samba: Remove option to backup app

Reasons: - Privileged action security: restoring Samba configuration from a backup file could expose any folder in OS and allows to run any commmand as a root user. - Samba backups aren't so useful as only app configuration is included. Configured shares are trivial to enable without backups. Also, providing backups could be misleading as stored user files aren't actually backupped. Tests performed: - All Samba functional tests pass. - Restoring from an old backup that also includes Samba is not failing, restoring Samba is skipped. Signed-off-by: Veiko Aasa <veiko17@disroot.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-06-03 10:50:20 +00:00 · 2024-09-15 10:33:01 +03:00 · 2024-09-15 10:33:01 +03:00 · bd03969d95
commit bd03969d95
parent f6c1422221
4 changed files with 3 additions and 50 deletions
--- a/plinth/modules/samba/init.py
+++ b/plinth/modules/samba/init.py
@ -86,8 +86,8 @@ class SambaApp(app_module.App):
                                          groups=groups)
        self.add(users_and_groups)

-        backup_restore = SambaBackupRestore('backup-restore-samba',
-                                            **manifest.backup)
+        backup_restore = BackupRestore('backup-restore-samba',
+                                       **manifest.backup)
        self.add(backup_restore)

    def setup(self, old_version):
@ -103,21 +103,6 @@ class SambaApp(app_module.App):
        privileged.uninstall()


-class SambaBackupRestore(BackupRestore):
-    """Component to backup/restore Samba."""
-
-    def backup_pre(self, packet):
-        """Save registry share configuration."""
-        super().backup_pre(packet)
-        privileged.dump_shares()
-
-    def restore_post(self, packet):
-        """Restore configuration."""
-        super().restore_post(packet)
-        privileged.setup()
-        privileged.restore_shares()
-
-
 def add_share(mount_point, share_type, filesystem):
    """Add a share."""
    windows_filesystem = (filesystem in ['ntfs', 'vfat'])
--- a/plinth/modules/samba/manifest.py
+++ b/plinth/modules/samba/manifest.py
@ -7,8 +7,6 @@ from django.utils.translation import gettext_lazy as _

 from plinth.clients import store_url

-SHARES_CONF_BACKUP_FILE = '/var/lib/plinth/backups-data/samba-shares-dump.conf'
-
 clients = [{
    'name':
        _('Android Samba Client'),
@ -85,4 +83,4 @@ clients = [{
    }]
 }]

-backup = {'data': {'files': [SHARES_CONF_BACKUP_FILE]}, 'services': ['smbd']}
+backup: dict = {}
--- a/plinth/modules/samba/privileged.py
+++ b/plinth/modules/samba/privileged.py
@ -9,7 +9,6 @@ import subprocess

 from plinth.actions import privileged

-SHARES_CONF_BACKUP_FILE = '/var/lib/plinth/backups-data/samba-shares-dump.conf'
 DEFAULT_FILE = '/etc/default/samba'

 CONF_PATH = '/etc/samba/smb-freedombox.conf'
@ -298,25 +297,6 @@ def setup():
        action_utils.service_restart('smbd')


-@privileged
-def dump_shares():
-    """Dump registy share configuration."""
-    os.makedirs(os.path.dirname(SHARES_CONF_BACKUP_FILE), exist_ok=True)
-    with open(SHARES_CONF_BACKUP_FILE, 'w', encoding='utf-8') as backup_file:
-        command = ['net', 'conf', 'list']
-        subprocess.run(command, stdout=backup_file, check=True)
-
-
-@privileged
-def restore_shares():
-    """Restore registy share configuration."""
-    if not os.path.exists(SHARES_CONF_BACKUP_FILE):
-        raise RuntimeError(
-            'Backup file {0} does not exist.'.format(SHARES_CONF_BACKUP_FILE))
-    _conf_command(['drop'])
-    _conf_command(['import', SHARES_CONF_BACKUP_FILE])
-
-
@privileged
 def uninstall():
    """Drop all Samba shares."""
--- a/plinth/modules/samba/tests/test_functional.py
+++ b/plinth/modules/samba/tests/test_functional.py
@ -26,16 +26,6 @@ class TestSambaApp(functional.BaseAppTests):
        functional.login(session_browser)
        functional.networks_set_firewall_zone(session_browser, 'internal')

-    @pytest.mark.backups
-    def test_backup_restore(self, session_browser):
-        """Test backing up and restoring."""
-        _set_share(session_browser, 'home', status='enabled')
-        functional.backup_create(session_browser, 'samba', 'test_samba')
-        _set_share(session_browser, 'home', status='disabled')
-        functional.backup_restore(session_browser, 'samba', 'test_samba')
-        assert functional.service_is_running(session_browser, 'samba')
-        _assert_share_is_writable('home')
-
    @pytest.mark.parametrize('share_type', ['open', 'group', 'home'])
    def test_enable_disable_samba_share(self, session_browser, share_type):
        """Test enabling and disabling Samba share."""