From 7331600e35c8637bd4f727194e0d2ce3e01c176a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 11 Aug 2018 22:04:06 +0100
Subject: [PATCH] Daemon function for backup and restore of keys via webadmin
---
src/freedombone-installer | 73 +++++++++++++++++++++++--
src/freedombone-keydrive | 23 ++++++--
src/freedombone-recoverkey | 8 +++
src/freedombone-utils-keys | 23 +++++++-
webadmin/EN/backup_keys_complete.html | 74 +++++++++++++++++++++++++
webadmin/EN/backup_keys_failed.html | 76 ++++++++++++++++++++++++++
webadmin/EN/restore_keys_complete.html | 74 +++++++++++++++++++++++++
webadmin/EN/restore_keys_failed.html | 76 ++++++++++++++++++++++++++
8 files changed, 416 insertions(+), 11 deletions(-)
create mode 100644 webadmin/EN/backup_keys_complete.html
create mode 100644 webadmin/EN/backup_keys_failed.html
create mode 100644 webadmin/EN/restore_keys_complete.html
create mode 100644 webadmin/EN/restore_keys_failed.html
diff --git a/src/freedombone-installer b/src/freedombone-installer
index 0a5e136e0..220ab02b5 100755
--- a/src/freedombone-installer
+++ b/src/freedombone-installer
@@ -64,14 +64,18 @@ webadmin_prev_hour=99
# temporary backup and restore scripts
backup_script=/root/.webadmin_backup.sh
+backup_keys_script=/root/.webadmin_backup_keys.sh
restore_script=/root/.webadmin_restore.sh
+restore_keys_script=/root/.webadmin_restore_keys.sh
format_script=/root/.webadmin_format.sh
new_user_script=/root/.webadmin_new_user.sh
remove_user_script=/root/.webadmin_remove_user.sh
# Files used to initiate backup or restore manually from the web UI
backup_file="$webadmin_install_dir/.start_backup"
+backup_keys_file="$webadmin_install_dir/.start_backup_keys"
restore_file="$webadmin_install_dir/.start_restore"
+restore_keys_file="$webadmin_install_dir/.start_restore_keys"
format_file="$webadmin_install_dir/.start_format"
# These files contain the percentage progress
@@ -499,7 +503,9 @@ function check_for_existing_processes {
echo 'exit_if_process_is_running fbone_installer.sh';
echo 'exit_if_process_is_running webadmin_format.sh';
echo 'exit_if_process_is_running webadmin_backup.sh';
+ echo 'exit_if_process_is_running webadmin_backup_keys.sh';
echo 'exit_if_process_is_running webadmin_restore.sh';
+ echo 'exit_if_process_is_running webadmin_restore_keys.sh';
echo 'exit_if_process_is_running webadmin_new_user.sh';
echo 'exit_if_process_is_running webadmin_remove_user.sh';
echo ''; } > "$script_name"
@@ -512,7 +518,7 @@ function run_setup_command {
check_for_existing_processes $installer_script
- { echo "echo \"Beginning install $(date)\" > $webadmin_install_dir/log.txt";
+ { echo "echo \"Beginning install \$(date)\" > $webadmin_install_dir/log.txt";
echo "chown www-data:www-data $webadmin_install_dir/log.txt";
echo '';
echo "/usr/local/bin/freedombone -c \"$CONFIGURATION_FILE\" >> $webadmin_install_dir/log.txt;";
@@ -920,14 +926,14 @@ function backup_and_restore {
if [ -f "$restore_file" ]; then
rm "$restore_file"
check_for_existing_processes $restore_script
- { echo "echo \"Beginning webadmin restore $(date)\" > $webadmin_install_dir/restore.txt";
+ { echo "echo \"Beginning webadmin restore \$(date)\" > $webadmin_install_dir/restore.txt";
echo "chown www-data:www-data $webadmin_install_dir/restore.txt";
echo '';
echo "cp $webadmin_install_dir/restore_progress_template.html $webadmin_install_dir/restore_progress.html";
echo "chown www-data:www-data $webadmin_install_dir/restore_progress.html";
echo '';
echo "if /usr/local/bin/${PROJECT_NAME}-restore-local simple >> $webadmin_install_dir/restore.txt; then";
- echo " echo \"Completed $(date)\" >> $webadmin_install_dir/restore.txt";
+ echo " echo \"Completed \$(date)\" >> $webadmin_install_dir/restore.txt";
echo " cp $webadmin_install_dir/restore_complete.html $webadmin_install_dir/restore_progress.html";
echo 'else';
echo " cp $webadmin_install_dir/restore_failed.html $webadmin_install_dir/restore_progress.html";
@@ -948,14 +954,14 @@ function backup_and_restore {
rm "$backup_file"
check_for_existing_processes $backup_script
- { echo "echo \"Beginning webadmin backup $(date)\" > $webadmin_install_dir/backup.txt";
+ { echo "echo \"Beginning webadmin backup \$(date)\" > $webadmin_install_dir/backup.txt";
echo "chown www-data:www-data $webadmin_install_dir/backup.txt";
echo '';
echo "cp $webadmin_install_dir/backup_progress_template.html $webadmin_install_dir/backup_progress.html";
echo "chown www-data:www-data $webadmin_install_dir/backup_progress.html";
echo '';
echo "if /usr/local/bin/${PROJECT_NAME}-backup-local simple >> $webadmin_install_dir/backup.txt; then";
- echo " echo \"Completed $(date)\" >> $webadmin_install_dir/backup.txt";
+ echo " echo \"Completed \$(date)\" >> $webadmin_install_dir/backup.txt";
echo " cp $webadmin_install_dir/backup_complete.html $webadmin_install_dir/backup_progress.html";
echo 'else';
echo " cp $webadmin_install_dir/backup_failed.html $webadmin_install_dir/backup_progress.html";
@@ -995,6 +1001,62 @@ function backup_and_restore {
fi
}
+function backup_and_restore_keys {
+ if [ -f "$restore_keys_file" ]; then
+ rm "$restore_keys_file"
+ admin_username=$(grep 'MY_USERNAME=' "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
+ check_for_existing_processes $restore_keys_script
+ { echo "echo \"Beginning webadmin restore keys \$(date)\" > $webadmin_install_dir/restore.txt";
+ echo "chown www-data:www-data $webadmin_install_dir/restore.txt";
+ echo '';
+ echo "cp $webadmin_install_dir/restore_keys_progress_template.html $webadmin_install_dir/restore_keys_progress.html";
+ echo "chown www-data:www-data $webadmin_install_dir/restore_keys_progress.html";
+ echo '';
+ echo "if /usr/local/bin/${PROJECT_NAME}-recoverkey -u \"$admin_username\" -d \"simple\" >> $webadmin_install_dir/restore.txt; then";
+ echo " echo \"Completed \$(date)\" >> $webadmin_install_dir/restore.txt";
+ echo " cp $webadmin_install_dir/restore_keys_complete.html $webadmin_install_dir/restore_keys_progress.html";
+ echo 'else';
+ echo " cp $webadmin_install_dir/restore_keys_failed.html $webadmin_install_dir/restore_keys_progress.html";
+ echo 'fi';
+ echo '';
+ echo "chown www-data:www-data $webadmin_install_dir/restore.txt";
+ echo "chown www-data:www-data $webadmin_install_dir/restore_keys_progress.html";
+ echo '';
+ echo "exit 0"; } >> $restore_keys_script
+ chmod +x $restore_keys_script
+
+ # run in a separate process
+ ./$restore_keys_script &
+ else
+ if [ -f "$backup_keys_file" ]; then
+ rm "$backup_keys_file"
+ admin_username=$(grep 'MY_USERNAME=' "$CONFIGURATION_FILE" | head -n 1 | awk -F '=' '{print $2}')
+ check_for_existing_processes $backup_keys_script
+ { echo "echo \"Beginning webadmin backup keys \$(date)\" > $webadmin_install_dir/backup.txt";
+ echo "chown www-data:www-data $webadmin_install_dir/backup.txt";
+ echo '';
+ echo "cp $webadmin_install_dir/backup_keys_progress_template.html $webadmin_install_dir/backup_keys_progress.html";
+ echo "chown www-data:www-data $webadmin_install_dir/backup_keys_progress.html";
+ echo '';
+ echo "if /usr/local/bin/${PROJECT_NAME}-keydrive -u \"$admin_username\" --master 'yes' -d \"simple\" >> $webadmin_install_dir/backup.txt; then";
+ echo " echo \"Completed \$(date)\" >> $webadmin_install_dir/backup.txt";
+ echo " cp $webadmin_install_dir/backup_keys_complete.html $webadmin_install_dir/backup_keys_progress.html";
+ echo 'else';
+ echo " cp $webadmin_install_dir/backup_keys_failed.html $webadmin_install_dir/backup_keys_progress.html";
+ echo 'fi';
+ echo '';
+ echo "chown www-data:www-data $webadmin_install_dir/backup.txt";
+ echo "chown www-data:www-data $webadmin_install_dir/backup_keys_progress.html";
+ echo '';
+ echo "exit 0"; } >> $backup_keys_script
+ chmod +x $backup_keys_script
+
+ # run in a separate process
+ ./$backup_keys_script &
+ fi
+ fi
+}
+
function is_valid_user {
USRNAME="$1"
if [[ "$USRNAME" != "turtl" && "$USRNAME" != "znc" && "$USRNAME" != "pihole" && "$USRNAME" != "fbone" && "$USRNAME" != "go" && "$USRNAME" != "gogs" && "$USRNAME" != "git" && "$USRNAME" != "sync" && "$USRNAME" != "tahoelafs" ]]; then
@@ -1118,6 +1180,7 @@ do
else
if [ $install_state -eq $INSTALL_STATE_COMMAND_SUCCESS ]; then
backup_and_restore
+ backup_and_restore_keys
add_remove_users
install_apps_from_webadmin
sleep 1
diff --git a/src/freedombone-keydrive b/src/freedombone-keydrive
index 5221e231b..867d43251 100755
--- a/src/freedombone-keydrive
+++ b/src/freedombone-keydrive
@@ -31,6 +31,8 @@ PROJECT_NAME='freedombone'
export TEXTDOMAIN=${PROJECT_NAME}-keydrive
export TEXTDOMAINDIR="/usr/share/locale"
+source "/usr/share/${PROJECT_NAME}/utils/${PROJECT_NAME}-utils-backup"
+
USB_DRIVE=/dev/sdb1
USB_MOUNT=/mnt/usb
KEY_FRAGMENTS=3
@@ -38,6 +40,7 @@ FRAGMENTS_DIR=$USB_MOUNT/.gnupg_fragments
MY_USERNAME=$USER
MASTER_DRIVE="no"
FORMAT="no"
+simple_backup=
function show_help {
echo ''
@@ -60,10 +63,18 @@ do
;;
-d|--dev)
shift
- if [[ "${1}" != '/dev/'* ]]; then
- USB_DRIVE=/dev/${1}1
+ backup_device="$1"
+ if [[ "$backup_device" == 'simple' || "$backup_device" == 'auto'* ]]; then
+ backup_device=$(detect_connected_drives)
+ if [ ! "$backup_device" ]; then
+ exit 358635
+ fi
+ simple_backup=1
+ fi
+ if [[ "$backup_device" != '/dev/'* ]]; then
+ USB_DRIVE=/dev/${backup_device}1
else
- USB_DRIVE=${1}
+ USB_DRIVE=${backup_device}
fi
;;
-m|--master)
@@ -116,8 +127,10 @@ if [[ $FORMAT == "yes" ]]; then
fi
fi
-if cryptsetup open --type luks "$USB_DRIVE" encrypted_usb; then
- USB_DRIVE=/dev/mapper/encrypted_usb
+if [ ! $simple_backup ]; then
+ if cryptsetup open --type luks "$USB_DRIVE" encrypted_usb; then
+ USB_DRIVE=/dev/mapper/encrypted_usb
+ fi
fi
if ! mount $USB_DRIVE $USB_MOUNT; then
echo $"There was a problem mounting the USB drive to $USB_MOUNT"
diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
index 8e3c1f818..e98cfcc75 100755
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@@ -42,6 +42,7 @@ done
FRIENDS_SERVERS_LIST=
MY_USERNAME=
+simple_backup=
function show_help {
echo ''
@@ -63,6 +64,13 @@ do
shift
MY_USERNAME="$1"
;;
+ -d|--dev)
+ shift
+ if [[ "$1" == 'simple' ]]; then
+ import_gpg_from_master_keydrive
+ exit 0
+ fi
+ ;;
# backup list filename
# typically /home/$USER/backup.list
-l|--list)
diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys
index e357815e4..bc2af954f 100755
--- a/src/freedombone-utils-keys
+++ b/src/freedombone-utils-keys
@@ -26,6 +26,27 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+function import_gpg_from_master_keydrive {
+ USB_DRIVE=/dev/sdb1
+ USB_MOUNT=/mnt/usb
+ backup_device=$(detect_connected_drives)
+ if [ ! "$backup_device" ]; then
+ exit 357832
+ fi
+ if [[ "$backup_device" != 'sd'* ]]; then
+ exit 463636
+ fi
+ read_config_param MY_USERNAME
+ backup_mount_drive "$backup_device"
+ if [ -d "$USB_MOUNT/.gnupg" ]; then
+ # shellcheck disable=SC2086
+ cp -rf $USB_MOUNT/.gnupg /home/$MY_USERNAME/
+ chown -R "$MY_USERNAME":"$MY_USERNAME" "/home/$MY_USERNAME/.gnupg"
+ cp -rf $USB_MOUNT/.gnupg /root/
+ fi
+ backup_unmount_drive $USB_DRIVE $USB_MOUNT
+}
+
function interactive_gpg_from_usb {
dialog --title $"Recover Encryption Keys" \
--msgbox $'Plug in a USB keydrive containing a copy of your full key or key fragment' 6 70
@@ -117,7 +138,7 @@ function interactive_gpg_from_usb {
if [ -d "$HOME_DIR/.gnupg_old" ]; then
rm -rf "$HOME_DIR/.gnupg_old"
fi
- cp -r "$HOME_DIR/.gnupg $HOME_DIR/.gnupg_old"
+ cp -r "$HOME_DIR/.gnupg" "$HOME_DIR/.gnupg_old"
chmod 700 "$HOME_DIR/.gnupg_old"
chmod -R 600 "$HOME_DIR/.gnupg_old/"*
chown -R "$MY_USERNAME":"$MY_USERNAME" "$HOME_DIR/.gnupg_old"
diff --git a/webadmin/EN/backup_keys_complete.html b/webadmin/EN/backup_keys_complete.html
new file mode 100644
index 000000000..ed2fdd01a
--- /dev/null
+++ b/webadmin/EN/backup_keys_complete.html
@@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <style>
+ #headerpic {
+ width: 60%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 220px;
+ }
+
+ .header {
+ text-align: center;
+ padding: 32px;
+ }
+
+ #iconpic {
+ width: 20%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 120px;
+ }
+
+ .appurl {
+ color: grey;
+ font-size: 100%;
+ }
+
+ .appdesc {
+ color: black;
+ font-size: 65%;
+ }
+
+ button {
+ border: none;
+ outline: 0;
+ display: inline-block;
+ padding: 8px;
+ color: white;
+ background-color: #000;
+ text-align: center;
+ cursor: pointer;
+ width: 100%;
+ font-size: 18px;
+ }
+
+ a {
+ text-decoration: none;
+ color: black;
+ }
+
+ button:hover, a:hover {
+ opacity: 0.7;
+ }
+
+ </style>
+ </head>
+ <body>
+ <div class="header">
+ <a href="backup.html"><img id="headerpic" class="img-responsive" src="images/logo.png"></a>
+
+ <h3>Backup of keys is complete</h3>
+
+ <h4>You may now remove the USB drive</h4>
+
+ <form action="backup.html">
+ <input type="submit" value="Go Back" />
+ </form>
+ </div>
+
+ </body>
+</html>
diff --git a/webadmin/EN/backup_keys_failed.html b/webadmin/EN/backup_keys_failed.html
new file mode 100644
index 000000000..c325538dc
--- /dev/null
+++ b/webadmin/EN/backup_keys_failed.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <style>
+ #headerpic {
+ width: 60%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 220px;
+ }
+
+ .header {
+ text-align: center;
+ padding: 32px;
+ }
+
+ #iconpic {
+ width: 20%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 120px;
+ }
+
+ .appurl {
+ color: grey;
+ font-size: 100%;
+ }
+
+ .appdesc {
+ color: black;
+ font-size: 65%;
+ }
+
+ button {
+ border: none;
+ outline: 0;
+ display: inline-block;
+ padding: 8px;
+ color: white;
+ background-color: #000;
+ text-align: center;
+ cursor: pointer;
+ width: 100%;
+ font-size: 18px;
+ }
+
+ a {
+ text-decoration: none;
+ color: black;
+ }
+
+ button:hover, a:hover {
+ opacity: 0.7;
+ }
+
+ </style>
+ </head>
+ <body>
+ <div class="header">
+ <a href="backup.html"><img id="headerpic" class="img-responsive" src="images/logo.png"></a>
+
+ <h3>Backup of keys failed</h3>
+
+ <p>For details see the <a href="backup.txt">diagnostics</a></p>
+
+ <h4>You may now remove the USB drive</h4>
+
+ <form action="backup.html">
+ <input type="submit" value="Go Back" />
+ </form>
+ </div>
+
+ </body>
+</html>
diff --git a/webadmin/EN/restore_keys_complete.html b/webadmin/EN/restore_keys_complete.html
new file mode 100644
index 000000000..ff4dc9aaf
--- /dev/null
+++ b/webadmin/EN/restore_keys_complete.html
@@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <style>
+ #headerpic {
+ width: 60%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 220px;
+ }
+
+ .header {
+ text-align: center;
+ padding: 32px;
+ }
+
+ #iconpic {
+ width: 20%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 120px;
+ }
+
+ .appurl {
+ color: grey;
+ font-size: 100%;
+ }
+
+ .appdesc {
+ color: black;
+ font-size: 65%;
+ }
+
+ button {
+ border: none;
+ outline: 0;
+ display: inline-block;
+ padding: 8px;
+ color: white;
+ background-color: #000;
+ text-align: center;
+ cursor: pointer;
+ width: 100%;
+ font-size: 18px;
+ }
+
+ a {
+ text-decoration: none;
+ color: black;
+ }
+
+ button:hover, a:hover {
+ opacity: 0.7;
+ }
+
+ </style>
+ </head>
+ <body>
+ <div class="header">
+ <a href="backup.html"><img id="headerpic" class="img-responsive" src="images/logo.png"></a>
+
+ <h3>Restore of keys is complete</h3>
+
+ <h4>You may now remove the USB drive</h4>
+
+ <form action="backup.html">
+ <input type="submit" value="Go Back" />
+ </form>
+ </div>
+
+ </body>
+</html>
diff --git a/webadmin/EN/restore_keys_failed.html b/webadmin/EN/restore_keys_failed.html
new file mode 100644
index 000000000..c0dc90b19
--- /dev/null
+++ b/webadmin/EN/restore_keys_failed.html
@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <style>
+ #headerpic {
+ width: 60%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 220px;
+ }
+
+ .header {
+ text-align: center;
+ padding: 32px;
+ }
+
+ #iconpic {
+ width: 20%;
+ height: auto;
+ margin-right : auto;
+ margin-left : auto;
+ min-width : 120px;
+ }
+
+ .appurl {
+ color: grey;
+ font-size: 100%;
+ }
+
+ .appdesc {
+ color: black;
+ font-size: 65%;
+ }
+
+ button {
+ border: none;
+ outline: 0;
+ display: inline-block;
+ padding: 8px;
+ color: white;
+ background-color: #000;
+ text-align: center;
+ cursor: pointer;
+ width: 100%;
+ font-size: 18px;
+ }
+
+ a {
+ text-decoration: none;
+ color: black;
+ }
+
+ button:hover, a:hover {
+ opacity: 0.7;
+ }
+
+ </style>
+ </head>
+ <body>
+ <div class="header">
+ <a href="backup.html"><img id="headerpic" class="img-responsive" src="images/logo.png"></a>
+
+ <h3>Restore of keys failed</h3>
+
+ <p>For details see the <a href="restore.txt">diagnostics</a></p>
+
+ <h4>You may now remove the USB drive</h4>
+
+ <form action="backup.html">
+ <input type="submit" value="Go Back" />
+ </form>
+ </div>
+
+ </body>
+</html>
--
GitLab