kill security=share and security=server (Re: [SCM] Samba Shared Repository - branch v3-6-test updated)
Stefan (metze) Metzmacher
metze at samba.org
Wed Jan 26 13:14:06 MST 2011
Am 26.01.2011 20:53, schrieb simo:
> On Wed, 2011-01-26 at 11:47 -0800, Jeremy Allison wrote:
>> On Wed, Jan 26, 2011 at 02:30:26PM -0500, simo wrote:
>>> On Wed, 2011-01-26 at 20:24 +0100, Jeremy Allison wrote:
>>>> The branch, v3-6-test has been updated
>>>> via 7bc0737 Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
>>>> from fd74ee5 pidl:Typelist: fix perl warnings about recursiv function calls
>>>>
>>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
>>>>
>>>>
>>>> - Log -----------------------------------------------------------------
>>>> commit 7bc073743c9c9d892ab00ed236af3ab8c074e75d
>>>> Author: Jeremy Allison <jra at samba.org>
>>>> Date: Wed Jan 26 10:50:44 2011 -0800
>>>>
>>>> Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c
>>>> (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
>>>>
>>>> -----------------------------------------------------------------------
>>>>
>>>> Summary of changes:
>>>> source3/smbd/process.c | 1 -
>>>> 1 files changed, 0 insertions(+), 1 deletions(-)
>>>>
>>>>
>>>> Changeset truncated at 500 lines:
>>>>
>>>> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
>>>> index 4a93e7f..12ea28a 100644
>>>> --- a/source3/smbd/process.c
>>>> +++ b/source3/smbd/process.c
>>>> @@ -2915,7 +2915,6 @@ void smbd_process(struct smbd_server_connection *sconn)
>>>> int ret;
>>>>
>>>> if (lp_maxprotocol() == PROTOCOL_SMB2 &&
>>>> - lp_security() != SEC_SHARE &&
>>>> !lp_async_smb_echo_handler()) {
>>>> /*
>>>> * We're not making the desion here,
>>>>
>>>>
>>>
>>> Didn't we decide to *explicitly* disallow security = share on the new
>>> protocol to finally get rid of it ?
>>>
>>> It can't break anything because we never supported smb2 before, and
>>> security = share is just ugly.
>>> (and we should disallow security = server on smb2 too)
>>
>> Well under SMB2 we explicitly map security=share to "security = user" with
>> "map to guest = Bad User" under the covers.
>>
>> I didn't want to break existing smb.conf's if people just add
>> "max protocol = SMB2" or eventually when SMB2 is enabled by
>> default.
>
> A new protocol and a new major version are the only time when we can do
> such changes.
>
> I vote for killing security = share over SMB2
>
> Anyone else up to vote for killing it ?
Does Windows7 supports that, if not we should get rid of it.
And I'd also love to get rid of security=server
and auth/auth_server.c
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110126/c43ca565/attachment.pgp>
More information about the samba-technical
mailing list