s4-smb_server No longer follow the security=share smb.conf directive

By ignoring the value of security= from the smb.conf, we can allow this
to instead set the value of 'server role' in a manner compatible
with the Samba 3.x release stream.

Andrew Bartlett

source4/smb_server/session.c

@@ -140,9 +140,6 @@ struct smbsrv_session *smbsrv_session_new(struct smbsrv_connection *smb_conn,
 	struct smbsrv_session *sess = NULL;
 	int i;
 
-	/* Ensure no vuid gets registered in share level security. */
-	if (smb_conn->config.security == SEC_SHARE) return NULL;
-
 	sess = talloc_zero(mem_ctx, struct smbsrv_session);
 	if (!sess) return NULL;
 	sess->smb_conn = smb_conn;

source4/smb_server/smb/negprot.c

@@ -125,9 +125,6 @@ static void reply_lanman1(struct smbsrv_request *req, uint16_t choice)
 
 	req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
 
-	if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
-		secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
 	if (req->smb_conn->negotiate.encrypted_passwords)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 
@@ -183,9 +180,6 @@ static void reply_lanman2(struct smbsrv_request *req, uint16_t choice)
 
 	req->smb_conn->negotiate.encrypted_passwords = lpcfg_encrypted_passwords(req->smb_conn->lp_ctx);
   
-	if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE)
-		secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-
 	if (req->smb_conn->negotiate.encrypted_passwords)
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;
 
@@ -263,7 +257,6 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
 	   supports it and we can do encrypted passwords */
 	
 	if (req->smb_conn->negotiate.encrypted_passwords && 
-	    (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) &&
 	    lpcfg_use_spnego(req->smb_conn->lp_ctx) &&
 	    (req->flags2 & FLAGS2_EXTENDED_SECURITY)) {
 		negotiate_spnego = true; 
@@ -301,9 +294,7 @@ static void reply_nt1(struct smbsrv_request *req, uint16_t choice)
 		capabilities |= CAP_DFS;
 	}
 	
-	if (lpcfg_security(req->smb_conn->lp_ctx) != SEC_SHARE) {
-		secword |= NEGOTIATE_SECURITY_USER_LEVEL;
-	}
+	secword |= NEGOTIATE_SECURITY_USER_LEVEL;
 
 	if (req->smb_conn->negotiate.encrypted_passwords) {
 		secword |= NEGOTIATE_SECURITY_CHALLENGE_RESPONSE;

source4/smb_server/smb/receive.c

@@ -492,14 +492,7 @@ static void switch_message(int type, struct smbsrv_request *req)
 		   hasn't already been initialised (to cope with SMB
 		   chaining) */
 
-		/* In share mode security we must ignore the vuid. */
-		if (smb_conn->config.security == SEC_SHARE) {
-			if (req->tcon) {
-				req->session = req->tcon->sec_share.session;
-			}
- 		} else {
-			req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
-		}
+		req->session = smbsrv_session_find(req->smb_conn, SVAL(req->in.hdr,HDR_UID), req->request_time);
 	}
 
 	task_id = server_id_str(NULL, &req->smb_conn->connection->server_id);
@@ -670,7 +663,6 @@ NTSTATUS smbsrv_init_smb_connection(struct smbsrv_connection *smb_conn, struct l
 
 	smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
 
-	smb_conn->config.security = lpcfg_security(lp_ctx);
 	smb_conn->config.nt_status_support = lpcfg_nt_status_support(lp_ctx);
 
 	status = smbsrv_init_sessions(smb_conn, UINT16_MAX);

source4/smb_server/smb2/receive.c

@@ -692,7 +692,6 @@ NTSTATUS smbsrv_init_smb2_connection(struct smbsrv_connection *smb_conn)
 
 	smb_conn->negotiate.zone_offset = get_time_zone(time(NULL));
 
-	smb_conn->config.security = SEC_USER;
 	smb_conn->config.nt_status_support = true;
 
 	status = smbsrv_init_sessions(smb_conn, UINT64_MAX);

source4/smb_server/smb_server.h

@@ -370,7 +370,6 @@ struct smbsrv_connection {
 
 	/* configuration parameters */
 	struct {
-		enum security_types security;
 		bool nt_status_support;
 	} config;