Add migrations for SMB-related fields

In the DragonFish release we removed the clustering feature from TrueNAS. In prior versions we had some SMB share presets that were exposed only to clustering users via the webui, but were still accessible via the API. These presets existed for TrueCommand purposes to simplify cluster share creation. Unfortunately, some users may have set these via our APIs on non-clustered shares, and so this commit adds a migration to convert them to an appropriate SMB share configuration post-Cobia. Due to a longstanding bug in SCALE, there were circumstances in which pam_mkhomedir would create the directory `/nonexistent` when users had SMB homes shares. Starting in dragonfish / is readonly with the result that the pam_session for users with a home directory of `/nonexistent` to fail, resulting in SMB access being rejected in "obey pam restrictions" is set. This commit adds a migration to force home directories of SMB users to change to /var/empty if it was set to /nonexistent. (cherry picked from commit c268100)
truenas · May 1, 2024 · 56d2a18 · 56d2a18
1 parent dc0bce7
commit 56d2a18
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/src/middlewared/middlewared/alembic/versions/24.04/2024-05-01_15-55_smb_migrate_values.py b/src/middlewared/middlewared/alembic/versions/24.04/2024-05-01_15-55_smb_migrate_values.py
@@ -0,0 +1,63 @@
+"""Fix up SMB paramters and users
+
+Revision ID: f38c2bbe776a
+Revises: d774066c6c0c
+Create Date: 2024-05-01 15:55:42.754331+00:00
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'f38c2bbe776a'
+down_revision = 'd774066c6c0c'
+branch_labels = None
+depends_on = None
+
+SHARE_TABLE = "sharing_cifs_share"
+PURPOSE_KEY = "cifs_purpose"
+READONLY_KEY = "cifs_ro"
+
+USER_TABLE = "account_bsdusers"
+SMB_KEY = "bsdusr_smb"
+HOME_KEY = "bsdusr_home"
+LEGACY_HOME = "/nonexistent"
+EMPTY_DIR = "/var/empty"
+
+
+def upgrade():
+    conn = op.get_bind()
+
+    # convert any cluster READ_ONLY shares to a default share
+    # with readonly checked
+    stmnt = (
+        f"UPDATE {SHARE_TABLE} "
+        f"SET {PURPOSE_KEY} = ?, {READONLY_KEY} = ? "
+        f"WHERE {PURPOSE_KEY} = ?"
+    )
+    conn.execute(stmnt, ['DEFAULT_SHARE', 1, 'READ_ONLY'])
+
+    # convert any cluster DEFAULT_CLUSTER_SHARE shares to
+    # DEFAULT_SHARE
+    stmnt = (
+        f"UPDATE {SHARE_TABLE} "
+        f"SET {PURPOSE_KEY} = ? "
+        f"WHERE {PURPOSE_KEY} = ?"
+    )
+    conn.execute(stmnt, ['DEFAULT_SHARE', 'DEFAULT_CLUSTER_SHARE'])
+
+    # convert any SMB users with a home directory of `/nonexistent` to
+    # having a home directory of `/var/empty`
+    stmnt = (
+       f"UPDATE {USER_TABLE} "
+       f"SET {HOME_KEY} = ? "
+       f"WHERE {HOME_KEY} = ? AND {SMB_KEY} = ?"
+    )
+    conn.execute(stmnt, [EMPTY_DIR, LEGACY_HOME, 1])
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###