cryptonas/cbox-tree.d/var/www/cgi-bin/cryptobox.pl

#!/usr/bin/perl
#
# web interface of the CryptoBox
#


###############################################

use strict;
use CGI;
use ClearSilver;
use ConfigFile;

my ($pagedata, $pagename);

my ($LANGUAGE_DIR, $LANGUAGE, $TEMPLATE_DIR, $DOC_DIR);
my ($CB_SCRIPT, $LOG_FILE, $IS_DEV);

my $config = ConfigFile::read_config_file('/etc/cryptobox/cryptobox.conf');

$CB_SCRIPT = $config->{CB_SCRIPT};
$LOG_FILE = $config->{LOG_FILE};
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
# language setting may be later overriden by "weblang"
$LANGUAGE = $config->{LANGUAGE};
$TEMPLATE_DIR = $config->{TEMPLATE_DIR};
$DOC_DIR = $config->{DOC_DIR};
$IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT});


#################### subs ######################

sub load_hdf()
{
	my $hdf = ClearSilver::HDF->new();

	my $fname = "$TEMPLATE_DIR/main.cs";
	die ("Template directory is invalid ($fname not found)!") unless (-e "$fname");
	$hdf->setValue("Settings.TemplateDir","$TEMPLATE_DIR");

	die ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR");
	$hdf->setValue("Settings.DocDir","$DOC_DIR");

	# if it was requested as directory index (link from index.html), we should
	# set a real script name - otherwise links with a query string will break
	# ignore POST part of the SCRIPT_NAME (after "&")
	(my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/;
	$hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url );

	&load_language_data($hdf, $LANGUAGE);

	&get_available_languages($hdf);

	return $hdf;
}


sub load_language_data()
# import the specified language data
# every call overrides previously loaded values
# it is sufficient to call it somewhere before "render"
{
	my $data = shift;
	my $lang = shift;
	my $fname = "$LANGUAGE_DIR/$lang" . '.hdf';
	die ("Language file ($fname) not found!") unless (-e "$fname");
	$data->readFile("$fname");
}


sub get_available_languages()
# import the names of all available languages
{
	my $data = shift;
	my ($file, @files, $hdf, $lang_name);

	opendir(DIR, $LANGUAGE_DIR) or die ("Language directory ($LANGUAGE_DIR) not accessible!");
	@files = grep { /.*\.hdf$/ } readdir(DIR);
	close(DIR);

	foreach $file (@files) {
		$hdf = ClearSilver::HDF->new();
		$hdf->readFile("$LANGUAGE_DIR/$file");
		substr($file, -4) = "";
		$lang_name = $hdf->getValue("Lang.Name", "$file");
		$data->setValue("Data.Languages." . "$file", "$lang_name");
	}
}


sub log_msg()
{
	my $text = shift;
	open(LOGFILE,">> $LOG_FILE");
	print LOGFILE "$text";
	close(LOGFILE);
}


sub check_ssl
{
	# BEWARE: dirty trick - is there a better way?
	# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
	# its own IP (localhost, of course)
	return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
}


sub check_mounted
{
	return (system("$CB_SCRIPT","is_crypto_mounted") == 0);
}


sub check_config
{
	return (system("$CB_SCRIPT","is_config_mounted") == 0);
}


sub check_init_running
{
	return (system("$CB_SCRIPT","is_init_running") == 0);
}


sub is_harddisk_available
{
	return (system("$CB_SCRIPT","is_harddisk_available") == 0);
}


sub get_current_ip
# the IP of eth0 - not the configured value of the box (only for validation)
{
	return `$CB_SCRIPT get_current_ip`;
}


sub render()
{
	$pagedata->setValue("PageName","$pagename");
	my $pagefile = "$TEMPLATE_DIR/main.cs";
	print "Content-Type: text/html\n\n";

	my $cs = ClearSilver::CS->new($pagedata);
	$cs->parseFile($pagefile);

	print $cs->render();
}


sub mount_vol
{
	my $pw = shift;

	if (&check_mounted) {
		$pagedata->setValue('Data.Warning', 'IsMounted');
	} else {
		open(PW_INPUT, "| $CB_SCRIPT crypto-up");
		print PW_INPUT $pw;
		close(PW_INPUT);
	}
}


sub umount_vol
{
	if (&check_mounted) {
		system("$CB_SCRIPT", "crypto-down");
	} else {
		$pagedata->setValue('Data.Warning', 'NotMounted');
	}
}


sub box_init
{
	my $admin_pw = shift;
	my $crypto_pw = shift;

	# partitioning, config and initial cryptsetup
	open(PW_INPUT, "|$CB_SCRIPT box-init-fg");
	print PW_INPUT "$admin_pw";
	print PW_INPUT "$crypto_pw";
	close(PW_INPUT);

	# wipe and mkfs takes some time - it will be done in the background
	system("$CB_SCRIPT", "box-init-bg");
}


sub system_poweroff()
{
	&umount_vol() if (&check_mounted());
	system("$CB_SCRIPT", "poweroff");
}


sub system_reboot()
{
	&umount_vol() if (&check_mounted());
	system("$CB_SCRIPT", "reboot");
}


sub validate_ip()
{
	my $ip = shift;
	my @octets = split /\./, $ip;
	return 0 if ($#octets == 4);
	# check for values and non-digits
	return 0 if ((@octets[0] <= 0) || (@octets[0] >= 255) || (@octets[0] =~ /\D/));
	return 0 if ((@octets[1] < 0) || (@octets[1] >= 255) || (@octets[1] =~ /\D/));
	return 0 if ((@octets[2] < 0) || (@octets[2] >= 255) || (@octets[2] =~ /\D/));
	return 0 if ((@octets[3] <= 0) || (@octets[3] >= 255) || (@octets[3] =~ /\D/));
	return 1;
}


sub validate_timeout()
{
	my $timeout = shift;
	return 0 if ($timeout =~ /\D/);
	return 1;
}


# check for a valid interface language
sub validate_language()
{
	my $language = shift;
	# check for non-alphanumeric character
	return 0 if ($language =~ /\W/);
	return 0 if ($language eq "");
	return 0 if ( ! -e "$LANGUAGE_DIR/$language" . '.hdf');
	return 1;
}


# check for a valid documentation language
sub validate_doc_language()
{
	my $language = shift;
	# check for non-alphanumeric character
	return 0 if ($language =~ /\W/);
	return 0 if ($language eq "");
	return 0 if ( ! -e "$DOC_DIR/$language" . '.hdf');
	return 1;
}


################### main #########################

my $query = new CGI;

$pagedata = load_hdf();


######### temporary language setting? ############
# the default language can be overriden by the language links in the
# upper right of the page
if ($query->param('weblang')) {
	my $weblang = $query->param('weblang');
	if (&validate_language($weblang)) {
		# load the data
		&load_language_data($pagedata, "$weblang");
		# add the setting to every link
		$pagedata->setValue('Data.PostData.weblang', "$weblang");
	} else {
		$pagedata->setValue('Data.Warning', 'InvalidLanguage');
	}
}


########## select documentation language ##########
if ($query->param('weblang') && &validate_doc_language($query->param('weblang'))) {
	# selected web interface language
	$pagedata->setValue('Settings.DocLang', "$query->param('weblang')");
} elsif (&validate_doc_language($LANGUAGE)) {
	# configured CryptoBox language
	$pagedata->setValue('Settings.DocLang', "$LANGUAGE");
} else {
	# default hardcoded language (english)
	$pagedata->setValue('Settings.DocLang', "en");
}


# first: check for ssl!
if ( ! &check_ssl()) {
	$pagedata->setValue('Data.Error', 'NoSSL');
	$pagedata->setValue('Data.Redirect.URL', "https://" . $ENV{'HTTP_HOST'} . $ENV{'SCRIPT_NAME'});
	$pagedata->setValue('Data.Redirect.Delay', "3");
} elsif ( ! &is_harddisk_available()) {
	$pagedata->setValue('Data.Error', 'NoHardDisk');
} elsif ($query->param('action')) {
	my $action = $query->param('action');
	################ umount_do #######################
	if ($action eq 'umount_do') {
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif (&check_init_running()) {
			$pagedata->setValue('Data.Warning', 'InitNotFinished');
			$pagedata->setValue('Data.Action', 'mount_form');
		} elsif ( ! &check_mounted()) {
			$pagedata->setValue('Data.Warning', 'NotMounted');
			$pagedata->setValue('Data.Action', 'mount_form');
		} else {
			# unmounten
			&umount_vol();
			if (&check_mounted()) {
			$pagedata->setValue('Data.Warning', 'UmountFailed');
			$pagedata->setValue('Data.Action', 'umount_form');
			} else {
			$pagedata->setValue('Data.Success', 'UmountDone');
			$pagedata->setValue('Data.Action', 'mount_form');
			}
		}
	################ mount_do ########################
	} elsif ($action eq 'mount_do') {
		# mount requested
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif (&check_init_running()) {
			$pagedata->setValue('Data.Warning', 'InitNotFinished');
			$pagedata->setValue('Data.Action', 'mount_form');
		} elsif (&check_mounted()) {
			$pagedata->setValue('Data.Warning', 'IsMounted');
			$pagedata->setValue('Data.Action', 'umount_form');
		} elsif ($query->param('password') eq '') {
			# leeres Passwort
			$pagedata->setValue('Data.Warning', 'EmptyPassword');
			$pagedata->setValue('Data.Action', 'mount_form');
		} else	{
			# mounten
			&mount_vol($query->param('password'));
			if (!&check_mounted()) {
			$pagedata->setValue('Data.Warning', 'MountFailed');
			$pagedata->setValue('Data.Action', 'mount_form');
			} else {
			$pagedata->setValue('Data.Success', 'MountDone');
			$pagedata->setValue('Data.Action', 'umount_form');
			}
		}
	################## mount_ask #######################
	} elsif ($action eq 'mount_ask') {
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif (&check_init_running()) {
			$pagedata->setValue('Data.Warning', 'InitNotFinished');
			$pagedata->setValue('Data.Action', 'mount_form');
		} elsif (&check_mounted()) {
			$pagedata->setValue('Data.Warning', 'IsMounted');
			$pagedata->setValue('Data.Action', 'intro');
		} else {
			$pagedata->setValue('Data.Action', 'mount_form');
		}
	################# umount_ask ########################
	} elsif ($action eq 'umount_ask') {
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif ( ! &check_mounted()) {
			$pagedata->setValue('Data.Warning', 'NotMounted');
			$pagedata->setValue('Data.Action', 'mount_form');
		} else {
			$pagedata->setValue('Data.Action', 'umount_form');
		}
	################## init_ask #########################
	} elsif ($action eq 'init_ask') {
		if (&check_init_running()) {
			$pagedata->setValue('Data.Warning', 'InitNotFinished');
			$pagedata->setValue('Data.Action', 'intro');
		} elsif (&check_config()) {
			$pagedata->setValue('Data.Warning', 'AlreadyConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} else {
			$pagedata->setValue('Data.Action', 'init_form');
		}
	#################### init_do ########################
	} elsif ($action eq 'init_do') {
		if ($query->param('admin_password') ne $query->param('admin_password2')) {
			# different admin-passwords
			$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) {
			# different crypto-passwords
			$pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif ($query->param('crypto_password') eq '') {
			# empty password
			$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
			$pagedata->setValue('Data.Action', 'init_form');
		} elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) {
			# wrong confirm string
			$pagedata->setValue('Data.Warning', 'InitNotConfirmed');
			$pagedata->setValue('Data.Action', 'init_form');
		} else {
			# do init
			&box_init($query->param('admin_password'),$query->param('crypto_password'));
			if (!&check_init_running()) {
				$pagedata->setValue('Data.Error', 'InitFailed');
			} else {
				$pagedata->setValue('Data.Success', 'InitRunning');
				$pagedata->setValue('Data.Action', 'config_form');
			}
		}
	#################### config_ask ######################
	} elsif ($action eq 'config_ask') {
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} else {
			$pagedata->setValue('Data.Action', 'config_form');
		}
	#################### config_do #######################
	} elsif ($action eq 'config_do') {
		if ( ! &check_config()) {
			$pagedata->setValue('Data.Warning', 'NotConfigured');
			$pagedata->setValue('Data.Action', 'init_form');
		} else {
			if ( ! &validate_language($query->param('language'))) {
			$pagedata->setValue('Data.Warning', 'InvalidLanguage');
			$pagedata->setValue('Data.Action', 'config_form');
			} elsif ( ! &validate_ip($query->param('ip'))) {
			$pagedata->setValue('Data.Warning', 'InvalidIP');
			$pagedata->setValue('Data.Action', 'config_form');
			} elsif ( ! &validate_timeout($query->param('timeout'))) {
			$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
			$pagedata->setValue('Data.Action', 'config_form');
			} else {
			system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
			system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
			# check, if the ip was reconfigured
			if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
			{
				# set the new value
				system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
				# reconfigure the network interface
				system("$CB_SCRIPT", "update_ip_address");
				# redirect to the new address
				$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
				$pagedata->setValue('Data.Redirect.Delay', "5");
				# display a warning for the redirection
				$pagedata->setValue('Data.Warning', 'IPAddressChanged');
			}

			# check for success
			if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
				$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
			} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
				$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
			} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
				$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
			} else {
				$pagedata->setValue('Data.Success', 'ConfigSaved');
			}
			$pagedata->setValue('Data.Action', 'intro');
			}
		}
	#################### show_log #######################
	} elsif ($action eq 'show_log') {
		$pagedata->setValue('Data.Action', 'show_log');
	##################### doc ############################
	} elsif ($action eq 'doc') {
		if ($query->param('page')) {
			$pagedata->setValue('Data.Doc.Page', $query->param('page'));
			$pagedata->setValue('Data.Action', 'doc');
		} else {
			$pagedata->setValue('Data.Doc.Page', 'CryptoBox');
			$pagedata->setValue('Data.Action', 'doc');
		}
	##################### poweroff ######################
	} elsif ($action eq 'shutdown_ask') {
		$pagedata->setValue('Data.Action', 'shutdown_form');
	##################### reboot ########################
	} elsif ($action eq 'shutdown_do') {
		if ($query->param('type') eq 'reboot') {
			&system_reboot();
			$pagedata->setValue('Data.Success', 'ReBoot');
		} else {
			&system_poweroff();
			$pagedata->setValue('Data.Success', 'PowerOff');
		}
		$pagedata->setValue('Data.Action', 'intro');
	################### unknown #########################
	} else {
		$pagedata->setValue('Data.Error', 'UnknownAction');
	}
###################### default ##########################
} else {
	$pagedata->setValue('Data.Action', 'intro');
}

# check state of the cryptobox
$pagedata->setValue('Data.Status.Config', &check_config() ? 1 : 0);
$pagedata->setValue('Data.Status.InitRunning', &check_init_running() ? 1 : 0);
$pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0);
my $output = &get_current_ip();
$pagedata->setValue('Data.Status.IP', "$output");

$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
$pagedata->setValue('Data.PartitionInfo',"$output");

# preset config settings for clearsilver
$pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`);
$pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`);
$pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);

# read log and add html linebreaks
$output = '';
if (-e "$LOG_FILE") {
	open(LOGFILE, "< $LOG_FILE");
	while (<LOGFILE>) { $output .= "$_<br/>" }
	close(LOGFILE);
}
$pagedata->setValue('Data.Log',"$output");

$pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEV);

&render();

exit 0;