summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs-xml/smbdotconf/security/passwordlevel.xml48
-rw-r--r--lib/param/loadparm.c1
-rw-r--r--lib/param/param_functions.c1
-rw-r--r--lib/param/param_table.c9
-rw-r--r--source3/auth/pass_check.c79
-rw-r--r--source3/param/loadparm.c1
6 files changed, 0 insertions, 139 deletions
diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml
deleted file mode 100644
index eee838f65c..0000000000
--- a/docs-xml/smbdotconf/security/passwordlevel.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<samba:parameter name="password level"
- context="G"
- type="integer"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>Some client/server combinations have difficulty
- with mixed-case passwords. One offending client is Windows for
- Workgroups, which for some reason forces passwords to upper
- case when using the LANMAN1 protocol, but leaves them alone when
- using COREPLUS! Another problem child is the Windows 95/98
- family of operating systems. These clients upper case clear
- text passwords even when NT LM 0.12 selected by the protocol
- negotiation request/response.</para>
-
- <para>This deprecated parameter defines the maximum number of characters
- that may be upper case in passwords.</para>
-
- <para>For example, say the password given was &quot;FRED&quot;. If <parameter moreinfo="none">
- password level</parameter> is set to 1, the following combinations
- would be tried if &quot;FRED&quot; failed:</para>
-
- <para>&quot;Fred&quot;, &quot;fred&quot;, &quot;fRed&quot;, &quot;frEd&quot;,&quot;freD&quot;</para>
-
- <para>If <parameter moreinfo="none">password level</parameter> was set to 2,
- the following combinations would also be tried: </para>
-
- <para>&quot;FRed&quot;, &quot;FrEd&quot;, &quot;FreD&quot;, &quot;fREd&quot;, &quot;fReD&quot;, &quot;frED&quot;, ..</para>
-
- <para>And so on.</para>
-
- <para>The higher value this parameter is set to the more likely
- it is that a mixed case password will be matched against a single
- case password. However, you should be aware that use of this
- parameter reduces security and increases the time taken to
- process a new connection.</para>
-
- <para>A value of zero will cause only two attempts to be
- made - the password as is and the password in all-lower case.</para>
-
- <para>This parameter is used only when using plain-text passwords. It is
- not at all used when encrypted passwords as in use (that is the default
- since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para>
-</description>
-
-<value type="default">0</value>
-<value type="example">4</value>
-</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 25997d33ee..310f95a3c5 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2144,7 +2144,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
- lpcfg_do_global_parameter(lp_ctx, "password level", "0");
lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index 6fc7801b45..fed2e95bf7 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -320,7 +320,6 @@ FN_GLOBAL_INTEGER(open_files_db_hash_size, open_files_db_hash_size)
FN_GLOBAL_INTEGER(oplock_break_wait_time, oplock_break_wait_time)
FN_GLOBAL_INTEGER(os_level, os_level)
FN_GLOBAL_INTEGER(passwd_chat_timeout, iPasswdChatTimeout)
-FN_GLOBAL_INTEGER(passwordlevel, pwordlevel)
FN_GLOBAL_INTEGER(printcap_cache_time, PrintcapCacheTime)
FN_GLOBAL_INTEGER(restrict_anonymous, restrict_anonymous)
FN_GLOBAL_INTEGER(_security, security)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 7ff9d0cbcc..1b1497cc64 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -661,15 +661,6 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
- .label = "password level",
- .type = P_INTEGER,
- .p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(pwordlevel),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
- },
- {
.label = "username level",
.type = P_INTEGER,
.p_class = P_GLOBAL,
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index f2d1fc241b..21694b3d55 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -494,68 +494,6 @@ static char *osf1_bigcrypt(char *password, char *salt1)
/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations2(char *s, int offset,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int len = strlen(s);
- int i;
- NTSTATUS nt_status;
-
-#ifdef PASSWORD_LENGTH
- len = MIN(len, PASSWORD_LENGTH);
-#endif
-
- if (N <= 0 || offset >= len)
- return (fn(s, private_data));
-
- for (i = offset; i < (len - (N - 1)); i++) {
- char c = s[i];
- if (!islower_m(c))
- continue;
- s[i] = toupper_m(c);
- nt_status = string_combinations2(s, i + 1, fn, N - 1,
- private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- s[i] = c;
- }
- return (NT_STATUS_WRONG_PASSWORD);
-}
-
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with up to N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations(char *s,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int n;
- NTSTATUS nt_status;
- for (n = 1; n <= N; n++) {
- nt_status = string_combinations2(s, 0, fn, n, private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- }
- return NT_STATUS_WRONG_PASSWORD;
-}
-
-
-/****************************************************************************
core of password checking routine
****************************************************************************/
static NTSTATUS password_check(const char *password, const void *private_data)
@@ -673,7 +611,6 @@ NTSTATUS pass_check(const struct passwd *pass,
bool run_cracker)
{
char *pass2 = NULL;
- int level = lp_passwordlevel();
NTSTATUS nt_status;
@@ -876,21 +813,5 @@ NTSTATUS pass_check(const struct passwd *pass,
}
}
- /* give up? */
- if (level < 1) {
- return NT_STATUS_WRONG_PASSWORD;
- }
-
- /* last chance - all combinations of up to level chars upper! */
- if (!strlower_m(pass2)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- nt_status = string_combinations(pass2, password_check, level,
- (const void *)rhost);
- if (NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
return NT_STATUS_WRONG_PASSWORD;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b9d316b98e..fa2f9b66e4 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -819,7 +819,6 @@ static void init_globals(bool reinit_globals)
Globals.lpqcachetime = 30; /* changed to handle large print servers better -- jerry */
Globals.bDisableSpoolss = false;
Globals.iMaxSmbdProcesses = 0;/* no limit specified */
- Globals.pwordlevel = 0;
Globals.unamelevel = 0;
Globals.deadtime = 0;
Globals.getwd_cache = true;