From 8546c5a9aa124db27fd28dc4b602d1080d23e668 Mon Sep 17 00:00:00 2001 From: mglae Date: Thu, 11 May 2023 00:21:10 +0200 Subject: [PATCH 1/5] samba: include smbd-config in samba-config smbd-config is only used from samba-config and therefore deleted. /run/samba/smb.conf is created in a single step via temp file --- packages/network/samba/package.mk | 1 - packages/network/samba/scripts/samba-config | 105 +++++++++++++++++--- packages/network/samba/scripts/smbd-config | 77 -------------- 3 files changed, 89 insertions(+), 94 deletions(-) delete mode 100755 packages/network/samba/scripts/smbd-config diff --git a/packages/network/samba/package.mk b/packages/network/samba/package.mk index 4f5ebadf54..cf7b9439be 100644 --- a/packages/network/samba/package.mk +++ b/packages/network/samba/package.mk @@ -173,7 +173,6 @@ post_makeinstall_target() { mkdir -p ${INSTALL}/usr/lib/samba cp ${PKG_DIR}/scripts/samba-config ${INSTALL}/usr/lib/samba - cp ${PKG_DIR}/scripts/smbd-config ${INSTALL}/usr/lib/samba cp ${PKG_DIR}/scripts/samba-autoshare ${INSTALL}/usr/lib/samba if find_file_path config/smb.conf; then diff --git a/packages/network/samba/scripts/samba-config b/packages/network/samba/scripts/samba-config index 927010695b..a5c085b7b9 100755 --- a/packages/network/samba/scripts/samba-config +++ b/packages/network/samba/scripts/samba-config @@ -2,40 +2,113 @@ # SPDX-License-Identifier: GPL-2.0-or-later # Copyright (C) 2009-2017 Stephan Raue (stephan@openelec.tv) +# Copyright (C) 2020-present Team LibreELEC (https://libreelec.tv) SMB_USERCONF="/storage/.config/samba.conf" SMB_DEFCONF="/etc/samba/smb.conf" SMB_CONF="/run/samba/smb.conf" +SMB_DIR=$(dirname ${SMB_CONF}) +mkdir -p ${SMB_DIR} +SMB_TMP=$(mktemp -p ${SMB_DIR}) + SMB_USERCONF_IS_VALID=no SMB_CONFIG_VERSION=4 # If user config is based on legacy OpenELEC, or old version (or no version) # then don't use it, and log a warning. -if [ -f $SMB_USERCONF ]; then - SMB_IS_LEGACY="$(awk 'NR <= 2 && /This file is part of OpenELEC/{ print }' $SMB_USERCONF)" - SMB_THIS_VER="$(awk '/^# samba.conf v[0-9\.]*/{ print substr($3,2); exit }' $SMB_USERCONF)" +if [ -f ${SMB_USERCONF} ]; then + SMB_IS_LEGACY="$(awk 'NR <= 2 && /This file is part of OpenELEC/{ print }' ${SMB_USERCONF})" + SMB_THIS_VER="$(awk '/^# samba.conf v[0-9\.]*/{ print substr($3,2); exit }' ${SMB_USERCONF})" if [ -n "${SMB_IS_LEGACY}" ]; then - echo "WARNING: Ignoring user config $SMB_USERCONF due to incompatibility [Old style OpenELEC]" + echo "WARNING: Ignoring user config ${SMB_USERCONF} due to incompatibility [Old style OpenELEC]" elif [ -z "${SMB_THIS_VER}" ]; then - echo "WARNING: Ignoring user config $SMB_USERCONF due to incompatibility [version is unknown or invalid]" + echo "WARNING: Ignoring user config ${SMB_USERCONF} due to incompatibility [version is unknown or invalid]" elif [ ${SMB_THIS_VER} != ${SMB_CONFIG_VERSION} ]; then - echo "WARNING: Ignoring user config $SMB_USERCONF due to incompatibility [version ${SMB_THIS_VER} is not the required version $SMB_CONFIG_VERSION]" + echo "WARNING: Ignoring user config ${SMB_USERCONF} due to incompatibility [version ${SMB_THIS_VER} is not the required version ${SMB_CONFIG_VERSION}]" else SMB_USERCONF_IS_VALID=yes fi fi -mkdir -p $(dirname $SMB_CONF) - if [ $SMB_USERCONF_IS_VALID = yes ]; then - cp $SMB_USERCONF $SMB_CONF - else - cp $SMB_DEFCONF $SMB_CONF - fi - -# Generate smb.conf, unless disabled -if [ ! -f /storage/.cache/services/samba.disabled ]; then - /usr/lib/samba/smbd-config +if [ ${SMB_USERCONF_IS_VALID} = yes ]; then + cp ${SMB_USERCONF} ${SMB_TMP} +else + cp ${SMB_DEFCONF} ${SMB_TMP} fi +echo >>${SMB_TMP} + +if [ ! -f /storage/.cache/services/samba.disabled ]; then + + ### Generate smb.conf + + if [ ! -f /storage/.cache/services/samba.conf ]; then + cp /usr/share/services/samba.conf /storage/.cache/services + fi + + # Specify defaults here, in case these new properties not yet added in .cache + SAMBA_WORKGROUP=WORKGROUP + SAMBA_MINPROTOCOL=SMB2 + SAMBA_MAXPROTOCOL=SMB3 + + . /storage/.cache/services/samba.conf + + # fixup synonyms + sed -i 's/browsable/browseable/g; s/writable/writeable/g' ${SMB_TMP} + + # handle external drives + if [ "${SAMBA_AUTOSHARE}" = "true" ] ; then + for dir in /media/* ; do + if [ -d "$dir" ] ; then + name=$(basename "$dir") + echo -e "[$name]\n path = $dir\n available = yes\n browseable = yes\n public = yes\n writeable = yes\n" >> ${SMB_TMP} + fi + done + fi + + # Allow access to a "failed" (safe mode) Kodi installation + if [ -d /storage/.kodi.FAILED ]; then + echo -e "[Kodi-Failed]\n path = /storage/.kodi.FAILED\n available = yes\n browseable = yes\n public = yes\n writeable = yes\n" >> ${SMB_TMP} + fi + + ADD_CONFIG= + + # If workgroup is not set, don't set it - who knows, user may know better. + if [ -n "$SAMBA_WORKGROUP" ]; then + # Remove any existing workgroup setting + sed -E '/^[[:space:]]*workgroup[[:space:]]*=/d' -i ${SMB_TMP} + ADD_CONFIG="${ADD_CONFIG} workgroup = ${SAMBA_WORKGROUP:-WORKGROUP}\n" + fi + + ADD_CONFIG="${ADD_CONFIG} server min protocol = ${SAMBA_MINPROTOCOL/SMB1/NT1}\n" + ADD_CONFIG="${ADD_CONFIG} server max protocol = ${SAMBA_MAXPROTOCOL/SMB1/NT1}\n" + + # Add extra config after [global], escaping spaces so that all are retained by sed + sed -e "/\[global\]/ a ${ADD_CONFIG// /\\ }" -i ${SMB_TMP} + + if [ "${SAMBA_SECURE}" = "true" -a -n "${SAMBA_USERNAME}" -a -n "${SAMBA_PASSWORD}" ] ; then + # username map: first line makes sure plain root does not work all the time + # processing continues, so if user chooses root as username, second line overrides the first + # this is done always in case user uses passwords in userconf. + # many thanks to viljoviitanen for this + printf "%s\n%s" "${SAMBA_PASSWORD}" "${SAMBA_PASSWORD}" | smbpasswd -s -a root >/dev/null 2>&1 + printf "nobody = root\nroot = %s" "${SAMBA_USERNAME}" > /run/samba/samba.map + + sed -e 's|^.[ \t]*.public.=.*| public = no |' \ + -e 's|^.[ \t]*.username map.=.*||' \ + -e 's|^.[ \t]*.security.=.*| security = user\n username map = /run/samba/samba.map|' \ + -e 's|^.[ \t]*.map.to.guest.=.*| map to guest = Never|' \ + -i ${SMB_TMP} + else + sed -e 's|^.[ \t]*.public.=.*| public = yes |' \ + -e 's|^.[ \t]*.username map.=.*||' \ + -e 's|^.[ \t]*.security.=.*| security = user|' \ + -e 's|^.[ \t]*.map.to.guest.=.*| map to guest = Bad User|' \ + -i ${SMB_TMP} + fi +fi + +mv -f ${SMB_TMP} ${SMB_CONF} + exit 0 diff --git a/packages/network/samba/scripts/smbd-config b/packages/network/samba/scripts/smbd-config deleted file mode 100755 index aed4730a3a..0000000000 --- a/packages/network/samba/scripts/smbd-config +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/sh - -# SPDX-License-Identifier: GPL-2.0-or-later -# Copyright (C) 2009-2017 Stephan Raue (stephan@openelec.tv) -# Copyright (C) 2020-present Team LibreELEC (https://libreelec.tv) - -SMB_CONF="/run/samba/smb.conf" -SMB_TMP="$(mktemp -p /run/samba)" - -cp -f $SMB_CONF $SMB_TMP - -if [ ! -f /storage/.cache/services/samba.conf ]; then - cp /usr/share/services/samba.conf /storage/.cache/services -fi - -# Specify defaults here, in case these new properties not yet added in .cache -SAMBA_WORKGROUP=WORKGROUP -SAMBA_MINPROTOCOL=SMB2 -SAMBA_MAXPROTOCOL=SMB3 - -. /storage/.cache/services/samba.conf - -# fixup synonyms -sed -i 's/browsable/browseable/g; s/writable/writeable/g' $SMB_TMP - -# handle external drives -if [ "$SAMBA_AUTOSHARE" == "true" ] ; then - for dir in /media/* ; do - if [ -d "$dir" ] ; then - name=$(basename "$dir") - echo -e "[$name]\n path = $dir\n available = yes\n browseable = yes\n public = yes\n writeable = yes\n" >> $SMB_TMP - fi - done -fi - -# Allow access to a "failed" (safe mode) Kodi installation -if [ -d /storage/.kodi.FAILED ]; then - echo -e "[Kodi-Failed]\n path = /storage/.kodi.FAILED\n available = yes\n browseable = yes\n public = yes\n writeable = yes\n" >> $SMB_TMP -fi - -ADD_CONFIG= - -# If workgroup is not set, don't set it - who knows, user may know better. -if [ -n "$SAMBA_WORKGROUP" ]; then - # Remove any existing workgroup setting - sed -E '/^[[:space:]]*workgroup[[:space:]]*=/d' -i $SMB_TMP - ADD_CONFIG="${ADD_CONFIG} workgroup = ${SAMBA_WORKGROUP:-WORKGROUP}\n" -fi - -ADD_CONFIG="${ADD_CONFIG} server min protocol = ${SAMBA_MINPROTOCOL/SMB1/NT1}\n" -ADD_CONFIG="${ADD_CONFIG} server max protocol = ${SAMBA_MAXPROTOCOL/SMB1/NT1}\n" - -# Add extra config after [global], escaping spaces so that all are retained by sed -sed -e "/\[global\]/ a ${ADD_CONFIG// /\\ }" -i $SMB_TMP - -if [ "$SAMBA_SECURE" == "true" -a ! "$SAMBA_USERNAME" == "" -a ! "$SAMBA_PASSWORD" == "" ] ; then - # username map: first line makes sure plain root does not work all the time - # processing continues, so if user chooses root as username, second line overrides the first - # this is done always in case user uses passwords in userconf. - # many thanks to viljoviitanen for this - printf "%s\n%s" "$SAMBA_PASSWORD" "$SAMBA_PASSWORD" | smbpasswd -s -a root >/dev/null 2>&1 - printf "nobody = root\nroot = %s" "$SAMBA_USERNAME" > /run/samba/samba.map - - sed -e 's|^.[ \t]*.public.=.*| public = no |' \ - -e 's|^.[ \t]*.username map.=.*||' \ - -e 's|^.[ \t]*.security.=.*| security = user\n username map = /run/samba/samba.map|' \ - -e 's|^.[ \t]*.map.to.guest.=.*| map to guest = Never|' \ - -i $SMB_TMP -else - sed -e 's|^.[ \t]*.public.=.*| public = yes |' \ - -e 's|^.[ \t]*.username map.=.*||' \ - -e 's|^.[ \t]*.security.=.*| security = user|' \ - -e 's|^.[ \t]*.map.to.guest.=.*| map to guest = Bad User|' \ - -i $SMB_TMP -fi - -mv -f $SMB_TMP $SMB_CONF From 401b898ff5f1ce4fce0a4ec37ec4ed88aa151d46 Mon Sep 17 00:00:00 2001 From: mglae Date: Thu, 11 May 2023 00:21:24 +0200 Subject: [PATCH 2/5] samba: samba-config: gain exclusive access with flock --- packages/network/samba/scripts/samba-config | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/packages/network/samba/scripts/samba-config b/packages/network/samba/scripts/samba-config index a5c085b7b9..64cd5e22a2 100755 --- a/packages/network/samba/scripts/samba-config +++ b/packages/network/samba/scripts/samba-config @@ -10,6 +10,12 @@ SMB_CONF="/run/samba/smb.conf" SMB_DIR=$(dirname ${SMB_CONF}) mkdir -p ${SMB_DIR} + +# exclusive access +SMB_LOCK="${SMB_DIR}/samba-config.lock" +exec 200>"${SMB_LOCK}" +flock 200 + SMB_TMP=$(mktemp -p ${SMB_DIR}) SMB_USERCONF_IS_VALID=no From 207500ef036f3a0eecd1acc92bee44e7be2553e4 Mon Sep 17 00:00:00 2001 From: mglae Date: Thu, 11 May 2023 00:21:38 +0200 Subject: [PATCH 3/5] samba: samba-config: support user name with spaces --- packages/network/samba/scripts/samba-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/network/samba/scripts/samba-config b/packages/network/samba/scripts/samba-config index 64cd5e22a2..df2a79b3fa 100755 --- a/packages/network/samba/scripts/samba-config +++ b/packages/network/samba/scripts/samba-config @@ -99,7 +99,7 @@ if [ ! -f /storage/.cache/services/samba.disabled ]; then # this is done always in case user uses passwords in userconf. # many thanks to viljoviitanen for this printf "%s\n%s" "${SAMBA_PASSWORD}" "${SAMBA_PASSWORD}" | smbpasswd -s -a root >/dev/null 2>&1 - printf "nobody = root\nroot = %s" "${SAMBA_USERNAME}" > /run/samba/samba.map + printf 'nobody = root\nroot = "%s"\n' "${SAMBA_USERNAME}" > /run/samba/samba.map sed -e 's|^.[ \t]*.public.=.*| public = no |' \ -e 's|^.[ \t]*.username map.=.*||' \ From 1bded022694ee1bd15784ad96ead8e9d3cb30f9a Mon Sep 17 00:00:00 2001 From: mglae Date: Sun, 4 Jun 2023 00:15:40 +0200 Subject: [PATCH 4/5] LibreELEC-settings: update to b920d5d --- packages/mediacenter/LibreELEC-settings/package.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/mediacenter/LibreELEC-settings/package.mk b/packages/mediacenter/LibreELEC-settings/package.mk index c17a1f41d5..3e8f0e16d8 100644 --- a/packages/mediacenter/LibreELEC-settings/package.mk +++ b/packages/mediacenter/LibreELEC-settings/package.mk @@ -3,8 +3,8 @@ # Copyright (C) 2017-present Team LibreELEC (https://libreelec.tv) PKG_NAME="LibreELEC-settings" -PKG_VERSION="9a334c0857fe5ccf84af272f42dc6f6cd5c72e4b" -PKG_SHA256="71be076033ae4bcb9012a12c2fc47b0805b0e40db2e812e19613643bbcba978c" +PKG_VERSION="b920d5d83a8a7445d121d2f920169444111bf93c" +PKG_SHA256="d8147068b6172250d98d41fafd7d6dbaa286074932b537214bf0dab95fe9e99a" PKG_LICENSE="GPL" PKG_SITE="https://libreelec.tv" PKG_URL="https://github.com/LibreELEC/service.libreelec.settings/archive/${PKG_VERSION}.tar.gz" From b3d8150beaabfec07ffce4e063eced36e4138ec7 Mon Sep 17 00:00:00 2001 From: mglae Date: Sat, 3 Jun 2023 15:29:27 +0200 Subject: [PATCH 5/5] samba: samba-config: call smbpasswd with valid smb.conf Use fresh created tempfile as parameter. Allow smbpasswd logging to journal to catch errors. --- packages/network/samba/scripts/samba-config | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/packages/network/samba/scripts/samba-config b/packages/network/samba/scripts/samba-config index df2a79b3fa..e3fd682823 100755 --- a/packages/network/samba/scripts/samba-config +++ b/packages/network/samba/scripts/samba-config @@ -98,14 +98,15 @@ if [ ! -f /storage/.cache/services/samba.disabled ]; then # processing continues, so if user chooses root as username, second line overrides the first # this is done always in case user uses passwords in userconf. # many thanks to viljoviitanen for this - printf "%s\n%s" "${SAMBA_PASSWORD}" "${SAMBA_PASSWORD}" | smbpasswd -s -a root >/dev/null 2>&1 - printf 'nobody = root\nroot = "%s"\n' "${SAMBA_USERNAME}" > /run/samba/samba.map - sed -e 's|^.[ \t]*.public.=.*| public = no |' \ -e 's|^.[ \t]*.username map.=.*||' \ -e 's|^.[ \t]*.security.=.*| security = user\n username map = /run/samba/samba.map|' \ -e 's|^.[ \t]*.map.to.guest.=.*| map to guest = Never|' \ -i ${SMB_TMP} + + printf "%s\n%s" "${SAMBA_PASSWORD}" "${SAMBA_PASSWORD}" | smbpasswd -c ${SMB_TMP} -s -a root + printf 'nobody = root\nroot = "%s"\n' "${SAMBA_USERNAME}" > /run/samba/samba.map + else sed -e 's|^.[ \t]*.public.=.*| public = yes |' \ -e 's|^.[ \t]*.username map.=.*||' \