Makefile created
debian installer improved binary suid wrappers added
This commit is contained in:
parent
6579b05754
commit
d0d27ea05e
60
Makefile
Normal file
60
Makefile
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
#
|
||||||
|
# Makefile for the cryptobox web-interface
|
||||||
|
#
|
||||||
|
# Copyright (c) 02006 senselab
|
||||||
|
#
|
||||||
|
|
||||||
|
CRYPTOBOX_ROOT = .
|
||||||
|
|
||||||
|
PREFIX = /usr/local
|
||||||
|
SHARE_DIR = $(PREFIX)/share/cryptobox
|
||||||
|
LIB_DIR = $(PREFIX)/lib/cryptobox
|
||||||
|
DOC_DIR = $(PREFIX)/share/doc/cryptobox
|
||||||
|
BUILD_DIR = build_dir
|
||||||
|
INSTALL = install
|
||||||
|
|
||||||
|
.PHONY: install clean build
|
||||||
|
|
||||||
|
build:
|
||||||
|
$(INSTALL) -d -m 755 $(BUILD_DIR)/etc
|
||||||
|
$(INSTALL) -c -m 644 conf-examples/cryptobox.conf $(BUILD_DIR)/etc/
|
||||||
|
@sed -i 's#^HTML_TEMPLATE_DIR=.*$$#HTML_TEMPLATE_DIR=$(SHARE_DIR)/templates#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||||
|
@sed -i 's#^LANGUAGE_DIR=.*$$#LANGUAGE_DIR=$(SHARE_DIR)/lang#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||||
|
@sed -i 's#^DOC_DIR=.*$$#DOC_DIR=$(DOC_DIR)/html#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||||
|
@sed -i 's#^CONFIG_DEFAULTS_DIR=.*$$#CONFIG_DEFAULTS_DIR=$(SHARE_DIR)/defaults#' $(BUILD_DIR)/etc/cryptobox.conf
|
||||||
|
|
||||||
|
# compile the suid wrapper
|
||||||
|
$(MAKE) -C bin LIB_DIR=$(LIB_DIR)
|
||||||
|
@touch $(BUILD_DIR)-stamp
|
||||||
|
|
||||||
|
|
||||||
|
install: $(BUILD_DIR)-stamp
|
||||||
|
$(INSTALL) -d -m 755 $(LIB_DIR)
|
||||||
|
$(INSTALL) -c -m 755 bin/cbox-manage.sh $(LIB_DIR)
|
||||||
|
$(INSTALL) -c -m 755 bin/cbox-root-actions.sh $(LIB_DIR)
|
||||||
|
$(INSTALL) -c -m 755 bin/cryptobox.pl $(LIB_DIR)
|
||||||
|
$(INSTALL) -c -m 755 bin/cryptobox_cgi_wrapper $(LIB_DIR)
|
||||||
|
$(INSTALL) -c -m 4755 bin/cryptobox_root_wrapper $(LIB_DIR)
|
||||||
|
$(INSTALL) -d -m 755 $(SHARE_DIR)/lang
|
||||||
|
$(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/
|
||||||
|
$(INSTALL) -d -m 755 $(SHARE_DIR)/templates
|
||||||
|
$(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates
|
||||||
|
$(INSTALL) -d -m 755 $(SHARE_DIR)/defaults
|
||||||
|
$(INSTALL) -c -m 644 conf-examples/default-settings/* $(SHARE_DIR)/defaults/
|
||||||
|
$(INSTALL) -d -m 755 $(SHARE_DIR)/html
|
||||||
|
$(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/
|
||||||
|
$(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/
|
||||||
|
$(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/
|
||||||
|
$(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots
|
||||||
|
$(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/
|
||||||
|
$(INSTALL) -d -m 755 $(DOC_DIR)/html/en
|
||||||
|
$(INSTALL) -d -m 755 $(DOC_DIR)/html/de
|
||||||
|
$(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/
|
||||||
|
$(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/
|
||||||
|
|
||||||
|
|
||||||
|
clean:
|
||||||
|
$(MAKE) -C bin clean
|
||||||
|
-rm -rf $(BUILD_DIR)
|
||||||
|
-rm -f $(BUILD_DIR)-stamp
|
||||||
|
|
37
bin/Makefile
Normal file
37
bin/Makefile
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
# Makefile to compile the binary suid-wrapper for cryptobox
|
||||||
|
#
|
||||||
|
# LIB_DIR should be defined in the higher level Makefile
|
||||||
|
#
|
||||||
|
|
||||||
|
HEADER_FILE = cryptobox_wrapper.h
|
||||||
|
SRC_FILE = cryptobox_wrapper.c
|
||||||
|
CGI_SUID_FILE = cryptobox_cgi_wrapper
|
||||||
|
ROOT_SUID_FILE = cryptobox_root_wrapper
|
||||||
|
|
||||||
|
CGI_FILENAME = cryptobox.pl
|
||||||
|
ROOT_SCRIPT_FILENAME = cbox-root-actions.sh
|
||||||
|
# fall back to default, if not overwritten
|
||||||
|
LIB_DIR = /usr/local/lib/cryptobox
|
||||||
|
|
||||||
|
|
||||||
|
# _always_ recompile (in case of a changed LIB_DIR)
|
||||||
|
.PHONY: build clean $(CGI_SUID_FILE) $(ROOT_SUID_FILE)
|
||||||
|
|
||||||
|
build: $(CGI_SUID_FILE) $(ROOT_SUID_FILE)
|
||||||
|
|
||||||
|
|
||||||
|
$(CGI_SUID_FILE): $(SRC_FILE)
|
||||||
|
$(NOECHO) echo '#define EXEC_PATH "$(LIB_DIR)/$(CGI_FILENAME)"' >$(HEADER_FILE)
|
||||||
|
$(CC) -o $(CGI_SUID_FILE) $(SRC_FILE)
|
||||||
|
-rm $(HEADER_FILE)
|
||||||
|
|
||||||
|
|
||||||
|
$(ROOT_SUID_FILE): $(SRC_FILE)
|
||||||
|
$(NOECHO) echo '#define EXEC_PATH "$(LIB_DIR)/$(ROOT_SCRIPT_FILENAME)"' >$(HEADER_FILE)
|
||||||
|
$(CC) -o $(ROOT_SUID_FILE) $(SRC_FILE)
|
||||||
|
-rm $(HEADER_FILE)
|
||||||
|
|
||||||
|
|
||||||
|
clean:
|
||||||
|
-rm -f $(CGI_SUID_FILE) $(ROOT_SUID_FILE) $(HEADER_FILE)
|
||||||
|
|
|
@ -26,6 +26,8 @@ EXEC_FIREWALL_RULES=0
|
||||||
SKIP_NETWORK_CONFIG=1
|
SKIP_NETWORK_CONFIG=1
|
||||||
CONF_FILE=/etc/cryptobox/cryptobox.conf
|
CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||||
|
|
||||||
|
LIB_DIR=$(dirname "$0")
|
||||||
|
CONFIG_DIR=~/config
|
||||||
|
|
||||||
# read the default setting file, if it exists
|
# read the default setting file, if it exists
|
||||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||||
|
@ -38,6 +40,9 @@ CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||||
|
|
||||||
## configuration
|
## configuration
|
||||||
CERT_TEMP=/tmp/stunnel.pem
|
CERT_TEMP=/tmp/stunnel.pem
|
||||||
|
ROOT_PERM_SCRIPT=$(dirname "$0")/cryptobox_root_wrapper
|
||||||
|
# ROOT_PERM_SCRIPT needs the MNT_PARENT setting
|
||||||
|
export MNT_PARENT="$(cd ~; pwd)/mnt"
|
||||||
|
|
||||||
######## stuff ##########
|
######## stuff ##########
|
||||||
|
|
||||||
|
@ -69,12 +74,12 @@ function config_set_value()
|
||||||
# parameters: SettingName [SettingValue]
|
# parameters: SettingName [SettingValue]
|
||||||
# read from stdin if SettingValue is not defined
|
# read from stdin if SettingValue is not defined
|
||||||
{
|
{
|
||||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config rw
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && "$ROOT_PERM_SCRIPT" remount_config rw
|
||||||
if [ $# -gt 1 ]
|
if [ $# -gt 1 ]
|
||||||
then echo -n "$2" > "$CONFIG_DIR/$1"
|
then echo -n "$2" > "$CONFIG_DIR/$1"
|
||||||
else cat - >"$CONFIG_DIR/$1"
|
else cat - >"$CONFIG_DIR/$1"
|
||||||
fi
|
fi
|
||||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && sudo "$ROOT_PERM_SCRIPT" remount_config ro
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && "$ROOT_PERM_SCRIPT" remount_config ro
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -115,10 +120,10 @@ function create_config()
|
||||||
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
||||||
then log_msg "Using static configuration ..."
|
then log_msg "Using static configuration ..."
|
||||||
else log_msg "Creating config filesystem ..."
|
else log_msg "Creating config filesystem ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
|
"$ROOT_PERM_SCRIPT" create_config "$device"
|
||||||
log_msg "Mounting config partition ..."
|
log_msg "Mounting config partition ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" mount_config "$device"
|
"$ROOT_PERM_SCRIPT" mount_config "$device"
|
||||||
sudo "$ROOT_PERM_SCRIPT" remount_config rw
|
"$ROOT_PERM_SCRIPT" remount_config rw
|
||||||
fi
|
fi
|
||||||
log_msg "Copying configuration defaults ..."
|
log_msg "Copying configuration defaults ..."
|
||||||
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
||||||
|
@ -154,11 +159,11 @@ function list_partitions_of_type()
|
||||||
local plaindata=
|
local plaindata=
|
||||||
local unused=
|
local unused=
|
||||||
for a in $ALL_PARTITIONS
|
for a in $ALL_PARTITIONS
|
||||||
do if sudo "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
|
do if "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a"
|
||||||
then crypto="$crypto /dev/$a"
|
then crypto="$crypto /dev/$a"
|
||||||
elif sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
|
elif "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a"
|
||||||
then config="$config /dev/$a"
|
then config="$config /dev/$a"
|
||||||
elif sudo "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
|
elif "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a"
|
||||||
then plaindata="$plaindata /dev/$a"
|
then plaindata="$plaindata /dev/$a"
|
||||||
else unused="$unused /dev/$a"
|
else unused="$unused /dev/$a"
|
||||||
fi
|
fi
|
||||||
|
@ -178,7 +183,7 @@ function list_partitions_of_type()
|
||||||
function get_crypto_uuid()
|
function get_crypto_uuid()
|
||||||
# Parameter: DEVICE
|
# Parameter: DEVICE
|
||||||
{
|
{
|
||||||
sudo "$ROOT_PERM_SCRIPT" get_device_name "$1"
|
"$ROOT_PERM_SCRIPT" get_device_name "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -216,7 +221,6 @@ function does_crypto_name_exist()
|
||||||
function create_crypto()
|
function create_crypto()
|
||||||
# Parameter: DEVICE NAME KEYFILE
|
# Parameter: DEVICE NAME KEYFILE
|
||||||
# keyfile is necessary, to allow background execution via 'at'
|
# keyfile is necessary, to allow background execution via 'at'
|
||||||
# TODO: check if the keyfile is still necessary for sudo -b
|
|
||||||
{
|
{
|
||||||
local device=$1
|
local device=$1
|
||||||
local name=$2
|
local name=$2
|
||||||
|
@ -229,7 +233,7 @@ function create_crypto()
|
||||||
rm "$keyfile"
|
rm "$keyfile"
|
||||||
|
|
||||||
log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device"
|
log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device"
|
||||||
echo "$key" | sudo "$ROOT_PERM_SCRIPT" create_crypto "$device"
|
echo "$key" | "$ROOT_PERM_SCRIPT" create_crypto "$device"
|
||||||
|
|
||||||
set_crypto_name "$device" "$name"
|
set_crypto_name "$device" "$name"
|
||||||
}
|
}
|
||||||
|
@ -302,9 +306,9 @@ function load_config()
|
||||||
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
||||||
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
||||||
do log_msg "Trying to load configuration from /dev/$part ..."
|
do log_msg "Trying to load configuration from /dev/$part ..."
|
||||||
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
if "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
||||||
then log_msg "configuraton found on $part"
|
then log_msg "configuraton found on $part"
|
||||||
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
"$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
||||||
status=1
|
status=1
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -324,7 +328,7 @@ function unload_config()
|
||||||
is_config_active || return
|
is_config_active || return
|
||||||
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
||||||
if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
||||||
then sudo "$ROOT_PERM_SCRIPT" umount_config
|
then "$ROOT_PERM_SCRIPT" umount_config
|
||||||
else true
|
else true
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -338,7 +342,7 @@ function mount_crypto()
|
||||||
is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return
|
is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return
|
||||||
# passphrase is read from stdin
|
# passphrase is read from stdin
|
||||||
log_msg "Mounting a crypto partition from $device"
|
log_msg "Mounting a crypto partition from $device"
|
||||||
sudo "$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
|
"$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -347,7 +351,7 @@ function umount_crypto()
|
||||||
{
|
{
|
||||||
local device=$1
|
local device=$1
|
||||||
local uuid=$(get_crypto_uuid $device)
|
local uuid=$(get_crypto_uuid $device)
|
||||||
sudo "$ROOT_PERM_SCRIPT" umount "$uuid"
|
"$ROOT_PERM_SCRIPT" umount "$uuid"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -358,7 +362,7 @@ function box_purge()
|
||||||
# TODO: not ALL harddisks, please!
|
# TODO: not ALL harddisks, please!
|
||||||
get_available_disks | while read a
|
get_available_disks | while read a
|
||||||
do log_msg "Purging $a ..."
|
do log_msg "Purging $a ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
|
"$ROOT_PERM_SCRIPT" trash_device "$a"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -371,7 +375,7 @@ function init_cryptobox()
|
||||||
turn_off_all_crypto
|
turn_off_all_crypto
|
||||||
unload_config || true
|
unload_config || true
|
||||||
log_msg "Partitioning the device ($device) ..."
|
log_msg "Partitioning the device ($device) ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
"$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
||||||
log_msg "Initializing config partition on ${device}1 ..."
|
log_msg "Initializing config partition on ${device}1 ..."
|
||||||
# TODO: this should not be hard-coded
|
# TODO: this should not be hard-coded
|
||||||
create_config "${device}1"
|
create_config "${device}1"
|
||||||
|
@ -518,7 +522,7 @@ case "$ACTION" in
|
||||||
# reconfigure the network interface to a new IP address
|
# reconfigure the network interface to a new IP address
|
||||||
# wait for 5 seconds to finish present http requests
|
# wait for 5 seconds to finish present http requests
|
||||||
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||||
then echo -n "sleep 5; sudo $ROOT_PERM_SCRIPT update_network" | at now
|
then echo -n "sleep 5; \"$ROOT_PERM_SCRIPT\" update_network" | at now
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
get_available_disks )
|
get_available_disks )
|
||||||
|
@ -537,7 +541,7 @@ case "$ACTION" in
|
||||||
;;
|
;;
|
||||||
diskinfo )
|
diskinfo )
|
||||||
get_available_disks | while read a
|
get_available_disks | while read a
|
||||||
do sudo "$ROOT_PERM_SCRIPT" diskinfo "$a"
|
do "$ROOT_PERM_SCRIPT" diskinfo "$a"
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
box-purge )
|
box-purge )
|
||||||
|
|
|
@ -17,6 +17,13 @@ use strict;
|
||||||
use CGI;
|
use CGI;
|
||||||
use ClearSilver;
|
use ClearSilver;
|
||||||
use ConfigFile;
|
use ConfigFile;
|
||||||
|
use English;
|
||||||
|
|
||||||
|
# drop privileges
|
||||||
|
$UID = $EUID;
|
||||||
|
$GID = $EGID;
|
||||||
|
|
||||||
|
$ENV{'PATH'} = '/bin:/usr/bin';
|
||||||
|
|
||||||
my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
|
my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
|
||||||
|
|
||||||
|
@ -25,10 +32,14 @@ my $pagedata;
|
||||||
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
|
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
|
||||||
my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL);
|
my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL);
|
||||||
|
|
||||||
|
# get the directory of the cryptobox scripts/binaries and untaint it
|
||||||
|
$CB_SCRIPT = $0;
|
||||||
|
$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/;
|
||||||
|
$CB_SCRIPT = "$1/cbox-manage.sh";
|
||||||
|
|
||||||
&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
|
&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
|
||||||
my $config = ConfigFile::read_config_file($CONFIG_FILE);
|
my $config = ConfigFile::read_config_file($CONFIG_FILE);
|
||||||
|
|
||||||
$CB_SCRIPT = $config->{CB_SCRIPT};
|
|
||||||
$LOG_FILE = $config->{LOG_FILE};
|
$LOG_FILE = $config->{LOG_FILE};
|
||||||
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
||||||
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
|
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
|
||||||
|
@ -38,7 +49,9 @@ $IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT});
|
||||||
$STYLESHEET_URL = $config->{STYLESHEET_URL};
|
$STYLESHEET_URL = $config->{STYLESHEET_URL};
|
||||||
|
|
||||||
# TODO: just a quick-and-dirty hack during migration to multiple containers
|
# TODO: just a quick-and-dirty hack during migration to multiple containers
|
||||||
my $CRYPTO_DEV = `$CB_SCRIPT get_available_disks | cut -f 1 -d " " | tr "\n" "2"`;
|
my $CRYPTO_DEV = &get_available_disks();
|
||||||
|
$CRYPTO_DEV =~ m/^([\w\/_\-\.]*)$/;
|
||||||
|
$CRYPTO_DEV = "${1}2";
|
||||||
|
|
||||||
my $query = new CGI;
|
my $query = new CGI;
|
||||||
|
|
||||||
|
@ -96,7 +109,7 @@ sub load_selected_language
|
||||||
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
|
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
|
||||||
|
|
||||||
# load configured language, if it is valid
|
# load configured language, if it is valid
|
||||||
$config_language = `$CB_SCRIPT get_config language`;
|
$config_language = &exec_cb_script("get_config","language");
|
||||||
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
|
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
|
||||||
|
|
||||||
# check for preferred browser language, if the box was not initialized yet
|
# check for preferred browser language, if the box was not initialized yet
|
||||||
|
@ -199,50 +212,72 @@ sub check_ssl
|
||||||
# BEWARE: dirty trick - is there a better way?
|
# BEWARE: dirty trick - is there a better way?
|
||||||
# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
|
# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
|
||||||
# its own IP (localhost, of course)
|
# its own IP (localhost, of course)
|
||||||
|
# TODO: this does not work with a native ssl webserver
|
||||||
return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
|
return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub check_mounted
|
sub check_mounted
|
||||||
{
|
{
|
||||||
return (system("$CB_SCRIPT","is_crypto_mounted",$CRYPTO_DEV) == 0);
|
return (system($CB_SCRIPT,"is_crypto_mounted",$CRYPTO_DEV) == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub check_config
|
sub check_config
|
||||||
{
|
{
|
||||||
return (system("$CB_SCRIPT","is_config_mounted",$CRYPTO_DEV) == 0);
|
return (system($CB_SCRIPT,"is_config_mounted") == 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
sub exec_cb_script {
|
||||||
|
my (@params) = @_;
|
||||||
|
my ($pid, @result);
|
||||||
|
&fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|"));
|
||||||
|
if (!$pid) {
|
||||||
|
# child
|
||||||
|
exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!");
|
||||||
|
exit 0;
|
||||||
|
} else {
|
||||||
|
# parent
|
||||||
|
@result = <PROG_OUT>;
|
||||||
|
close PROG_OUT or warn "error while running $CB_SCRIPT: $?";
|
||||||
|
}
|
||||||
|
if (wantarray) {
|
||||||
|
return @result;
|
||||||
|
} else {
|
||||||
|
return join('',@result);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub check_init_running
|
sub check_init_running
|
||||||
{
|
{
|
||||||
return (system("$CB_SCRIPT","is_init_running") == 0);
|
return (system($CB_SCRIPT,"is_init_running") == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub is_harddisk_available
|
sub is_harddisk_available
|
||||||
{
|
{
|
||||||
return (system("$CB_SCRIPT","is_harddisk_available") == 0);
|
return (system($CB_SCRIPT,"is_harddisk_available") == 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_available_disks
|
sub get_available_disks
|
||||||
# TODO: this is useful for diskselection buttons
|
# TODO: this is useful for diskselection buttons
|
||||||
{
|
{
|
||||||
return `$CB_SCRIPT get_available_disks`;
|
return &exec_cb_script("get_available_disks");
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_current_ip
|
sub get_current_ip
|
||||||
# the IP of eth0 - not the configured value of the box (only for validation)
|
# the IP of eth0 - not the configured value of the box (only for validation)
|
||||||
{
|
{
|
||||||
return `$CB_SCRIPT get_current_ip`;
|
return &exec_cb_script("get_current_ip");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub get_admin_pw
|
sub get_admin_pw
|
||||||
# returns the current administration password - empty, if it is not used
|
# returns the current administration password - empty, if it is not used
|
||||||
{
|
{
|
||||||
return `$CB_SCRIPT get_config admin_pw`;
|
return &exec_cb_script("get_config","admin_pw");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -275,7 +310,7 @@ sub mount_vol
|
||||||
sub umount_vol
|
sub umount_vol
|
||||||
{
|
{
|
||||||
if (&check_mounted) {
|
if (&check_mounted) {
|
||||||
system("$CB_SCRIPT", "crypto-down",$CRYPTO_DEV);
|
system($CB_SCRIPT, "crypto-down",$CRYPTO_DEV);
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Warning', 'NotMounted');
|
$pagedata->setValue('Data.Warning', 'NotMounted');
|
||||||
}
|
}
|
||||||
|
@ -286,7 +321,7 @@ sub box_init
|
||||||
{
|
{
|
||||||
my ($crypto_pw, $admin_pw) = @_;
|
my ($crypto_pw, $admin_pw) = @_;
|
||||||
|
|
||||||
system("$CB_SCRIPT", "init") || return 1;
|
system($CB_SCRIPT, "init") || return 1;
|
||||||
|
|
||||||
# partitioning, config and initial cryptsetup
|
# partitioning, config and initial cryptsetup
|
||||||
# TODO: define the name of the crypto container
|
# TODO: define the name of the crypto container
|
||||||
|
@ -295,25 +330,26 @@ sub box_init
|
||||||
close(PW_INPUT);
|
close(PW_INPUT);
|
||||||
|
|
||||||
# set administration password
|
# set administration password
|
||||||
system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
|
$admin_pw =~ m/^(.*)$/;
|
||||||
|
system($CB_SCRIPT, "set_config", "admin_pw", $1);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub box_purge
|
sub box_purge
|
||||||
{
|
{
|
||||||
system("$CB_SCRIPT", "box-purge");
|
system($CB_SCRIPT, "box-purge");
|
||||||
}
|
}
|
||||||
|
|
||||||
sub system_poweroff
|
sub system_poweroff
|
||||||
{
|
{
|
||||||
&umount_vol() if (&check_mounted());
|
&umount_vol() if (&check_mounted());
|
||||||
system("$CB_SCRIPT", "poweroff");
|
system($CB_SCRIPT, "poweroff");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
sub system_reboot
|
sub system_reboot
|
||||||
{
|
{
|
||||||
&umount_vol() if (&check_mounted());
|
&umount_vol() if (&check_mounted());
|
||||||
system("$CB_SCRIPT", "reboot");
|
system($CB_SCRIPT, "reboot");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -367,6 +403,7 @@ sub validate_doc_language
|
||||||
|
|
||||||
|
|
||||||
$pagedata = load_hdf();
|
$pagedata = load_hdf();
|
||||||
|
my $current_admin_pw;
|
||||||
|
|
||||||
# BEWARE: there are two kinds of actions:
|
# BEWARE: there are two kinds of actions:
|
||||||
# * some require a harddisk
|
# * some require a harddisk
|
||||||
|
@ -522,7 +559,7 @@ if ( ! &check_ssl()) {
|
||||||
}
|
}
|
||||||
#################### init_do ########################
|
#################### init_do ########################
|
||||||
} elsif ($action eq 'init_do') {
|
} elsif ($action eq 'init_do') {
|
||||||
my $current_admin_pw = &get_admin_pw;
|
$current_admin_pw = &get_admin_pw;
|
||||||
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
||||||
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
||||||
$pagedata->setValue('Data.Action', 'form_init');
|
$pagedata->setValue('Data.Action', 'form_init');
|
||||||
|
@ -566,7 +603,7 @@ if ( ! &check_ssl()) {
|
||||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||||
$pagedata->setValue('Data.Action', 'form_init');
|
$pagedata->setValue('Data.Action', 'form_init');
|
||||||
} else {
|
} else {
|
||||||
my $current_admin_pw = &get_admin_pw;
|
$current_admin_pw = &get_admin_pw;
|
||||||
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
||||||
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
||||||
$pagedata->setValue('Data.Action', 'form_config');
|
$pagedata->setValue('Data.Action', 'form_config');
|
||||||
|
@ -580,16 +617,16 @@ if ( ! &check_ssl()) {
|
||||||
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
||||||
$pagedata->setValue('Data.Action', 'form_config');
|
$pagedata->setValue('Data.Action', 'form_config');
|
||||||
} else {
|
} else {
|
||||||
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
|
system($CB_SCRIPT, "set_config", "language", $query->param('language'));
|
||||||
&load_selected_language($pagedata);
|
&load_selected_language($pagedata);
|
||||||
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
|
system($CB_SCRIPT, "set_config", "timeout", $query->param('timeout'));
|
||||||
# check, if the ip was reconfigured
|
# check, if the ip was reconfigured
|
||||||
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
|
if ($query->param('ip') ne &exec_cb_script("get_config","ip"))
|
||||||
{
|
{
|
||||||
# set the new value
|
# set the new value
|
||||||
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
|
system($CB_SCRIPT, "set_config", "ip", $query->param('ip'));
|
||||||
# reconfigure the network interface
|
# reconfigure the network interface
|
||||||
system("$CB_SCRIPT", "update_ip_address");
|
system($CB_SCRIPT, "update_ip_address");
|
||||||
# redirect to the new address
|
# redirect to the new address
|
||||||
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "5");
|
$pagedata->setValue('Data.Redirect.Delay', "5");
|
||||||
|
@ -597,11 +634,11 @@ if ( ! &check_ssl()) {
|
||||||
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
||||||
}
|
}
|
||||||
# check for success
|
# check for success
|
||||||
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
|
if (&exec_cb_script("get_config","timeout") ne $query->param('timeout')) {
|
||||||
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
||||||
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
|
} elsif (&exec_cb_script("get_config","ip") ne $query->param('ip')) {
|
||||||
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
||||||
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
|
} elsif (&exec_cb_script("get_config","language") ne $query->param('language')) {
|
||||||
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
||||||
|
@ -630,7 +667,7 @@ if ( ! &check_ssl()) {
|
||||||
# if we find an existing config partition, then check the adminpw
|
# if we find an existing config partition, then check the adminpw
|
||||||
} elsif ($action eq 'do_purge') {
|
} elsif ($action eq 'do_purge') {
|
||||||
if ( &check_config()) {
|
if ( &check_config()) {
|
||||||
my $current_admin_pw = &get_admin_pw;
|
$current_admin_pw = &get_admin_pw;
|
||||||
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
||||||
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
||||||
$pagedata->setValue('Data.Action', 'form_config');
|
$pagedata->setValue('Data.Action', 'form_config');
|
||||||
|
@ -673,13 +710,13 @@ $pagedata->setValue('Data.Status.IP', "$output");
|
||||||
$output = &get_admin_pw();
|
$output = &get_admin_pw();
|
||||||
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
|
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
|
||||||
|
|
||||||
$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
|
$output = join ("<br/>", &exec_cb_script("diskinfo"));
|
||||||
$pagedata->setValue('Data.PartitionInfo',"$output");
|
$pagedata->setValue('Data.PartitionInfo',"$output");
|
||||||
|
|
||||||
# preset config settings for clearsilver
|
# preset config settings for clearsilver
|
||||||
$pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`);
|
$pagedata->setValue('Data.Config.IP', &exec_cb_script("get_config","ip"));
|
||||||
$pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`);
|
$pagedata->setValue('Data.Config.TimeOut', &exec_cb_script("get_config","timeout"));
|
||||||
$pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);
|
$pagedata->setValue('Data.Config.Language', &exec_cb_script("get_config","language"));
|
||||||
|
|
||||||
# read log and add html linebreaks
|
# read log and add html linebreaks
|
||||||
$output = '';
|
$output = '';
|
||||||
|
|
21
bin/cryptobox_wrapper.c
Normal file
21
bin/cryptobox_wrapper.c
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
/* $Id$ */
|
||||||
|
|
||||||
|
// define the location of your cryptobox.pl file in this header file
|
||||||
|
#include "cryptobox_wrapper.h"
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
/* C wrapper to allow cryptobox to run under a different uid */
|
||||||
|
/* Copyright (C) 02006, senselab, All Rights Reserved */
|
||||||
|
/* See the LICENSE file in this distribution for copyright information */
|
||||||
|
|
||||||
|
int main(int argc, char *argv[]) {
|
||||||
|
|
||||||
|
// necessary for mount action of the root-script
|
||||||
|
setreuid(geteuid(), -1);
|
||||||
|
|
||||||
|
argv[0] = EXEC_PATH;
|
||||||
|
execv(EXEC_PATH, argv);
|
||||||
|
|
||||||
|
}
|
57
bin/init-script.sh
Executable file
57
bin/init-script.sh
Executable file
|
@ -0,0 +1,57 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# runlevel script of the cryptobox package
|
||||||
|
#
|
||||||
|
# Copyright (c) 02006, senselab
|
||||||
|
#
|
||||||
|
# see LICENSE file in this package for details
|
||||||
|
#
|
||||||
|
|
||||||
|
# check if the cryptobox is installed
|
||||||
|
[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0
|
||||||
|
|
||||||
|
# read the default setting file, if it exists
|
||||||
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||||
|
|
||||||
|
# startup switch defaults to zero (enabled)
|
||||||
|
NO_START=${NO_START:-0}
|
||||||
|
|
||||||
|
if [ "$NO_START" = "1" ]
|
||||||
|
then [ $# -eq 0 ] && exit 0
|
||||||
|
[ "$1" = "status" ] && exit 1
|
||||||
|
[ "$1" = "stop" ] && exit 0
|
||||||
|
echo "CryptoBox is disabled by default"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||||
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||||
|
|
||||||
|
# parse config file
|
||||||
|
if [ -e "$CONF_FILE" ]
|
||||||
|
then . "$CONF_FILE"
|
||||||
|
else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start )
|
||||||
|
# nothing to be done
|
||||||
|
;;
|
||||||
|
stop )
|
||||||
|
# unmount all active containers
|
||||||
|
ls ~$CRYPTOBOX_USER/mnt/ | while read mnt_dir
|
||||||
|
do grep -q " ~$CRYPTOBOX_USER/mnt/$mnt_dir " /proc/mounts || continue
|
||||||
|
"$LIB_DIR/cbox-manage.sh" crypto-down "$mnt_dir"
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
restart )
|
||||||
|
"$0" stop
|
||||||
|
"$0" start
|
||||||
|
;
|
||||||
|
* )
|
||||||
|
echo "invalid action specified - try { start | stop | restart }" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
LANGUAGE=en
|
LANGUAGE=en
|
||||||
NET_IFACE=eth0
|
NET_IFACE=eth0
|
||||||
FILE_USER=cryptobox-data
|
FILE_USER=cryptobox-data
|
||||||
WEB_USER=www-data
|
CRYPTOBOX_USER=cryptobox
|
||||||
SCAN_DEVICES="sda"
|
SCAN_DEVICES="sda"
|
||||||
#SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
|
#SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
|
||||||
|
|
||||||
|
@ -20,19 +20,9 @@ STYLESHEET_URL=/cryptobox-misc/cryptobox.css
|
||||||
LANGUAGE_DIR=/usr/share/cryptobox/lang
|
LANGUAGE_DIR=/usr/share/cryptobox/lang
|
||||||
DOC_DIR=/usr/share/doc/cryptobox/html
|
DOC_DIR=/usr/share/doc/cryptobox/html
|
||||||
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
|
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
|
||||||
CONFIG_DIR=/var/lib/cryptobox/config
|
|
||||||
MNT_PARENT=/var/lib/cryptobox/mnt
|
|
||||||
|
|
||||||
# some files
|
# some files
|
||||||
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
|
|
||||||
ROOT_PERM_SCRIPT=/usr/lib/cryptobox/cbox-root-actions.sh
|
|
||||||
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
|
|
||||||
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
|
|
||||||
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
|
|
||||||
LOG_FILE=/var/log/cryptobox.log
|
LOG_FILE=/var/log/cryptobox.log
|
||||||
CERT_FILE=/var/lib/cryptobox/config/stunnel.pem
|
|
||||||
OPENSSL_CONF_FILE=/etc/cryptobox/ssl-cert.conf
|
|
||||||
IDLE_COUNTER_FILE=/tmp/cbox-idle-counter
|
|
||||||
CONFIG_MARKER=cryptobox.marker
|
CONFIG_MARKER=cryptobox.marker
|
||||||
|
|
||||||
# crypto settings
|
# crypto settings
|
||||||
|
@ -45,12 +35,5 @@ SFDISK=/sbin/sfdisk
|
||||||
MKFS_DATA=/sbin/mkfs.ext3
|
MKFS_DATA=/sbin/mkfs.ext3
|
||||||
MKFS_CONFIG=/sbin/mkfs.ext2
|
MKFS_CONFIG=/sbin/mkfs.ext2
|
||||||
CRYPTSETUP=/sbin/cryptsetup
|
CRYPTSETUP=/sbin/cryptsetup
|
||||||
IPTABLES=/sbin/iptables
|
|
||||||
IFCONFIG=/sbin/ifconfig
|
IFCONFIG=/sbin/ifconfig
|
||||||
|
|
||||||
# firewall setings
|
|
||||||
# do not use multiports (iptables) as the timeout-script depends on
|
|
||||||
# single port rules
|
|
||||||
# ssh is allowed too, but the server is not started automatically
|
|
||||||
ALLOW_TCP_PORTS="22 80 139 443 445"
|
|
||||||
ALLOW_UDP_PORTS="137 138"
|
|
||||||
|
|
|
@ -10,17 +10,3 @@ NO_START=1
|
||||||
# change the default configuration file if necessary
|
# change the default configuration file if necessary
|
||||||
#CONF_FILE=/etc/cryptobox/cryptobox.conf
|
#CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||||
|
|
||||||
# should the cryptobox skip the network interface configuration?
|
|
||||||
# "0" means skip (default) --- "1" causes the cryptobox to configure it
|
|
||||||
SKIP_NETWORK_CONFIG=1
|
|
||||||
|
|
||||||
# should the cryptobox set some firewall (iptables) rules?
|
|
||||||
# if this is turned off, then you have to add the appropriate
|
|
||||||
# rules manually (if you need the timeout feature of the cryptobox)
|
|
||||||
# default is 0
|
|
||||||
EXEC_FIREWALL_RULES=0
|
|
||||||
|
|
||||||
# use stunnel for https support?
|
|
||||||
# default is 0
|
|
||||||
USE_STUNNEL=0
|
|
||||||
|
|
||||||
|
|
4
debian/conffiles
vendored
4
debian/conffiles
vendored
|
@ -1,6 +1,2 @@
|
||||||
/etc/cryptobox/cryptobox.conf
|
/etc/cryptobox/cryptobox.conf
|
||||||
/etc/cryptobox/ssl-cert.conf
|
|
||||||
/etc/cryptobox/revision
|
|
||||||
/etc/default/cryptobox
|
/etc/default/cryptobox
|
||||||
/etc/cron.d/cryptobox
|
|
||||||
/etc/init.d/cryptobox
|
|
||||||
|
|
2
debian/control
vendored
2
debian/control
vendored
|
@ -2,7 +2,7 @@ Source: cryptobox
|
||||||
Section: admin
|
Section: admin
|
||||||
Priority: extra
|
Priority: extra
|
||||||
Maintainer: sense.lab <senselab@systemausfall.org>
|
Maintainer: sense.lab <senselab@systemausfall.org>
|
||||||
Build-Depends: debhelper (>>3.0.0), dpatch
|
Build-Depends: debhelper (>>3.0.0), dpatch, gcc (>=2.95)
|
||||||
Standards-Version: 3.6.2
|
Standards-Version: 3.6.2
|
||||||
|
|
||||||
Package: cryptobox
|
Package: cryptobox
|
||||||
|
|
4
debian/dirs
vendored
4
debian/dirs
vendored
|
@ -1,2 +1,4 @@
|
||||||
etc/cryptobox
|
etc/cryptobox
|
||||||
usr/share/cryptobox
|
etc/default
|
||||||
|
etc/init.d
|
||||||
|
usr/lib/cgi-bin
|
||||||
|
|
1
debian/links
vendored
Normal file
1
debian/links
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
/usr/share/cryptobox/html /var/www/cryptobox-misc
|
44
debian/postinst
vendored
44
debian/postinst
vendored
|
@ -7,30 +7,40 @@
|
||||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||||
|
|
||||||
# parse config file
|
# parse config file
|
||||||
if [ -e "$CONF_FILE" ]
|
if test -e "$CONF_FILE"
|
||||||
then . "$CONF_FILE"
|
then . "$CONF_FILE"
|
||||||
# create mount and config directories with appropriate permissions
|
# create mount and config directories with appropriate permissions
|
||||||
[ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT"
|
test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
|
||||||
[ ! -e "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR" && \
|
|
||||||
chown "$WEB_USER" "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR"
|
|
||||||
[ ! -e "$LOG_FILE" ] && touch "$LOG_FILE" && chown "$WEB_USER" "$LOG_FILE"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if getent passwd "$CRYPTOBOX_USER" &>/dev/null
|
||||||
|
then # do nothing - the user already exists
|
||||||
|
true
|
||||||
|
else # create cryptobox user
|
||||||
|
echo "Creating new user '$CRYPTOBOX_USER' ..."
|
||||||
|
USER_HOME=/var/lib/cryptobox
|
||||||
|
adduser --system --group --home "$USER_HOME" cryptobox
|
||||||
|
# add the user to the group "plugdev" (necessary for pmount)
|
||||||
|
adduser cryptobox plugdev
|
||||||
|
cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config"
|
||||||
|
mkdir "$USER_HOME/mnt"
|
||||||
|
chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
|
||||||
|
# only members of the cryptobox group may access the user directory
|
||||||
|
chmod 750 "$USER_HOME"
|
||||||
|
# no one may look into the config directory (protect init passwords)
|
||||||
|
chmod 700 "$USER_HOME/config"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set permissions for suid wrappers
|
||||||
|
chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper"
|
||||||
|
chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper"
|
||||||
|
chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox"
|
||||||
|
chmod 6755 "/usr/lib/cgi-bin/cryptobox"
|
||||||
|
|
||||||
# add the cryptobox startup script to /etc/rc?.d
|
# add the cryptobox startup script to /etc/rc?.d
|
||||||
update-rc.d cryptobox defaults 98
|
update-rc.d cryptobox defaults
|
||||||
|
|
||||||
invoke-rc.d cryptobox restart
|
invoke-rc.d cryptobox restart
|
||||||
|
|
||||||
if grep -q "cryptobox package.*HEADER" /etc/sudoers
|
|
||||||
then true
|
|
||||||
else echo "Adding a new (disabled) entry to /etc/sudoers"
|
|
||||||
cat >>/etc/sudoers <<-EOF
|
|
||||||
######### Automatically inserted by cryptobox package - do not remove - HEADER ######
|
|
||||||
# read /usr/share/doc/cryptobox/SECURITY carefully before enabling the following line
|
|
||||||
#www-data ALL=NOPASSWD:/usr/lib/cryptobox/cbox-root-actions.sh
|
|
||||||
######### Automatically inserted by cryptobox package - do not remove - FOOTER ######
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
true
|
true
|
||||||
|
|
||||||
|
|
15
debian/postrm
vendored
15
debian/postrm
vendored
|
@ -3,16 +3,11 @@
|
||||||
# remove symlinks in /etc/rc?.d
|
# remove symlinks in /etc/rc?.d
|
||||||
[ "$1" = "purge" ] && update-rc.d cryptobox remove
|
[ "$1" = "purge" ] && update-rc.d cryptobox remove
|
||||||
|
|
||||||
if [ "$1" = "purge" ] && grep -q "cryptobox package.*HEADER" /etc/sudoers
|
if test "$1" = "purge" && getent passwd cryptobox &>/dev/null \
|
||||||
then echo "Removing entry from /etc/sudoers"
|
&& test "$(cd ~cryptobox;pwd)" = /var/lib/cryptobox
|
||||||
sed -i "/cryptobox package.*HEADER/,/cryptobox package.*FOOTER/d" /etc/sudoers
|
then echo "Removing user 'cryptobox' ..."
|
||||||
echo "Removing mount and config directories (/var/lib/cryptobox) ..."
|
userdel -r cryptobox
|
||||||
rmdir /var/lib/cryptobox/mnt || echo " mount directory not empty - skipped" >&2
|
fi
|
||||||
mountpoint -q /var/lib/cryptobox/config || rm -rf /var/lib/cryptobox/config || \
|
|
||||||
echo " failed to remove config directory - skipped" >&2
|
|
||||||
rmdir /var/lib/cryptobox || \
|
|
||||||
echo " the cryptobox directory (/var/lib/cryptobox) has not been removed" >&2
|
|
||||||
fi
|
|
||||||
|
|
||||||
# return without error
|
# return without error
|
||||||
true
|
true
|
||||||
|
|
14
debian/prerm
vendored
14
debian/prerm
vendored
|
@ -1,5 +1,19 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
# read the default setting file, if it exists
|
||||||
|
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||||
|
|
||||||
|
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||||
|
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||||
|
|
||||||
|
# parse config file
|
||||||
|
if test -e "$CONF_FILE"
|
||||||
|
then . "$CONF_FILE"
|
||||||
|
else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
invoke-rc.d cryptobox stop
|
invoke-rc.d cryptobox stop
|
||||||
|
|
||||||
true
|
true
|
||||||
|
|
||||||
|
|
12
debian/rules
vendored
12
debian/rules
vendored
|
@ -15,6 +15,7 @@ export DH_COMPAT=4
|
||||||
# necessary for dpatch
|
# necessary for dpatch
|
||||||
.NOTPARALLEL:
|
.NOTPARALLEL:
|
||||||
|
|
||||||
|
DEB_BUILD_DIR=$(CURDIR)/debian/cryptobox
|
||||||
|
|
||||||
configure: configure-stamp
|
configure: configure-stamp
|
||||||
configure-stamp: patch
|
configure-stamp: patch
|
||||||
|
@ -27,7 +28,7 @@ build: build-stamp
|
||||||
|
|
||||||
build-stamp: configure-stamp
|
build-stamp: configure-stamp
|
||||||
dh_testdir
|
dh_testdir
|
||||||
# PUT SOMETHING HERE
|
$(MAKE) build PREFIX=/usr
|
||||||
touch build-stamp
|
touch build-stamp
|
||||||
|
|
||||||
clean: clean-patched unpatch
|
clean: clean-patched unpatch
|
||||||
|
@ -35,7 +36,7 @@ clean: clean-patched unpatch
|
||||||
clean-patched:
|
clean-patched:
|
||||||
dh_testdir
|
dh_testdir
|
||||||
dh_testroot
|
dh_testroot
|
||||||
# PUT SOMETHING HERE
|
$(MAKE) clean
|
||||||
rm -f build-stamp configure-stamp
|
rm -f build-stamp configure-stamp
|
||||||
dh_clean
|
dh_clean
|
||||||
|
|
||||||
|
@ -53,8 +54,11 @@ install: build
|
||||||
dh_testroot
|
dh_testroot
|
||||||
dh_clean -k
|
dh_clean -k
|
||||||
dh_installdirs
|
dh_installdirs
|
||||||
|
$(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr
|
||||||
# PUT SOMETHING HERE
|
install -c -m 644 build_dir/etc/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/
|
||||||
|
install -c -m 644 conf-examples/defaults-cryptobox.conf $(DEB_BUILD_DIR)/etc/default/cryptobox
|
||||||
|
install -c -m 755 bin/init-script.sh $(DEB_BUILD_DIR)/etc/init.d/cryptobox
|
||||||
|
install -c -m 755 bin/cryptobox_cgi_wrapper $(DEB_BUILD_DIR)/usr/lib/cgi-bin/cryptobox
|
||||||
|
|
||||||
|
|
||||||
# Build architecture-independent files here.
|
# Build architecture-independent files here.
|
||||||
|
|
28
doc/changelog
Normal file
28
doc/changelog
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
Version 0.3 - 01/??/02006
|
||||||
|
* uses cryptsetup-luks instead of cryptsetup
|
||||||
|
* bugfix: add /dev/hdd to device scan
|
||||||
|
* support for usb, scsi and firewire cdrom drive
|
||||||
|
* seperated cryptobox package
|
||||||
|
|
||||||
|
Version 0.2.1 - 10/22/02005
|
||||||
|
* fixed a critical bug in the initialisation process
|
||||||
|
* default cipher changed to "aes-cbc-essiv:sha256" (more secure)
|
||||||
|
* the boot menue (grub) is now protected
|
||||||
|
* support for usb and firewire harddisks
|
||||||
|
* new kernel: Linux 2.6.12.6
|
||||||
|
* minor language improvements
|
||||||
|
|
||||||
|
Version 0.2 - 10/04/02005
|
||||||
|
* first public release
|
||||||
|
* fully configurable via web interface
|
||||||
|
* AES encryption via device-mapper
|
||||||
|
* Samba v3.0.14a-3
|
||||||
|
* Linux 2.6.11
|
||||||
|
* based on Debian GNU/Linux 3.1
|
||||||
|
* documentation languages:
|
||||||
|
* English
|
||||||
|
* German
|
||||||
|
* interface languages:
|
||||||
|
* English
|
||||||
|
* German
|
||||||
|
* Slovenian
|
Binary file not shown.
BIN
doc/changelog.gz
BIN
doc/changelog.gz
Binary file not shown.
Loading…
Reference in a new issue