From 98e4b4e4b7953a2c4e9125ec180e1330f8b9d1d2 Mon Sep 17 00:00:00 2001 From: lars Date: Sun, 28 Aug 2005 14:16:35 +0000 Subject: [PATCH] background part of initialization is always done via 'at' improved test for 'is_init_running' change IP address after reconfiguration and redirect to new URL display a warning after reconfiguration of IP address log warning, if config partition could not be unmounted actions 'reboot' and 'poweroff' are now handled by 'cbox-manage.sh' --- cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh | 56 ++++++++++++++++---- cbox-tree.d/usr/share/cryptobox/lang/de.hdf | 9 +++- cbox-tree.d/var/www/cgi-bin/cryptobox.pl | 26 ++++++--- 3 files changed, 71 insertions(+), 20 deletions(-) diff --git a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh index 2a6ff95..807f77c 100755 --- a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh +++ b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh @@ -180,9 +180,22 @@ function is_crypto_mounted() function is_init_running() { - #ps -e | grep -q -E "$MKFS_DATA|$WIPE" - # this line is good for the "at" stuff - see cryptobox.pl - [ -n "$(at -l)" ] + check_at_command_queue " box-init-bg" +} + + +# check if a specified command is in an at-queue +# Parameter: a regular expression of the commandline +# Return: the command is part of an at-queue (0) or not (1) +function check_at_command_queue() +{ + # 1) get the available job numbers + # 2) remove empty lines (especially the last one) + # 3) check every associated command for the regexp + at -l | cut -f 1 -d " " | while read jobnum + do at -c $jobnum | sed '/^$/d' | tail -1 | grep -q "$1" && return 0 + done + return 1 } @@ -284,8 +297,7 @@ function init_cryptobox_part1() function init_cryptobox_part2() # some things to be done in the background # these are the final steps of initialisation -# thuid must be changed at the first time, therfore it needs to be -# mounted +# the uid must be changed initially, therfore it needs to be mounted { mkfs_crypto mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR" @@ -311,7 +323,7 @@ ACTION=help case "$ACTION" in config-up ) - # die cruft option hilft vielleicht bei dem Fehler "interleaved files not (yet) supported" + # the "cruft" option could help to prevent the error "interleaved files not (yet) supported" mount -o remount,cruft / if mount_config then echo "Cryptobox configuration successfully loaded" @@ -319,7 +331,7 @@ case "$ACTION" in fi ;; config-down ) - mount | grep -q " $CONFIG_DIR" && umount "$CONFIG_DIR" + umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition" ;; network-up ) kudzu -s -q --class network @@ -328,7 +340,7 @@ case "$ACTION" in log_msg "Configured $NET_IFACE for $conf_ip ..." echo "Configured network interface for $NET_IFACE: $conf_ip" log_msg "Starting the firewall ..." - $FIREWALL_SCRIPT start + "$FIREWALL_SCRIPT" start # start stunnel if [ -f "$CERT_FILE" ] then USE_CERT=$CERT_FILE @@ -358,8 +370,10 @@ case "$ACTION" in /etc/init.d/thttpd stop ;; box-init ) - # this is good for commandline only, as it takes a lot of time - init_cryptobox_complete >>"$LOG_FILE" 2>&1 + # do complete initialization + "$0" box-init-fg + # the background part will recall itself as an at-command + "$0" box-init-bg ;; box-init-fg ) # only partitioning and configuration @@ -371,7 +385,12 @@ case "$ACTION" in box-init-bg ) # do it in the background to provide a smoother web interface # messages and errors get written to $LOG_FILE - init_cryptobox_part2 >"$LOG_FILE" 2>&1 + + # make sure, that this is always called via 'at': + if check_at_command_queue " box-init-bg" + then init_cryptobox_part2 >"$LOG_FILE" 2>&1 + else echo -n "'$0' box-init-bg" | at now + fi ;; is_crypto_mounted ) is_crypto_mounted @@ -382,6 +401,11 @@ case "$ACTION" in is_init_running ) is_init_running ;; + update_ip_address ) + # reconfigure the network interface to a new IP address + # wait for 15 seconds to finish present http requests + echo -n "sleep 15; ifconfig $NET_IFACE `get_config ip`" | at now + ;; crypto-mount ) mount_crypto ;; @@ -399,6 +423,16 @@ case "$ACTION" in diskinfo ) $SFDISK -L -q -l `find_harddisk` ;; + poweroff ) + is_crypto_mounted && umount_crypto + log_msg "Turning off the CryptoBox ..." + echo "poweroff" | at now + ;; + reboot ) + is_crypto_mounted && umount_crypto + log_msg "Rebooting the CryptoBox ..." + echo "reboot" | at now + ;; get_current_ip ) get_current_ip ;; diff --git a/cbox-tree.d/usr/share/cryptobox/lang/de.hdf b/cbox-tree.d/usr/share/cryptobox/lang/de.hdf index fcb2d53..b375b5d 100644 --- a/cbox-tree.d/usr/share/cryptobox/lang/de.hdf +++ b/cbox-tree.d/usr/share/cryptobox/lang/de.hdf @@ -104,6 +104,11 @@ Lang { Title = Ungültige Zeitabschaltung Text = Der ausgewählte Wert der Zeitabschaltung ist nicht gültig! } + + IPAddressChanged { + Title = Änderung der Netzwerk-Adresse + Text = Die Netzwerk-Adresse der CryptoBox wurde verändert. In wenigen Sekunden werden sie zu der neuen Adresse umgeleitet. + } } @@ -130,12 +135,12 @@ Lang { PowerOff { Title = Abschaltung - Text = Die CryptoBox wird gerade heruntergefahren. Spätestens in ein paar Minuten kannst du sie ausschalten. + Text = Die CryptoBox wird gerade heruntergefahren. In wenigen Sekunden können sie sie ausschalten (falls dies nicht automatisch geschieht). } ReBoot { Title = Neustart - Text = Die CryptoBox wird gerade neu gestartet. Spätestens in ein paar Minuten ist sie wieder verfügbar. + Text = Die CryptoBox wird gerade neu gestartet. In wenigen Sekunden ist sie wieder verfügbar. } } diff --git a/cbox-tree.d/var/www/cgi-bin/cryptobox.pl b/cbox-tree.d/var/www/cgi-bin/cryptobox.pl index a372fb3..bd801d8 100755 --- a/cbox-tree.d/var/www/cgi-bin/cryptobox.pl +++ b/cbox-tree.d/var/www/cgi-bin/cryptobox.pl @@ -179,7 +179,6 @@ sub umount_vol sub box_init { - # TODO: redirect output to pagedata my $pw = shift; # partitioning, config and initial cryptsetup @@ -187,22 +186,22 @@ sub box_init print PW_INPUT $pw; close(PW_INPUT); - # wipe and mkfs takes some time - it will be done in background - system("echo $CB_SCRIPT box-init-bg | at now + 1 minutes >>$LOG_FILE 2>&1"); + # wipe and mkfs takes some time - it will be done in the background + system("$CB_SCRIPT", "box-init-bg"); } sub system_poweroff() { &umount_vol(); - system("echo /sbin/poweroff | at now + 1 minutes >>$LOG_FILE 2>&1"); + system("$CB_SCRIPT", "poweroff"); } sub system_reboot() { &umount_vol(); - system("echo /sbin/reboot | at now + 1 minutes >>$LOG_FILE 2>&1"); + system("$CB_SCRIPT", "reboot"); } @@ -402,7 +401,20 @@ if ( ! &check_ssl()) { } else { system("$CB_SCRIPT", "set_config", "language", $query->param('language')); system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout')); - system("$CB_SCRIPT", "set_config", "ip", $query->param('ip')); + # check, if the ip was reconfigured + if ($query->param('ip') ne `$CB_SCRIPT get_config ip`) + { + # set the new value + system("$CB_SCRIPT", "set_config", "ip", $query->param('ip')); + # reconfigure the network interface + system("$CB_SCRIPT", "update_ip_address"); + # redirect to the new address + $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'}); + $pagedata->setValue('Data.Redirect.Delay', "5"); + # display a warning for the redirection + $pagedata->setValue('Data.Warning', 'IPAddressChanged'); + } + # TODO: check for success by comparing with new config and report success $pagedata->setValue('Data.Success', 'ConfigSaved'); $pagedata->setValue('Data.Action', 'intro'); @@ -423,7 +435,7 @@ if ( ! &check_ssl()) { ##################### pweroff ####################### } elsif ($action eq 'shutdown_ask') { $pagedata->setValue('Data.Action', 'shutdown_form'); - ##################### reboot ###################### + ##################### reboot ######################## } elsif ($action eq 'shutdown_do') { if ($query->param('type') eq 'reboot') { &system_reboot();