Can I kill 'restrict anonymous'?
Jeremy Allison
jra at samba.org
Sat Nov 10 15:33:03 GMT 2001
On Sun, Nov 11, 2001 at 10:24:20AM +1100, Andrew Bartlett wrote:
> Jeremy,
>
> I would like to kill the *very ugly* hack known as 'restrict
> anonymous'. The cvs logs indicate that its an outside patch that you
> applied.
>
> Firstly, remember it is not a security paramater, but is instead used
> for some crazy %U/%G macros exapansion reason.
I checked in 2.2, and the way it is used there is to deny a sessionsetup
with user="", password="", domain="".
> In any case, it isn't honered for the new SPNEGO code, and is badly
> documented. I'm sure that some people think it provides some security
> advantage.
It probably doesn't. Especially in HEAD.
> So, can I kill it?
Actually, what we should do is to honor the intent of it and write
it correctly. What it's trying to do is the same as the registry
key of the same name on WinNT, which is to deny completely anonymous
sessionsetups from being able to download user and group lists for
a server. This does have a security purpose and I'm pretty sure
this was the intent of the original code.
What we should do is use it to try and achieve the same aim as
on NT. In the new auth struct in HEAD, do we have anything that
tells us this was a completely anonymous connect ? If not, we
should add it, and then add a flag to operations that should
be denied for anonymous if "restrict anonymous" is set. We
should probably enable it by default.
Jeremy.
More information about the samba-technical
mailing list