kill security=share and security=server (Re: [SCM] Samba Shared Repository - branch v3-6-test updated)

Stefan (metze) Metzmacher metze at samba.org
Wed Jan 26 13:14:06 MST 2011


Am 26.01.2011 20:53, schrieb simo:
> On Wed, 2011-01-26 at 11:47 -0800, Jeremy Allison wrote:
>> On Wed, Jan 26, 2011 at 02:30:26PM -0500, simo wrote:
>>> On Wed, 2011-01-26 at 20:24 +0100, Jeremy Allison wrote:
>>>> The branch, v3-6-test has been updated
>>>>        via  7bc0737 Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
>>>>       from  fd74ee5 pidl:Typelist: fix perl warnings about recursiv function calls
>>>>
>>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
>>>>
>>>>
>>>> - Log -----------------------------------------------------------------
>>>> commit 7bc073743c9c9d892ab00ed236af3ab8c074e75d
>>>> Author: Jeremy Allison <jra at samba.org>
>>>> Date:   Wed Jan 26 10:50:44 2011 -0800
>>>>
>>>>     Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c
>>>>     (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
>>>>
>>>> -----------------------------------------------------------------------
>>>>
>>>> Summary of changes:
>>>>  source3/smbd/process.c |    1 -
>>>>  1 files changed, 0 insertions(+), 1 deletions(-)
>>>>
>>>>
>>>> Changeset truncated at 500 lines:
>>>>
>>>> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
>>>> index 4a93e7f..12ea28a 100644
>>>> --- a/source3/smbd/process.c
>>>> +++ b/source3/smbd/process.c
>>>> @@ -2915,7 +2915,6 @@ void smbd_process(struct smbd_server_connection *sconn)
>>>>  	int ret;
>>>>  
>>>>  	if (lp_maxprotocol() == PROTOCOL_SMB2 &&
>>>> -	    lp_security() != SEC_SHARE &&
>>>>  	    !lp_async_smb_echo_handler()) {
>>>>  		/*
>>>>  		 * We're not making the desion here,
>>>>
>>>>
>>>
>>> Didn't we decide to *explicitly* disallow security = share on the new
>>> protocol to finally get rid of it ?
>>>
>>> It can't break anything because we never supported smb2 before, and
>>> security = share is just ugly.
>>> (and we should disallow security = server on smb2 too)
>>
>> Well under SMB2 we explicitly map security=share to "security = user" with
>> "map to guest = Bad User" under the covers.
>>
>> I didn't want to break existing smb.conf's if people just add
>> "max protocol = SMB2" or eventually when SMB2 is enabled by
>> default.
> 
> A new protocol and a new major version are the only time when we can do
> such changes.
> 
> I vote for killing security = share over SMB2
> 
> Anyone else up to vote for killing it ?

Does Windows7 supports that, if not we should get rid of it.

And I'd also love to get rid of security=server
and auth/auth_server.c

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110126/c43ca565/attachment.pgp>


More information about the samba-technical mailing list