mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2025-12-31 14:40:36 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
connect-cleanup
webgui/emhttp/plugins/dynamix/SecuritySMB.page
tom mortensen 70131ff3b5 Merge pull request #2397 from unraid/fix/shares 
Fix: Disallow reading settings from share containing apostrophe
2025-09-30 13:15:47 -07:00

405 lines
15 KiB
Plaintext
Executable File
Raw Permalink Blame History

Menu="Disk Share Flash"
Title="SMB Security Settings"
Tag="windows"
Cond="(($var['shareSMBEnabled']!='no') && (isset($name)?array_key_exists($name,$sec)&&($shares[$name]['hasCfg']??false)!='similar':0))"
---
<?PHP
/* Copyright 2005-2023, Lime Technology
* Copyright 2012-2023, Bergware International.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*/
?>
<?
require_once "$docroot/webGui/include/InputSecurity.php";
$width = [123,300];
/* Sort user array by keys in natural order */
uksort($users, 'strnatcmp');
?>
:smb_security_help:
<div markdown="1" class="relative">
<div markdown="1" class="clone-settings shade">
_(Read settings from)_ <i class="fa fa-arrow-left fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select name="readsmb" onchange="toggleButton('readsmb',false)">
<option disabled selected>_(select)_...</option>
<?
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name) echo mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name) echo mk_option("", $list['name'], compress($list['name']));
}
?>
</select>
<span class="buttons-spaced">
<input type="button" id="readsmb" value="_(Read)_" class="clone" onclick="readSMB()" disabled>
</span>
</span>
_(Write settings to)_ <i class="fa fa-arrow-right fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select id="smb1" name="writesmb" multiple onchange="toggleButton('writesmb',this.id)">
<?
$rows = [];
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name) $rows[] = mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name) $rows[] = mk_option("", $list['name'], compress($list['name']));
}
if ($rows) echo "<option>("._('All').")</option>";
foreach ($rows as $row) echo $row;
?>
</select>
<span class="buttons-spaced">
<input type="button" id="writesmb" value="_(Write)_" class="clone" onclick="writeSMB()" disabled>
</span>
</span>
</div>
</div>
<div markdown="1" class="shade">
<form markdown="1" name="smb_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writesmb',true);$('#smb1').dropdownchecklist('disable')">
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
<?if (($name=='flash')||($var['enableFruit']!='yes')):?>
<input type="hidden" name="shareVolsizelimit" value="">
<?endif;?>
_(Share name)_:
: <?=htmlspecialchars($name)?>
<?if (($name=='flash')||($var['enableFruit']!='yes')):?>
_(Export)_:
: <select name="shareExport">
<?=mk_option($sec[$name]['export'], "-", _('No'))?>
<?=mk_option($sec[$name]['export'], "e", _('Yes'))?>
<?=mk_option($sec[$name]['export'], "eh", _('Yes (hidden)'))?>
</select>
:smb_export_help:
<?else:?>
_(Export)_:
: <select name="shareExport" onchange="checkShareSettingsSMB(this.form)">
<?=mk_option($sec[$name]['export'], "-", _('No'))?>
<?=mk_option($sec[$name]['export'], "e", _('Yes'))?>
<?=mk_option($sec[$name]['export'], "eh", _('Yes (hidden)'))?>
<?=mk_option($sec[$name]['export'], "et", _('Yes/Time Machine'))?>
<?=mk_option($sec[$name]['export'], "eth", _('Yes/Time Machine (hidden)'))?>
</select>
:smb_export_help:
_(Time Machine volume size limit)_:
: <span class="inline-flex flex-row items-center gap-2">
<input type="text" name="shareVolsizelimit" maxlen="20" value="<?=$sec[$name]['volsizelimit']?>"> MB
</span>
:smb_time_machine_volume_help:
<?endif;?>
<?if ($name!='flash'):?>
_(Case-sensitive names)_:
: <select name="shareCaseSensitive">
<?=mk_option($sec[$name]['caseSensitive'], "auto", _("Auto"))?>
<?=mk_option($sec[$name]['caseSensitive'], "yes", _("Yes"))?>
<?=mk_option($sec[$name]['caseSensitive'], "forced", _("Force lower"))?>
</select>
:smb_case_sensitive_names_help:
<?endif;?>
_(Security)_:
: <select name="shareSecurity" onchange="checkPublicSelection(this);">
<?=mk_option($sec[$name]['security'], "public", _('Public'))?>
<?=mk_option($sec[$name]['security'], "secure", _('Secure'))?>
<?=mk_option($sec[$name]['security'], "private", _('Private'))?>
</select>
<span id="warningMessage" style="display:none; color: red;">_(Warning)_: _(Windows may require a valid User to be defined even for Public shares)_. _(See Help)_.</span>
:smb_security_modes_help:
&nbsp;
: <span class="inline-block">
<input type="submit" name="changeShareSecurity" value="_(Apply)_" disabled>
<input type="button" value="_(Done)_" onclick="done()">
</span>
</form>
</div>
<?if ($sec[$name]['security']=='secure'):?>
<div class="title nocontrol">
<span class="left">_(SMB)_ _(User Access)_</span>
<span class="right">
<i>_(Guests have **read-only** access)_.</i>
</span>
</div>
:smb_secure_access_help:
<div markdown="1" class="relative">
<div markdown="1" class="clone-settings shade">
_(Read settings from)_ <i class="fa fa-arrow-left fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select name="readusersmb" onchange="toggleButton('readusersmb',false)">
<option disabled selected>_(select)_...</option>
<?
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') echo mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name && $sec[$list['name']]['security']=='secure') echo mk_option("", $list['name'], compress($list['name']));
}
?>
</select>
<span class="buttons-spaced">
<input type="button" id="readusersmb" value="_(Read)_" class="clone" onclick="readUserSMB()" disabled>
</span>
</span>
_(Write settings to)_ <i class="fa fa-arrow-right fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select id="smb2" name="writeusersmb" multiple onchange="toggleButton('writeusersmb',this.id)">
<?
$rows = [];
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') $rows[] = mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name && $sec[$list['name']]['security']=='secure') $rows[] = mk_option("", $list['name'], compress($list['name']));
}
if ($rows) echo "<option>("._('All').")</option>";
foreach ($rows as $row) echo $row;
?>
</select>
<span class="buttons-spaced">
<input type="button" id="writeusersmb" value="_(Write)_" class="clone" onclick="writeUserSMB()" disabled>
</span>
</span>
</div>
<div markdown="1" class="shade">
<form markdown="1" name="smb_user_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writeusersmb',true);$('#smb2').dropdownchecklist('disable')">
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
<?input_secure_users($sec)?>
&nbsp;
: <span class="inline-block">
<input type="submit" name="changeShareAccess" value="_(Apply)_" disabled>
<input type="button" value="_(Done)_" onclick="done()">
</span>
</form>
</div>
</div>
<?elseif ($sec[$name]['security']=='private'):?>
<div class="title nocontrol">
<span class="left">_(SMB)_ _(User Access)_</span>
<span class="right">
<i>_(Guests have **no** access)_.</i>
</span>
</div>
:smb_private_access_help:
<div markdown="1" class="relative">
<div markdown="1" class="clone-settings shade">
_(Read settings from)_ <i class="fa fa-arrow-left fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select name="readusersmb" onchange="toggleButton('readusersmb',false)">
<option disabled selected>_(select)_...</option>
<?
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') echo mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name && $sec[$list['name']]['security']=='private') echo mk_option("", $list['name'], compress($list['name']));
}
?>
</select>
<span class="buttons-spaced">
<input type="button" id="readusersmb" value="_(Read)_" class="clone" onclick="readUserSMB()" disabled>
</span>
</span>
_(Write settings to)_ <i class="fa fa-arrow-right fa-fw"></i>
: <span class="flex flex-row items-center gap-4">
<select id="smb2" name="writeusersmb" multiple onchange="toggleButton('writeusersmb',this.id)">
<?
$rows = [];
if (isset($disks[$name])) {
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') $rows[] = mk_option("", $list['name'], _(my_disk($list['name']),3));
} else {
foreach ($shares as $list) if (strpos($list['name'],"'") === false && $list['name']!=$name && $sec[$list['name']]['security']=='private') $rows[] = mk_option("", $list['name'], compress($list['name']));
}
if ($rows) echo "<option>("._('All').")</option>";
foreach ($rows as $row) echo $row;
?>
</select>
<span class="buttons-spaced">
<input type="button" id="writeusersmb" value="_(Write)_" class="clone" onclick="writeUserSMB()" disabled>
</span>
</span>
</div>
<div markdown="1" class="shade">
<form markdown="1" name="smb_user_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writeusersmb',true);$('#smb2').dropdownchecklist('disable')">
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
<?input_private_users($sec)?>
&nbsp;
: <span class="buttons-spaced">
<input type="submit" name="changeShareAccess" value="_(Apply)_" disabled>
<input type="button" value="_(Done)_" onclick="done()">
</span>
</form>
</div>
</div>
<?endif;?>
<script>
$(function() {
checkShareSettingsSMB(document.smb_edit);
initDropdownSMB(false);
<?if ($tabbed):?>
$('#tab'+$('.tabs-container button').length).bind({click:function(){initDropdownSMB(true);}});
<?endif;?>
<?if (count($users)==1):?>
toggleButton('readusersmb',true);
toggleButton('writeusersmb',true);
$('#smb2').dropdownchecklist('disable');
<?endif;?>
});
function checkShareSettingsSMB(form) {
form.shareVolsizelimit.disabled = (form.shareExport.value.indexOf("et") == -1);
}
function initDropdownSMB(reset) {
if (reset) {
$('#smb1').dropdownchecklist('destroy');
$('#smb2').dropdownchecklist('destroy');
}
$("#smb1").dropdownchecklist({firstItemChecksAll:true, emptyText:"_(select)_...", width:<?=$width[0]?>, explicitClose:"..._(close)_"});
$("#smb2").dropdownchecklist({firstItemChecksAll:true, emptyText:"_(select)_...", width:<?=$width[0]?>, explicitClose:"..._(close)_"});
}
function readSMB() {
var form = document.smb_edit;
var name = $('select[name="readsmb"]').val();
$.get('/webGui/include/ProtocolData.php',{protocol:'smb',name:name},function(json) {
var data = $.parseJSON(json);
form.shareExport.value = data.export;
form.shareSecurity.value = data.security;
});
$(form).find('select').trigger('change');
}
function writeSMB(data,n,i) {
if (data) {
if (n<i) {
$.post('/update.htm',data[n], function(){setTimeout(function(){writeSMB(data,++n,i);},3000);});
} else {
toggleButton('writesmb',false);
$('div.spinner.fixed').hide();
}
} else {
var data = [], i = 0;
$('select#smb1 option').map(function() {
if ($(this).prop('selected')==true && $(this).val()!='(_(All)_)') {
data[i] = {};
data[i]['shareName'] = $(this).val();
data[i]['shareExport'] = '<?=addslashes(htmlspecialchars($sec[$name]['export']))?>';
data[i]['shareSecurity'] = '<?=addslashes(htmlspecialchars($sec[$name]['security']))?>';
data[i]['changeShareSecurity'] = 'Apply';
i++;
}
});
toggleButton('writesmb',true);
$('div.spinner.fixed').show('slow');
writeSMB(data,0,i);
}
}
function readUserSMB() {
var form = document.smb_user_edit;
var name = $('select[name="readusersmb"]').val();
var users = {};
<?
foreach ($users as $user) {
if ($user['name'] == "root") continue;
echo "users['{$user['name']}'] = {$user['idx']};\n";
}
?>
$.get('/webGui/include/ProtocolData.php',{protocol:'smb',name:name},function(json) {
var data = $.parseJSON(json);
var readList = data.readList.split(',');
var writeList = data.writeList.split(',');
$(form).find('select[name^="userAccess."]').each(function(){$(this).val('no-access');});
for (var i=0; i < readList.length; i++) $(form).find('select[name="userAccess.'+users[readList[i]]+'"]').val('read-only');
for (var i=0; i < writeList.length; i++) $(form).find('select[name="userAccess.'+users[writeList[i]]+'"]').val('read-write');
});
$(form).find('select').trigger('change');
}
function writeUserSMB(data,n,i) {
if (data) {
if (n<i) {
$.post('/update.htm',data[n], function(){setTimeout(function(){writeUserSMB(data,++n,i);},3000);});
} else {
toggleButton('writeusersmb',false);
$('div.spinner.fixed').hide();
}
} else {
var data = [], i = 0;
$('select#smb2 option').map(function() {
if ($(this).prop('selected')==true && $(this).val()!='(_(All)_)') {
data[i] = {};
data[i]['shareName'] = $(this).val();
data[i]['userAccess.0'] = 'no-access';
<?
$read_list = explode(",", $sec[$name]['readList']);
$write_list = explode(",", $sec[$name]['writeList']);
foreach ($users as $user) {
if ($user['name'] == "root") continue;
$idx = $user['idx'];
$userAccess = null;
if ($sec[$name]['security']=='secure') {
$userAccess = in_array($user['name'], $write_list) ? "read-write" : "read-only";
} elseif ($sec[$name]['security'] == 'private') {
$userAccess = in_array($user['name'], $write_list) ? "read-write" : (in_array($user['name'], $read_list) ? "read-only" : "no-access");
}
if ($userAccess) echo "data[i]['userAccess.$idx'] = '$userAccess';\n";
}
?>
data[i]['changeShareAccess'] = 'Apply';
i++;
}
});
toggleButton('writeusersmb',true);
$('div.spinner.fixed').show('slow');
writeUserSMB(data,0,i);
}
}
function checkPublicSelection(select) {
/* Get reference to the warning message span */
let warningMessage = document.getElementById("warningMessage");
/* Check if 'Public' is selected */
if (select.value === "public") {
/* Display warning for 'Public' option */
warningMessage.style.display = "inline";
} else {
/* Hide warning for other options */
warningMessage.style.display = "none";
}
}
/* Call checkPublicSelection with the initial selection on page load */
document.addEventListener("DOMContentLoaded", function() {
let smbSecuritySelect = document.querySelector('[name="shareSecurity"]');
checkPublicSelection(smbSecuritySelect);
});
</script>
Reference in New Issue View Git Blame Copy Permalink