[Samba] PROPOSAL: Remove SWAT in Samba 4.1

[Kai Blin]

On 12/10/2013 5:14, Tim Chambers wrote:

Hi Tim,

> I have used SWAT as the starting point for creating the config but then resort to manually changing the config.

That probably is a pretty valid use case for SWAT. :)

> A single big file that lists and documents the samba options would be too big and complicated. There are too many parameters that depend on many others (many-to-many). It would be better to break the documentation done to target different use cases and present as templates of samba config files.

We do already have that big file that lists and documents all the
options, though. Try "man smb.conf" :)

> Maybe have a web app that steps through the process and creates a samba config file ready for the user to download (you can upload existing file and download new file without the web server nor a SWAT service that has direct access to the admin file system). Less convenient but more secure.

That seems like a great beginner project, maybe something to consider
for the next Summer of Code.

> Alternative would be a GUI client app that can authenticate with and securely communicate with a service running on the server to configure SAMBA. But this may have it's own problems of complexity and security and thus more developer time required.

I would be less worried about this, the thing that has bitten us
repeatedly with SWAT basically all came down to the browser being
insecure and thus allowing cross-site request forgeries and other nasty
things like that. All the SWAT issues I fixed in the last years had
attack scenarios like "if the user is logged into SWAT as root and then
visits a malicious website in another tab". Won't happen with a
standalone app. :)
Again probably something well-suited for a person new to samba
development, as it has a pretty clear scope.

Cheers,
Kai

-- 
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/