bugfixes all over
This commit is contained in:
parent
0d9534c8aa
commit
ea8dc17a17
|
@ -10,8 +10,7 @@ CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||||
if [ -e "$CONF_FILE" ]
|
if [ -e "$CONF_FILE" ]
|
||||||
then . "$CONF_FILE"
|
then . "$CONF_FILE"
|
||||||
# create mount and config directories with appropriate permissions
|
# create mount and config directories with appropriate permissions
|
||||||
[ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT" && \
|
[ ! -e "$MNT_PARENT" ] && mkdir -p "$MNT_PARENT"
|
||||||
chown "$WEB_USER" "$MNT_PARENT" && chmod 700 "$MNT_PARENT"
|
|
||||||
[ ! -e "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR" && \
|
[ ! -e "$CONFIG_DIR" ] && mkdir -p "$CONFIG_DIR" && \
|
||||||
chown "$WEB_USER" "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR"
|
chown "$WEB_USER" "$CONFIG_DIR" && chmod 700 "$CONFIG_DIR"
|
||||||
[ ! -e "$LOG_FILE" ] && touch "$LOG_FILE" && chown "$WEB_USER" "$LOG_FILE"
|
[ ! -e "$LOG_FILE" ] && touch "$LOG_FILE" && chown "$WEB_USER" "$LOG_FILE"
|
||||||
|
|
|
@ -5,7 +5,8 @@ LANGUAGE=en
|
||||||
NET_IFACE=eth0
|
NET_IFACE=eth0
|
||||||
FILE_USER=cryptobox-data
|
FILE_USER=cryptobox-data
|
||||||
WEB_USER=www-data
|
WEB_USER=www-data
|
||||||
SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
|
SCAN_DEVICES="sda"
|
||||||
|
#SCAN_DEVICES="hda hdb hdc hdd hde hdf hdg scd sg sda sdb sdc sdd"
|
||||||
|
|
||||||
# set this to "1" to create a dedicated configuration partition (very small)
|
# set this to "1" to create a dedicated configuration partition (very small)
|
||||||
# this should only be necessary, if your root filesystem is read-only (as for a live-cd)
|
# this should only be necessary, if your root filesystem is read-only (as for a live-cd)
|
||||||
|
|
|
@ -48,7 +48,7 @@ case "$1" in
|
||||||
if [ ! -e "$DEV_FEATURES_SCRIPT" ]; then
|
if [ ! -e "$DEV_FEATURES_SCRIPT" ]; then
|
||||||
echo
|
echo
|
||||||
echo "How to use the CryptoBox:"
|
echo "How to use the CryptoBox:"
|
||||||
echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)'"
|
echo " * point a webbrowser from another computer to 'http://$(/usr/lib/cryptobox/cbox-manage.sh get_current_ip)/cryptobox'"
|
||||||
echo " * configure your CryptoBox via a webbrowser"
|
echo " * configure your CryptoBox via a webbrowser"
|
||||||
echo
|
echo
|
||||||
else
|
else
|
||||||
|
@ -68,9 +68,9 @@ case "$1" in
|
||||||
# exit if not running
|
# exit if not running
|
||||||
"$0" status || exit 0
|
"$0" status || exit 0
|
||||||
# shut down
|
# shut down
|
||||||
"$CB_SCRIPT" services-up
|
"$CB_SCRIPT" services-down
|
||||||
"$CB_SCRIPT" network-up
|
"$CB_SCRIPT" network-down
|
||||||
"$CB_SCRIPT" config-up
|
"$CB_SCRIPT" config-down
|
||||||
;;
|
;;
|
||||||
restart | reload | force-reload )
|
restart | reload | force-reload )
|
||||||
$0 stop
|
$0 stop
|
||||||
|
|
|
@ -404,7 +404,7 @@ if ( ! &check_ssl()) {
|
||||||
if ($query->param('type') eq 'reboot') {
|
if ($query->param('type') eq 'reboot') {
|
||||||
&system_reboot();
|
&system_reboot();
|
||||||
$pagedata->setValue('Data.Success', 'ReBoot');
|
$pagedata->setValue('Data.Success', 'ReBoot');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "180");
|
$pagedata->setValue('Data.Redirect.Delay', "180");
|
||||||
} else {
|
} else {
|
||||||
&system_poweroff();
|
&system_poweroff();
|
||||||
|
@ -441,7 +441,7 @@ if ( ! &check_ssl()) {
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Success', 'UmountDone');
|
$pagedata->setValue('Data.Success', 'UmountDone');
|
||||||
$pagedata->setValue('Data.Action', 'empty');
|
$pagedata->setValue('Data.Action', 'empty');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -459,7 +459,7 @@ if ( ! &check_ssl()) {
|
||||||
} elsif (&check_mounted()) {
|
} elsif (&check_mounted()) {
|
||||||
$pagedata->setValue('Data.Warning', 'IsMounted');
|
$pagedata->setValue('Data.Warning', 'IsMounted');
|
||||||
$pagedata->setValue('Data.Action', 'empty');
|
$pagedata->setValue('Data.Action', 'empty');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
} elsif ($query->param('crypto_password') eq '') {
|
} elsif ($query->param('crypto_password') eq '') {
|
||||||
# leeres Passwort
|
# leeres Passwort
|
||||||
|
@ -474,7 +474,7 @@ if ( ! &check_ssl()) {
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Success', 'MountDone');
|
$pagedata->setValue('Data.Success', 'MountDone');
|
||||||
$pagedata->setValue('Data.Action', 'empty');
|
$pagedata->setValue('Data.Action', 'empty');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -491,7 +491,7 @@ if ( ! &check_ssl()) {
|
||||||
} elsif (&check_mounted()) {
|
} elsif (&check_mounted()) {
|
||||||
$pagedata->setValue('Data.Warning', 'IsMounted');
|
$pagedata->setValue('Data.Warning', 'IsMounted');
|
||||||
$pagedata->setValue('Data.Action', 'empty');
|
$pagedata->setValue('Data.Action', 'empty');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Action', 'form_mount');
|
$pagedata->setValue('Data.Action', 'form_mount');
|
||||||
|
@ -504,7 +504,7 @@ if ( ! &check_ssl()) {
|
||||||
} elsif ( ! &check_mounted()) {
|
} elsif ( ! &check_mounted()) {
|
||||||
$pagedata->setValue('Data.Warning', 'NotMounted');
|
$pagedata->setValue('Data.Warning', 'NotMounted');
|
||||||
$pagedata->setValue('Data.Action', 'empty');
|
$pagedata->setValue('Data.Action', 'empty');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Action', 'form_umount');
|
$pagedata->setValue('Data.Action', 'form_umount');
|
||||||
|
@ -606,13 +606,13 @@ if ( ! &check_ssl()) {
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
$pagedata->setValue('Data.Success', 'ConfigSaved');
|
||||||
}
|
}
|
||||||
$pagedata->setValue('Data.Action', 'status');
|
$pagedata->setValue('Data.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#################### status #########################
|
#################### status #########################
|
||||||
} elsif ($action eq 'status') {
|
} elsif ($action eq 'show_status') {
|
||||||
if ( ! &check_config()) {
|
if ( ! &check_config()) {
|
||||||
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
||||||
$pagedata->setValue('Data.Action', 'form_init');
|
$pagedata->setValue('Data.Action', 'form_init');
|
||||||
|
@ -622,8 +622,8 @@ if ( ! &check_ssl()) {
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "30");
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Action', 'status');
|
$pagedata->setValue('Data.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "60");
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
||||||
}
|
}
|
||||||
################### box_purge #######################
|
################### box_purge #######################
|
||||||
|
@ -655,8 +655,8 @@ if ( ! &check_ssl()) {
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "60");
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
||||||
} elsif (&check_config()) {
|
} elsif (&check_config()) {
|
||||||
$pagedata->setValue('Data.Action', 'status');
|
$pagedata->setValue('Data.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Action', 'status');
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
||||||
$pagedata->setValue('Data.Redirect.Delay', "60");
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
||||||
} else {
|
} else {
|
||||||
$pagedata->setValue('Data.Action', 'form_init');
|
$pagedata->setValue('Data.Action', 'form_init');
|
||||||
|
|
|
@ -110,8 +110,9 @@ function create_config()
|
||||||
# Parameter: device
|
# Parameter: device
|
||||||
{
|
{
|
||||||
local device=$1
|
local device=$1
|
||||||
|
unload_config
|
||||||
# create the new configuration filesystem if it is not static
|
# create the new configuration filesystem if it is not static
|
||||||
if is_config_active || [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
||||||
then log_msg "Using static configuration ..."
|
then log_msg "Using static configuration ..."
|
||||||
else log_msg "Creating config filesystem ..."
|
else log_msg "Creating config filesystem ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
|
sudo "$ROOT_PERM_SCRIPT" create_config "$device"
|
||||||
|
@ -163,17 +164,9 @@ function list_partitions_of_type()
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
case "$1" in
|
case "$1" in
|
||||||
config )
|
config | crypto | plaindata | unused )
|
||||||
echo "$config"
|
# dirty hack, but it works
|
||||||
;;
|
eval "echo \$$1"
|
||||||
crypto )
|
|
||||||
echo "$crypto"
|
|
||||||
;;
|
|
||||||
plaindata )
|
|
||||||
echo "$plaindata"
|
|
||||||
;;
|
|
||||||
unused )
|
|
||||||
echo "$unused"
|
|
||||||
;;
|
;;
|
||||||
* )
|
* )
|
||||||
errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)"
|
errot_msg "wrong parameter ($1) for list_partition_types in $(basename $0)"
|
||||||
|
@ -303,27 +296,30 @@ function get_available_disks()
|
||||||
|
|
||||||
function load_config()
|
function load_config()
|
||||||
{
|
{
|
||||||
# error if dynamic configuration is active
|
unload_config
|
||||||
# return if static configuration is active
|
local status=0
|
||||||
is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ] && return
|
|
||||||
# look for a configuration partition
|
# look for a configuration partition
|
||||||
list_partitions_of_type config | head -1 | while read part
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
||||||
do log_msg "Trying to load configuration from /dev/$part ..."
|
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
||||||
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
do log_msg "Trying to load configuration from /dev/$part ..."
|
||||||
then log_msg "configuraton found on $part"
|
if sudo "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$part"
|
||||||
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
then log_msg "configuraton found on $part"
|
||||||
# copy certificate to /tmp in case of re-initialization
|
sudo "$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
||||||
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
status=1
|
||||||
[ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
|
fi
|
||||||
return
|
done
|
||||||
fi
|
if is_config_active
|
||||||
done
|
then # copy certificate to /tmp in case of re-initialization
|
||||||
log_msg "failed to locate config partition"
|
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
||||||
return 1
|
[ "$USE_STUNNEL" = 1 ] && cp "$CERT_FILE" "$CERT_TEMP"
|
||||||
|
else log_msg "failed to locate config partition"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function umount_config()
|
function unload_config()
|
||||||
{
|
{
|
||||||
is_config_active || return
|
is_config_active || return
|
||||||
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
||||||
|
@ -362,7 +358,7 @@ function box_purge()
|
||||||
# TODO: not ALL harddisks, please!
|
# TODO: not ALL harddisks, please!
|
||||||
get_available_disks | while read a
|
get_available_disks | while read a
|
||||||
do log_msg "Purging $a ..."
|
do log_msg "Purging $a ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" trash_device "$a" >>"$LOG_FILE" 2>&1
|
sudo "$ROOT_PERM_SCRIPT" trash_device "$a"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -373,7 +369,7 @@ function init_cryptobox()
|
||||||
local device=$(find_harddisk)
|
local device=$(find_harddisk)
|
||||||
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
||||||
turn_off_all_crypto
|
turn_off_all_crypto
|
||||||
is_config_active && umount_config || true
|
unload_config || true
|
||||||
log_msg "Partitioning the device ($device) ..."
|
log_msg "Partitioning the device ($device) ..."
|
||||||
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
sudo "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
||||||
log_msg "Initializing config partition on ${device}1 ..."
|
log_msg "Initializing config partition on ${device}1 ..."
|
||||||
|
@ -407,13 +403,10 @@ case "$ACTION" in
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
config-down )
|
config-down )
|
||||||
if is_config_active && [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
unload_config || error_msg 4 "Could not unmount configuration partition"
|
||||||
then umount_config || error_msg 4 "Could not unmount configuration partition"
|
|
||||||
else true
|
|
||||||
fi
|
|
||||||
;;
|
;;
|
||||||
network-up )
|
network-up )
|
||||||
if [ "$SKIP_NETWORK_CONFIG}" != 1 ]
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||||
then conf_ip=$(config_get_value "ip")
|
then conf_ip=$(config_get_value "ip")
|
||||||
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
||||||
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
||||||
|
@ -445,7 +438,8 @@ case "$ACTION" in
|
||||||
fi
|
fi
|
||||||
if [ "$USE_STUNNEL" = 1 ]
|
if [ "$USE_STUNNEL" = 1 ]
|
||||||
then log_msg "Stopping stunnel ..."
|
then log_msg "Stopping stunnel ..."
|
||||||
killall stunnel
|
# TODO: what about a pid?
|
||||||
|
killall stunnel 2>/dev/null || true
|
||||||
fi
|
fi
|
||||||
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
||||||
then log_msg "Shutting the network interface down ..."
|
then log_msg "Shutting the network interface down ..."
|
||||||
|
@ -455,12 +449,17 @@ case "$ACTION" in
|
||||||
services-up )
|
services-up )
|
||||||
# the mount point has to be writeable
|
# the mount point has to be writeable
|
||||||
# this action is called as root - so we are allowed to umount
|
# this action is called as root - so we are allowed to umount
|
||||||
mount -t tmpfs tmpfs "$MNT_PARENT"
|
# TODO: do this only for ro-filesystem
|
||||||
# is something special necessary?
|
# TODO: this way of mounting is evil
|
||||||
|
if mountpoint -q "$MNT_PARENT"
|
||||||
|
then true
|
||||||
|
else mount -t tmpfs tmpfs "$MNT_PARENT"
|
||||||
|
fi
|
||||||
|
true
|
||||||
;;
|
;;
|
||||||
services-down )
|
services-down )
|
||||||
# this action is called as root - so we are allowed to umount
|
# this action is called as root - so we are allowed to umount
|
||||||
umount "$MNT_PARENT"
|
mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT"
|
||||||
# TODO: we should not depend on samba and thttpd
|
# TODO: we should not depend on samba and thttpd
|
||||||
# /etc/init.d/samba stop || true
|
# /etc/init.d/samba stop || true
|
||||||
# /etc/init.d/thttpd stop || true
|
# /etc/init.d/thttpd stop || true
|
||||||
|
@ -545,7 +544,7 @@ case "$ACTION" in
|
||||||
log_msg "Cleaning the CryptoBox ..."
|
log_msg "Cleaning the CryptoBox ..."
|
||||||
turn_off_all_crypto
|
turn_off_all_crypto
|
||||||
"$0" config-down
|
"$0" config-down
|
||||||
box_purge
|
box_purge >>"$LOG_FILE" 2>&1
|
||||||
;;
|
;;
|
||||||
poweroff )
|
poweroff )
|
||||||
log_msg "Turning off the CryptoBox ..."
|
log_msg "Turning off the CryptoBox ..."
|
||||||
|
@ -580,7 +579,7 @@ case "$ACTION" in
|
||||||
echo " set_config NAME VALUE - change a configuration setting"
|
echo " set_config NAME VALUE - change a configuration setting"
|
||||||
echo " get_config NAME - retrieve a configuration setting"
|
echo " get_config NAME - retrieve a configuration setting"
|
||||||
echo " diskinfo - show the partition table of the harddisk"
|
echo " diskinfo - show the partition table of the harddisk"
|
||||||
echo " box-purge - destroy partitiontable of the harddisk (delete everything)"
|
echo " box-purge - destroy partitiontable of all harddisks (delete everything)"
|
||||||
echo " poweroff - shutdown the cryptobox"
|
echo " poweroff - shutdown the cryptobox"
|
||||||
echo " reboot - reboot the cryptobox"
|
echo " reboot - reboot the cryptobox"
|
||||||
echo
|
echo
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
<?cs else ?>
|
<?cs else ?>
|
||||||
<a href="<?cs call:getSelfURL('action=mount_ask','action') ?>" title="<?cs var:Lang.Text.DoMount ?>"><?cs var:Lang.Button.Mount ?></a>
|
<a href="<?cs call:getSelfURL('action=mount_ask','action') ?>" title="<?cs var:Lang.Text.DoMount ?>"><?cs var:Lang.Button.Mount ?></a>
|
||||||
<?cs /if ?>
|
<?cs /if ?>
|
||||||
<a href="<?cs call:getSelfURL('action=status','action') ?>" title="<?cs var:Lang.Button.Status ?>"><?cs var:Lang.Button.Status ?></a>
|
<a href="<?cs call:getSelfURL('action=show_status','action') ?>" title="<?cs var:Lang.Button.Status ?>"><?cs var:Lang.Button.Status ?></a>
|
||||||
<?cs /if ?>
|
<?cs /if ?>
|
||||||
|
|
||||||
<!-- already initialized (or at least in progress)? -->
|
<!-- already initialized (or at least in progress)? -->
|
||||||
|
|
Loading…
Reference in a new issue