moving ...
This commit is contained in:
parent
8153ebd010
commit
8e98fbdf83
20 changed files with 926 additions and 1223 deletions
|
@ -1 +0,0 @@
|
|||
cbox-tree.d/usr/share/doc/cryptobox/copyright
|
590
bin/cbox-manage.sh
Executable file
590
bin/cbox-manage.sh
Executable file
|
@ -0,0 +1,590 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||
#
|
||||
# License: This script is distributed under the terms of version 2
|
||||
# of the GNU GPL. See the LICENSE file included with the package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# this script does EVERYTHING
|
||||
# all other scripts are only frontends :)
|
||||
#
|
||||
# called by:
|
||||
# - some rc-scripts
|
||||
# - the web frontend cgi
|
||||
#
|
||||
|
||||
# TODO: check permissions and owners of config files, directories and scripts before
|
||||
# running cbox-root-actions.sh
|
||||
|
||||
set -eu
|
||||
|
||||
# define reasonable defaults
|
||||
USE_STUNNEL=0
|
||||
EXEC_FIREWALL_RULES=0
|
||||
SKIP_NETWORK_CONFIG=1
|
||||
CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# parse config file
|
||||
. "$CONF_FILE"
|
||||
|
||||
# check for writable log file
|
||||
[ -w "$LOG_FILE" ] || LOG_FILE=/tmp/$(basename "$LOG_FILE")
|
||||
|
||||
## configuration
|
||||
CERT_TEMP=/tmp/stunnel.pem
|
||||
|
||||
######## stuff ##########
|
||||
|
||||
ALL_PARTITIONS=$(cat /proc/partitions | sed '1,2d; s/ */ /g; s/^ *//' | cut -d " " -f 4)
|
||||
|
||||
#########################
|
||||
|
||||
function log_msg()
|
||||
{
|
||||
# the log file is not writable during boot - try before writing ...
|
||||
[ -w "$LOG_FILE" ] || return 0
|
||||
echo >>"$LOG_FILE"
|
||||
echo "##### `date` #####" >>"$LOG_FILE"
|
||||
echo "$1" >>"$LOG_FILE"
|
||||
}
|
||||
|
||||
|
||||
function error_msg()
|
||||
# parameters: ExitCode ErrorMessage
|
||||
{
|
||||
echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2
|
||||
# print the execution stack - not usable with busybox
|
||||
# caller | sed 's/^/\t/' >&2
|
||||
exit "$1"
|
||||
}
|
||||
|
||||
|
||||
function config_set_value()
|
||||
# parameters: SettingName [SettingValue]
|
||||
# read from stdin if SettingValue is not defined
|
||||
{
|
||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config rw
|
||||
if [ $# -gt 1 ]
|
||||
then echo -n "$2" > "$CONFIG_DIR/$1"
|
||||
else cat - >"$CONFIG_DIR/$1"
|
||||
fi
|
||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config ro
|
||||
}
|
||||
|
||||
|
||||
function config_get_value()
|
||||
# parameters: SettingName
|
||||
{
|
||||
# use mounted config, if it exists - otherwise use defaults
|
||||
local conf_dir
|
||||
if is_config_active
|
||||
then conf_dir=$CONFIG_DIR
|
||||
else conf_dir=$CONFIG_DEFAULTS_DIR
|
||||
fi
|
||||
[ -z "$1" ] && error_msg 1 "empty setting name"
|
||||
# check for existence - maybe use default values (for old releases without this setting)
|
||||
if [ ! -e "$conf_dir/$1" ]
|
||||
then case "$1" in
|
||||
# you may place default values for older versions here
|
||||
# for compatibility
|
||||
* )
|
||||
error_msg 2 "unknown configuration value ($1)"
|
||||
# empty output
|
||||
;;
|
||||
esac
|
||||
else echo -n $(cat "$conf_dir/$1")
|
||||
# this removes the trailing line break
|
||||
fi
|
||||
# always return without error
|
||||
true
|
||||
}
|
||||
|
||||
|
||||
function create_config()
|
||||
# Parameter: device
|
||||
{
|
||||
local device=$1
|
||||
unload_config
|
||||
# create the new configuration filesystem if it is not static
|
||||
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
||||
then log_msg "Using static configuration ..."
|
||||
else log_msg "Creating config filesystem ..."
|
||||
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
|
||||
log_msg "Mounting config partition ..."
|
||||
sudo "$ROOT_PERM_SCRIPT" mount_config "$device"
|
||||
sudo "$ROOT_PERM_SCRIPT" remount_config rw
|
||||
fi
|
||||
log_msg "Copying configuration defaults ..."
|
||||
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
||||
|
||||
log_msg "Copying temporary certificate file to config filesystem ..."
|
||||
# beware: the temp file should always be there - even after reboot - see "load_config"
|
||||
[ "$USE_STUNNEL" = 1 ] && cp -p "$CERT_TEMP" "$CERT_FILE"
|
||||
|
||||
log_msg "Setting inital values ..."
|
||||
# beware: config_set_value remounts the config partition read-only
|
||||
config_set_value "ip" "$(get_current_ip)"
|
||||
# create database of readable names
|
||||
config_set_value "names.db" ""
|
||||
# create a marker to recognize a cryptobox partition
|
||||
# this should be the last step, to prevent a half-initialized state
|
||||
config_set_value "$CONFIG_MARKER" "$(date -I)"
|
||||
}
|
||||
|
||||
|
||||
function get_current_ip()
|
||||
# not necessarily the same as configured (necessary for validation)
|
||||
{
|
||||
# filter the output of ifconfig and remove trailing line break
|
||||
echo -n $("$IFCONFIG" "$NET_IFACE" | grep "inet" | cut -d ":" -f2 | cut -d " " -f1)
|
||||
}
|
||||
|
||||
|
||||
function list_partitions_of_type()
|
||||
# parameter: { config | crypto | plaindata | unused }
|
||||
{
|
||||
local config=
|
||||
local crypto=
|
||||
local plaindata=
|
||||
local unused=
|
||||
for a in $ALL_PARTITIONS
|
||||
do if sudo "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
|
||||
then crypto="$crypto /dev/$a"
|
||||
elif sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
|
||||
then config="$config /dev/$a"
|
||||
elif sudo "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
|
||||
then plaindata="$plaindata /dev/$a"
|
||||
else unused="$unused /dev/$a"
|
||||
fi
|
||||
done
|
||||
case "$1" in
|
||||
config | crypto | plaindata | unused )
|
||||
# dirty hack, but it works
|
||||
eval "echo \$$1"
|
||||
;;
|
||||
* )
|
||||
errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)"
|
||||
;;
|
||||
esac | tr " " "\n" | grep -v '^$'
|
||||
}
|
||||
|
||||
|
||||
function get_crypto_uuid()
|
||||
# Parameter: DEVICE
|
||||
{
|
||||
sudo "$ROOT_PERM_SCRIPT" get_device_name "$1"
|
||||
}
|
||||
|
||||
|
||||
function get_crypto_name()
|
||||
# Parameter: DEVICE
|
||||
# return the readable name of the crypto container, it it is already defined
|
||||
# if undefined - return the uuid
|
||||
{
|
||||
local uuid=$(get_crypto_uuid "$1")
|
||||
local dbname=$(config_get_value "names.db" | grep "^$uuid:" | cut -d ":" -f 2-)
|
||||
if [ -z "$dbname" ]
|
||||
then echo -n "$uuid"
|
||||
else echo -n "$dbname"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function set_crypto_name()
|
||||
# TODO: the implementation is quite ugly, but it works (tm)
|
||||
# Parameter: DEVICE NAME
|
||||
{
|
||||
local uuid=$(get_crypto_uuid "$1")
|
||||
# remove the old setting for this device and every possible entry with the same name
|
||||
(config_get_value 'names.db' | sed "/^$uuid:/d; /^[^:]*:$2$/d"; echo "$uuid:$2") | config_set_value 'names.db'
|
||||
}
|
||||
|
||||
|
||||
function does_crypto_name_exist()
|
||||
# Parameter: NAME
|
||||
{
|
||||
config_get_value 'names.db' | grep -q "^[^:]*:$1$"
|
||||
}
|
||||
|
||||
|
||||
function create_crypto()
|
||||
# Parameter: DEVICE NAME KEYFILE
|
||||
# keyfile is necessary, to allow background execution via 'at'
|
||||
# TODO: check if the keyfile is still necessary for sudo -b
|
||||
{
|
||||
local device=$1
|
||||
local name=$2
|
||||
local keyfile=$3
|
||||
# otherwise the web interface will hang
|
||||
# passphrase may be passed via command line
|
||||
local key=$(<"$keyfile")
|
||||
# remove the passphrase-file as soon as possible
|
||||
dd if=/dev/zero of="$keyfile" bs=512 count=1 2>/dev/null
|
||||
rm "$keyfile"
|
||||
|
||||
log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device"
|
||||
echo "$key" | sudo "$ROOT_PERM_SCRIPT" create_crypto "$device"
|
||||
|
||||
set_crypto_name "$device" "$name"
|
||||
}
|
||||
|
||||
|
||||
function is_config_active()
|
||||
{
|
||||
test -f "$CONFIG_DIR/$CONFIG_MARKER"
|
||||
}
|
||||
|
||||
|
||||
function is_crypto_mounted()
|
||||
# Parameter: DEVICE
|
||||
{
|
||||
local name=$(get_crypto_uuid "$1")
|
||||
[ -n "$name" ] && mountpoint -q "$MNT_PARENT/$name"
|
||||
}
|
||||
|
||||
|
||||
function is_init_running()
|
||||
{
|
||||
check_at_command_queue " init"
|
||||
}
|
||||
|
||||
|
||||
# check if a specified command is in an at-queue
|
||||
# Parameter: a regular expression of the commandline
|
||||
# Return: the command is part of an at-queue (0) or not (1)
|
||||
function check_at_command_queue()
|
||||
{
|
||||
# 1) get the available job numbers
|
||||
# 2) remove empty lines (especially the last one)
|
||||
# 3) check every associated command for the regexp
|
||||
at -l | cut -f 1 | while read jobnum
|
||||
do at -c $jobnum | sed '/^$/d' | tail -1
|
||||
done | grep -q "$1"
|
||||
}
|
||||
|
||||
|
||||
function find_harddisk()
|
||||
# look for the harddisk to be partitioned
|
||||
{
|
||||
local device=$(get_available_disks | head -1)
|
||||
if [ -z "$device" ] ; then
|
||||
log_msg "no valid harddisk for initialisation found!"
|
||||
cat /proc/partitions >>"$LOG_FILE"
|
||||
# do not return with an error, to avoid a failing of the script ('break on error')
|
||||
# the caller of this function should handle an empty return string
|
||||
fi
|
||||
echo -n "$device"
|
||||
}
|
||||
|
||||
|
||||
function get_available_disks()
|
||||
# looks which allowed disks are at the moment connected with the cbox
|
||||
{
|
||||
for scan in $SCAN_DEVICES
|
||||
do for avail in $ALL_PARTITIONS
|
||||
do [ "$scan" = "$avail" ] && echo "/dev/$avail"
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
function load_config()
|
||||
{
|
||||
unload_config
|
||||
local status=0
|
||||
# look for a configuration partition
|
||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
||||
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
||||
do log_msg "Trying to load configuration from /dev/$part ..."
|
||||
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
||||
then log_msg "configuraton found on $part"
|
||||
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
||||
status=1
|
||||
fi
|
||||
done
|
||||
if is_config_active
|
||||
then # copy certificate to /tmp in case of re-initialization
|
||||
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
||||
[ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
|
||||
else log_msg "failed to locate config partition"
|
||||
return 1
|
||||
fi
|
||||
true
|
||||
}
|
||||
|
||||
|
||||
function unload_config()
|
||||
{
|
||||
is_config_active || return
|
||||
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
||||
if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
||||
then sudo "$ROOT_PERM_SCRIPT" umount_config
|
||||
else true
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
function mount_crypto()
|
||||
# Parameter: DEVICE
|
||||
{
|
||||
local device=$1
|
||||
[ -z "$device" ] && error_msg 4 'No valid harddisk found!' && return 1
|
||||
is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return
|
||||
# passphrase is read from stdin
|
||||
log_msg "Mounting a crypto partition from $device"
|
||||
sudo "$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
|
||||
}
|
||||
|
||||
|
||||
function umount_crypto()
|
||||
# Parameter: DEVICE
|
||||
{
|
||||
local device=$1
|
||||
local uuid=$(get_crypto_uuid $device)
|
||||
sudo "$ROOT_PERM_SCRIPT" umount "$uuid"
|
||||
}
|
||||
|
||||
|
||||
function box_purge()
|
||||
# removing just the first bytes from the harddisk should be enough
|
||||
# every harddisk will be overriden!
|
||||
{
|
||||
# TODO: not ALL harddisks, please!
|
||||
get_available_disks | while read a
|
||||
do log_msg "Purging $a ..."
|
||||
sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
function init_cryptobox()
|
||||
# this is only the first part of initialisation that takes no time - good for a smooth web interface
|
||||
{
|
||||
local device=$(find_harddisk)
|
||||
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
||||
turn_off_all_crypto
|
||||
unload_config || true
|
||||
log_msg "Partitioning the device ($device) ..."
|
||||
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
||||
log_msg "Initializing config partition on ${device}1 ..."
|
||||
# TODO: this should not be hard-coded
|
||||
create_config "${device}1"
|
||||
}
|
||||
|
||||
|
||||
function turn_off_all_crypto()
|
||||
{
|
||||
list_crypto_containers | while read a
|
||||
do is_crypto_mounted "$a" && umount_crypto "$a"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
### main ###
|
||||
|
||||
# set PATH because thttpd removes /sbin and /usr/sbin for cgis
|
||||
export PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
|
||||
ACTION=help
|
||||
[ $# -gt 0 ] && ACTION=$1 && shift
|
||||
|
||||
case "$ACTION" in
|
||||
config-up )
|
||||
if load_config
|
||||
then echo "Cryptobox configuration successfully loaded"
|
||||
else error_msg 0 "Could not find a configuration partition!"
|
||||
fi
|
||||
;;
|
||||
config-down )
|
||||
unload_config || error_msg 4 "Could not unmount configuration partition"
|
||||
;;
|
||||
network-up )
|
||||
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||
then conf_ip=$(config_get_value "ip")
|
||||
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
||||
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
||||
"$IFCONFIG" "$NET_IFACE" "$conf_ip"
|
||||
fi
|
||||
if [ "$EXEC_FIREWALL_RULES" = 1 ]
|
||||
then log_msg "Starting the firewall ..."
|
||||
"$FIREWALL_SCRIPT" start
|
||||
fi
|
||||
if [ "$USE_STUNNEL" = 1 ]
|
||||
then # start stunnel
|
||||
if [ -f "$CERT_FILE" ]
|
||||
then USE_CERT=$CERT_FILE
|
||||
else USE_CERT=$CERT_TEMP
|
||||
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
|
||||
# TODO: this could be dangerous - right?
|
||||
# this is necessary, to allow www-data to copy the certificate
|
||||
chown "$WEB_USER" "$CERT_TEMP"
|
||||
fi
|
||||
log_msg "Starting stunnel ..."
|
||||
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|
||||
|| echo "$USE_CERT not found - not starting stunnel"
|
||||
fi
|
||||
;;
|
||||
network-down )
|
||||
if [ "$EXEC_FIREWALL_RULES" = 1 ]
|
||||
then log_msg "Stopping the firewall ..."
|
||||
"$FIREWALL_SCRIPT" stop
|
||||
fi
|
||||
if [ "$USE_STUNNEL" = 1 ]
|
||||
then log_msg "Stopping stunnel ..."
|
||||
# TODO: what about a pid?
|
||||
killall stunnel 2>/dev/null || true
|
||||
fi
|
||||
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||
then log_msg "Shutting the network interface down ..."
|
||||
"$IFCONFIG" "$NET_IFACE" down
|
||||
fi
|
||||
;;
|
||||
services-up )
|
||||
# the mount point has to be writeable
|
||||
# this action is called as root - so we are allowed to umount
|
||||
# TODO: do this only for ro-filesystem
|
||||
# TODO: this way of mounting is evil
|
||||
if mountpoint -q "$MNT_PARENT"
|
||||
then true
|
||||
else mount -t tmpfs tmpfs "$MNT_PARENT"
|
||||
fi
|
||||
true
|
||||
;;
|
||||
services-down )
|
||||
# this action is called as root - so we are allowed to umount
|
||||
mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT"
|
||||
# TODO: we should not depend on samba and thttpd
|
||||
# /etc/init.d/samba stop || true
|
||||
# /etc/init.d/thttpd stop || true
|
||||
true
|
||||
;;
|
||||
crypto-up )
|
||||
[ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-up'"
|
||||
mount_crypto "$1"
|
||||
;;
|
||||
crypto-down )
|
||||
[ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-down'"
|
||||
umount_crypto "$1"
|
||||
;;
|
||||
init )
|
||||
init_cryptobox </dev/null >>"$LOG_FILE" 2>&1
|
||||
;;
|
||||
crypto-create )
|
||||
# Parameter: DEVICE NAME
|
||||
[ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'"
|
||||
# do it in the background to provide a smoother web interface
|
||||
# messages and errors get written to $LOG_FILE
|
||||
keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1")
|
||||
# read the password
|
||||
cat - >"$keyfile"
|
||||
# execute it in the background
|
||||
echo "'$0' crypto-create-bg '$1' '$2' '$keyfile' </dev/null >>'$LOG_FILE' 2>&1" | at now
|
||||
;;
|
||||
crypto-create-bg )
|
||||
create_crypto "$@"
|
||||
;;
|
||||
crypto-list )
|
||||
list_partitions_of_type crypto
|
||||
;;
|
||||
crypto-list-unused )
|
||||
list_partitions_of_type unused
|
||||
;;
|
||||
crypto-name )
|
||||
# Parameter: DEVICE
|
||||
get_crypto_name "$1"
|
||||
;;
|
||||
is_crypto_mounted )
|
||||
[ $# -ne 1 ] && error_msg 10 "invalid number of parameters for 'is_crypto_mounted'"
|
||||
is_crypto_mounted "$1"
|
||||
;;
|
||||
is_config_mounted )
|
||||
is_config_active
|
||||
;;
|
||||
is_init_running )
|
||||
is_init_running
|
||||
;;
|
||||
is_harddisk_available )
|
||||
[ -z "$(find_harddisk)" ] && exit 1
|
||||
exit 0
|
||||
;;
|
||||
update_ip_address )
|
||||
# reconfigure the network interface to a new IP address
|
||||
# wait for 5 seconds to finish present http requests
|
||||
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||
then echo -n "sleep 5; sudo $ROOT_PERM_SCRIPT update_network" | at now
|
||||
fi
|
||||
;;
|
||||
get_available_disks )
|
||||
get_available_disks
|
||||
;;
|
||||
get_current_ip )
|
||||
get_current_ip
|
||||
;;
|
||||
set_config )
|
||||
[ $# -ne 2 ] && error_msg 7 "'set_config' requires two parameters"
|
||||
config_set_value "$1" "$2"
|
||||
;;
|
||||
get_config )
|
||||
[ $# -ne 1 ] && error_msg 6 "'get_config' requires exactly one parameter"
|
||||
config_get_value "$1"
|
||||
;;
|
||||
diskinfo )
|
||||
get_available_disks | while read a
|
||||
do sudo "$ROOT_PERM_SCRIPT" diskinfo "$a"
|
||||
done
|
||||
;;
|
||||
box-purge )
|
||||
log_msg "Cleaning the CryptoBox ..."
|
||||
turn_off_all_crypto
|
||||
"$0" config-down
|
||||
box_purge >>"$LOG_FILE" 2>&1
|
||||
;;
|
||||
poweroff )
|
||||
log_msg "Turning off the CryptoBox ..."
|
||||
turn_off_all_crypto
|
||||
echo "poweroff" | at now
|
||||
;;
|
||||
reboot )
|
||||
log_msg "Rebooting the CryptoBox ..."
|
||||
turn_off_all_crypto
|
||||
echo "reboot" | at now
|
||||
;;
|
||||
* )
|
||||
echo "Syntax: `basename $0` ACTION [PARAMS]"
|
||||
echo " config-up - scan for configuration partition and mount it"
|
||||
echo " config-down - unmount configuration partition"
|
||||
echo " network-up - enable network interface"
|
||||
echo " network-down - disable network interface"
|
||||
echo " services-up - run some cryptobox specific daemons"
|
||||
echo " services-down - stop some cryptobox specific daemons"
|
||||
echo " crypto-up - mount crypto partition"
|
||||
echo " crypto-down - unmount crypto partition"
|
||||
echo " box-init - initialize cryptobox (ALL data is LOST)"
|
||||
echo " box-init-fg - the first part of initialization"
|
||||
echo " box-init-bg - the last part of initialization (background)"
|
||||
echo " is_crypto_mounted - check, if crypto partition is mounted"
|
||||
echo " is_config_mounted - check, if configuration partition is mounted"
|
||||
echo " is_init_running - check, if initialization is ongoing"
|
||||
echo " is_harddisk_available - check, if there is a usable harddisk"
|
||||
echo " get_available_disks - shows all connected and allowed disks"
|
||||
echo " get_current_ip - get the current IP of the network interface"
|
||||
echo " update_ip_address - update the network interface after reconfiguration"
|
||||
echo " set_config NAME VALUE - change a configuration setting"
|
||||
echo " get_config NAME - retrieve a configuration setting"
|
||||
echo " diskinfo - show the partition table of the harddisk"
|
||||
echo " box-purge - destroy partitiontable of all harddisks (delete everything)"
|
||||
echo " poweroff - shutdown the cryptobox"
|
||||
echo " reboot - reboot the cryptobox"
|
||||
echo
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
330
bin/cbox-root-actions.sh
Executable file
330
bin/cbox-root-actions.sh
Executable file
|
@ -0,0 +1,330 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||
#
|
||||
# License: This script is distributed under the terms of version 2
|
||||
# of the GNU GPL. See the LICENSE file included with the package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
# this script is responsible for all dangerous actions, that require root privileges
|
||||
# every action should be checked at least TWICE a day for open holes :)
|
||||
# usually will get call via sudo
|
||||
#
|
||||
# called by:
|
||||
# - cbox-manage.sh
|
||||
#
|
||||
|
||||
set -eu
|
||||
|
||||
[ "$(id -u)" -ne 0 ] && echo "$(basename $0) - only root may call this script" >&2 && exit 100
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. "$CONF_FILE"
|
||||
|
||||
|
||||
############ some useful functions ###############
|
||||
|
||||
# check if the given device is part of the SCAN_DEVICE list
|
||||
# every entry in SCAN_DEVICES is matched as "^/dev/${SCAN_DEVICE}[0-9]*$" against
|
||||
# the given device
|
||||
# other devices may not be touched
|
||||
function is_device_allowed()
|
||||
# parameter: device
|
||||
{
|
||||
for a in $SCAN_DEVICES
|
||||
do [[ "$1" =~ "^/dev/${a}[0-9]*$" ]] && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
function get_device_name()
|
||||
# return the uuid of the device
|
||||
# if there is no uuid, then the device name is "flattened" and returned
|
||||
# ignore volume-id as it may be non-unique
|
||||
{
|
||||
local UUID=
|
||||
# check for luksUUID or ext2/3-uuid
|
||||
if is_luks_device "$1"
|
||||
then UUID=$("$CRYPTSETUP" luksUUID "$1")
|
||||
else [ -n "$(which dumpe2fs)" ] && UUID=$(dumpe2fs -h "$1" 2>/dev/null | grep "UUID" | cut -d ":" -f 2 | sed "s/ *//g")
|
||||
fi
|
||||
# if there is no valid UUUD, then take the flattened device name
|
||||
is_uuid_valid "$UUID" || UUID=${1//\//_}
|
||||
echo "$UUID"
|
||||
}
|
||||
|
||||
|
||||
function is_uuid_valid()
|
||||
# every devmapper name should look like a UUID
|
||||
{
|
||||
local hex=[0-9a-f]
|
||||
[[ "$1" =~ "^$hex\{8\}-$hex\{4\}-$hex\{4\}-$hex\{4\}-$hex\{12\}$" ]]
|
||||
}
|
||||
|
||||
|
||||
function error_msg()
|
||||
# parameter ExitCode ErrorMessage
|
||||
{
|
||||
echo "CBOX-ERROR: [$(basename $0) - $ACTION] - $2" >&2
|
||||
exit $1
|
||||
}
|
||||
|
||||
|
||||
function partition_device()
|
||||
# parameter: device sfdisk_layout_setup
|
||||
# e.g.: /dev/hda "0,1,L \n,,L\n"
|
||||
{
|
||||
# TODO: allow different layouts
|
||||
# TODO: skip config partition if a configuration is already active
|
||||
# sfdisk -n doesn't actually write (for testing purpose)
|
||||
if echo -e "$2" | "$SFDISK" -n "$1"
|
||||
then echo -e "$2" | "$SFDISK" "$1" || return 1
|
||||
else return 2
|
||||
fi
|
||||
true
|
||||
}
|
||||
|
||||
|
||||
function is_luks_device()
|
||||
# parameter: device
|
||||
{
|
||||
"$CRYPTSETUP" isLuks "$1"
|
||||
}
|
||||
|
||||
|
||||
################ main ####################
|
||||
|
||||
ACTION=unknown
|
||||
[ $# -gt 0 ] && ACTION=$1 && shift
|
||||
|
||||
|
||||
case "$ACTION" in
|
||||
partition_disk )
|
||||
[ $# -ne 2 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
partition_device "$1" "$2" || \
|
||||
error_msg 2 "failed to create new partition table on device $1"
|
||||
;;
|
||||
mount )
|
||||
# parameters: device
|
||||
# returns the relative name of the mointpoint for success
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
name=$(get_device_name "$1")
|
||||
mountpoint -q "$MNT_PARENT/$name" && \
|
||||
error_msg 5 "a device with the same name ($name) is already mounted"
|
||||
mkdir -p "$MNT_PARENT/$name"
|
||||
if is_luks_device "$1"
|
||||
then "$CRYPTSETUP" luksOpen "$1" "$name" || \
|
||||
error_msg 6 "could not open encrypted device $1"
|
||||
if mount "$DEV_MAPPER_DIR/$name" "$MNT_PARENT/$name"
|
||||
then true
|
||||
else "$CRYPTSETUP" luksClose "$name" || true
|
||||
error_msg 7 "wrong password for $1 supplied"
|
||||
fi
|
||||
else mount "$1" "$MNT_PARENT/$name" || \
|
||||
error_msg 8 "invalid filesystem on device $1"
|
||||
fi
|
||||
# just in case, that there is no ext2/3 filesystem:
|
||||
# set uid option (will fail silently for ext2/3)
|
||||
mount -o remount,uid="$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true
|
||||
# adapt top-level permission to current setup - again: may fail silently
|
||||
chown "$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true
|
||||
true
|
||||
;;
|
||||
umount )
|
||||
#parameter: name (relative mountpoint)
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_uuid_valid "$1" || [[ "$1" =~ "^[_a-z0-9]*$" ]] || \
|
||||
error_msg 4 "invalid UUID ($1)"
|
||||
mountpoint -q "$MNT_PARENT/$1" || \
|
||||
error_msg 9 "the device with the UUID ($1) is not mounted"
|
||||
# try to unmount - continue even on errors
|
||||
umount "$MNT_PARENT/$1" || \
|
||||
error_msg 0 "unmount of device $1 failed - device is busy"
|
||||
# remove (if necessary) the dev mapping
|
||||
[ -e "$DEV_MAPPER_DIR/$1" ] && "$CRYPTSETUP" luksClose "$1" || \
|
||||
error_msg 11 "could not remove the device mapper for device $1"
|
||||
# try to remove the mountpoint - a failure is not important
|
||||
rmdir "$MNT_PARENT/$1" || true
|
||||
# set exitcode
|
||||
mountpoint -q "$MNT_PARENT/$1" && exit 1
|
||||
exit 0
|
||||
;;
|
||||
create_crypto )
|
||||
# parameter: device
|
||||
# the passphrase is expected on stdin
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
# read the passphrase from stdin
|
||||
key=$(cat -)
|
||||
# the iter-time is in milliseconds - keep it low for fast mounting
|
||||
echo "$key" | \
|
||||
"$CRYPTSETUP" --cipher "$DEFAULT_CIPHER" --iter-time 2000 luksFormat "$1" || \
|
||||
error_msg 11 "failed to create the encrypted partition"
|
||||
name=$(get_device_name "$1")
|
||||
echo "$key" | "$CRYPTSETUP" luksOpen "$1" "$name" || \
|
||||
error_msg 12 "failed to open the encrypted partition"
|
||||
# silent output from mkfs.ext3
|
||||
"$MKFS_DATA" -q "$DEV_MAPPER_DIR/$name" || \
|
||||
error_msg 13 "failed to create the encrypted filesystem"
|
||||
"$CRYPTSETUP" luksClose "$name" || \
|
||||
error_msg 14 "failed to close the encrypted mapped device"
|
||||
;;
|
||||
get_device_name )
|
||||
# parameter: device
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
get_device_name "$1"
|
||||
;;
|
||||
mount_config )
|
||||
# parameter: device
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
[ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \
|
||||
error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
mountpoint -q "$CONFIG_DIR" && \
|
||||
error_msg 0 "the configuration partition is already mounted"
|
||||
"$MKFS_CONFIG" -q "$1" || \
|
||||
error_msg 20 "failed to create config partition filesystem"
|
||||
;;
|
||||
mount_config )
|
||||
# parameter: device
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
[ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \
|
||||
error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
mountpoint -q "$CONFIG_DIR" && \
|
||||
error_msg 0 "the configuration partition is already mounted"
|
||||
mount "$1" "$CONFIG_DIR" || \
|
||||
error_msg 16 "failed to mount configuration partition"
|
||||
# chown to fix permissions - may fail for non-ext2/3 filesystems
|
||||
chown -R "$WEB_USER" "$CONFIG_DIR" || true
|
||||
mount -o remount,ro "$CONFIG_DIR" || \
|
||||
error_msg 18 "failed to remount configuration partition"
|
||||
true
|
||||
;;
|
||||
remount_config )
|
||||
# parameter: { ro | rw }
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
[ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \
|
||||
error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)"
|
||||
[[ "$1" =~ "^r[ow]$" ]] || error_msg 17 "only 'rw' and 'ro' are allowed"
|
||||
mount -o "remount,$1" "$CONFIG_DIR" || \
|
||||
error_msg 18 "failed to remount configuration partition"
|
||||
true
|
||||
;;
|
||||
umount_config )
|
||||
# no parameters
|
||||
[ $# -ne 0 ] && error_msg 1 "wrong number of parameters"
|
||||
[ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \
|
||||
error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)"
|
||||
mountpoint -q "$CONFIG_DIR" && umount "$CONFIG_DIR" || \
|
||||
error_msg 18 "failed to unmount configuration partition"
|
||||
;;
|
||||
is_config_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a configuration
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
[ "$USE_SEPERATE_CONFIG_DIR" != "1" ] && \
|
||||
error_msg 19 "I am configured to work without a seperate config partition (see $CONF_FILE)"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
is_config=0
|
||||
tmp_dir=/tmp/$(basename $0)-$$-mnt
|
||||
mkdir -p "$tmp_dir"
|
||||
# error means "no config partition"
|
||||
if mount "$1" "$CONFIG_DIR"
|
||||
then [ -e "$CONFIG_DIR/$CONFIG_MARKER" ] && is_config=1
|
||||
umount "$CONFIG_DIR" || \
|
||||
error_msg 14 "unable to unmount configation partition after probing"
|
||||
fi
|
||||
rmdir "$tmp_dir" || true
|
||||
# return 0 if $device is a config partition
|
||||
[ "$is_config" -eq 1 ] && exit 0
|
||||
exit 1
|
||||
;;
|
||||
is_crypto_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a luks header
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
is_luks_device "$1"
|
||||
;;
|
||||
is_data_partition )
|
||||
# parameter: device
|
||||
# returns exitcode 0 if the device contains a readable filesystem
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
status=0
|
||||
tmp_dir=/tmp/$(basename $0)-$$-mnt
|
||||
mkdir -p "$tmp_dir"
|
||||
if mount "$1" "$tmp_dir"
|
||||
then [ ! -e "$tmp_dir/$CONFIG_MARKER" ] && status=1
|
||||
umount "$tmp_dir"
|
||||
fi
|
||||
rmdir "$tmp_dir" || true
|
||||
[ "$status" -eq 1 ] && exit 0
|
||||
exit 1
|
||||
;;
|
||||
trash_device )
|
||||
# parameter: device
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
dd if=/dev/urandom of="$1" bs=512 count=1 2>/dev/null
|
||||
;;
|
||||
diskinfo )
|
||||
# parameter: device
|
||||
[ $# -ne 1 ] && error_msg 1 "wrong number of parameters"
|
||||
is_device_allowed "$1" || \
|
||||
error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)"
|
||||
"$SFDISK" -L -q -l "$1"
|
||||
;;
|
||||
update_network )
|
||||
# parameter: none
|
||||
ip=
|
||||
# TODO: can we avoid to hard-code the filename ($CONFIG_DIR/ip) here?
|
||||
[ -e "$CONFIG_DIR/ip" ] && ip=$(<"$CONFIG_DIR/ip")
|
||||
[ -n "$z" ] && ifconfig "$NET_IFACE" "$ip"
|
||||
;;
|
||||
* )
|
||||
echo "Syntax: $(basename $0) ACTION PARAMETERS"
|
||||
echo ' partition_disk $device $disk_layout'
|
||||
echo ' get_device_name $device'
|
||||
echo ' create_crypto $device'
|
||||
echo ' mount $device'
|
||||
echo ' umount $name'
|
||||
echo ' create_config $device'
|
||||
echo ' mount_config $device'
|
||||
echo ' remount_config { ro | rw }'
|
||||
echo ' umount_config'
|
||||
echo ' is_config_partition $device'
|
||||
echo ' is_plaindata_partition $device'
|
||||
echo ' is_crypto_partition $device'
|
||||
echo ' trash_device $device'
|
||||
echo ' diskinfo $device'
|
||||
echo ' update_network'
|
||||
echo ' help'
|
||||
echo
|
||||
[ "$ACTION" == "help" ] && exit 0
|
||||
# return error for any unknown/unspecified action
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
|
@ -1 +0,0 @@
|
|||
link cbox-tree.d/usr/share/doc/cryptobox/changelog.gz
|
Binary file not shown.
Before Width: | Height: | Size: 42 KiB |
Binary file not shown.
Before Width: | Height: | Size: 52 KiB |
Binary file not shown.
Before Width: | Height: | Size: 7 KiB |
1048
cover/cover_de.pdf
1048
cover/cover_de.pdf
File diff suppressed because it is too large
Load diff
Binary file not shown.
Binary file not shown.
Binary file not shown.
6
debian/README.Debian
vendored
Normal file
6
debian/README.Debian
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
CryptoBox for Debian - installation notes
|
||||
|
||||
be aware of two things:
|
||||
1) you need cryptsetup with luks support (for now only in unstable)
|
||||
2) the debian perl-clearsilver package is broken (at least until April 02006)
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
CryptoBox for Debian - installation notes
|
||||
|
||||
1) additional dependencies
|
||||
you need the following packages, which are not (yet) part of the main debian distribution:
|
||||
* cryptsetup_luks - http://luks.endorphin.org/masses
|
||||
* clearsilver for perl (>=0.9.14) - http://www.clearsilver.net/downloads/
|
||||
|
||||
|
||||
2) cgi-bin
|
||||
If you do not use thttpd as your webserver, you should add the cgi-bin path to
|
||||
your script directory. For apache this would be something like the following:
|
||||
(file /etc/apache???/conf.d/cryptobox)
|
||||
Alias /cryptobox-misc /var/www/cryptobox-misc
|
||||
ScriptAlias /cryptobox /usr/lib/cgi-bin/cryptobox.pl
|
||||
|
||||
|
||||
-- Lars Kruse <devel@sumpfralle.de> Sun, 4 Dec 2005 21:05:45 +0100
|
||||
|
|
@ -1 +0,0 @@
|
|||
$Revision$
|
|
@ -1,65 +0,0 @@
|
|||
#
|
||||
# OpenSSL configuration file.
|
||||
#
|
||||
|
||||
# Establish working directory.
|
||||
|
||||
dir = .
|
||||
|
||||
[ ca ]
|
||||
default_ca = CA_default
|
||||
|
||||
[ CA_default ]
|
||||
default_days = 3650
|
||||
default_md = md5
|
||||
policy = policy_match
|
||||
#serial = $dir/serial
|
||||
#database = $dir/index.txt
|
||||
#new_certs_dir = $dir/newcert
|
||||
#certificate = $dir/cacert.pem
|
||||
#private_key = $dir/private/cakey.pem
|
||||
#preserve = no
|
||||
#email_in_dn = no
|
||||
#nameopt = default_ca
|
||||
#certopt = default_ca
|
||||
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = match
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[ req ]
|
||||
default_bits = 1024 # Size of keys
|
||||
default_keyfile = stunnel.pem # name of generated keys
|
||||
default_md = md5 # message digest algorithm
|
||||
distinguished_name = req_distinguished_name
|
||||
|
||||
[ req_distinguished_name ]
|
||||
# Variable name Prompt string
|
||||
#---------------------- ----------------------------------
|
||||
0.organizationName = Organization Name (company)
|
||||
organizationalUnitName = Organizational Unit Name (department, division)
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 40
|
||||
localityName = Locality Name (city, district)
|
||||
stateOrProvinceName = State or Province Name (full name)
|
||||
#countryName = Country Name (2 letter code)
|
||||
#countryName_min = 2
|
||||
#countryName_max = 2
|
||||
#commonName = Common Name (hostname, IP, or your name)
|
||||
#commonName_max = 64
|
||||
|
||||
# Default values for the above, for consistency and less typing.
|
||||
# Variable name Value
|
||||
#------------------------------ ------------------------------
|
||||
0.organizationName_default = CryptoBox
|
||||
organizationalUnitName_default = s.l.
|
||||
localityName_default = Kugelmugel
|
||||
stateOrProvinceName_default = Metropolis
|
||||
emailAddress_default = info@systemausfall.org
|
||||
|
||||
|
||||
|
|
@ -1,89 +0,0 @@
|
|||
#!/bin/sh
|
||||
set -eu
|
||||
#
|
||||
# we give some hints for users, sitting in front of the cryptobox waiting for a login prompt
|
||||
#
|
||||
|
||||
# check if the cryptobox is installed
|
||||
[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# startup switch defaults to zero (enabled)
|
||||
NO_START=${NO_START:-0}
|
||||
# check startup switch
|
||||
if [ "$NO_START" = "1" ]
|
||||
then [ $# -eq 0 ] && exit 0
|
||||
[ "$1" = "status" ] && exit 1
|
||||
[ "$1" = "stop" ] && exit 0
|
||||
echo "CryptoBox is disabled by default"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# stop-on-errors
|
||||
set -eu
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
|
||||
# parse config file
|
||||
if [ -e "$CONF_FILE" ]
|
||||
then . "$CONF_FILE"
|
||||
else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
start )
|
||||
# stop if already running
|
||||
"$0" status && "$0" stop
|
||||
# initialize
|
||||
"$CB_SCRIPT" config-up
|
||||
"$CB_SCRIPT" network-up
|
||||
"$CB_SCRIPT" services-up
|
||||
# check if we are on a developers CryptoBox
|
||||
# if not give some usage hints
|
||||
# otherwise give a warning and start the devel features
|
||||
if [ ! -e "$DEV_FEATURES_SCRIPT" ]; then
|
||||
echo
|
||||
echo "How to use the CryptoBox:"
|
||||
echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)/cryptobox'"
|
||||
echo " * configure your CryptoBox via a webbrowser"
|
||||
echo
|
||||
else
|
||||
echo
|
||||
echo "+---------------------------------------------------------------+"
|
||||
echo "| WARNING: Some CryptoBox development features are enabled |"
|
||||
echo "| This should definitely NOT happen for a production CD. |"
|
||||
echo "| as it offers no security at all. |"
|
||||
echo "| If you don't plan to refine this CD, don't use it! |"
|
||||
echo "+---------------------------------------------------------------+"
|
||||
echo
|
||||
"$DEV_FEATURES_SCRIPT" "$@"
|
||||
fi
|
||||
true
|
||||
;;
|
||||
stop )
|
||||
# exit if not running
|
||||
"$0" status || exit 0
|
||||
# shut down
|
||||
"$CB_SCRIPT" services-down
|
||||
"$CB_SCRIPT" network-down
|
||||
"$CB_SCRIPT" config-down
|
||||
;;
|
||||
restart | reload | force-reload )
|
||||
$0 stop
|
||||
$0 start
|
||||
;;
|
||||
status )
|
||||
if "$CB_SCRIPT" is_config_mounted
|
||||
then exit 0
|
||||
else exit 1
|
||||
fi
|
||||
;;
|
||||
* )
|
||||
echo "Syntax: $0 { start | stop | restart | reload | force-reload | status }"
|
||||
;;
|
||||
esac
|
||||
|
Loading…
Add table
Add a link
Reference in a new issue