samba: Disable nmbd NetBIOS service

NetBIOS was used with now deprecated SMB1 protocol. Tests performed: - Windows 10 can access shares when the nmbd service is disabled. - In stable and testing containers, all the samba module tests pass. Signed-off-by: Veiko Aasa <veiko17@disroot.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-01-28 08:03:36 +00:00 · 2024-03-22 11:25:40 +02:00 · 2024-03-22 11:25:40 +02:00 · 709f58ac90
commit 709f58ac90
parent 9bc07f60ed
4 changed files with 9 additions and 28 deletions
--- a/plinth/modules/samba/init.py
+++ b/plinth/modules/samba/init.py
@ -41,7 +41,7 @@ class SambaApp(app_module.App):

    app_id = 'samba'

-    _version = 4
+    _version = 5

    def __init__(self) -> None:
        """Create components for the app."""
@ -82,11 +82,6 @@ class SambaApp(app_module.App):
                                                  (445, 'tcp6')])
        self.add(daemon)

-        daemon_nmbd = Daemon('daemon-samba-nmbd', 'nmbd',
-                             listen_ports=[(137, 'udp4'), (138, 'udp4')])
-
-        self.add(daemon_nmbd)
-
        users_and_groups = UsersAndGroups('users-and-groups-samba',
                                          groups=groups)
        self.add(users_and_groups)
--- a/plinth/modules/samba/data/usr/lib/systemd/system/nmbd.service.d/freedombox.conf
+++ b/plinth/modules/samba/data/usr/lib/systemd/system/nmbd.service.d/freedombox.conf
@ -1,16 +0,0 @@
-[Service]
-LockPersonality=yes
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
-PrivateDevices=yes
-PrivateMounts=yes
-PrivateTmp=yes
-ProtectControlGroups=yes
-ProtectHome=yes
-ProtectKernelLogs=yes
-ProtectKernelModules=yes
-ProtectKernelTunables=yes
-ProtectSystem=full
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-RestrictRealtime=yes
-SystemCallArchitectures=native
--- a/plinth/modules/samba/manifest.py
+++ b/plinth/modules/samba/manifest.py
@ -85,9 +85,4 @@ clients = [{
    }]
 }]

-backup = {
-    'data': {
-        'files': [SHARES_CONF_BACKUP_FILE]
-    },
-    'services': ['smbd', 'nmbd']
-}
+backup = {'data': {'files': [SHARES_CONF_BACKUP_FILE]}, 'services': ['smbd']}
--- a/plinth/modules/samba/privileged.py
+++ b/plinth/modules/samba/privileged.py
@ -285,6 +285,13 @@ def setup():
    _use_config_file(CONF_PATH)
    os.makedirs('/var/lib/freedombox', exist_ok=True)
    os.chmod('/var/lib/freedombox', 0o0755)
+
+    # Disable NetBIOS Service, used with now deprecated SMB1 protocol
+    if action_utils.service_is_running('nmbd'):
+        action_utils.service_stop('nmbd')
+    action_utils.service_disable('nmbd')
+    action_utils.service_mask('nmbd')
+
    if action_utils.service_is_running('smbd'):
        action_utils.service_restart('smbd')