summaryrefslogtreecommitdiff
path: root/lib/param
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-02-03 18:03:10 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-03-04 23:33:05 +0100
commitd7bb961859a3501aec4d28842bfffb6190d19a73 (patch)
treee472b543e1e88914fbcf7bf68a3e431ff7314afd /lib/param
parentacfa107ec64ceb6bf3a28df14585cfb0ccc79f41 (diff)
downloadsamba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.gz
samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.bz2
samba-d7bb961859a3501aec4d28842bfffb6190d19a73.zip
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'lib/param')
-rw-r--r--lib/param/loadparm_server_role.c7
-rw-r--r--lib/param/param_enums.c1
2 files changed, 1 insertions, 7 deletions
diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c
index 36551593a8..4ba54b9131 100644
--- a/lib/param/loadparm_server_role.c
+++ b/lib/param/loadparm_server_role.c
@@ -73,11 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do
role = ROLE_STANDALONE;
switch (security) {
- case SEC_SHARE:
- if (domain_logons) {
- DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n"));
- }
- break;
case SEC_SERVER:
if (domain_logons) {
DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n"));
@@ -162,7 +157,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security)
valid = true;
break;
case ROLE_STANDALONE:
- if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) {
+ if (security == SEC_SERVER || security == SEC_USER) {
valid = true;
}
break;
diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c
index 606520828c..42839b41a4 100644
--- a/lib/param/param_enums.c
+++ b/lib/param/param_enums.c
@@ -44,7 +44,6 @@ static const struct enum_list enum_protocol[] = {
static const struct enum_list enum_security[] = {
{SEC_AUTO, "AUTO"},
- {SEC_SHARE, "SHARE"},
{SEC_USER, "USER"},
{SEC_SERVER, "SERVER"},
{SEC_DOMAIN, "DOMAIN"},