moved validation from cbox to the host

logging greatly improved
background problem of initialization solved
umount_crypto cleaned
automatic style importing for validation
This commit is contained in:
lars 2005-07-25 11:02:47 +00:00
parent 562048a0ed
commit fda9e3f445
128 changed files with 125 additions and 54 deletions

View File

@ -67,6 +67,9 @@ function run_dfsbuild()
{ {
[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..." [ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
dfsbuild -c "$CONFIG" -w "$BUILDDIR" dfsbuild -c "$CONFIG" -w "$BUILDDIR"
# remove iso image of dfsbuild - it is not necessary
[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
} }
@ -90,7 +93,7 @@ function qemu_boot()
cp "misc/qemu-ifup.default" "$LOCALCONF_DIR/qemu-ifup" cp "misc/qemu-ifup.default" "$LOCALCONF_DIR/qemu-ifup"
fi fi
echo "Starting qemu ..." echo "Starting qemu ..."
qemu -cdrom "$IMAGE_FILE" -m 64 -hda "$IMAGE_FILE" -boot d -n "$LOCALCONF_DIR/qemu-ifup" || true qemu -cdrom "$IMAGE_FILE" -m 96 -hda "$IMAGE_FILE" -boot d -n "$LOCALCONF_DIR/qemu-ifup" || true
# remove iptables rules # remove iptables rules
"$LOCALCONF_DIR/qemu-ifup" stop "$LOCALCONF_DIR/qemu-ifup" stop
} }

View File

@ -11,15 +11,11 @@ LANGUAGE_DIR=/usr/share/cryptobox/lang
TEMPLATE_DIR=/usr/share/cryptobox/templates TEMPLATE_DIR=/usr/share/cryptobox/templates
DOC_DIR=/usr/share/doc/cryptobox/html DOC_DIR=/usr/share/doc/cryptobox/html
CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults
REPORT_DIR=/var/www/report
CONFIG_DIR=/mnt/cb-etc CONFIG_DIR=/mnt/cb-etc
CRYPTO_DIR=/mnt/crypto CRYPTO_DIR=/mnt/crypto
TEST_CASES_DIR=/usr/share/cryptobox/test-cases
SUMMARY_TEMPLATE_DIR=/usr/share/cryptobox/templates/test-summary
# some files # some files
CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh CB_SCRIPT=/usr/lib/cryptobox/cbox-manage.sh
VALIDATE_SCRIPT=/usr/lib/cryptobox/validate.sh
DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh

View File

@ -1,13 +1,14 @@
#!/bin/sh #!/bin/sh
# #
# this script looks for the file /DEVELOPMENT_CRYPTOBOX # this script looks for the devel-features.sh script
# if it exists, the script $DEVEL_SCRIPT be executed - this is # if it exists, it will be executed - this is
# ONLY FOR DEVELOPMENT CDs! # ONLY FOR DEVELOPMENT CDs!
# for production CD the file /DEVELOPMENT_CRYPTOBOX should never exist! # for release CDs the file devel-features.sh script should never exist!
# #
set -eu set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf . /etc/cryptobox/cryptobox.conf
# return, if it does not exist # return, if it does not exist

View File

@ -2,6 +2,7 @@
set -eu set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf . /etc/cryptobox/cryptobox.conf
ACTION=help ACTION=help

View File

@ -2,6 +2,7 @@
set -eu set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf . /etc/cryptobox/cryptobox.conf
ACTION=help ACTION=help

View File

@ -2,6 +2,7 @@
set -eu set -eu
# parse config file
. /etc/cryptobox/cryptobox.conf . /etc/cryptobox/cryptobox.conf
ACTION=help ACTION=help

View File

@ -19,6 +19,16 @@ CERT_TEMP=/tmp/stunnel.pem
##### #####
log_msg()
{
# the log file is not writable during boot - try before writing ...
[ -w "$LOG_FILE" ] || return 0
echo >>"$LOG_FILE"
echo "################ `date` ####################" >>"$LOG_FILE"
echo "$1" >>"$LOG_FILE"
}
function error_msg() function error_msg()
# parameters: ExitCode ErrorMessage # parameters: ExitCode ErrorMessage
{ {
@ -33,17 +43,17 @@ function initial_checks()
# Parameter: device # Parameter: device
{ {
local device="$1" local device="$1"
[ ! -b "$device" ] && echo "blockdevice $device does not exist" && return 1 [ ! -b "$device" ] && log_msg "blockdevice $device does not exist" && return 1
## check if we have an existing configpartition ## check if we have an existing configpartition
## TODO: why this config_mount_test? ## TODO: why this config_mount_test?
# config_mount_test "$device" # config_mount_test "$device"
[ ! -x "$WIPE" ] && echo "$WIPE not found" && return 1 [ ! -x "$WIPE" ] && log_msg "$WIPE not found" && return 1
[ ! -x "$SFDISK" ] && echo "$SFDISK not found" && return 1 [ ! -x "$SFDISK" ] && log_msg "$SFDISK not found" && return 1
for a in $ALGO $HASH for a in $ALGO $HASH
do grep -q "^name *: $a$" /proc/crypto || modprobe "$a" do grep -q "^name *: $a$" /proc/crypto || modprobe "$a"
grep -q "^name *: $a$" /proc/crypto || { echo "$a is not supported by kernel" && return 1; } grep -q "^name *: $a$" /proc/crypto || { log_msg "$a is not supported by kernel" && return 1; }
done done
mount | grep -q "^$device[ 1-9] " && echo "$device is mounted" && return 1 log_msg "inital checks successful"
return 0 return 0
} }
@ -86,24 +96,29 @@ function create_config()
# Parameter: device # Parameter: device
{ {
local device="${1}1" local device="${1}1"
log_msg "Creating config filesystem ..."
$MKFS_CONFIG "$device" $MKFS_CONFIG "$device"
# mount the config partition rw # mount the config partition rw
log_msg "Mounting config partition ..."
mount "$device" "$CONFIG_DIR" mount "$device" "$CONFIG_DIR"
# create a marker to recognize a cryptobox partition # create a marker to recognize a cryptobox partition
date -I >"$CONFIG_MARKER" date -I >"$CONFIG_MARKER"
## write (network) interfaces log_msg "Copying configuration defaults ..."
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
# copy stunnel cert log_msg "Copying temporary cerificate file to config filesystem ..."
cp -p "$CERT_TEMP" "$CERT_FILE" cp -p "$CERT_TEMP" "$CERT_FILE"
log_msg "Setting inital values ..."
# beware: config_set_value remounts the config partition read-only # beware: config_set_value remounts the config partition read-only
config_set_value "device" "$1" config_set_value "device" "$1"
config_set_value "ip" "$(get_current_ip)" config_set_value "ip" "$(get_current_ip)"
# reinitialise configuration # reinitialise configuration
log_msg "Unmounting config partition ..."
umount "$CONFIG_DIR" umount "$CONFIG_DIR"
log_msg "Reload configuration ..."
mount_config mount_config
} }
@ -164,6 +179,8 @@ function is_crypto_mounted()
function is_init_running() function is_init_running()
{ {
ps -e | grep -q -E "$MKFS_DATA|$WIPE" ps -e | grep -q -E "$MKFS_DATA|$WIPE"
# this line is good for the "at" stuff - see cryptobox.pl
[ -n "`at -l`" ]
} }
@ -177,7 +194,7 @@ function find_harddisk()
do grep -q " `basename $a`$" /proc/partitions && echo "$a" && break do grep -q " `basename $a`$" /proc/partitions && echo "$a" && break
done done
fi ) fi )
[ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$ERROR_LOG" [ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$LOG_FILE"
echo -n "$dev" echo -n "$dev"
} }
@ -187,14 +204,14 @@ function mount_config()
is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!" is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!"
local device=$( local device=$(
for a in $SCAN_DEVICES for a in $SCAN_DEVICES
do echo "Trying to load configuration from $a ..." >&2 do log_msg "Trying to load configuration from $a ..."
config_mount_test "$a" && echo "$a" && break config_mount_test "$a" && echo "$a" && break
done ) done )
if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR" if [ -n "$device" ] && mount "${device}1" "$CONFIG_DIR"
then echo "configuraton found on $device" >&2 then log_msg "configuraton found on $device"
config_set_value "device" "$device" config_set_value "device" "$device"
return 0 return 0
else echo "failed to locate harddisk" >&2 else log_msg "failed to locate harddisk"
return 1 return 1
fi fi
} }
@ -206,10 +223,13 @@ function mount_crypto()
local device=`find_harddisk` local device=`find_harddisk`
[ -z "$device" ] && error_msg 4 'no valid harddisk found!' [ -z "$device" ] && error_msg 4 'no valid harddisk found!'
# passphrase is read from stdin # passphrase is read from stdin
log_msg "Mounting crypto partition ..."
$CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2" $CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2"
if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR" if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
then /etc/init.d/samba start then log_msg "Mount succeded - now starting samba ..."
else dmsetup remove $(basename $CRYPTMAPPER_DEV) /etc/init.d/samba start
else log_msg "Mount failed - removing dev-mapper ..."
dmsetup remove $(basename $CRYPTMAPPER_DEV)
return 1 return 1
fi fi
} }
@ -219,13 +239,22 @@ function umount_crypto()
{ {
# do not break on error # do not break on error
set +e set +e
/etc/init.d/samba stop if ps -e | grep -q " [sn]mbd$"
ps -e | grep -q " smbd$" && killall smbd then log_msg "Stopping samba ..."
ps -e | grep -q " nmbd$" && killall nmbd /etc/init.d/samba stop
ps -e | grep -q " smbd$" && killall -9 smbd ps -e | grep -q " smbd$" && killall smbd
ps -e | grep -q " nmbd$" && killall -9 nmbd ps -e | grep -q " nmbd$" && killall nmbd
umount "$CRYPTO_DIR" ps -e | grep -q " smbd$" && killall -9 smbd
$CRYPTSETUP remove $(basename $CRYPTMAPPER_DEV) ps -e | grep -q " nmbd$" && killall -9 nmbd
fi
if mount | grep -q " $CRYPTO_DIR "
then log_msg "Unmounting crypto partition ..."
umount "$CRYPTO_DIR"
fi
if [ -e "$CRYPTMAPPER_DEV" ]
then log_msg "Removing dev-mapper ..."
$CRYPTSETUP remove $(basename $CRYPTMAPPER_DEV)
fi
set -e set -e
} }
@ -233,13 +262,19 @@ function umount_crypto()
function init_cryptobox_part1() function init_cryptobox_part1()
# this is only the first part of initialisation that takes no time - good for a smooth web interface # this is only the first part of initialisation that takes no time - good for a smooth web interface
{ {
umount_crypto || true
umount "$CONFIG_DIR" || true
local device=`find_harddisk` local device=`find_harddisk`
[ -z "$device" ] && error_msg 4 'no valid harddisk found!' [ -z "$device" ] && log_msg 'no valid harddisk found!' && return 1
initial_checks "$device" || error_msg 5 "Failure during initialisation - bye, bye" (
create_partitions "$device" log_msg "Initializing crypto partition on $device ..."
create_config "$device" umount_crypto || true
mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true
initial_checks "$device" || return 1
create_partitions "$device"
create_config "$device"
) >>"$LOG_FILE" 2>&1
# the output of create_crypto may NOT be redirected - this would prevent cryptsetup from
# reading the passphrase from stdin
log_msg "Creating the crypto partition ..."
create_crypto "$device" create_crypto "$device"
} }
@ -282,13 +317,15 @@ case "$ACTION" in
fi fi
;; ;;
config-down ) config-down )
umount "$CONFIG_DIR" mount | grep -q " $CONFIG_DIR" && umount "$CONFIG_DIR"
;; ;;
network-up ) network-up )
kudzu -s -q --class network kudzu -s -q --class network
conf_ip=$(config_get_value "ip") conf_ip=$(config_get_value "ip")
ifconfig $NET_IFACE "$conf_ip" ifconfig $NET_IFACE "$conf_ip"
log_msg "Configured $NET_IFACE for $conf_ip ..."
echo "Configured network interface for $NET_IFACE: $conf_ip" echo "Configured network interface for $NET_IFACE: $conf_ip"
log_msg "Starting the firewall ..."
$FIREWALL_SCRIPT start $FIREWALL_SCRIPT start
# start stunnel # start stunnel
if [ -f "$CERT_FILE" ] if [ -f "$CERT_FILE" ]
@ -296,6 +333,7 @@ case "$ACTION" in
else USE_CERT=$CERT_TEMP else USE_CERT=$CERT_TEMP
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1 $MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
fi fi
log_msg "Starting stunnel ..."
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \ stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|| echo "$USE_CERT not found - not starting stunnel" || echo "$USE_CERT not found - not starting stunnel"
# this ping allows other hosts to get the IP of # this ping allows other hosts to get the IP of
@ -303,8 +341,11 @@ case "$ACTION" in
ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null
;; ;;
network-down ) network-down )
log_msg "Stopping the firewall ..."
$FIREWALL_SCRIPT stop $FIREWALL_SCRIPT stop
log_msg "Stopping stunnel ..."
killall stunnel killall stunnel
log_msg "Shutting the network interface down ..."
ifconfig $NET_IFACE down ifconfig $NET_IFACE down
;; ;;
services-up ) services-up )
@ -323,14 +364,12 @@ case "$ACTION" in
# this is nice for the web interface, as it is fast # this is nice for the web interface, as it is fast
# output redirection does not work, as it prevents cryptsetup from asking # output redirection does not work, as it prevents cryptsetup from asking
# for a password # for a password
init_cryptobox_part1 >>"$LOG_FILE" 2>&1 init_cryptobox_part1
;; ;;
box-init-bg ) box-init-bg )
# do it in the background to provide a smoother web interface # do it in the background to provide a smoother web interface
# messages and errors get written to $LOG_FILE # messages and errors get written to $LOG_FILE
# the 'exec' output redirection does not work, if called by a cgi, so init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
# redirect it as usual
init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1 &
;; ;;
is_crypto_mounted ) is_crypto_mounted )
is_crypto_mounted is_crypto_mounted

View File

@ -25,8 +25,10 @@
</div> </div>
<div id="content"> <div id="content">
<?cs if:Data.Redirect.URL ?>
<div id="menu"> <div id="menu">
<?cs include:TemplateDir + '/nav.cs' ?> <?cs include:TemplateDir + '/nav.cs' ?>
</div> </div>
<?cs /if ?>
<div id="words"> <div id="words">

View File

@ -85,6 +85,14 @@ sub get_available_languages()
} }
sub log_msg()
{
my $text = shift;
# TODO: improve or remove!
system("echo $text >>$LOG_FILE");
}
sub check_ssl sub check_ssl
{ {
# BEWARE: dirty trick - is there a better way? # BEWARE: dirty trick - is there a better way?
@ -179,11 +187,8 @@ sub box_init
print PW_INPUT $pw; print PW_INPUT $pw;
close(PW_INPUT); close(PW_INPUT);
# wipe and mkfs takes some time # wipe and mkfs takes some time - it will be done in background
my $output = `$CB_SCRIPT box-init-bg`; system("echo $CB_SCRIPT box-init-bg | at now + 1 minutes >>$LOG_FILE 2>&1");
# TODO: "output" has to get filtered through something like "s/$/<br>/" - in perl, please!
$pagedata->setValue('Data.ProgOutput',"$output") if ($output);
} }

View File

@ -145,6 +145,7 @@ ramdisk_files = /etc/resolv.conf
/var/lib/misc /var/lib/misc
/var/lib/urandom /var/lib/urandom
/etc/hotpug /etc/hotpug
/var/spool/cron
# Directories to create on live fs # Directories to create on live fs
makedirs = /root/.elinks makedirs = /root/.elinks

Some files were not shown because too many files have changed in this diff Show More