The Samba-Bugzilla – Attachment 6470 Details for
Bug 8151
deprecate security parameters for 3.6
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Depricate a number of security parameters
0003-s3-param-Deprecate-a-number-of-security-parameters-f.patch (text/plain), 17.06 KB, created by
Andrew Bartlett
on 2011-05-23 02:17:50 UTC
(
hide
)
Description:
Depricate a number of security parameters
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2011-05-23 02:17:50 UTC
Size:
17.06 KB
patch
obsolete
>From e79bc99868efb526fe681892d96df8de03b6c9f9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 13 May 2011 17:55:41 +0200 >Subject: [PATCH 3/4] s3-param Deprecate a number of security parameters for > 3.6 > >This follows up on the agreement on the samba-technical list in Jan >2011 to deprecate these options, and to possibly remove these in the >4.0 release after user feedback. > >Andrew Bartlett > >Autobuild-User: Andrew Bartlett <abartlet@samba.org> >Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104 >--- > docs-xml/smbdotconf/logon/enableprivileges.xml | 2 +- > docs-xml/smbdotconf/protocol/usespnego.xml | 2 +- > docs-xml/smbdotconf/security/passwordlevel.xml | 2 +- > docs-xml/smbdotconf/security/security.xml | 142 +++++++++++------------- > docs-xml/smbdotconf/security/username.xml | 2 +- > source3/param/loadparm.c | 16 ++- > 6 files changed, 81 insertions(+), 85 deletions(-) > >diff --git a/docs-xml/smbdotconf/logon/enableprivileges.xml b/docs-xml/smbdotconf/logon/enableprivileges.xml >index 3e958e0..0fbc504 100644 >--- a/docs-xml/smbdotconf/logon/enableprivileges.xml >+++ b/docs-xml/smbdotconf/logon/enableprivileges.xml >@@ -5,7 +5,7 @@ > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> > <description> > <para> >- This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either >+ This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either > <command>net rpc rights</command> or one of the Windows user and group manager tools. This parameter is > enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to > assign privileges to users or groups which can then result in certain smbd operations running as root that >diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml >index 8fb559c..e16c7ce 100644 >--- a/docs-xml/smbdotconf/protocol/usespnego.xml >+++ b/docs-xml/smbdotconf/protocol/usespnego.xml >@@ -4,7 +4,7 @@ > developer="1" > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> > <description> >- <para>This variable controls controls whether samba will try >+ <para>This deprecated variable controls controls whether samba will try > to use Simple and Protected NEGOciation (as specified by rfc2478) with > WindowsXP and Windows2000 clients to agree upon an authentication mechanism. > </para> >diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml >index 1da11e4..eee838f 100644 >--- a/docs-xml/smbdotconf/security/passwordlevel.xml >+++ b/docs-xml/smbdotconf/security/passwordlevel.xml >@@ -13,7 +13,7 @@ > text passwords even when NT LM 0.12 selected by the protocol > negotiation request/response.</para> > >- <para>This parameter defines the maximum number of characters >+ <para>This deprecated parameter defines the maximum number of characters > that may be upper case in passwords.</para> > > <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> >diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml >index 18b9f6c..55e147e 100644 >--- a/docs-xml/smbdotconf/security/security.xml >+++ b/docs-xml/smbdotconf/security/security.xml >@@ -22,32 +22,18 @@ > the most common setting needed when talking to Windows 98 and > Windows NT.</para> > >- <para>The alternatives are <command moreinfo="none">security = share</command>, >- <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain >- </command>.</para> >+ <para>The alternatives are >+ <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain >+ </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para> > > <para>In versions of Samba prior to 2.0.0, the default was > <command moreinfo="none">security = share</command> mainly because that was > the only option at one stage.</para> > >- <para>There is a bug in WfWg that has relevance to this >- setting. When in user or server level security a WfWg client >- will totally ignore the username and password you type in the "connect >- drive" dialog box. This makes it very difficult (if not impossible) >- to connect to a Samba service as anyone except the user that >- you are logged into WfWg as.</para> >- >- <para>If your PCs use usernames that are the same as their >- usernames on the UNIX machine then you will want to use >- <command moreinfo="none">security = user</command>. If you mostly use usernames >- that don't exist on the UNIX box then use <command moreinfo="none">security = >- share</command>.</para> >- >- <para>You should also use <command moreinfo="none">security = share</command> if you >+ <para>You should use <command moreinfo="none">security = user</command> and >+ <smbconfoption name="map to guest"/> if you > want to mainly setup shares without a password (guest shares). This >- is commonly used for a shared printer server. It is more difficult >- to setup guest shares with <command moreinfo="none">security = user</command>, see >- the <smbconfoption name="map to guest"/> parameter for details.</para> >+ is commonly used for a shared printer server. </para> > > <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> > hybrid mode</emphasis> where it is offers both user and share >@@ -56,7 +42,62 @@ > <para>The different settings will now be explained.</para> > > >+ <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para> >+ >+ <para>This is the default security setting in Samba. >+ With user-level security a client must first "log-on" with a >+ valid username and password (which can be mapped using the <smbconfoption name="username map"/> >+ parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also >+ be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption >+ name="guest only"/> if set are then applied and >+ may change the UNIX user to use on this connection, but only after >+ the user has been successfully authenticated.</para> >+ >+ <para><emphasis>Note</emphasis> that the name of the resource being >+ requested is <emphasis>not</emphasis> sent to the server until after >+ the server has successfully authenticated the client. This is why >+ guest shares don't work in user level security without allowing >+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>. >+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> >+ >+ <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> >+ >+ <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para> >+ >+ <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> >+ <manvolnum>8</manvolnum></citerefentry> has been used to add this >+ machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/> >+ parameter to be set to <constant>yes</constant>. In this >+ mode Samba will try to validate the username/password by passing >+ it to a Windows NT Primary or Backup Domain Controller, in exactly >+ the same way that a Windows NT Server would do.</para> >+ >+ <para><emphasis>Note</emphasis> that a valid UNIX user must still >+ exist as well as the account on the Domain Controller to allow >+ Samba to have a valid UNIX account to map file access to.</para> >+ >+ <para><emphasis>Note</emphasis> that from the client's point >+ of view <command moreinfo="none">security = domain</command> is the same >+ as <command moreinfo="none">security = user</command>. It only >+ affects how the server deals with the authentication, >+ it does not in any way affect what the client sees.</para> >+ >+ <para><emphasis>Note</emphasis> that the name of the resource being >+ requested is <emphasis>not</emphasis> sent to the server until after >+ the server has successfully authenticated the client. This is why >+ guest shares don't work in user level security without allowing >+ the server to automatically map unknown users into the <smbconfoption name="guest account"/>. >+ See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> >+ >+ <para>See also the section <link linkend="VALIDATIONSECT"> >+ NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> >+ >+ <para>See also the <smbconfoption name="password server"/> parameter and >+ the <smbconfoption name="encrypted passwords"/> parameter.</para> >+ > <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> >+ >+ <note><para>This option is deprecated as it is incompatible with SMB2</para></note> > > <para>When clients connect to a share level security server, they > need not log onto the server with a valid username and password before >@@ -135,63 +176,10 @@ > <para>See also the section <link linkend="VALIDATIONSECT"> > NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> > >- <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para> >- >- <para>This is the default security setting in Samba 3.0. >- With user-level security a client must first "log-on" with a >- valid username and password (which can be mapped using the <smbconfoption name="username map"/> >- parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also >- be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption >- name="guest only"/> if set are then applied and >- may change the UNIX user to use on this connection, but only after >- the user has been successfully authenticated.</para> >- >- <para><emphasis>Note</emphasis> that the name of the resource being >- requested is <emphasis>not</emphasis> sent to the server until after >- the server has successfully authenticated the client. This is why >- guest shares don't work in user level security without allowing >- the server to automatically map unknown users into the <smbconfoption name="guest account"/>. >- See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> >- >- <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> >- >- <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para> >- >- <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> >- <manvolnum>8</manvolnum></citerefentry> has been used to add this >- machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/> >- parameter to be set to <constant>yes</constant>. In this >- mode Samba will try to validate the username/password by passing >- it to a Windows NT Primary or Backup Domain Controller, in exactly >- the same way that a Windows NT Server would do.</para> >- >- <para><emphasis>Note</emphasis> that a valid UNIX user must still >- exist as well as the account on the Domain Controller to allow >- Samba to have a valid UNIX account to map file access to.</para> >- >- <para><emphasis>Note</emphasis> that from the client's point >- of view <command moreinfo="none">security = domain</command> is the same >- as <command moreinfo="none">security = user</command>. It only >- affects how the server deals with the authentication, >- it does not in any way affect what the client sees.</para> >- >- <para><emphasis>Note</emphasis> that the name of the resource being >- requested is <emphasis>not</emphasis> sent to the server until after >- the server has successfully authenticated the client. This is why >- guest shares don't work in user level security without allowing >- the server to automatically map unknown users into the <smbconfoption name="guest account"/>. >- See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> >- >- <para>See also the section <link linkend="VALIDATIONSECT"> >- NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> >- >- <para>See also the <smbconfoption name="password server"/> parameter and >- the <smbconfoption name="encrypted passwords"/> parameter.</para> >- > <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para> > > <para> >- In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an >+ In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an > NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the > <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote > server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot >@@ -203,10 +191,10 @@ > <note><para>This mode of operation has > significant pitfalls since it is more vulnerable to > man-in-the-middle attacks and server impersonation. In particular, >- this mode of operation can cause significant resource consuption on >+ this mode of operation can cause significant resource consumption on > the PDC, as it must maintain an active connection for the duration > of the user's session. Furthermore, if this connection is lost, >- there is no way to reestablish it, and futher authentications to the >+ there is no way to reestablish it, and further authentications to the > Samba server may fail (from a single client, till it disconnects). > </para></note> > >@@ -219,6 +207,8 @@ > only affects how the server deals with the authentication, it does > not in any way affect what the client sees.</para></note> > >+ <note><para>This option is deprecated, and may be removed in future</para></note> >+ > <para><emphasis>Note</emphasis> that the name of the resource being > requested is <emphasis>not</emphasis> sent to the server until after > the server has successfully authenticated the client. This is why >diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml >index 3a45d4d..19d8a2e 100644 >--- a/docs-xml/smbdotconf/security/username.xml >+++ b/docs-xml/smbdotconf/security/username.xml >@@ -9,7 +9,7 @@ > list, in which case the supplied password will be tested against > each username in turn (left to right).</para> > >- <para>The <parameter moreinfo="none">username</parameter> line is needed only when >+ <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when > the PC is unable to supply its own username. This is the case > for the COREPLUS protocol or where your users have different WfWg > usernames to UNIX usernames. In both these cases you may also be >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index 73406c1..fc19656 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -1160,7 +1160,7 @@ static struct parm_struct parm_table[] = { > .ptr = &Globals.bNullPasswords, > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > { > .label = "obey pam restrictions", >@@ -1259,7 +1259,7 @@ static struct parm_struct parm_table[] = { > .ptr = &Globals.bEnablePrivileges, > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > > { >@@ -1332,7 +1332,7 @@ static struct parm_struct parm_table[] = { > .ptr = &Globals.pwordlevel, > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > { > .label = "username level", >@@ -1431,7 +1431,7 @@ static struct parm_struct parm_table[] = { > .ptr = &sDefault.szUsername, > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, >+ .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED, > }, > { > .label = "user", >@@ -2294,7 +2294,7 @@ static struct parm_struct parm_table[] = { > .ptr = &Globals.bUseSpnego, > .special = NULL, > .enum_list = NULL, >- .flags = FLAG_ADVANCED, >+ .flags = FLAG_ADVANCED | FLAG_DEPRECATED, > }, > { > .label = "client signing", >@@ -9580,6 +9580,12 @@ static bool lp_load_ex(const char *pszFname, > set_default_server_announce_type(); > set_allowed_client_auth(); > >+ if (lp_security() == SEC_SHARE) { >+ DEBUG(1, ("WARNING: The security=share option is deprecated\n")); >+ } else if (lp_security() == SEC_SERVER) { >+ DEBUG(1, ("WARNING: The security=server option is deprecated\n")); >+ } >+ > bLoaded = True; > > /* Now we check bWINSsupport and set szWINSserver to 127.0.0.1 */ >-- >1.7.4.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6470">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8151
:
6468
|
6469
|
6470
|
6471
|
6473
|
6480