#!/bin/sh /etc/rc.common START=98 STOP=05 USE_PROCD=1 SAMBA_IFACE="" config_get_sane() { config_get "$@" set -- "$(echo "$1" | tr -d '<>[]{};%?=#\n')" } smb_header() { config_get_sane SAMBA_IFACE "$1" interface "lan" # resolve interfaces interfaces=$( . /lib/functions/network.sh for net in $SAMBA_IFACE; do network_is_up "$net" || continue network_get_device device "$net" printf "%s " "${device:-$net}" done ) # we dont use netbios anymore as default and wsd/avahi is dns based hostname="$(sed 's/\..*//' /proc/sys/kernel/hostname | tr -d '{};%?=#\n')" config_get_sane workgroup "$1" workgroup "WORKGROUP" config_get_sane description "$1" description "Samba on OpenWrt" config_get_sane charset "$1" charset "UTF-8" config_get_bool MACOS "$1" macos 0 config_get_bool DISABLE_NETBIOS "$1" disable_netbios 0 config_get_bool DISABLE_AD_DC "$1" disable_ad_dc 0 config_get_bool DISABLE_WINBIND "$1" disable_winbind 0 config_get_bool DISABLE_ASYNC_IO "$1" disable_async_io 0 config_get_bool ALLOW_LEGACY_PROTOCOLS "$1" allow_legacy_protocols 0 config_get_bool ENABLE_EXTRA_TUNING "$1" enable_extra_tuning 0 mkdir -p /var/etc sed -e "s#|NAME|#$hostname#g" \ -e "s#|WORKGROUP|#$workgroup#g" \ -e "s#|DESCRIPTION|#$description#g" \ -e "s#|INTERFACES|#$interfaces#g" \ -e "s#|CHARSET|#$charset#g" \ /etc/samba/smb.conf.template > /var/etc/smb.conf { printf "\n######### Dynamic written config options #########\n" # extra tuning options by community feedback (kinda try&error) if [ "$ENABLE_EXTRA_TUNING" -eq 1 ]; then socket_opt="$(grep -i 'socket options' /etc/samba/smb.conf.template | awk -F'=' '{print $2}' | tr -d '\n')" [ -n "$socket_opt" ] && printf "\tsocket options =%s SO_KEEPALIVE\n" "$socket_opt" # add keepalive, maybe larger buffer? SO_RCVBUF=65536 SO_SNDBUF=65536 printf "\tmax xmit = 131072\n" # increase smb1 transmit size printf "\tmin receivefile size = 131072\n" # allows zero-copy writes via fs printf "\tfake oplocks = Yes\n" # may corrupt files for simultanous writes to the same files by multiple clients, but might also see big speed boost printf "\tuse sendfile = Yes\n" # enable sendfile? fi if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then printf "\tdisable netbios = yes\n" # note: samba opens port 139 even if netbios is disabled via option above, so adjust listening ports printf "\tsmb ports = 445\n" fi if [ "$DISABLE_ASYNC_IO" -eq 1 ]; then printf "\taio read size = 0\n" printf "\taio write size = 0\n" fi if [ "$ALLOW_LEGACY_PROTOCOLS" -eq 1 ]; then logger -p daemon.info -t 'samba4-server' "Legacy Protocols allowed, don't use this option for secure environments!" printf "\tserver min protocol = NT1\n" printf "\tlanman auth = yes\n" printf "\tntlm auth = ntlmv1-permitted\n" fi } >> /var/etc/smb.conf [ -e /etc/samba/smb.conf ] || ln -nsf /var/etc/smb.conf /etc/samba/smb.conf if [ ! -L /etc/samba/smb.conf ]; then logger -p daemon.warn -t 'samba4-server' "Local custom /etc/samba/smb.conf file detected, all luci/config settings are ignored!" fi } smb_add_share() { config_get_sane name "$1" name config_get_sane path "$1" path config_get_sane users "$1" users config_get_sane create_mask "$1" create_mask config_get_sane dir_mask "$1" dir_mask config_get_sane browseable "$1" browseable config_get_sane read_only "$1" read_only config_get_sane writeable "$1" writeable config_get_sane guest_ok "$1" guest_ok config_get_sane guest_only "$1" guest_only config_get_sane inherit_owner "$1" inherit_owner config_get_sane vfs_objects "$1" vfs_objects config_get_bool timemachine "$1" timemachine 0 config_get_sane timemachine_maxsize "$1" timemachine_maxsize config_get_bool force_root "$1" force_root 0 config_get_sane write_list "$1" write_list config_get_sane read_list "$1" read_list [ -z "$name" ] || [ -z "$path" ] && return { printf "\n[$name]\n\tpath = %s\n" "$path" if [ "$force_root" -eq 1 ]; then printf "\tforce user = root\n" printf "\tforce group = root\n" else [ -n "$users" ] && printf "\tvalid users = %s\n" "$users" fi [ -n "$create_mask" ] && printf "\tcreate mask = %s\n" "$create_mask" [ -n "$dir_mask" ] && printf "\tdirectory mask = %s\n" "$dir_mask" [ -n "$browseable" ] && printf "\tbrowseable = %s\n" "$browseable" [ -n "$read_only" ] && printf "\tread only = %s\n" "$read_only" [ -n "$writeable" ] && printf "\twriteable = %s\n" "$writeable" [ -n "$guest_ok" ] && printf "\tguest ok = %s\n" "$guest_ok" [ -n "$guest_only" ] && printf "\tguest only = %s\n" "$guest_only" [ -n "$inherit_owner" ] && printf "\tinherit owner = %s\n" "$inherit_owner" [ -n "$write_list" ] && printf "\twrite list = %s\n" "$write_list" [ -n "$read_list" ] && printf "\tread list = %s\n" "$read_list" if [ "$MACOS" -eq 1 ]; then vfs_objects="catia fruit streams_xattr $vfs_objects" printf "\tfruit:encoding = native\n" printf "\tfruit:metadata = stream\n" printf "\tfruit:veto_appledouble = no\n" # avoid mixed shares order for aapl if [ "$timemachine" -eq 1 ]; then printf "\tfruit:time machine = yes\n" [ -n "$timemachine_maxsize" ] && printf "\tfruit:time machine max size = %sG\n" "${timemachine_maxsize}" fi fi # always enable io_uring if we can ("should" fail silently via samba module load if no kernel support) if [ "$DISABLE_ASYNC_IO" -ne 1 ] && [ -e /usr/lib/samba/vfs/io_uring.so ] ; then logger -p daemon.info -t 'samba4-server' "io_uring module found, enabling VFS io_uring. (also needs Kernel 5.4+ Support)" # make sure its last in list if [ -n "$vfs_objects" ]; then vfs_objects="$vfs_objects io_uring" else vfs_objects="io_uring" fi fi [ -n "$vfs_objects" ] && printf "\tvfs objects = %s\n" "$vfs_objects" } >> /var/etc/smb.conf } init_config() { # Create samba dirs [ -d /var/lib/samba ] || mkdir -m 755 -p /var/lib/samba [ -d /var/cache/samba ] || mkdir -m 755 -p /var/cache/samba [ -d /var/lock ] || mkdir -m 755 -p /var/lock [ -d /var/run/samba ] || mkdir -p /var/run/samba [ -d /var/log/samba ] || mkdir -p /var/log/samba chmod 0755 /var/lock chmod 0755 /var/lib/samba chmod 0755 /var/cache/samba config_load samba4 config_foreach smb_header samba config_foreach smb_add_share sambashare } service_triggers() { # PROCD_RELOAD_DELAY=1000 procd_add_reload_trigger "dhcp" "system" "samba4" for i in $SAMBA_IFACE; do procd_add_reload_interface_trigger "$i" done } start_service() { init_config if [ ! -e /etc/samba/smb.conf ]; then logger -p daemon.error -t 'samba4-server' "missing config /etc/samba/smb.conf!" exit 1 fi config_get_sane nice_value extra samba_nice 0 # start main AD-DC daemon, will spawn (smbd,nmbd,winbindd) as needed/configured. if [ "$DISABLE_AD_DC" -ne 1 ] && [ -x /usr/sbin/samba ]; then procd_open_instance procd_set_param command /usr/sbin/samba -F procd_set_param nice "$nice_value" procd_set_param respawn procd_set_param file /etc/samba/smb.conf procd_set_param limits nofile=16384 procd_close_instance else # start fileserver daemon procd_open_instance procd_set_param command /usr/sbin/smbd -F procd_set_param nice "$nice_value" procd_set_param respawn procd_set_param file /etc/samba/smb.conf procd_set_param limits nofile=16384 procd_close_instance # start netbios daemon if [ "$DISABLE_NETBIOS" -ne 1 ] && [ -x /usr/sbin/nmbd ]; then procd_open_instance procd_set_param command /usr/sbin/nmbd -F procd_set_param nice "$nice_value" procd_set_param respawn procd_set_param file /etc/samba/smb.conf procd_close_instance fi # start winbind daemon if [ "$DISABLE_WINBIND" -ne 1 ] && [ -x /usr/sbin/winbindd ]; then procd_open_instance procd_set_param command /usr/sbin/winbindd -F procd_set_param nice "$nice_value" procd_set_param respawn procd_set_param file /etc/samba/smb.conf procd_close_instance fi fi }