s4-smb_server No longer follow the security=share smb.conf directive

By ignoring the value of security= from the smb.conf, we can allow this
to instead set the value of 'server role' in a manner compatible
with the Samba 3.x release stream.

Andrew Bartlett

diff --git a/source4/smb_server/session.c b/source4/smb_server/session.c
index 53193c5312e95136dc1d4e92902244ed2e4ab5ea..3cb657604144fb2c0fb2fdb6b40122ca87192469 100644 (file)
--- a/source4/smb_server/session.c
+++ b/source4/smb_server/session.c
@@ -140,9 +140,6 @@ struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
        struct smbsrv_session *sess = NULL;
        int i;
 
-       /* Ensure no vuid gets registered in share level security. */
-       if (smb_conn->config.security == SEC_SHARE) return NULL;
-
        sess = talloc_zero(mem_ctx, struct smbsrv_session);
        if (!sess) return NULL;
        sess->smb_conn = smb_conn;

diff --git a/source4/smb_server/smb/negprot.c b/source4/smb_server/smb/negprot.c
index 2a31f9fc475e5451804b5d4e25d7c292fb851422..8621666f6a8b50399bae71ce591b055fc0b4add7 100644 (file)
--- a/source4/smb_server/smb/negprot.c
+++ b/source4/smb_server/smb/negprot.c
@@ -125,9 +125,6 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
 
        req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
 
-       if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
-               secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
        if (req->smb_conn->negotiate.encrypted_passwords)
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 
@@ -183,9 +180,6 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
 
        req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
   
-       if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
-               secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
        if (req->smb_conn->negotiate.encrypted_passwords)
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 
@@ -263,7 +257,6 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
           supports it and we can do encrypted passwords */
        
        if (req->smb_conn->negotiate.encrypted_passwords && 
-           (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) &&
            lpcfg_use_spnego(req->smb_conn->lp_ctx) &&
            (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
                negotiate_spnego = true; 
@@ -301,9 +294,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
                capabilities |= CAP_DFS;
        }
        
-       if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) {
-               secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-       }
+       secword |= NEGOTIATE_SECURITY_USER_LEVEL;
 
        if (req->smb_conn->negotiate.encrypted_passwords) {
                secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;

diff --git a/source4/smb_server/smb/receive.c b/source4/smb_server/smb/receive.c
index 04b0917c23788b2fc445f8a6c75dba34a8af245d..8e3bab800065ded80595bccf6a3ea054691418ab 100644 (file)
--- a/source4/smb_server/smb/receive.c
+++ b/source4/smb_server/smb/receive.c
@@ -492,14 +492,7 @@ static void switch_message(int type, struct smbsrv_request *req)
                   hasn't already been initialised (to cope with SMB
                   chaining) */
 
-               /* In share mode security we must ignore the vuid. */
-               if (smb_conn->config.security == SEC_SHARE) {
-                       if (req->tcon) {
-                               req->session = req->tcon->sec_share.session;
-                       }
-               } else {
-                       req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
-               }
+               req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
        }
 
        task_id = server_id_str(NULL, &req->smb_conn->connection->server_id);
@@ -670,7 +663,6 @@ NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct l
 
        smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
 
-       smb_conn->config.security = lpcfg_security(lp_ctx);
        smb_conn->config.nt_status_support = lpcfg_nt_status_support(lp_ctx);
 
        status = smbsrv_init_sessions(smb_conn, UINT16_MAX);

diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c
index 0ebf8f31a10edef8e3a31adb5c6ae696ef5abecc..141fdd88652f0bed14082f0c4972a0f195a9757b 100644 (file)
--- a/source4/smb_server/smb2/receive.c
+++ b/source4/smb_server/smb2/receive.c
@@ -692,7 +692,6 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
 
        smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
 
-       smb_conn->config.security = SEC_USER;
        smb_conn->config.nt_status_support = true;
 
        status = smbsrv_init_sessions(smb_conn, UINT64_MAX);

diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h
index 6fcd9787bb705876fac37983d59afc73744fa40d..ab555445a3371276ae5834c66a87609c1fe77450 100644 (file)
--- a/source4/smb_server/smb_server.h
+++ b/source4/smb_server/smb_server.h
@@ -370,7 +370,6 @@ struct smbsrv_connection {
 
        /* configuration parameters */
        struct {
-               enum security_types security;
                bool nt_status_support;
        } config;