|
|
|
@ -17,6 +17,13 @@ use strict;
|
|
|
|
|
use CGI;
|
|
|
|
|
use ClearSilver;
|
|
|
|
|
use ConfigFile;
|
|
|
|
|
use English;
|
|
|
|
|
|
|
|
|
|
# drop privileges
|
|
|
|
|
$UID = $EUID;
|
|
|
|
|
$GID = $EGID;
|
|
|
|
|
|
|
|
|
|
$ENV{'PATH'} = '/bin:/usr/bin';
|
|
|
|
|
|
|
|
|
|
my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
|
|
|
|
|
|
|
|
|
@ -25,10 +32,14 @@ my $pagedata;
|
|
|
|
|
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
|
|
|
|
|
my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL);
|
|
|
|
|
|
|
|
|
|
# get the directory of the cryptobox scripts/binaries and untaint it
|
|
|
|
|
$CB_SCRIPT = $0;
|
|
|
|
|
$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/;
|
|
|
|
|
$CB_SCRIPT = "$1/cbox-manage.sh";
|
|
|
|
|
|
|
|
|
|
&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
|
|
|
|
|
my $config = ConfigFile::read_config_file($CONFIG_FILE);
|
|
|
|
|
|
|
|
|
|
$CB_SCRIPT = $config->{CB_SCRIPT};
|
|
|
|
|
$LOG_FILE = $config->{LOG_FILE};
|
|
|
|
|
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
|
|
|
|
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
|
|
|
|
@ -38,7 +49,9 @@ $IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT});
|
|
|
|
|
$STYLESHEET_URL = $config->{STYLESHEET_URL};
|
|
|
|
|
|
|
|
|
|
# TODO: just a quick-and-dirty hack during migration to multiple containers
|
|
|
|
|
my $CRYPTO_DEV = `$CB_SCRIPT get_available_disks | cut -f 1 -d " " | tr "\n" "2"`;
|
|
|
|
|
my $CRYPTO_DEV = &get_available_disks();
|
|
|
|
|
$CRYPTO_DEV =~ m/^([\w\/_\-\.]*)$/;
|
|
|
|
|
$CRYPTO_DEV = "${1}2";
|
|
|
|
|
|
|
|
|
|
my $query = new CGI;
|
|
|
|
|
|
|
|
|
@ -96,7 +109,7 @@ sub load_selected_language
|
|
|
|
|
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
|
|
|
|
|
|
|
|
|
|
# load configured language, if it is valid
|
|
|
|
|
$config_language = `$CB_SCRIPT get_config language`;
|
|
|
|
|
$config_language = &exec_cb_script("get_config","language");
|
|
|
|
|
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
|
|
|
|
|
|
|
|
|
|
# check for preferred browser language, if the box was not initialized yet
|
|
|
|
@ -199,50 +212,72 @@ sub check_ssl
|
|
|
|
|
# BEWARE: dirty trick - is there a better way?
|
|
|
|
|
# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
|
|
|
|
|
# its own IP (localhost, of course)
|
|
|
|
|
# TODO: this does not work with a native ssl webserver
|
|
|
|
|
return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub check_mounted
|
|
|
|
|
{
|
|
|
|
|
return (system("$CB_SCRIPT","is_crypto_mounted",$CRYPTO_DEV) == 0);
|
|
|
|
|
return (system($CB_SCRIPT,"is_crypto_mounted",$CRYPTO_DEV) == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub check_config
|
|
|
|
|
{
|
|
|
|
|
return (system("$CB_SCRIPT","is_config_mounted",$CRYPTO_DEV) == 0);
|
|
|
|
|
return (system($CB_SCRIPT,"is_config_mounted") == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub exec_cb_script {
|
|
|
|
|
my (@params) = @_;
|
|
|
|
|
my ($pid, @result);
|
|
|
|
|
&fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|"));
|
|
|
|
|
if (!$pid) {
|
|
|
|
|
# child
|
|
|
|
|
exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!");
|
|
|
|
|
exit 0;
|
|
|
|
|
} else {
|
|
|
|
|
# parent
|
|
|
|
|
@result = <PROG_OUT>;
|
|
|
|
|
close PROG_OUT or warn "error while running $CB_SCRIPT: $?";
|
|
|
|
|
}
|
|
|
|
|
if (wantarray) {
|
|
|
|
|
return @result;
|
|
|
|
|
} else {
|
|
|
|
|
return join('',@result);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub check_init_running
|
|
|
|
|
{
|
|
|
|
|
return (system("$CB_SCRIPT","is_init_running") == 0);
|
|
|
|
|
return (system($CB_SCRIPT,"is_init_running") == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub is_harddisk_available
|
|
|
|
|
{
|
|
|
|
|
return (system("$CB_SCRIPT","is_harddisk_available") == 0);
|
|
|
|
|
return (system($CB_SCRIPT,"is_harddisk_available") == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub get_available_disks
|
|
|
|
|
# TODO: this is useful for diskselection buttons
|
|
|
|
|
{
|
|
|
|
|
return `$CB_SCRIPT get_available_disks`;
|
|
|
|
|
return &exec_cb_script("get_available_disks");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub get_current_ip
|
|
|
|
|
# the IP of eth0 - not the configured value of the box (only for validation)
|
|
|
|
|
{
|
|
|
|
|
return `$CB_SCRIPT get_current_ip`;
|
|
|
|
|
return &exec_cb_script("get_current_ip");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub get_admin_pw
|
|
|
|
|
# returns the current administration password - empty, if it is not used
|
|
|
|
|
{
|
|
|
|
|
return `$CB_SCRIPT get_config admin_pw`;
|
|
|
|
|
return &exec_cb_script("get_config","admin_pw");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -275,7 +310,7 @@ sub mount_vol
|
|
|
|
|
sub umount_vol
|
|
|
|
|
{
|
|
|
|
|
if (&check_mounted) {
|
|
|
|
|
system("$CB_SCRIPT", "crypto-down",$CRYPTO_DEV);
|
|
|
|
|
system($CB_SCRIPT, "crypto-down",$CRYPTO_DEV);
|
|
|
|
|
} else {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'NotMounted');
|
|
|
|
|
}
|
|
|
|
@ -286,7 +321,7 @@ sub box_init
|
|
|
|
|
{
|
|
|
|
|
my ($crypto_pw, $admin_pw) = @_;
|
|
|
|
|
|
|
|
|
|
system("$CB_SCRIPT", "init") || return 1;
|
|
|
|
|
system($CB_SCRIPT, "init") || return 1;
|
|
|
|
|
|
|
|
|
|
# partitioning, config and initial cryptsetup
|
|
|
|
|
# TODO: define the name of the crypto container
|
|
|
|
@ -295,25 +330,26 @@ sub box_init
|
|
|
|
|
close(PW_INPUT);
|
|
|
|
|
|
|
|
|
|
# set administration password
|
|
|
|
|
system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
|
|
|
|
|
$admin_pw =~ m/^(.*)$/;
|
|
|
|
|
system($CB_SCRIPT, "set_config", "admin_pw", $1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub box_purge
|
|
|
|
|
{
|
|
|
|
|
system("$CB_SCRIPT", "box-purge");
|
|
|
|
|
system($CB_SCRIPT, "box-purge");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub system_poweroff
|
|
|
|
|
{
|
|
|
|
|
&umount_vol() if (&check_mounted());
|
|
|
|
|
system("$CB_SCRIPT", "poweroff");
|
|
|
|
|
system($CB_SCRIPT, "poweroff");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub system_reboot
|
|
|
|
|
{
|
|
|
|
|
&umount_vol() if (&check_mounted());
|
|
|
|
|
system("$CB_SCRIPT", "reboot");
|
|
|
|
|
system($CB_SCRIPT, "reboot");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -367,6 +403,7 @@ sub validate_doc_language
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$pagedata = load_hdf();
|
|
|
|
|
my $current_admin_pw;
|
|
|
|
|
|
|
|
|
|
# BEWARE: there are two kinds of actions:
|
|
|
|
|
# * some require a harddisk
|
|
|
|
@ -522,7 +559,7 @@ if ( ! &check_ssl()) {
|
|
|
|
|
}
|
|
|
|
|
#################### init_do ########################
|
|
|
|
|
} elsif ($action eq 'init_do') {
|
|
|
|
|
my $current_admin_pw = &get_admin_pw;
|
|
|
|
|
$current_admin_pw = &get_admin_pw;
|
|
|
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
|
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
|
|
@ -566,7 +603,7 @@ if ( ! &check_ssl()) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
|
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
|
|
|
} else {
|
|
|
|
|
my $current_admin_pw = &get_admin_pw;
|
|
|
|
|
$current_admin_pw = &get_admin_pw;
|
|
|
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
|
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
|
|
@ -580,16 +617,16 @@ if ( ! &check_ssl()) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
|
|
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
|
|
|
} else {
|
|
|
|
|
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
|
|
|
|
|
system($CB_SCRIPT, "set_config", "language", $query->param('language'));
|
|
|
|
|
&load_selected_language($pagedata);
|
|
|
|
|
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
|
|
|
|
|
system($CB_SCRIPT, "set_config", "timeout", $query->param('timeout'));
|
|
|
|
|
# check, if the ip was reconfigured
|
|
|
|
|
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
|
|
|
|
|
if ($query->param('ip') ne &exec_cb_script("get_config","ip"))
|
|
|
|
|
{
|
|
|
|
|
# set the new value
|
|
|
|
|
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
|
|
|
|
|
system($CB_SCRIPT, "set_config", "ip", $query->param('ip'));
|
|
|
|
|
# reconfigure the network interface
|
|
|
|
|
system("$CB_SCRIPT", "update_ip_address");
|
|
|
|
|
system($CB_SCRIPT, "update_ip_address");
|
|
|
|
|
# redirect to the new address
|
|
|
|
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
|
|
|
|
$pagedata->setValue('Data.Redirect.Delay', "5");
|
|
|
|
@ -597,11 +634,11 @@ if ( ! &check_ssl()) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
|
|
|
|
}
|
|
|
|
|
# check for success
|
|
|
|
|
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
|
|
|
|
|
if (&exec_cb_script("get_config","timeout") ne $query->param('timeout')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
|
|
|
|
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
|
|
|
|
|
} elsif (&exec_cb_script("get_config","ip") ne $query->param('ip')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
|
|
|
|
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
|
|
|
|
|
} elsif (&exec_cb_script("get_config","language") ne $query->param('language')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
|
|
|
|
} else {
|
|
|
|
|
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
|
|
|
@ -630,7 +667,7 @@ if ( ! &check_ssl()) {
|
|
|
|
|
# if we find an existing config partition, then check the adminpw
|
|
|
|
|
} elsif ($action eq 'do_purge') {
|
|
|
|
|
if ( &check_config()) {
|
|
|
|
|
my $current_admin_pw = &get_admin_pw;
|
|
|
|
|
$current_admin_pw = &get_admin_pw;
|
|
|
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
|
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
|
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
|
|
@ -673,13 +710,13 @@ $pagedata->setValue('Data.Status.IP', "$output");
|
|
|
|
|
$output = &get_admin_pw();
|
|
|
|
|
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
|
|
|
|
|
|
|
|
|
|
$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
|
|
|
|
|
$output = join ("<br/>", &exec_cb_script("diskinfo"));
|
|
|
|
|
$pagedata->setValue('Data.PartitionInfo',"$output");
|
|
|
|
|
|
|
|
|
|
# preset config settings for clearsilver
|
|
|
|
|
$pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`);
|
|
|
|
|
$pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`);
|
|
|
|
|
$pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);
|
|
|
|
|
$pagedata->setValue('Data.Config.IP', &exec_cb_script("get_config","ip"));
|
|
|
|
|
$pagedata->setValue('Data.Config.TimeOut', &exec_cb_script("get_config","timeout"));
|
|
|
|
|
$pagedata->setValue('Data.Config.Language', &exec_cb_script("get_config","language"));
|
|
|
|
|
|
|
|
|
|
# read log and add html linebreaks
|
|
|
|
|
$output = '';
|
|
|
|
|