kill security=share and security=server
Andrew Bartlett
abartlet at samba.org
Wed Jan 26 14:50:21 MST 2011
On Wed, 2011-01-26 at 21:14 +0100, Stefan (metze) Metzmacher wrote:
> Am 26.01.2011 20:53, schrieb simo:
> > On Wed, 2011-01-26 at 11:47 -0800, Jeremy Allison wrote:
> >> On Wed, Jan 26, 2011 at 02:30:26PM -0500, simo wrote:
> >>> On Wed, 2011-01-26 at 20:24 +0100, Jeremy Allison wrote:
> >>>> The branch, v3-6-test has been updated
> >>>> via 7bc0737 Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> >>>> from fd74ee5 pidl:Typelist: fix perl warnings about recursiv function calls
> >>>>
> >>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> >>>>
> >>>>
> >>>> - Log -----------------------------------------------------------------
> >>>> commit 7bc073743c9c9d892ab00ed236af3ab8c074e75d
> >>>> Author: Jeremy Allison <jra at samba.org>
> >>>> Date: Wed Jan 26 10:50:44 2011 -0800
> >>>>
> >>>> Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c
> >>>> (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> >>>>
> >>>> -----------------------------------------------------------------------
> >>>>
> >>>> Summary of changes:
> >>>> source3/smbd/process.c | 1 -
> >>>> 1 files changed, 0 insertions(+), 1 deletions(-)
> >>>>
> >>>>
> >>>> Changeset truncated at 500 lines:
> >>>>
> >>>> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
> >>>> index 4a93e7f..12ea28a 100644
> >>>> --- a/source3/smbd/process.c
> >>>> +++ b/source3/smbd/process.c
> >>>> @@ -2915,7 +2915,6 @@ void smbd_process(struct smbd_server_connection *sconn)
> >>>> int ret;
> >>>>
> >>>> if (lp_maxprotocol() == PROTOCOL_SMB2 &&
> >>>> - lp_security() != SEC_SHARE &&
> >>>> !lp_async_smb_echo_handler()) {
> >>>> /*
> >>>> * We're not making the desion here,
> >>>>
> >>>>
> >>>
> >>> Didn't we decide to *explicitly* disallow security = share on the new
> >>> protocol to finally get rid of it ?
> >>>
> >>> It can't break anything because we never supported smb2 before, and
> >>> security = share is just ugly.
> >>> (and we should disallow security = server on smb2 too)
> >>
> >> Well under SMB2 we explicitly map security=share to "security = user" with
> >> "map to guest = Bad User" under the covers.
> >>
> >> I didn't want to break existing smb.conf's if people just add
> >> "max protocol = SMB2" or eventually when SMB2 is enabled by
> >> default.
> >
> > A new protocol and a new major version are the only time when we can do
> > such changes.
> >
> > I vote for killing security = share over SMB2
> >
> > Anyone else up to vote for killing it ?
I fully support removing security=share over SMB2, and furthermore, I
would like to see it marked as deprecated even on smb1 so we can
eventually remove it.
If we are trying not to break existing configurations, then we can have
the deprecated parameter this force the max protocol=smb1.
There are other ways (map to guest etc) to get what almost all sane
users of security=share does. It is also not compatible (we make it
almost work with kludges) with NTLMv2, which we are trying to move to.
The code behind security=share is mind-bogglingly complex, and largely
unchanged since before I started on auth work (I just wrapped it, I
didn't dare change it), and 10 years on I would really like to see it
finally come to an end.
> Does Windows7 supports that, if not we should get rid of it.
> And I'd also love to get rid of security=server
> and auth/auth_server.c
Yes, please deprecate that too. There are more users of security=server
(SMB servers running without IT authorization in large companies), but
we need to put the signal out there that this isn't the right way to
handle the problem, even if we renege on removing the feature in future.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list