From d7bb961859a3501aec4d28842bfffb6190d19a73 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 3 Feb 2012 18:03:10 +1100
Subject: s3-auth: Remove security=share (depricated since 3.6).

This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
---
 source4/param/tests/loadparm.c | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'source4/param')

diff --git a/source4/param/tests/loadparm.c b/source4/param/tests/loadparm.c
index 5f27439912..a8a6d78866 100644
--- a/source4/param/tests/loadparm.c
+++ b/source4/param/tests/loadparm.c
@@ -237,15 +237,6 @@ static bool test_server_role_security_domain(struct torture_context *tctx)
 	return true;
 }
 
-static bool test_server_role_security_share(struct torture_context *tctx)
-{
-	struct loadparm_context *lp_ctx = loadparm_init(tctx);
-	torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=share"), "lpcfg_set_option failed");
-	torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be STANDALONE");
-	torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_SHARE, "security should be share");
-	return true;
-}
-
 static bool test_server_role_security_server(struct torture_context *tctx)
 {
 	struct loadparm_context *lp_ctx = loadparm_init(tctx);
@@ -282,7 +273,6 @@ struct torture_suite *torture_local_loadparm(TALLOC_CTX *mem_ctx)
 	torture_suite_add_simple_test(suite, "test_server_role_dc_domain_logons_and_not_master", test_server_role_dc_domain_logons_and_not_master);
 	torture_suite_add_simple_test(suite, "test_server_role_security_ads", test_server_role_security_ads);
 	torture_suite_add_simple_test(suite, "test_server_role_security_domain", test_server_role_security_domain);
-	torture_suite_add_simple_test(suite, "test_server_role_security_share", test_server_role_security_share);
 	torture_suite_add_simple_test(suite, "test_server_role_security_server", test_server_role_security_server);
 
 	return suite;
-- 
cgit