[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Nov 7 20:34:03 MST 2011
The branch, master has been updated
via 696a70c s4-provision Remove options for LDAP backend to reduce user confusion
via d61d28b s4-s3-upgrade Add my copyright
via 7af51ca param: Remove duplicate initialization of 'share backend' parameter
via 56e760f s4-smb_server No longer follow the security=share smb.conf directive
via 862b817 selftest: Remove the 'all' environment as it is just too slow to start up
from 5104abd s4-dnsserver: Test forward zones are not listed in reverse zone search
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 696a70c9faac27bcd473b6c2f1444abd267ae6e6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Nov 4 09:07:17 2011 +1100
s4-provision Remove options for LDAP backend to reduce user confusion
We do not support the LDAP backend any more, but keep the code in case someone
comes up with an interesting use case that could leverage this in a very
particular situation. In order to keep the code, we must test it, so
we keep just this much of the support around.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Tue Nov 8 04:33:49 CET 2011 on sn-devel-104
commit d61d28bcccd7079b2de7cbadd7254820e6ae9149
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Nov 1 12:59:02 2011 +1100
s4-s3-upgrade Add my copyright
commit 7af51ca936072823ed4fe51e410818cf15b0e89b
Author: Amitay Isaacs <amitay at gmail.com>
Date: Tue Nov 1 16:29:41 2011 +1100
param: Remove duplicate initialization of 'share backend' parameter
commit 56e760f8f16f41c7879e792b20f53bce11f6e721
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Nov 2 07:43:43 2011 +1100
s4-smb_server No longer follow the security=share smb.conf directive
By ignoring the value of security= from the smb.conf, we can allow this
to instead set the value of 'server role' in a manner compatible
with the Samba 3.x release stream.
Andrew Bartlett
commit 862b81791e24e179cfb3419e331d8d2605475bee
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Sep 24 11:26:48 2011 -0700
selftest: Remove the 'all' environment as it is just too slow to start up
Instead we start the 'dc' environment, and other environments are available as:
make testenv SELFTEST_TESTENV=fl2003dc
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
lib/param/loadparm.c | 2 -
selftest/selftest.pl | 2 +-
selftest/target/Samba4.pm | 59 --------------------
.../scripting/python/samba/provision/__init__.py | 22 +++-----
.../scripting/python/samba/provision/backend.py | 6 +-
source4/scripting/python/samba/upgrade.py | 1 +
source4/scripting/python/samba/upgradehelpers.py | 6 +-
source4/setup/provision | 25 +--------
source4/setup/tests/blackbox_provision-backend.sh | 10 ++--
source4/smb_server/session.c | 3 -
source4/smb_server/smb/negprot.c | 11 +---
source4/smb_server/smb/receive.c | 10 +---
source4/smb_server/smb2/receive.c | 1 -
source4/smb_server/smb_server.h | 1 -
14 files changed, 25 insertions(+), 134 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index e8993a2..2a251c1 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3280,8 +3280,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
- lpcfg_do_global_parameter(lp_ctx, "share backend", "classic");
-
lpcfg_do_global_parameter(lp_ctx, "server role", "standalone");
/* options that can be set on the command line must be initialised via
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index f41ff33..379d7f8 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -487,7 +487,7 @@ if ($opt_target eq "samba") {
if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq "") {
die("You must include --enable-socket-wrapper when compiling Samba in order to execute 'make test'. Exiting....");
}
- $testenv_default = "all";
+ $testenv_default = "dc";
require target::Samba;
$target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime);
} elsif ($opt_target eq "samba3") {
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 029629d..017a277 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1426,65 +1426,6 @@ sub setup_env($$$)
return $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
} elsif ($envname eq "plugin_s4_dc") {
return $self->setup_plugin_s4_dc("$path/plugin_s4_dc");
- } elsif ($envname eq "all") {
- if (not defined($self->{vars}->{dc})) {
- $ENV{ENVNAME} = "dc";
- $self->setup_dc("$path/dc");
- }
- my $ret = $self->setup_member("$path/s4member", $self->{vars}->{dc});
- if (not defined($self->{vars}->{rpc_proxy})) {
- $ENV{ENVNAME} = "rpc_proxy";
- my $rpc_proxy_ret = $self->setup_rpc_proxy("$path/rpc_proxy", $self->{vars}->{dc});
-
- $ret->{RPC_PROXY_SERVER} = $rpc_proxy_ret->{SERVER};
- $ret->{RPC_PROXY_SERVER_IP} = $rpc_proxy_ret->{SERVER_IP};
- $ret->{RPC_PROXY_NETBIOSNAME} = $rpc_proxy_ret->{NETBIOSNAME};
- $ret->{RPC_PROXY_USERNAME} = $rpc_proxy_ret->{USERNAME};
- $ret->{RPC_PROXY_PASSWORD} = $rpc_proxy_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2000dc})) {
- $ENV{ENVNAME} = "fl2000dc";
- my $fl2000dc_ret = $self->setup_fl2000dc("$path/fl2000dc", $self->{vars}->{dc});
-
- $ret->{FL2000DC_SERVER} = $fl2000dc_ret->{SERVER};
- $ret->{FL2000DC_SERVER_IP} = $fl2000dc_ret->{SERVER_IP};
- $ret->{FL2000DC_NETBIOSNAME} = $fl2000dc_ret->{NETBIOSNAME};
- $ret->{FL2000DC_USERNAME} = $fl2000dc_ret->{USERNAME};
- $ret->{FL2000DC_PASSWORD} = $fl2000dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2003dc})) {
- $ENV{ENVNAME} = "fl2003dc";
- my $fl2003dc_ret = $self->setup_fl2003dc("$path/fl2003dc", $self->{vars}->{dc});
-
- $ret->{FL2003DC_SERVER} = $fl2003dc_ret->{SERVER};
- $ret->{FL2003DC_SERVER_IP} = $fl2003dc_ret->{SERVER_IP};
- $ret->{FL2003DC_NETBIOSNAME} = $fl2003dc_ret->{NETBIOSNAME};
- $ret->{FL2003DC_USERNAME} = $fl2003dc_ret->{USERNAME};
- $ret->{FL2003DC_PASSWORD} = $fl2003dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{fl2008r2dc})) {
- $ENV{ENVNAME} = "fl2008r2dc";
- my $fl2008r2dc_ret = $self->setup_fl2008r2dc("$path/fl2008r2dc", $self->{vars}->{dc});
-
- $ret->{FL2008R2DC_SERVER} = $fl2008r2dc_ret->{SERVER};
- $ret->{FL2008R2DC_SERVER_IP} = $fl2008r2dc_ret->{SERVER_IP};
- $ret->{FL2008R2DC_NETBIOSNAME} = $fl2008r2dc_ret->{NETBIOSNAME};
- $ret->{FL2008R2DC_USERNAME} = $fl2008r2dc_ret->{USERNAME};
- $ret->{FL2008R2DC_PASSWORD} = $fl2008r2dc_ret->{PASSWORD};
- }
- if (not defined($self->{vars}->{s3member})) {
- $ENV{ENVNAME} = "s3member";
- my $s3member_ret = $target3->setup_admember("$path/s3member", $self->{vars}->{dc}, 29);
- $self->{vars}->{s3member} = $s3member_ret;
-
- $ret->{S3MEMBER_SERVER} = $s3member_ret->{SERVER};
- $ret->{S3MEMBER_SERVER_IP} = $s3member_ret->{SERVER_IP};
- $ret->{S3MEMBER_NETBIOSNAME} = $s3member_ret->{NETBIOSNAME};
- $ret->{S3MEMBER_NETBIOSALIAS} = $s3member_ret->{NETBIOSALIAS};
- $ret->{S3MEMBER_USERNAME} = $s3member_ret->{USERNAME};
- $ret->{S3MEMBER_PASSWORD} = $s3member_ret->{PASSWORD};
- }
- return $ret;
} else {
return undef;
}
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index a8a5a57..be0e903 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1641,10 +1641,10 @@ def provision(logger, session_info, credentials, smbconf=None,
dns_backend=None, dnspass=None,
invocationid=None, machinepass=None, ntdsguid=None,
root=None, nobody=None, users=None, wheel=None, backup=None, aci=None,
- serverrole=None, dom_for_fun_level=None, ldap_backend_extra_port=None,
- ldap_backend_forced_uri=None, backend_type=None, sitename=None,
- ol_mmr_urls=None, ol_olc=None, setup_ds_path=None, slapd_path=None,
- nosync=False, ldap_dryrun_mode=False, useeadb=False, am_rodc=False,
+ serverrole=None, dom_for_fun_level=None,
+ backend_type=None, sitename=None,
+ ol_mmr_urls=None, ol_olc=None, slapd_path=None,
+ useeadb=False, am_rodc=False,
lp=None):
"""Provision samba4
@@ -1759,30 +1759,24 @@ def provision(logger, session_info, credentials, smbconf=None,
lp=lp, credentials=credentials,
names=names, logger=logger)
elif backend_type == "existing":
+ # If support for this is ever added back, then the URI will need to be specified again
provision_backend = ExistingBackend(backend_type, paths=paths,
lp=lp, credentials=credentials,
names=names, logger=logger,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ ldap_backend_forced_uri=None)
elif backend_type == "fedora-ds":
provision_backend = FDSBackend(backend_type, paths=paths,
lp=lp, credentials=credentials,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_dryrun_mode=ldap_dryrun_mode, root=root,
- setup_ds_path=setup_ds_path,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ root=root)
elif backend_type == "openldap":
provision_backend = OpenLDAPBackend(backend_type, paths=paths,
lp=lp, credentials=credentials,
names=names, logger=logger, domainsid=domainsid,
schema=schema, hostname=hostname, ldapadminpass=ldapadminpass,
- slapd_path=slapd_path,
- ldap_backend_extra_port=ldap_backend_extra_port,
- ldap_dryrun_mode=ldap_dryrun_mode, ol_mmr_urls=ol_mmr_urls,
- nosync=nosync,
- ldap_backend_forced_uri=ldap_backend_forced_uri)
+ slapd_path=slapd_path, ol_mmr_urls=ol_mmr_urls)
else:
raise ValueError("Unknown LDAP backend type selected")
diff --git a/source4/scripting/python/samba/provision/backend.py b/source4/scripting/python/samba/provision/backend.py
index f9dbba8..4ab827b 100644
--- a/source4/scripting/python/samba/provision/backend.py
+++ b/source4/scripting/python/samba/provision/backend.py
@@ -133,7 +133,7 @@ class LDAPBackend(ProvisionBackend):
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None,
slapd_path=None, ldap_backend_extra_port=None,
- ldap_backend_forced_uri=None, ldap_dryrun_mode=False):
+ ldap_backend_forced_uri=None, ldap_dryrun_mode=True):
super(LDAPBackend, self).__init__(backend_type=backend_type,
paths=paths, lp=lp,
@@ -286,7 +286,7 @@ class OpenLDAPBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=False,
+ ldap_backend_extra_port=None, ldap_dryrun_mode=True,
ol_mmr_urls=None, nosync=False, ldap_backend_forced_uri=None):
from samba.provision import setup_path
super(OpenLDAPBackend, self).__init__( backend_type=backend_type,
@@ -568,7 +568,7 @@ class FDSBackend(LDAPBackend):
def __init__(self, backend_type, paths=None, lp=None,
credentials=None, names=None, logger=None, domainsid=None,
schema=None, hostname=None, ldapadminpass=None, slapd_path=None,
- ldap_backend_extra_port=None, ldap_dryrun_mode=False, root=None,
+ ldap_backend_extra_port=None, ldap_dryrun_mode=True, root=None,
setup_ds_path=None):
from samba.provision import setup_path
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 67dd333..3acb1fa 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -1,5 +1,6 @@
# backend code for upgrading from Samba3
# Copyright Jelmer Vernooij 2005-2007
+# Copyright Andrew Bartlett 2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/source4/scripting/python/samba/upgradehelpers.py b/source4/scripting/python/samba/upgradehelpers.py
index 043f629..3d1aa7a 100755
--- a/source4/scripting/python/samba/upgradehelpers.py
+++ b/source4/scripting/python/samba/upgradehelpers.py
@@ -266,11 +266,11 @@ def newprovision(names, creds, session, smbconf, provdir, logger):
invocationid=names.invocation, adminpass=names.adminpass,
krbtgtpass=None, machinepass=None, dnspass=None, root=None,
nobody=None, wheel=None, users=None,
- serverrole="domain controller", ldap_backend_extra_port=None,
+ serverrole="domain controller",
backend_type=None, ldapadminpass=None, ol_mmr_urls=None,
- slapd_path=None, setup_ds_path=None, nosync=None,
+ slapd_path=None,
dom_for_fun_level=names.domainlevel, dns_backend=dns_backend,
- ldap_dryrun_mode=None, useeadb=True)
+ useeadb=True)
def dn_sort(x, y):
diff --git a/source4/setup/provision b/source4/setup/provision
index bae86ee..1d847de 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -102,14 +102,9 @@ parser.add_option("--users", type="string", metavar="GROUPNAME",
parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--blank", action="store_true",
help="do not add users or groups, just the structure")
-parser.add_option("--ldap-backend-extra-port", type="int", metavar="LDAP-BACKEND-EXTRA-PORT",
- help="Additional TCP port for LDAP backend server (to use for replication)")
-parser.add_option("--ldap-backend-forced-uri", type="string", metavar="LDAP-BACKEND-FORCED-URI",
- help="Force the LDAP backend connection to be to a particular URI. Use this ONLY for 'existing' backends, or when debugging the interaction with the LDAP backend and you need to intercept the LDAP traffic")
parser.add_option("--ldap-backend-type", type="choice", metavar="LDAP-BACKEND-TYPE",
- help="LDAP backend type (fedora-ds or openldap)",
+ help="Test initialisation support for unsupported LDAP backend type (fedora-ds or openldap) DO NOT USE",
choices=["fedora-ds", "openldap"])
-parser.add_option("--ldap-backend-nosync", help="Configure LDAP backend not to call fsync() (for performance in test environments)", action="store_true")
parser.add_option("--server-role", type="choice", metavar="ROLE",
choices=["domain controller", "dc", "member server", "member", "standalone"],
help="The server role (domain controller | dc | member server | member | standalone). Default is dc.")
@@ -126,10 +121,7 @@ parser.add_option("--ol-mmr-urls", type="string", metavar="LDAPSERVER",
help="List of LDAP-URLS [ ldap://<FQHN>:<PORT>/ (where <PORT> has to be different than 389!) ] separated with comma (\",\") for use with OpenLDAP-MMR (Multi-Master-Replication), e.g.: \"ldap://s4dc1:9000,ldap://s4dc2:9000\"")
parser.add_option("--slapd-path", type="string", metavar="SLAPD-PATH",
help="Path to slapd for LDAP backend [e.g.:'/usr/local/libexec/slapd']. Required for Setup with LDAP-Backend. OpenLDAP Version >= 2.4.17 should be used.")
-parser.add_option("--setup-ds-path", type="string", metavar="SETUP_DS-PATH",
- help="Path to setup-ds.pl script for Fedora DS LDAP backend [e.g.:'/usr/sbin/setup-ds.pl']. Required for Setup with Fedora DS backend.")
parser.add_option("--use-xattrs", type="choice", choices=["yes", "no", "auto"], help="Define if we should use the native fs capabilities or a tdb file for storing attributes likes ntacl, auto tries to make an inteligent guess based on the user rights and system capabilities", default="auto")
-parser.add_option("--ldap-dryrun-mode", help="Configure LDAP backend, but do not run any binaries and exit early. Used only for the test environment. DO NOT USE", action="store_true")
opts = parser.parse_args()[0]
@@ -248,16 +240,6 @@ elif opts.use_xattrs == "auto" and not lp.get("posix:eadb"):
"If you intend to use this provision in production, rerun the script as root on a system supporting xattrs.")
file.close()
-
-if opts.ldap_backend_type == "existing":
- if opts.ldap_backend_forced_uri is not None:
- logger.warn("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at %s" % opts.ldap_backend_forced_uri)
- else:
- logger.info("You have specified to use an existing LDAP server as the backend, please make sure an LDAP server is running at the default location")
-else:
- if opts.ldap_backend_forced_uri is not None:
- logger.warn("You have specified to use an fixed URI %s for connecting to your LDAP server backend. This is NOT RECOMMENDED, as our default communiation over ldapi:// is more secure and much less prone to unexpected failure or interaction" % opts.ldap_backend_forced_uri)
-
session = system_session()
try:
provision(logger,
@@ -273,12 +255,9 @@ try:
dnspass=opts.dnspass, root=opts.root, nobody=opts.nobody,
wheel=opts.wheel, users=opts.users,
serverrole=server_role, dom_for_fun_level=dom_for_fun_level,
- ldap_backend_extra_port=opts.ldap_backend_extra_port,
- ldap_backend_forced_uri=opts.ldap_backend_forced_uri,
backend_type=opts.ldap_backend_type,
ldapadminpass=opts.ldapadminpass, ol_mmr_urls=opts.ol_mmr_urls,
- slapd_path=opts.slapd_path, setup_ds_path=opts.setup_ds_path,
- nosync=opts.ldap_backend_nosync, ldap_dryrun_mode=opts.ldap_dryrun_mode,
+ slapd_path=opts.slapd_path,
useeadb=eadb, next_rid=opts.next_rid, lp=lp)
except ProvisioningError, e:
print str(e)
diff --git a/source4/setup/tests/blackbox_provision-backend.sh b/source4/setup/tests/blackbox_provision-backend.sh
index 58fde63..96ff753 100755
--- a/source4/setup/tests/blackbox_provision-backend.sh
+++ b/source4/setup/tests/blackbox_provision-backend.sh
@@ -12,13 +12,13 @@ shift 1
. `dirname $0`/../../../testprogs/blackbox/subunit.sh
-testit "openldap-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null
-testit "openldap-mmr-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --ldap-dryrun-mode --slapd-path=/dev/null --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux
-testit "fedora-ds-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --ldap-dryrun-mode --slapd-path=/dev/null
+testit "openldap-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null
+testit "openldap-mmr-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-mmr-backend --ol-mmr-urls="ldap://s4dc1.test:9000,ldap://s4dc2.test:9000" --slapd-path=/dev/null --username=samba-admin --password=linux --adminpass=linux --ldapadminpass=linux
+testit "fedora-ds-backend" $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend --slapd-path=/dev/null
reprovision() {
- $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null
- $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --ldap-dryrun-mode --slapd-path=/dev/null
+ $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --slapd-path=/dev/null
+ $PYTHON $SRCDIR/source4/setup/provision --domain=FOO --realm=foo.example.com --ldap-backend-type=openldap --targetdir=$PREFIX/openldap-backend-reprovision --slapd-path=/dev/null
}
testit "reprovision-backend" reprovision
diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c
index 53193c5..3cb6576 100644
--- a/source4/smb_server/session.c
+++ b/source4/smb_server/session.c
@@ -140,9 +140,6 @@ struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
struct smbsrv_session *sess = NULL;
int i;
- /* Ensure no vuid gets registered in share level security. */
- if (smb_conn->config.security == SEC_SHARE) return NULL;
-
sess = talloc_zero(mem_ctx, struct smbsrv_session);
if (!sess) return NULL;
sess->smb_conn = smb_conn;
diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 2a31f9f..8621666 100644
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -125,9 +125,6 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
- if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
if (req->smb_conn->negotiate.encrypted_passwords)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
@@ -183,9 +180,6 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
- if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
if (req->smb_conn->negotiate.encrypted_passwords)
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
@@ -263,7 +257,6 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
supports it and we can do encrypted passwords */
if (req->smb_conn->negotiate.encrypted_passwords &&
- (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) &&
lpcfg_use_spnego(req->smb_conn->lp_ctx) &&
(req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
negotiate_spnego = true;
@@ -301,9 +294,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
capabilities |= CAP_DFS;
}
- if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) {
- secword |= NEGOTIATE_SECURITY_USER_LEVEL;
- }
+ secword |= NEGOTIATE_SECURITY_USER_LEVEL;
if (req->smb_conn->negotiate.encrypted_passwords) {
secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c
index 04b0917..8e3bab8 100644
--- a/source4/smb_server/smb/receive.c
+++ b/source4/smb_server/smb/receive.c
@@ -492,14 +492,7 @@ static void switch_message(int type, struct smbsrv_request *req)
hasn't already been initialised (to cope with SMB
chaining) */
- /* In share mode security we must ignore the vuid. */
- if (smb_conn->config.security == SEC_SHARE) {
- if (req->tcon) {
- req->session = req->tcon->sec_share.session;
- }
- } else {
- req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
- }
+ req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
}
task_id = server_id_str(NULL, &req->smb_conn->connection->server_id);
@@ -670,7 +663,6 @@ NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct l
smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
- smb_conn->config.security = lpcfg_security(lp_ctx);
smb_conn->config.nt_status_support = lpcfg_nt_status_support(lp_ctx);
status = smbsrv_init_sessions(smb_conn, UINT16_MAX);
diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 0ebf8f3..141fdd8 100644
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -692,7 +692,6 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
- smb_conn->config.security = SEC_USER;
smb_conn->config.nt_status_support = true;
status = smbsrv_init_sessions(smb_conn, UINT64_MAX);
diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h
index 6fcd978..ab55544 100644
--- a/source4/smb_server/smb_server.h
+++ b/source4/smb_server/smb_server.h
@@ -370,7 +370,6 @@ struct smbsrv_connection {
/* configuration parameters */
struct {
- enum security_types security;
bool nt_status_support;
} config;
--
Samba Shared Repository
More information about the samba-cvs
mailing list