revert the cracklib changes until post 3.0.2

(This used to be commit 6202e0fa727a4307f51bf42f5ced401a7c7b8214)

4 files changed, 26 insertions, 134 deletions

diff --git a/source3/configure.in b/source3/configure.in
index 375eed06ab..7a844c337d 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2961,64 +2961,6 @@ if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then
 fi
 fi
 
-
-dictpath="/usr/lib/cracklib_dict"
-
-###############################################
-# test for where we get FaciestCheck from
-AC_MSG_CHECKING(where to use cracklib from (default=$dictpath))
-AC_ARG_WITH(cracklib,
-[  --with-cracklib[=DIR]     Look for cracklib dictionary in this location ],
-[  case "$withval" in
-  yes)
-    AC_MSG_RESULT(${dictpath})
-    ;;
-  no)
-    AC_MSG_RESULT(no)
-      dictpath=""
-    ;;
-  *)
-      dictpath="$withval"
-    AC_MSG_RESULT(${dictpath})
-    ;;
-  esac ],
-  dictpath=""
-  AC_MSG_RESULT(no)
-)
-
-if test x$dictpath != x""; then
-     AC_SEARCH_LIBS(FascistCheck, [crack],
-                    [test "$ac_cv_search_crack" = "none required" || samba_cv_found_crack="yes"
-                    AC_DEFINE(HAVE_CRACK,1,[Whether the system has the FaciestCheck function from cracklib])])
-
-     crack_saved_libs=$LIBS;
-
-     if test x$samba_cv_found_crack=x"yes"; then
-        AC_SEARCH_LIBS(CRACKLIB_DICTPATH, [crypt],
-            AC_DEFINE(HAVE_CRACKLIB_DICTPATH, 1, [Whether we have given a CRACKLIB_DICTPATH in our headers])
-        )
-
-	AC_DEFINE_UNQUOTED(SAMBA_CRACKLIB_DICTPATH, "$dictpath", [Where the cracklib dictionay is])
-        AC_MSG_CHECKING(Whether we have a working cracklib)
-        AC_TRY_RUN([
-		#include "${srcdir-.}/tests/crack.c"],
-              AC_MSG_RESULT(yes)
-              AC_DEFINE(HAVE_WORKING_CRACKLIB,1,[Whether we have a working cracklib])
-	      AUTH_LIBS="-lcrack $AUTH_LIBS",
-
-              AC_MSG_RESULT(no)
-	      AC_MSG_WARN(cracklib exists - but does not function correctly),
-
-              AC_MSG_RESULT(no)
-	      AC_MSG_WARN(cannot test-run when cross-compiling)
-	      )
-    else
-        AC_MSG_CHECKING(Whether we have cracklib)
-        AC_MSG_RESULT(no)
-    fi
-    LIBS=$crack_saved_libs
-fi
-
 ########################################################################################
 ##
 ## TESTS FOR SAM BACKENDS.  KEEP THESE GROUPED TOGETHER
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 8004d25c12..f944a47891 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -215,7 +215,6 @@ typedef struct
 	int change_notify_timeout;
 	int map_to_guest;
 	int min_passwd_length;
-	BOOL use_cracklib;
 	int oplock_break_wait_time;
 	int winbind_cache_time;
 	int iLockSpinCount;
@@ -788,7 +787,6 @@ static struct parm_struct parm_table[] = {
 	{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED}, 
 	{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED}, 
 	{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_ADVANCED}, 
-	{"use cracklib", P_BOOL, P_GLOBAL, &Globals.use_cracklib, NULL, NULL, FLAG_ADVANCED}, 
 	{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED}, 
 	{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED}, 
 	{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED}, 
@@ -1439,7 +1437,6 @@ static void init_globals(void)
 
 	Globals.map_to_guest = 0;	/* By Default, "Never" */
 	Globals.min_passwd_length = MINPASSWDLENGTH;	/* By Default, 5. */
-	Globals.use_cracklib = False; 
 	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
 	Globals.enhanced_browsing = True; 
 	Globals.iLockSpinCount = 3; /* Try 3 times. */
@@ -1791,7 +1788,6 @@ FN_GLOBAL_INTEGER(lp_machine_password_timeout, &Globals.machine_password_timeout
 FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
 FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
 FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
-FN_GLOBAL_BOOL(lp_use_cracklib, &Globals.use_cracklib)
 FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
 FN_GLOBAL_INTEGER(lp_lock_spin_count, &Globals.iLockSpinCount)
 FN_GLOBAL_INTEGER(lp_lock_sleep_time, &Globals.iLockSpinTime)
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 7edd34c8dd..b9974cba8a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -2834,17 +2834,11 @@ static BOOL set_user_info_23(SAM_USER_INFO_23 *id23, DOM_SID *sid)
 		DEBUG(5, ("Changing trust account or non-unix-user password, not updating /etc/passwd\n"));
 	} else  {
 		/* update the UNIX password */
-		if (lp_unix_password_sync() ) {
-			struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
-			if (!passwd) {
-				DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
-			}
-			
-			if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+		if (lp_unix_password_sync() )
+			if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
 				pdb_free_sam(&pwd);
 				return False;
 			}
-		}
 	}
  
 	ZERO_STRUCT(plaintext_buf);
@@ -2905,12 +2899,7 @@ static BOOL set_user_info_pw(char *pass, DOM_SID *sid)
 	} else {
 		/* update the UNIX password */
 		if (lp_unix_password_sync()) {
-			struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd));
-			if (!passwd) {
-				DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
-			}
-			
-			if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+			if(!chgpasswd(pdb_get_username(pwd), "", plaintext_buf, True)) {
 				pdb_free_sam(&pwd);
 				return False;
 			}
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 692e82680d..e6117245e7 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -49,16 +49,6 @@
 
 #include "includes.h"
 
-#ifdef HAVE_WORKING_CRACKLIB
-#include <crack.h>
-
-#ifndef HAVE_CRACKLIB_DICTPATH
-#ifndef CRACKLIB_DICTPATH
-#define CRACKLIB_DICTPATH SAMBA_CRACKLIB_DICTPATH
-#endif
-#endif
-#endif
-
 extern struct passdb_ops pdb_ops;
 
 static NTSTATUS check_oem_password(const char *user,
@@ -451,14 +441,25 @@ while we were waiting\n", WTERMSIG(wstat)));
 	return (chstat);
 }
 
-BOOL chgpasswd(const char *name, const struct passwd *pass, 
-	       const char *oldpass, const char *newpass, BOOL as_root)
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
 {
 	pstring passwordprogram;
 	pstring chatsequence;
 	size_t i;
 	size_t len;
 
+	struct passwd *pass;
+
+	if (!name) {
+		DEBUG(1, ("chgpasswd: NULL username specfied !\n"));
+	}
+	
+	pass = Get_Pwnam(name);
+	if (!pass) {
+		DEBUG(1, ("chgpasswd: Username does not exist in system !\n"));
+		return False;
+	}
+
 	if (!oldpass) {
 		oldpass = "";
 	}
@@ -470,6 +471,13 @@ BOOL chgpasswd(const char *name, const struct passwd *pass,
 #endif
 
 	/* Take the passed information and test it for minimum criteria */
+	/* Minimum password length */
+	if (strlen(newpass) < lp_min_passwd_length()) {
+		/* too short, must be at least MINPASSWDLENGTH */
+		DEBUG(0, ("chgpasswd: Password Change: user %s, New password is shorter than minimum password length = %d\n",
+		       name, lp_min_passwd_length()));
+		return (False);	/* inform the user */
+	}
 
 	/* Password is same as old password */
 	if (strcmp(oldpass, newpass) == 0) {
@@ -562,8 +570,7 @@ the string %%u, and the given string %s does not.\n", passwordprogram ));
 
 #else /* ALLOW_CHANGE_PASSWORD */
 
-BOOL chgpasswd(const char *name, const struct passwd *pass, 
-	       const char *oldpass, const char *newpass, BOOL as_root)
+BOOL chgpasswd(const char *name, const char *oldpass, const char *newpass, BOOL as_root)
 {
 	DEBUG(0, ("chgpasswd: Password changing not compiled in (user=%s)\n", name));
 	return (False);
@@ -902,8 +909,6 @@ static NTSTATUS check_oem_password(const char *user,
 
 NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passwd, BOOL as_root)
 {
-	struct passwd *pass;
-
 	BOOL ret;
 	uint32 min_len;
 
@@ -931,47 +936,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 /* 		return NT_STATUS_PWD_TOO_SHORT; */
 	}
 
-	pass = Get_Pwnam(pdb_get_username(hnd));
-	if (!pass) {
-		DEBUG(1, ("check_oem_password: Username does not exist in system !?!\n"));
-	}
-
-#ifdef HAVE_WORKING_CRACKLIB
-	if (pass) {
-		/* if we can, become the user to overcome internal cracklib sillyness */
-		if (!push_sec_ctx())
-			return NT_STATUS_UNSUCCESSFUL;
-		
-		set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
-		set_re_uid();
-	}
-
-	if (lp_use_cracklib()) {
-		const char *crack_check_reason;
-		DEBUG(4, ("change_oem_password: Checking password for user [%s]"
-			  " against cracklib. \n", pdb_get_username(hnd)));
-		DEBUGADD(4, ("If this is your last message, then something is "
-			     "wrong with cracklib, it might be missing it's "
-			     "dictionaries at %s\n", 
-			     CRACKLIB_DICTPATH));
-		dbgflush();
-
-		crack_check_reason = FascistCheck(new_passwd, (char *)CRACKLIB_DICTPATH);
-		if (crack_check_reason) {
-			DEBUG(1, ("Password Change: user [%s], "
-				  "New password failed cracklib test - %s\n",
-			  pdb_get_username(hnd), crack_check_reason));
-			
-			/* get back to where we should be */
-			if (pass)
-				pop_sec_ctx();
-			return NT_STATUS_PASSWORD_RESTRICTION;
-		}
-	}
-
-	if (pass)
-		pop_sec_ctx();
-#endif
+	/* TODO:  Add cracklib support here */
 
 	/*
 	 * If unix password sync was requested, attempt to change
@@ -986,7 +951,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 	 */
 	
 	if(lp_unix_password_sync() &&
-		!chgpasswd(pdb_get_username(hnd), pass, old_passwd, new_passwd, as_root)) {
+		!chgpasswd(pdb_get_username(hnd), old_passwd, new_passwd, as_root)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}