1.1 --- a/config/encryptionprovider.cfg Tue Jul 29 11:12:10 2014 +0200
1.2 +++ b/config/encryptionprovider.cfg Mon Aug 18 16:08:34 2014 +0200
1.3 @@ -8,8 +8,13 @@
1.4 # Path where the keyfile will be saved for temp usage
1.5 Keyfile: /tmp/keyfile.key
1.6
1.7 -
1.8 MountScript: /usr/local/bin/truecrypt_mount.sh
1.9 UmountScript: /usr/local/bin/truecrypt_umount.sh
1.10 InitScript: /usr/local/bin/truecrypt_init.sh
1.11 -GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh
1.12 \ No newline at end of file
1.13 +GetDevicesScript: /usr/local/bin/truecrypt_getdevices.sh
1.14 +
1.15 +# Umount Stick, ....
1.16 +PreInitScript: /usr/local/bin/pre_init.sh
1.17 +
1.18 +# Mount create folders, mount osecfs, ...
1.19 +PostInitScript: /usr/local/bin/post_init.sh
1.20 \ No newline at end of file
2.1 --- a/management_scripts/init_manager.sh Tue Jul 29 11:12:10 2014 +0200
2.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
2.3 @@ -1,20 +0,0 @@
2.4 -#!/bin/sh
2.5 -
2.6 -DEVICE="$1"
2.7 -
2.8 -# This script makes sure that the stick is unmounted and unused
2.9 -# Run this Script before the init process
2.10 -
2.11 -# make sure the device is not mounted
2.12 -umount /var/run/usbmount/*
2.13 -rmdir /var/run/usbmount/*
2.14 -sleep 1
2.15 -umount ${DEVICE}*
2.16 -
2.17 -# search for already encrypted volumes
2.18 -device=$(encryptionprovider.py -g)
2.19 -
2.20 -if [ "$?" == "0" ]
2.21 -then
2.22 - encryptionprovider.py -u $device
2.23 -fi
2.24 \ No newline at end of file
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2 +++ b/management_scripts/post_init.sh Mon Aug 18 16:08:34 2014 +0200
3.3 @@ -0,0 +1,4 @@
3.4 +#!/bin/sh
3.5 +
3.6 +mkdir /var/run/usbmount/encrypted
3.7 +/usr/bin/osecfs /etc/osecfs/osecfs_usb.cfg "/var/run/usbmount/encrypted" rw
3.8 \ No newline at end of file
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
4.2 +++ b/management_scripts/pre_init.sh Mon Aug 18 16:08:34 2014 +0200
4.3 @@ -0,0 +1,24 @@
4.4 +#!/bin/sh
4.5 +
4.6 +DEVICE="$1"
4.7 +
4.8 +# This script makes sure that the stick is unmounted and unused
4.9 +# Run this Script before the init process
4.10 +
4.11 +# make sure to have "/dev/sdb" (not "/dev/sdb1")
4.12 +#DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.-
4.13 +DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')"
4.14 +
4.15 +# make sure the device is not mounted
4.16 +umount /var/run/usbmount/*
4.17 +sleep 1
4.18 +rmdir /var/run/usbmount/*
4.19 +umount ${DEVICE}*
4.20 +
4.21 +# search for already encrypted volumes
4.22 +device=$(encryptionprovider.py -g)
4.23 +
4.24 +if [ "$?" == "0" ]
4.25 +then
4.26 + encryptionprovider.py -u $device
4.27 +fi
4.28 \ No newline at end of file
5.1 --- a/management_scripts/run_initlistener.sh Tue Jul 29 11:12:10 2014 +0200
5.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000
5.3 @@ -1,16 +0,0 @@
5.4 -#!/bin/sh
5.5 -
5.6 -DEVICE="$1"
5.7 -
5.8 -encryptionprovider.py -i eth0 58081 "$DEVICE" /media/usb0
5.9 -if [ "$?" != "0" ]
5.10 -then
5.11 - # this will happen if the stick was removed
5.12 - exit 0
5.13 -fi
5.14 -
5.15 -mkdir /var/run/usbmount/encrypted
5.16 -/usr/bin/osecfs /etc/osecfs/osecfs_usb.cfg "/var/run/usbmount/encrypted" rw
5.17 -
5.18 -# now stick is encrypted and mounted. Rerun Script
5.19 -$0 $DEVICE
5.20 \ No newline at end of file
6.1 --- a/src/encryptionprovider.py Tue Jul 29 11:12:10 2014 +0200
6.2 +++ b/src/encryptionprovider.py Mon Aug 18 16:08:34 2014 +0200
6.3 @@ -61,7 +61,7 @@
6.4 filename = logfile,
6.5 filemode = "a+",
6.6 )
6.7 - LOG = logging.getLogger("fuse_main")
6.8 + LOG = logging.getLogger("encryptionprovicer")
6.9
6.10
6.11
6.12 @@ -147,8 +147,8 @@
6.13 return False
6.14
6.15
6.16 -def initDevice (script, interface, port, device, mountpoint, keyfilepath):
6.17 - listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath)
6.18 +def initDevice (script, interface, port, device, mountpoint, keyfilepath, preinitscript, postinitscript):
6.19 + listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath, preinitscript = preinitscript, postinitscript = postinitscript)
6.20 thread.start_new_thread(listener.run, (interface, port,))
6.21
6.22 close = False
6.23 @@ -158,11 +158,6 @@
6.24 close = True
6.25 LOG.info ("Stick \"%s\" removed -> exit" %(device,))
6.26 sys.exit(1)
6.27 -
6.28 - if ((os.path.ismount(mountpoint) == True) and (isDeviceMountedAtMountpoint(device, mountpoint) == False)):
6.29 - close = True
6.30 - LOG.info ("Stick \"%s\" init finished -> exit" %(device,))
6.31 - sys.exit(0)
6.32
6.33 if __name__ == "__main__":
6.34
6.35 @@ -188,4 +183,4 @@
6.36 mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile"))
6.37
6.38 if (arguments.initialize):
6.39 - initDevice (config.get ("Main", "InitScript"), arguments.initialize[0], int(arguments.initialize[1]), arguments.initialize[2], arguments.initialize[3], config.get ("Main", "Keyfile"))
6.40 + initDevice (config.get ("Main", "InitScript"), arguments.initialize[0], int(arguments.initialize[1]), arguments.initialize[2], arguments.initialize[3], config.get ("Main", "Keyfile"), config.get("Main", "PreInitScript"), config.get("Main", "PostInitScript"))
7.1 --- a/src/passwordreceiver.py Tue Jul 29 11:12:10 2014 +0200
7.2 +++ b/src/passwordreceiver.py Mon Aug 18 16:08:34 2014 +0200
7.3 @@ -11,6 +11,8 @@
7.4 '/init', 'os_init'
7.5 )
7.6
7.7 +__LOG = logging.getLogger("passwordreceiver")
7.8 +
7.9 class os_password:
7.10
7.11 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
7.12 @@ -68,6 +70,31 @@
7.13 keyfile.close()
7.14 os.remove(keyfilepath)
7.15
7.16 + def runPreInitScript(selfself, preinitscript, device):
7.17 + __LOG.debug("Start preinit Script")
7.18 +
7.19 + command = [preinitscript, device]
7.20 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
7.21 + retval = process.wait()
7.22 + ( stdout, stderr ) = process.communicate()
7.23 +
7.24 + __LOG.debug("preinit done result: %s" %(result,))
7.25 +
7.26 + if (retval != 0):
7.27 + raise web.badrequest(stderr)
7.28 +
7.29 + def runPostInitScript(self, postinitscript):
7.30 + __LOG.debug("Start postinit Script")
7.31 +
7.32 + command = [postinitscript, device]
7.33 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
7.34 + retval = process.wait()
7.35 + ( stdout, stderr ) = process.communicate()
7.36 +
7.37 + __LOG.debug("postinit done result: %s" %(result,))
7.38 +
7.39 + if (retval != 0):
7.40 + raise web.badrequest(stderr)
7.41
7.42 def GET(self, settings):
7.43 return self.POST(settings)
7.44 @@ -79,6 +106,9 @@
7.45
7.46 if not "password" in args:
7.47 raise web.badrequest()
7.48 +
7.49 + # Do the preinit stuff
7.50 + runPreInitScript(settings["preinitscript"], settings["device"])
7.51
7.52 if "keyfile" in args:
7.53 keyfile = open (settings["keyfilepath"], "w+")
7.54 @@ -88,6 +118,8 @@
7.55 else:
7.56 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
7.57
7.58 + __LOG.debug("Start init script")
7.59 +
7.60 process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
7.61 retval = process.wait()
7.62 ( stdout, stderr ) = process.communicate()
7.63 @@ -95,19 +127,26 @@
7.64 if "keyfile" in args:
7.65 self.deleteKeyfile(settings["keyfilepath"])
7.66
7.67 + __LOG.debug("init done result: %s" %(result,))
7.68 +
7.69 if (retval != 0):
7.70 raise web.badrequest(stderr)
7.71
7.72 + # Do the postinit stuff
7.73 + runPostInitScript(settings["preinitscript"])
7.74 +
7.75 return "Success: Stick is initialized and mounted"
7.76
7.77 class MyRestListener(web.application):
7.78 - def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None):
7.79 + def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):
7.80 web.application.__init__(self, mapping, fvars, autoreload)
7.81 self.device = device
7.82 self.mountpoint = mountpoint
7.83 self.script = script
7.84 self.tries = tries
7.85 self.keyfilepath = keyfilepath
7.86 + self.preinitscript = preinitscript
7.87 + self.postinitscript = postinitscript
7.88
7.89 def run(self, interface, port, *middleware):
7.90 func = self.wsgifunc(*middleware)
7.91 @@ -116,5 +155,5 @@
7.92
7.93 def handle(self):
7.94 fn, args = self._match(self.mapping, web.ctx.path)
7.95 - args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath})
7.96 + args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})
7.97 return self._delegate(fn, self.fvars, args)
8.1 --- a/truecrypt_scripts/truecrypt_init.sh Tue Jul 29 11:12:10 2014 +0200
8.2 +++ b/truecrypt_scripts/truecrypt_init.sh Mon Aug 18 16:08:34 2014 +0200
8.3 @@ -19,13 +19,13 @@
8.4 sendInfoNotification ()
8.5 {
8.6 MESSAGE="$1"
8.7 - wget -q -T 3 -t 1 -O /dev/null http://$(getRemoteIp):8090/password?msgtype=information&text=$MESSAGE
8.8 + wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=information&text=$MESSAGE"
8.9 }
8.10
8.11 sendErrorNotification ()
8.12 {
8.13 MESSAGE="$1"
8.14 - wget -q -T 3 -t 1 -O /dev/null http://$(getRemoteIp):8090/password?msgtype=critical&text=$MESSAGE
8.15 + wget -q -T 3 -t 1 -O /dev/null "http://$(getRemoteIp):8090/notification?msgtype=critical&text=$MESSAGE"
8.16 }
8.17
8.18
8.19 @@ -41,9 +41,6 @@
8.20 #DEVICE="${DEVICE:0:8}" the bash way does not work in dash -.-
8.21 DEVICE="$(echo "$DEVICE" | awk '{print substr($1,0,9)}')"
8.22
8.23 -# make sure the device is not mounted (always run the init_manger script here!)
8.24 -init_manager.sh "$DEVICE"
8.25 -
8.26 sendInfoNotification "Encrypt device"
8.27 if [ -z "$KEYFILE" ]
8.28 then