Enhanced encryption settings

2026-03-03 06:40:50 -06:00 · 2017-09-12 15:23:32 +02:00
parent eea7980f74
commit 9ed57bcf20
5 changed files with 67 additions and 20 deletions
--- a/plugins/dynamix/ArrayOperation.page
+++ b/plugins/dynamix/ArrayOperation.page
@@ -39,6 +39,14 @@ var ask1 = <?=$confirm['stop'] ? 'true' : 'false'?>;
 var ask2 = <?=$confirm['down'] ? 'true' : 'false'?>;
 var ctrl = "<span class='status'><a style='cursor:pointer' class='tooltip_diskio' title='Toggle reads/writes display' onclick='toggle_diskio();return false'><i class='toggle fa'></i></a></span>";

+function verify(form) {
+  swal({title:'Found wrong encryption key',text:'Format unmountable disk(s) and ERASE ALL data?',type:'warning',showCancelButton:true},function(p){
+    if (p) {
+      $(form).append('<input type="hidden" name="cmdFormat" value="Format">');
+      form.submit();
+    }
+  });
+}
 function tab0() {
  $.removeCookie('one',{path:'/'});
  $.cookie('tab','tab0',{path:'/'});
@@ -141,11 +149,19 @@ toggle_diskio(true);
 <?  if ($var['fsNumUnmountable']>0):?>
      <tr>
      <td><strong>Unmountable disk<?=$var['fsNumUnmountable']==1?'':'s'?> present:</strong><br>
-<?    foreach ($disks as $disk) if (strstr($disk['fsStatus'],'Unmountable')) echo "<br><span class='blue-text'>".my_disk($disk['name'])."</span> &bullet; ".my_id($disk['id'])." (".$disk['device'].")";?></td>
+<?    $verify = false;
+      foreach ($disks as $disk) if (strpos($disk['fsStatus'],'Unmountable')!==false) {
+        echo "<br><span class='blue-text'>".my_disk($disk['name'])."</span> &bullet; ".my_id($disk['id'])." (".$disk['device'].")";
+        if (strpos($disk['fsStatus'],'Wrong')!==false) $verify = true;
+      }
+?>    </td>
+<?    if ($verify):?>
+      <td><input type="button" id="cmdFormat" value="Format" disabled onclick="verify(this.form)"><input type="hidden" name="unmountable_mask" value="<?=$var['fsUnmountableMask']?>"></td>
+<?    else:?>
      <td><input type="submit" id="cmdFormat" name="cmdFormat" value="Format" disabled><input type="hidden" name="unmountable_mask" value="<?=$var['fsUnmountableMask']?>"></td>
+<?    endif;?>
      <td><strong>Format</strong> will create a file system in all <strong>Unmountable</strong> disks, discarding all data currently on those disks.<br>
-      <input type="checkbox" name="confirmFormat" value="OFF" onClick="arrayOps.cmdFormat.disabled=!arrayOps.confirmFormat.checked"><small>Yes I want to do this</small>
-      </td>
+      <input type="checkbox" name="confirmFormat" value="OFF" onClick="$('#cmdFormat').prop('disabled',!arrayOps.confirmFormat.checked)"><small>Yes I want to do this</small></td>
      </tr>
 <?  endif;
    if (!$parity):
--- a/plugins/dynamix/EncryptionSettings.page
+++ b/plugins/dynamix/EncryptionSettings.page
@@ -18,6 +18,9 @@ Tag="key"
 <?
 $keyfile = file_exists($var['luksKeyfile']) ? $var['luksKeyfile'] : '';
 $online = $var['fsState']=='Stopped' ? '' : 'disabled';
+$ini = '/var/local/emhttp/keyfile.ini';
+$luks = false; foreach ($disks as $disk) $luks |= substr($disk['fsType'],0,5)=='luks:';
+$flag = $luks ? (file_exists($ini) ? file_get_contents($ini) : false) : false;
 ?>
 <script>
 <?if ($keyfile):?>
@@ -64,25 +67,48 @@ function getFileContent(event,form) {
 <input type="hidden" name="#file" value="unused">
 <input type="hidden" name="#include" value="webGui/include/KeyUpload.php">
 <input type="hidden" name="file" value="">
+<input type="hidden" name="flag" value="true">
+<?if ($keyfile):?>
 Encryption key:
-: &nbsp;<?=$keyfile ?: 'Not present'?>
+: <?=$keyfile?>

 > Shows the path and name of the current keyfile, if present.
 >
 > This keyfile is read during array Start and is used to encrypt/decrypt content of encrypted devices.

-<?if ($keyfile):?>
-Delete <input type="checkbox" name="keyfile" onchange="toggleButton(this.checked)">
-: <input type="submit" name="#apply" value="Delete" disabled><input type="button" value="Done" class="lock" onclick="done()">
-
-> With array Stopped, the keyfile may be deleted in order to specify a different encryption key. Note that once a device
+> With array Stopped, the keyfile may be deleted and the user can specify a new encryption key. Note that once a device
 > is formatted with a particular key it may only be opened using that same key. Changing the encryption key requires
 > encrypted devices to be reformatted **resulting in permanent loss of all existing data on those devices.**

 > With array Started, the keyfile may be deleted to ensure there is no encryption key present on the server when
 > the array is online.  Note that plugins are installed and may execute before and during the array Start process.

+Delete <input type="checkbox" name="keyfile" onchange="toggleButton(this.checked)">
+: <input type="submit" name="#apply" value="Delete" disabled><input type="button" value="Done" class="lock" onclick="done()">
+
 <?else:?>
+<?if ($flag=='file'):?>
+<span class="orange-text big">To unlock encrypted devices, select the keyfile which was originally set</span>
+: &nbsp;
+
+Keyfile:
+: <input type="file" name="local" onchange="getFileContent(event,this.form)"<?=$online?>>
+
+&nbsp;
+: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
+<?elseif ($flag=='text'):?>
+<span class="orange-text big">To unlock encrypted devices, enter the passphrase which was originally set</span>
+: &nbsp;
+
+Passphrase:
+: <input type="password" name="text" maxlength="512" value=""<?=$online?> onKeyUp="this.form.apply.disabled=(this.form.text.value.length==0)"><?if (!$online):?><input id="eye" type="checkbox" onchange="showPass(this.checked)">show passphrase<?endif;?>
+
+&nbsp;
+: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
+<?else:?>
+Encryption key:
+: Not present
+
 Encryption input:
 : <select name="input" size="1" onchange="selectInput(this.form)"<?=$online?>>
  <?=mk_option(1, "text", "Passphrase")?>
@@ -123,4 +149,5 @@ Keyfile:
 <input type="button" value="Benchmark" onclick="openBox('/webGui/include/CryptoBenchmark.php','Encryption Benchmarking',600,640)">
 : <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
 <?endif;?>
+<?endif;?>
 </form>
--- a/plugins/dynamix/include/Browse.php
+++ b/plugins/dynamix/include/Browse.php
@@ -52,10 +52,10 @@ foreach ($file as $row) {
  if ($show) foreach ($rows as $row) {
    switch ($disks[$tag.str_replace($tag,'',$row)]['luksState']) {
    case 0: $luks .= "<i class='padlock grey-text fa fa-unlock' title='Not encrypted'></i>"; break;
-    case 1: $luks .= "<i class='padlock green-text fa fa-unlock-alt' title='Encrypted'></i>"; break;
-    case 2: $luks .= "<i class='padlock red-text fa fa-lock' title='Missing encryption key'></i>"; break;
-    case 3: $luks .= "<i class='padlock red-text fa fa-lock' title='Wrong encryption key'></i>"; break;
-   default: $luks .= "<i class='padlock red-text fa fa-lock' title='Unknown error'></i>"; break;}
+    case 1: $luks .= "<i class='padlock green-text fa fa-unlock-alt' title='Encrypted and unlocked'></i>"; break;
+    case 2: $luks .= "<i class='padlock red-text fa fa-lock' title='Locked: missing encryption key'></i>"; break;
+    case 3: $luks .= "<i class='padlock red-text fa fa-lock' title='Locked: wrong encryption key'></i>"; break;
+   default: $luks .= "<i class='padlock red-text fa fa-lock' title='Locked: unknown error'></i>"; break;}
  }
  $list[] = [
    'type' => $attr[0],
--- a/plugins/dynamix/include/DeviceList.php
+++ b/plugins/dynamix/include/DeviceList.php
@@ -60,10 +60,10 @@ function device_info(&$disk,$online) {
  $link = (strpos($disk['status'], 'DISK_NP')===false || $disk['name']=="cache") ? "<a href=\"".htmlspecialchars("$path/$type?name=$name")."\">".$fancyname."</a>" : $fancyname;
  switch ($disk['luksState']) {
    case 0: $luks = ""; break;
-    case 1: $luks = "<i class='padlock fa ".($online?'fa-unlock-alt green-text':'fa-lock grey-text')."' title='Encrypted'></i>"; break;
-    case 2: $luks = "<i class='padlock fa fa-lock red-text' title='Missing encryption key'></i>"; break;
-    case 3: $luks = "<i class='padlock fa fa-lock red-text' title='Wrong encryption key'></i>"; break;
-   default: $luks = "<i class='padlock fa fa-lock red-text' title='Unknown error'></i>"; break;
+    case 1: $luks = "<i ".($online?"class='padlock fa fa-unlock-alt green-text' title='Encrypted and unlocked'":"class='padlock fa fa-lock grey-text' title='Encrypted and locked'")."></i>"; break;
+    case 2: $luks = "<i class='padlock fa fa-lock red-text' title='Locked: missing encryption key'></i>"; break;
+    case 3: $luks = "<i class='padlock fa fa-lock red-text' title='Locked: wrong encryption key'></i>"; break;
+   default: $luks = "<i class='padlock fa fa-lock red-text' title='Locked: unknown error'></i>"; break;
  }
  return $status.$link.$luks;
 }
--- a/plugins/dynamix/include/KeyUpload.php
+++ b/plugins/dynamix/include/KeyUpload.php
@@ -11,15 +11,19 @@
 */
 ?>
 <?
-$var  = parse_ini_file('/var/local/emhttp/var.ini');
+$var = parse_ini_file('/var/local/emhttp/var.ini');
+$ini = '/var/local/emhttp/keyfile.ini';
 $luks = $var['luksKeyfile'];
-$text = $_POST['text'] ?? '';
-$file = $_POST['file'] ?? '';
+$text = $_POST['text'] ?? false;
+$file = $_POST['file'] ?? false;
+$flag = $_POST['flag'] ?? false;

 if ($text) {
  file_put_contents($luks, $text);
+  if ($flag) file_put_contents($ini,'text');
 } elseif ($file) {
  file_put_contents($luks, $file);
+  if ($flag) file_put_contents($ini,'file');
 } else {
  @unlink($luks);
 }