From 77e088e1ae4a0df87787dff9e18a869f59a67847 Mon Sep 17 00:00:00 2001 From: Franck Nijhof Date: Thu, 23 Apr 2020 18:43:53 +0200 Subject: [PATCH] samba: Compatibility mode & upgrades (#1244) * samba: Compatibility mode & upgrades * samba: Add missing newline to nmbd service * Update build.json Co-authored-by: Pascal Vizeli --- samba/CHANGELOG.md | 8 +++ samba/Dockerfile | 17 +++--- samba/README.md | 10 ++++ samba/build.json | 9 ++++ samba/config.json | 15 ++++-- samba/data/run.sh | 62 --------------------- samba/rootfs/etc/cont-init.d/samba.sh | 65 +++++++++++++++++++++++ samba/{data => rootfs/etc/samba}/smb.conf | 3 +- samba/rootfs/etc/services.d/nmbd/finish | 8 +++ samba/rootfs/etc/services.d/nmbd/run | 8 +++ samba/rootfs/etc/services.d/smbd/finish | 8 +++ samba/rootfs/etc/services.d/smbd/run | 8 +++ 12 files changed, 148 insertions(+), 73 deletions(-) create mode 100644 samba/build.json delete mode 100755 samba/data/run.sh create mode 100755 samba/rootfs/etc/cont-init.d/samba.sh rename samba/{data => rootfs/etc/samba}/smb.conf (95%) create mode 100644 samba/rootfs/etc/services.d/nmbd/finish create mode 100644 samba/rootfs/etc/services.d/nmbd/run create mode 100644 samba/rootfs/etc/services.d/smbd/finish create mode 100644 samba/rootfs/etc/services.d/smbd/run diff --git a/samba/CHANGELOG.md b/samba/CHANGELOG.md index e4a3cf5..63dbca4 100644 --- a/samba/CHANGELOG.md +++ b/samba/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 9.2.0 + +- Pin base image version +- Rewrite add-on onto S6 Overlay +- Use default configuration location +- Add support for running in compatibility mode (SMB1/NT1) +- Add dummy files to reduce number of errors/warnings in log output + ## 9.1.0 - Allow IPv6 link-local hosts by default, consistent with IPv4 diff --git a/samba/Dockerfile b/samba/Dockerfile index 520e97d..5dede8a 100644 --- a/samba/Dockerfile +++ b/samba/Dockerfile @@ -5,12 +5,17 @@ FROM $BUILD_FROM ENV LANG C.UTF-8 # Setup base -RUN apk add --no-cache \ +RUN \ + apk add --no-cache \ samba-common-tools \ - samba-server + samba-server \ + \ + && mkdir -p /var/lib/samba \ + && touch \ + /etc/samba/lmhosts \ + /var/lib/samba/account_policy.tdb \ + /var/lib/samba/registry.tdb \ + /var/lib/samba/winbindd_idmap.tdb # Copy data -COPY data/run.sh / -COPY data/smb.conf /etc/ - -CMD [ "/run.sh" ] +COPY rootfs / diff --git a/samba/README.md b/samba/README.md index 8dd4b4f..ad8cb82 100644 --- a/samba/README.md +++ b/samba/README.md @@ -42,6 +42,7 @@ veto_files: - "._*" - ".DS_Store" - Thumbs.db +compatibility_mode: false ``` ### Option: `workgroup` (required) @@ -72,6 +73,15 @@ List of files that are neither visible nor accessible. Useful to stop clients from littering the share with temporary hidden files (e.g., macOS `.DS_Store` or Windows `Thumbs.db` files) +### Option: `compatibility_mode` + +Setting this option to `true` will enable old legacy Samba protocols +on the Samba add-on. This might solve issues with some clients that cannot +handle the newer protocols, however, it lowers security. Only use this +when you absolutely need it and understand the possible consequences. + +Defaults to `false`. + ## Support Got questions? diff --git a/samba/build.json b/samba/build.json new file mode 100644 index 0000000..460c6cd --- /dev/null +++ b/samba/build.json @@ -0,0 +1,9 @@ +{ + "build_from": { + "aarch64": "homeassistant/aarch64-base:3.11", + "amd64": "homeassistant/amd64-base:3.11", + "armhf": "homeassistant/armhf-base:3.11", + "armv7": "homeassistant/armv7-base:3.11", + "i386": "homeassistant/i386-base:3.11" + } +} diff --git a/samba/config.json b/samba/config.json index c1c79c0..f3810cd 100644 --- a/samba/config.json +++ b/samba/config.json @@ -1,6 +1,6 @@ { "name": "Samba share", - "version": "9.1.0", + "version": "9.2.0", "slug": "samba", "description": "Expose Home Assistant folders with SMB/CIFS", "url": "https://github.com/home-assistant/hassio-addons/tree/master/samba", @@ -15,8 +15,14 @@ "username": "homeassistant", "password": null, "interface": "", - "allow_hosts": ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "fe80::/10"], - "veto_files": ["._*", ".DS_Store", "Thumbs.db", "icon?", ".Trashes"] + "allow_hosts": [ + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + "fe80::/10" + ], + "veto_files": ["._*", ".DS_Store", "Thumbs.db", "icon?", ".Trashes"], + "compatibility_mode": false }, "schema": { "workgroup": "str", @@ -24,7 +30,8 @@ "password": "str", "interface": "str", "allow_hosts": ["str"], - "veto_files": ["str"] + "veto_files": ["str"], + "compatibility_mode": "bool" }, "image": "homeassistant/{arch}-addon-samba" } diff --git a/samba/data/run.sh b/samba/data/run.sh deleted file mode 100755 index 248e0af..0000000 --- a/samba/data/run.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/env bashio - -WORKGROUP=$(bashio::config 'workgroup') -INTERFACE=$(bashio::config 'interface') -ALLOW_HOSTS=$(bashio::config "allow_hosts | join(\" \")") -USERNAME=$(bashio::config 'username') -PASSWORD=$(bashio::config 'password') -DELETE_VETO_FILES="no" -VETO_FILES=$(bashio::config "veto_files | join(\"/\")") -if bashio::config.has_value 'veto_files'; then - VETO_FILES="/$VETO_FILES/" - DELETE_VETO_FILES="yes" -fi - -WAIT_PIDS=() - -# Check Login data -if ! bashio::config.has_value 'username' || ! bashio::config.has_value 'password'; then - bashio::exit.nok "No valid login data inside options!" -fi - -# Read hostname from API or setting default "hassio" -NAME=$(bashio::info.hostname) -if bashio::var.is_empty "${NAME}"; then - bashio::log.warning "Can't read hostname, using default." - NAME="hassio" -fi -bashio::log.info "Hostname: ${NAME}" - -# Setup config -sed -i "s|%%WORKGROUP%%|${WORKGROUP}|g" /etc/smb.conf -sed -i "s|%%NAME%%|${NAME}|g" /etc/smb.conf -sed -i "s|%%INTERFACE%%|${INTERFACE}|g" /etc/smb.conf -sed -i "s|%%USERNAME%%|${USERNAME}|g" /etc/smb.conf -sed -i "s#%%ALLOW_HOSTS%%#${ALLOW_HOSTS}#g" /etc/smb.conf -sed -i "s|%%VETO_FILES%%|${VETO_FILES}|g" /etc/smb.conf -sed -i "s|%%DELETE_VETO_FILES%%|${DELETE_VETO_FILES}|g" /etc/smb.conf - -# Init users -addgroup "${USERNAME}" -adduser -D -H -G "${USERNAME}" -s /bin/false "${USERNAME}" -# shellcheck disable=SC1117 -echo -e "${PASSWORD}\n${PASSWORD}" | smbpasswd -a -s -c /etc/smb.conf "${USERNAME}" - -# Start samba -nmbd -F -S -s /etc/smb.conf & -WAIT_PIDS+=($!) - -smbd -F -S -s /etc/smb.conf & -WAIT_PIDS+=($!) - -# Register stop -function stop_samba() { - bashio::log.info "Kill Processes..." - kill -15 "${WAIT_PIDS[@]}" - wait "${WAIT_PIDS[@]}" - bashio::log.info "Done." -} -trap "stop_samba" SIGTERM SIGHUP - -# Wait until all is done -wait "${WAIT_PIDS[@]}" diff --git a/samba/rootfs/etc/cont-init.d/samba.sh b/samba/rootfs/etc/cont-init.d/samba.sh new file mode 100755 index 0000000..9d3cf39 --- /dev/null +++ b/samba/rootfs/etc/cont-init.d/samba.sh @@ -0,0 +1,65 @@ +#!/usr/bin/with-contenv bashio +# ============================================================================== +# Prepare the Samba service for running +# ============================================================================== +readonly CONF="/etc/samba/smb.conf" +declare allow_hosts +declare compatibility_mode +declare delete_veto_files +declare name +declare password +declare username +declare veto_files + +# Check Login data +if ! bashio::config.has_value 'username' || ! bashio::config.has_value 'password'; then + bashio::exit.nok "Setting a username and password is required!" +fi + +# Workgroup and interface +sed -i "s|%%WORKGROUP%%|$(bashio::config 'workgroup')|g" "${CONF}" +sed -i "s|%%INTERFACE%%|$(bashio::config 'interface')|g" "${CONF}" + +# Veto files +veto_files="" +delete_veto_files="no" +if bashio::config.has_value 'veto_files'; then + veto_files=$(bashio::config "veto_files | join(\"/\")") + veto_files="/${veto_files}/" + delete_veto_files="yes" +fi +sed -i "s|%%VETO_FILES%%|${veto_files}|g" "${CONF}" +sed -i "s|%%DELETE_VETO_FILES%%|${delete_veto_files}|g" "${CONF}" + +# Read hostname from API or setting default "hassio" +name=$(bashio::info.hostname) +if bashio::var.is_empty "${name}"; then + bashio::log.warning "Can't read hostname, using default." + name="hassio" +fi +bashio::log.info "Hostname: ${name}" +sed -i "s|%%NAME%%|${name}|g" "${CONF}" + +# Allowed hosts +allow_hosts=$(bashio::config "allow_hosts | join(\" \")") +sed -i "s#%%ALLOW_HOSTS%%#${allow_hosts}#g" "${CONF}" + +# Compatibility mode, enables the use of the legacy SMB1 protocol +compatibility_mode="" +if bashio::config.true "compatibility_mode"; then + compatibility_mode+=" client min protocol = NT1\n" + compatibility_mode+=" server min protocol = NT1\n" +fi +sed -i "s#%%COMPATIBILITY_MODE%%#${compatibility_mode}#g" "${CONF}" + +# Init user +username=$(bashio::config 'username') +password=$(bashio::config 'password') + +addgroup "${username}" +adduser -D -H -G "${username}" -s /bin/false "${username}" + +sed -i "s|%%USERNAME%%|${username}|g" "${CONF}" +# shellcheck disable=SC1117 +echo -e "${password}\n${password}" \ + | smbpasswd -a -s -c "${CONF}" "${username}" diff --git a/samba/data/smb.conf b/samba/rootfs/etc/samba/smb.conf similarity index 95% rename from samba/data/smb.conf rename to samba/rootfs/etc/samba/smb.conf index a3f643c..2c02525 100644 --- a/samba/data/smb.conf +++ b/samba/rootfs/etc/samba/smb.conf @@ -1,7 +1,7 @@ [global] netbios name = %%NAME%% workgroup = %%WORKGROUP%% - server string = Samba HomeAssistant config share + server string = Samba Home Assistant security = user ntlm auth = yes @@ -15,6 +15,7 @@ interfaces = %%INTERFACE%% hosts allow = %%ALLOW_HOSTS%% +%%COMPATIBILITY_MODE%% [config] browseable = yes writeable = yes diff --git a/samba/rootfs/etc/services.d/nmbd/finish b/samba/rootfs/etc/services.d/nmbd/finish new file mode 100644 index 0000000..a29ced9 --- /dev/null +++ b/samba/rootfs/etc/services.d/nmbd/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S1 +# ============================================================================== +# Take down the S6 supervision tree based on service exit code +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/samba/rootfs/etc/services.d/nmbd/run b/samba/rootfs/etc/services.d/nmbd/run new file mode 100644 index 0000000..f1d53ea --- /dev/null +++ b/samba/rootfs/etc/services.d/nmbd/run @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +# ============================================================================== +# Start nmbd service +# ============================================================================== +exec nmbd \ + --foreground \ + --log-stdout \ + --no-process-group diff --git a/samba/rootfs/etc/services.d/smbd/finish b/samba/rootfs/etc/services.d/smbd/finish new file mode 100644 index 0000000..a29ced9 --- /dev/null +++ b/samba/rootfs/etc/services.d/smbd/finish @@ -0,0 +1,8 @@ +#!/usr/bin/execlineb -S1 +# ============================================================================== +# Take down the S6 supervision tree based on service exit code +# ============================================================================== +if { s6-test ${1} -ne 0 } +if { s6-test ${1} -ne 256 } + +s6-svscanctl -t /var/run/s6/services diff --git a/samba/rootfs/etc/services.d/smbd/run b/samba/rootfs/etc/services.d/smbd/run new file mode 100644 index 0000000..6fcffa2 --- /dev/null +++ b/samba/rootfs/etc/services.d/smbd/run @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +# ============================================================================== +# Start smbd service +# ============================================================================== +exec smbd \ + --foreground \ + --log-stdout \ + --no-process-group