From d7bb961859a3501aec4d28842bfffb6190d19a73 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 3 Feb 2012 18:03:10 +1100
Subject: s3-auth: Remove security=share (depricated since 3.6).

This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
---
 source3/smbd/process.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

(limited to 'source3/smbd/process.c')

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 6ffc06700f..6c927554f1 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1364,8 +1364,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
 	flags = smb_messages[type].flags;
 
 	/* In share mode security we must ignore the vuid. */
-	session_tag = (lp_security() == SEC_SHARE)
-		? UID_FIELD_INVALID : req->vuid;
+	session_tag = req->vuid;
 	conn = req->conn;
 
 	DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type),
@@ -3257,10 +3256,6 @@ void smbd_process(struct tevent_context *ev_ctx,
 	sconn->smb1.sessions.done_sesssetup = false;
 	sconn->smb1.sessions.max_send = BUFFER_SIZE;
 	sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID;
-	/* users from session setup */
-	sconn->smb1.sessions.session_userlist = NULL;
-	/* workgroup from session setup. */
-	sconn->smb1.sessions.session_workgroup = NULL;
 	/* this holds info on user ids that are already validated for this VC */
 	sconn->smb1.sessions.validated_users = NULL;
 	sconn->smb1.sessions.next_vuid = VUID_OFFSET;
-- 
cgit