summaryrefslogtreecommitdiff
path: root/source4/param
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2012-02-03 18:03:10 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-03-04 23:33:05 +0100
commitd7bb961859a3501aec4d28842bfffb6190d19a73 (patch)
treee472b543e1e88914fbcf7bf68a3e431ff7314afd /source4/param
parentacfa107ec64ceb6bf3a28df14585cfb0ccc79f41 (diff)
downloadsamba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.gz
samba-d7bb961859a3501aec4d28842bfffb6190d19a73.tar.bz2
samba-d7bb961859a3501aec4d28842bfffb6190d19a73.zip
s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
Diffstat (limited to 'source4/param')
-rw-r--r--source4/param/tests/loadparm.c10
1 files changed, 0 insertions, 10 deletions
diff --git a/source4/param/tests/loadparm.c b/source4/param/tests/loadparm.c
index 5f27439912..a8a6d78866 100644
--- a/source4/param/tests/loadparm.c
+++ b/source4/param/tests/loadparm.c
@@ -237,15 +237,6 @@ static bool test_server_role_security_domain(struct torture_context *tctx)
return true;
}
-static bool test_server_role_security_share(struct torture_context *tctx)
-{
- struct loadparm_context *lp_ctx = loadparm_init(tctx);
- torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=share"), "lpcfg_set_option failed");
- torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be STANDALONE");
- torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_SHARE, "security should be share");
- return true;
-}
-
static bool test_server_role_security_server(struct torture_context *tctx)
{
struct loadparm_context *lp_ctx = loadparm_init(tctx);
@@ -282,7 +273,6 @@ struct torture_suite *torture_local_loadparm(TALLOC_CTX *mem_ctx)
torture_suite_add_simple_test(suite, "test_server_role_dc_domain_logons_and_not_master", test_server_role_dc_domain_logons_and_not_master);
torture_suite_add_simple_test(suite, "test_server_role_security_ads", test_server_role_security_ads);
torture_suite_add_simple_test(suite, "test_server_role_security_domain", test_server_role_security_domain);
- torture_suite_add_simple_test(suite, "test_server_role_security_share", test_server_role_security_share);
torture_suite_add_simple_test(suite, "test_server_role_security_server", test_server_role_security_server);
return suite;