From 977657eefd304c7ac8ba2f71d53afdaeb7f59199 Mon Sep 17 00:00:00 2001
From: Alex Oprea <alex.oprea@inteno.se>
Date: Thu, 4 Aug 2016 13:17:39 +0200
Subject: [PATCH] samba: restrict share paths to /mnt refs #9862

	force the share paths to always start with /mnt/
	set wide links to no, in order to not allow soft links
	to be followed outside /mnt/
---
 samba3/files/samba.init        | 3 +++
 samba3/files/smb.conf.template | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/samba3/files/samba.init b/samba3/files/samba.init
index d893d6dda..670281197 100755
--- a/samba3/files/samba.init
+++ b/samba3/files/samba.init
@@ -128,6 +128,9 @@ smb_add_share() {
 
 	[ -z "$name" -o -z "$path" ] && return
 
+	# restrict the shared paths to always be under /mnt/ tree
+	[ "${path:0:4}" == "/mnt" ] || path="/mnt/"$path
+
 	echo -e "\n[$name]\n\tpath = $path" >> /var/etc/smb.conf
 	[ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/smb.conf
 	[ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/smb.conf
diff --git a/samba3/files/smb.conf.template b/samba3/files/smb.conf.template
index 3024d775b..77df26ce8 100644
--- a/samba3/files/smb.conf.template
+++ b/samba3/files/smb.conf.template
@@ -14,6 +14,6 @@
 	guest account = nobody
 	invalid users = root
 	smb passwd file = /etc/samba/smbpasswd
-        interfaces = |INTERFACES|
-        bind interfaces only = yes
-
+	interfaces = |INTERFACES|
+	bind interfaces only = yes
+	wide links = no