|
|
|
|
@ -21,7 +21,6 @@ set -eu
|
|
|
|
|
. /etc/cryptobox/cryptobox.conf
|
|
|
|
|
|
|
|
|
|
## configuration
|
|
|
|
|
CONFIG_MARKER="$CONFIG_DIR/cryptobox.marker"
|
|
|
|
|
CERT_TEMP=/tmp/stunnel.pem
|
|
|
|
|
|
|
|
|
|
######## stuff ##########
|
|
|
|
|
@ -66,12 +65,12 @@ function config_set_value()
|
|
|
|
|
# parameters: SettingName [SettingValue]
|
|
|
|
|
# read from stdin if SettingValue is not defined
|
|
|
|
|
{
|
|
|
|
|
mount -o rw,remount "$CONFIG_DIR"
|
|
|
|
|
mountpoint -q "$CONFIG_DIR" && mount -o rw,remount "$CONFIG_DIR"
|
|
|
|
|
if [ $# -gt 1 ]
|
|
|
|
|
then echo -n "$2" > "$CONFIG_DIR/$1"
|
|
|
|
|
else cat - >"$CONFIG_DIR/$1"
|
|
|
|
|
fi
|
|
|
|
|
mount -o ro,remount "$CONFIG_DIR"
|
|
|
|
|
mountpoint -q "$CONFIG_DIR" && mount -o ro,remount "$CONFIG_DIR"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -107,14 +106,18 @@ function create_config()
|
|
|
|
|
# Parameter: device
|
|
|
|
|
{
|
|
|
|
|
local device="$1"
|
|
|
|
|
log_msg "Creating config filesystem ..."
|
|
|
|
|
# filter output through 'tr' to replace tabs
|
|
|
|
|
$MKFS_CONFIG "$device" | tr '\010' ' '
|
|
|
|
|
# mount the config partition rw
|
|
|
|
|
log_msg "Mounting config partition ..."
|
|
|
|
|
mount "$device" "$CONFIG_DIR"
|
|
|
|
|
# create the new configuration filesystem if it is not static
|
|
|
|
|
if is_config_mounted
|
|
|
|
|
then log_msg "Using static configuration ..."
|
|
|
|
|
else log_msg "Creating config filesystem ..."
|
|
|
|
|
# filter output through 'tr' to replace tabs
|
|
|
|
|
$MKFS_CONFIG "$device" | tr '\010' ' '
|
|
|
|
|
# mount the config partition rw
|
|
|
|
|
log_msg "Mounting config partition ..."
|
|
|
|
|
mount "$device" "$CONFIG_DIR"
|
|
|
|
|
fi
|
|
|
|
|
# create a marker to recognize a cryptobox partition
|
|
|
|
|
date -I >"$CONFIG_MARKER"
|
|
|
|
|
date -I >"$CONFIG_DIR/$CONFIG_MARKER"
|
|
|
|
|
log_msg "Copying configuration defaults ..."
|
|
|
|
|
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
|
|
|
|
|
|
|
|
|
@ -122,17 +125,15 @@ function create_config()
|
|
|
|
|
# beware: the temp file should always be there - even after reboot - see "mount_config"
|
|
|
|
|
cp -p "$CERT_TEMP" "$CERT_FILE"
|
|
|
|
|
|
|
|
|
|
# create database of readable names
|
|
|
|
|
touch "$CONFIG_DIR/names.db"
|
|
|
|
|
|
|
|
|
|
log_msg "Setting inital values ..."
|
|
|
|
|
# beware: config_set_value remounts the config partition read-only
|
|
|
|
|
config_set_value "device" "$device"
|
|
|
|
|
config_set_value "ip" "$(get_current_ip)"
|
|
|
|
|
# create database of readable names
|
|
|
|
|
config_set_value "names.db" ""
|
|
|
|
|
|
|
|
|
|
# reinitialise configuration
|
|
|
|
|
log_msg "Unmounting config partition ..."
|
|
|
|
|
umount "$CONFIG_DIR"
|
|
|
|
|
umount_config
|
|
|
|
|
log_msg "Reload configuration ..."
|
|
|
|
|
mount_config
|
|
|
|
|
}
|
|
|
|
|
@ -149,7 +150,7 @@ function get_current_ip()
|
|
|
|
|
function list_crypto_containers()
|
|
|
|
|
{
|
|
|
|
|
for a in $ALL_PARTITIONS
|
|
|
|
|
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
|
|
|
|
|
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null && echo "/dev/$a"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -157,16 +158,15 @@ function list_crypto_containers()
|
|
|
|
|
function list_unused_partitions()
|
|
|
|
|
{
|
|
|
|
|
for a in $ALL_PARTITIONS
|
|
|
|
|
do $CRYPTSETUP isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
|
|
|
|
|
done | grep -v "$(config_get_value device)1"
|
|
|
|
|
# replace the config_get_value by a sub, that returns the config partition
|
|
|
|
|
do "$CRYPTSETUP" isLuks "/dev/$a" 2>/dev/null || echo "/dev/$a"
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function get_crypto_uuid()
|
|
|
|
|
# Parameter: DEVICE
|
|
|
|
|
{
|
|
|
|
|
$CRYPTSETUP luksUUID "$1"
|
|
|
|
|
"$CRYPTSETUP" luksUUID "$1"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -240,7 +240,7 @@ function config_mount_test()
|
|
|
|
|
{
|
|
|
|
|
local device=$1
|
|
|
|
|
local STATUS=0
|
|
|
|
|
mount "${device}1" "$CONFIG_DIR" &>/dev/null || true
|
|
|
|
|
mount "${device}" "$CONFIG_DIR" &>/dev/null || true
|
|
|
|
|
is_config_mounted && STATUS=1
|
|
|
|
|
umount "$CONFIG_DIR" &>/dev/null || true
|
|
|
|
|
# return code is the result of this expression
|
|
|
|
|
@ -250,7 +250,7 @@ function config_mount_test()
|
|
|
|
|
|
|
|
|
|
function is_config_mounted()
|
|
|
|
|
{
|
|
|
|
|
mount | grep -q " $CONFIG_DIR " && [ -f "$CONFIG_MARKER" ]
|
|
|
|
|
test -f "$CONFIG_DIR/$CONFIG_MARKER"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -285,11 +285,7 @@ function check_at_command_queue()
|
|
|
|
|
function find_harddisk()
|
|
|
|
|
# look for the harddisk to be partitioned
|
|
|
|
|
{
|
|
|
|
|
local device
|
|
|
|
|
if is_config_mounted
|
|
|
|
|
then device=$(config_get_value "device")
|
|
|
|
|
else device=$(get_available_disks | head -1)
|
|
|
|
|
fi
|
|
|
|
|
local device=$(get_available_disks | head -1)
|
|
|
|
|
if [ -z "$device" ] ; then
|
|
|
|
|
log_msg "no valid harddisk for initialisation found!"
|
|
|
|
|
cat /proc/partitions >>"$LOG_FILE"
|
|
|
|
|
@ -313,22 +309,39 @@ function get_available_disks()
|
|
|
|
|
|
|
|
|
|
function mount_config()
|
|
|
|
|
{
|
|
|
|
|
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
|
|
|
|
|
local device=$(
|
|
|
|
|
for a in $SCAN_DEVICES
|
|
|
|
|
do log_msg "Trying to load configuration from $a ..."
|
|
|
|
|
config_mount_test "$a" && echo "$a" && break
|
|
|
|
|
done )
|
|
|
|
|
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
|
|
|
|
|
then log_msg "configuraton found on $device"
|
|
|
|
|
config_set_value "device" "$device"
|
|
|
|
|
# copy certificate to /tmp in case of re-initialization
|
|
|
|
|
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
|
|
|
|
cp "$CERT_FILE" "$CERT_TEMP"
|
|
|
|
|
return 0
|
|
|
|
|
else log_msg "failed to locate harddisk"
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
# error if dynamic configuration is active
|
|
|
|
|
# return if static configuration is active
|
|
|
|
|
if is_config_mounted && mountpoint -q "$CONFIG_DIR"
|
|
|
|
|
then error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
|
|
|
|
|
else is_config_mounted && return
|
|
|
|
|
fi
|
|
|
|
|
# look for a configuration partition
|
|
|
|
|
# modify all scan_devices to get regular expressions like "^hda[0-9]*$"
|
|
|
|
|
local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/')
|
|
|
|
|
echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part
|
|
|
|
|
do log_msg "Trying to load configuration from $part ..."
|
|
|
|
|
if config_mount_test "$part"
|
|
|
|
|
then log_msg "configuraton found on $part"
|
|
|
|
|
mount "$part" "$CONFIG_DIR"
|
|
|
|
|
# copy certificate to /tmp in case of re-initialization
|
|
|
|
|
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
|
|
|
|
cp "$CERT_FILE" "$CERT_TEMP"
|
|
|
|
|
return
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
log_msg "failed to locate config partition"
|
|
|
|
|
return 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function umount_config()
|
|
|
|
|
{
|
|
|
|
|
is_config_mounted || return
|
|
|
|
|
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
|
|
|
|
if mountpoint -q "$CONFIG_DIR"
|
|
|
|
|
then umount "$CONFIG_DIR"
|
|
|
|
|
else true
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -372,7 +385,7 @@ function umount_crypto()
|
|
|
|
|
fi
|
|
|
|
|
local uuid=$(get_crypto_uuid $device)
|
|
|
|
|
local name=$(get_crypto_name $device)
|
|
|
|
|
if mount | grep -q " $MNT_PARENT/$name "
|
|
|
|
|
if mountpoint -q "$MNT_PARENT/$name"
|
|
|
|
|
then log_msg "Unmounting crypto partition ..."
|
|
|
|
|
umount "$MNT_PARENT/$name"
|
|
|
|
|
rmdir "$MNT_PARENT/$name"
|
|
|
|
|
@ -403,9 +416,10 @@ function init_cryptobox()
|
|
|
|
|
local device=$(find_harddisk)
|
|
|
|
|
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
|
|
|
|
turn_off_all_crypto
|
|
|
|
|
mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
|
|
|
|
|
is_config_mounted && umount_config || true
|
|
|
|
|
log_msg "Initializing config partition on $device ..."
|
|
|
|
|
create_partitions "$device"
|
|
|
|
|
# TODO: this should not be hard-coded
|
|
|
|
|
create_config "${device}1"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -435,7 +449,7 @@ case "$ACTION" in
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
config-down )
|
|
|
|
|
mount | grep -q " $CONFIG_DIR$ " && umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
|
|
|
|
|
umount_config || error_msg 4 "Could not unmount configuration partition"
|
|
|
|
|
;;
|
|
|
|
|
network-up )
|
|
|
|
|
kudzu -s -q --class network
|
|
|
|
|
@ -493,7 +507,7 @@ case "$ACTION" in
|
|
|
|
|
[ $# -ne 2 ] && error_msg "invalid number of parameters for 'crypto-create'"
|
|
|
|
|
# do it in the background to provide a smoother web interface
|
|
|
|
|
# messages and errors get written to $LOG_FILE
|
|
|
|
|
keyfile=/tmp/$(basename $0)-passphrase-$(basename $1)
|
|
|
|
|
keyfile=/tmp/$(basename "$0")-passphrase-$(basename "$1")
|
|
|
|
|
# read the password
|
|
|
|
|
cat - >"$keyfile"
|
|
|
|
|
# execute it in the background
|
|
|
|
|
|
