[SCM] Samba Shared Repository - branch v3-6-test updated

simo idra at samba.org
Wed Jan 26 12:53:07 MST 2011 

On Wed, 2011-01-26 at 11:47 -0800, Jeremy Allison wrote:
> On Wed, Jan 26, 2011 at 02:30:26PM -0500, simo wrote:
> > On Wed, 2011-01-26 at 20:24 +0100, Jeremy Allison wrote:
> > > The branch, v3-6-test has been updated
> > >        via  7bc0737 Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> > >       from  fd74ee5 pidl:Typelist: fix perl warnings about recursiv function calls
> > > 
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> > > 
> > > 
> > > - Log -----------------------------------------------------------------
> > > commit 7bc073743c9c9d892ab00ed236af3ab8c074e75d
> > > Author: Jeremy Allison <jra at samba.org>
> > > Date:   Wed Jan 26 10:50:44 2011 -0800
> > > 
> > >     Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c
> > >     (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> > > 
> > > -----------------------------------------------------------------------
> > > 
> > > Summary of changes:
> > >  source3/smbd/process.c |    1 -
> > >  1 files changed, 0 insertions(+), 1 deletions(-)
> > > 
> > > 
> > > Changeset truncated at 500 lines:
> > > 
> > > diff --git a/source3/smbd/process.c b/source3/smbd/process.c
> > > index 4a93e7f..12ea28a 100644
> > > --- a/source3/smbd/process.c
> > > +++ b/source3/smbd/process.c
> > > @@ -2915,7 +2915,6 @@ void smbd_process(struct smbd_server_connection *sconn)
> > >  	int ret;
> > >  
> > >  	if (lp_maxprotocol() == PROTOCOL_SMB2 &&
> > > -	    lp_security() != SEC_SHARE &&
> > >  	    !lp_async_smb_echo_handler()) {
> > >  		/*
> > >  		 * We're not making the desion here,
> > > 
> > > 
> > 
> > Didn't we decide to *explicitly* disallow security = share on the new
> > protocol to finally get rid of it ?
> > 
> > It can't break anything because we never supported smb2 before, and
> > security = share is just ugly.
> > (and we should disallow security = server on smb2 too)
> 
> Well under SMB2 we explicitly map security=share to "security = user" with
> "map to guest = Bad User" under the covers.
> 
> I didn't want to break existing smb.conf's if people just add
> "max protocol = SMB2" or eventually when SMB2 is enabled by
> default.

A new protocol and a new major version are the only time when we can do
such changes.

I vote for killing security = share over SMB2

Anyone else up to vote for killing it ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list