diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2012-02-03 18:03:10 +1100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2012-03-04 23:33:05 +0100 |
| commit | d7bb961859a3501aec4d28842bfffb6190d19a73 (patch) | |
| tree | e472b543e1e88914fbcf7bf68a3e431ff7314afd /source3/smbd/process.c | |
| parent | acfa107ec64ceb6bf3a28df14585cfb0ccc79f41 (diff) | |
| download | samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.gz samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.bz2 samba-d7bb961859a3501aec4d28842bfffb6190d19a73.zip | |
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'source3/smbd/process.c')
| -rw-r--r-- | source3/smbd/process.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 6ffc06700f..6c927554f1 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1364,8 +1364,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in flags = smb_messages[type].flags; /* In share mode security we must ignore the vuid. */ - session_tag = (lp_security() == SEC_SHARE) - ? UID_FIELD_INVALID : req->vuid; + session_tag = req->vuid; conn = req->conn; DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type), @@ -3257,10 +3256,6 @@ void smbd_process(struct tevent_context *ev_ctx, sconn->smb1.sessions.done_sesssetup = false; sconn->smb1.sessions.max_send = BUFFER_SIZE; sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID; - /* users from session setup */ - sconn->smb1.sessions.session_userlist = NULL; - /* workgroup from session setup. */ - sconn->smb1.sessions.session_workgroup = NULL; /* this holds info on user ids that are already validated for this VC */ sconn->smb1.sessions.validated_users = NULL; sconn->smb1.sessions.next_vuid = VUID_OFFSET; |