From d0d27ea05e7fd1cda35c362fb87f73b56a7539fb Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Mon, 15 May 2006 09:41:00 +0000
Subject: [PATCH] Makefile created debian installer improved binary suid
 wrappers added

---
 Makefile                              |  60 ++++++++++++++++
 bin/Makefile                          |  37 ++++++++++
 bin/cbox-manage.sh                    |  44 ++++++------
 bin/cryptobox.pl                      |  99 ++++++++++++++++++--------
 bin/cryptobox_wrapper.c               |  21 ++++++
 bin/init-script.sh                    |  57 +++++++++++++++
 conf-examples/cryptobox.conf          |  19 +----
 conf-examples/defaults-cryptobox.conf |  14 ----
 debian/conffiles                      |   4 --
 debian/control                        |   2 +-
 debian/dirs                           |   4 +-
 debian/links                          |   1 +
 debian/postinst                       |  44 +++++++-----
 debian/postrm                         |  15 ++--
 debian/prerm                          |  14 ++++
 debian/rules                          |  12 ++--
 doc/changelog                         |  28 ++++++++
 doc/changelog.Debian.gz               | Bin 156 -> 0 bytes
 doc/changelog.gz                      | Bin 485 -> 0 bytes
 19 files changed, 355 insertions(+), 120 deletions(-)
 create mode 100644 Makefile
 create mode 100644 bin/Makefile
 create mode 100644 bin/cryptobox_wrapper.c
 create mode 100755 bin/init-script.sh
 create mode 100644 debian/links
 create mode 100644 doc/changelog
 delete mode 100644 doc/changelog.Debian.gz
 delete mode 100644 doc/changelog.gz

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..f9d275a
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,60 @@
+#
+# Makefile for the cryptobox web-interface
+#
+# Copyright (c) 02006 senselab
+#
+
+CRYPTOBOX_ROOT = .
+
+PREFIX = /usr/local
+SHARE_DIR = $(PREFIX)/share/cryptobox
+LIB_DIR = $(PREFIX)/lib/cryptobox
+DOC_DIR = $(PREFIX)/share/doc/cryptobox
+BUILD_DIR = build_dir
+INSTALL = install
+
+.PHONY: install clean build
+
+build:
+	$(INSTALL) -d -m 755 $(BUILD_DIR)/etc
+	$(INSTALL) -c -m 644 conf-examples/cryptobox.conf $(BUILD_DIR)/etc/
+	@sed -i 's#^HTML_TEMPLATE_DIR=.*$$#HTML_TEMPLATE_DIR=$(SHARE_DIR)/templates#' $(BUILD_DIR)/etc/cryptobox.conf
+	@sed -i 's#^LANGUAGE_DIR=.*$$#LANGUAGE_DIR=$(SHARE_DIR)/lang#' $(BUILD_DIR)/etc/cryptobox.conf
+	@sed -i 's#^DOC_DIR=.*$$#DOC_DIR=$(DOC_DIR)/html#' $(BUILD_DIR)/etc/cryptobox.conf
+	@sed -i 's#^CONFIG_DEFAULTS_DIR=.*$$#CONFIG_DEFAULTS_DIR=$(SHARE_DIR)/defaults#' $(BUILD_DIR)/etc/cryptobox.conf
+
+	# compile the suid wrapper
+	$(MAKE) -C bin LIB_DIR=$(LIB_DIR)
+	@touch $(BUILD_DIR)-stamp
+
+
+install: $(BUILD_DIR)-stamp
+	$(INSTALL) -d -m 755 $(LIB_DIR)
+	$(INSTALL) -c -m 755 bin/cbox-manage.sh $(LIB_DIR)
+	$(INSTALL) -c -m 755 bin/cbox-root-actions.sh $(LIB_DIR)
+	$(INSTALL) -c -m 755 bin/cryptobox.pl $(LIB_DIR)
+	$(INSTALL) -c -m 755 bin/cryptobox_cgi_wrapper $(LIB_DIR)
+	$(INSTALL) -c -m 4755 bin/cryptobox_root_wrapper $(LIB_DIR)
+	$(INSTALL) -d -m 755 $(SHARE_DIR)/lang
+	$(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/
+	$(INSTALL) -d -m 755 $(SHARE_DIR)/templates
+	$(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates
+	$(INSTALL) -d -m 755 $(SHARE_DIR)/defaults
+	$(INSTALL) -c -m 644 conf-examples/default-settings/* $(SHARE_DIR)/defaults/
+	$(INSTALL) -d -m 755 $(SHARE_DIR)/html
+	$(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/
+	$(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/
+	$(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/
+	$(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots
+	$(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/
+	$(INSTALL) -d -m 755 $(DOC_DIR)/html/en
+	$(INSTALL) -d -m 755 $(DOC_DIR)/html/de
+	$(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/
+	$(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/
+
+
+clean:
+	$(MAKE) -C bin clean
+	-rm -rf $(BUILD_DIR)
+	-rm -f $(BUILD_DIR)-stamp
+
diff --git a/bin/Makefile b/bin/Makefile
new file mode 100644
index 0000000..0f536ac
--- /dev/null
+++ b/bin/Makefile
@@ -0,0 +1,37 @@
+# Makefile to compile the binary suid-wrapper for cryptobox
+#
+# LIB_DIR should be defined in the higher level Makefile
+#
+
+HEADER_FILE	= cryptobox_wrapper.h
+SRC_FILE	= cryptobox_wrapper.c
+CGI_SUID_FILE	= cryptobox_cgi_wrapper
+ROOT_SUID_FILE	= cryptobox_root_wrapper
+
+CGI_FILENAME	= cryptobox.pl
+ROOT_SCRIPT_FILENAME	= cbox-root-actions.sh
+# fall back to default, if not overwritten
+LIB_DIR	= /usr/local/lib/cryptobox
+
+
+# _always_ recompile (in case of a changed LIB_DIR)
+.PHONY: build clean $(CGI_SUID_FILE) $(ROOT_SUID_FILE)
+
+build:	$(CGI_SUID_FILE) $(ROOT_SUID_FILE)
+
+	
+$(CGI_SUID_FILE):	$(SRC_FILE)
+	$(NOECHO) echo '#define EXEC_PATH "$(LIB_DIR)/$(CGI_FILENAME)"' >$(HEADER_FILE)
+	$(CC) -o $(CGI_SUID_FILE) $(SRC_FILE)
+	-rm $(HEADER_FILE)
+
+
+$(ROOT_SUID_FILE):	$(SRC_FILE)
+	$(NOECHO) echo '#define EXEC_PATH "$(LIB_DIR)/$(ROOT_SCRIPT_FILENAME)"' >$(HEADER_FILE)
+	$(CC) -o $(ROOT_SUID_FILE) $(SRC_FILE)
+	-rm $(HEADER_FILE)
+
+
+clean:
+	-rm -f $(CGI_SUID_FILE) $(ROOT_SUID_FILE) $(HEADER_FILE) 
+
diff --git a/bin/cbox-manage.sh b/bin/cbox-manage.sh
index d79b215..c8e686e 100755
--- a/bin/cbox-manage.sh
+++ b/bin/cbox-manage.sh
@@ -26,6 +26,8 @@ EXEC_FIREWALL_RULES=0
 SKIP_NETWORK_CONFIG=1
 CONF_FILE=/etc/cryptobox/cryptobox.conf
 
+LIB_DIR=$(dirname "$0")
+CONFIG_DIR=~/config
 
 # read the default setting file, if it exists
 [ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
@@ -38,6 +40,9 @@ CONF_FILE=/etc/cryptobox/cryptobox.conf
 
 ## configuration
 CERT_TEMP=/tmp/stunnel.pem
+ROOT_PERM_SCRIPT=$(dirname "$0")/cryptobox_root_wrapper
+# ROOT_PERM_SCRIPT needs the MNT_PARENT setting
+export MNT_PARENT="$(cd ~; pwd)/mnt"
 
 ######## stuff ##########
 
@@ -69,12 +74,12 @@ function config_set_value()
 # parameters: SettingName [SettingValue]
 # read from stdin if SettingValue is not defined
 {
-	[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config rw
+	[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && "$ROOT_PERM_SCRIPT" remount_config rw
 	if [ $# -gt 1 ]
 		then	echo -n "$2" > "$CONFIG_DIR/$1"
 		else	cat - >"$CONFIG_DIR/$1"
 	  fi
-	[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config ro
+	[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && "$ROOT_PERM_SCRIPT" remount_config ro
 }
 
 
@@ -115,10 +120,10 @@ function create_config()
 	if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
 	   then log_msg "Using static configuration ..."
 	   else	log_msg "Creating config filesystem ..."
-			sudo "$ROOT_PERM_SCRIPT" create_config "$device"
+			"$ROOT_PERM_SCRIPT" create_config "$device"
 			log_msg "Mounting config partition ..."
-			sudo "$ROOT_PERM_SCRIPT" mount_config "$device" 
-			sudo "$ROOT_PERM_SCRIPT" remount_config rw
+			"$ROOT_PERM_SCRIPT" mount_config "$device" 
+			"$ROOT_PERM_SCRIPT" remount_config rw
 	  fi
 	log_msg "Copying configuration defaults ..."
 	cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
@@ -154,11 +159,11 @@ function list_partitions_of_type()
 	local plaindata=
 	local unused=
 	for a in $ALL_PARTITIONS
-		do	if sudo "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
+		do	if "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
 			   then	crypto="$crypto /dev/$a"
-			   elif	sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
+			   elif	"$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
 				   then	config="$config /dev/$a"
-				   elif	sudo "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
+				   elif	"$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
 					   then	plaindata="$plaindata /dev/$a"
 					   else	unused="$unused /dev/$a"
 			  fi
@@ -178,7 +183,7 @@ function list_partitions_of_type()
 function get_crypto_uuid()
 # Parameter: DEVICE
 {
-	sudo "$ROOT_PERM_SCRIPT" get_device_name "$1"
+	"$ROOT_PERM_SCRIPT" get_device_name "$1"
 }
 
 
@@ -216,7 +221,6 @@ function does_crypto_name_exist()
 function create_crypto()
 # Parameter: DEVICE NAME KEYFILE
 # keyfile is necessary, to allow background execution via 'at'
-# TODO: check if the keyfile is still necessary for sudo -b
 {
 	local device=$1
 	local name=$2
@@ -229,7 +233,7 @@ function create_crypto()
 	rm "$keyfile"
 
 	log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device"
-	echo "$key" | sudo "$ROOT_PERM_SCRIPT" create_crypto "$device"
+	echo "$key" | "$ROOT_PERM_SCRIPT" create_crypto "$device"
 
 	set_crypto_name "$device" "$name"
 }
@@ -302,9 +306,9 @@ function load_config()
 	[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
 		list_partitions_of_type config | while read part && [ "$status" = 0 ]
 			do	log_msg "Trying to load configuration from /dev/$part ..."
-				if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
+				if "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
 				   then	log_msg "configuraton found on $part"
-						sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
+						"$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
 						status=1
 				  fi
 		  done
@@ -324,7 +328,7 @@ function unload_config()
 	is_config_active || return
 	# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
 	if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
-		then	sudo "$ROOT_PERM_SCRIPT" umount_config
+		then	"$ROOT_PERM_SCRIPT" umount_config
 		else	true
 	  fi
 }
@@ -338,7 +342,7 @@ function mount_crypto()
 	is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return
 	# passphrase is read from stdin
 	log_msg "Mounting a crypto partition from $device"
-	sudo "$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
+	"$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
 }
 
 
@@ -347,7 +351,7 @@ function umount_crypto()
 {
 	local device=$1
 	local uuid=$(get_crypto_uuid $device)
-	sudo "$ROOT_PERM_SCRIPT" umount "$uuid"
+	"$ROOT_PERM_SCRIPT" umount "$uuid"
 }
 
 
@@ -358,7 +362,7 @@ function box_purge()
 	# TODO: not ALL harddisks, please!
 	get_available_disks | while read a
 		do	log_msg "Purging $a ..."
-			sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
+			"$ROOT_PERM_SCRIPT" trash_device "$a"
 	  done
 }
 
@@ -371,7 +375,7 @@ function init_cryptobox()
 	turn_off_all_crypto
 	unload_config || true
 	log_msg "Partitioning the device ($device) ..."
-	sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
+	"$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
 	log_msg "Initializing config partition on ${device}1 ..."
 	# TODO: this should not be hard-coded
 	create_config "${device}1"
@@ -518,7 +522,7 @@ case "$ACTION" in
 		# reconfigure the network interface to a new IP address
 		# wait for 5 seconds to finish present http requests
 		if [ "$SKIP_NETWORK_CONFIG" != 1 ]
-			then	echo -n "sleep 5; sudo $ROOT_PERM_SCRIPT update_network" | at now
+			then	echo -n "sleep 5; \"$ROOT_PERM_SCRIPT\" update_network" | at now
 		  fi
 		;;
 	get_available_disks )
@@ -537,7 +541,7 @@ case "$ACTION" in
 		;;
 	diskinfo )
 		get_available_disks | while read a
-			do	sudo "$ROOT_PERM_SCRIPT" diskinfo "$a"
+			do	"$ROOT_PERM_SCRIPT" diskinfo "$a"
 		  done
 		;;
 	box-purge )
diff --git a/bin/cryptobox.pl b/bin/cryptobox.pl
index dd6c545..ff1c3bb 100755
--- a/bin/cryptobox.pl
+++ b/bin/cryptobox.pl
@@ -17,6 +17,13 @@ use strict;
 use CGI;
 use ClearSilver;
 use ConfigFile;
+use English;
+
+# drop privileges
+$UID = $EUID;
+$GID = $EGID;
+
+$ENV{'PATH'} = '/bin:/usr/bin';
 
 my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
 
@@ -25,10 +32,14 @@ my $pagedata;
 my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
 my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL);
 
+# get the directory of the cryptobox scripts/binaries and untaint it
+$CB_SCRIPT = $0;
+$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/;
+$CB_SCRIPT = "$1/cbox-manage.sh";
+
 &fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
 my $config = ConfigFile::read_config_file($CONFIG_FILE);
 
-$CB_SCRIPT = $config->{CB_SCRIPT};
 $LOG_FILE = $config->{LOG_FILE};
 $LANGUAGE_DIR = $config->{LANGUAGE_DIR};
 $DEFAULT_LANGUAGE = $config->{LANGUAGE};
@@ -38,7 +49,9 @@ $IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT});
 $STYLESHEET_URL = $config->{STYLESHEET_URL};
 
 # TODO: just a quick-and-dirty hack during migration to multiple containers
-my $CRYPTO_DEV = `$CB_SCRIPT get_available_disks | cut -f 1 -d " " | tr "\n" "2"`;
+my $CRYPTO_DEV = &get_available_disks();
+$CRYPTO_DEV =~ m/^([\w\/_\-\.]*)$/;
+$CRYPTO_DEV = "${1}2";
 
 my $query = new CGI;
 
@@ -96,7 +109,7 @@ sub load_selected_language
 	$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
 
 	# load configured language, if it is valid
-	$config_language = `$CB_SCRIPT get_config language`;
+	$config_language = &exec_cb_script("get_config","language");
 	$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
 
 	# check for preferred browser language, if the box was not initialized yet
@@ -199,50 +212,72 @@ sub check_ssl
 	# BEWARE: dirty trick - is there a better way?
 	# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
 	# its own IP (localhost, of course)
+	# TODO: this does not work with a native ssl webserver
 	return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
 }
 
 
 sub check_mounted
 {
-	return (system("$CB_SCRIPT","is_crypto_mounted",$CRYPTO_DEV) == 0);
+	return (system($CB_SCRIPT,"is_crypto_mounted",$CRYPTO_DEV) == 0);
 }
 
 
 sub check_config
 {
-	return (system("$CB_SCRIPT","is_config_mounted",$CRYPTO_DEV) == 0);
+	return (system($CB_SCRIPT,"is_config_mounted") == 0);
+}
+
+
+sub exec_cb_script {
+	my (@params) = @_;
+	my ($pid, @result);
+	&fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|"));
+	if (!$pid) {
+		# child
+		exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!");
+		exit 0;
+	} else {
+		# parent
+		@result = <PROG_OUT>;
+		close PROG_OUT or warn "error while running $CB_SCRIPT: $?";
+	}
+	if (wantarray) {
+		return @result;
+	} else {
+		return join('',@result);
+	}
 }
 
 
 sub check_init_running
 {
-	return (system("$CB_SCRIPT","is_init_running") == 0);
+	return (system($CB_SCRIPT,"is_init_running") == 0);
 }
 
 
 sub is_harddisk_available
 {
-	return (system("$CB_SCRIPT","is_harddisk_available") == 0);
+	return (system($CB_SCRIPT,"is_harddisk_available") == 0);
 }
 
 sub get_available_disks
 # TODO: this is useful for diskselection buttons
 {
-	return `$CB_SCRIPT get_available_disks`;
+	return &exec_cb_script("get_available_disks");
 }
 
 sub get_current_ip
 # the IP of eth0 - not the configured value of the box (only for validation)
 {
-	return `$CB_SCRIPT get_current_ip`;
+	return &exec_cb_script("get_current_ip");
 }
 
 
 sub get_admin_pw
 # returns the current administration password - empty, if it is not used
 {
-	return `$CB_SCRIPT get_config admin_pw`;
+	return &exec_cb_script("get_config","admin_pw");
 }
 
 
@@ -275,7 +310,7 @@ sub mount_vol
 sub umount_vol
 {
 	if (&check_mounted) {
-		system("$CB_SCRIPT", "crypto-down",$CRYPTO_DEV);
+		system($CB_SCRIPT, "crypto-down",$CRYPTO_DEV);
 	} else {
 		$pagedata->setValue('Data.Warning', 'NotMounted');
 	}
@@ -286,7 +321,7 @@ sub box_init
 {
 	my ($crypto_pw, $admin_pw) = @_;
 
-	system("$CB_SCRIPT", "init") || return 1;
+	system($CB_SCRIPT, "init") || return 1;
 
 	# partitioning, config and initial cryptsetup
 	# TODO: define the name of the crypto container
@@ -295,25 +330,26 @@ sub box_init
 	close(PW_INPUT);
 
 	# set administration password
-	system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
+	$admin_pw =~ m/^(.*)$/;
+	system($CB_SCRIPT, "set_config", "admin_pw", $1);
 }
 
 sub box_purge
 {
-	system("$CB_SCRIPT", "box-purge");
+	system($CB_SCRIPT, "box-purge");
 }
 
 sub system_poweroff
 {
 	&umount_vol() if (&check_mounted());
-	system("$CB_SCRIPT", "poweroff");
+	system($CB_SCRIPT, "poweroff");
 }
 
 
 sub system_reboot
 {
 	&umount_vol() if (&check_mounted());
-	system("$CB_SCRIPT", "reboot");
+	system($CB_SCRIPT, "reboot");
 }
 
 
@@ -367,6 +403,7 @@ sub validate_doc_language
 
 
 $pagedata = load_hdf();
+my $current_admin_pw;
 
 # BEWARE: there are two kinds of actions:
 #     * some require a harddisk
@@ -522,7 +559,7 @@ if ( ! &check_ssl()) {
 		}
 	#################### init_do ########################
 	} elsif ($action eq 'init_do') {
-		my $current_admin_pw = &get_admin_pw;
+		$current_admin_pw = &get_admin_pw;
 		if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
 			$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
 			$pagedata->setValue('Data.Action', 'form_init');
@@ -566,7 +603,7 @@ if ( ! &check_ssl()) {
 			$pagedata->setValue('Data.Warning', 'NotInitialized');
 			$pagedata->setValue('Data.Action', 'form_init');
 		} else {
-			my $current_admin_pw = &get_admin_pw;
+			$current_admin_pw = &get_admin_pw;
 			if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
 				$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
 				$pagedata->setValue('Data.Action', 'form_config');
@@ -580,16 +617,16 @@ if ( ! &check_ssl()) {
 				$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
 				$pagedata->setValue('Data.Action', 'form_config');
 			} else {
-				system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
+				system($CB_SCRIPT, "set_config", "language", $query->param('language'));
 				&load_selected_language($pagedata);
-				system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
+				system($CB_SCRIPT, "set_config", "timeout", $query->param('timeout'));
 				# check, if the ip was reconfigured
-				if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
+				if ($query->param('ip') ne &exec_cb_script("get_config","ip"))
 				{
 					# set the new value
-					system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
+					system($CB_SCRIPT, "set_config", "ip", $query->param('ip'));
 					# reconfigure the network interface
-					system("$CB_SCRIPT", "update_ip_address");
+					system($CB_SCRIPT, "update_ip_address");
 					# redirect to the new address
 					$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
 					$pagedata->setValue('Data.Redirect.Delay', "5");
@@ -597,11 +634,11 @@ if ( ! &check_ssl()) {
 					$pagedata->setValue('Data.Warning', 'IPAddressChanged');
 				}
 				# check for success
-				if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
+				if (&exec_cb_script("get_config","timeout") ne $query->param('timeout')) {
 					$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
-				} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
+				} elsif (&exec_cb_script("get_config","ip") ne $query->param('ip')) {
 					$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
-				} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
+				} elsif (&exec_cb_script("get_config","language") ne $query->param('language')) {
 					$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
 				} else {
 					$pagedata->setValue('Data.Success', 'ConfigSaved');
@@ -630,7 +667,7 @@ if ( ! &check_ssl()) {
 	# if we find an existing config partition, then check the adminpw
 	} elsif ($action eq 'do_purge') {
 		if ( &check_config()) {
-			my $current_admin_pw = &get_admin_pw;
+			$current_admin_pw = &get_admin_pw;
 			if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
 				$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
 				$pagedata->setValue('Data.Action', 'form_config');
@@ -673,13 +710,13 @@ $pagedata->setValue('Data.Status.IP', "$output");
 $output = &get_admin_pw();
 $pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
 
-$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
+$output = join ("<br/>", &exec_cb_script("diskinfo"));
 $pagedata->setValue('Data.PartitionInfo',"$output");
 
 # preset config settings for clearsilver
-$pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`);
-$pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`);
-$pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);
+$pagedata->setValue('Data.Config.IP', &exec_cb_script("get_config","ip"));
+$pagedata->setValue('Data.Config.TimeOut', &exec_cb_script("get_config","timeout"));
+$pagedata->setValue('Data.Config.Language', &exec_cb_script("get_config","language"));
 
 # read log and add html linebreaks
 $output = '';
diff --git a/bin/cryptobox_wrapper.c b/bin/cryptobox_wrapper.c
new file mode 100644
index 0000000..b2f6e5b
--- /dev/null
+++ b/bin/cryptobox_wrapper.c
@@ -0,0 +1,21 @@
+/* $Id$ */
+
+// define the location of your cryptobox.pl file in this header file
+#include "cryptobox_wrapper.h"
+
+#include <stdio.h>
+#include <unistd.h>
+
+/* C wrapper to allow cryptobox to run under a different uid */
+/* Copyright (C) 02006, senselab, All Rights Reserved */
+/* See the LICENSE file in this distribution for copyright information */
+
+int main(int argc, char *argv[]) {
+
+	// necessary for mount action of the root-script
+	setreuid(geteuid(), -1); 
+
+	argv[0] = EXEC_PATH;
+	execv(EXEC_PATH, argv); 
+
+}
diff --git a/bin/init-script.sh b/bin/init-script.sh
new file mode 100755
index 0000000..33b2cba
--- /dev/null
+++ b/bin/init-script.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+# 
+# runlevel script of the cryptobox package
+#
+# Copyright (c) 02006, senselab
+#
+# see LICENSE file in this package for details
+#
+
+# check if the cryptobox is installed
+[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0
+
+# read the default setting file, if it exists
+[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
+
+# startup switch defaults to zero (enabled)
+NO_START=${NO_START:-0}
+
+if [ "$NO_START" = "1" ]
+  then	[ $# -eq 0 ] && exit 0
+	[ "$1" = "status" ] && exit 1
+	[ "$1" = "stop" ] && exit 0
+	echo "CryptoBox is disabled by default"
+	exit 0
+ fi
+
+# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
+CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
+
+# parse config file
+if [ -e "$CONF_FILE" ]
+  then	. "$CONF_FILE"
+  else	echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
+	exit 1
+ fi
+
+case "$1" in
+	start )
+		# nothing to be done
+		;;
+	stop )
+		# unmount all active containers
+		ls ~$CRYPTOBOX_USER/mnt/ | while read mnt_dir
+		  do	grep -q " ~$CRYPTOBOX_USER/mnt/$mnt_dir " /proc/mounts || continue
+		  	"$LIB_DIR/cbox-manage.sh" crypto-down "$mnt_dir"
+		 done 
+		;;
+	restart )
+		"$0" stop 
+		"$0" start
+		;
+	* )
+		echo "invalid action specified - try { start | stop | restart }" >&2
+		exit 1
+		;;
+ esac
+
diff --git a/conf-examples/cryptobox.conf b/conf-examples/cryptobox.conf
index 342f46f..66211e4 100644
--- a/conf-examples/cryptobox.conf
+++ b/conf-examples/cryptobox.conf
@@ -4,7 +4,7 @@
 LANGUAGE=en
 NET_IFACE=eth0
 FILE_USER=cryptobox-data
-WEB_USER=www-data
+CRYPTOBOX_USER=cryptobox
 SCAN_DEVICES="sda"
 #SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
 
@@ -20,19 +20,9 @@ STYLESHEET_URL=/cryptobox-misc/cryptobox.css
 LANGUAGE_DIR=/usr/share/cryptobox/lang
 DOC_DIR=/usr/share/doc/cryptobox/html
 CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
-CONFIG_DIR=/var/lib/cryptobox/config
-MNT_PARENT=/var/lib/cryptobox/mnt
 
 # some files
-CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
-ROOT_PERM_SCRIPT=/usr/lib/cryptobox/cbox-root-actions.sh
-DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
-FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
-MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
 LOG_FILE=/var/log/cryptobox.log
-CERT_FILE=/var/lib/cryptobox/config/stunnel.pem
-OPENSSL_CONF_FILE=/etc/cryptobox/ssl-cert.conf
-IDLE_COUNTER_FILE=/tmp/cbox-idle-counter
 CONFIG_MARKER=cryptobox.marker
 
 # crypto settings
@@ -45,12 +35,5 @@ SFDISK=/sbin/sfdisk
 MKFS_DATA=/sbin/mkfs.ext3
 MKFS_CONFIG=/sbin/mkfs.ext2
 CRYPTSETUP=/sbin/cryptsetup
-IPTABLES=/sbin/iptables
 IFCONFIG=/sbin/ifconfig
 
-# firewall setings
-# do not use multiports (iptables) as the timeout-script depends on
-# single port rules
-# ssh is allowed too, but the server is not started automatically
-ALLOW_TCP_PORTS="22 80 139 443 445"
-ALLOW_UDP_PORTS="137 138"
diff --git a/conf-examples/defaults-cryptobox.conf b/conf-examples/defaults-cryptobox.conf
index 49dc265..175e245 100644
--- a/conf-examples/defaults-cryptobox.conf
+++ b/conf-examples/defaults-cryptobox.conf
@@ -10,17 +10,3 @@ NO_START=1
 # change the default configuration file if necessary
 #CONF_FILE=/etc/cryptobox/cryptobox.conf
 
-# should the cryptobox skip the network interface configuration?
-# "0" means skip (default) --- "1" causes the cryptobox to configure it
-SKIP_NETWORK_CONFIG=1
-
-# should the cryptobox set some firewall (iptables) rules?
-# if this is turned off, then you have to add the appropriate
-# rules manually (if you need the timeout feature of the cryptobox)
-# default is 0
-EXEC_FIREWALL_RULES=0
-
-# use stunnel for https support?
-# default is 0
-USE_STUNNEL=0
-
diff --git a/debian/conffiles b/debian/conffiles
index 1c8e843..6ac02ae 100644
--- a/debian/conffiles
+++ b/debian/conffiles
@@ -1,6 +1,2 @@
 /etc/cryptobox/cryptobox.conf
-/etc/cryptobox/ssl-cert.conf
-/etc/cryptobox/revision
 /etc/default/cryptobox
-/etc/cron.d/cryptobox
-/etc/init.d/cryptobox
diff --git a/debian/control b/debian/control
index 0b3611e..fec732d 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: cryptobox
 Section: admin
 Priority: extra
 Maintainer: sense.lab <senselab@systemausfall.org>
-Build-Depends: debhelper (>>3.0.0), dpatch
+Build-Depends: debhelper (>>3.0.0), dpatch, gcc (>=2.95)
 Standards-Version: 3.6.2
 
 Package: cryptobox
diff --git a/debian/dirs b/debian/dirs
index fa58b12..7135fc4 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,2 +1,4 @@
 etc/cryptobox
-usr/share/cryptobox
+etc/default
+etc/init.d
+usr/lib/cgi-bin
diff --git a/debian/links b/debian/links
new file mode 100644
index 0000000..bd32720
--- /dev/null
+++ b/debian/links
@@ -0,0 +1 @@
+/usr/share/cryptobox/html	/var/www/cryptobox-misc
diff --git a/debian/postinst b/debian/postinst
index 2951f7e..8d11e36 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -7,30 +7,40 @@
 CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
 
 # parse config file
-if [ -e "$CONF_FILE" ]
+if test -e "$CONF_FILE"
 	then	. "$CONF_FILE"
 			# create mount and config directories with appropriate permissions
-			[ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT"
-			[ ! -e "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR" && \
-				chown "$WEB_USER" "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR"
-			[ ! -e "$LOG_FILE" ] && touch "$LOG_FILE" && chown "$WEB_USER" "$LOG_FILE"
+			test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
   fi
 
+if getent passwd "$CRYPTOBOX_USER" &>/dev/null
+  then	# do nothing - the user already exists
+  		true
+  else	# create cryptobox user
+	echo "Creating new user '$CRYPTOBOX_USER' ..."
+	USER_HOME=/var/lib/cryptobox
+	adduser --system --group --home "$USER_HOME" cryptobox
+	# add the user to the group "plugdev" (necessary for pmount)
+	adduser cryptobox plugdev
+	cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config"
+	mkdir "$USER_HOME/mnt"
+	chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
+	# only members of the cryptobox group may access the user directory
+	chmod 750 "$USER_HOME"
+	# no one may look into the config directory (protect init passwords)
+	chmod 700 "$USER_HOME/config"
+ fi
+
+# set permissions for suid wrappers
+chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper"
+chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper"
+chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox"
+chmod 6755 "/usr/lib/cgi-bin/cryptobox"
 
 # add the cryptobox startup script to /etc/rc?.d
-update-rc.d cryptobox defaults 98
+update-rc.d cryptobox defaults
 
 invoke-rc.d cryptobox restart
 
-if grep -q "cryptobox package.*HEADER" /etc/sudoers
-   then	true
-   else	echo "Adding a new (disabled) entry to /etc/sudoers"
-		cat >>/etc/sudoers <<-EOF
-		######### Automatically inserted by cryptobox package - do not remove - HEADER ######
-		# read /usr/share/doc/cryptobox/SECURITY carefully before enabling the following line
-		#www-data	ALL=NOPASSWD:/usr/lib/cryptobox/cbox-root-actions.sh
-		######### Automatically inserted by cryptobox package - do not remove - FOOTER ######
-		EOF
-  fi
-
 true
+
diff --git a/debian/postrm b/debian/postrm
index f24e5e4..6d16264 100755
--- a/debian/postrm
+++ b/debian/postrm
@@ -3,16 +3,11 @@
 # remove symlinks in /etc/rc?.d
 [ "$1" = "purge" ] && update-rc.d cryptobox remove
 
-if [ "$1" = "purge" ] && grep -q "cryptobox package.*HEADER" /etc/sudoers
-	then	echo "Removing entry from /etc/sudoers"
-			sed -i "/cryptobox package.*HEADER/,/cryptobox package.*FOOTER/d" /etc/sudoers
-			echo "Removing mount and config directories (/var/lib/cryptobox) ..."
-			rmdir /var/lib/cryptobox/mnt || echo "	mount directory not empty - skipped" >&2
-			mountpoint -q /var/lib/cryptobox/config || rm -rf /var/lib/cryptobox/config || \
-				echo "	failed to remove config directory - skipped" >&2
-			rmdir /var/lib/cryptobox || \
-				echo "	the cryptobox directory (/var/lib/cryptobox) has not been removed" >&2
-  fi
+if test "$1" = "purge" && getent passwd cryptobox &>/dev/null \
+	&& test "$(cd ~cryptobox;pwd)" = /var/lib/cryptobox 
+  then	echo "Removing user 'cryptobox' ..."
+	userdel -r cryptobox
+ fi
 
 # return without error
 true
diff --git a/debian/prerm b/debian/prerm
index 1774538..4be1943 100755
--- a/debian/prerm
+++ b/debian/prerm
@@ -1,5 +1,19 @@
 #!/bin/sh
 
+# read the default setting file, if it exists
+[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
+
+# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
+CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
+
+# parse config file
+if test -e "$CONF_FILE"
+  then	. "$CONF_FILE"
+  else	echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
+	exit 1
+ fi
+
 invoke-rc.d cryptobox stop
 
 true
+
diff --git a/debian/rules b/debian/rules
index 149a745..d2c4205 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,6 +15,7 @@ export DH_COMPAT=4
 # necessary for dpatch
 .NOTPARALLEL:
 
+DEB_BUILD_DIR=$(CURDIR)/debian/cryptobox
 
 configure: configure-stamp
 configure-stamp: patch
@@ -27,7 +28,7 @@ build: build-stamp
 
 build-stamp: configure-stamp 
 	dh_testdir
-	# PUT SOMETHING HERE
+	$(MAKE) build PREFIX=/usr
 	touch build-stamp
 
 clean: clean-patched unpatch
@@ -35,7 +36,7 @@ clean: clean-patched unpatch
 clean-patched:
 	dh_testdir
 	dh_testroot
-	# PUT SOMETHING HERE
+	$(MAKE) clean
 	rm -f build-stamp configure-stamp
 	dh_clean 
 
@@ -53,8 +54,11 @@ install: build
 	dh_testroot
 	dh_clean -k 
 	dh_installdirs
-
-	# PUT SOMETHING HERE
+	$(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr
+	install -c -m 644 build_dir/etc/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/
+	install -c -m 644 conf-examples/defaults-cryptobox.conf $(DEB_BUILD_DIR)/etc/default/cryptobox
+	install -c -m 755 bin/init-script.sh $(DEB_BUILD_DIR)/etc/init.d/cryptobox
+	install -c -m 755 bin/cryptobox_cgi_wrapper $(DEB_BUILD_DIR)/usr/lib/cgi-bin/cryptobox
 
 
 # Build architecture-independent files here.
diff --git a/doc/changelog b/doc/changelog
new file mode 100644
index 0000000..a033861
--- /dev/null
+++ b/doc/changelog
@@ -0,0 +1,28 @@
+Version 0.3 - 01/??/02006
+ * uses cryptsetup-luks instead of cryptsetup
+ * bugfix: add /dev/hdd to device scan
+ * support for usb, scsi and firewire cdrom drive
+ * seperated cryptobox package
+
+Version 0.2.1 - 10/22/02005
+ * fixed a critical bug in the initialisation process
+ * default cipher changed to "aes-cbc-essiv:sha256" (more secure)
+ * the boot menue (grub) is now protected
+ * support for usb and firewire harddisks
+ * new kernel: Linux 2.6.12.6
+ * minor language improvements
+
+Version 0.2 - 10/04/02005
+ * first public release
+ * fully configurable via web interface
+ * AES encryption via device-mapper
+ * Samba v3.0.14a-3
+ * Linux 2.6.11
+ * based on Debian GNU/Linux 3.1
+ * documentation languages:
+   * English
+   * German 
+ * interface languages:
+   * English
+   * German
+   * Slovenian 
diff --git a/doc/changelog.Debian.gz b/doc/changelog.Debian.gz
deleted file mode 100644
index 938ac74d85ff8cb9d29002d2ebc2694bc4ca7185..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 156
zcmV;N0Av3jiwFov_KZUU17m1mZf9j|Z)Yw<WnyVzZU6<r%MOAt5CzbEzv3=^(F_7H
z!AIO0ja%1+4u)i;WJ*!~-g8=A#wj%6hZWhvQkJighB&!K_=u!$9@^zB;cI{mZbLuy
zPM|F8A{%5G9!?|fnj+)md1krB^cg#KB5XZhfEW863c@qY*b`Ntye_M{JYY*Xk@*8$
KOP{ZV0000JWkV(a

diff --git a/doc/changelog.gz b/doc/changelog.gz
deleted file mode 100644
index 93d334e1bb5a041185a5266b29865285734f2962..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 485
zcmV<B0UG`viwFn~c#cB?17m1mZf9j|Z)X6FQax|nFbv)AR}h(!qW-+(hFgLF4YCwn
z4$V$Uv@M)03HtC|{(UJM4K6^34z_9WJ(BNH?-ZhT7TS6b6|`OR{M@vC+a7lC4RWLi
zGJN<HDP>=oe2$=POoR&DaFZ%%k;g$_kAO-+qiAU+4w3^7wIqlVZGpw?y$cBj7r24=
z&WWf2t%5-Zy6^*11vi5VdZCp;o&qLPTSF(@6+Fr_j<nmoe+ua9jwN($)Ay@{r^4ll
zn1{^NNlP?kN|pd=BL46h8XYl}3O+bVF&37h0kcUUwVx<}oY0Q6in&9Il@zjKq+X73
z!v5)S2lun%xg*IO=%G|7^@Vc@X0n;!ehgVWfR13@rF2RpS<pZH`0B)jK`9;2>r|F5
zaHe3%9O0+7`3ik~s5^d@?5r(UFg$5yV?fW`Wg%{#;un`TkJ`suk3vk~voKmhAVU~e
z--m3>2S{fJJ?4PI5G)$uLV~SJ6b6(l?&b9aWY^u49tE@QyqeMT>I&wBvp`t(bz66j
zSnbQ%jfQT$K-`z_m4zQ9G+KE3^}E?H`+5Z^Cvy?B?dz}9c-#SS_SKHO%W3<0qcC%c
b!up)`e;8YQGHjhKGwl8V(+#tOAp-yajj82#