diff --git a/DEBIAN/postinst b/DEBIAN/postinst
index 904e670..2951f7e 100755
--- a/DEBIAN/postinst
+++ b/DEBIAN/postinst
@@ -10,8 +10,7 @@ CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
if [ -e "$CONF_FILE" ]
then . "$CONF_FILE"
# create mount and config directories with appropriate permissions
- [ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT" && \
- chown "$WEB_USER" "$MNT_PARENT" && chmod 700 "$MNT_PARENT"
+ [ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT"
[ ! -e "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR" && \
chown "$WEB_USER" "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR"
[ ! -e "$LOG_FILE" ] && touch "$LOG_FILE" && chown "$WEB_USER" "$LOG_FILE"
diff --git a/cbox-tree.d/etc/cryptobox/cryptobox.conf b/cbox-tree.d/etc/cryptobox/cryptobox.conf
index 75fd7f8..342f46f 100644
--- a/cbox-tree.d/etc/cryptobox/cryptobox.conf
+++ b/cbox-tree.d/etc/cryptobox/cryptobox.conf
@@ -5,7 +5,8 @@ LANGUAGE=en
NET_IFACE=eth0
FILE_USER=cryptobox-data
WEB_USER=www-data
-SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
+SCAN_DEVICES="sda"
+#SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
# set this to "1" to create a dedicated configuration partition (very small)
# this should only be necessary, if your root filesystem is read-only (as for a live-cd)
diff --git a/cbox-tree.d/etc/init.d/cryptobox b/cbox-tree.d/etc/init.d/cryptobox
index a5d5065..9e6c35c 100755
--- a/cbox-tree.d/etc/init.d/cryptobox
+++ b/cbox-tree.d/etc/init.d/cryptobox
@@ -48,7 +48,7 @@ case "$1" in
if [ ! -e "$DEV_FEATURES_SCRIPT" ]; then
echo
echo "How to use the CryptoBox:"
- echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)'"
+ echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)/cryptobox'"
echo " * configure your CryptoBox via a webbrowser"
echo
else
@@ -68,9 +68,9 @@ case "$1" in
# exit if not running
"$0" status || exit 0
# shut down
- "$CB_SCRIPT" services-up
- "$CB_SCRIPT" network-up
- "$CB_SCRIPT" config-up
+ "$CB_SCRIPT" services-down
+ "$CB_SCRIPT" network-down
+ "$CB_SCRIPT" config-down
;;
restart | reload | force-reload )
$0 stop
diff --git a/cbox-tree.d/usr/lib/cgi-bin/cryptobox.pl b/cbox-tree.d/usr/lib/cgi-bin/cryptobox.pl
index 44c6b8d..dd6c545 100755
--- a/cbox-tree.d/usr/lib/cgi-bin/cryptobox.pl
+++ b/cbox-tree.d/usr/lib/cgi-bin/cryptobox.pl
@@ -404,7 +404,7 @@ if ( ! &check_ssl()) {
if ($query->param('type') eq 'reboot') {
&system_reboot();
$pagedata->setValue('Data.Success', 'ReBoot');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "180");
} else {
&system_poweroff();
@@ -441,7 +441,7 @@ if ( ! &check_ssl()) {
} else {
$pagedata->setValue('Data.Success', 'UmountDone');
$pagedata->setValue('Data.Action', 'empty');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
}
}
@@ -459,7 +459,7 @@ if ( ! &check_ssl()) {
} elsif (&check_mounted()) {
$pagedata->setValue('Data.Warning', 'IsMounted');
$pagedata->setValue('Data.Action', 'empty');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} elsif ($query->param('crypto_password') eq '') {
# leeres Passwort
@@ -474,7 +474,7 @@ if ( ! &check_ssl()) {
} else {
$pagedata->setValue('Data.Success', 'MountDone');
$pagedata->setValue('Data.Action', 'empty');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
}
}
@@ -491,7 +491,7 @@ if ( ! &check_ssl()) {
} elsif (&check_mounted()) {
$pagedata->setValue('Data.Warning', 'IsMounted');
$pagedata->setValue('Data.Action', 'empty');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
$pagedata->setValue('Data.Action', 'form_mount');
@@ -504,7 +504,7 @@ if ( ! &check_ssl()) {
} elsif ( ! &check_mounted()) {
$pagedata->setValue('Data.Warning', 'NotMounted');
$pagedata->setValue('Data.Action', 'empty');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
$pagedata->setValue('Data.Action', 'form_umount');
@@ -606,13 +606,13 @@ if ( ! &check_ssl()) {
} else {
$pagedata->setValue('Data.Success', 'ConfigSaved');
}
- $pagedata->setValue('Data.Action', 'status');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Action', 'show_status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "30");
}
}
#################### status #########################
- } elsif ($action eq 'status') {
+ } elsif ($action eq 'show_status') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'form_init');
@@ -622,8 +622,8 @@ if ( ! &check_ssl()) {
$pagedata->setValue('Data.Redirect.Action', 'form_config');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
- $pagedata->setValue('Data.Action', 'status');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Action', 'show_status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "60");
}
################### box_purge #######################
@@ -655,8 +655,8 @@ if ( ! &check_ssl()) {
$pagedata->setValue('Data.Redirect.Action', 'form_config');
$pagedata->setValue('Data.Redirect.Delay', "60");
} elsif (&check_config()) {
- $pagedata->setValue('Data.Action', 'status');
- $pagedata->setValue('Data.Redirect.Action', 'status');
+ $pagedata->setValue('Data.Action', 'show_status');
+ $pagedata->setValue('Data.Redirect.Action', 'show_status');
$pagedata->setValue('Data.Redirect.Delay', "60");
} else {
$pagedata->setValue('Data.Action', 'form_init');
diff --git a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
index 8f7c602..d79b215 100755
--- a/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
+++ b/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh
@@ -110,8 +110,9 @@ function create_config()
# Parameter: device
{
local device=$1
+ unload_config
# create the new configuration filesystem if it is not static
- if is_config_active || [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
+ if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
then log_msg "Using static configuration ..."
else log_msg "Creating config filesystem ..."
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
@@ -163,17 +164,9 @@ function list_partitions_of_type()
fi
done
case "$1" in
- config )
- echo "$config"
- ;;
- crypto )
- echo "$crypto"
- ;;
- plaindata )
- echo "$plaindata"
- ;;
- unused )
- echo "$unused"
+ config | crypto | plaindata | unused )
+ # dirty hack, but it works
+ eval "echo \$$1"
;;
* )
errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)"
@@ -303,27 +296,30 @@ function get_available_disks()
function load_config()
{
- # error if dynamic configuration is active
- # return if static configuration is active
- is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ] && return
+ unload_config
+ local status=0
# look for a configuration partition
- list_partitions_of_type config | head -1 | while read part
- do log_msg "Trying to load configuration from /dev/$part ..."
- if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
- then log_msg "configuraton found on $part"
- sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
- # copy certificate to /tmp in case of re-initialization
- # /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
- [ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
- return
- fi
- done
- log_msg "failed to locate config partition"
- return 1
+ [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
+ list_partitions_of_type config | while read part && [ "$status" = 0 ]
+ do log_msg "Trying to load configuration from /dev/$part ..."
+ if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
+ then log_msg "configuraton found on $part"
+ sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
+ status=1
+ fi
+ done
+ if is_config_active
+ then # copy certificate to /tmp in case of re-initialization
+ # /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
+ [ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
+ else log_msg "failed to locate config partition"
+ return 1
+ fi
+ true
}
-function umount_config()
+function unload_config()
{
is_config_active || return
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
@@ -362,7 +358,7 @@ function box_purge()
# TODO: not ALL harddisks, please!
get_available_disks | while read a
do log_msg "Purging $a ..."
- sudo "$ROOT_PERM_SCRIPT" trash_device "$a" >>"$LOG_FILE" 2>&1
+ sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
done
}
@@ -373,7 +369,7 @@ function init_cryptobox()
local device=$(find_harddisk)
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
turn_off_all_crypto
- is_config_active && umount_config || true
+ unload_config || true
log_msg "Partitioning the device ($device) ..."
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
log_msg "Initializing config partition on ${device}1 ..."
@@ -407,13 +403,10 @@ case "$ACTION" in
fi
;;
config-down )
- if is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
- then umount_config || error_msg 4 "Could not unmount configuration partition"
- else true
- fi
+ unload_config || error_msg 4 "Could not unmount configuration partition"
;;
network-up )
- if [ "$SKIP_NETWORK_CONFIG}" != 1 ]
+ if [ "$SKIP_NETWORK_CONFIG" != 1 ]
then conf_ip=$(config_get_value "ip")
log_msg "Configuring $NET_IFACE for $conf_ip ..."
echo "Configuring network interface for $NET_IFACE: $conf_ip"
@@ -445,7 +438,8 @@ case "$ACTION" in
fi
if [ "$USE_STUNNEL" = 1 ]
then log_msg "Stopping stunnel ..."
- killall stunnel
+ # TODO: what about a pid?
+ killall stunnel 2>/dev/null || true
fi
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
then log_msg "Shutting the network interface down ..."
@@ -455,12 +449,17 @@ case "$ACTION" in
services-up )
# the mount point has to be writeable
# this action is called as root - so we are allowed to umount
- mount -t tmpfs tmpfs "$MNT_PARENT"
- # is something special necessary?
+ # TODO: do this only for ro-filesystem
+ # TODO: this way of mounting is evil
+ if mountpoint -q "$MNT_PARENT"
+ then true
+ else mount -t tmpfs tmpfs "$MNT_PARENT"
+ fi
+ true
;;
services-down )
# this action is called as root - so we are allowed to umount
- umount "$MNT_PARENT"
+ mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT"
# TODO: we should not depend on samba and thttpd
# /etc/init.d/samba stop || true
# /etc/init.d/thttpd stop || true
@@ -545,7 +544,7 @@ case "$ACTION" in
log_msg "Cleaning the CryptoBox ..."
turn_off_all_crypto
"$0" config-down
- box_purge
+ box_purge >>"$LOG_FILE" 2>&1
;;
poweroff )
log_msg "Turning off the CryptoBox ..."
@@ -580,7 +579,7 @@ case "$ACTION" in
echo " set_config NAME VALUE - change a configuration setting"
echo " get_config NAME - retrieve a configuration setting"
echo " diskinfo - show the partition table of the harddisk"
- echo " box-purge - destroy partitiontable of the harddisk (delete everything)"
+ echo " box-purge - destroy partitiontable of all harddisks (delete everything)"
echo " poweroff - shutdown the cryptobox"
echo " reboot - reboot the cryptobox"
echo
diff --git a/cbox-tree.d/usr/share/cryptobox/templates/nav.cs b/cbox-tree.d/usr/share/cryptobox/templates/nav.cs
index 1740e90..5528d7a 100644
--- a/cbox-tree.d/usr/share/cryptobox/templates/nav.cs
+++ b/cbox-tree.d/usr/share/cryptobox/templates/nav.cs
@@ -7,7 +7,7 @@
-
+