mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-02-18 06:58:47 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disk Settings: add possibility to change encryption phrase/keyfile

Browse Source
This commit is contained in:
bergware
2023-10-11 21:37:34 +02:00
parent 6b9bc3c00f
commit e8cef12319
1 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
emhttp/plugins/dynamix/include/update.encryption.php
View File

@@ -15,11 +15,12 @@ $docroot = $docroot ?? $_SERVER['DOCUMENT_ROOT'] ?: '/usr/local/emhttp';
// add translations
$_SERVER['REQUEST_URI'] = 'settings';
require_once "$docroot/webGui/include/Translations.php";
require_once "$docroot/webGui/include/Wrappers.php";
$save = false;
$disks = parse_ini_file('state/disks.ini',true);
$newkey = parse_ini_file('state/var.ini')['luksKeyfile'];
$oldkey = str_replace('keyfile','oldfile',$newkey);
$newkey = parse_ini_file('state/var.ini')['luksKeyfile'] ?: '/root/keyfile';
$oldkey = dirname($newkey).'/oldfile';
$delkey = !is_file($newkey);
$crypto = [];
@@ -45,7 +46,7 @@ function removeKey($key,$disk) {
if ($match && preg_match($match,$row)) $slots++;
}
pclose($dump);
if ($slots > 1) exec("cryptsetup luksRemoveKey /dev/$disk $key 1>/dev/null 2>&1");
if ($slots > 1) exec("cryptsetup luksRemoveKey /dev/$disk $key &>/dev/null");
}
function diskname($name) {
global $disks;
@@ -54,20 +55,20 @@ function diskname($name) {
}
function reply($text,$type) {
global $oldkey,$newkey,$delkey;
$reply = $_POST['#reply'];
$reply = _var($_POST,'#reply');
if (realpath(dirname($reply))=='/var/tmp') file_put_contents($reply,$text."\0".$type);
delete_file($oldkey);
if ($_POST['newinput']=='text' || $delkey) delete_file($newkey);
if (_var($_POST,'newinput','text')=='text' || $delkey) delete_file($newkey);
die();
}
if (isset($_POST['oldinput'])) {
switch ($_POST['oldinput']) {
case 'text':
file_put_contents($oldkey,base64_decode($_POST['oldluks']));
file_put_contents($oldkey,base64_decode(_var($_POST,'oldluks')));
break;
case 'file':
file_put_contents($oldkey,base64_decode(explode(';base64,',$_POST['olddata'])[1]));
file_put_contents($oldkey,base64_decode(explode(';base64,',_var($_POST,'olddata',';base64,'))[1]));
break;
}
} else {
@@ -76,7 +77,7 @@ if (isset($_POST['oldinput'])) {
if (is_file($oldkey)) {
$disk = $crypto[0]; // check first disk only (key is the same for all disks)
exec("cryptsetup luksOpen --test-passphrase --key-file $oldkey /dev/$disk 1>/dev/null 2>&1",$none,$error);
exec("cryptsetup luksOpen --test-passphrase --key-file $oldkey /dev/$disk &>/dev/null",$null,$error);
} else $error = 1;
if ($error > 0) reply(_('Incorrect existing key'),'warning');
@@ -84,20 +85,25 @@ if ($error > 0) reply(_('Incorrect existing key'),'warning');
if (isset($_POST['newinput'])) {
switch ($_POST['newinput']) {
case 'text':
file_put_contents($newkey,base64_decode($_POST['newluks']));
file_put_contents($newkey,base64_decode(_var($_POST,'newluks')));
$luks = 'luksKey';
$data = _var($_POST,'newluks');
break;
case 'file':
file_put_contents($newkey,base64_decode(explode(';base64,',$_POST['newdata'])[1]));
file_put_contents($newkey,base64_decode(explode(';base64,',_var($_POST,'newdata',';base64,'))[1]));
$luks = 'luksKey&luksKeyfile';
$data = $newkey;
break;
}
$good = $bad = [];
foreach ($crypto as $disk) {
exec("cryptsetup luksAddKey --key-file $oldkey /dev/$disk $newkey 1>/dev/null 2>&1",$none,$error);
exec("cryptsetup luksAddKey --key-file $oldkey /dev/$disk $newkey &>/dev/null",$null,$error);
if ($error==0) $good[] = $disk; else $bad[] = diskname($disk);
}
if (count($bad)==0) {
// all okay, remove the old key
foreach ($good as $disk) removeKey($oldkey,$disk);
exec("emcmd 'changeDisk=apply&$luks=$data'");
reply(_('Key successfully changed'),'success');
} else {
// something went wrong, restore key