Browse Source

background part of initialization is always done via 'at'

improved test for 'is_init_running'
change IP address after reconfiguration and redirect to new URL
display a warning after reconfiguration of IP address
log warning, if config partition could not be unmounted
actions 'reboot' and 'poweroff' are now handled by 'cbox-manage.sh'
master
lars 17 years ago
parent
commit
98e4b4e4b7
  1. 56
      cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
  2. 9
      cbox-tree.d/usr/share/cryptobox/lang/de.hdf
  3. 26
      cbox-tree.d/var/www/cgi-bin/cryptobox.pl

56
cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh

@ -180,9 +180,22 @@ function is_crypto_mounted()
function is_init_running()
{
#ps -e | grep -q -E "$MKFS_DATA|$WIPE"
# this line is good for the "at" stuff - see cryptobox.pl
[ -n "$(at -l)" ]
check_at_command_queue " box-init-bg"
}
# check if a specified command is in an at-queue
# Parameter: a regular expression of the commandline
# Return: the command is part of an at-queue (0) or not (1)
function check_at_command_queue()
{
# 1) get the available job numbers
# 2) remove empty lines (especially the last one)
# 3) check every associated command for the regexp
at -l | cut -f 1 -d " " | while read jobnum
do at -c $jobnum | sed '/^$/d' | tail -1 | grep -q "$1" && return 0
done
return 1
}
@ -284,8 +297,7 @@ function init_cryptobox_part1()
function init_cryptobox_part2()
# some things to be done in the background
# these are the final steps of initialisation
# thuid must be changed at the first time, therfore it needs to be
# mounted
# the uid must be changed initially, therfore it needs to be mounted
{
mkfs_crypto
mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
@ -311,7 +323,7 @@ ACTION=help
case "$ACTION" in
config-up )
# die cruft option hilft vielleicht bei dem Fehler "interleaved files not (yet) supported"
# the "cruft" option could help to prevent the error "interleaved files not (yet) supported"
mount -o remount,cruft /
if mount_config
then echo "Cryptobox configuration successfully loaded"
@ -319,7 +331,7 @@ case "$ACTION" in
fi
;;
config-down )
mount | grep -q " $CONFIG_DIR" && umount "$CONFIG_DIR"
umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
;;
network-up )
kudzu -s -q --class network
@ -328,7 +340,7 @@ case "$ACTION" in
log_msg "Configured $NET_IFACE for $conf_ip ..."
echo "Configured network interface for $NET_IFACE: $conf_ip"
log_msg "Starting the firewall ..."
$FIREWALL_SCRIPT start
"$FIREWALL_SCRIPT" start
# start stunnel
if [ -f "$CERT_FILE" ]
then USE_CERT=$CERT_FILE
@ -358,8 +370,10 @@ case "$ACTION" in
/etc/init.d/thttpd stop
;;
box-init )
# this is good for commandline only, as it takes a lot of time
init_cryptobox_complete >>"$LOG_FILE" 2>&1
# do complete initialization
"$0" box-init-fg
# the background part will recall itself as an at-command
"$0" box-init-bg
;;
box-init-fg )
# only partitioning and configuration
@ -371,7 +385,12 @@ case "$ACTION" in
box-init-bg )
# do it in the background to provide a smoother web interface
# messages and errors get written to $LOG_FILE
init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
# make sure, that this is always called via 'at':
if check_at_command_queue " box-init-bg"
then init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
else echo -n "'$0' box-init-bg" | at now
fi
;;
is_crypto_mounted )
is_crypto_mounted
@ -382,6 +401,11 @@ case "$ACTION" in
is_init_running )
is_init_running
;;
update_ip_address )
# reconfigure the network interface to a new IP address
# wait for 15 seconds to finish present http requests
echo -n "sleep 15; ifconfig $NET_IFACE `get_config ip`" | at now
;;
crypto-mount )
mount_crypto
;;
@ -399,6 +423,16 @@ case "$ACTION" in
diskinfo )
$SFDISK -L -q -l `find_harddisk`
;;
poweroff )
is_crypto_mounted && umount_crypto
log_msg "Turning off the CryptoBox ..."
echo "poweroff" | at now
;;
reboot )
is_crypto_mounted && umount_crypto
log_msg "Rebooting the CryptoBox ..."
echo "reboot" | at now
;;
get_current_ip )
get_current_ip
;;

9
cbox-tree.d/usr/share/cryptobox/lang/de.hdf

@ -104,6 +104,11 @@ Lang {
Title = Ung&uuml;ltige Zeitabschaltung
Text = Der ausgew&auml;hlte Wert der Zeitabschaltung ist nicht g&uuml;ltig!
}
IPAddressChanged {
Title = &Auml;nderung der Netzwerk-Adresse
Text = Die Netzwerk-Adresse der CryptoBox wurde ver&auml;ndert. In wenigen Sekunden werden sie zu der neuen Adresse umgeleitet.
}
}
@ -130,12 +135,12 @@ Lang {
PowerOff {
Title = Abschaltung
Text = Die CryptoBox wird gerade heruntergefahren. Sp&auml;testens in ein paar Minuten kannst du sie ausschalten.
Text = Die CryptoBox wird gerade heruntergefahren. In wenigen Sekunden k&ouml;nnen sie sie ausschalten (falls dies nicht automatisch geschieht).
}
ReBoot {
Title = Neustart
Text = Die CryptoBox wird gerade neu gestartet. Sp&auml;testens in ein paar Minuten ist sie wieder verf&uuml;gbar.
Text = Die CryptoBox wird gerade neu gestartet. In wenigen Sekunden ist sie wieder verf&uuml;gbar.
}
}

26
cbox-tree.d/var/www/cgi-bin/cryptobox.pl

@ -179,7 +179,6 @@ sub umount_vol
sub box_init
{
# TODO: redirect output to pagedata
my $pw = shift;
# partitioning, config and initial cryptsetup
@ -187,22 +186,22 @@ sub box_init
print PW_INPUT $pw;
close(PW_INPUT);
# wipe and mkfs takes some time - it will be done in background
system("echo $CB_SCRIPT box-init-bg | at now + 1 minutes >>$LOG_FILE 2>&1");
# wipe and mkfs takes some time - it will be done in the background
system("$CB_SCRIPT", "box-init-bg");
}
sub system_poweroff()
{
&umount_vol();
system("echo /sbin/poweroff | at now + 1 minutes >>$LOG_FILE 2>&1");
system("$CB_SCRIPT", "poweroff");
}
sub system_reboot()
{
&umount_vol();
system("echo /sbin/reboot | at now + 1 minutes >>$LOG_FILE 2>&1");
system("$CB_SCRIPT", "reboot");
}
@ -402,7 +401,20 @@ if ( ! &check_ssl()) {
} else {
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
# check, if the ip was reconfigured
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
{
# set the new value
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
# reconfigure the network interface
system("$CB_SCRIPT", "update_ip_address");
# redirect to the new address
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
$pagedata->setValue('Data.Redirect.Delay', "5");
# display a warning for the redirection
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
}
# TODO: check for success by comparing with new config and report success
$pagedata->setValue('Data.Success', 'ConfigSaved');
$pagedata->setValue('Data.Action', 'intro');
@ -423,7 +435,7 @@ if ( ! &check_ssl()) {
##################### pweroff #######################
} elsif ($action eq 'shutdown_ask') {
$pagedata->setValue('Data.Action', 'shutdown_form');
##################### reboot ######################
##################### reboot ########################
} elsif ($action eq 'shutdown_do') {
if ($query->param('type') eq 'reboot') {
&system_reboot();

Loading…
Cancel
Save