947 lines
33 KiB
Perl
Executable File
947 lines
33 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
#
|
|
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
|
#
|
|
# License: This script is distributed under the terms of version 2
|
|
# of the GNU GPL. See the LICENSE file included with the package.
|
|
#
|
|
# $Id$
|
|
#
|
|
# the web interface of the CryptoBox
|
|
#
|
|
|
|
|
|
###############################################
|
|
|
|
use strict;
|
|
use CGI;
|
|
use ClearSilver;
|
|
use ConfigFile;
|
|
use English;
|
|
use CGI::Carp;
|
|
use IO::File;
|
|
use POSIX;
|
|
|
|
use constant CRYPTOBOX_VERSION => 0.3;
|
|
|
|
# debug levels
|
|
use constant DEBUG_NONE => 0;
|
|
use constant DEBUG_ERROR => 1;
|
|
use constant DEBUG_WARN => 2;
|
|
use constant DEBUG_INFO => 3;
|
|
|
|
# drop privileges
|
|
$UID = $EUID;
|
|
$GID = $EGID;
|
|
|
|
# necessary for suid perl scripts (see 'man perlsec' for details)
|
|
$ENV{'PATH'} = '/bin:/usr/bin';
|
|
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer
|
|
|
|
my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf';
|
|
|
|
my $pagedata;
|
|
|
|
my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR);
|
|
my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL, $DEBUG_LEVEL);
|
|
|
|
# get the directory of the cryptobox scripts/binaries and untaint it
|
|
$CB_SCRIPT = $0;
|
|
$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/;
|
|
$CB_SCRIPT = ($1)? "$1/cbox-manage.sh" : './cbox-manage.sh';
|
|
|
|
&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE);
|
|
my $config = ConfigFile::read_config_file($CONFIG_FILE);
|
|
|
|
$LOG_FILE = $config->{LOG_FILE};
|
|
$LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
|
$DEFAULT_LANGUAGE = $config->{LANGUAGE};
|
|
$HTML_TEMPLATE_DIR = $config->{HTML_TEMPLATE_DIR};
|
|
$DOC_DIR = $config->{DOC_DIR};
|
|
$IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT});
|
|
$STYLESHEET_URL = $config->{STYLESHEET_URL};
|
|
if (defined($config->{DEBUG_LEVEL})) {
|
|
$DEBUG_LEVEL = $config->{DEBUG_LEVEL};
|
|
} else {
|
|
$DEBUG_LEVEL = DEBUG_ERROR; # default debug level
|
|
}
|
|
|
|
my $query = new CGI;
|
|
|
|
#################### subs ######################
|
|
|
|
# for fatal errors without the chance of clearsilver-rendering
|
|
sub fatal_error() {
|
|
my $message = shift;
|
|
|
|
print "Content-Type: text/html\n\n";
|
|
print "<html><head><title>CryptoBox</title></head>\n";
|
|
print "<body>\n";
|
|
print '<h1 align="center">' . $message . "</h1>\n";
|
|
print "</body></html>\n";
|
|
die "[CryptoBox]: $message";
|
|
}
|
|
|
|
|
|
sub debug_msg() {
|
|
my ($level, $message) = @_;
|
|
return 0 unless ($level >= $DEBUG_LEVEL);
|
|
warn "[cryptobox]: $message";
|
|
}
|
|
|
|
|
|
sub load_hdf {
|
|
my $hdf = ClearSilver::HDF->new();
|
|
|
|
my $fname = "$HTML_TEMPLATE_DIR/main.cs";
|
|
&fatal_error ("Template directory is invalid ($fname not found)!") unless (-e "$fname");
|
|
$hdf->setValue("Settings.TemplateDir","$HTML_TEMPLATE_DIR");
|
|
|
|
&fatal_error ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR");
|
|
$hdf->setValue("Settings.DocDir","$DOC_DIR");
|
|
|
|
# if it was requested as directory index (link from index.html), we should
|
|
# set a real script name - otherwise links with a query string will break
|
|
# ignore POST part of the SCRIPT_NAME (after "&")
|
|
(my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/;
|
|
$hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url );
|
|
|
|
# set stylesheet url
|
|
$hdf->setValue("Settings.Stylesheet",$STYLESHEET_URL);
|
|
|
|
&load_selected_language($hdf);
|
|
|
|
&get_available_languages($hdf);
|
|
|
|
return $hdf;
|
|
}
|
|
|
|
|
|
sub load_selected_language {
|
|
my $data = shift;
|
|
my $config_language;
|
|
|
|
# load $DEFAULT_LANGUAGE - this is necessary, if a translation is incomplete
|
|
$data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf");
|
|
|
|
# load configured language, if it is valid
|
|
$config_language = &get_cbox_config("language");
|
|
$config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language"));
|
|
|
|
# check for preferred browser language, if the box was not initialized yet
|
|
if ( ! &check_config())
|
|
{
|
|
my $prefLang = &get_browser_language();
|
|
# take it, if a supported browser language was found
|
|
$config_language = $prefLang unless ($prefLang eq '');
|
|
}
|
|
|
|
######### temporary language setting? ############
|
|
# the default language can be overriden by the language links in the
|
|
# upper right of the page
|
|
if ($query->param('weblang')) {
|
|
my $weblang = $query->param('weblang');
|
|
if (&validate_language($weblang)) {
|
|
# load the data
|
|
$config_language = "$weblang";
|
|
# add the setting to every link
|
|
# how it should be done now ...
|
|
$data->setValue('Settings.LinkAttrs.weblang', "$weblang");
|
|
# old way of doing this ... (TODO: to be removed)
|
|
$data->setValue('Data.PostData.weblang', "$weblang");
|
|
} else {
|
|
# no valid language was selected - so you may ignore it
|
|
$data->setValue('Data.Warning', 'InvalidLanguage');
|
|
}
|
|
}
|
|
# import the configured resp. the temporarily selected language
|
|
$data->readFile("$LANGUAGE_DIR/$config_language" . ".hdf");
|
|
|
|
########## select documentation language ##########
|
|
if (&validate_doc_language($config_language)) {
|
|
# selected web interface language
|
|
$data->setValue('Settings.DocLang', "$config_language");
|
|
} elsif (&validate_doc_language($DEFAULT_LANGUAGE)) {
|
|
# configured CryptoBox language
|
|
$data->setValue('Settings.DocLang', "$DEFAULT_LANGUAGE");
|
|
} else {
|
|
# default hardcoded language (english)
|
|
$data->setValue('Settings.DocLang', "en");
|
|
}
|
|
}
|
|
|
|
|
|
# import the names of all available languages
|
|
sub get_available_languages {
|
|
my $data = shift;
|
|
my ($file, @files, $hdf, $lang_name);
|
|
|
|
opendir(DIR, $LANGUAGE_DIR) or &fatal_error ("Language directory ($LANGUAGE_DIR) not accessible!");
|
|
@files = sort grep { /.*\.hdf$/ } readdir(DIR);
|
|
close(DIR);
|
|
|
|
foreach $file (@files) {
|
|
$hdf = ClearSilver::HDF->new();
|
|
$hdf->readFile("$LANGUAGE_DIR/$file");
|
|
substr($file, -4) = "";
|
|
$lang_name = $hdf->getValue("Lang.Name", "$file");
|
|
$data->setValue("Data.Languages." . "$file", "$lang_name");
|
|
}
|
|
}
|
|
|
|
|
|
# look for preferred browser language setting
|
|
# this code was adapted from Per Cederberg - http://www.percederberg.net/home/perl/select.perl
|
|
# it returns an empty string, if no supported language was found
|
|
sub get_browser_language {
|
|
my ($str, @langs, @res);
|
|
|
|
# Use language preference settings
|
|
if ($ENV{'HTTP_ACCEPT_LANGUAGE'} ne '')
|
|
{
|
|
@langs = split(/,/, $ENV{'HTTP_ACCEPT_LANGUAGE'});
|
|
foreach (@langs)
|
|
{
|
|
# get the first part of the language setting
|
|
($str) = ($_ =~ m/([a-z]+)/);
|
|
# check, if it supported by the cryptobox
|
|
$res[$#res+1] = $str if validate_language($str);
|
|
}
|
|
}
|
|
|
|
# if everything fails - return empty string
|
|
$res[0] = "" if ($#res lt 0);
|
|
return $res[0];
|
|
}
|
|
|
|
|
|
sub log_msg {
|
|
my $text = shift;
|
|
open(LOGFILE,">> $LOG_FILE");
|
|
print LOGFILE "$text";
|
|
close(LOGFILE);
|
|
}
|
|
|
|
|
|
sub check_ssl {
|
|
# check, if we are behind a proxy with ssl (e.g. pound)
|
|
return (0==0) if ($ENV{'HTTP_FRONT_END_HTTPS'} =~ m/^on$/i);
|
|
# environment variable set (e.g. via apache directive "SetEnv HTTPS On")
|
|
return (0==0) if ($ENV{'HTTPS'} =~ m/^on$/i);
|
|
# port 80 -> not encrypted
|
|
return (0==1) if ($ENV{'SERVER_PORT'} == 80);
|
|
# other ports -> maybe ok - we accept it
|
|
return (0==0);
|
|
}
|
|
|
|
|
|
# check, if the given device is mounted/used somehow
|
|
# Paramter: device
|
|
sub check_mounted {
|
|
my ($dev) = @_;
|
|
return (system($CB_SCRIPT,"is_mounted",$dev) == 0);
|
|
}
|
|
|
|
|
|
sub check_config {
|
|
return (system($CB_SCRIPT,"check_config") == 0);
|
|
}
|
|
|
|
|
|
sub exec_cb_script {
|
|
my (@params) = @_;
|
|
my ($pid, @result);
|
|
&fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|"));
|
|
if (!$pid) {
|
|
# child
|
|
exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!");
|
|
exit 0;
|
|
} else {
|
|
# parent
|
|
# only read lines containing at least one non-whitespace character
|
|
@result = grep /\S/, <PROG_OUT>;
|
|
foreach (@result) { chomp; }
|
|
unless (close PROG_OUT) {
|
|
&debug_msg(DEBUG_WARN, "error while running $CB_SCRIPT (params:" . join(" ",@params) . "): $?");
|
|
return undef;
|
|
}
|
|
}
|
|
if (wantarray) {
|
|
return @result;
|
|
} elsif (@result > 0) {
|
|
return join('',@result);
|
|
} else {
|
|
return "";
|
|
}
|
|
}
|
|
|
|
|
|
sub check_init_running {
|
|
# TODO: improve this
|
|
return (0==1);
|
|
}
|
|
|
|
|
|
# Parameter: device
|
|
sub check_device_plaintext {
|
|
return (system("$CB_SCRIPT","is_plain",$1) == 0);
|
|
}
|
|
|
|
|
|
# Parameter: device
|
|
sub check_device_encryption {
|
|
return (system("$CB_SCRIPT","is_encrypted",$1) == 0);
|
|
}
|
|
|
|
|
|
sub is_harddisk_available {
|
|
my @all_disks = &exec_cb_script("get_available_disks");
|
|
return @all_disks > 0;
|
|
}
|
|
|
|
|
|
sub get_available_disks {
|
|
my @all_disks = &exec_cb_script("get_available_disks");
|
|
my ($disk, @return_disks);
|
|
foreach $disk (@all_disks) {
|
|
$disk =~ m#^([/\._\-\w]*)$#;
|
|
push @return_disks, $1 if ($1);
|
|
}
|
|
return @return_disks;
|
|
}
|
|
|
|
|
|
sub get_disk_name {
|
|
my ($dev) = @_;
|
|
my $disk_name = &exec_cb_script("get_device_name", $dev);
|
|
return $disk_name;
|
|
}
|
|
|
|
|
|
# return the value of a configuration setting (timeout, language, ip, ...)
|
|
# Parameter: setting_name
|
|
sub get_cbox_config {
|
|
my ($setting) = @_;
|
|
# tell the exec function, that we want a scalar instead of an array
|
|
my $scalar = &exec_cb_script("get_config",$setting);
|
|
return $scalar;
|
|
}
|
|
|
|
|
|
sub render {
|
|
my $pagefile = "$HTML_TEMPLATE_DIR/main.cs";
|
|
print "Content-Type: text/html\n\n";
|
|
|
|
my $cs = ClearSilver::CS->new($pagedata);
|
|
$cs->parseFile($pagefile);
|
|
|
|
print $cs->render();
|
|
}
|
|
|
|
|
|
# mount an encrypted volume
|
|
# Parameter: device password
|
|
sub mount_vol {
|
|
my ($device, $pw) = @_;
|
|
|
|
if (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning', 'IsMounted');
|
|
} else {
|
|
if ($pw eq '') {
|
|
&exec_cb_script("crypto-up", $device);
|
|
} else {
|
|
open(PW_INPUT, "| $CB_SCRIPT crypto-up $device");
|
|
print PW_INPUT $pw;
|
|
close(PW_INPUT);
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
# unmount a volume
|
|
# Parameter: device
|
|
sub umount_vol {
|
|
my ($device) = @_;
|
|
if (&check_mounted($device)) {
|
|
system($CB_SCRIPT, "crypto-down",$device);
|
|
} else {
|
|
$pagedata->setValue('Data.Warning', 'NotMounted');
|
|
}
|
|
}
|
|
|
|
|
|
# Parameter: device passphrase
|
|
# ignore passphrase (or leave it empty) to create a plaintext volume
|
|
sub volume_init {
|
|
my ($device, $crypto_pw) = @_;
|
|
my $result;
|
|
|
|
# only for encrypted volumes:
|
|
# write passphrase to a file - necessary as perl in secured mode does not allow
|
|
# the 'open(FH, "|/bin/prog ....")' call because of possible shell expansion - stupid 'open' :(
|
|
if ($crypto_pw) {
|
|
my ($fh, $temp_file);
|
|
# generate a temporary filename (as suggested by the Perl Cookbook)
|
|
do { $temp_file = POSIX::tmpnam() }
|
|
# TODO: reduce the file mask to the minimum - maybe 0600 would be a good choice
|
|
until $fh = IO::File->new($temp_file, O_RDWR|O_CREAT|O_EXCL);
|
|
close $fh;
|
|
unless (open(TMP, ">$temp_file")) {
|
|
&debug_msg(DEBUG_ERROR, "could not open a temporary file");
|
|
return (1==0);
|
|
}
|
|
print TMP $crypto_pw;
|
|
close TMP;
|
|
$result = &exec_cb_script("device_init", $device, $temp_file);
|
|
unlink ($temp_file) if (-e $temp_file);
|
|
} else {
|
|
$result = &exec_cb_script("device_init", $device);
|
|
}
|
|
# just to be sure, that the file does not get left behind
|
|
# usually the script should overwrite and remove it
|
|
return defined($result);
|
|
}
|
|
|
|
|
|
sub box_purge {
|
|
&exec_cb_script("box-purge");
|
|
}
|
|
|
|
|
|
sub system_poweroff {
|
|
&exec_cb_script("poweroff");
|
|
}
|
|
|
|
|
|
sub system_reboot {
|
|
&exec_cb_script("reboot");
|
|
}
|
|
|
|
|
|
sub validate_ip {
|
|
my $ip = shift;
|
|
my @octets = split /\./, $ip;
|
|
return 0 if ($#octets == 4);
|
|
# check for values and non-digits
|
|
return 0 if (($octets[0] <= 0) || ($octets[0] >= 255) || ($octets[0] =~ /\D/));
|
|
return 0 if (($octets[1] < 0) || ($octets[1] >= 255) || ($octets[1] =~ /\D/));
|
|
return 0 if (($octets[2] < 0) || ($octets[2] >= 255) || ($octets[2] =~ /\D/));
|
|
return 0 if (($octets[3] <= 0) || ($octets[3] >= 255) || ($octets[3] =~ /\D/));
|
|
return 1;
|
|
}
|
|
|
|
|
|
sub validate_timeout {
|
|
my $timeout = shift;
|
|
return 0 if ($timeout =~ /\D/);
|
|
return 1;
|
|
}
|
|
|
|
|
|
# check for a valid interface language
|
|
sub validate_language {
|
|
my $language = shift;
|
|
# check for non-alphanumeric character
|
|
return 0 if ($language =~ /\W/);
|
|
return 0 if ($language eq "");
|
|
return 0 if ( ! -e "$LANGUAGE_DIR/$language" . '.hdf');
|
|
return 1;
|
|
}
|
|
|
|
|
|
# check for a valid documentation language
|
|
sub validate_doc_language {
|
|
my $language = shift;
|
|
# check for non-alphanumeric character
|
|
return 0 if ($language =~ /\W/);
|
|
return 0 if ($language eq "");
|
|
return 0 if ( ! -e "$DOC_DIR/$language");
|
|
return 1;
|
|
}
|
|
|
|
|
|
################### main #########################
|
|
|
|
|
|
$pagedata = load_hdf();
|
|
my $current_admin_pw;
|
|
|
|
my $action = $query->param('action');
|
|
$action =~ m#^([\w\._\-]*)$#;
|
|
$action = ($1)? $1 : '';
|
|
|
|
my $device = $query->param('device');
|
|
$device =~ m#^([/_\-\w\.]*)$#;
|
|
$device = ($1)? $1 : '';
|
|
|
|
# BEWARE: there are two kinds of actions:
|
|
# * some require a harddisk
|
|
# * some do not require a harddisk
|
|
# take care, that you put a new action into the appropriate block below
|
|
|
|
# first: check for ssl!
|
|
if ( ! &check_ssl()) {
|
|
$pagedata->setValue('Data.Error', 'NoSSL');
|
|
# remove port number from HTTP_HOST
|
|
my $hostname = $ENV{'HTTP_HOST'};
|
|
$hostname =~ s/:[0-9]*//;
|
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $hostname . $ENV{'SCRIPT_NAME'});
|
|
$pagedata->setValue('Data.Redirect.Delay', "3");
|
|
} elsif ($query->param('action')) {
|
|
#--------------------------------------------------------------#
|
|
# here you may define all cases that do not require a harddisk #
|
|
# put all other cases below the harddisk check #
|
|
#--------------------------------------------------------------#
|
|
#################### show_log #######################
|
|
if ($action eq 'show_log') {
|
|
$pagedata->setValue('Data.Action', 'show_log');
|
|
##################### doc ############################
|
|
} elsif ($action eq 'doc') {
|
|
if ($query->param('page')) {
|
|
$pagedata->setValue('Data.Doc.Page', $query->param('page'));
|
|
$pagedata->setValue('Data.Action', 'show_doc');
|
|
} else {
|
|
$pagedata->setValue('Data.Doc.Page', 'CryptoBoxUser');
|
|
$pagedata->setValue('Data.Action', 'show_doc');
|
|
}
|
|
##################### poweroff ######################
|
|
} elsif ($action eq 'system_ask') {
|
|
$pagedata->setValue('Data.Action', 'form_system');
|
|
##################### reboot ########################
|
|
} elsif ($action eq 'shutdown_do') {
|
|
if ($query->param('type') eq 'reboot') {
|
|
&system_reboot();
|
|
$pagedata->setValue('Data.Success', 'ReBoot');
|
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Delay', "180");
|
|
} else {
|
|
&system_poweroff();
|
|
$pagedata->setValue('Data.Success', 'PowerOff');
|
|
}
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
##################### check for a harddisk ##########################
|
|
# catch this error, to prevent all following actions from execution #
|
|
#####################################################################
|
|
} elsif ( ! &is_harddisk_available()) {
|
|
$pagedata->setValue('Data.Error', 'NoHardDisk');
|
|
#-------------------------------------------------------#
|
|
# here you may define all cases that require a harddisk #
|
|
#-------------------------------------------------------#
|
|
################ umount_do #######################
|
|
} elsif ($action eq 'umount_do') {
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'emptu');
|
|
} elsif ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
|
} elsif ( ! &check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning', 'NotMounted');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
# unmounten
|
|
&umount_vol($device);
|
|
if (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning', 'UmountFailed');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
#$pagedata->setValue('Data.Success', 'UmountDone');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
}
|
|
}
|
|
################ mount_do ########################
|
|
} elsif ($action eq 'mount_do') {
|
|
my $is_encrypted = &check_device_encryption($device) if ($device ne '');
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
} elsif ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
|
} elsif (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning', 'IsMounted');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} elsif ($is_encrypted && ($query->param('crypto_password') eq '')) {
|
|
# leeres Passwort
|
|
$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
# mounten
|
|
if ($is_encrypted) {
|
|
&mount_vol($device, $query->param('crypto_password'));
|
|
} else {
|
|
&mount_vol($device);
|
|
}
|
|
if (!&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning', 'MountFailed');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
#$pagedata->setValue('Data.Success', 'MountDone');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
}
|
|
}
|
|
################## mount_ask #######################
|
|
} elsif ($action eq 'mount_ask') {
|
|
if ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'form_mount');
|
|
}
|
|
################# umount_ask ########################
|
|
} elsif ($action eq 'umount_ask') {
|
|
if ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'form_umount');
|
|
}
|
|
################## init_ask #########################
|
|
} elsif ($action eq 'init_ask') {
|
|
if (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} elsif (&check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'AlreadyConfigured');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
}
|
|
#################### init_do ########################
|
|
} elsif ($action eq 'init_do') {
|
|
$current_admin_pw = &get_cbox_config("admin_pw");
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif ($query->param('admin_password') ne $query->param('admin_password2')) {
|
|
# different admin-passwords
|
|
$pagedata->setValue('Data.Warning', 'DifferentAdminPasswords');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) {
|
|
# different crypto-passwords
|
|
$pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif ($query->param('crypto_password') eq '') {
|
|
# empty password
|
|
$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) {
|
|
# wrong confirm string
|
|
$pagedata->setValue('Data.Warning', 'InitNotConfirmed');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} else {
|
|
if (&volume_init($query->param('crypto_password'),$query->param('admin_password'))) {
|
|
#$pagedata->setValue('Data.Success', 'InitRunning');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} else {
|
|
$pagedata->setValue('Data.Error', 'InitFailed');
|
|
}
|
|
}
|
|
#################### config_ask ######################
|
|
} elsif ($action eq 'config_ask') {
|
|
if ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
}
|
|
#################### config_do #######################
|
|
} elsif ($action eq 'config_do') {
|
|
my $query_language = $query->param('language');
|
|
$query_language =~ m/^(\w+)$/; $query_language = $1;
|
|
my $query_timeout = $query->param('timeout');
|
|
$query_timeout =~ m/^(\d+)$/; $query_timeout = $1;
|
|
if ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} else {
|
|
$current_admin_pw = &get_cbox_config("admin_pw");
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} elsif ( ! &validate_language($query_language)) {
|
|
$pagedata->setValue('Data.Warning', 'InvalidLanguage');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} elsif ( ! &validate_timeout($query_timeout)) {
|
|
$pagedata->setValue('Data.Warning', 'InvalidTimeOut');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} else {
|
|
system($CB_SCRIPT, "set_config", "language", $query_language);
|
|
&load_selected_language($pagedata);
|
|
system($CB_SCRIPT, "set_config", "timeout", $query_timeout);
|
|
# check, if the ip was reconfigured
|
|
# TODO: IP stuff should be moved to the live-cd stuff
|
|
if (defined($query->param('ip')) && ($query->param('ip') ne &get_cbox_config("ip"))) {
|
|
# set the new value
|
|
system($CB_SCRIPT, "set_config", "ip", $query->param('ip'));
|
|
# redirect to the new address
|
|
$pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
|
|
$pagedata->setValue('Data.Redirect.Delay', "5");
|
|
# display a warning for the redirection
|
|
$pagedata->setValue('Data.Warning', 'IPAddressChanged');
|
|
}
|
|
# check for success
|
|
if (defined($query->param('timeout'))
|
|
&& (&get_cbox_config("timeout") ne $query->param('timeout'))) {
|
|
$pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed');
|
|
} elsif (defined($query->param('ip')) &&
|
|
(&get_cbox_config("ip") ne $query->param('ip'))) {
|
|
$pagedata->setValue('Data.Warning', 'ConfigIPFailed');
|
|
} elsif (defined($query->param('language'))
|
|
&& (&get_cbox_config("language") ne $query->param('language'))) {
|
|
$pagedata->setValue('Data.Warning', 'ConfigLanguageFailed');
|
|
} else {
|
|
#$pagedata->setValue('Data.Success', 'ConfigSaved');
|
|
}
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
|
}
|
|
}
|
|
############## change volume name ###################
|
|
} elsif ($action eq 'volume_name_set') {
|
|
my $volume_name = $query->param('volume_name');
|
|
# remove all special characters which are not white-listed
|
|
$volume_name =~ s#[^\w \-_\#/\(\)\[\]]##g;
|
|
# untaint variable
|
|
$volume_name =~ m#^(.*)$#; $volume_name = $1;
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
} elsif (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning','VolumeMayNotBeMounted');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} elsif ($volume_name eq '') {
|
|
$pagedata->setValue('Data.Warning','InvalidVolumeName');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
&exec_cb_script('set_device_name',$device,$volume_name);
|
|
my $new_volume_name = &exec_cb_script('get_device_name',$device);
|
|
$pagedata->setValue('Data.Warning','SetVolumeNameFailed') unless ($new_volume_name eq $volume_name);
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
}
|
|
############ initialize volume (form) ###############
|
|
} elsif ($action eq 'volume_init_ask') {
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
} elsif (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning','VolumeMayNotBeMounted');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
$pagedata->setValue('Data.CurrentDisk.InitParams.encrypted',defined($query->param('encryption'))? 1 : 0);
|
|
$pagedata->setValue('Data.Action', 'form_init_partition');
|
|
}
|
|
############### initialize volume ###################
|
|
} elsif ($action eq 'volume_init_do') {
|
|
$current_admin_pw = &get_cbox_config("admin_pw");
|
|
# remember the current "encryption" setting - just in case, we want to emit a warning and
|
|
# return to the same screen
|
|
$pagedata->setValue('Data.CurrentDisk.InitParams.encrypted',defined($query->param('encryption'))? 1 : 0);
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
} elsif (&check_mounted($device)) {
|
|
$pagedata->setValue('Data.Warning','VolumeMayNotBeMounted');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} elsif ($current_admin_pw ne ''
|
|
&& $current_admin_pw ne $query->param('current_admin_password')) {
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
$pagedata->setValue('Data.Action', 'form_init_partition');
|
|
} elsif (defined($query->param('encryption')) && ($query->param('crypto_password') ne $query->param('crypto_password2'))) {
|
|
# different crypto-passwords
|
|
$pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords');
|
|
$pagedata->setValue('Data.Action', 'form_init_partition');
|
|
} elsif (defined($query->param('encryption')) && ($query->param('crypto_password') eq '')) {
|
|
# empty password
|
|
$pagedata->setValue('Data.Warning', 'EmptyCryptoPassword');
|
|
$pagedata->setValue('Data.Action', 'form_init_partition');
|
|
} elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) {
|
|
# wrong confirm string
|
|
$pagedata->setValue('Data.Warning', 'InitNotConfirmed');
|
|
$pagedata->setValue('Data.Action', 'form_init_partition');
|
|
} else {
|
|
my $init_result;
|
|
if (defined($query->param('encryption'))) {
|
|
$init_result = &volume_init($device,$query->param('crypto_password'));
|
|
} else {
|
|
$init_result = &volume_init($device);
|
|
}
|
|
if ($init_result) {
|
|
#$pagedata->setValue('Data.Success', 'InitRunning');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
} else {
|
|
$pagedata->setValue('Data.Error', 'InitFailed');
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
}
|
|
}
|
|
################## volume info ######################
|
|
} elsif ($action eq 'show_volume') {
|
|
if ($device eq '') {
|
|
&debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device'));
|
|
$pagedata->setValue('Data.Warning', 'InvalidDevice');
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'show_volume');
|
|
}
|
|
#################### status #########################
|
|
} elsif ($action eq 'show_status') {
|
|
if ( ! &check_config()) {
|
|
$pagedata->setValue('Data.Warning', 'NotInitialized');
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
} elsif (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
|
$pagedata->setValue('Data.Redirect.Delay', "30");
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
|
}
|
|
################### box_purge #######################
|
|
# if we find an existing config partition, then check the adminpw
|
|
} elsif ($action eq 'do_purge') {
|
|
if ( &check_config()) {
|
|
$current_admin_pw = &get_cbox_config("admin_pw");
|
|
if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) {
|
|
$pagedata->setValue('Data.Warning', 'WrongAdminPassword');
|
|
$pagedata->setValue('Data.Action', 'form_config');
|
|
} else {
|
|
&box_purge;
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
}
|
|
}
|
|
################### unknown #########################
|
|
} else {
|
|
$pagedata->setValue('Data.Error', 'UnknownAction');
|
|
}
|
|
#################### default action ##########################
|
|
# check for a harddisk again, as this check was skipped
|
|
# because there was no action defined
|
|
} elsif ( ! &is_harddisk_available()) {
|
|
$pagedata->setValue('Data.Error', 'NoHardDisk');
|
|
} else {
|
|
if (&check_init_running()) {
|
|
$pagedata->setValue('Data.Warning', 'InitNotFinished');
|
|
$pagedata->setValue('Data.Action', 'empty');
|
|
$pagedata->setValue('Data.Redirect.Action', 'form_config');
|
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
|
} elsif (&check_config()) {
|
|
$pagedata->setValue('Data.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Action', 'show_status');
|
|
$pagedata->setValue('Data.Redirect.Delay', "60");
|
|
} else {
|
|
$pagedata->setValue('Data.Action', 'form_init');
|
|
}
|
|
}
|
|
|
|
# check state of the cryptobox
|
|
$pagedata->setValue('Data.Status.Config', &check_config() ? 1 : 0);
|
|
$pagedata->setValue('Data.Status.InitRunning', &check_init_running() ? 1 : 0);
|
|
|
|
my $output = &get_cbox_config("admin_pw");
|
|
$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne '');
|
|
|
|
$output = join ("<br/>", &exec_cb_script("diskinfo"));
|
|
$pagedata->setValue('Data.PartitionInfo',"$output");
|
|
|
|
# preset config settings for clearsilver
|
|
$pagedata->setValue('Data.Config.IP', &get_cbox_config("ip"));
|
|
$pagedata->setValue('Data.Config.TimeOut', &get_cbox_config("timeout"));
|
|
$pagedata->setValue('Data.Config.Language', &get_cbox_config("language"));
|
|
|
|
# read log and add html linebreaks
|
|
$output = '';
|
|
if (-e "$LOG_FILE") {
|
|
open(LOGFILE, "< $LOG_FILE");
|
|
while (<LOGFILE>) { $output .= "$_<br/>" }
|
|
close(LOGFILE);
|
|
}
|
|
$pagedata->setValue('Data.Log',"$output");
|
|
|
|
$pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEVEL);
|
|
|
|
# save QUERY_STRING (e.g. for weblang-links)
|
|
my $querystring = $ENV{'QUERY_STRING'};
|
|
# remove weblang setting
|
|
$querystring =~ s/weblang=\w\w&?//;
|
|
$pagedata->setValue('Data.QueryString', "$querystring") if ($querystring ne '');
|
|
|
|
$pagedata->setValue('Data.Version', CRYPTOBOX_VERSION);
|
|
|
|
my ($one_disk, $one_name, $isActive, $isEncrypted, $isPlaintext);
|
|
my $avail_counter = 0; my $active_counter = 0; my $passive_counter = 0;
|
|
for $one_disk (&get_available_disks()) {
|
|
$one_name = &get_disk_name($one_disk);
|
|
$isEncrypted = &check_device_encryption($one_disk);
|
|
$isPlaintext = &check_device_plaintext($one_disk);
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.device",$one_disk);
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.name",$one_name);
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.encryption", $isEncrypted? 1 : 0);
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.plaintext", $isPlaintext? 1 : 0);
|
|
$isActive = &check_mounted($one_disk);
|
|
if ($isActive) {
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.isActive",1);
|
|
$pagedata->setValue("Data.Disks.active.${active_counter}.device",$one_disk);
|
|
$pagedata->setValue("Data.Disks.active.${active_counter}.name",$one_name);
|
|
$pagedata->setValue("Data.Disks.active.${active_counter}.encryption", $isEncrypted? 1 : 0);
|
|
$pagedata->setValue("Data.Disks.active.${active_counter}.plaintext", $isPlaintext? 1 : 0);
|
|
$active_counter++;
|
|
} else {
|
|
$pagedata->setValue("Data.Disks.available.${avail_counter}.isActive",0);
|
|
$pagedata->setValue("Data.Disks.passive.${passive_counter}.device",$one_disk);
|
|
$pagedata->setValue("Data.Disks.passive.${passive_counter}.name",$one_name);
|
|
$pagedata->setValue("Data.Disks.passive.${passive_counter}.encryption", $isEncrypted? 1 : 0);
|
|
$pagedata->setValue("Data.Disks.passive.${passive_counter}.plaintext", $isPlaintext? 1 : 0);
|
|
$passive_counter++;
|
|
}
|
|
if ($device eq $one_disk) {
|
|
$pagedata->setValue('Data.CurrentDisk.device', $one_disk);
|
|
$pagedata->setValue('Data.CurrentDisk.name', $one_name);
|
|
$pagedata->setValue('Data.CurrentDisk.active', $isActive? 1 : 0);
|
|
$pagedata->setValue("Data.CurrentDisk.encryption", $isEncrypted? 1 : 0);
|
|
$pagedata->setValue("Data.CurrentDisk.plaintext", $isPlaintext? 1 : 0);
|
|
# retrieve capacity information if the device is mounted
|
|
if (&check_mounted($device)) {
|
|
my $cap_info = &exec_cb_script("get_capacity_info",$device);
|
|
# filter the relevant values (a simple split is not working, as the device name may
|
|
# contain spaces
|
|
$cap_info =~ m#^.*\s+([0-9\.,]+\w)\s+([0-9\.,]+\w)\s+([0-9\.,]+\w)\s+([0-9\.,]+\%)\s+#;
|
|
my ($cap_size, $cap_used, $cap_free, $cap_percent) = ($1, $2, $3, $4);
|
|
$pagedata->setValue('Data.CurrentDisk.capacity.used', $cap_used);
|
|
$pagedata->setValue('Data.CurrentDisk.capacity.free', $cap_free);
|
|
$pagedata->setValue('Data.CurrentDisk.capacity.size', $cap_size);
|
|
$pagedata->setValue('Data.CurrentDisk.capacity.percent', $cap_percent);
|
|
}
|
|
}
|
|
$avail_counter++;
|
|
}
|
|
|
|
&render();
|
|
|
|
close STDOUT;
|
|
|
|
exit 0;
|
|
|