[PATCH] remove "only user" and "username" options
Jeremy Allison
jra at samba.org
Thu May 5 22:48:46 UTC 2016
On Wed, Apr 06, 2016 at 09:05:35AM +0300, Uri Simchoni wrote:
> Hi,
>
> Following patch removes "only user" and "username" parameters.
>
> These parameters have been deprecated 5 years ago in commit
> 46168e99f7c6116b96335635ad974c7d8e20948e, and then 4 years ago, in
> commit d7bb961859a3501aec4d28842bfffb6190d19a73 , they became completely
> redundant with "valid users". So we have a parameter that's been
> redundant for over 4 years now.
>
> Pls come out with the pitchforks...
Out come the pitchforks to remove :-).
LGTM. Thanks a *LOT* for tidying up old cruft like this.
Pushed.
> From 42ececbcca0ec5057ae4015151906c2232702049 Mon Sep 17 00:00:00 2001
> From: Uri Simchoni <uri at samba.org>
> Date: Wed, 6 Apr 2016 07:44:48 +0300
> Subject: [PATCH 1/3] Reset WHATSNEW.txt for 4.5.x series
>
> Signed-off-by: Uri Simchoni <uri at samba.org>
> ---
> WHATSNEW.txt | 206 +----------------------------------------------------------
> 1 file changed, 2 insertions(+), 204 deletions(-)
>
> diff --git a/WHATSNEW.txt b/WHATSNEW.txt
> index d81e1ed6..ae4f4c0 100644
> --- a/WHATSNEW.txt
> +++ b/WHATSNEW.txt
> @@ -1,12 +1,12 @@
> Release Announcements
> =====================
>
> -This is the first release candidate of Samba 4.4. This is *not*
> +This is the first release candidate of Samba 4.5. This is *not*
> intended for production environments and is designed for testing
> purposes only. Please report any defects via the Samba bug reporting
> system at https://bugzilla.samba.org/.
>
> -Samba 4.4 will be the next version of the Samba suite.
> +Samba 4.5 will be the next version of the Samba suite.
>
>
> UPGRADING
> @@ -18,216 +18,14 @@ Nothing special.
> NEW FEATURES/CHANGES
> ====================
>
> -Asynchronous flush requests
> ----------------------------
> -
> -Flush requests from SMB2/3 clients are handled asynchronously and do
> -not block the processing of other requests. Note that 'strict sync'
> -has to be set to 'yes' for Samba to honor flush requests from SMB
> -clients.
> -
> -s3: smbd
> ---------
> -
> -Remove '--with-aio-support' configure option. We no longer would ever prefer
> -POSIX-RT aio, use pthread_aio instead.
> -
> -samba-tool sites
> -----------------
> -
> -The 'samba-tool sites' subcommand can now be run against another server by
> -specifying an LDB URL using the '-H' option and not against the local database
> -only (which is still the default when no URL is given).
> -
> -samba-tool domain demote
> -------------------------
> -
> -Add '--remove-other-dead-server' option to 'samba-tool domain demote'
> -subcommand. The new version of this tool now can remove another DC that is
> -itself offline. The '--remove-other-dead-server' removes as many references
> -to the DC as possible.
> -
> -samba-tool drs clone-dc-database
> ---------------------------------
> -
> -Replicate an initial clone of domain, but do not join it.
> -This is developed for debugging purposes, but not for setting up another DC.
> -
> -pdbedit
> --------
> -
> -Add '--set-nt-hash' option to pdbedit to update user password from nt-hash
> -hexstring. 'pdbedit -vw' shows also password hashes.
> -
> -smbstatus
> ----------
> -
> -'smbstatus' was enhanced to show the state of signing and encryption for
> -sessions and shares.
> -
> -smbget
> -------
> -The -u and -p options for user and password were replaced by the -U option that
> -accepts username[%password] as in many other tools of the Samba suite.
> -Similary, smbgetrc files do not accept username and password options any more,
> -only a single "user" option which also accepts user%password combinations.
> -The -P option was removed.
> -
> -s4-rpc_server
> --------------
> -
> -Add a GnuTLS based backupkey implementation.
> -
> -ntlm_auth
> ----------
> -
> -Using the '--offline-logon' enables ntlm_auth to use cached passwords when the
> -DC is offline.
> -
> -Allow '--password' force a local password check for ntlm-server-1 mode.
> -
> -vfs_offline
> ------------
> -
> -A new VFS module called vfs_offline has been added to mark all files in the
> -share as offline. It can be useful for shares mounted on top of a remote file
> -system (either through a samba VFS module or via FUSE).
> -
> -KCC
> ----
> -
> -The Samba KCC has been improved, but is still disabled by default.
> -
> -DNS
> ----
> -
> -There were several improvements concerning the Samba DNS server.
> -
> -Active Directory
> -----------------
> -
> -There were some improvements in the Active Directory area.
> -
> -WINS nsswitch module
> ---------------------
> -
> -The WINS nsswitch module has been rewritten to address memory issues and to
> -simplify the code. The module now uses libwbclient to do WINS queries. This
> -means that winbind needs to be running in order to resolve WINS names using
> -the nss_wins module. This does not affect smbd.
> -
> -CTDB changes
> -------------
> -
> -* CTDB now uses a newly implemented parallel database recovery scheme
> - that avoids deadlocks with smbd.
> -
> - In certain circumstances CTDB and smbd could deadlock. The new
> - recovery implementation avoid this. It also provides improved
> - recovery performance.
> -
> -* All files are now installed into and referred to by the paths
> - configured at build time. Therefore, CTDB will now work properly
> - when installed into the default location at /usr/local.
> -
> -* Public CTDB header files are no longer installed, since Samba and
> - CTDB are built from within the same source tree.
> -
> -* CTDB_DBDIR can now be set to tmpfs[:<tmpfs-options>]
> -
> - This will cause volatile TDBs to be located in a tmpfs. This can
> - help to avoid performance problems associated with contention on the
> - disk where volatile TDBs are usually stored. See ctdbd.conf(5) for
> - more details.
> -
> -* Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used.
> - Instead, nodes should be annotated with the "slave-only" option in
> - the CTDB NAT gateway nodes file. This file must be consistent
> - across nodes in a NAT gateway group. See ctdbd.conf(5) for more
> - details.
> -
> -* New event script 05.system allows various system resources to be
> - monitored
> -
> - This can be helpful for explaining poor performance or unexpected
> - behaviour. New configuration variables are
> - CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and
> - CTDB_MONITOR_SWAP_USAGE. Default values cause warnings to be
> - logged. See the SYSTEM RESOURCE MONITORING CONFIGURATION in
> - ctdbd.conf(5) for more information.
> -
> - The memory, swap and filesystem usage monitoring previously found in
> - 00.ctdb and 40.fs_use is no longer available. Therefore,
> - configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY,
> - CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are
> - now ignored.
> -
> -* The 62.cnfs eventscript has been removed. To get a similar effect
> - just do something like this:
> -
> - mmaddcallback ctdb-disable-on-quorumLoss \
> - --command /usr/bin/ctdb \
> - --event quorumLoss --parms "disable"
> -
> - mmaddcallback ctdb-enable-on-quorumReached \
> - --command /usr/bin/ctdb \
> - --event quorumReached --parms "enable"
> -
> -* The CTDB tunable parameter EventScriptTimeoutCount has been renamed
> - to MonitorTimeoutCount
> -
> - It has only ever been used to limit timed-out monitor events.
> -
> - Configurations containing CTDB_SET_EventScriptTimeoutCount=<n> will
> - cause CTDB to fail at startup. Useful messages will be logged.
> -
> -* The commandline option "-n all" to CTDB tool has been removed.
> -
> - The option was not uniformly implemented for all the commands.
> - Instead of command "ctdb ip -n all", use "ctdb ip all".
> -
> -* All CTDB current manual pages are now correctly installed
> -
> -
> REMOVED FEATURES
> ================
>
> -Public headers
> ---------------
> -
> -Several public headers are not installed any longer. They are made for internal
> -use only. More public headers will very likely be removed in future releases.
> -
> -The following headers are not installed any longer:
> -dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h,
> -gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h,
> -gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h,
> -ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h,
> -smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h,
> -smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h,
> -smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h,
> -smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h,
> -torture.h, tstream_smbXcli_np.h.
> -
> -vfs_smb_traffic_analyzer
> -------------------------
> -
> -The SMB traffic analyzer VFS module has been removed, because it is not
> -maintained any longer and not widely used.
> -
> -vfs_scannedonly
> ----------------
> -
> -The scannedonly VFS module has been removed, because it is not maintained
> -any longer.
> -
> smb.conf changes
> ----------------
>
> Parameter Name Description Default
> -------------- ----------- -------
> - aio max threads New 100
> - ldap page size Changed default 1000
>
>
> KNOWN ISSUES
> --
> 2.5.5
>
>
> From 37246139f3c91ca4845424e9ad4815a543318e74 Mon Sep 17 00:00:00 2001
> From: Uri Simchoni <uri at samba.org>
> Date: Wed, 6 Apr 2016 08:50:27 +0300
> Subject: [PATCH 2/3] smbd: remove "only user" and "username" parameters
>
> These have long been superseded by "valid users"
>
> Signed-off-by: Uri Simchoni <uri at samba.org>
> ---
> docs-xml/smbdotconf/security/onlyuser.xml | 22 ----------------------
> docs-xml/smbdotconf/security/username.xml | 25 -------------------------
> source3/param/loadparm.c | 3 ---
> source3/smbd/share_access.c | 20 ++------------------
> 4 files changed, 2 insertions(+), 68 deletions(-)
> delete mode 100644 docs-xml/smbdotconf/security/onlyuser.xml
> delete mode 100644 docs-xml/smbdotconf/security/username.xml
>
> diff --git a/docs-xml/smbdotconf/security/onlyuser.xml b/docs-xml/smbdotconf/security/onlyuser.xml
> deleted file mode 100644
> index 3b62ba6..0000000
> --- a/docs-xml/smbdotconf/security/onlyuser.xml
> +++ /dev/null
> @@ -1,22 +0,0 @@
> -<samba:parameter name="only user"
> - type="boolean"
> - context="S"
> - deprecated="1"
> - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> -<description>
> - <para>To restrict a service to a particular set of users you
> - can use the <smbconfoption name="valid users"/> parameter.</para>
> -
> - <para>This parameter is deprecated</para>
> -
> - <para>However, it currently operates only in conjunction with
> - <smbconfoption name="username"/>. The supported way to restrict
> - a service to a particular set of users is the
> - <smbconfoption name="valid users"/> parameter.</para>
> -
> -</description>
> -
> -<related>user</related>
> -
> -<value type="default">no</value>
> -</samba:parameter>
> diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml
> deleted file mode 100644
> index a04a997..0000000
> --- a/docs-xml/smbdotconf/security/username.xml
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -<samba:parameter name="username"
> - context="S"
> - type="string"
> - deprecated="1"
> - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
> -<synonym>user</synonym>
> -<synonym>users</synonym>
> -<description>
> - <para>To restrict a service to a particular set of users you
> - can use the <smbconfoption name="valid users"/> parameter.</para>
> -
> - <para>This parameter is deprecated</para>
> -
> - <para>However, it currently operates only in conjunction with
> - <smbconfoption name="only user"/>. The supported way to restrict
> - a service to a particular set of users is the
> - <smbconfoption name="valid users"/> parameter.</para>
> -
> -</description>
> -
> -<value type="default"><comment>The guest account if a guest service,
> - else <empty string>.</comment></value>
> -
> -<value type="example">fred, mary, jack, jane, @users, @pcgroup</value>
> -</samba:parameter>
> diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> index 1f8e578..1dcd76a 100644
> --- a/source3/param/loadparm.c
> +++ b/source3/param/loadparm.c
> @@ -117,7 +117,6 @@ static struct loadparm_service sDefault =
> .usershare_last_mod = {0, 0},
> .szService = NULL,
> .path = NULL,
> - .username = NULL,
> .invalid_users = NULL,
> .valid_users = NULL,
> .admin_users = NULL,
> @@ -201,7 +200,6 @@ static struct loadparm_service sDefault =
> .oplocks = true,
> .kernel_oplocks = false,
> .level2_oplocks = true,
> - .only_user = false,
> .mangled_names = true,
> .wide_links = false,
> .follow_symlinks = true,
> @@ -1560,7 +1558,6 @@ static bool lp_add_ipc(const char *ipc_name, bool guest_ok)
> }
>
> lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->path, tmpdir());
> - lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->username, "");
> lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->comment, comment);
> lpcfg_string_set(ServicePtrs[i], &ServicePtrs[i]->fstype, "IPC");
> ServicePtrs[i]->max_connections = 0;
> diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
> index 8b165e6..fa56063 100644
> --- a/source3/smbd/share_access.c
> +++ b/source3/smbd/share_access.c
> @@ -183,7 +183,7 @@ bool token_contains_name_in_list(const char *username,
> /*
> * Check whether the user described by "token" has access to share snum.
> *
> - * This looks at "invalid users", "valid users" and "only user/username"
> + * This looks at "invalid users" and "valid users".
> *
> * Please note that the user name and share names passed in here mainly for
> * the substitution routines that expand the parameter values, the decision
> @@ -217,22 +217,6 @@ bool user_ok_token(const char *username, const char *domain,
> }
> }
>
> - if (lp_only_user(snum)) {
> - const char *list[2];
> - list[0] = lp_username(talloc_tos(), snum);
> - list[1] = NULL;
> - if ((list[0] == NULL) || (*list[0] == '\0')) {
> - DEBUG(0, ("'only user = yes' and no 'username ='\n"));
> - return False;
> - }
> - if (!token_contains_name_in_list(NULL, domain,
> - lp_servicename(talloc_tos(), snum),
> - token, list)) {
> - DEBUG(10, ("%s != 'username'\n", username));
> - return False;
> - }
> - }
> -
> DEBUG(10, ("user_ok_token: share %s is ok for unix user %s\n",
> lp_servicename(talloc_tos(), snum), username));
>
> @@ -243,7 +227,7 @@ bool user_ok_token(const char *username, const char *domain,
> * Check whether the user described by "token" is restricted to read-only
> * access on share snum.
> *
> - * This looks at "invalid users", "valid users" and "only user/username"
> + * This looks at "read list", "write list" and "read only".
> *
> * Please note that the user name and share names passed in here mainly for
> * the substitution routines that expand the parameter values, the decision
> --
> 2.5.5
>
>
> From 438446810cd7ed966fac38b3f19f153c5e141c03 Mon Sep 17 00:00:00 2001
> From: Uri Simchoni <uri at samba.org>
> Date: Wed, 6 Apr 2016 07:54:19 +0300
> Subject: [PATCH 3/3] WHATSNEW: Document "only user" removal
>
> Signed-off-by: Uri Simchoni <uri at samba.org>
> ---
> WHATSNEW.txt | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/WHATSNEW.txt b/WHATSNEW.txt
> index ae4f4c0..f0c5f77 100644
> --- a/WHATSNEW.txt
> +++ b/WHATSNEW.txt
> @@ -21,12 +21,18 @@ NEW FEATURES/CHANGES
> REMOVED FEATURES
> ================
>
> +only user and username parameters
> +---------------------------------
> +These two parameters have long been deprecated and superseded by
> +"valid users" and "invalid users".
> +
> smb.conf changes
> ----------------
>
> Parameter Name Description Default
> -------------- ----------- -------
> -
> + only user Removed
> + username Removed
>
> KNOWN ISSUES
> ============
> --
> 2.5.5
>
More information about the samba-technical
mailing list