smecontribs/smeserver-shared-folders
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for smeserver-shared-folders on Sat Sep 7 21:04:36 AEST 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-09-07 21:04:36 +10:00
parent eb9f5d0a97
commit 80a1e6f928
119 changed files with 15333 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
root/etc/e-smith/templates/etc/e-smith/pam/accounts.allow/.gitignore vendored Normal file
View File

10
root/etc/e-smith/templates/etc/fstab/51EnableACL Normal file
View File

@@ -0,0 +1,10 @@
{
# Change usrquota,grpquota => usrquota,grpquota,acl for / file system
@lines = map {
/\s\/\s+ext[234]\s+usrquota,grpquota\s/ && s/usrquota,grpquota/usrquota,grpquota,acl/;
/^\/dev\/main\/.*\s+ext[23]\s+usrquota,grpquota\s/ && s/usrquota,grpquota/usrquota,grpquota,acl/;
$_
} @lines;
"";
}

214
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/90e-smithAccess50shares Normal file
View File

@@ -0,0 +1,214 @@
#------------------------------------------------------------
# Shared Folders HTTP Access
#------------------------------------------------------------
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = "";
foreach my $share ($adb->get_all_by_prop(type => 'share')) {
my %properties = $share->props;
my $key = $share->key;
my $allow;
my $allow24;
my $pass;
my $satisfy24begin;
my $satisfy24end;
my $davreaders;
my $davwallow24 = '';
my $webdav = (($properties{'WebDav'} || 'disabled') =~ m/^(enabled|on|yes)$/i) ? 1 : 0;
# Find which users have read or write access
my @writers = ('admin');
my @readers = ();
if ($properties{'WriteGroups'}) {
my @groups = split (/[;,]/, $properties{'WriteGroups'});
foreach my $group (@groups) {
my $members = $adb->get_prop($group, 'Members') || "";
if (length($members) > 0) {
push @writers, split (/[;,]/, $members);
}
}
}
if ($properties{'WriteUsers'}) {
my @users = split (/[;,]/, $properties{'WriteUsers'});
push @writers, @users;
}
if ($properties{'ReadGroups'}) {
my @groups = split (/[;,]/, $properties{'ReadGroups'});
foreach my $group (@groups) {
my $members = $adb->get_prop($group, 'Members') || "";
if (length($members) > 0) {
push @readers, split (/[;,]/, $members);
}
}
}
if ($properties{'ReadUsers'}) {
my @users = split (/[;,]/, $properties{'ReadUsers'});
push @readers, @users;
my @temp = ();
foreach my $u (@writers){
push @temp, $u unless grep { $u eq $_ } @users;
}
@writers = @temp;
}
my %seen = ();
@readers = sort (grep { ! $seen{ $_ }++ } (@readers,@writers));
%seen = ();
@writers = sort (grep { ! $seen{ $_ }++ } (@writers));
my $readers = join(" ", @readers) || '';
my $writers = join(" ", @writers) || '';
if ($properties{'httpAccess'}) {
if ($properties{'httpAccess'} eq 'local') {
$allow24 = "ip $localAccess $externalSSLAccess";
$pass = 0;
$satisfy24begin = "<RequireAll>";
$satisfy24end = "</RequireAll>";
$davreaders = '';
}
elsif ($properties{'httpAccess'} eq 'local-pw') {
$allow24 = "ip $localAccess $externalSSLAccess";
$pass = 1;
$satisfy24begin = "<RequireAll>";
$satisfy24end = "</RequireAll>";
$davreaders = "Require user $readers";
}
elsif ($properties{'httpAccess'} eq 'global') {
$allow24 = "all granted";
$pass = 0;
$satisfy24begin = "<RequireAll>";
$satisfy24end = "</RequireAll>";
$davreaders = '';
}
elsif ($properties{'httpAccess'} eq 'global-pw') {
$allow24 = "all granted";
$pass = 1;
$satisfy24begin = "<RequireAll>";
$satisfy24end = "</RequireAll>";
$davreaders = "Require user $readers";
}
elsif ($properties{'httpAccess'} eq 'global-pw-remote') {
$allow24 = "ip $localAccess $externalSSLAccess";
$davwallow24 = "all granted";
$pass = 1;
$satisfy24begin = "<RequireAny>";
$satisfy24end = "</RequireAny>";
$davreaders = "Require user $readers";
}
else {
next;
}
}
$davwallow24 = $allow24 if ($davwallow24 eq '');
my $allowOverride = $properties{'AllowOverride'} || "None";
my $followSymLinks = $properties{'FollowSymLinks'} || "disabled";
my $indexes = $properties{'Indexes'} || "enabled";
my $requireSSL = $properties{'RequireSSL'} || "enabled";
my $dynamicContent = $properties{'DynamicContent'} || "disabled";
$OUT .= "\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "# $key shared folder ($properties{'Name'})\n";
$OUT .= "#------------------------------------------------------------\n";
$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/shares/$key/files>\n";
$OUT .= " Options None\n";
$OUT .= " Options +Indexes\n" if ($indexes eq 'enabled');
$OUT .= " Options +FollowSymLinks\n"
if (($followSymLinks eq 'enabled') || ($allowOverride =~ /^all$/i));
$OUT .= " SSLRequireSSL on\n" if ($requireSSL eq 'enabled');
if ($dynamicContent eq 'enabled') {
$OUT .= " Options +Includes\n";
if ($fastcgi_mod eq 'mod_fastcgi'){
$OUT .= ' AddHandler php' . $key . '-fastcgi .php' . "\n";
}
elsif ($fastcgi_mod eq 'mod_proxy_fcgi'){
my $version = $properties{'PHPVersion'} || '74';
$OUT .=<<"_EOF";
<FilesMatch \.php\$>
SetHandler "proxy:unix:/var/run/php-fpm/php$version-$key.sock|fcgi://localhost"
</FilesMatch>
_EOF
}
else{
$OUT .= " AddType application/x-httpd-php .php .php3 .phtml\n";
$OUT .= " AddType application/x-httpd-php-source .phps\n";
my $basedir = $properties{PHPBaseDir}
|| ("/home/e-smith/files/shares/$key/");
$OUT .= " php_admin_value open_basedir $basedir\n";
$OUT .= " php_admin_flag register_globals on\n"
if (($properties{PHPRegisterGlobals} || 'disabled') eq 'enabled');
$OUT .= " php_admin_flag allow_url_fopen on\n"
if (($properties{PHPAllowUrlFopen} || 'disabled') eq 'enabled');
$OUT .= " php_admin_value memory_limit $properties{PHPMemoryLimit}\n"
if ($properties{PHPMemoryLimit});
$OUT .= " php_admin_value max_execution_time $properties{PHPMaxExecutionTime}\n"
if ($properties{PHPMaxExecutionTime});
}
}
else {
$OUT .= " DirectoryIndex index.shtml index.htm index.html\n";
$OUT .= " Options +IncludesNOEXEC\n";
$OUT .= " <FilesMatch \"\\.(php|php3|phtml|cgi|pl)\$\">\n";
$OUT .= " Require all denied\n";
$OUT .= " </FilesMatch>\n";
}
$OUT .= " AllowOverride $allowOverride\n";
unless ($webdav){
$OUT .= " $satisfy24begin\n";
$OUT .= " require user $readers\n" if ($pass);
$OUT .= " Require $allow24\n";
$OUT .= " $satisfy24end\n";
}
if ($pass || $webdav) {
$OUT .= " AuthName \"$properties{'Name'}\"\n";
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
$OUT .= " AuthBasicProvider external\n";
}
# WebDav is enabled only when auth is required
if ($webdav) {
$OUT .=<<"HERE";
Dav on
# Read only access
<Limit GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
$satisfy24begin
Require $allow24
$davreaders
$satisfy24end
</Limit>
# Write access through webdav always requires authentication
<LimitExcept GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
<RequireAll>
Require $davwallow24
Require user $writers
</RequireAll>
</LimitExcept>
HERE
}
$OUT .= "</Directory>\n";
if ($dynamicContent eq 'enabled'){
$OUT .= "<DirectoryMatch /home/e-smith/files/shares/$key/files/cgi-bin>\n";
$OUT .= " SetHandler cgi-script\n";
$OUT .= " Options ExecCGI\n";
$OUT .= "</DirectoryMatch>\n";
}
else {
$OUT .= "<DirectoryMatch /home/e-smith/files/shares/$key/files/cgi-bin>\n";
$OUT .= " Require all denied\n";
$OUT .= "</DirectoryMatch>\n";
}
}
}

42
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/25ShareContent Normal file
View File

@@ -0,0 +1,42 @@
{
use esmith::AccountsDB;
my $accounts = esmith::AccountsDB->open_ro;
use esmith::DomainsDB;
my $domains = esmith::DomainsDB->open_ro;
$OUT = "";
my $share = $virtualHostContent;
my $basedir = "/home/e-smith/files/shares/$share";
if (($domains->get_prop($virtualHost, 'SystemPrimaryDomain') || 'no')
eq 'yes')
{
my @shares = $accounts->get_all_by_prop(type => 'share');
foreach my $share (@shares)
{
my $key = $share->key;
my $access = $share->prop('httpAccess') || 'none';
next if (($access eq 'none') || ($key eq $virtualHostContent) || ($share->prop('AliasOnPrimary') || 'yes') ne 'yes');
my $basedir = "/home/e-smith/files/shares/$key";
my $name = $share->prop("Name") || "";
$OUT .= "\n";
$OUT .= " # $key share ($name)\n";
$OUT .= "\n";
my $SSLPort = $modSSL{'TCPPort'} || '443';
if (( $port ne $SSLPort ) && (($share->prop('RequireSSL') || 'enabled') eq 'enabled')){
$OUT .= " RewriteEngine on\n";
$OUT .= " RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}/$key\$1 \[L,R\]\n";
}
else{
$OUT .= " Alias /$key $basedir/files\n";
}
}
$OUT .= " # No shares in system\n" unless @shares;
}
}

72
root/etc/e-smith/templates/etc/php-fpm.d/shares.conf/10Shares Normal file
View File

@@ -0,0 +1,72 @@
{
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro || die "Couldn't open the accounts database";
foreach my $share ($a->get_all_by_prop(type => 'share')){
my $version = $share->prop('PHPVersion') || '74';
my $dynamic = $share->prop('DynamicContent') || 'disabled';
my $custom = $share->prop('PHPCustomPool') || undef;
next unless ($dynamic eq 'enabled' && $version eq $PHP_VERSION && !$custom);
my $key = $share->key;
my $pool_name = 'php' . $version . '-' . $key;
my $memory_limit = $share->prop('PHPMemoryLimit') || '128M';
my $max_execution_time = $share->prop('PHPMaxExecutionTime') || '30';
my $max_input_time = $share->prop('PHPMaxInputTime') || '60';
my $allow_url_fopen = $share->prop('PHPAllowUrlFopen') || 'disabled';
my $post_max_size = $share->prop('PHPPostMaxSize') || '10M';
my $upload_max_filesize = $share->prop('PHPUploadMaxFilesize') || '10M';
my $file_upload = $share->prop('PHPFileUpload') || 'enabled';
my $open_basedir = $share->prop('PHPBaseDir') || '/home/e-smith/files/shares/' . $key .
':/var/lib/php/' . $key;
my $disabled_functions = $share->prop('PHPDisabledFunctions') || 'system,show_source,' .
'symlink,exec,dl,shell_exec,' .
'passthru,phpinfo,' .
'escapeshellarg,escapeshellcmd';
# Format vars
$file_upload = ($file_upload =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
$allow_url_fopen = ($allow_url_fopen =~ m/^1|yes|on|enabled$/) ? 'on' : 'off';
$disabled_functions = join(', ', split /[,;:]/, $disabled_functions);
$open_basedir = join(':', split(/[,;:]/, $open_basedir));
$OUT .=<<"_EOF" if ($version eq $PHP_VERSION);
[$pool_name]
user = www
group = www
listen.owner = root
listen.group = www
listen.mode = 0660
listen = /var/run/php-fpm/$pool_name.sock
pm = dynamic
pm.max_children = 15
pm.start_servers = 3
pm.min_spare_servers = 3
pm.max_spare_servers = 4
pm.max_requests = 1000
slowlog = /var/log/php/$key/slow.log
php_admin_value[session.save_path] = /var/lib/php/$key/session
php_admin_value[opcache.file_cache] = /var/lib/php/$key/opcache
php_admin_value[upload_tmp_dir] = /var/lib/php/$key/tmp
php_admin_value[error_log] = /var/log/php/$key/error.log
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f php@{ $DomainName }
php_admin_flag[display_errors] = off
php_admin_flag[log_errors] = on
php_admin_value[error_log] = syslog
php_admin_value[memory_limit] = $memory_limit
php_admin_value[max_execution_time] = $max_execution_time
php_admin_value[post_max_size] = $post_max_size
php_admin_value[upload_max_filesize] = $upload_max_filesize
php_admin_value[max_input_time] = $max_input_time
php_admin_value[disable_functions] = $disabled_functions
php_admin_flag[allow_url_fopen] = $allow_url_fopen
php_admin_flag[file_upload] = $file_upload
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[allow_url_include] = off
php_admin_value[session.save_handler] = files
php_admin_value[open_basedir] = $open_basedir
_EOF
}
}

1
root/etc/e-smith/templates/etc/proftpd.conf/06ModFacl Normal file
View File

@@ -0,0 +1 @@
LoadModule mod_facl.c

19
root/etc/e-smith/templates/etc/proftpd.conf/40ShareAccess Normal file
View File

@@ -0,0 +1,19 @@
{
use esmith::AccountsDB;
$OUT = "";
my $adb = esmith::AccountsDB->open_ro();
foreach my $share ($adb->get_all_by_prop(type=>'share')){
my $key = $share->key;
$OUT .= "\n";
$OUT .= "<Directory /home/e-smith/files/shares/$key/*>\n";
$OUT .= " AllowOverwrite on\n";
$OUT .= " <Limit WRITE>\n";
$OUT .= " AllowAll\n";
$OUT .= " </Limit>\n";
$OUT .= "</Directory>\n";
}
}

1
root/etc/e-smith/templates/etc/rsyncd.conf/10global Normal file
View File

@@ -0,0 +1 @@
port = {$rsyncd{'TCPPort'} || '873'}

39
root/etc/e-smith/templates/etc/rsyncd.conf/20shares Normal file
View File

@@ -0,0 +1,39 @@
{
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro();
my $n = esmith::NetworksDB->open_ro();
my $local = '';
foreach my $net ($n->networks){
my $addr = $net->key;
my $mask = $net->prop('Mask');
$local .= "$addr/$mask "
}
foreach (split /[;,]/, (${'httpd-admin'}{'ValidFrom'} || '')){
$local .= "$_ ";
}
foreach my $share ($a->get_all_by_prop(type=>'share')){
my $name = $share->key;
my $access = $share->prop('rsyncAccess') || 'none';
next unless ($access =~ /^global|local$/);
my $desc = $share->prop('Name') || $name;
$OUT .=<<"EOF";
[$name]
comment = $desc
path = /home/e-smith/files/shares/$name/files
uid = rsync
gid = rsync
use chroot = true
log file = /dev/stdout
EOF
$OUT .= "auth users = *\nsecrets file = /home/e-smith/files/shares/$name/rsyncd.secrets\n"
if ( -e "/home/e-smith/files/shares/$name/rsyncd.secrets" );
if ($access eq 'local'){
my $hosts = $local;
$OUT .= "hosts allow = $local";
}
}
}

24
root/etc/e-smith/templates/etc/smb.conf/90shares Normal file
View File

@@ -0,0 +1,24 @@
{
# process all information-bay directories
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
foreach my $share ($adb->get_all_by_prop(type => 'share'))
{
if ( ($share->prop('smbAccess') || 'browseable') =~ /browseable$/ ){
$OUT .= esmith::templates::processTemplate (
{
MORE_DATA => {
share => $share,
},
TEMPLATE_PATH => "/etc/smb.conf/shares",
OUTPUT_TYPE => 'string',
});
}
else{
$OUT .= "# ".$share->key." access is disabled\n";
}
}
}

11
root/etc/e-smith/templates/etc/smb.conf/shares/00Setup Normal file
View File

@@ -0,0 +1,11 @@
{
use esmith::AccountsDB;
# Convert the passed hash for the share object back into an object.
$share = bless \%share, 'esmith::DB::db::Record';
$key = $share->key;
$OUT .= "\n[$key]\n";
$OUT .= "comment = " . $share->prop('Name');
$share_vfs = ();
}

10
root/etc/e-smith/templates/etc/smb.conf/shares/10acl_xattr Normal file
View File

@@ -0,0 +1,10 @@
{
my $perm = $share->prop('ManualPermissions') || "no";
if ($perm eq 'ntacl'){
$OUT .= '';
$share_vfs->{acl_xattr}->{'ignore system acls'} = "no";
}
else{
$OUT .= '';
}
}

18
root/etc/e-smith/templates/etc/smb.conf/shares/10recyclebin Normal file
View File

@@ -0,0 +1,18 @@
{
my $recycle = $share->prop('RecycleBinDir') || "Recycle Bin";
my $veto = $share->prop('VetoFiles') || $smb{'VetoFiles'} || '';
if (($share->prop('RecycleBin') || 'disabled') eq 'disabled'){
$veto .= ($veto =~ m{/$}) ? '' : '/';
$veto .= "$recycle/";
}
else{
$OUT .= '';
$share_vfs->{recycle}->{versions} = ($share->prop('RecycleBin') || 'disabled') eq 'keep-versions' ? "True" : "False";
$share_vfs->{recycle}->{repository} = $recycle;
$share_vfs->{recycle}->{keeptree} = "True";
$share_vfs->{recycle}->{touch} = "True";
$share_vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*,.~lock.*";
$share_vfs->{recycle}->{exclude_dir} = "tmp,temp,cache";
}
$OUT .= "veto files = $veto\n" if ($veto ne '');
}

7
root/etc/e-smith/templates/etc/smb.conf/shares/10shadowcopy Normal file
View File

@@ -0,0 +1,7 @@
{
$OUT = "";
return if (($smb{'ShadowCopy'} || 'disabled') eq 'disabled');
return if (($share->prop('ShadowCopy') || 'enabled') eq 'disabled');
$share_vfs->{shadow_copy} = ();
}

3
root/etc/e-smith/templates/etc/smb.conf/shares/15path Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "path = /home/e-smith/files/shares/$key/files";
}

3
root/etc/e-smith/templates/etc/smb.conf/shares/20readonly Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "read only = no";
}

3
root/etc/e-smith/templates/etc/smb.conf/shares/20writable Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "writable = yes";
}

3
root/etc/e-smith/templates/etc/smb.conf/shares/25printable Normal file
View File

@@ -0,0 +1,3 @@
{
$OUT .= "printable = no";
}

15
root/etc/e-smith/templates/etc/smb.conf/shares/30permissions Normal file
View File

@@ -0,0 +1,15 @@
{
$OUT .= "inherit permissions = yes\n";
$OUT .= "create mode = 0660\n";
my $perm = $share->prop('ManualPermissions') || 'no';
if ( $perm eq 'ntacl' ){
$OUT .=<<"HERE";
nt acl support = yes
store dos attributes = yes
map hidden = no
map system = no
map archive = no
map readonly = no
HERE
}
}

4
root/etc/e-smith/templates/etc/smb.conf/shares/35cscPolicy Normal file
View File

@@ -0,0 +1,4 @@
{
$policy = $share->prop('cscPolicy') || return '';
$OUT = "csc policy = $policy";
}

5
root/etc/e-smith/templates/etc/smb.conf/shares/40browseable Normal file
View File

@@ -0,0 +1,5 @@
{
if ( ($share->prop('smbAccess') || 'browseable') eq 'non-browseable') {
$OUT .= "browseable = no\n";
}
}

9
root/etc/e-smith/templates/etc/smb.conf/shares/40vetoOplock Normal file
View File

@@ -0,0 +1,9 @@
{
if ( ($share->prop('OpLocks') || 'enabled') eq 'disabled') {
$OUT .= "oplocks = no\n";
$OUT .= "level2 oplocks = no";
} else {
$vetofiles = $share->prop('VetoOplockFiles') || return '';
$OUT = "veto oplock files = $vetofiles";
}
}

10
root/etc/e-smith/templates/etc/smb.conf/shares/45audit Normal file
View File

@@ -0,0 +1,10 @@
{
$OUT = "";
return unless (($share->prop('Audit') || 'disabled') eq 'enabled');
$share_vfs->{full_audit}->{prefix} = "%u|%I|%m|%S";
$share_vfs->{full_audit}->{failure} = "mkdir rmdir chdir open close rename unlink connect disconnect";
$share_vfs->{full_audit}->{success} = "mkdir rmdir chdir open close rename unlink connect disconnect";
$share_vfs->{full_audit}->{facility} = "local5";
$share_vfs->{full_audit}->{priority} = "notice";
}

8
root/etc/e-smith/templates/etc/smb.conf/shares/50wideLinks Normal file
View File

@@ -0,0 +1,8 @@
{
if (($share->prop('WideLinks') || 'disabled') =~ m/^enabled|yes|on|1$/i){
$OUT .= "wide links = yes\n";
}
else{
$OUT .= "";
}
}

10
root/etc/e-smith/templates/etc/smb.conf/shares/90vfs Normal file
View File

@@ -0,0 +1,10 @@
{
return "" unless scalar keys %$share_vfs;
$OUT = "vfs objects = " . (join " ", keys %$share_vfs) . "\n";
foreach $mod (keys %$share_vfs) {
foreach $opt (keys %{$share_vfs->{$mod}}) {
$OUT .= " $mod:$opt=$share_vfs->{$mod}->{$opt}\n";
}
}
}