diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-06-03 10:02:39 +1000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2013-06-11 08:35:21 -0400 |
commit | 26279a969879bfbd943dfda03c511ed7e14057ba (patch) | |
tree | d8510cc1e4d9bec8b036421e514b401b56a018c9 | |
parent | 3fba9ba7ea85e33faac2718d2463c5d0cd2d85f4 (diff) | |
download | samba-26279a969879bfbd943dfda03c511ed7e14057ba.tar.gz samba-26279a969879bfbd943dfda03c511ed7e14057ba.tar.bz2 samba-26279a969879bfbd943dfda03c511ed7e14057ba.zip |
auth: Remove "password level"
We now only lowercase the password, we do not attempt to find another case
combination that the password might be in.
This option is already depricated, so it is now time to remove it.
Andrew Bartlett
Reviewed-by: Simo Sorce <idra@samba.org>
-rw-r--r-- | docs-xml/smbdotconf/security/passwordlevel.xml | 48 | ||||
-rw-r--r-- | lib/param/loadparm.c | 1 | ||||
-rw-r--r-- | lib/param/param_functions.c | 1 | ||||
-rw-r--r-- | lib/param/param_table.c | 9 | ||||
-rw-r--r-- | source3/auth/pass_check.c | 79 | ||||
-rw-r--r-- | source3/param/loadparm.c | 1 |
6 files changed, 0 insertions, 139 deletions
diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml deleted file mode 100644 index eee838f65c..0000000000 --- a/docs-xml/smbdotconf/security/passwordlevel.xml +++ /dev/null @@ -1,48 +0,0 @@ -<samba:parameter name="password level" - context="G" - type="integer" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>Some client/server combinations have difficulty - with mixed-case passwords. One offending client is Windows for - Workgroups, which for some reason forces passwords to upper - case when using the LANMAN1 protocol, but leaves them alone when - using COREPLUS! Another problem child is the Windows 95/98 - family of operating systems. These clients upper case clear - text passwords even when NT LM 0.12 selected by the protocol - negotiation request/response.</para> - - <para>This deprecated parameter defines the maximum number of characters - that may be upper case in passwords.</para> - - <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> - password level</parameter> is set to 1, the following combinations - would be tried if "FRED" failed:</para> - - <para>"Fred", "fred", "fRed", "frEd","freD"</para> - - <para>If <parameter moreinfo="none">password level</parameter> was set to 2, - the following combinations would also be tried: </para> - - <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> - - <para>And so on.</para> - - <para>The higher value this parameter is set to the more likely - it is that a mixed case password will be matched against a single - case password. However, you should be aware that use of this - parameter reduces security and increases the time taken to - process a new connection.</para> - - <para>A value of zero will cause only two attempts to be - made - the password as is and the password in all-lower case.</para> - - <para>This parameter is used only when using plain-text passwords. It is - not at all used when encrypted passwords as in use (that is the default - since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para> -</description> - -<value type="default">0</value> -<value type="example">4</value> -</samba:parameter> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 25997d33ee..310f95a3c5 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2144,7 +2144,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288"); lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true"); - lpcfg_do_global_parameter(lp_ctx, "password level", "0"); lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True"); lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE"); lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1"); diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c index 6fc7801b45..fed2e95bf7 100644 --- a/lib/param/param_functions.c +++ b/lib/param/param_functions.c @@ -320,7 +320,6 @@ FN_GLOBAL_INTEGER(open_files_db_hash_size, open_files_db_hash_size) FN_GLOBAL_INTEGER(oplock_break_wait_time, oplock_break_wait_time) FN_GLOBAL_INTEGER(os_level, os_level) FN_GLOBAL_INTEGER(passwd_chat_timeout, iPasswdChatTimeout) -FN_GLOBAL_INTEGER(passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(printcap_cache_time, PrintcapCacheTime) FN_GLOBAL_INTEGER(restrict_anonymous, restrict_anonymous) FN_GLOBAL_INTEGER(_security, security) diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 7ff9d0cbcc..1b1497cc64 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -661,15 +661,6 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { - .label = "password level", - .type = P_INTEGER, - .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(pwordlevel), - .special = NULL, - .enum_list = NULL, - .flags = FLAG_ADVANCED | FLAG_DEPRECATED, - }, - { .label = "username level", .type = P_INTEGER, .p_class = P_GLOBAL, diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index f2d1fc241b..21694b3d55 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -494,68 +494,6 @@ static char *osf1_bigcrypt(char *password, char *salt1) /**************************************************************************** -apply a function to upper/lower case combinations -of a string and return true if one of them returns true. -try all combinations with N uppercase letters. -offset is the first char to try and change (start with 0) -it assumes the string starts lowercased -****************************************************************************/ -static NTSTATUS string_combinations2(char *s, int offset, - NTSTATUS (*fn)(const char *s, - const void *private_data), - int N, const void *private_data) -{ - int len = strlen(s); - int i; - NTSTATUS nt_status; - -#ifdef PASSWORD_LENGTH - len = MIN(len, PASSWORD_LENGTH); -#endif - - if (N <= 0 || offset >= len) - return (fn(s, private_data)); - - for (i = offset; i < (len - (N - 1)); i++) { - char c = s[i]; - if (!islower_m(c)) - continue; - s[i] = toupper_m(c); - nt_status = string_combinations2(s, i + 1, fn, N - 1, - private_data); - if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { - return nt_status; - } - s[i] = c; - } - return (NT_STATUS_WRONG_PASSWORD); -} - -/**************************************************************************** -apply a function to upper/lower case combinations -of a string and return true if one of them returns true. -try all combinations with up to N uppercase letters. -offset is the first char to try and change (start with 0) -it assumes the string starts lowercased -****************************************************************************/ -static NTSTATUS string_combinations(char *s, - NTSTATUS (*fn)(const char *s, - const void *private_data), - int N, const void *private_data) -{ - int n; - NTSTATUS nt_status; - for (n = 1; n <= N; n++) { - nt_status = string_combinations2(s, 0, fn, n, private_data); - if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { - return nt_status; - } - } - return NT_STATUS_WRONG_PASSWORD; -} - - -/**************************************************************************** core of password checking routine ****************************************************************************/ static NTSTATUS password_check(const char *password, const void *private_data) @@ -673,7 +611,6 @@ NTSTATUS pass_check(const struct passwd *pass, bool run_cracker) { char *pass2 = NULL; - int level = lp_passwordlevel(); NTSTATUS nt_status; @@ -876,21 +813,5 @@ NTSTATUS pass_check(const struct passwd *pass, } } - /* give up? */ - if (level < 1) { - return NT_STATUS_WRONG_PASSWORD; - } - - /* last chance - all combinations of up to level chars upper! */ - if (!strlower_m(pass2)) { - return NT_STATUS_INVALID_PARAMETER; - } - - nt_status = string_combinations(pass2, password_check, level, - (const void *)rhost); - if (NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - return NT_STATUS_WRONG_PASSWORD; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b9d316b98e..fa2f9b66e4 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -819,7 +819,6 @@ static void init_globals(bool reinit_globals) Globals.lpqcachetime = 30; /* changed to handle large print servers better -- jerry */ Globals.bDisableSpoolss = false; Globals.iMaxSmbdProcesses = 0;/* no limit specified */ - Globals.pwordlevel = 0; Globals.unamelevel = 0; Globals.deadtime = 0; Globals.getwd_cache = true; |