You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

599 lines
19 KiB

#!/usr/bin/perl
#
# web interface of the CryptoBox
#
###############################################
use strict;
use CGI;
use ClearSilver;
use ConfigFile;
my ($pagedata, $pagename);
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
my ($CB_SCRIPT, $LOG_FILE, $IS_DEV);
my $config = ConfigFile::read_config_file('/etc/cryptobox/cryptobox.conf');
$CB_SCRIPT = $config->{CB_SCRIPT};
$LOG_FILE = $config->{LOG_FILE};
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
$HTML_TEMPLATE_DIR = $config->{HTML_TEMPLATE_DIR};
$DOC_DIR = $config->{DOC_DIR};
$IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT});
my $query = new CGI;
#################### subs ######################
sub load_hdf
{
my $hdf = ClearSilver::HDF->new();
my $fname = "$HTML_TEMPLATE_DIR/main.cs";
die ("Template directory is invalid ($fname not found)!") unless (-e "$fname");
$hdf->setValue("Settings.TemplateDir","$HTML_TEMPLATE_DIR");
die ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR");
$hdf->setValue("Settings.DocDir","$DOC_DIR");
# if it was requested as directory index (link from index.html), we should
# set a real script name - otherwise links with a query string will break
# ignore POST part of the SCRIPT_NAME (after "&")
(my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/;
$hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url );
&load_selected_language($hdf);
&get_available_languages($hdf);
return $hdf;
}
sub load_selected_language
{
my $data = shift;
my $config_language;
# load $DEFAULT_LANGUAGE - this is necessary, if a translation is incomplete
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
# load configured language, if it is valid
$config_language = `$CB_SCRIPT get_config language`;
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
######### temporary language setting? ############
# the default language can be overriden by the language links in the
# upper right of the page
if ($query->param('weblang')) {
my $weblang = $query->param('weblang');
if (&validate_language($weblang)) {
# load the data
$config_language = "$weblang";
# add the setting to every link
$data->setValue('Data.PostData.weblang', "$weblang");
} else {
$data->setValue('Data.Warning', 'InvalidLanguage');
}
}
# import the configured resp. the temporarily selected language
$data->readFile("$LANGUAGE_DIR/$config_language" . ".hdf");
########## select documentation language ##########
if (&validate_doc_language($config_language)) {
# selected web interface language
$data->setValue('Settings.DocLang', "$config_language");
} elsif (&validate_doc_language($DEFAULT_LANGUAGE)) {
# configured CryptoBox language
$data->setValue('Settings.DocLang', "$DEFAULT_LANGUAGE");
} else {
# default hardcoded language (english)
$data->setValue('Settings.DocLang', "en");
}
}
sub get_available_languages
# import the names of all available languages
{
my $data = shift;
my ($file, @files, $hdf, $lang_name);
opendir(DIR, $LANGUAGE_DIR) or die ("Language directory ($LANGUAGE_DIR) not accessible!");
@files = sort grep { /.*\.hdf$/ } readdir(DIR);
close(DIR);
foreach $file (@files) {
$hdf = ClearSilver::HDF->new();
$hdf->readFile("$LANGUAGE_DIR/$file");
substr($file, -4) = "";
$lang_name = $hdf->getValue("Lang.Name", "$file");
$data->setValue("Data.Languages." . "$file", "$lang_name");
}
}
sub log_msg
{
my $text = shift;
open(LOGFILE,">> $LOG_FILE");
print LOGFILE "$text";
close(LOGFILE);
}
sub check_ssl
{
# BEWARE: dirty trick - is there a better way?
# stunnel is not in transparent mode -> that means, it replaces REMOTE_ADDR with
# its own IP (localhost, of course)
return ($ENV{'REMOTE_ADDR'} eq '127.0.0.1');
}
sub check_mounted
{
return (system("$CB_SCRIPT","is_crypto_mounted") == 0);
}
sub check_config
{
return (system("$CB_SCRIPT","is_config_mounted") == 0);
}
sub check_init_running
{
return (system("$CB_SCRIPT","is_init_running") == 0);
}
sub is_harddisk_available
{
return (system("$CB_SCRIPT","is_harddisk_available") == 0);
}
sub get_current_ip
# the IP of eth0 - not the configured value of the box (only for validation)
{
return `$CB_SCRIPT get_current_ip`;
}
sub get_admin_pw
# returns the current administration password - empty, if it is not used
{
return `$CB_SCRIPT get_config admin_pw`;
}
sub render
{
$pagedata->setValue("PageName","$pagename");
my $pagefile = "$HTML_TEMPLATE_DIR/main.cs";
print "Content-Type: text/html\n\n";
my $cs = ClearSilver::CS->new($pagedata);
$cs->parseFile($pagefile);
print $cs->render();
}
sub mount_vol
{
my $pw = shift;
if (&check_mounted) {
$pagedata->setValue('Data.Warning', 'IsMounted');
} else {
open(PW_INPUT, "| $CB_SCRIPT crypto-up");
print PW_INPUT $pw;
close(PW_INPUT);
}
}
sub umount_vol
{
if (&check_mounted) {
system("$CB_SCRIPT", "crypto-down");
} else {
$pagedata->setValue('Data.Warning', 'NotMounted');
}
}
sub box_init
{
my ($crypto_pw, $admin_pw) = @_;
# partitioning, config and initial cryptsetup
open(PW_INPUT, "|$CB_SCRIPT box-init-fg");
print PW_INPUT $crypto_pw;
close(PW_INPUT);
# set administration password
system("$CB_SCRIPT", "set_config", "admin_pw", "$admin_pw");
# wipe and mkfs takes some time - it will be done in the background
system("$CB_SCRIPT", "box-init-bg");
}
sub system_poweroff
{
&umount_vol() if (&check_mounted());
system("$CB_SCRIPT", "poweroff");
}
sub system_reboot
{
&umount_vol() if (&check_mounted());
system("$CB_SCRIPT", "reboot");
}
sub validate_ip
{
my $ip = shift;
my @octets = split /\./, $ip;
return 0 if ($#octets == 4);
# check for values and non-digits
return 0 if ((@octets[0] <= 0) || (@octets[0] >= 255) || (@octets[0] =~ /\D/));
return 0 if ((@octets[1] < 0) || (@octets[1] >= 255) || (@octets[1] =~ /\D/));
return 0 if ((@octets[2] < 0) || (@octets[2] >= 255) || (@octets[2] =~ /\D/));
return 0 if ((@octets[3] <= 0) || (@octets[3] >= 255) || (@octets[3] =~ /\D/));
return 1;
}
sub validate_timeout
{
my $timeout = shift;
return 0 if ($timeout =~ /\D/);
return 1;
}
# check for a valid interface language
sub validate_language
{
my $language = shift;
# check for non-alphanumeric character
return 0 if ($language =~ /\W/);
return 0 if ($language eq "");
return 0 if ( ! -e "$LANGUAGE_DIR/$language" . '.hdf');
return 1;
}
# check for a valid documentation language
sub validate_doc_language
{
my $language = shift;
# check for non-alphanumeric character
return 0 if ($language =~ /\W/);
return 0 if ($language eq "");
return 0 if ( ! -e "$DOC_DIR/$language");
return 1;
}
################### main #########################
$pagedata = load_hdf();
# first: check for ssl!
if ( ! &check_ssl()) {
$pagedata->setValue('Data.Error', 'NoSSL');
$pagedata->setValue('Data.Redirect.URL', "https://" . $ENV{'HTTP_HOST'} . $ENV{'SCRIPT_NAME'});
$pagedata->setValue('Data.Redirect.Delay', "3");
} elsif ( ! &is_harddisk_available()) {
$pagedata->setValue('Data.Error', 'NoHardDisk');
} elsif ($query->param('action')) {
my $action = $query->param('action');
################ umount_do #######################
if ($action eq 'umount_do') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'config_form');
$pagedata->setValue('Data.Redirect.Delay', "30");
} elsif ( ! &check_mounted()) {
$pagedata->setValue('Data.Warning', 'NotMounted');
$pagedata->setValue('Data.Action', 'empty');
} else {
# unmounten
&umount_vol();
if (&check_mounted()) {
$pagedata->setValue('Data.Warning', 'UmountFailed');
$pagedata->setValue('Data.Action', 'umount_form');
} else {
$pagedata->setValue('Data.Success', 'UmountDone');
$pagedata->setValue('Data.Action', 'status');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "60");
}
}
################ mount_do ########################
} elsif ($action eq 'mount_do') {
# mount requested
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'config_form');
$pagedata->setValue('Data.Redirect.Delay', "30");
} elsif (&check_mounted()) {
$pagedata->setValue('Data.Warning', 'IsMounted');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} elsif ($query->param('crypto_password') eq '') {
# leeres Passwort
$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
$pagedata->setValue('Data.Action', 'mount_form');
} else {
# mounten
&mount_vol($query->param('crypto_password'));
if (!&check_mounted()) {
$pagedata->setValue('Data.Warning', 'MountFailed');
$pagedata->setValue('Data.Action', 'mount_form');
} else {
$pagedata->setValue('Data.Success', 'MountDone');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "30");
}
}
################## mount_ask #######################
} elsif ($action eq 'mount_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'config_form');
$pagedata->setValue('Data.Redirect.Delay', "30");
} elsif (&check_mounted()) {
$pagedata->setValue('Data.Warning', 'IsMounted');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
$pagedata->setValue('Data.Action', 'mount_form');
}
################# umount_ask ########################
} elsif ($action eq 'umount_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ( ! &check_mounted()) {
$pagedata->setValue('Data.Warning', 'NotMounted');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
$pagedata->setValue('Data.Action', 'umount_form');
}
################## init_ask #########################
} elsif ($action eq 'init_ask') {
if (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'config_form');
} elsif (&check_config()) {
$pagedata->setValue('Data.Warning', 'AlreadyConfigured');
$pagedata->setValue('Data.Action', 'init_form');
} else {
$pagedata->setValue('Data.Action', 'init_form');
}
#################### init_do ########################
} elsif ($action eq 'init_do') {
my $current_admin_pw = &get_admin_pw;
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ($query->param('admin_password') ne $query->param('admin_password2')) {
# different admin-passwords
$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) {
# different crypto-passwords
$pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ($query->param('crypto_password') eq '') {
# empty password
$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
$pagedata->setValue('Data.Action', 'init_form');
} elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) {
# wrong confirm string
$pagedata->setValue('Data.Warning', 'InitNotConfirmed');
$pagedata->setValue('Data.Action', 'init_form');
} else {
# do init
&box_init($query->param('crypto_password'),$query->param('admin_password'));
if (!&check_init_running()) {
$pagedata->setValue('Data.Error', 'InitFailed');
} else {
$pagedata->setValue('Data.Success', 'InitRunning');
$pagedata->setValue('Data.Action', 'config_form');
}
}
#################### config_ask ######################
} elsif ($action eq 'config_ask') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} else {
$pagedata->setValue('Data.Action', 'config_form');
}
#################### config_do #######################
} elsif ($action eq 'config_do') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} else {
my $current_admin_pw = &get_admin_pw;
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_language($query->param('language'))) {
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_ip($query->param('ip'))) {
$pagedata->setValue('Data.Warning', 'InvalidIP');
$pagedata->setValue('Data.Action', 'config_form');
} elsif ( ! &validate_timeout($query->param('timeout'))) {
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
$pagedata->setValue('Data.Action', 'config_form');
} else {
system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
&load_selected_language($pagedata);
system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
# check, if the ip was reconfigured
if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
{
# set the new value
system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
# reconfigure the network interface
system("$CB_SCRIPT", "update_ip_address");
# redirect to the new address
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
$pagedata->setValue('Data.Redirect.Delay', "5");
# display a warning for the redirection
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
}
# check for success
if (`$CB_SCRIPT get_config timeout` ne $query->param('timeout')) {
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
} elsif (`$CB_SCRIPT get_config ip` ne $query->param('ip')) {
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
} elsif (`$CB_SCRIPT get_config language` ne $query->param('language')) {
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
} else {
$pagedata->setValue('Data.Success', 'ConfigSaved');
}
$pagedata->setValue('Data.Action', 'status');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "30");
}
}
#################### show_log #######################
} elsif ($action eq 'show_log') {
$pagedata->setValue('Data.Action', 'show_log');
##################### doc ############################
} elsif ($action eq 'doc') {
if ($query->param('page')) {
$pagedata->setValue('Data.Doc.Page', $query->param('page'));
$pagedata->setValue('Data.Action', 'doc');
} else {
$pagedata->setValue('Data.Doc.Page', 'CryptoBoxUser');
$pagedata->setValue('Data.Action', 'doc');
}
##################### poweroff ######################
} elsif ($action eq 'shutdown_ask') {
$pagedata->setValue('Data.Action', 'shutdown_form');
##################### reboot ########################
} elsif ($action eq 'shutdown_do') {
if ($query->param('type') eq 'reboot') {
&system_reboot();
$pagedata->setValue('Data.Success', 'ReBoot');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "180");
} else {
&system_poweroff();
$pagedata->setValue('Data.Success', 'PowerOff');
}
$pagedata->setValue('Data.Action', 'empty');
#################### status #########################
} elsif ($action eq 'status') {
if ( ! &check_config()) {
$pagedata->setValue('Data.Warning', 'NotInitialized');
$pagedata->setValue('Data.Action', 'init_form');
} elsif (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'config_form');
$pagedata->setValue('Data.Redirect.Delay', "30");
} else {
$pagedata->setValue('Data.Action', 'status');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "60");
}
################### unknown #########################
} else {
$pagedata->setValue('Data.Error', 'UnknownAction');
}
###################### default ##########################
} else {
if (&check_init_running()) {
$pagedata->setValue('Data.Warning', 'InitNotFinished');
$pagedata->setValue('Data.Action', 'empty');
$pagedata->setValue('Data.Redirect.Action', 'config_form');
$pagedata->setValue('Data.Redirect.Delay', "60");
} elsif (&check_config()) {
$pagedata->setValue('Data.Action', 'status');
$pagedata->setValue('Data.Redirect.Action', 'status');
$pagedata->setValue('Data.Redirect.Delay', "60");
} else {
$pagedata->setValue('Data.Action', 'init_form');
}
}
# check state of the cryptobox
$pagedata->setValue('Data.Status.Config', &check_config() ? 1 : 0);
$pagedata->setValue('Data.Status.InitRunning', &check_init_running() ? 1 : 0);
$pagedata->setValue('Data.Status.Mounted', &check_mounted() ? 1 : 0);
my $output = &get_current_ip();
$pagedata->setValue('Data.Status.IP', "$output");
$output = &get_admin_pw();
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
$output = `$CB_SCRIPT diskinfo 2>&1 | sed 's#\$#<br/>#'`;
$pagedata->setValue('Data.PartitionInfo',"$output");
# preset config settings for clearsilver
$pagedata->setValue('Data.Config.IP', `$CB_SCRIPT get_config ip`);
$pagedata->setValue('Data.Config.TimeOut', `$CB_SCRIPT get_config timeout`);
$pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);
# read log and add html linebreaks
$output = '';
if (-e "$LOG_FILE") {
open(LOGFILE, "< $LOG_FILE");
while (<LOGFILE>) { $output .= "$_<br/>" }
close(LOGFILE);
}
$pagedata->setValue('Data.Log',"$output");
$pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEV);
# save QUERY_STRING (e.g. for weblang-links)
my $querystring = $ENV{'QUERY_STRING'};
# remove weblang setting
$querystring =~ s/weblang=\w\w&?//;
$pagedata->setValue('Data.QueryString', "$querystring") if ($querystring ne '');
&render();
exit 0;