# HG changeset patch # User ft # Date 1408370914 -7200 # Node ID 980ca72ff1f14bf97be7f0f699fa985b74989e12 # Parent d1a3476471ca1df23b5e2bde006d7e2e445115eb changed init process added pre and post init script diff -r d1a3476471ca -r 980ca72ff1f1 config/encryptionprovider.cfg --- a/config/encryptionprovider.cfg Tue Jul 29 11:12:10 2014 +0200 +++ b/config/encryptionprovider.cfg Mon Aug 18 16:08:34 2014 +0200 @@ -8,8 +8,13 @@ # Path where the keyfile will be saved for temp usage Keyfile: /tmp/keyfile.key - MountScript: /usr/local/bin/truecrypt_mount.sh UmountScript: /usr/local/bin/truecrypt_umount.sh InitScript: /usr/local/bin/truecrypt_init.sh -GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh \ No newline at end of file +GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh + +# Umount Stick, .... +PreInitScript: /usr/local/bin/pre_init.sh + +# Mount create folders, mount osecfs, ... +PostInitScript: /usr/local/bin/post_init.sh \ No newline at end of file diff -r d1a3476471ca -r 980ca72ff1f1 management_scripts/init_manager.sh --- a/management_scripts/init_manager.sh Tue Jul 29 11:12:10 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ -#!/bin/sh - -DEVICE="$1" - -# This script makes sure that the stick is unmounted and unused -# Run this Script before the init process - -# make sure the device is not mounted -umount /var/run/usbmount/* -rmdir /var/run/usbmount/* -sleep 1 -umount ${DEVICE}* - -# search for already encrypted volumes -device=$(encryptionprovider.py -g) - -if [ "$?" == "0" ] -then - encryptionprovider.py -u $device -fi \ No newline at end of file diff -r d1a3476471ca -r 980ca72ff1f1 management_scripts/post_init.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/management_scripts/post_init.sh Mon Aug 18 16:08:34 2014 +0200 @@ -0,0 +1,4 @@ +#!/bin/sh + +mkdir /var/run/usbmount/encrypted +/usr/bin/osecfs /etc/osecfs/osecfs_usb.cfg "/var/run/usbmount/encrypted" rw \ No newline at end of file diff -r d1a3476471ca -r 980ca72ff1f1 management_scripts/pre_init.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/management_scripts/pre_init.sh Mon Aug 18 16:08:34 2014 +0200 @@ -0,0 +1,24 @@ +#!/bin/sh + +DEVICE="$1" + +# This script makes sure that the stick is unmounted and unused +# Run this Script before the init process + +# make sure to have "/dev/sdb" (not "/dev/sdb1") +#DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.- +DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')" + +# make sure the device is not mounted +umount /var/run/usbmount/* +sleep 1 +rmdir /var/run/usbmount/* +umount ${DEVICE}* + +# search for already encrypted volumes +device=$(encryptionprovider.py -g) + +if [ "$?" == "0" ] +then + encryptionprovider.py -u $device +fi \ No newline at end of file diff -r d1a3476471ca -r 980ca72ff1f1 management_scripts/run_initlistener.sh --- a/management_scripts/run_initlistener.sh Tue Jul 29 11:12:10 2014 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ -#!/bin/sh - -DEVICE="$1" - -encryptionprovider.py -i eth0 58081 "$DEVICE" /media/usb0 -if [ "$?" != "0" ] -then - # this will happen if the stick was removed - exit 0 -fi - -mkdir /var/run/usbmount/encrypted -/usr/bin/osecfs /etc/osecfs/osecfs_usb.cfg "/var/run/usbmount/encrypted" rw - -# now stick is encrypted and mounted. Rerun Script -$0 $DEVICE \ No newline at end of file diff -r d1a3476471ca -r 980ca72ff1f1 src/encryptionprovider.py --- a/src/encryptionprovider.py Tue Jul 29 11:12:10 2014 +0200 +++ b/src/encryptionprovider.py Mon Aug 18 16:08:34 2014 +0200 @@ -61,7 +61,7 @@ filename = logfile, filemode = "a+", ) - LOG = logging.getLogger("fuse_main") + LOG = logging.getLogger("encryptionprovicer") @@ -147,8 +147,8 @@ return False -def initDevice (script, interface, port, device, mountpoint, keyfilepath): - listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath) +def initDevice (script, interface, port, device, mountpoint, keyfilepath, preinitscript, postinitscript): + listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath, preinitscript = preinitscript, postinitscript = postinitscript) thread.start_new_thread(listener.run, (interface, port,)) close = False @@ -158,11 +158,6 @@ close = True LOG.info ("Stick \"%s\" removed -> exit" %(device,)) sys.exit(1) - - if ((os.path.ismount(mountpoint) == True) and (isDeviceMountedAtMountpoint(device, mountpoint) == False)): - close = True - LOG.info ("Stick \"%s\" init finished -> exit" %(device,)) - sys.exit(0) if __name__ == "__main__": @@ -188,4 +183,4 @@ mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile")) if (arguments.initialize): - initDevice (config.get ("Main", "InitScript"), arguments.initialize[0], int(arguments.initialize[1]), arguments.initialize[2], arguments.initialize[3], config.get ("Main", "Keyfile")) + initDevice (config.get ("Main", "InitScript"), arguments.initialize[0], int(arguments.initialize[1]), arguments.initialize[2], arguments.initialize[3], config.get ("Main", "Keyfile"), config.get("Main", "PreInitScript"), config.get("Main", "PostInitScript")) diff -r d1a3476471ca -r 980ca72ff1f1 src/passwordreceiver.py --- a/src/passwordreceiver.py Tue Jul 29 11:12:10 2014 +0200 +++ b/src/passwordreceiver.py Mon Aug 18 16:08:34 2014 +0200 @@ -11,6 +11,8 @@ '/init', 'os_init' ) +__LOG = logging.getLogger("passwordreceiver") + class os_password: # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok) @@ -68,6 +70,31 @@ keyfile.close() os.remove(keyfilepath) + def runPreInitScript(selfself, preinitscript, device): + __LOG.debug("Start preinit Script") + + command = [preinitscript, device] + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + __LOG.debug("preinit done result: %s" %(result,)) + + if (retval != 0): + raise web.badrequest(stderr) + + def runPostInitScript(self, postinitscript): + __LOG.debug("Start postinit Script") + + command = [postinitscript, device] + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) + retval = process.wait() + ( stdout, stderr ) = process.communicate() + + __LOG.debug("postinit done result: %s" %(result,)) + + if (retval != 0): + raise web.badrequest(stderr) def GET(self, settings): return self.POST(settings) @@ -79,6 +106,9 @@ if not "password" in args: raise web.badrequest() + + # Do the preinit stuff + runPreInitScript(settings["preinitscript"], settings["device"]) if "keyfile" in args: keyfile = open (settings["keyfilepath"], "w+") @@ -88,6 +118,8 @@ else: command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]] + __LOG.debug("Start init script") + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE ) retval = process.wait() ( stdout, stderr ) = process.communicate() @@ -95,19 +127,26 @@ if "keyfile" in args: self.deleteKeyfile(settings["keyfilepath"]) + __LOG.debug("init done result: %s" %(result,)) + if (retval != 0): raise web.badrequest(stderr) + # Do the postinit stuff + runPostInitScript(settings["preinitscript"]) + return "Success: Stick is initialized and mounted" class MyRestListener(web.application): - def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None): + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None): web.application.__init__(self, mapping, fvars, autoreload) self.device = device self.mountpoint = mountpoint self.script = script self.tries = tries self.keyfilepath = keyfilepath + self.preinitscript = preinitscript + self.postinitscript = postinitscript def run(self, interface, port, *middleware): func = self.wsgifunc(*middleware) @@ -116,5 +155,5 @@ def handle(self): fn, args = self._match(self.mapping, web.ctx.path) - args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath}) + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript}) return self._delegate(fn, self.fvars, args) diff -r d1a3476471ca -r 980ca72ff1f1 truecrypt_scripts/truecrypt_init.sh --- a/truecrypt_scripts/truecrypt_init.sh Tue Jul 29 11:12:10 2014 +0200 +++ b/truecrypt_scripts/truecrypt_init.sh Mon Aug 18 16:08:34 2014 +0200 @@ -19,13 +19,13 @@ sendInfoNotification () { MESSAGE="$1" - wget -q -T 3 -t 1 -O /dev/null http://$(getRemoteIp):8090/password?msgtype=information&text=$MESSAGE + wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=information&text=$MESSAGE" } sendErrorNotification () { MESSAGE="$1" - wget -q -T 3 -t 1 -O /dev/null http://$(getRemoteIp):8090/password?msgtype=critical&text=$MESSAGE + wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=critical&text=$MESSAGE" } @@ -41,9 +41,6 @@ #DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.- DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')" -# make sure the device is not mounted (always run the init_manger script here!) -init_manager.sh "$DEVICE" - sendInfoNotification "Encrypt device" if [ -z "$KEYFILE" ] then