diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-02-03 18:03:10 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-04 23:33:05 +0100 |
| commit | d7bb961859a3501aec4d28842bfffb6190d19a73 (patch) | |
| tree | e472b543e1e88914fbcf7bf68a3e431ff7314afd /source3/param | |
| parent | acfa107ec64ceb6bf3a28df14585cfb0ccc79f41 (diff) | |
| download | samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.gz samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.bz2 samba-d7bb961859a3501aec4d28842bfffb6190d19a73.zip | |
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'source3/param')
| -rw-r--r-- | source3/param/loadparm.c | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 382a273f38..453c8fd875 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5286,18 +5286,7 @@ FN_GLOBAL_INTEGER(lp_passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(lp_usernamelevel, unamelevel) FN_GLOBAL_INTEGER(lp_deadtime, deadtime) FN_GLOBAL_BOOL(lp_getwd_cache, getwd_cache) -static FN_GLOBAL_INTEGER(_lp_srv_maxprotocol, srv_maxprotocol) -int lp_srv_maxprotocol(void) -{ - int ret = _lp_srv_maxprotocol(); - if ((ret >= PROTOCOL_SMB2_02) && (lp_security() == SEC_SHARE)) { - DEBUG(2,("WARNING!!: \"security = share\" is incompatible " - "with the SMB2 protocol. Resetting to SMB1.\n" )); - lp_do_parameter(-1, "server max protocol", "NT1"); - return PROTOCOL_NT1; - } - return ret; -} +FN_GLOBAL_INTEGER(lp_srv_maxprotocol, srv_maxprotocol) FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(lp_security, security) FN_GLOBAL_LIST(lp_auth_methods, AuthMethods) @@ -9050,9 +9039,7 @@ static bool lp_load_ex(const char *pszFname, set_allowed_client_auth(); - if (lp_security() == SEC_SHARE) { - DEBUG(1, ("WARNING: The security=share option is deprecated\n")); - } else if (lp_security() == SEC_SERVER) { + if (lp_security() == SEC_SERVER) { DEBUG(1, ("WARNING: The security=server option is deprecated\n")); } |