diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-02-03 18:03:10 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-04 23:33:05 +0100 |
commit | d7bb961859a3501aec4d28842bfffb6190d19a73 (patch) | |
tree | e472b543e1e88914fbcf7bf68a3e431ff7314afd /lib/param | |
parent | acfa107ec64ceb6bf3a28df14585cfb0ccc79f41 (diff) | |
download | samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.gz samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.bz2 samba-d7bb961859a3501aec4d28842bfffb6190d19a73.zip |
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'lib/param')
-rw-r--r-- | lib/param/loadparm_server_role.c | 7 | ||||
-rw-r--r-- | lib/param/param_enums.c | 1 |
2 files changed, 1 insertions, 7 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 36551593a8..4ba54b9131 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -73,11 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do role = ROLE_STANDALONE; switch (security) { - case SEC_SHARE: - if (domain_logons) { - DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); - } - break; case SEC_SERVER: if (domain_logons) { DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); @@ -162,7 +157,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) valid = true; break; case ROLE_STANDALONE: - if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) { + if (security == SEC_SERVER || security == SEC_USER) { valid = true; } break; diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c index 606520828c..42839b41a4 100644 --- a/lib/param/param_enums.c +++ b/lib/param/param_enums.c @@ -44,7 +44,6 @@ static const struct enum_list enum_protocol[] = { static const struct enum_list enum_security[] = { {SEC_AUTO, "AUTO"}, - {SEC_SHARE, "SHARE"}, {SEC_USER, "USER"}, {SEC_SERVER, "SERVER"}, {SEC_DOMAIN, "DOMAIN"}, |