mirror of
https://github.com/unraid/webgui.git
synced 2026-01-21 17:10:15 -06:00
379 lines
17 KiB
Plaintext
379 lines
17 KiB
Plaintext
Menu="Disk Share Flash"
|
|
Title="SMB Security Settings"
|
|
Tag="windows"
|
|
Cond="(($var['shareSMBEnabled']!='no') && (isset($name)?array_key_exists($name,$sec):0))"
|
|
---
|
|
<?PHP
|
|
/* Copyright 2005-2020, Lime Technology
|
|
* Copyright 2012-2020, Bergware International.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License version 2,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*/
|
|
?>
|
|
<?
|
|
require_once "$docroot/webGui/include/InputSecurity.php";
|
|
|
|
$width = [123,300];
|
|
?>
|
|
:help15
|
|
> *Read settings from* is used to preset the SMB security settings of the current selected share with the settings of an existing share.
|
|
>
|
|
> Select the desired share name and press **Read** to copy the SMB security settings from the selected source.
|
|
>
|
|
> *Write settings to* is used to copy the SMB security settings of the current selected share to one or more other existing shares.
|
|
>
|
|
> Select the desired destinations and press **Write** to copy the SMB security settings to the selected shares.
|
|
:end
|
|
|
|
<div class="clone1">
|
|
<span class="clone">_(Read settings from)_</span><i class="fa fa-arrow-left fa-fw"></i>
|
|
<span class="wrap"><select name="readsmb" class="clone" onchange="toggleButton('readsmb',false)">
|
|
<option disabled selected>_(select)_...</option>
|
|
<?
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name) echo mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name) echo mk_option("", $list['name'], $list['name']);
|
|
}
|
|
?>
|
|
</select></span><input type="button" id="readsmb" value="_(Read)_" class="clone" onclick="readSMB()" disabled>
|
|
</div>
|
|
<div class="clone2">
|
|
<span class="clone">_(Write settings to)_</span><i class="fa fa-arrow-right fa-fw"></i>
|
|
<span class="wrap"><select id="smb1" name="writesmb" multiple="multiple" style="display:none" onchange="toggleButton('writesmb',this.id)">
|
|
<?
|
|
$rows = [];
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name) $rows[] = mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name) $rows[] = mk_option("", $list['name'], $list['name']);
|
|
}
|
|
if ($rows) echo "<option>("._('All').")</option>";
|
|
foreach ($rows as $row) echo $row;
|
|
?>
|
|
</select></span><input type="button" id="writesmb" value="_(Write)_" class="clone" onclick="writeSMB()" disabled>
|
|
</div>
|
|
|
|
<form markdown="1" name="smb_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writesmb',true);$('#smb1').dropdownchecklist('disable')">
|
|
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
|
|
|
|
_(Share name)_:
|
|
: <?=htmlspecialchars($name)?>
|
|
|
|
<?if (($name=='flash')||($var['enableFruit']!='yes')):?>
|
|
_(Export)_:
|
|
: <select name="shareExport">
|
|
<?=mk_option($sec[$name]['export'], "-", _('No'))?>
|
|
<?=mk_option($sec[$name]['export'], "e", _('Yes'))?>
|
|
<?=mk_option($sec[$name]['export'], "eh", _('Yes (hidden)'))?>
|
|
</select>
|
|
|
|
:help16
|
|
> This setting determines whether the share is visible and/or accessible. The 'Yes (hidden)' setting
|
|
> will *hide* the share from *browsing* but is still accessible if you know the share name.
|
|
:end
|
|
|
|
<input type="hidden" name="shareVolsizelimit" value="">
|
|
<?else:?>
|
|
_(Export)_:
|
|
: <select name="shareExport" onchange="checkShareSettingsSMB(this.form)">
|
|
<?=mk_option($sec[$name]['export'], "-", _('No'))?>
|
|
<?=mk_option($sec[$name]['export'], "e", _('Yes'))?>
|
|
<?=mk_option($sec[$name]['export'], "eh", _('Yes (hidden)'))?>
|
|
<?=mk_option($sec[$name]['export'], "et", _('Yes/Time Machine'))?>
|
|
<?=mk_option($sec[$name]['export'], "eth", _('Yes/Time Machine (hidden)'))?>
|
|
</select>
|
|
|
|
:help17
|
|
> This setting determines whether the share is visible and/or accessible. The 'Yes (hidden)' setting
|
|
> will *hide* the share from *browsing* but is still accessible if you know the share name.
|
|
:end
|
|
|
|
_(Time Machine volume size limit)_:
|
|
: <input type="text" name="shareVolsizelimit" maxlen="20" value="<?=$sec[$name]['volsizelimit']?>"> MB
|
|
|
|
:help18
|
|
> This limits the reported volume size, preventing Time Machine from using the entire real disk space
|
|
> for backup. For example, setting this value to "1024" would limit the reported disk space to 1GB.
|
|
:end
|
|
|
|
<?endif;?>
|
|
<?if ($name!='flash'):?>
|
|
_(Case-sensitive names)_:
|
|
: <select name="shareCaseSensitive">
|
|
<?=mk_option($sec[$name]['caseSensitive'], "auto", _("Auto"))?>
|
|
<?=mk_option($sec[$name]['caseSensitive'], "yes", _("Yes"))?>
|
|
<?=mk_option($sec[$name]['caseSensitive'], "forced", _("Force lower"))?>
|
|
</select>
|
|
|
|
:help201
|
|
> Controls whether filenames are case-sensitive.
|
|
>
|
|
> The default setting of **auto** allows clients that support case sensitive filenames (Linux CIFSVFS)
|
|
> to tell the Samba server on a per-packet basis that they wish to access the file system in a case-sensitive manner (to support UNIX
|
|
> case sensitive semantics). No Windows system supports case-sensitive filenames so setting this option to **auto** is the same as
|
|
> setting it to No for them; however, the case of filenames passed by a Windows client will be preserved. This setting can result
|
|
> in reduced peformance with very large directories because Samba must do a filename search and match on passed names.
|
|
>
|
|
> A setting of **Yes** means that files are created with the case that the client passes, and only accessible using this same case.
|
|
> This will speed very large directory access, but some Windows applications may not function properly with this setting. For
|
|
> example, if "MyFile" is created but a Windows app attempts to open "MYFILE" (which is permitted in Windows), it will not be found.
|
|
>
|
|
> A value of **Forced lower** is special: the case of all incoming client filenames, not just new filenames, will be set to lower-case.
|
|
> In other words, no matter what mixed case name is created on the Windows side, it will be stored and accessed in all lower-case. This
|
|
> ensures all Windows apps will properly find any file regardless of case, but case will not be preserved in folder listings.
|
|
> Note this setting should only be configured for new shares.
|
|
:end
|
|
|
|
<?endif;?>
|
|
_(Security)_:
|
|
: <select name="shareSecurity">
|
|
<?=mk_option($sec[$name]['security'], "public", _('Public'))?>
|
|
<?=mk_option($sec[$name]['security'], "secure", _('Secure'))?>
|
|
<?=mk_option($sec[$name]['security'], "private", _('Private'))?>
|
|
</select>
|
|
|
|
:help19
|
|
> Summary of security modes:
|
|
>
|
|
> **Public** All users including guests have full read/write access.
|
|
>
|
|
> **Secure** All users including guests have read access, you select which of your users
|
|
> have write access.
|
|
>
|
|
> **Private** No guest access at all, you select which of your users have read/write or
|
|
> read-only access.
|
|
:end
|
|
|
|
|
|
: <input type="submit" name="changeShareSecurity" value="_(Apply)_" disabled><input type="button" value="_(Done)_" onclick="done()">
|
|
</form>
|
|
|
|
<?if ($sec[$name]['security']=='secure'):?>
|
|
<div id="title" class="nocontrol"><dt>_(SMB)_ _(User Access)_</dt><i>_(Guests have **read-only** access)_.</i></div>
|
|
|
|
:help20
|
|
> *Read settings from* is used to preset the SMB User Access settings of the current selected share with the settings of an existing share.
|
|
>
|
|
> Select the desired share name and press **Read** to copy the SMB security settings from the selected source.
|
|
>
|
|
> *Write settings to* is used to copy the SMB User Access settings of the current share to one or more other existing shares.
|
|
>
|
|
> Select the desired destinations and press **Write** to copy the SMB User access settings to the selected shares.
|
|
:end
|
|
|
|
<div class="clone1">
|
|
<span class="clone">_(Read settings from)_</span><i class="fa fa-arrow-left fa-fw"></i>
|
|
<span class="wrap"><select name="readusersmb" class="clone" onchange="toggleButton('readusersmb',false)">
|
|
<option disabled selected>_(select)_...</option>
|
|
<?
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') echo mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') echo mk_option("", $list['name'], $list['name']);
|
|
}
|
|
?>
|
|
</select></span><input type="button" id="readusersmb" value="_(Read)_" class="clone" onclick="readUserSMB()" disabled>
|
|
</div>
|
|
<div class="clone2">
|
|
<span class="clone">_(Write settings to)_</span><i class="fa fa-arrow-right fa-fw"></i>
|
|
<span class="wrap"><select id="smb2" name="writeusersmb" multiple="multiple" style="display:none" onchange="toggleButton('writeusersmb',this.id)">
|
|
<?
|
|
$rows = [];
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') $rows[] = mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='secure') $rows[] = mk_option("", $list['name'], $list['name']);
|
|
}
|
|
if ($rows) echo "<option>("._('All').")</option>";
|
|
foreach ($rows as $row) echo $row;
|
|
?>
|
|
</select></span><input type="button" id="writeusersmb" value="_(Write)_" class="clone" onclick="writeUserSMB()" disabled>
|
|
</div>
|
|
|
|
<form markdown="1" name="smb_user_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writeusersmb',true);$('#smb2').dropdownchecklist('disable')">
|
|
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
|
|
<?input_secure_users($sec)?>
|
|
|
|
|
|
: <input type="submit" name="changeShareAccess" value="_(Apply)_" disabled><input type="button" value="_(Done)_" onclick="done()">
|
|
</form>
|
|
|
|
<?elseif ($sec[$name]['security']=='private'):?>
|
|
<div id="title" class="nocontrol"><dt>_(SMB)_ _(User Access)_</dt><i>_(Guests have **no** access)_.</i></div>
|
|
|
|
:help21
|
|
> *Read settings from* is used to preset the SMB User Access settings of the current selected share with the settings of an existing share.
|
|
>
|
|
> Select the desired share name and press **Read** to copy the SMB security settings from the selected source.
|
|
>
|
|
> *Write settings to* is used to copy the SMB User Access settings of the current share to one or more other existing shares.
|
|
>
|
|
> Select the desired destinations and press **Write** to copy the SMB User access settings to the selected shares.
|
|
:end
|
|
|
|
<div class="clone1">
|
|
<span class="clone">_(Read settings from)_</span><i class="fa fa-arrow-left fa-fw"></i>
|
|
<span class="wrap"><select name="readusersmb" class="clone" onchange="toggleButton('readusersmb',false)">
|
|
<option disabled selected>_(select)_...</option>
|
|
<?
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') echo mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') echo mk_option("", $list['name'], $list['name']);
|
|
}
|
|
?>
|
|
</select></span><input type="button" id="readusersmb" value="_(Read)_" class="clone" onclick="readUserSMB()" disabled>
|
|
</div>
|
|
<div class="clone2">
|
|
<span class="clone">_(Write settings to)_</span><i class="fa fa-arrow-right fa-fw"></i>
|
|
<span class="wrap"><select id="smb2" name="writeusersmb" multiple="multiple" style="display:none" onchange="toggleButton('writeusersmb',this.id)">
|
|
<?
|
|
$rows = [];
|
|
if (isset($disks[$name])) {
|
|
foreach (array_filter($disks,'clone_list') as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') $rows[] = mk_option("", $list['name'], my_lang(my_disk($list['name']),3));
|
|
} else {
|
|
foreach ($shares as $list) if ($list['name']!=$name && $sec[$list['name']]['security']=='private') $rows[] = mk_option("", $list['name'], $list['name']);
|
|
}
|
|
if ($rows) echo "<option>("._('All').")</option>";
|
|
foreach ($rows as $row) echo $row;
|
|
?>
|
|
</select></span><input type="button" id="writeusersmb" value="_(Write)_" class="clone" onclick="writeUserSMB()" disabled>
|
|
</div>
|
|
|
|
<form markdown="1" name="smb_user_edit" method="POST" action="/update.htm" target="progressFrame" onchange="toggleButton('writeusersmb',true);$('#smb2').dropdownchecklist('disable')">
|
|
<input type="hidden" name="shareName" value="<?=htmlspecialchars($name)?>">
|
|
<?input_private_users($sec)?>
|
|
|
|
|
|
: <input type="submit" name="changeShareAccess" value="_(Apply)_" disabled><input type="button" value="_(Done)_" onclick="done()">
|
|
</form>
|
|
<?endif;?>
|
|
|
|
<script>
|
|
$(function() {
|
|
checkShareSettingsSMB(document.smb_edit);
|
|
initDropdownSMB(false);
|
|
<?if ($tabbed):?>
|
|
$('#tab'+$('input[name$="tabs"]').length).bind({click:function(){initDropdownSMB(true);}});
|
|
<?endif;?>
|
|
<?if (count($users)==1):?>
|
|
toggleButton('readusersmb',true);
|
|
toggleButton('writeusersmb',true);
|
|
$('#smb2').dropdownchecklist('disable');
|
|
<?endif;?>
|
|
});
|
|
function checkShareSettingsSMB(form) {
|
|
form.shareVolsizelimit.disabled = (form.shareExport.value.indexOf("et") == -1);
|
|
}
|
|
function initDropdownSMB(reset) {
|
|
if (reset) {
|
|
$('#smb1').dropdownchecklist('destroy');
|
|
$('#smb2').dropdownchecklist('destroy');
|
|
}
|
|
$("#smb1").dropdownchecklist({firstItemChecksAll:true, emptyText:'_(select)_...', width:<?=$width[0]?>, explicitClose:'..._(close)_'});
|
|
$("#smb2").dropdownchecklist({firstItemChecksAll:true, emptyText:'_(select)_...', width:<?=$width[0]?>, explicitClose:'..._(close)_'});
|
|
}
|
|
function readSMB() {
|
|
var form = document.smb_edit;
|
|
var name = $('select[name="readsmb"]').val();
|
|
$.get('/webGui/include/ProtocolData.php',{protocol:'smb',name:name},function(json) {
|
|
var data = $.parseJSON(json);
|
|
form.shareExport.value = data.export;
|
|
form.shareFruit.value = data.fruit;
|
|
form.shareSecurity.value = data.security;
|
|
});
|
|
$(form).find('select').trigger('change');
|
|
}
|
|
function writeSMB(data,n,i) {
|
|
if (data) {
|
|
if (n<i) {
|
|
$.post('/update.htm',data[n], function(){setTimeout(function(){writeSMB(data,++n,i);},3000);});
|
|
} else {
|
|
toggleButton('writesmb',false);
|
|
$('div.spinner.fixed').hide();
|
|
}
|
|
} else {
|
|
var data = [], i = 0;
|
|
$('select#smb1 option').map(function() {
|
|
if ($(this).prop('selected')==true && $(this).val()!='(_(All)_)') {
|
|
data[i] = {};
|
|
data[i]['shareName'] = $(this).val();
|
|
data[i]['shareExport'] = '<?=addslashes(htmlspecialchars($sec[$name]['export']))?>';
|
|
data[i]['shareFruit'] = '<?=addslashes(htmlspecialchars($sec[$name]['fruit']))?>';
|
|
data[i]['shareSecurity'] = '<?=addslashes(htmlspecialchars($sec[$name]['security']))?>';
|
|
data[i]['changeShareSecurity'] = 'Apply';
|
|
i++;
|
|
}
|
|
});
|
|
toggleButton('writesmb',true);
|
|
$('div.spinner.fixed').show('slow');
|
|
writeSMB(data,0,i);
|
|
}
|
|
}
|
|
function readUserSMB() {
|
|
var form = document.smb_user_edit;
|
|
var name = $('select[name="readusersmb"]').val();
|
|
var users = {};
|
|
<?
|
|
foreach ($users as $user) {
|
|
if ($user['name'] == "root") continue;
|
|
echo "users['{$user['name']}'] = {$user['idx']};\n";
|
|
}
|
|
?>
|
|
$.get('/webGui/include/ProtocolData.php',{protocol:'smb',name:name},function(json) {
|
|
var data = $.parseJSON(json);
|
|
var readList = data.readList.split(',');
|
|
var writeList = data.writeList.split(',');
|
|
$(form).find('select[name^="userAccess."]').each(function(){$(this).val('no-access');});
|
|
for (var i=0; i < readList.length; i++) $(form).find('select[name="userAccess.'+users[readList[i]]+'"]').val('read-only');
|
|
for (var i=0; i < writeList.length; i++) $(form).find('select[name="userAccess.'+users[writeList[i]]+'"]').val('read-write');
|
|
});
|
|
$(form).find('select').trigger('change');
|
|
}
|
|
function writeUserSMB(data,n,i) {
|
|
if (data) {
|
|
if (n<i) {
|
|
$.post('/update.htm',data[n], function(){setTimeout(function(){writeUserSMB(data,++n,i);},3000);});
|
|
} else {
|
|
toggleButton('writeusersmb',false);
|
|
$('div.spinner.fixed').hide();
|
|
}
|
|
} else {
|
|
var data = [], i = 0;
|
|
$('select#smb2 option').map(function() {
|
|
if ($(this).prop('selected')==true && $(this).val()!='(_(All)_)') {
|
|
data[i] = {};
|
|
data[i]['shareName'] = $(this).val();
|
|
data[i]['userAccess.0'] = 'no-access';
|
|
<?
|
|
$read_list = explode(",", $sec[$name]['readList']);
|
|
$write_list = explode(",", $sec[$name]['writeList']);
|
|
foreach ($users as $user) {
|
|
if ($user['name'] == "root") continue;
|
|
$idx = $user['idx'];
|
|
$userAccess = null;
|
|
if ($sec[$name]['security']=='secure') {
|
|
$userAccess = in_array($user['name'], $write_list) ? "read-write" : "read-only";
|
|
} elseif ($sec[$name]['security'] == 'private') {
|
|
$userAccess = in_array($user['name'], $write_list) ? "read-write" : (in_array($user['name'], $read_list) ? "read-only" : "no-access");
|
|
}
|
|
if ($userAccess) echo "data[i]['userAccess.$idx'] = '$userAccess';\n";
|
|
}
|
|
?>
|
|
data[i]['changeShareAccess'] = 'Apply';
|
|
i++;
|
|
}
|
|
});
|
|
toggleButton('writeusersmb',true);
|
|
$('div.spinner.fixed').show('slow');
|
|
writeUserSMB(data,0,i);
|
|
}
|
|
}
|
|
</script>
|