X-Git-Url: https://git.rapsys.eu/ihttpd/blobdiff_plain/034a5b59d291e9a01cc9fd6c77aeb1019174e5c6..72625a495e1c6ba10da830bcf5cdf212ae919b30:/SOURCES/index.bin.c?ds=sidebyside diff --git a/SOURCES/index.bin.c b/SOURCES/index.bin.c index e6780a1..cf44c6c 100644 --- a/SOURCES/index.bin.c +++ b/SOURCES/index.bin.c @@ -65,6 +65,9 @@ //Default cryptsetup #define CRYPTSETUP "/sbin/cryptsetup" +//Systemd cryptsetup +#define SYSTEMDCRYPTSETUP "/usr/lib/systemd/systemd-cryptsetup" + //Default pid file #define IHTTPDPID "/run/ihttpd/ihttpd.pid" @@ -75,6 +78,10 @@ #define ASKPASSWORDLOG "/run/ihttpd/log/child.askpassword.log" #define IHTTPDLOG "/run/ihttpd/log/child.ihttpd.log" +//Define form uri +#define FORMID "5903c738" +#define FORMURI "/" FORMID ".html" + //Create struct for http error status struct httpStatusStruct { int value; @@ -87,7 +94,8 @@ const struct httpStatusStruct httpStatuses[] = { {400, "Bad Request"}, {405, "Method Not Allowed"}, {411, "Length Required"}, - {500, "Internal Server Error"} + {500, "Internal Server Error"}, + {503, "Service Unavailable"} }; /** @@ -96,6 +104,7 @@ const struct httpStatusStruct httpStatuses[] = { void die(const int, const char*); void header(const int, const char*); void showForm(const char*, const int, const int); +void showMaintenance(); int extractValue(char**, int*, char*, int); int extractLuksDevice(char**, char**); int extractIHttpdPid(pid_t *); @@ -137,6 +146,9 @@ void header(const int code, const char *ctype) { case 500: k = 4; break; + case 503: + k = 5; + break; default: k = 0; } @@ -154,10 +166,13 @@ void header(const int code, const char *ctype) { * Show form */ void showForm(const char *requestUri, const int keyfileSizeMax, const int passphraseSizeMax) { - header(200, "text/html"); + header(503, "text/html"); printf("\r\n"); printf("\r\n"); - printf("Key upload form\r\n"); + printf("\r\n"); + printf("Key upload form!\r\n"); + printf("\r\n"); + printf("\r\n"); printf("\r\n"); printf("
\r\n"); printf("
Upload key
\r\n", requestUri, keyfileSizeMax); @@ -167,6 +182,29 @@ void showForm(const char *requestUri, const int keyfileSizeMax, const int passph printf("\r\n"); } +/** + * Show maintenance + */ +void showMaintenance() { + header(503, "text/html"); + printf("\r\n"); + printf("\r\n"); + printf("\r\n"); + printf("Service unavailable!\r\n"); + printf("\r\n"); + printf("\r\n"); + printf("\r\n"); + printf("

Service unavailable!

\r\n"); + printf("

The server is temporarily unable to service your\r\n"); + printf("request due to maintenance downtime or capacity\r\n"); + printf("problems. Please try again later.

\r\n"); + printf("

Error 503

\r\n"); + printf("
%s
%s
\r\n", getenv("SERVER_NAME"), getenv("SERVER_SOFTWARE")); + printf("\r\n", FORMID); + printf("\r\n"); + printf("\r\n"); +} + /** * Extract value */ @@ -757,9 +795,10 @@ int extractIHttpdPid(pid_t *pid) { * Main function */ int main(int argc, char **argv) { - //Get request method char *requestMethod = getenv("REQUEST_METHOD"); + //Get request uri + char *requestUri = getenv("REQUEST_URI"); //Handle unknown requests if (requestMethod == NULL || (strncmp(requestMethod, "GET", 3) && strncmp(requestMethod, "HEAD", 4) && strncmp(requestMethod, "POST", 4))) { @@ -767,8 +806,15 @@ int main(int argc, char **argv) { die(405, "Unsupported request method"); //Handle get and head } else if (!strncmp(requestMethod, "GET", 3) || !strncmp(requestMethod, "HEAD", 4)) { - //Send form - showForm(getenv("REQUEST_URI")?getenv("REQUEST_URI"):"/", DEFAULT_KEYFILE_SIZE_MAX, DEFAULT_PASSPHRASE_SIZE_MAX); + //Check if we have form uri + if (requestUri != NULL && strlen(requestUri) == strlen(FORMURI) && !strncmp(requestUri, FORMURI, strlen(FORMURI))) { + //Send form + showForm(requestUri, DEFAULT_KEYFILE_SIZE_MAX, DEFAULT_PASSPHRASE_SIZE_MAX); + //Not form uri requested + } else { + //Send maintenance page + showMaintenance(); + } //Handle post } else /*if (!strncmp(requestMethod, "POST", 4))*/ { //Return value @@ -794,6 +840,9 @@ int main(int argc, char **argv) { //Declare luks and device char *luks = NULL, *device = NULL; + //Declare cargv + char **cargv = NULL; + //Pairs of pipe for stdin, stdout and stderr int inPipe[2], errPipe[2]; @@ -831,12 +880,32 @@ int main(int argc, char **argv) { die(500, "Failed to extract value"); } - //Extract luks and device if ((ret = extractLuksDevice(&luks, &device)) < 0) { die(500, "Failed to extract luks and device"); } + //Declare cargv array + char *cargvs[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL }; + //TODO: device cannot be an UUID=xyz, a resolved block device is required for it + //char *scargvs[] = { SYSTEMDCRYPTSETUP, "attach", luks, device, "-", NULL }; + + //Check cryptsetup binary + if (access(CRYPTSETUP, F_OK|X_OK) == -1) { + //Check systemdcryptsetup binary + if (access(SYSTEMDCRYPTSETUP, F_OK|X_OK) == -1) { + die(500, "No cryptsetup available"); + } else { + //Set contextual env + //TODO: resolve UUID in real device name + //TODO: passing password through the socket is not possible, as it rely on password ending with \0 + die(500, "systemd-cryptsetupd is not implementable"); + } + } else { + //Set contextual env + cargv = cargvs; + } + //Create stdin pipe if (pipe(inPipe) == -1) { die(500, "Failed to create in pipe"); @@ -854,8 +923,7 @@ int main(int argc, char **argv) { //Child process if (pid == 0) { - //Child argv - char *cargv[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL }; + //Child arge char *carge[] = { NULL }; //Free value free(value); @@ -873,8 +941,9 @@ int main(int argc, char **argv) { //Close errPipe close(errPipe[0]); close(errPipe[1]); + //Call cryptsetup - if (execve(CRYPTSETUP, cargv, carge) == -1) { + if (execve(cargv[0], cargv, carge) == -1) { die(500, "Failed to call cryptsetup"); } //Parent process @@ -904,15 +973,15 @@ int main(int argc, char **argv) { die(500, "Failed to wait child"); } - //Handle already unlocked device - if (ret == 1280) { - die(200, "Device already unlocked"); //Handle already in use device - } else if (ret == 5) { + if (ret == 5) { die(500, "Device already in use"); + //Handle already unlocked device + //} else if (ret == 1280) { + // die(200, "Device already unlocked"); //Handle invalid luks device - } else if (ret == 256) { - die(500, "Device is now a valid device"); + //} else if (ret == 256) { + // die(500, "Device is now a valid device"); //Handle no key available with this passphrase } else if (ret == 512) { die(500, "No slot for this value"); @@ -960,6 +1029,8 @@ int main(int argc, char **argv) { close(errPipe[0]); } +//Removed as it was making fail the process of booting sometimes +#if 0 //Fork process if ((pid = fork()) == -1) { die(500, "Failed to fork"); @@ -1038,6 +1109,12 @@ int main(int argc, char **argv) { //Parent process } else { +#endif + + //Sleep before killing askpassword process + if (usleep(500000) == -1) { + die(500, "Usleep failed"); + } //Fork process if ((pid = fork()) == -1) { @@ -1127,7 +1204,9 @@ int main(int argc, char **argv) { } +#if 0 } +#endif }