mirror of
https://github.com/samba-team/samba.git
synced 2025-01-24 02:04:21 +03:00
d7bb961859
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
71 lines
2.2 KiB
C
71 lines
2.2 KiB
C
/*
|
|
Unix SMB/CIFS implementation.
|
|
|
|
domain roles
|
|
|
|
Copyright (C) Andrew Tridgell 2011
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef _LIBDS_ROLES_H_
|
|
#define _LIBDS_ROLES_H_
|
|
|
|
/* server roles. If you add new roles, please keep ensure that the
|
|
* existing role values match samr_Role from samr.idl
|
|
*/
|
|
enum server_role {
|
|
ROLE_STANDALONE = 0,
|
|
ROLE_DOMAIN_MEMBER = 1,
|
|
ROLE_DOMAIN_BDC = 2,
|
|
ROLE_DOMAIN_PDC = 3,
|
|
|
|
/* To determine the role automatically, this is not a valid role */
|
|
ROLE_AUTO = 100
|
|
};
|
|
|
|
/* keep compatibility with the s4 'ROLE_DOMAIN_CONTROLLER' by mapping
|
|
* it to ROLE_DOMAIN_BDC. The PDC/BDC split is really historical from
|
|
* NT4 domains which were not multi-master, but even in AD there is
|
|
* only one machine that has the PDC FSMO role in a domain.
|
|
*/
|
|
#define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC
|
|
|
|
/* security levels for 'security =' option
|
|
|
|
--------------
|
|
/ \
|
|
/ REST \
|
|
/ IN \
|
|
/ PEACE \
|
|
/ \
|
|
| SEC_SHARE |
|
|
| security=share |
|
|
| |
|
|
| |
|
|
| 5 March |
|
|
| |
|
|
| 2012 |
|
|
*| * * * | *
|
|
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
|
|
*/
|
|
enum security_types {SEC_AUTO = 0,
|
|
SEC_USER = 2,
|
|
SEC_SERVER = 3,
|
|
SEC_DOMAIN = 4,
|
|
SEC_ADS = 5};
|
|
|
|
#endif /* _LIBDS_ROLES_H_ */
|