[Samba] PROPOSAL: Remove SWAT in Samba 4.1

Wed Feb 20 03:57:25 MST 2013

On Wed, 2013-02-20 at 08:29 +0000, Sebastian Arcus wrote:
> On 20/02/13 03:24, Gregory Sloop wrote:
> >
> >
> > DS> On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
> >>> As most of you would have noticed, we have now had 3 CVE-nominated
> >>> security issues for SWAT in the past couple of years.
> >>>
> > -SNIP-
> >>>
> >>> Therefore, it was suggested on a private list that we just drop SWAT.  I
> >>> want to start a public discussion on that point, prompted by
> >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
> >>> why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
> >>> SWAT in the first place.
> >>>
> >>> Thanks,
> >>>
> >>> Andrew Bartlett
> >
> > DS> I have yet to make the jump to Samba4, so I have not seen the version of
> > DS> SWAT designed for it.
> >
> > DS> For me, the primary benefit of SWAT in Samba3 was the ability to use the
> > DS> help link for any parameter to see what that parameter did, what the
> > DS> default was, and what its proper syntax was.  For reference, I ran "man
> > DS> smb.conf".  Viewing full screen, I pressed the "Page Down" key 34 times
> > DS> and was still in the 1st third of the alphabetical listing of
> > DS> parameters.  It's no small wonder that I never used "man smb.conf" to
> > DS> configure Samba.  SWAT was my friend.
> >
> > DS> So, if Samba4 has anywhere near the number of parameters as Samba3, I
> > DS> would be greatly disappointed to see SWAT go away entirely.  An html
> > DS> version of the samba-doc package that contained all parameters with
> > DS> links to their definitions/descriptions would be a welcome and suitable
> > DS> replacement.
> >
> > DS> Thanks,
> > DS> Dale
> >
> > I'm working through smb.conf options now, and I see that the official
> > Samba docs for the smb.conf file are v3 only.
> >
> > I've taken the liberty of cranking the smb.conf man file to html and
> > I've added a link in the wiki to it.
> >
> > [I can't post full html to the Wiki and editing the smb.conf html
> > conversion to "wiki-eese" will be way too time consuming and
> > cumbersome. So, I've simply put it on my own web-server and linked to
> > it. My apologies if this violates some commonly accepted protocol, but
> > I needed it as much as anyone. I'm glad to send the file to whomever
> > needs it and once it's up at samba.org, change the link to point
> > there.]
> >
> > However, for anyone looking for a web version of the smb.conf for
> > 4.0.3 - see this wiki page.
> > http://wiki.samba.org/index.php/Documentation_Links/samba4-smb.conf
> >
> Just curious what is the source of the smb.conf manual above. The reason 
> I'm asking is that I just found out for example that "map to guest" is 
> not working yet in Samba 4 (see my other thread on this list). So I'm 
> just wondering what other features which used to work in Samba 3 are not 
> implemented in Samba 4 yet (or might never get implemented). Thus if the 
> Samba 4 smb.conf manual page lists them - wouldn't that cause more 
> confusion as people will expect them to work? Is there some way of 
> finding out which features are working already - and maybe adding some 
> notes next to the others to warn users that they are not available yet?
> 
> Also, the page above keeps on mentioning smbd - I was under the 
> impression that the Samba 4 binary is just "samba" - although maybe I am 
> getting mixed up about this.

In this new operating mode (being an AD DC) some parameters do not have
their expected effect.  

This does not impact on the other operating modes.  

The differences are due to divergence over years of development, and a
failure to fully converge again, and so at this time there is no
comprehensive list. 

Please file bugs as you find these, and we hope to get things hooked up
or exceptions noted in the man page. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org