kill security=share and security=server

Andrew Bartlett abartlet at samba.org
Wed Jan 26 18:20:03 MST 2011 

On Wed, 2011-01-26 at 15:55 -0800, Jeremy Allison wrote:
> On Thu, Jan 27, 2011 at 09:01:02AM +1000, Andrew Bartlett wrote:
> > On Wed, 2011-01-26 at 14:05 -0800, Jeremy Allison wrote:
> > > On Thu, Jan 27, 2011 at 07:50:21AM +1000, Andrew Bartlett wrote:
> > > > 
> > > > I fully support removing security=share over SMB2, and furthermore, I
> > > > would like to see it marked as deprecated even on smb1 so we can
> > > > eventually remove it.  
> > > > 
> > > > If we are trying not to break existing configurations, then we can have
> > > > the deprecated parameter this force the max protocol=smb1.
> > > > 
> > > > There are other ways (map to guest etc) to get what almost all sane
> > > > users of security=share does.  It is also not compatible (we make it
> > > > almost work with kludges) with NTLMv2, which we are trying to move to. 
> > > 
> > > So right now in the code, for SMB2 if you have "security = share",
> > > internally we convert this to:
> > > 
> > > security = user
> > > map to guest = bad user
> > > 
> > > So we actually *have* gotten rid of "security = share"
> > > internally in this case for all practical purposes,
> > > we just don't error out the smb2 connection if someone
> > > set "security = share" in their smb.conf.
> > > 
> > > Does this work for everyone ? Should we do the same
> > > for SMB1 in 3.6.0 ? That would remove the actual code
> > > complexity for "security = share" whilst still allowing
> > > old smb.conf's to work.
> > 
> > I'm happy with this, as long as we also add the deprecation warning (so
> > we don't keep a useless parameter forever).  I disagree with Chris that
> > changing 'security=share -> map to guest = bad user' is that hard to
> > explain (the default for security is already user). 
> 
> Ok, here's a patch to expunge SEC_SHARE from the world :-).
> 
> Internally maps inside loadparm.c.
> 
> Untested (but currently under test :-). Please comment !

It looks good, except that I don't think the _lp_security() function is
right.  I think the override needs to be in the lp_load_ex(), before the
set_server_role().  Otherwise, I think we will print the warning each
time we call lp_security(), rather than just on each smb.conf load.
(Which is more common?)

The other option might be to set the parsing function callback. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the samba-technical mailing list