From 56e760f8f16f41c7879e792b20f53bce11f6e721 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 2 Nov 2011 07:43:43 +1100 Subject: s4-smb_server No longer follow the security=share smb.conf directive By ignoring the value of security= from the smb.conf, we can allow this to instead set the value of 'server role' in a manner compatible with the Samba 3.x release stream. Andrew Bartlett --- source4/smb_server/session.c | 3 --- source4/smb_server/smb/negprot.c | 11 +---------- source4/smb_server/smb/receive.c | 10 +--------- source4/smb_server/smb2/receive.c | 1 - source4/smb_server/smb_server.h | 1 - 5 files changed, 2 insertions(+), 24 deletions(-) (limited to 'source4/smb_server') diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c index 53193c5312..3cb6576041 100644 --- a/source4/smb_server/session.c +++ b/source4/smb_server/session.c @@ -140,9 +140,6 @@ struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn, struct smbsrv_session *sess = NULL; int i; - /* Ensure no vuid gets registered in share level security. */ - if (smb_conn->config.security == SEC_SHARE) return NULL; - sess = talloc_zero(mem_ctx, struct smbsrv_session); if (!sess) return NULL; sess->smb_conn = smb_conn; diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c index 2a31f9fc47..8621666f6a 100644 --- a/source4/smb_server/smb/negprot.c +++ b/source4/smb_server/smb/negprot.c @@ -125,9 +125,6 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice) req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx); - if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - if (req->smb_conn->negotiate.encrypted_passwords) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; @@ -183,9 +180,6 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice) req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx); - if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - if (req->smb_conn->negotiate.encrypted_passwords) secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; @@ -263,7 +257,6 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) supports it and we can do encrypted passwords */ if (req->smb_conn->negotiate.encrypted_passwords && - (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) && lpcfg_use_spnego(req->smb_conn->lp_ctx) && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = true; @@ -301,9 +294,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice) capabilities |= CAP_DFS; } - if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) { - secword |= NEGOTIATE_SECURITY_USER_LEVEL; - } + secword |= NEGOTIATE_SECURITY_USER_LEVEL; if (req->smb_conn->negotiate.encrypted_passwords) { secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE; diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c index 04b0917c23..8e3bab8000 100644 --- a/source4/smb_server/smb/receive.c +++ b/source4/smb_server/smb/receive.c @@ -492,14 +492,7 @@ static void switch_message(int type, struct smbsrv_request *req) hasn't already been initialised (to cope with SMB chaining) */ - /* In share mode security we must ignore the vuid. */ - if (smb_conn->config.security == SEC_SHARE) { - if (req->tcon) { - req->session = req->tcon->sec_share.session; - } - } else { - req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time); - } + req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time); } task_id = server_id_str(NULL, &req->smb_conn->connection->server_id); @@ -670,7 +663,6 @@ NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct l smb_conn->negotiate.zone_offset = get_time_zone(time(NULL)); - smb_conn->config.security = lpcfg_security(lp_ctx); smb_conn->config.nt_status_support = lpcfg_nt_status_support(lp_ctx); status = smbsrv_init_sessions(smb_conn, UINT16_MAX); diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 0ebf8f31a1..141fdd8865 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -692,7 +692,6 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn) smb_conn->negotiate.zone_offset = get_time_zone(time(NULL)); - smb_conn->config.security = SEC_USER; smb_conn->config.nt_status_support = true; status = smbsrv_init_sessions(smb_conn, UINT64_MAX); diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index 6fcd9787bb..ab555445a3 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -370,7 +370,6 @@ struct smbsrv_connection { /* configuration parameters */ struct { - enum security_types security; bool nt_status_support; } config; -- cgit