[Samba] PROPOSAL: Remove SWAT in Samba 4.1

Sebastian Arcus shop at open-t.co.uk
Wed Feb 20 01:29:19 MST 2013

On 20/02/13 03:24, Gregory Sloop wrote:
> DS> On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
>>> As most of you would have noticed, we have now had 3 CVE-nominated
>>> security issues for SWAT in the past couple of years.
> -SNIP-
>>> Therefore, it was suggested on a private list that we just drop SWAT.  I
>>> want to start a public discussion on that point, prompted by
>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
>>> why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
>>> SWAT in the first place.
>>> Thanks,
>>> Andrew Bartlett
> DS> I have yet to make the jump to Samba4, so I have not seen the version of
> DS> SWAT designed for it.
> DS> For me, the primary benefit of SWAT in Samba3 was the ability to use the
> DS> help link for any parameter to see what that parameter did, what the
> DS> default was, and what its proper syntax was.  For reference, I ran "man
> DS> smb.conf".  Viewing full screen, I pressed the "Page Down" key 34 times
> DS> and was still in the 1st third of the alphabetical listing of
> DS> parameters.  It's no small wonder that I never used "man smb.conf" to
> DS> configure Samba.  SWAT was my friend.
> DS> So, if Samba4 has anywhere near the number of parameters as Samba3, I
> DS> would be greatly disappointed to see SWAT go away entirely.  An html
> DS> version of the samba-doc package that contained all parameters with
> DS> links to their definitions/descriptions would be a welcome and suitable
> DS> replacement.
> DS> Thanks,
> DS> Dale
> I'm working through smb.conf options now, and I see that the official
> Samba docs for the smb.conf file are v3 only.
> I've taken the liberty of cranking the smb.conf man file to html and
> I've added a link in the wiki to it.
> [I can't post full html to the Wiki and editing the smb.conf html
> conversion to "wiki-eese" will be way too time consuming and
> cumbersome. So, I've simply put it on my own web-server and linked to
> it. My apologies if this violates some commonly accepted protocol, but
> I needed it as much as anyone. I'm glad to send the file to whomever
> needs it and once it's up at samba.org, change the link to point
> there.]
> However, for anyone looking for a web version of the smb.conf for
> 4.0.3 - see this wiki page.
> http://wiki.samba.org/index.php/Documentation_Links/samba4-smb.conf
Just curious what is the source of the smb.conf manual above. The reason 
I'm asking is that I just found out for example that "map to guest" is 
not working yet in Samba 4 (see my other thread on this list). So I'm 
just wondering what other features which used to work in Samba 3 are not 
implemented in Samba 4 yet (or might never get implemented). Thus if the 
Samba 4 smb.conf manual page lists them - wouldn't that cause more 
confusion as people will expect them to work? Is there some way of 
finding out which features are working already - and maybe adding some 
notes next to the others to warn users that they are not available yet?

Also, the page above keeps on mentioning smbd - I was under the 
impression that the Samba 4 binary is just "samba" - although maybe I am 
getting mixed up about this.


More information about the samba mailing list