kill security=share and security=server

[Volker Lendecke]

On Thu, Jan 27, 2011 at 12:40:45PM -0800, Jeremy Allison wrote:
> On Thu, Jan 27, 2011 at 09:37:39PM +0100, Volker Lendecke wrote:
> > On Thu, Jan 27, 2011 at 12:34:07PM -0800, Jeremy Allison wrote:
> > > > >From my point of view anybody using security=share these
> > > > days seems not really interested in latest features and
> > > > speed. I would really like to see us to limit sec=share
> > > > configs to smb1. Everyone who wants SMB2 needs to change to
> > > > security=user anyway, because security=share is not
> > > > supported in SMB2.
> > > 
> > > But that's exactly what we're doing. We're just not
> > > making them change their smb.conf.
> > 
> > Can you point me at the relevant code lines?
> 
> In the current code in v3-6-test - file smbd/smb2_server.c:
> 
> 2165 void smbd_smb2_first_negprot(struct smbd_server_connection *sconn,
> 2166                              const uint8_t *inbuf, size_t size)
> 2167 {
> 2168         NTSTATUS status;
> 2169         struct smbd_smb2_request *req = NULL;
> 2170         struct tevent_req *subreq;
> 2171 
> 2172         if (lp_security() == SEC_SHARE) {
> 2173                 DEBUG(2,("WARNING!!: \"security = share\" is deprecated for "
> 2174                         "SMB2 servers. Mapping to \"security = user\" and "
> 2175                         "\"map to guest = Bad User\"\n" ));
> 2176                 lp_do_parameter(-1, "security", "user");
> 2177                 lp_do_parameter(-1, "map to guest", "Bad User");
> 2178         }
> 2179 

That's not what I would have expected. I'd have expected
something like

int lp_max_protocol(void)
{
	if (lp_security()==SEC_SHARE) {
		return MIN(PROTO_SMB1, _lp_max_protocol());
	}
	return _lp_max_protocol();
}

Untested, just hacked into this mail. But you know what I
mean.

Volker