[RFC] Discontinuing SWAT

Andrew Bartlett abartlet at samba.org
Fri Apr 26 00:15:14 MDT 2013

On Fri, 2013-04-26 at 08:00 +0200, Jelmer Vernooij wrote:
> On Fri, Apr 26, 2013 at 08:33:47AM +1000, Andrew Bartlett wrote:
> > On Thu, 2013-04-25 at 23:48 +0200, Kai Blin wrote:
> > > Hi folks,
> > > 
> > > I think it's time to put SWAT out of its misery. In the past few years,
> > > the only commits ever touching it were either API housekeeping or fixing
> > > remote root exploit security issues.
> > > 
> > > The last time we had to do the latter, I accidentally broke password
> > > changes for users, and neither me nor any of the people reviewing the
> > > changes noticed. I take that as a sign that nobody is really interested
> > > in maintaining SWAT, and I think it is becoming a larger liability over
> > > time. Considering how large of an attack surface a web app is offering,
> > > we should not have one of them in our core release.
> > > 
> > > There might be the need for a web-based samba configuration tool, but I
> > > don't think SWAT is fulfilling that need well enough.
> > 
> > The main thing I've see folks really want from SWAT is the connection
> > between the smb.conf parameter and the help section.  We may well be
> > able to solve that simply with a testparm option that prints the manpage
> > section after each parameter. 
> > 
> > I'll also note that this is the second time removing it has been
> > proposed (I did so in Feb), and there were no violent objections last
> > time, just the above desire that SWAT's sections and manpage link made
> > the smb.conf more accessible.  Perhaps make 'SWAT GTK rewrite' a SoC
> > project and see if we get any takers?
> What is "SWAT GTK" ?

I was thinking have SWAT expressed as a GTK app, rather than a web app
where we have to play web security games and do authentication.  It was
just a thought bubble that someone could just have it write GTK forms
rather than HTML forms, or render the current code into some simple
client-side HTML renderer but never involve a real HTTP server. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list