mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-03-10 04:49:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert latest encryption changes to previous state

Browse Source
This commit is contained in:
bergware
2017-09-12 08:22:55 +02:00
parent eba4c5a6ce
commit eea7980f74
3 changed files with 14 additions and 136 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
plugins/dynamix/ArrayOperation.page
View File

@@ -15,22 +15,6 @@ Tag="snowflake-o"
*/
?>
<?
function help_text() {
global $flag;
switch ($flag) {
case 'file': return "<em>To unlock encrypted devices<br>select the keyfile which was originally set</em>";
case 'text': return "<em>To unlock encrypted devices<br>enter the passphrase which was originally set</em>";
default: return "<em>Encrypted device(s) present<br>Encryption settings required</em>";
}
}
function input_text() {
global $flag;
switch ($flag) {
case 'file': return "Keyfile: <input type='file' name='local' onchange='getFileContent(event,this.form)'";
case 'text': return "Passphrase: <input type='password' name='text' maxlength='512' value='' onKeyUp=\"$('input[name=cmdStart]').prop('disabled',this.value.length==0)\"><input id='eye' type='checkbox' onchange='showPass(this.checked)'>show passphrase";
default: return "<a href='/Settings/EncryptionSettings'><i class='fa fa-key'></i> GO TO ENCRYPTION SETTINGS</a>";
}
}
function maintenance_mode() {
echo "<tr>";
echo "<td></td>";
@@ -49,48 +33,12 @@ function status_indicator() {
}
return "<a class='info nohand' onclick='return false'><img src='$ball' class='icon'><span>$help</span></a>";
}
$keyfile = file_exists($var['luksKeyfile']);
$cfg = '/boot/config/keyfile.cfg';
$luks = false; foreach ($disks as $disk) $luks |= substr($disk['fsType'],0,5)=='luks:';
$flag = $luks ? (file_exists($cfg) ? file_get_contents($cfg) : false) : false;
?>
<script>
var ask1 = <?=$confirm['stop'] ? 'true' : 'false'?>;
var ask2 = <?=$confirm['down'] ? 'true' : 'false'?>;
var ctrl = "<span class='status'><a style='cursor:pointer' class='tooltip_diskio' title='Toggle reads/writes display' onclick='toggle_diskio();return false'><i class='toggle fa'></i></a></span>";
function showPass(checked) {
$('input[name="text"]').attr('type',checked ? 'text' : 'password');
}
function getFileContent(event,form) {
var input = event.target;
var reader = new FileReader();
reader.onload = function(){form.file.value=reader.result; form.cmdStart.disabled=false;};
reader.readAsText(input.files[0]);
}
function keyUpload(form) {
<?if ($flag=='file'):?>
form.file.disabled = true;
form.local.disabled = true;
$.post('/webGui/include/KeyUpload.php',{text:'',file:form.file.value});
<?elseif ($flag=='text'):?>
form.text.disabled = true;
$.post('/webGui/include/KeyUpload.php',{text:form.text.value,file:''});
<?endif;?>
}
function verify(form) {
swal({title:'What do you want to do?',text:'Erase data OR correct encryption key',type:'warning',confirmButtonText:'Format',cancelButtonText:'Stop Array',showCancelButton:true},function(p){
if (p) {
$(form).append('<input type="hidden" name="cmdFormat" value="Format">');
form.submit();
} else {
$.post('/webGui/include/KeyUpload.php',{text:'',file:''},function(){
$(form).append('<input type="hidden" name="cmdStop" value="Stop">');
form.submit();
});
}
});
}
function tab0() {
$.removeCookie('one',{path:'/'});
$.cookie('tab','tab0',{path:'/'});
@@ -180,7 +128,6 @@ toggle_diskio(true);
</script>
<form name="arrayOps" method="POST" action="/update.htm" target="progressFrame">
<input type="hidden" name="startState" value="<?=htmlspecialchars($var['mdState'])?>">
<input type="hidden" name="file" value="" disabled>
<table class="array_status">
<?$parity = $var['mdResync']>0 ? '<small>Disabled -- Parity operation is running</small>' : '';
$mover = file_exists('/var/run/mover.pid') ? '<small>Disabled -- Mover is running</small>' : '';
@@ -194,20 +141,11 @@ toggle_diskio(true);
<? if ($var['fsNumUnmountable']>0):?>
<tr>
<td><strong>Unmountable disk<?=$var['fsNumUnmountable']==1?'':'s'?> present:</strong><br>
<? $verify = false;
foreach ($disks as $disk) if (strpos($disk['fsStatus'],'Unmountable')!==false) {
echo "<br><span class='blue-text'>".my_disk($disk['name'])."</span> &bullet; ".my_id($disk['id'])." (".$disk['device'].")";
if (strpos($disk['fsStatus'],'encryption')!==false) $verify = true;
}
?> </td>
<? if ($verify):?>
<td><input type="button" id="cmdFix" value="Fix" onclick="verify(this.form)"><input type="hidden" name="unmountable_mask" value="<?=$var['fsUnmountableMask']?>"></td>
<td><strong>Fix</strong> allows to format all <strong>unmountable disks</strong> <u>OR</u> to stop the array and correct the <strong>encryption key</strong></td>
<? else:?>
<td><input type="submit" name="cmdFormat" value="Format" disabled><input type="hidden" name="unmountable_mask" value="<?=$var['fsUnmountableMask']?>"></td>
<? foreach ($disks as $disk) if (strstr($disk['fsStatus'],'Unmountable')) echo "<br><span class='blue-text'>".my_disk($disk['name'])."</span> &bullet; ".my_id($disk['id'])." (".$disk['device'].")";?></td>
<td><input type="submit" id="cmdFormat" name="cmdFormat" value="Format" disabled><input type="hidden" name="unmountable_mask" value="<?=$var['fsUnmountableMask']?>"></td>
<td><strong>Format</strong> will create a file system in all <strong>Unmountable</strong> disks, discarding all data currently on those disks.<br>
<input type="checkbox" name="confirmFormat" value="OFF" onClick="arrayOps.cmdFormat.disabled=!arrayOps.confirmFormat.checked"><small>Yes I want to do this</small></td>
<? endif;?>
<input type="checkbox" name="confirmFormat" value="OFF" onClick="arrayOps.cmdFormat.disabled=!arrayOps.confirmFormat.checked"><small>Yes I want to do this</small>
</td>
</tr>
<? endif;
if (!$parity):
@@ -402,15 +340,9 @@ toggle_diskio(true);
case "STOPPED":
if (strstr($var['mdResyncAction'],"recon")):?>
<tr>
<? if ($luks && !$keyfile):?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Missing encryption keyfile<br><br><?=help_text()?></td>
<td><input type="submit" name="cmdStart" value="Start" onclick="keyUpload(this.form)" disabled></td>
<td><?=input_text()?></td>
<? else:?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Configuration valid.</td>
<td><input type="submit" name="cmdStart" value="Start"></td>
<td><strong>Start</strong> will bring the array on-line and start <strong>Parity-Sync</strong> and/or <strong>Data-Rebuild</strong>.</td>
<? endif;?>
</tr>
<? elseif ($var['mdResyncAction']=="clear"):?>
<tr>
@@ -433,15 +365,9 @@ toggle_diskio(true);
</tr>
<? else:?>
<tr>
<? if ($luks && !$keyfile):?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Missing encryption keyfile<br><br><?=help_text()?></td>
<td><input type="submit" name="cmdStart" value="Start" onclick="keyUpload(this.form)" disabled></td>
<td><?=input_text()?></td>
<? else:?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Configuration valid.</td>
<td><input type="submit" name="cmdStart" value="Start"></td>
<td><strong>Start</strong> will bring the array on-line.</td>
<? endif;?>
</tr>
<? endif;
maintenance_mode();
@@ -449,30 +375,18 @@ toggle_diskio(true);
case "NEW_ARRAY":
if (strpos($disks['parity']['status'],"DISK_NP")===0 && (empty($disks['parity2']) || strpos($disks['parity2']['status'],"DISK_NP")===0)):?>
<tr>
<? if ($luks && !$keyfile):?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Missing encryption keyfile<br><br><?=help_text()?></td>
<td><input type="submit" name="cmdStart" value="Start" onclick="keyUpload(this.form)" disabled></td>
<td><?=input_text()?></td>
<? else:?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Configuration valid.</td>
<td><input type="submit" name="cmdStart" value="Start"></td>
<td><strong>Start</strong> will record all disk information and bring the array on-line.
<br>The array will be immediately available, but <strong>unprotected</strong> since <em>parity</em> has not been assigned.</td>
<? endif;?>
</tr>
<? else:?>
<tr>
<? if ($luks && !$keyfile):?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Missing encryption keyfile<br><br><?=help_text()?></td>
<td><input type="submit" name="cmdStart" value="Start" onclick="keyUpload(this.form)" disabled></td>
<td><?=input_text()?></td>
<? else:?>
<td><?=status_indicator()?><span class="strong big">Stopped</span>. Configuration valid.</td>
<td><input type="button" value="Start" onclick="parity_warning(this.form)"></td>
<td><strong>Start</strong> will record all disk information, bring the array on-line, and start Parity-Sync.
<br>The array will be immediately available, but <strong>unprotected</strong> until Parity-Sync completes.
<br><input type="checkbox" name="md_invalidslot" value="99">Parity is already valid.</td>
<? endif;?>
</tr>
<? endif;
maintenance_mode();

45
plugins/dynamix/EncryptionSettings.page
View File

@@ -18,9 +18,6 @@ Tag="key"
<?
$keyfile = file_exists($var['luksKeyfile']) ? $var['luksKeyfile'] : '';
$online = $var['fsState']=='Stopped' ? '' : 'disabled';
$cfg = '/boot/config/keyfile.cfg';
$luks = false; foreach ($disks as $disk) $luks |= substr($disk['fsType'],0,5)=='luks:';
$flag = $luks ? (file_exists($cfg) ? file_get_contents($cfg) : false) : false;
?>
<script>
<?if ($keyfile):?>
@@ -29,7 +26,7 @@ function checkInput(form) {
return true;
}
function toggleButton(checked) {
$('input[name="#apply"],input[name="reset"]').prop('disabled',!checked);
$('input[name="#apply"]').prop('disabled',!checked);
}
<?else:?>
function checkInput(form) {
@@ -67,52 +64,25 @@ function getFileContent(event,form) {
<input type="hidden" name="#file" value="unused">
<input type="hidden" name="#include" value="webGui/include/KeyUpload.php">
<input type="hidden" name="file" value="">
<input type="hidden" name="flag" value="true">
<?if ($keyfile):?>
Encryption key:
: <?=$keyfile?>
: &nbsp;<?=$keyfile ?: 'Not present'?>
> Shows the path and name of the current keyfile, if present.
>
> This keyfile is read during array Start and is used to encrypt/decrypt content of encrypted devices.
> With array Stopped, the keyfile may be deleted and the user can specify a new encryption key. Note that once a device
<?if ($keyfile):?>
Delete <input type="checkbox" name="keyfile" onchange="toggleButton(this.checked)">
: <input type="submit" name="#apply" value="Delete" disabled><input type="button" value="Done" class="lock" onclick="done()">
> With array Stopped, the keyfile may be deleted in order to specify a different encryption key. Note that once a device
> is formatted with a particular key it may only be opened using that same key. Changing the encryption key requires
> encrypted devices to be reformatted **resulting in permanent loss of all existing data on those devices.**
> With array Started, the keyfile may be deleted to ensure there is no encryption key present on the server when
> the array is online. Note that plugins are installed and may execute before and during the array Start process.
<?if ($flag):?>
> Select **Reset** to forget the selected encryption input and start with a *clean* installation.
<?endif;?>
Delete <input type="checkbox" name="keyfile" onchange="toggleButton(this.checked)"><?if ($flag):?> Reset <input type="checkbox" name="reset" disabled><?endif;?>
: <input type="submit" name="#apply" value="Delete" disabled><input type="button" value="Done" class="lock" onclick="done()">
<?else:?>
<?if ($flag=='file'):?>
<span class="orange-text big">To unlock encrypted devices, select the keyfile which was originally set</span>
: &nbsp;
Keyfile:
: <input type="file" name="local" onchange="getFileContent(event,this.form)"<?=$online?>>
&nbsp;
: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
<?elseif ($flag=='text'):?>
<span class="orange-text big">To unlock encrypted devices, enter the passphrase which was originally set</span>
: &nbsp;
Passphrase:
: <input type="password" name="text" maxlength="512" value=""<?=$online?> onKeyUp="this.form.apply.disabled=(this.form.text.value.length==0)"><?if (!$online):?><input id="eye" type="checkbox" onchange="showPass(this.checked)">show passphrase<?endif;?>
&nbsp;
: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
<?else:?>
Encryption key:
: Not present
Encryption input:
: <select name="input" size="1" onchange="selectInput(this.form)"<?=$online?>>
<?=mk_option(1, "text", "Passphrase")?>
@@ -153,5 +123,4 @@ Keyfile:
<input type="button" value="Benchmark" onclick="openBox('/webGui/include/CryptoBenchmark.php','Encryption Benchmarking',600,640)">
: <input type="submit" name="apply" value="Apply" class="lock"><input type="button" value="Done" onclick="done()"><?if ($online):?>Array must be <span class="strong big">Stopped</span> to change<?endif;?>
<?endif;?>
<?endif;?>
</form>

11
plugins/dynamix/include/KeyUpload.php
View File

@@ -11,22 +11,17 @@
*/
?>
<?
$var = parse_ini_file('/var/local/emhttp/var.ini');
$cfg = '/boot/config/keyfile.cfg';
$var = parse_ini_file('/var/local/emhttp/var.ini');
$luks = $var['luksKeyfile'];
$text = $_POST['text'] ?? false;
$file = $_POST['file'] ?? false;
$flag = $_POST['flag'] ?? false;
$text = $_POST['text'] ?? '';
$file = $_POST['file'] ?? '';
if ($text) {
file_put_contents($luks, $text);
if ($flag) file_put_contents($cfg,'text');
} elseif ($file) {
file_put_contents($luks, $file);
if ($flag) file_put_contents($cfg,'file');
} else {
@unlink($luks);
if ($_POST['reset']) @unlink($cfg);
}
$save = false;
?>