kill security=share and security=server
Jeremy Allison
jra at samba.org
Thu Jan 27 13:40:45 MST 2011
On Thu, Jan 27, 2011 at 09:37:39PM +0100, Volker Lendecke wrote:
> On Thu, Jan 27, 2011 at 12:34:07PM -0800, Jeremy Allison wrote:
> > > >From my point of view anybody using security=share these
> > > days seems not really interested in latest features and
> > > speed. I would really like to see us to limit sec=share
> > > configs to smb1. Everyone who wants SMB2 needs to change to
> > > security=user anyway, because security=share is not
> > > supported in SMB2.
> >
> > But that's exactly what we're doing. We're just not
> > making them change their smb.conf.
>
> Can you point me at the relevant code lines?
In the current code in v3-6-test - file smbd/smb2_server.c:
2165 void smbd_smb2_first_negprot(struct smbd_server_connection *sconn,
2166 const uint8_t *inbuf, size_t size)
2167 {
2168 NTSTATUS status;
2169 struct smbd_smb2_request *req = NULL;
2170 struct tevent_req *subreq;
2171
2172 if (lp_security() == SEC_SHARE) {
2173 DEBUG(2,("WARNING!!: \"security = share\" is deprecated for "
2174 "SMB2 servers. Mapping to \"security = user\" and "
2175 "\"map to guest = Bad User\"\n" ));
2176 lp_do_parameter(-1, "security", "user");
2177 lp_do_parameter(-1, "map to guest", "Bad User");
2178 }
2179
In the proposed patch:
43 -FN_GLOBAL_INTEGER(lp_security, &Globals.security)
44 +FN_GLOBAL_INTEGER(_lp_security, &Globals.security)
45 +int lp_security(void)
46 +{
47 + int ret = _lp_security();
48 +
49 + if (ret == SEC_SHARE) {
50 + DEBUG(2,("WARNING!!: \"security = share\" is deprecated for "
51 + "SMB and SMB2 servers. Mapping to \"security = user\" and "
52 + "\"map to guest = Bad User\"\n" ));
53 + lp_do_parameter(-1, "security", "user");
54 + lp_do_parameter(-1, "map to guest", "Bad User");
55 + ret = _lp_security();
56 + }
57 + return ret;
58 +}
More information about the samba-technical
mailing list