* adds cifs/smb kernel server module (cifsd) * adds userspace tools (cifsd, cifsadmin) * has UCI support (compatible with samba configs) Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>lilik-openwrt-22.03
@ -0,0 +1,53 @@ | |||||
include $(TOPDIR)/rules.mk | |||||
PKG_NAME:=cifsd | |||||
PKG_RELEASE:=1 | |||||
PKG_SOURCE_PROTO:=git | |||||
PKG_SOURCE_URL:=https://github.com/cifsd-team/cifsd.git | |||||
PKG_SOURCE_DATE:=2019-07-12 | |||||
PKG_SOURCE_VERSION:=f2cfe8cb40493a5f77144543bc486bfdb8aa61e2 | |||||
PKG_MIRROR_HASH:=fd6a3bec5953fa30b87a6e12e2c6666844ad66096afa7de421689f5769626a36 | |||||
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com> | |||||
PKG_LICENSE:=GPL-2.0-or-later | |||||
PKG_LICENSE_FILES:=COPYING | |||||
include $(INCLUDE_DIR)/kernel.mk | |||||
include $(INCLUDE_DIR)/package.mk | |||||
define KernelPackage/fs-cifsd | |||||
SUBMENU:=Filesystems | |||||
TITLE:=CIFS/SMB kernel server support | |||||
URL:=https://github.com/cifsd-team/cifsd | |||||
FILES:=$(PKG_BUILD_DIR)/cifsd.ko | |||||
DEPENDS:= \ | |||||
+kmod-nls-base \ | |||||
+kmod-nls-utf8 \ | |||||
+kmod-crypto-md4 \ | |||||
+kmod-crypto-md5 \ | |||||
+kmod-crypto-hmac \ | |||||
+kmod-crypto-ecb \ | |||||
+kmod-crypto-des \ | |||||
+kmod-crypto-sha256 \ | |||||
+kmod-crypto-cmac \ | |||||
+kmod-crypto-sha512 \ | |||||
+kmod-crypto-aead \ | |||||
+kmod-crypto-ccm | |||||
endef | |||||
define KernelPackage/fs-cifsd/description | |||||
Kernel module for a CIFS/SMBv2,3 fileserver. | |||||
endef | |||||
# broken atm (needs CONFIG_KEYS=y) | |||||
#EXTRA_CFLAGS+=-DCONFIG_CIFSD_ACL | |||||
define Build/Compile | |||||
$(KERNEL_MAKE) SUBDIRS="$(PKG_BUILD_DIR)" \ | |||||
EXTRA_CFLAGS="$(EXTRA_CFLAGS)" \ | |||||
CONFIG_CIFS_SERVER=m \ | |||||
modules | |||||
endef | |||||
$(eval $(call KernelPackage,fs-cifsd)) |
@ -0,0 +1,58 @@ | |||||
include $(TOPDIR)/rules.mk | |||||
PKG_NAME:=cifsd-tools | |||||
PKG_RELEASE:=1 | |||||
PKG_SOURCE_PROTO:=git | |||||
PKG_SOURCE_URL:=https://github.com/cifsd-team/cifsd-tools.git | |||||
PKG_SOURCE_DATE:=2019-07-05 | |||||
PKG_SOURCE_VERSION:=539fa21a8dd427a8ca2dc13c9a5a1c975be96d3c | |||||
PKG_MIRROR_HASH:=8c1b22d9926112a7e8ec94a3f731639a3789bef1aeb447f0bd7c41a1884e4dc5 | |||||
PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com> | |||||
PKG_LICENSE:=GPL-2.0-or-later | |||||
PKG_LICENSE_FILES:=COPYING | |||||
PKG_INSTALL:=1 | |||||
PKG_FIXUP:=autoreconf | |||||
PKG_REMOVE_FILES:=autogen.sh aclocal.m4 | |||||
include $(INCLUDE_DIR)/package.mk | |||||
include $(INCLUDE_DIR)/nls.mk | |||||
define Package/cifsd-tools | |||||
SECTION:=net | |||||
CATEGORY:=Network | |||||
SUBMENU:=Filesystem | |||||
TITLE:=Kernel CIFS/SMB server support and userspace tools | |||||
URL:=https://github.com/cifsd-team/cifsd-tools | |||||
DEPENDS:=+kmod-fs-cifsd +glib2 +libnl-core +libnl-genl | |||||
endef | |||||
define Package/cifsd-tools/description | |||||
Userspace tools (cifsd, cifsadmin) for the CIFS/SMB kernel fileserver. | |||||
The config file location is /etc/cifs/smb.conf | |||||
endef | |||||
define Package/cifsd-tools/install | |||||
$(INSTALL_DIR) $(1)/usr/lib | |||||
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libcifsdtools.so* $(1)/usr/lib/ | |||||
$(INSTALL_DIR) $(1)/usr/sbin | |||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{cifsadmin,cifsd} $(1)/usr/sbin/ | |||||
$(INSTALL_DIR) $(1)/etc/config $(1)/etc/cifs $(1)/etc/init.d | |||||
$(INSTALL_CONF) ./files/cifsd.config $(1)/etc/config/cifsd | |||||
$(INSTALL_DATA) ./files/smb.conf.template $(1)/etc/cifs/ | |||||
$(INSTALL_BIN) ./files/cifsd.init $(1)/etc/init.d/cifsd | |||||
# copy examples until we have a wiki page | |||||
$(INSTALL_DATA) ./files/cifsd.config.example $(1)/etc/cifs/ | |||||
$(INSTALL_DATA) ./files/smb.conf.help $(1)/etc/cifs/ | |||||
endef | |||||
define Package/cifsd-tools/conffiles | |||||
/etc/config/cifsd | |||||
/etc/cifs/smb.conf.template | |||||
/etc/cifs/smb.conf | |||||
/etc/cifs/cifsdpwd.db | |||||
endef | |||||
$(eval $(call BuildPackage,cifsd-tools)) |
@ -0,0 +1,2 @@ | |||||
config globals | |||||
option 'description' 'Cifsd on OpenWrt' |
@ -0,0 +1,11 @@ | |||||
config globals | |||||
option 'description' 'Cifsd on OpenWrt' | |||||
config share | |||||
option name 'testshare' | |||||
option path '/tmp' | |||||
option guest_ok 'yes' | |||||
option create_mask '0666' | |||||
option dir_mask '0777' | |||||
option writeable 'yes' | |||||
option force_root '1' |
@ -0,0 +1,154 @@ | |||||
#!/bin/sh /etc/rc.common | |||||
START=98 | |||||
USE_PROCD=1 | |||||
CIFSD_IFACE="" | |||||
smb_header() | |||||
{ | |||||
config_get CIFSD_IFACE $1 interface "lan" | |||||
# resolve interfaces | |||||
local interfaces=$( | |||||
. /lib/functions/network.sh | |||||
local net | |||||
for net in $CIFSD_IFACE; do | |||||
local device | |||||
network_is_up $net || continue | |||||
network_get_device device "$net" | |||||
echo -n "${device:-$net} " | |||||
done | |||||
) | |||||
local workgroup description | |||||
local hostname="$(cat /proc/sys/kernel/hostname)" | |||||
config_get workgroup $1 workgroup "WORKGROUP" | |||||
config_get description $1 description "Cifsd on OpenWrt" | |||||
sed -e "s#|NAME|#$hostname#g" \ | |||||
-e "s#|WORKGROUP|#$workgroup#g" \ | |||||
-e "s#|DESCRIPTION|#$description#g" \ | |||||
-e "s#|INTERFACES|#$interfaces#g" \ | |||||
/etc/cifs/smb.conf.template > /var/etc/cifs/smb.conf | |||||
[ -e /etc/cifs/smb.conf ] || ln -nsf /var/etc/cifs/smb.conf /etc/cifs/smb.conf | |||||
if [ ! -L /etc/cifs/smb.conf ]; then | |||||
logger -t 'cifsd' "Local custom /etc/cifs/smb.conf file detected, all UCI/Luci config settings are ignored!" | |||||
fi | |||||
} | |||||
smb_add_share() | |||||
{ | |||||
local name | |||||
local path | |||||
local comment | |||||
local users | |||||
local create_mask | |||||
local dir_mask | |||||
local browseable | |||||
local read_only | |||||
local writeable | |||||
local guest_ok | |||||
local force_root | |||||
local write_list | |||||
local read_list | |||||
local hide_dot_files | |||||
local veto_files | |||||
config_get name $1 name | |||||
config_get path $1 path | |||||
config_get comment $1 comment | |||||
config_get users $1 users | |||||
config_get create_mask $1 create_mask | |||||
config_get dir_mask $1 dir_mask | |||||
config_get browseable $1 browseable | |||||
config_get read_only $1 read_only | |||||
config_get writeable $1 writeable | |||||
config_get guest_ok $1 guest_ok | |||||
config_get_bool force_root $1 force_root 0 | |||||
config_get write_list $1 write_list | |||||
config_get read_list $1 read_list | |||||
config_get_bool hide_dot_files $1 hide_dot_files 0 | |||||
config_get veto_files $1 veto_files | |||||
[ -z "$name" -o -z "$path" ] && return | |||||
echo -e "\n[$name]\n\tpath = $path" >> /var/etc/cifs/smb.conf | |||||
[ -n "$comment" ] && echo -e "\tcomment = $comment" >> /var/etc/cifs/smb.conf | |||||
if [ "$force_root" -eq 1 ]; then | |||||
echo -e "\tforce user = root" >> /var/etc/cifs/smb.conf | |||||
echo -e "\tforce group = root" >> /var/etc/cifs/smb.conf | |||||
else | |||||
[ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/cifs/smb.conf | |||||
fi | |||||
[ -n "$create_mask" ] && echo -e "\tcreate mask = $create_mask" >> /var/etc/cifs/smb.conf | |||||
[ -n "$dir_mask" ] && echo -e "\tdirectory mask = $dir_mask" >> /var/etc/cifs/smb.conf | |||||
[ -n "$browseable" ] && echo -e "\tbrowseable = $browseable" >> /var/etc/cifs/smb.conf | |||||
[ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/cifs/smb.conf | |||||
[ -n "$writeable" ] && echo -e "\twriteable = $writeable" >> /var/etc/cifs/smb.conf | |||||
[ -n "$guest_ok" ] && echo -e "\tguest ok = $guest_ok" >> /var/etc/cifs/smb.conf | |||||
[ -n "$write_list" ] && echo -e "\twrite list = $write_list" >> /var/etc/cifs/smb.conf | |||||
[ -n "$read_list" ] && echo -e "\tread list = $read_list" >> /var/etc/cifs/smb.conf | |||||
[ "$hide_dot_files" -eq 1 ] && echo -e "\thide dot files = yes" >> /var/etc/cifs/smb.conf | |||||
[ -n "$veto_files" ] && echo -e "\tveto files = $veto_files" >> /var/etc/cifs/smb.conf | |||||
} | |||||
init_config() | |||||
{ | |||||
mkdir -p /var/etc/cifs | |||||
config_load cifsd | |||||
# allow copy&paste from samba UCI configs (we dont have a cifsd wiki yet) | |||||
config_foreach smb_header globals | |||||
config_foreach smb_header samba | |||||
config_foreach smb_add_share share | |||||
config_foreach smb_add_share sambashare | |||||
} | |||||
service_triggers() | |||||
{ | |||||
PROCD_RELOAD_DELAY=2000 | |||||
procd_add_reload_trigger "dhcp" "system" "cifsd" | |||||
local i | |||||
for i in $CIFSD_IFACE; do | |||||
procd_add_reload_interface_trigger $i | |||||
done | |||||
} | |||||
start_service() | |||||
{ | |||||
init_config | |||||
if [ ! -e /etc/cifs/smb.conf ]; then | |||||
logger -t 'cifsd' "missing config /etc/cifs/smb.conf, needs to-be created manually!" | |||||
exit 1 | |||||
fi | |||||
[ -f /tmp/cifsd.lock ] && rm /tmp/cifsd.lock | |||||
# try remove again before start | |||||
if (lsmod | grep cifsd &>/dev/null); then | |||||
rmmod cifsd &>/dev/null | |||||
fi | |||||
modprobe cifsd 2>/dev/null | |||||
if ! (lsmod | grep cifsd &>/dev/null); then | |||||
logger -t 'cifsd' "modprobe of cifsd module failed, cant start cifsd!" | |||||
exit 1 | |||||
fi | |||||
logger -t 'cifsd' "Starting CIFS/SMB userspace service." | |||||
procd_open_instance | |||||
procd_set_param command /usr/sbin/cifsd --n | |||||
procd_close_instance | |||||
} |
@ -0,0 +1,160 @@ | |||||
;****************************************************************************** | |||||
; File to define cifsd configuration parameters which are comparable with | |||||
; samba's ones | |||||
; | |||||
; Supported [global] level parameters list: | |||||
; - server string | |||||
; This controls what string will show up in browse lists next | |||||
; to the machine name | |||||
; - workgroup | |||||
; This controls what workgroup your server will appear to be | |||||
; in when queried by clients | |||||
; - netbios name | |||||
; This sets the NetBIOS name by which a SMB server is known. | |||||
; By default it is the same as the first component of the host's | |||||
; DNS name. If a machine is a browse server or logon server this | |||||
; name (or the first component of the hosts DNS name) will be | |||||
; the name that these services are advertised under. | |||||
; - server min protocol | |||||
; This setting controls the minimum protocol version that the | |||||
; server will allow the client to use. | |||||
; - server max protocol | |||||
; The value of the parameter (a string) is the highest protocol | |||||
; level that will be supported by the server. | |||||
; - server signing | |||||
; This controls whether the client is allowed or required to use | |||||
; SMB1 and SMB2 signing. Possible values are default, auto, | |||||
; mandatory and disabled. | |||||
; - guest account | |||||
; This is a username which will be used for access to services | |||||
; which are specified as guest ok. | |||||
; - max active sessions | |||||
; This option allows the number of simultaneous connections to | |||||
; a service to be limited. | |||||
; - ipc timeout | |||||
; This option specifies the number of seconds server will wait | |||||
; for the userspace to reply to heartbeat frames. If user space | |||||
; is down for more than `ipc timeout` seconds the server will | |||||
; reset itself - close all sessions and all TCP connections. | |||||
; - restrict anonymous | |||||
; The setting of this parameter determines whether user and | |||||
; group list information is returned for an anonymous connection. | |||||
; - map to guest | |||||
; This parameter can take four different values, which tell cifsd | |||||
; what to do with user login requests.(bad user | |||||
; - bind interfaces only | |||||
; This global parameter allows the cifsd admin to limit what | |||||
; interfaces on a machine will serve SMB requests. | |||||
; - interfaces | |||||
; This option allows you to override the default network | |||||
; interfaces list that cifsd will use for browsing. The option | |||||
; takes only list of interface name. | |||||
; - deadtime | |||||
; The value of the parameter (a decimal integer) represents | |||||
; the number of minutes of inactivity before a connection is | |||||
; considered dead, and it is disconnected. The deadtime only | |||||
; takes effect if the number of open files is zero. | |||||
; | |||||
; Supported [share] level parameters list: | |||||
; - comment | |||||
; comment string to associate with the new share | |||||
; - path | |||||
; This parameter specifies a directory to which the user of the | |||||
; service is to be given access. | |||||
; - guest ok | |||||
; If this parameter is yes for a service, then no password is | |||||
; required to connect to the service. | |||||
; - read only | |||||
; If this parameter is yes, then users of a service may not | |||||
; create or modify files in the service's directory. | |||||
; - browseable | |||||
; This controls whether this share is seen in the list of | |||||
; available shares in a net view and in the browse list. | |||||
; - write ok | |||||
; - writeable | |||||
; Inverted synonym for read only. | |||||
; - store dos attributes | |||||
; If this parameter is set cifsd attempts to first read DOS | |||||
; attributes (SYSTEM, HIDDEN, ARCHIVE or READ-ONLY) from a | |||||
; filesystem extended attribute, before mapping DOS attributes | |||||
; to UNIX permission bits (such as occurs with map hidden and | |||||
; map readonly). | |||||
; - oplocks | |||||
; This boolean option tells cifsd whether to issue oplocks | |||||
; (opportunistic locks) to file open requests on this share. | |||||
; - create mask | |||||
; When a file is created, the necessary permissions are calculated | |||||
; according to the mapping from DOS modes to UNIX permissions, and | |||||
; the resulting UNIX mode is then bit-wise 'AND'ed with this | |||||
; parameter. | |||||
; - directory mask | |||||
; This parameter is the octal modes which are used when converting | |||||
; DOS modes to UNIX modes when creating UNIX directories. | |||||
; - force group | |||||
; This specifies a UNIX group name that will be assigned as | |||||
; the default primary group for all users connecting to this | |||||
; service. | |||||
; - force user | |||||
; This specifies a UNIX user name that will be assigned as | |||||
; the default user for all users connecting to this service. | |||||
; - hide dot files | |||||
; This is a boolean parameter that controls whether files starting | |||||
; with a dot appear as hidden files. | |||||
; - hosts allow | |||||
; This parameter is a comma, space, or tab delimited set of hosts | |||||
; which are permitted to access a service | |||||
; - hosts deny | |||||
; The opposite of allow hosts - hosts listed here are NOT | |||||
; permitted access to services unless the specific services have | |||||
; their own lists to override this one. Where the lists conflict, | |||||
; the allow list takes precedence. | |||||
; - valid users | |||||
; This is a list of users that should be allowed to login to this | |||||
; service | |||||
; - invalid users | |||||
; This is a list of users that should not be allowed to login to | |||||
; this service. | |||||
; - read list | |||||
; This is a list of users that are given read-only access to | |||||
; a service. | |||||
; - write list | |||||
; This is a list of users that are given read-write access to | |||||
; a service. | |||||
; - max connections | |||||
; This option allows the number of simultaneous connections to | |||||
; a service to be limited. | |||||
; - veto files | |||||
; This is a list of files and directories that are neither visible | |||||
; nor accessible. | |||||
; | |||||
; Veto any files containing the word Security, | |||||
; any ending in .tmp, and any directory containing the | |||||
; word root. | |||||
; veto files = /*Security*/*.tmp/*root*/ | |||||
; | |||||
; Veto the Apple specific files that a NetAtalk server | |||||
; creates. | |||||
; veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ | |||||
; | |||||
; | |||||
; Rules to update this file: | |||||
; - Every [share] definition should start on new line | |||||
; - Every parameter should be indented with single tab | |||||
; - There should be single spaces around equal (eg: " = ") | |||||
; - Multiple parameters should be separated with comma | |||||
; eg: "invalid users = usr1,usr2,usr3" | |||||
; | |||||
; Make sure to configure the server after making changes to this file. | |||||
;****************************************************************************** | |||||
[global] | |||||
server string = CIFSD on OpenWrt | |||||
netbios name = CIFSD | |||||
map to guest = Bad User | |||||
[share] | |||||
comment = content server share | |||||
path = /mnt | |||||
guest ok = yes | |||||
create mask = 0777 | |||||
directory mask = 0777 |
@ -0,0 +1,9 @@ | |||||
[global] | |||||
netbios name = |NAME| | |||||
server string = |DESCRIPTION| | |||||
workgroup = |WORKGROUP| | |||||
interfaces = |INTERFACES| | |||||
bind interfaces only = yes | |||||
ipc timeout = 8 | |||||
deadtime = 15 | |||||
map to guest = Bad User |