[Samba] PROPOSAL: Remove SWAT in Samba 4.1
shop at open-t.co.uk
Wed Feb 20 01:29:19 MST 2013
On 20/02/13 03:24, Gregory Sloop wrote:
> DS> On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
>>> As most of you would have noticed, we have now had 3 CVE-nominated
>>> security issues for SWAT in the past couple of years.
>>> Therefore, it was suggested on a private list that we just drop SWAT. I
>>> want to start a public discussion on that point, prompted by
>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
>>> why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
>>> SWAT in the first place.
>>> Andrew Bartlett
> DS> I have yet to make the jump to Samba4, so I have not seen the version of
> DS> SWAT designed for it.
> DS> For me, the primary benefit of SWAT in Samba3 was the ability to use the
> DS> help link for any parameter to see what that parameter did, what the
> DS> default was, and what its proper syntax was. For reference, I ran "man
> DS> smb.conf". Viewing full screen, I pressed the "Page Down" key 34 times
> DS> and was still in the 1st third of the alphabetical listing of
> DS> parameters. It's no small wonder that I never used "man smb.conf" to
> DS> configure Samba. SWAT was my friend.
> DS> So, if Samba4 has anywhere near the number of parameters as Samba3, I
> DS> would be greatly disappointed to see SWAT go away entirely. An html
> DS> version of the samba-doc package that contained all parameters with
> DS> links to their definitions/descriptions would be a welcome and suitable
> DS> replacement.
> DS> Thanks,
> DS> Dale
> I'm working through smb.conf options now, and I see that the official
> Samba docs for the smb.conf file are v3 only.
> I've taken the liberty of cranking the smb.conf man file to html and
> I've added a link in the wiki to it.
> [I can't post full html to the Wiki and editing the smb.conf html
> conversion to "wiki-eese" will be way too time consuming and
> cumbersome. So, I've simply put it on my own web-server and linked to
> it. My apologies if this violates some commonly accepted protocol, but
> I needed it as much as anyone. I'm glad to send the file to whomever
> needs it and once it's up at samba.org, change the link to point
> However, for anyone looking for a web version of the smb.conf for
> 4.0.3 - see this wiki page.
Just curious what is the source of the smb.conf manual above. The reason
I'm asking is that I just found out for example that "map to guest" is
not working yet in Samba 4 (see my other thread on this list). So I'm
just wondering what other features which used to work in Samba 3 are not
implemented in Samba 4 yet (or might never get implemented). Thus if the
Samba 4 smb.conf manual page lists them - wouldn't that cause more
confusion as people will expect them to work? Is there some way of
finding out which features are working already - and maybe adding some
notes next to the others to warn users that they are not available yet?
Also, the page above keeps on mentioning smbd - I was under the
impression that the Samba 4 binary is just "samba" - although maybe I am
getting mixed up about this.
More information about the samba