X-Git-Url: https://git.rapsys.eu/ihttpd/blobdiff_plain/034a5b59d291e9a01cc9fd6c77aeb1019174e5c6..7f1af3e8a93fc3a70683c1745fa9286baa1e48ee:/SOURCES/index.bin.c?ds=sidebyside
diff --git a/SOURCES/index.bin.c b/SOURCES/index.bin.c
index e6780a1..cf44c6c 100644
--- a/SOURCES/index.bin.c
+++ b/SOURCES/index.bin.c
@@ -65,6 +65,9 @@
//Default cryptsetup
#define CRYPTSETUP "/sbin/cryptsetup"
+//Systemd cryptsetup
+#define SYSTEMDCRYPTSETUP "/usr/lib/systemd/systemd-cryptsetup"
+
//Default pid file
#define IHTTPDPID "/run/ihttpd/ihttpd.pid"
@@ -75,6 +78,10 @@
#define ASKPASSWORDLOG "/run/ihttpd/log/child.askpassword.log"
#define IHTTPDLOG "/run/ihttpd/log/child.ihttpd.log"
+//Define form uri
+#define FORMID "5903c738"
+#define FORMURI "/" FORMID ".html"
+
//Create struct for http error status
struct httpStatusStruct {
int value;
@@ -87,7 +94,8 @@ const struct httpStatusStruct httpStatuses[] = {
{400, "Bad Request"},
{405, "Method Not Allowed"},
{411, "Length Required"},
- {500, "Internal Server Error"}
+ {500, "Internal Server Error"},
+ {503, "Service Unavailable"}
};
/**
@@ -96,6 +104,7 @@ const struct httpStatusStruct httpStatuses[] = {
void die(const int, const char*);
void header(const int, const char*);
void showForm(const char*, const int, const int);
+void showMaintenance();
int extractValue(char**, int*, char*, int);
int extractLuksDevice(char**, char**);
int extractIHttpdPid(pid_t *);
@@ -137,6 +146,9 @@ void header(const int code, const char *ctype) {
case 500:
k = 4;
break;
+ case 503:
+ k = 5;
+ break;
default:
k = 0;
}
@@ -154,10 +166,13 @@ void header(const int code, const char *ctype) {
* Show form
*/
void showForm(const char *requestUri, const int keyfileSizeMax, const int passphraseSizeMax) {
- header(200, "text/html");
+ header(503, "text/html");
printf("\r\n");
printf("\r\n");
- printf("
\r\n");
printf("
\r\n", requestUri, keyfileSizeMax);
@@ -167,6 +182,29 @@ void showForm(const char *requestUri, const int keyfileSizeMax, const int passph
printf("\r\n");
}
+/**
+ * Show maintenance
+ */
+void showMaintenance() {
+ header(503, "text/html");
+ printf("\r\n");
+ printf("\r\n");
+ printf("\r\n");
+ printf("
Service unavailable!\r\n");
+ printf("\r\n");
+ printf("\r\n");
+ printf("\r\n");
+ printf("
Service unavailable!
\r\n");
+ printf("
The server is temporarily unable to service your\r\n");
+ printf("request due to maintenance downtime or capacity\r\n");
+ printf("problems. Please try again later.
\r\n");
+ printf("
Error 503
\r\n");
+ printf("
%s
%s\r\n", getenv("SERVER_NAME"), getenv("SERVER_SOFTWARE"));
+ printf("\r\n", FORMID);
+ printf("\r\n");
+ printf("\r\n");
+}
+
/**
* Extract value
*/
@@ -757,9 +795,10 @@ int extractIHttpdPid(pid_t *pid) {
* Main function
*/
int main(int argc, char **argv) {
-
//Get request method
char *requestMethod = getenv("REQUEST_METHOD");
+ //Get request uri
+ char *requestUri = getenv("REQUEST_URI");
//Handle unknown requests
if (requestMethod == NULL || (strncmp(requestMethod, "GET", 3) && strncmp(requestMethod, "HEAD", 4) && strncmp(requestMethod, "POST", 4))) {
@@ -767,8 +806,15 @@ int main(int argc, char **argv) {
die(405, "Unsupported request method");
//Handle get and head
} else if (!strncmp(requestMethod, "GET", 3) || !strncmp(requestMethod, "HEAD", 4)) {
- //Send form
- showForm(getenv("REQUEST_URI")?getenv("REQUEST_URI"):"/", DEFAULT_KEYFILE_SIZE_MAX, DEFAULT_PASSPHRASE_SIZE_MAX);
+ //Check if we have form uri
+ if (requestUri != NULL && strlen(requestUri) == strlen(FORMURI) && !strncmp(requestUri, FORMURI, strlen(FORMURI))) {
+ //Send form
+ showForm(requestUri, DEFAULT_KEYFILE_SIZE_MAX, DEFAULT_PASSPHRASE_SIZE_MAX);
+ //Not form uri requested
+ } else {
+ //Send maintenance page
+ showMaintenance();
+ }
//Handle post
} else /*if (!strncmp(requestMethod, "POST", 4))*/ {
//Return value
@@ -794,6 +840,9 @@ int main(int argc, char **argv) {
//Declare luks and device
char *luks = NULL, *device = NULL;
+ //Declare cargv
+ char **cargv = NULL;
+
//Pairs of pipe for stdin, stdout and stderr
int inPipe[2], errPipe[2];
@@ -831,12 +880,32 @@ int main(int argc, char **argv) {
die(500, "Failed to extract value");
}
-
//Extract luks and device
if ((ret = extractLuksDevice(&luks, &device)) < 0) {
die(500, "Failed to extract luks and device");
}
+ //Declare cargv array
+ char *cargvs[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL };
+ //TODO: device cannot be an UUID=xyz, a resolved block device is required for it
+ //char *scargvs[] = { SYSTEMDCRYPTSETUP, "attach", luks, device, "-", NULL };
+
+ //Check cryptsetup binary
+ if (access(CRYPTSETUP, F_OK|X_OK) == -1) {
+ //Check systemdcryptsetup binary
+ if (access(SYSTEMDCRYPTSETUP, F_OK|X_OK) == -1) {
+ die(500, "No cryptsetup available");
+ } else {
+ //Set contextual env
+ //TODO: resolve UUID in real device name
+ //TODO: passing password through the socket is not possible, as it rely on password ending with \0
+ die(500, "systemd-cryptsetupd is not implementable");
+ }
+ } else {
+ //Set contextual env
+ cargv = cargvs;
+ }
+
//Create stdin pipe
if (pipe(inPipe) == -1) {
die(500, "Failed to create in pipe");
@@ -854,8 +923,7 @@ int main(int argc, char **argv) {
//Child process
if (pid == 0) {
- //Child argv
- char *cargv[] = { CRYPTSETUP, "-d", "-", "luksOpen", device, luks, NULL };
+ //Child arge
char *carge[] = { NULL };
//Free value
free(value);
@@ -873,8 +941,9 @@ int main(int argc, char **argv) {
//Close errPipe
close(errPipe[0]);
close(errPipe[1]);
+
//Call cryptsetup
- if (execve(CRYPTSETUP, cargv, carge) == -1) {
+ if (execve(cargv[0], cargv, carge) == -1) {
die(500, "Failed to call cryptsetup");
}
//Parent process
@@ -904,15 +973,15 @@ int main(int argc, char **argv) {
die(500, "Failed to wait child");
}
- //Handle already unlocked device
- if (ret == 1280) {
- die(200, "Device already unlocked");
//Handle already in use device
- } else if (ret == 5) {
+ if (ret == 5) {
die(500, "Device already in use");
+ //Handle already unlocked device
+ //} else if (ret == 1280) {
+ // die(200, "Device already unlocked");
//Handle invalid luks device
- } else if (ret == 256) {
- die(500, "Device is now a valid device");
+ //} else if (ret == 256) {
+ // die(500, "Device is now a valid device");
//Handle no key available with this passphrase
} else if (ret == 512) {
die(500, "No slot for this value");
@@ -960,6 +1029,8 @@ int main(int argc, char **argv) {
close(errPipe[0]);
}
+//Removed as it was making fail the process of booting sometimes
+#if 0
//Fork process
if ((pid = fork()) == -1) {
die(500, "Failed to fork");
@@ -1038,6 +1109,12 @@ int main(int argc, char **argv) {
//Parent process
} else {
+#endif
+
+ //Sleep before killing askpassword process
+ if (usleep(500000) == -1) {
+ die(500, "Usleep failed");
+ }
//Fork process
if ((pid = fork()) == -1) {
@@ -1127,7 +1204,9 @@ int main(int argc, char **argv) {
}
+#if 0
}
+#endif
}