Merge pull request #138 from beclab/fix/smb_public_share

fix: support anonymous SMB access

Author: aby913

pkg/files/fileutils.go

@@ -305,8 +305,10 @@ func Chown(fs afero.Fs, path string, uid, gid int) error {
 	var err error = nil
 	if fs == nil {
 		err = os.Chown(path, uid, gid)
+		err = os.Chmod(path, 0775)
 	} else {
 		err = fs.Chown(path, uid, gid)
+		err = fs.Chmod(path, 0775)
 	}
 	if err != nil {
 		klog.Errorf("can't chown directory %s to user %d: %s", path, uid, err)

pkg/hertz/biz/handler/api/share/share_service.go

@@ -192,6 +192,28 @@ func (c *commands) DeleteGroup(groupName string) error {
 	return nil
 }
 
+func (c *commands) SetAnonymousPermission(owner string, smbPath string) error {
+	var args = []string{fmt.Sprintf("nobody:%s", owner), smbPath}
+	cmd := exec.Command("chown", args...)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		klog.Errorf("samba chown anonymous error: %v, output: %s, cmd: %s", err, string(out), cmd.String())
+	} else {
+		klog.Infof("samba chown anonymous: %s done.", cmd.String())
+	}
+
+	args = []string{"-R", "3777", smbPath}
+	cmd = exec.Command("chmod", args...)
+	out, err = cmd.CombinedOutput()
+	if err != nil {
+		klog.Errorf("samba chmod anonymous error: %v, output: %s, cmd: %s", err, string(out), cmd.String())
+	} else {
+		klog.Infof("samba chmod anonymous: %s done.", cmd.String())
+	}
+
+	return nil
+}
+
 func (c *commands) SetAcl(user string, owner string, op string, rw string, smbPath string) error {
 	var userAcl = fmt.Sprintf("%s:%s", user, rw)
 	if op == "-x" {

pkg/samba/commands.go

@@ -55,6 +55,7 @@ type SambaShare struct {
 	ReadOnly   string `json:"read_only"`
 	ForceUser  string `json:"force_user"`
 	ForceGroup string `json:"force_group"`
+	Anonymous  bool   `json:"anonymous"`
 }
 
 type SambaSharePathAccount struct {
@@ -283,22 +284,6 @@ func (s *samba) generateConf() {
 			continue
 		}
 
-		shareUser, sharePwd, err := s.getUser(item.PasswordMd5)
-		if err != nil {
-			klog.Errorf("samba decode user error: %v, data: %s, id: %s, name: %s, owner: %s", err, item.PasswordMd5, item.ID, item.Name, item.Owner)
-			continue
-		}
-
-		if err := s.commands.CreateGroup(item.Owner, ""); err != nil {
-			klog.Errorf("samba create group %s error: %v", item.Owner, err)
-			return
-		}
-
-		if err := s.commands.CreateUser(shareUser, sharePwd, item.Owner); err != nil {
-			klog.Errorf("samba create user %s error: %v", shareUser, err)
-			return
-		}
-
 		fPath := fmt.Sprintf("/%s/%s%s", item.FileType, item.Extend, item.Path)
 		fp, err := models.CreateFileParam(item.Owner, fPath)
 		if err != nil {
@@ -312,11 +297,35 @@ func (s *samba) generateConf() {
 			return
 		}
 
-		if item.Permission > 1 {
-			if err := s.commands.SetAcl(shareUser, item.Owner, "-m", "rwx", fileUri+fp.Path); err != nil {
-				klog.Errorf("samba setfacl error: %v", err)
+		var anonymous bool
+		var shareUser, sharePwd string
+		if item.PasswordMd5 != "" {
+			shareUser, sharePwd, err = s.getUser(item.PasswordMd5)
+			if err != nil {
+				klog.Errorf("samba decode user error: %v, data: %s, id: %s, name: %s, owner: %s", err, item.PasswordMd5, item.ID, item.Name, item.Owner)
+				continue
+			}
+
+			if err := s.commands.CreateGroup(item.Owner, ""); err != nil {
+				klog.Errorf("samba create group %s error: %v", item.Owner, err)
+				return
+			}
+
+			if err := s.commands.CreateUser(shareUser, sharePwd, item.Owner); err != nil {
+				klog.Errorf("samba create user %s error: %v", shareUser, err)
 				return
 			}
+
+			if item.Permission > 1 {
+				if err := s.commands.SetAcl(shareUser, item.Owner, "-m", "rwx", fileUri+fp.Path); err != nil {
+					klog.Errorf("samba setfacl error: %v", err)
+					return
+				}
+			}
+		} else {
+			// anonymous
+			anonymous = true
+			s.commands.SetAnonymousPermission(item.Owner, fileUri+fp.Path)
 		}
 
 		w, r := s.formatPrivilege(item.Permission)
@@ -330,6 +339,7 @@ func (s *samba) generateConf() {
 			ReadOnly:   r,
 			ForceUser:  shareUser,
 			ForceGroup: item.Owner,
+			Anonymous:  anonymous,
 		}
 		shares.Paths = append(shares.Paths, smbShare)
 	}
@@ -474,11 +484,14 @@ func (s *samba) recoverSharedOwner(sharedPaths []string) {
 			continue
 		}
 
-		if err := s.commands.SetAcl(smb.User, smb.Owner, "-x", "", uri+m.Path); err != nil { // remove acl
-			klog.Errorf("samba recover, setfacl remove error: %v", err)
-			return
+		if smb.User != "" {
+			if err := s.commands.SetAcl(smb.User, smb.Owner, "-x", "", uri+m.Path); err != nil { // remove acl
+				klog.Errorf("samba recover, setfacl remove error: %v", err)
+				return
+			}
+
+			s.commands.DeleteUser([]string{smb.User})
 		}
 
-		s.commands.DeleteUser([]string{smb.User})
 	}
 }

pkg/samba/samba.go

@@ -1,5 +1,6 @@
 [global]
   server string = samba
+  map to guest = Bad User
   idmap config * : range = 3000-7999
   security = user
   client min protocol = SMB2
@@ -16,15 +17,27 @@
 [{{ $data.Name }}]
   path = {{ $data.Path }}
   comment = {{ $data.Comment }}
+  {{ if $data.Anonymous  -}}
+  browseable = yes
+  writable = yes
+  read only = no
+  guest ok = yes
+  force user = nobody
+  force group = {{ $data.ForceGroup }}
+  create mask = 0664
+  directory mask = 0775
+  {{ else -}}
   valid users = {{ $data.ForceUser }} @{{ $data.ForceGroup }}
   browseable = yes
   writable = {{ $data.Writable }}
   read only = {{ $data.ReadOnly }}
+  force group = {{ $data.ForceGroup }}
   {{ if eq $data.Writable "yes" -}}
   create mask = 0664
   directory mask = 2775
   vfs objects = acl_xattr
   inherit permissions = no
   map acl inherit = yes
-  {{ end }}
+  {{ end -}}
+  {{ end -}}
 {{ end }}