moved validation from cbox to the host

logging greatly improved
background problem of initialization solved
umount_crypto cleaned
automatic style importing for validation
This commit is contained in:
lars 2005-07-25 11:02:47 +00:00
parent 562048a0ed
commit fda9e3f445
128 changed files with 125 additions and 54 deletions

View file

@ -67,6 +67,9 @@ function run_dfsbuild()
{
[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
dfsbuild -c "$CONFIG" -w "$BUILDDIR"
# remove iso image of dfsbuild - it is not necessary
[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
}
@ -90,7 +93,7 @@ function qemu_boot()
cp "misc/qemu-ifup.default" "$LOCALCONF_DIR/qemu-ifup"
fi
echo "Starting qemu ..."
qemu -cdrom "$IMAGE_FILE" -m 64 -hda "$IMAGE_FILE" -boot d -n "$LOCALCONF_DIR/qemu-ifup" || true
qemu -cdrom "$IMAGE_FILE" -m 96 -hda "$IMAGE_FILE" -boot d -n "$LOCALCONF_DIR/qemu-ifup" || true
# remove iptables rules
"$LOCALCONF_DIR/qemu-ifup" stop
}

View file

@ -11,15 +11,11 @@ LANGUAGE_DIR=/usr/share/cryptobox/lang
TEMPLATE_DIR=/usr/share/cryptobox/templates
DOC_DIR=/usr/share/doc/cryptobox/html
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
REPORT_DIR=/var/www/report
CONFIG_DIR=/mnt/cb-etc
CRYPTO_DIR=/mnt/crypto
TEST_CASES_DIR=/usr/share/cryptobox/test-cases
SUMMARY_TEMPLATE_DIR=/usr/share/cryptobox/templates/test-summary
# some files
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
VALIDATE_SCRIPT=/usr/lib/cryptobox/validate.sh
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh

View file

@ -1,13 +1,14 @@
#!/bin/sh
#
# this script looks for the file /DEVELOPMENT_CRYPTOBOX
# if it exists, the script $DEVEL_SCRIPT be executed - this is
# this script looks for the devel-features.sh script
# if it exists, it will be executed - this is
# ONLY FOR DEVELOPMENT CDs!
# for production CD the file /DEVELOPMENT_CRYPTOBOX should never exist!
# for release CDs the file devel-features.sh script should never exist!
#
set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf
# return, if it does not exist

View file

@ -2,6 +2,7 @@
set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf
ACTION=help

View file

@ -2,6 +2,7 @@
set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf
ACTION=help

View file

@ -2,6 +2,7 @@
set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf
ACTION=help

View file

@ -19,6 +19,16 @@ CERT_TEMP=/tmp/stunnel.pem
#####
log_msg()
{
# the log file is not writable during boot - try before writing ...
[ -w "$LOG_FILE" ] || return 0
echo >>"$LOG_FILE"
echo "################ `date` ####################" >>"$LOG_FILE"
echo "$1" >>"$LOG_FILE"
}
function error_msg()
# parameters: ExitCode ErrorMessage
{
@ -33,17 +43,17 @@ function initial_checks()
# Parameter: device
{
local device="$1"
[ ! -b "$device" ] && echo "blockdevice $device does not exist" && return 1
[ ! -b "$device" ] && log_msg "blockdevice $device does not exist" && return 1
## check if we have an existing configpartition
## TODO: why this config_mount_test?
# config_mount_test "$device"
[ ! -x "$WIPE" ] && echo "$WIPE not found" && return 1
[ ! -x "$SFDISK" ] && echo "$SFDISK not found" && return 1
[ ! -x "$WIPE" ] && log_msg "$WIPE not found" && return 1
[ ! -x "$SFDISK" ] && log_msg "$SFDISK not found" && return 1
for a in $ALGO $HASH
do grep -q "^name *: $a$" /proc/crypto || modprobe "$a"
grep -q "^name *: $a$" /proc/crypto || { echo "$a is not supported by kernel" && return 1; }
grep -q "^name *: $a$" /proc/crypto || { log_msg "$a is not supported by kernel" && return 1; }
done
mount | grep -q "^$device[ 1-9] " && echo "$device is mounted" && return 1
log_msg "inital checks successful"
return 0
}
@ -86,24 +96,29 @@ function create_config()
# Parameter: device
{
local device="${1}1"
log_msg "Creating config filesystem ..."
$MKFS_CONFIG "$device"
# mount the config partition rw
log_msg "Mounting config partition ..."
mount "$device" "$CONFIG_DIR"
# create a marker to recognize a cryptobox partition
date -I >"$CONFIG_MARKER"
## write (network) interfaces
log_msg "Copying configuration defaults ..."
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
# copy stunnel cert
log_msg "Copying temporary cerificate file to config filesystem ..."
cp -p "$CERT_TEMP" "$CERT_FILE"
log_msg "Setting inital values ..."
# beware: config_set_value remounts the config partition read-only
config_set_value "device" "$1"
config_set_value "ip" "$(get_current_ip)"
# reinitialise configuration
log_msg "Unmounting config partition ..."
umount "$CONFIG_DIR"
log_msg "Reload configuration ..."
mount_config
}
@ -164,6 +179,8 @@ function is_crypto_mounted()
function is_init_running()
{
ps -e | grep -q -E "$MKFS_DATA|$WIPE"
# this line is good for the "at" stuff - see cryptobox.pl
[ -n "`at -l`" ]
}
@ -177,7 +194,7 @@ function find_harddisk()
do grep -q " `basename $a`$" /proc/partitions && echo "$a" && break
done
fi )
[ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$ERROR_LOG"
[ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$LOG_FILE"
echo -n "$dev"
}
@ -187,14 +204,14 @@ function mount_config()
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
local device=$(
for a in $SCAN_DEVICES
do echo "Trying to load configuration from $a ..." >&2
do log_msg "Trying to load configuration from $a ..."
config_mount_test "$a" && echo "$a" && break
done )
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
then echo "configuraton found on $device" >&2
then log_msg "configuraton found on $device"
config_set_value "device" "$device"
return 0
else echo "failed to locate harddisk" >&2
else log_msg "failed to locate harddisk"
return 1
fi
}
@ -206,10 +223,13 @@ function mount_crypto()
local device=`find_harddisk`
[ -z "$device" ] && error_msg 4 'no valid harddisk found!'
# passphrase is read from stdin
log_msg "Mounting crypto partition ..."
$CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2"
if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
then /etc/init.d/samba start
else dmsetup remove $(basename $CRYPTMAPPER_DEV)
then log_msg "Mount succeded - now starting samba ..."
/etc/init.d/samba start
else log_msg "Mount failed - removing dev-mapper ..."
dmsetup remove $(basename $CRYPTMAPPER_DEV)
return 1
fi
}
@ -219,13 +239,22 @@ function umount_crypto()
{
# do not break on error
set +e
/etc/init.d/samba stop
ps -e | grep -q " smbd$" && killall smbd
ps -e | grep -q " nmbd$" && killall nmbd
ps -e | grep -q " smbd$" && killall -9 smbd
ps -e | grep -q " nmbd$" && killall -9 nmbd
umount "$CRYPTO_DIR"
$CRYPTSETUP remove $(basename $CRYPTMAPPER_DEV)
if ps -e | grep -q " [sn]mbd$"
then log_msg "Stopping samba ..."
/etc/init.d/samba stop
ps -e | grep -q " smbd$" && killall smbd
ps -e | grep -q " nmbd$" && killall nmbd
ps -e | grep -q " smbd$" && killall -9 smbd
ps -e | grep -q " nmbd$" && killall -9 nmbd
fi
if mount | grep -q " $CRYPTO_DIR "
then log_msg "Unmounting crypto partition ..."
umount "$CRYPTO_DIR"
fi
if [ -e "$CRYPTMAPPER_DEV" ]
then log_msg "Removing dev-mapper ..."
$CRYPTSETUP remove $(basename $CRYPTMAPPER_DEV)
fi
set -e
}
@ -233,13 +262,19 @@ function umount_crypto()
function init_cryptobox_part1()
# this is only the first part of initialisation that takes no time - good for a smooth web interface
{
umount_crypto || true
umount "$CONFIG_DIR" || true
local device=`find_harddisk`
[ -z "$device" ] && error_msg 4 'no valid harddisk found!'
initial_checks "$device" || error_msg 5 "Failure during initialisation - bye, bye"
create_partitions "$device"
create_config "$device"
[ -z "$device" ] && log_msg 'no valid harddisk found!' && return 1
(
log_msg "Initializing crypto partition on $device ..."
umount_crypto || true
mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
initial_checks "$device" || return 1
create_partitions "$device"
create_config "$device"
) >>"$LOG_FILE" 2>&1
# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
# reading the passphrase from stdin
log_msg "Creating the crypto partition ..."
create_crypto "$device"
}
@ -282,13 +317,15 @@ case "$ACTION" in
fi
;;
config-down )
umount "$CONFIG_DIR"
mount | grep -q " $CONFIG_DIR" && umount "$CONFIG_DIR"
;;
network-up )
kudzu -s -q --class network
conf_ip=$(config_get_value "ip")
ifconfig $NET_IFACE "$conf_ip"
log_msg "Configured $NET_IFACE for $conf_ip ..."
echo "Configured network interface for $NET_IFACE: $conf_ip"
log_msg "Starting the firewall ..."
$FIREWALL_SCRIPT start
# start stunnel
if [ -f "$CERT_FILE" ]
@ -296,6 +333,7 @@ case "$ACTION" in
else USE_CERT=$CERT_TEMP
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
fi
log_msg "Starting stunnel ..."
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|| echo "$USE_CERT not found - not starting stunnel"
# this ping allows other hosts to get the IP of
@ -303,8 +341,11 @@ case "$ACTION" in
ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null
;;
network-down )
log_msg "Stopping the firewall ..."
$FIREWALL_SCRIPT stop
log_msg "Stopping stunnel ..."
killall stunnel
log_msg "Shutting the network interface down ..."
ifconfig $NET_IFACE down
;;
services-up )
@ -323,14 +364,12 @@ case "$ACTION" in
# this is nice for the web interface, as it is fast
# output redirection does not work, as it prevents cryptsetup from asking
# for a password
init_cryptobox_part1 >>"$LOG_FILE" 2>&1
init_cryptobox_part1
;;
box-init-bg )
# do it in the background to provide a smoother web interface
# messages and errors get written to $LOG_FILE
# the 'exec' output redirection does not work, if called by a cgi, so
# redirect it as usual
init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1 &
init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
;;
is_crypto_mounted )
is_crypto_mounted

View file

@ -25,8 +25,10 @@
</div>
<div id="content">
<?cs if:Data.Redirect.URL ?>
<div id="menu">
<?cs include:TemplateDir + '/nav.cs' ?>
</div>
<?cs /if ?>
<div id="words">

View file

@ -85,6 +85,14 @@ sub get_available_languages()
}
sub log_msg()
{
my $text = shift;
# TODO: improve or remove!
system("echo $text >>$LOG_FILE");
}
sub check_ssl
{
# BEWARE: dirty trick - is there a better way?
@ -179,11 +187,8 @@ sub box_init
print PW_INPUT $pw;
close(PW_INPUT);
# wipe and mkfs takes some time
my $output = `$CB_SCRIPT box-init-bg`;
# TODO: "output" has to get filtered through something like "s/$/<br>/" - in perl, please!
$pagedata->setValue('Data.ProgOutput',"$output") if ($output);
# wipe and mkfs takes some time - it will be done in background
system("echo $CB_SCRIPT box-init-bg | at now + 1 minutes >>$LOG_FILE 2>&1");
}

View file

@ -145,6 +145,7 @@ ramdisk_files = /etc/resolv.conf
/var/lib/misc
/var/lib/urandom
/etc/hotpug
/var/spool/cron
# Directories to create on live fs
makedirs = /root/.elinks

Some files were not shown because too many files have changed in this diff Show more