nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

samba: make sure shares are not accesible from the internet

Browse Source 
The reason for this patch is explained in issue #789 .
See also: !2250

Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Don't enable app when upgrading]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
nbenedek 2023-02-22 23:13:02 +01:00 committed by James Valleroy
parent 41e9473a0c
commit e974ac735a
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plinth/modules/samba/__init__.py
View File

@ -41,7 +41,7 @@ class SambaApp(app_module.App):
app_id = 'samba'
_version = 2
_version = 3
def __init__(self):
"""Create components for the app."""
@ -99,7 +99,8 @@ class SambaApp(app_module.App):
"""Install and configure the app."""
super().setup(old_version)
privileged.setup()
self.enable()
if not old_version:
self.enable()
class SambaBackupRestore(BackupRestore):

8
plinth/modules/samba/privileged.py
View File

@ -39,6 +39,14 @@ CONF = r'''
deadtime = 5
# enable registry based shares
registry shares = yes
# Make sure Samba isn't available over the Internet.
# https://en.wikipedia.org/wiki/localhost
# https://en.wikipedia.org/wiki/Private_network
# https://en.wikipedia.org/wiki/Link-local_address
# https://en.wikipedia.org/wiki/Unique_local_address
access control = yes
hosts allow = 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 [::1] [fc00::]/7 [fe80::]
hosts deny = all
''' # noqa: E501