Buffalo NAS-Central Forums

Welcome to the Linkstation Wiki community
It is currently Thu Nov 23, 2017 6:36 am

All times are UTC+01:00




Post new topic  Reply to topic  [ 144 posts ]  Go to page Previous 14 5 6 7 810 Next
Author Message
PostPosted: Fri Sep 08, 2006 8:18 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Hey Guys;

I made it work for IE6 SP1+, I added a javescript to run document.execCommand("ClearAuthenticationCache", false). This command is not available for earlier versions of MSIE. Do you guys think I should not worry about this?

Is there a decent way to force a php script not to run a certain browsers? I know that the browser info can be faked, but at least it would be another line of defense.

_________________
http://www.opifer.net


Top
   
PostPosted: Fri Sep 08, 2006 9:21 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Still curious about people's opinions in the above post, but also, I'd like to know if anyone w/ php coding experience is test/review my code. Specifically, my login/logout function.

_________________
http://www.opifer.net


Top
   
PostPosted: Mon Sep 18, 2006 11:45 am 
Offline
Newbie

Joined: Thu Aug 10, 2006 4:59 pm
Posts: 21
Location: United Kingdom (Great Britain)
Hi jon,

How did you get on with your mini project? I haven't got php knowledge but if you require someone to test out your procedure then I'm quite happy to do so.

Cheers,

Sweepsy Cool


Top
   
PostPosted: Mon Sep 18, 2006 5:12 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@SweepsY

Thanks, I'm almost done working out the bugs that I know of. Login and apache errors appear to be fixed. I'm trying to add a disclaimer to the authentication process. When I finish the bugs, probably within the week, I'll ask mindbender to post the php file a let you and others try it out.

Currently:
- samba client 2.2.x needs to be installed. I will package smbclient along w/ the php file. (Don't worry, it's not the entire huge samba).
- currently, users can access their network file via the script. Users can also upload (though I still need to work on http upload to work more efficiently). Drag-n-drop has not yet been added (that's a huge project in itself).
- I also need to edit my script so that other people can easily use my script (right know, I just created functions specific for my network, but changing it so that people can simply set their own vars shouldn't be too difficult.

Thanks again Sweepsy (and everyone else) :)

_________________
http://www.opifer.net


Top
   
PostPosted: Tue Sep 19, 2006 11:26 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@SweepsY - I uploaded my project. You can download from http://buffalo.nas-central.org/download/packages/LS2_MIPSel/lfts_0.88_mipsel.tgz .

Just untar the file and follow the instructions in the README. I'll make a wiki later if people like this and deem it reliable. Please ask me any questions if you don't understand something.


@Everyone else - Please test as well.

I'll post my full project (ie new fonts/ drag-n-drop/ etc.) after bugs have been worked out. The version 0.88 is mostly smbwebclient v2.9 code from Victor Varela (Don't worry, he gave me expressed permission in a email to make this project and edit his work).

Thanks

_________________
http://www.opifer.net


Top
   
PostPosted: Wed Sep 20, 2006 5:08 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@SweepsY,

I'll be upgrading my head router firmware, so my network will be down for a day or so. But afterwards, I'll get back to work on implementing the additional features and the wiki page for LFTS.

The Project Goals include implenting:
1) Drag-n-Drop within browser and also between browser and Windows Explorer (This will be tough).
2) Add a disclaimer pop-up so that users must click "OK" or "Agree" before they're able to access their shares.
3) Change the gui so that the fonts/icons are larger and clearer (Having a difficult time finding XP Default Icon Set).
4) Add a progress bar to Upload function (also need to make http upload function more efficiently).
5) Add icon database so that file icons are taken from the user's computer (also tricky, but do-able).
6) Upgrade smbclient to latest version of 2.2
-- This I'm not sure how to do. The Openlink firmware contains parts of samba 2.2.8. I not sure if I should overwrite 2.2.8 with a newer version (is this safe?). Also, how do I make sure that only the basics of samba (what openlink contains + smbclient) is updated/installed and not the entire prog? Furthermore, what parts of Samba are actually installed with openlink?
-- If there are no major security issues with using the stock samba parts (v2.2.8) and smbclient (v2.2.3), I'll probably just leave it.
-- Note: In case anyone's wondering, the version 2.2.3 of smbclient (the one packaged w/ LFTS) was actually taken from a Debian package. I was unable to get samba 2.2.12 to compile correctly (nor could figure out what parts of Samba to install) and could not find smbclient v2.2.8 for mips, so I used the latest version I could find.

If anyone has ideas/suggestions on implementing these features, please let me know. All help is greatly appreciated.

Thanks.

_________________
http://www.opifer.net


Top
   
PostPosted: Wed Sep 20, 2006 9:23 pm 
Apologies I haven't read all the thread but it looks to me like you are trying to write the functionality that already exists in DAV or am I missing th point?


Top
   
PostPosted: Thu Sep 21, 2006 3:11 am 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@dc2447 - Hi, I'm sort of unsure of what exactly you are pointing to. What exactly are you saying is in DAV (I assume you are talking about WebDAV) that I'm trying to write? What I'm trying to do is create a simple and secure way to access my network shares on the Linkstation w/o the need of special client software. I've accomplished this through Apache w/ SSL, php, and smbclient. Right now I'm just trying to create a user-friendly webmin for uploading/downloading files to and from the shares. I may use the webdav extensions to refine the upload function, but I'm not really writing a new protocol.

Is there a way to accomplish this task with mod_dav? If so, would you mind elaborating as I'm not too familiar with this mod? Much sincere appreciations dc2447. :)

-Also, don't I need to use client software to utilize the webdav extensions? If so, that would defeat my purpose as I don't want the users of my linkstation to have to use any software other than an internet browser (members of family are not exactly IT savvy). I'm quite curious now as to whether or not I can use webdav for my purpose...hmmm.

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 21, 2006 3:56 am 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
I looked at some Webdav Samba gateways like davenport. Though the idea behind it seems very similar, I don't think I can run this off the linkstation. It requires Java, etc. It still doesn't seem very simple for the users, but I could still be wrong. I'm not sure how to implement DAV w/o requiring users to setup Web Folders (which they'd have to do on every computer they use--some of which are university computers).

Note: The original purpose for my project was to secure ftp, but since that could not be done w/o a special ftp client, I decided to use http instead. I still wanted users to access the shares with similar ease and functionality as would just typing ftp.mydomain.tld and using MSIE or Firefox to browse the FTP directories, just using http w/ SSL instead.

http://us1.samba.org/samba/GUI/ is where I found some resources on this. Actually, the SMB Web Client I'm using is listed just above Davenport WebDAV-SMB Gateway. Maybe someone with more experience with this can share, but I think that DAV doesn't works so well with Samba (or at least it's not very easy to setup). So now I wondering if I should stick with trying to develop a webmin for SMB or should try implementing a DAV solution.

Currently, uploads and downloads work fine through PHP. The problem is that users don't know if Uploads are uploaded successfully (this I do know how to add). I guess the main issue would be the drag-n-drop which is not necessary, but would be nice.

Thanks again dc2447 for you interesting insite. All help is greatly appreciated. Thanks.

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 21, 2006 5:36 am 
Webdav requires no client side software - windows users map a network drive under my network places, KDE users man a drive in Konquerer, Gnome users map a drive in Nauilus.

But you can take dav futher - dav2fs allows *nix users to use dav shares as mounted file systems - see dav2fs.

Want version control? Dav and Subversion are very closely integrated.


Top
   
PostPosted: Thu Sep 21, 2006 12:26 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
Hmmm...I see how this could be useful for computers that my users use all the time (ie work comps). My worry comes when users want to access their files from university or library computers. I'm not sure if my users want to have to create web folders for every new computer and remove the web folder after their done. I'm not sure if the unversity allows regular users to create network maps. Is there a way to integrate dav into my server w/o and not require users to map network drives?

So, for example, a users would type https://www.mydomain.tld (SSL) in a browser, and would simply have to login and then can access their files in a similar manner as accessing ftp shares through a modern browser. Is this possible?

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 21, 2006 4:37 pm 
Quote:
Hmmm...I see how this could be useful for computers that my users use all the time (ie work comps). My worry comes when users want to access their files from university or library computers. I'm not sure if my users want to have to create web folders for every new computer and remove the web folder after their done. I'm not sure if the unversity allows regular users to create network maps. Is there a way to integrate dav into my server w/o and not require users to map network drives?


It's a HTTP conection, your university *does* allow HTTP doesn't it?

Quote:
So, for example, a users would type https://www.mydomain.tld (SSL) in a browser, and would simply have to login and then can access their files in a similar manner as accessing ftp shares through a modern browser. Is this possible?


This is how is works in Konquerer and I believe IE (although I don't have IE to test).

You seem to be leaning towards a web based file manager

http://navphp.sourceforge.net/screenshot.png

Personally I don't like these as hisorically thesy were an avenue to getting R00ted

Your milage may vary


Top
   
PostPosted: Thu Sep 21, 2006 8:30 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
@dc2447 - of course the university allows HTTP :), What I'm saying is I believe using Web Folders has been disabled. I mean, I don't believe that they allow regular users to map network drives. (Note - I've got to make this work for three universities as well as libraries and the office --> basically everywhere). Also, I don't want to have to users to have to setup the connection (as I can't even create webfolders on every computer they'd possibly use).

I want them to just simply type https://www.mydomain.tld and be presented with a login mechanism and bingo they've got access to their (and theirs only) Linkstation Shares. The functionality I want I think you already understand. You said that you believe this is possible with Konquerer and IE -- correct? I hope firefox and Safari works too as one university network disabled MSIE on the Windows Computers.

The web based file manager is precisely what I've been creating/modifying. I actually tried navphp - didn't like it.

dc2447 wrote:
Personally I don't like these as hisorically thesy were an avenue to getting R00ted

My apologies here, but what exactly do you mean?

Using DAV does seem to be a possible solution as long as users don't have to setup anything. Like I said above, the users can access their shares similar to how they would access ftp shares through a modern browser.

_________________
http://www.opifer.net


Top
   
PostPosted: Thu Sep 21, 2006 8:59 pm 
Quote:
@dc2447 - of course the university allows HTTP, What I'm saying is I believe using Web Folders has been disabled. I mean, I don't believe that they allow regular users to map network drives. (Note - I've got to make this work for three universities as well as libraries and the office --> basically everywhere). Also, I don't want to have to users to have to setup the connection (as I can't even create webfolders on every computer they'd possibly use).


I guess there might be some way of locking down windows so it doesn't allow web folders but I think it would be unlikely. Don't forget this is all over http - there is no cifs or other nasty protocols that can be easily locked down by over zealous firewall admins. If you can get to a webpage then I'm pretty sure you can get to dav shares.

Quote:
I want them to just simply type https://www.mydomain.tld and be presented with a login mechanism and bingo they've got access to their (and theirs only) Linkstation Shares. The functionality I want I think you already understand. You said that you believe this is possible with Konquerer and IE -- correct? I hope firefox and Safari works too as one university network disabled MSIE on the Windows Computers.


There are many dav clients out there - I can't verify if firefox or safari - google will probably know.

Quote:
My apologies here, but what exactly do you mean?


PHP scripts running as file managers have a chequered history as file managers wrt security. It is difficult (not impossible) to lock down what a malicious user can do when you are running exec commands on a live filesystem via PHP. With DAV you are effectively chrooted into your share.

Quote:
Using DAV does seem to be a possible solution as long as users don't have to setup anything. Like I said above, the users can access their shares similar to how they would access ftp shares through a modern browser.


There are many DAV clients out there. Of course you are going to have to do some setup, at a bare minimum an apache config and some method of authentication.


Top
   
PostPosted: Thu Sep 21, 2006 10:25 pm 
Offline
Site Admin

Joined: Fri Aug 04, 2006 2:37 am
Posts: 1652
Location: United States of America
dc2447 wrote:
There are many DAV clients out there. Of course you are going to have to do some setup, at a bare minimum an apache config and some method of authentication.


I meant I don't want user (ie. my family) to have to setup stuff; I know I would have to setup apache, etc -- that's not a problem.

dc2447 wrote:
PHP scripts running as file managers have a chequered history as file managers wrt security. It is difficult (not impossible) to lock down what a malicious user can do when you are running exec commands on a live filesystem via PHP.


I figured that's what you meant. I'm aware that there are security issues with PHP exec commands. Currently, I have configured Apache not to allow exec commands in certain directories. I had planned to run PHP in Safe Mode as well. Also, SSL increases security in the sense of better preventing password-sniffing (though I know it can still be done). I also have planned to setup PHP to run as a different user/not root and place PHP in a chroot jail.

Also, I have confirmed that the university has disabled mapping-network drives (via IIS and Novell I assume as that's what they use network wise).

Firefox does not have a DAV client w/o using a plugin, so using firefox won't work. I'm not sure Safari. I'll have to consider my options here...

_________________
http://www.opifer.net


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 144 posts ]  Go to page Previous 14 5 6 7 810 Next

All times are UTC+01:00


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited