fixed a lot of indentions

added a administration password to initialization

cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh

@@ -283,6 +283,10 @@ function init_cryptobox_part1()
 		create_partitions "$device"
 		create_config "$device"
 	) >>"$LOG_FILE" 2>&1
+	# read the admin-pw from the first line of input
+	local admin_pw
+	read admin_pw
+	config_set_value admin_pw "$admin_pw"
 	# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
 	# reading the passphrase from stdin
 	log_msg "Creating the crypto partition ..."
@@ -359,7 +363,7 @@ case "$ACTION" in
 		ifconfig $NET_IFACE down
 		;;
 	services-up )
-		/etc/init.d/thttpd start
+		# is something special necessary?
 		;;
 	services-down )
 		/etc/init.d/samba stop

cbox-tree.d/usr/share/cryptobox/lang/de.hdf

@@ -15,8 +15,10 @@ Lang {
 
 
 	Text {
-	EnterNewPassword	= Das neue Passwort eingeben:
-	EnterSamePassword	= Das neue Passwort wiederholen:
+		EnterNewCryptoPassword	= Das neue Crypto-Passwort eingeben:
+		EnterSameCryptoPassword	= Das Crypto-Passwort wiederholen:
+		EnterNewAdminPassword	= Das neue Admin-Passwort eingeben:
+		EnterSameAdminPassword	= Das Admin-Passwort wiederholen:
 		InitWarning		= Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT!
 		InitDescription		= Dieser Schritt ist nur einmalig vor der ersten Nutzung notwendig.<br>F&uuml;r den t&auml;glichen Gebrauch muessen sie das verschl&uuml;sselte Dateisystem lediglich aktivieren und deaktivieren
 		ConfirmInitHint		= Um zu best&auml;tigen, dass sie wissen, was sie tun, tippen sie hier bitte exakt Folgendes ein:
@@ -53,13 +55,18 @@ Lang {
 			Text	= Der Best&auml;tigungssatz muss exakt eingegeben werden!
 		}
 
-    EmptyPassword {
-    	Title =	Ung&uuml;ltige Eingabe
-	Text  =	Das Passwort darf nicht leer sein!
+		EmptyCryptoPassword {
+			Title	= Ung&uuml;ltiges Crypto-Passwort
+			Text	= Das Crypto-Passwort darf nicht leer sein!
 		}
 
-    DifferentPasswords {
-    	Title =	Ungleiche Passworte
+		DifferentCryptoPasswords {
+			Title	= Ungleiche Crypto-Passworte
+			Text	= Die beiden Passworte m&uuml;ssen identisch sein, um sicherzustellen, dass dies das gew&uuml;nschte Passwort ist.
+		}
+
+		DifferentAdminPasswords {
+			Title	= Ungleiche Administratons-Passworte
 			Text	= Die beiden Passworte m&uuml;ssen identisch sein, um sicherzustellen, dass dies das gew&uuml;nschte Passwort ist.
 		}
 

cbox-tree.d/usr/share/cryptobox/templates/init_form.cs

@@ -1,23 +1,27 @@
 <h1><?cs var:Lang.Title.Init ?></h1>
 
-  <div class="init">
+<div class="init">
 	<form action="<?cs call:getSelfURL('','') ?>" method="post" enctype="application/x-www-form-urlencoded">
 
 		<p class="note"><?cs var:Lang.Text.InitWarning ?></p>
-	    <p><label for="password"><?cs call:help_popUp(Lang.Text.EnterNewPassword,"crypto_pw") ?></label><br/>
-		<input type="password" id="password" name="password" size="20" tabindex="1" maxlength="40" /></p>
-	    <p><label for="password2"><?cs call:help_popUp(Lang.Text.EnterSamePassword,'crypto_pw_repeat') ?></label><br/>
-		<input type="password" id="password2" name="password2" size="20" tabindex="2" maxlength="40" /></p>
+		<p><label for="admin_password"><?cs call:help_popUp(Lang.Text.EnterNewAdminPassword,"admin_pw") ?></label><br/>
+			<input type="password" id="admin_password" name="admin_password" size="20" tabindex="1" maxlength="40" /> </p>
+		<p><label for="admin_password2"><?cs call:help_popUp(Lang.Text.EnterSameAdminPassword,"admin_pw_repeat") ?></label><br/>
+			<input type="password" id="admin_password2" name="admin_password2" size="20" tabindex="1" maxlength="40" /></p>
+		<p><label for="crypto_password"><?cs call:help_popUp(Lang.Text.EnterNewCryptoPassword,"crypto_pw") ?></label><br/>
+			<input type="password" id="crypto_password" name="crypto_password" size="20" tabindex="1" maxlength="40" /></p>
+		<p><label for="crypto_password2"><?cs call:help_popUp(Lang.Text.EnterSameCryptoPassword,'crypto_pw_repeat') ?></label><br/>
+			<input type="password" id="crypto_password2" name="crypto_password2" size="20" tabindex="2" maxlength="40" /></p>
 		<p><label for="confirm"><?cs call:help_popUp(Lang.Text.ConfirmInitHint,'confirm_text') ?><br/>
 			<span class="note" id="confirmtext"><?cs var:Lang.Text.ConfirmInit ?></span></label><br/>
 			<input type="text" id="confirm" name="confirm" size="30" tabindex="3" maxlength="50" /></p>
 		<button type="submit" name="action" value="init_do" tabindex="4"><?cs var:Lang.Button.DoInit ?></button>
 	</form>
-  </div>
+</div>
 
-  <hr/>
+<hr/>
 
-  <div class="partition_info">
+<div class="partition_info">
 	<h2><?cs var:Lang.Text.PartitionInfo ?></h2>
 	<p><?cs var:Data.PartitionInfo ?></p>
-  </div>
+</div>

cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw.html

@@ -0,0 +1,5 @@
+<h3>Administration password of the CryptoBox</h3>
+<p>This password protects your CryptoBox against random re-initialization by unauthorized people.
+Any dangerous administrative action requires this administration password.</p>
+<p>You may leave this password blank, if your network is safe.</p>
+<p>The administration password does NOT protect your sensible data in any way!</p>

cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/admin_pw_repeat.html

@@ -0,0 +1,3 @@
+<h3>Repeat the administration password</h3>
+<p>This ensures, that you do not mistype your administration password.</p>
+<p>Leave it blank, if you do not need an administration password.</p>

cbox-tree.d/usr/share/doc/cryptobox/html/en/hints/crypto_pw_repeat.html

@@ -1,2 +1,2 @@
-<h3>Repeat the crypto password</h3>
-<p>This ensures, that you do not mistype your password.</p>
+<h3>Repeat the encryption password</h3>
+<p>This ensures, that you do not mistype your encryption password.</p>

cbox-tree.d/var/www/cgi-bin/cryptobox.pl

@@ -176,11 +176,13 @@ sub umount_vol
 
 sub box_init
 {
-	my $pw = shift;
+	my $admin_pw = shift;
+	my $crypto_pw = shift;
 
 	# partitioning, config and initial cryptsetup
 	open(PW_INPUT, "|$CB_SCRIPT box-init-fg");
-	print PW_INPUT $pw;
+	print PW_INPUT "$admin_pw";
+	print PW_INPUT "$crypto_pw";
 	close(PW_INPUT);
 
 	# wipe and mkfs takes some time - it will be done in the background
@@ -380,13 +382,17 @@ if ( ! &check_ssl()) {
 		}
 	#################### init_do ########################
 	} elsif ($action eq 'init_do') {
-	if ($query->param('password') ne $query->param('password2')) {
-		# different passwords
-		$pagedata->setValue('Data.Warning', 'DifferentPasswords');
+		if ($query->param('admin_password') ne $query->param('admin_password2')) {
+			# different admin-passwords
+			$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
 			$pagedata->setValue('Data.Action', 'init_form');
-	} elsif ($query->param('password') eq '') {
+		} elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) {
+			# different crypto-passwords
+			$pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords');
+			$pagedata->setValue('Data.Action', 'init_form');
+		} elsif ($query->param('crypto_password') eq '') {
 			# empty password
-		$pagedata->setValue('Data.Warning', 'EmptyPassword');
+			$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
 			$pagedata->setValue('Data.Action', 'init_form');
 		} elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) {
 			# wrong confirm string
@@ -394,7 +400,7 @@ if ( ! &check_ssl()) {
 			$pagedata->setValue('Data.Action', 'init_form');
 		} else {
 			# do init
-		&box_init($query->param('password'));
+			&box_init($query->param('admin_password'),$query->param('crypto_password'));
 			if (!&check_init_running()) {
 				$pagedata->setValue('Data.Error', 'InitFailed');
 			} else {

etc-defaults.d/dfs-cbox.conf

@@ -14,7 +14,7 @@ name = CryptoBox
 version = 0.0.1
 
 # Person that built it
-builder = s.l.
+builder = sense.lab
 
 # Repositories to mirror.  Details about each one are configured below.
 dlrepos = sarge
@@ -144,7 +144,7 @@ ramdisk_files = /etc/resolv.conf
 	/etc/network
 	/var/lib/misc
 	/var/lib/urandom
-	/etc/hotplug
+	/etc/hotplug/.run
 	/var/spool/cron
 
 # Directories to create on live fs