aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/samba36
Commit message (Collapse)AuthorAgeFilesLines
* samba36: RemoveRosen Penev2020-05-0841-32012/+0
| | | | | | | | | | | | | | | | | | | | | | | | | Samba 3.6 is completely unsupported, in addition to having tons of patches It also causes kernel panics on some platforms when sendfile is enabled. Example: https://github.com/gnubee-git/GnuBee_Docs/issues/45 I have reproduced on ramips as well as mvebu in the past. Samba 4 is an alternative available in the packages repo. cifsd is a lightweight alternative available in the packages repo. It is also a faster alternative to both Samba versions (lower CPU usage). It was renamed to ksmbd. To summarize, here are the alternatives: - ksmbd + luci-app-cifsd - samba4 + luci-app-samba4 Signed-off-by: Rosen Penev <rosenp@gmail.com> [drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: log error if getting device info failedRafał Miłecki2020-03-212-4/+10
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* samba36: allow build with no ipv6 supportRosy Song2019-02-171-1/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* samba36: add package with hotplug.d script for auto sharingRafał Miłecki2019-01-102-0/+68
| | | | | | | | | | | | | | | The new samba36-hotplug package provides a hotplug.d script for the "mount" subsystem. It automatically shares every mounted block device. It works by updating /var/run/config/samba file which: 1) Is read by procd init script 2) Gets wiped on reboot providing a consistent state 3) Can be safely updated without flash wearing or conflicting with user changes being made in /etc/config/samba Cc: Rosy Song <rosysong@rosinson.com> Cc: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* samba36: append config from /var/run/config/ for runtime sharesRafał Miłecki2019-01-101-0/+2
| | | | | | | | | | | | | | | | | | | This will allow automation/hotplug.d scripts to store runtime shares in the /var/run/config/samba. It's useful e.g. for USB drives that user wants to be automatically shared. Using /var/run/config/ provides: 1) Automated cleaning on reboots It's important for consistency (to avoid sharing non-existing drives) 2) Safety for user non-commited changes Automated scripts should never call "uci [foo] commit" as that could flush incomplete config. Another minor gain is avoiding flash wearing for runtime setup. Cc: Rosy Song <rosysong@rosinson.com> Cc: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "samba36: add hotplug support"Rafał Miłecki2018-12-283-114/+0
| | | | | | | | | | | | | | | | | | | This reverts commit fd569e5e9d0a46ea957cb253e97a4b3ea8c2c540. After an extra review & discussion few concerns were raised regarding that feature: 1) It reacts to hotplug.d "block" events instead of more accurate (but currently unavailable) "mount" events. 2) It requires *something* to mount block device before samba hotplug.d gets fired. Otherwise samba_add_section() will just return. 3) It doesn't reload Samba which some users may expect 4) It operates on /etc/ which is not a right place for autogenerated ephemeral config. 5) It doesn't include any cleanup for non-existing shares. Cc: Rosy Song <rosysong@rosinson.com> Cc: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* samba36: Install several config files as 600Rosen Penev2018-10-111-4/+4
| | | | | | | Hotplug is managed by procd, which runs as root. The other files are used by root as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Enable umdnsd supportRosen Penev2018-08-222-1/+2
| | | | | | | | | | Allows discovery without having to use NetBIOS. Useful for mobile devices. Could eventually throw nbmd away. But that requires Windows 10... Tested on Fedora 28 with avahi-discover. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Disable external libtdb and libteventRosen Penev2018-07-021-1/+3
| | | | | | | This was causing issues recently as samba36 is not API compatible with the libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: add hotplug supportRosy Song2018-05-023-0/+114
| | | | | | | | Add hotplug handle script for storage devices, this will add corresponding option in the /etc/config/samba file automatically. Signed-off-by: Rosy Song <rosysong@rosinson.com>
* samba36: fix some security problemsHauke Mehrtens2018-04-038-3/+322
| | | | | | | | | | This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* samba36: fix build (issue #5574)Jakub Tymejczyk2018-02-241-0/+1
| | | | | | | | | | | | As indicated in #5574 samba fails to build with linker error due to lack of talloc_* functions when the packet libtalloc also gets build. According to Makefile it is compiled with "--without-libtalloc" option. Running ./configure --help shows that there is another option connected to libtalloc: --enable/disable-external-libtalloc. Adding this option fixes build. Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-082-5/+5
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* samba36: backport an upstream fix for an information leak (CVE-2017-15275)Felix Fietkau2017-12-042-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* samba36: add Package/samba/DefaultStijn Tintel2017-09-251-12/+12
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: Remove syslog and load printers lines.Rosen Penev2017-08-301-2/+0
| | | | | | printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Don't resolve interfaces.Rosen Penev2017-08-302-7/+2
| | | | | | | It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba36: Remove guest ok since LuCI configures it.Rosen Penev2017-08-301-2/+1
| | | | | | guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36-net: new packageAnsuel Smith2017-08-231-1/+14
| | | | | | Samba could also be usefull for sending commands to windows pc (like shoutdown command). This new package add the bin to include this kind of command to the samba package. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* samba36: Remove legacy optionsRosen Penev2017-07-222-8/+3
| | | | | | | | | | | | | Browseable is now set through LuCI per share, so remove it. Same with writeable (inverted synonym for read only). domain master and preferred master seem to be legacy settings for Windows 9x. encrypt passwords defaults to yes. Probably should not be disabled either. Also reordered alphabetically. Signed-off-by: Rosen Penev <rosenp@gmail.com> [rewrap commit message, fix SoB, fix author, bump pkg revsion] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* samba: bump PKG_RELEASEJo-Philipp Wich2017-05-271-1/+1
| | | | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the fixed samba package does not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* samba: fix CVE-2017-7494Stijn Tintel2017-05-242-4/+33
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ccache, samba36: fix samba.org addresses to use httpsHannu Nyman2017-02-021-4/+4
| | | | | | | | | | | | samba.org has started to enforce https and currently plain http downloads with curl/wget fail, so convert samba.org download links to use https. Modernise links at the same time. Also convert samba.org URL fields to have https. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba: add file/interface reload triggers & filter interfacesConn O'Griofa2016-08-151-9/+10
| | | | | | | | | | | | | | | | * Only parse interfaces that are up during init_config (as the script depends on this to determine the proper IP/subnet range) * Add reload interface triggers for samba-designated interfaces * Force full service restart upon config change to ensure Samba binds to new interfaces (sending HUP signal doesn't work) * Rename "interface" variable to "samba_iface" and move into global scope Needed to fix Samba connectivity for clients connecting from a different LAN subnet (e.g. pseudobridge configurations) due to the 'bind interfaces only' setting. Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
* samba36: avoid picking up a dependency on libunwind (fixes GH #212)Felix Fietkau2016-07-211-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: disable local browse master by defaultFelix Fietkau2016-07-181-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba: update smb template socket options defaultsKevin Darbyshire-Bryant2016-07-111-1/+0
| | | | | | | | | | | | | | | | | | Removed socket options = TCP_NODELAY IPTOS_LOWDELAY TCP_NODELAY (disables Nagle algorithm) is default since samba2. IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2) The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1) CS1 is a scavenger class, whilst CS2 is more OAM/interactive (SNMP,SSH,syslog) Using CS2 is definitely an abuse of DSCP classification, CS1 less so however even if the ISP takes note of DSCP codings having a default that sets traffic to CS2 is wrong. Better to use the default Best Effort class. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba: Update smb.conf.templateneheb2016-07-051-8/+2
| | | | | | | | Removed some options which are default anyway and added bind interfaces only which causes the interfaces line to actually have an effect. Can be verified with netstat. Signed-off by: Rosen Penev <rosenp@gmail.com>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-072-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* branding: add LEDE brandingJohn Crispin2016-03-242-5/+5
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49175
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> SVN-Revision: 48133
* samba: convert init script to procd, add reload supportFelix Fietkau2015-10-301-6/+24
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 47292
* samba36: preserve smbpasswd across sysupgradeHauke Mehrtens2015-08-151-0/+1
| | | | | | | | | | Add /etc/samba/smbpasswd to list of samba conffiles thus preserving samba passwords across sysupgrade by default. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> SVN-Revision: 46606
* samba36: remove host build pathsFelix Fietkau2015-06-141-3/+6
| | | | | | | | | | | | | - fix iconv detection because it adds host paths - disable python detection (host python-config is found) iconv issue is reported by buildbot config.log + replicated locally see config.log in logs.tar.gz python issue observed locally on Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> SVN-Revision: 45953
* samba36: add smb.conf.template to conffilesJohn Crispin2015-04-031-1/+2
| | | | | | | | | User might have modified/extended template direct or by LuCI application. So do not overwrite on update/upgrade. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 45258
* samba: use INSTALL_CONF for the uci fileJohn Crispin2015-04-011-1/+1
| | | | | | | | sorry about the broken commit earlier Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45226
* samba36: fix typo in package/samba36-server/installNicolas Thill2015-04-011-1/+1
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45225
* samba: don't overwrite config fileJohn Crispin2015-04-011-2/+6
| | | | | | | | fixes #19087 Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45220
* packages: some (e)glibc fixes after r44701Nicolas Thill2015-03-161-1/+1
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 44842
* samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)Felix Fietkau2015-02-241-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 44515
* package/*: replace occurences of 'ln -sf' to '$(LN)'Nicolas Thill2014-11-061-4/+4
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 43205
* license info - revert r43155John Crispin2014-11-031-1/+1
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-1/+1
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* samba36: update to minor version 3.6.24Hauke Mehrtens2014-07-062-3/+3
| | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 41525
* samba36: disable acl support to avoid picking up a dependency on libacl (#16988)Felix Fietkau2014-07-041-0/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41509
* samba36: do not pick up libattr as a dependencyFelix Fietkau2014-07-041-0/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41508