaults/admin_pw new file mode 100644 index 0000000..e69de29 diff --git a/cbox-tree.d/usr/share/cryptobox/lang/de.hdf b/cbox-tree.d/usr/share/cryptobox/lang/de.hdf index b3d32bc..c237083 100644 --- a/cbox-tree.d/usr/share/cryptobox/lang/de.hdf +++ b/cbox-tree.d/usr/share/cryptobox/lang/de.hdf @@ -17,6 +17,7 @@ Lang { Text { EnterNewCryptoPassword = Das neue Crypto-Passwort eingeben: EnterSameCryptoPassword = Das Crypto-Passwort wiederholen: + EnterAdminPassword = Das Admin-Passwort eingeben: EnterNewAdminPassword = Das neue Admin-Passwort eingeben: EnterSameAdminPassword = Das Admin-Passwort wiederholen: InitWarning = Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT! @@ -70,6 +71,11 @@ Lang { Text = Die beiden Passworte müssen identisch sein, um sicherzustellen, dass dies das gewünschte Passwort ist. } + WrongAdminPassword { + Title = Falsches Administratons-Passwort + Text = Das eingegebene Administrations-Passwort ist falsch. Versuchen sie es noch einmal. + } + MountFailed { Title = Aktivierung schlug fehl Text = Das verschlüsselte Dateisystem konnte nicht aktiviert werden. Wahrscheinlich war das Passwort falsch. @@ -80,7 +86,7 @@ Lang { Text = Das verschlüsselte Dateisystem konnte nicht abgeschaltet werden. Wahrscheinlich sind noch Dateien geöffnet. Also schließen sie alle potentiell unsauberen Programme (beispielsweise die weitverbreitete Textverarbeitung). Notfalls einfach die CryptoBox herunterfahren! } - NotConfigured { + NotInitialized { Title = Keine Konfiguration gefunden Text = Die CryptoBox wurde noch nicht eingerichtet. } diff --git a/cbox-tree.d/usr/share/cryptobox/templates/config_form.cs b/cbox-tree.d/usr/share/cryptobox/templates/config_form.cs index a0485d8..f774282 100644 --- a/cbox-tree.d/usr/share/cryptobox/templates/config_form.cs +++ b/cbox-tree.d/usr/share/cryptobox/templates/config_form.cs @@ -3,6 +3,11 @@
+ + +


+

+


-


-

-


-

+ +


+

+ +


+

+


+

+



diff --git a/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw.html b/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw.html similarity index 100% rename from cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw.html rename to cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw.html diff --git a/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw_repeat.html b/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw_repeat.html similarity index 100% rename from cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw_repeat.html rename to cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/new_admin_pw_repeat.html diff --git a/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/prove_admin_pw.html b/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/prove_admin_pw.html new file mode 100644 index 0000000..fb9807f --- /dev/null +++ b/cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/prove_admin_pw.html @@ -0,0 +1,3 @@ +

Administration password of the CryptoBox

+

Enter the administration password of the CryptoBox.

+

This ensures, that only authorized people may re-initialize and re-configure the CryptoBox.

diff --git a/cbox-tree.d/var/www/cgi-bin/cryptobox.pl b/cbox-tree.d/var/www/cgi-bin/cryptobox.pl index 0b07d39..643ec64 100755 --- a/cbox-tree.d/var/www/cgi-bin/cryptobox.pl +++ b/cbox-tree.d/var/www/cgi-bin/cryptobox.pl @@ -30,7 +30,7 @@ $IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT}); #################### subs ###################### -sub load_hdf() +sub load_hdf { my $hdf = ClearSilver::HDF->new(); @@ -55,7 +55,7 @@ sub load_hdf() } -sub load_language_data() +sub load_language_data # import the specified language data # every call overrides previously loaded values # it is sufficient to call it somewhere before "render" @@ -68,7 +68,7 @@ sub load_language_data() } -sub get_available_languages() +sub get_available_languages # import the names of all available languages { my $data = shift; @@ -88,7 +88,7 @@ sub get_available_languages() } -sub log_msg() +sub log_msg { my $text = shift; open(LOGFILE,">> $LOG_FILE"); @@ -137,7 +137,14 @@ sub get_current_ip } -sub render() +sub get_admin_pw +# returns the current administration password - empty, if it is not used +{ + return `$CB_SCRIPT get_config admin_pw`; +} + + +sub render { $pagedata->setValue("PageName","$pagename"); my $pagefile = "$TEMPLATE_DIR/main.cs"; @@ -181,30 +188,32 @@ sub box_init # partitioning, config and initial cryptsetup open(PW_INPUT, "|$CB_SCRIPT box-init-fg"); - print PW_INPUT "$admin_pw"; - print PW_INPUT "$crypto_pw"; + print PW_INPUT $crypto_pw; close(PW_INPUT); + # set administration password + system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw"); + # wipe and mkfs takes some time - it will be done in the background system("$CB_SCRIPT", "box-init-bg"); } -sub system_poweroff() +sub system_poweroff { &umount_vol() if (&check_mounted()); system("$CB_SCRIPT", "poweroff"); } -sub system_reboot() +sub system_reboot { &umount_vol() if (&check_mounted()); system("$CB_SCRIPT", "reboot"); } -sub validate_ip() +sub validate_ip { my $ip = shift; my @octets = split /\./, $ip; @@ -218,7 +227,7 @@ sub validate_ip() } -sub validate_timeout() +sub validate_timeout { my $timeout = shift; return 0 if ($timeout =~ /\D/); @@ -227,7 +236,7 @@ sub validate_timeout() # check for a valid interface language -sub validate_language() +sub validate_language { my $language = shift; # check for non-alphanumeric character @@ -239,7 +248,7 @@ sub validate_language() # check for a valid documentation language -sub validate_doc_language() +sub validate_doc_language { my $language = shift; # check for non-alphanumeric character @@ -298,7 +307,7 @@ if ( ! &check_ssl()) { ################ umount_do ####################### if ($action eq 'umount_do') { if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); @@ -321,7 +330,7 @@ if ( ! &check_ssl()) { } elsif ($action eq 'mount_do') { # mount requested if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); @@ -347,7 +356,7 @@ if ( ! &check_ssl()) { ################## mount_ask ####################### } elsif ($action eq 'mount_ask') { if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif (&check_init_running()) { $pagedata->setValue('Data.Warning', 'InitNotFinished'); @@ -361,7 +370,7 @@ if ( ! &check_ssl()) { ################# umount_ask ######################## } elsif ($action eq 'umount_ask') { if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } elsif ( ! &check_mounted()) { $pagedata->setValue('Data.Warning', 'NotMounted'); @@ -382,7 +391,11 @@ if ( ! &check_ssl()) { } #################### init_do ######################## } elsif ($action eq 'init_do') { - if ($query->param('admin_password') ne $query->param('admin_password2')) { + my $admin_pw = &get_admin_pw; + if ($admin_pw ne '' && $admin_pw ne $query->param('admin_password')) + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'init_form'); + } elsif ($query->param('admin_password') ne $query->param('admin_password2')) { # different admin-passwords $pagedata->setValue('Data.Warning', 'DifferentAdminPasswords'); $pagedata->setValue('Data.Action', 'init_form'); @@ -411,7 +424,7 @@ if ( ! &check_ssl()) { #################### config_ask ###################### } elsif ($action eq 'config_ask') { if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } else { $pagedata->setValue('Data.Action', 'config_form'); @@ -419,46 +432,49 @@ if ( ! &check_ssl()) { #################### config_do ####################### } elsif ($action eq 'config_do') { if ( ! &check_config()) { - $pagedata->setValue('Data.Warning', 'NotConfigured'); + $pagedata->setValue('Data.Warning', 'NotInitialized'); $pagedata->setValue('Data.Action', 'init_form'); } else { - if ( ! &validate_language($query->param('language'))) { - $pagedata->setValue('Data.Warning', 'InvalidLanguage'); - $pagedata->setValue('Data.Action', 'config_form'); + my $admin_pw = &get_admin_pw; + if ( $admin_pw ne '' && $admin_pw ne $query->param('admin_password')) + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'config_form'); + } elsif ( ! &validate_language($query->param('language'))) { + $pagedata->setValue('Data.Warning', 'InvalidLanguage'); + $pagedata->setValue('Data.Action', 'config_form'); } elsif ( ! &validate_ip($query->param('ip'))) { - $pagedata->setValue('Data.Warning', 'InvalidIP'); - $pagedata->setValue('Data.Action', 'config_form'); + $pagedata->setValue('Data.Warning', 'InvalidIP'); + $pagedata->setValue('Data.Action', 'config_form'); } elsif ( ! &validate_timeout($query->param('timeout'))) { - $pagedata->setValue('Data.Warning', 'InvalidTimeOut'); - $pagedata->setValue('Data.Action', 'config_form'); + $pagedata->setValue('Data.Warning', 'InvalidTimeOut'); + $pagedata->setValue('Data.Action', 'config_form'); } else { - system("$CB_SCRIPT", "set_config", "language", $query->param('language')); - system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout')); - # check, if the ip was reconfigured - if ($query->param('ip') ne `$CB_SCRIPT get_config ip`) - { - # set the new value - system("$CB_SCRIPT", "set_config", "ip", $query->param('ip')); - # reconfigure the network interface - system("$CB_SCRIPT", "update_ip_address"); - # redirect to the new address - $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'}); - $pagedata->setValue('Data.Redirect.Delay', "5"); - # display a warning for the redirection - $pagedata->setValue('Data.Warning', 'IPAddressChanged'); - } - - # check for success - if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) { - $pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed'); - } elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) { - $pagedata->setValue('Data.Warning', 'ConfigIPFailed'); - } elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) { - $pagedata->setValue('Data.Warning', 'ConfigLanguageFailed'); - } else { - $pagedata->setValue('Data.Success', 'ConfigSaved'); - } - $pagedata->setValue('Data.Action', 'intro'); + system("$CB_SCRIPT", "set_config", "language", $query->param('language')); + system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout')); + # check, if the ip was reconfigured + if ($query->param('ip') ne `$CB_SCRIPT get_config ip`) + { + # set the new value + system("$CB_SCRIPT", "set_config", "ip", $query->param('ip')); + # reconfigure the network interface + system("$CB_SCRIPT", "update_ip_address"); + # redirect to the new address + $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'}); + $pagedata->setValue('Data.Redirect.Delay', "5"); + # display a warning for the redirection + $pagedata->setValue('Data.Warning', 'IPAddressChanged'); + } + # check for success + if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) { + $pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed'); + } elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) { + $pagedata->setValue('Data.Warning', 'ConfigIPFailed'); + } elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) { + $pagedata->setValue('Data.Warning', 'ConfigLanguageFailed'); + } else { + $pagedata->setValue('Data.Success', 'ConfigSaved'); + } + $pagedata->setValue('Data.Action', 'intro'); } } #################### show_log ####################### @@ -502,6 +518,9 @@ $pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0); my $output = &get_current_ip(); $pagedata->setValue('Data.Status.IP', "$output"); +$output = &get_admin_pw(); +$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne ''); + $output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#
#'`; $pagedata->setValue('Data.PartitionInfo',"$output");