kill security=share and security=server (Re: [SCM] Samba Shared Repository - branch v3-6-test updated)

simo idra at samba.org
Wed Jan 26 13:22:25 MST 2011 

On Wed, 2011-01-26 at 21:14 +0100, Stefan (metze) Metzmacher wrote:
> Am 26.01.2011 20:53, schrieb simo:
> > On Wed, 2011-01-26 at 11:47 -0800, Jeremy Allison wrote:
> >> On Wed, Jan 26, 2011 at 02:30:26PM -0500, simo wrote:
> >>> On Wed, 2011-01-26 at 20:24 +0100, Jeremy Allison wrote:
> >>>> The branch, v3-6-test has been updated
> >>>>        via  7bc0737 Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> >>>>       from  fd74ee5 pidl:Typelist: fix perl warnings about recursiv function calls
> >>>>
> >>>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> >>>>
> >>>>
> >>>> - Log -----------------------------------------------------------------
> >>>> commit 7bc073743c9c9d892ab00ed236af3ab8c074e75d
> >>>> Author: Jeremy Allison <jra at samba.org>
> >>>> Date:   Wed Jan 26 10:50:44 2011 -0800
> >>>>
> >>>>     Allow "security = share" with SMB2. We already handle this in smb2/smb2_server.c
> >>>>     (cherry picked from commit de53c1e30ddbc640fd0755cf38a40e9e0acac309)
> >>>>
> >>>> -----------------------------------------------------------------------
> >>>>
> >>>> Summary of changes:
> >>>>  source3/smbd/process.c |    1 -
> >>>>  1 files changed, 0 insertions(+), 1 deletions(-)
> >>>>
> >>>>
> >>>> Changeset truncated at 500 lines:
> >>>>
> >>>> diff --git a/source3/smbd/process.c b/source3/smbd/process.c
> >>>> index 4a93e7f..12ea28a 100644
> >>>> --- a/source3/smbd/process.c
> >>>> +++ b/source3/smbd/process.c
> >>>> @@ -2915,7 +2915,6 @@ void smbd_process(struct smbd_server_connection *sconn)
> >>>>  	int ret;
> >>>>  
> >>>>  	if (lp_maxprotocol() == PROTOCOL_SMB2 &&
> >>>> -	    lp_security() != SEC_SHARE &&
> >>>>  	    !lp_async_smb_echo_handler()) {
> >>>>  		/*
> >>>>  		 * We're not making the desion here,
> >>>>
> >>>>
> >>>
> >>> Didn't we decide to *explicitly* disallow security = share on the new
> >>> protocol to finally get rid of it ?
> >>>
> >>> It can't break anything because we never supported smb2 before, and
> >>> security = share is just ugly.
> >>> (and we should disallow security = server on smb2 too)
> >>
> >> Well under SMB2 we explicitly map security=share to "security = user" with
> >> "map to guest = Bad User" under the covers.
> >>
> >> I didn't want to break existing smb.conf's if people just add
> >> "max protocol = SMB2" or eventually when SMB2 is enabled by
> >> default.
> > 
> > A new protocol and a new major version are the only time when we can do
> > such changes.
> > 
> > I vote for killing security = share over SMB2
> > 
> > Anyone else up to vote for killing it ?
> 
> Does Windows7 supports that, if not we should get rid of it.

Sharing that way or using such shares ?

> And I'd also love to get rid of security=server
> and auth/auth_server.c

+1

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>

More information about the samba-technical mailing list