diff options
| -rw-r--r-- | docs-xml/smbdotconf/security/passwordlevel.xml | 48 | ||||
| -rw-r--r-- | lib/param/loadparm.c | 1 | ||||
| -rw-r--r-- | lib/param/param_functions.c | 1 | ||||
| -rw-r--r-- | lib/param/param_table.c | 9 | ||||
| -rw-r--r-- | source3/auth/pass_check.c | 79 | ||||
| -rw-r--r-- | source3/param/loadparm.c | 1 |
6 files changed, 0 insertions, 139 deletions
diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml deleted file mode 100644 index eee838f65c..0000000000 --- a/docs-xml/smbdotconf/security/passwordlevel.xml +++ /dev/null @@ -1,48 +0,0 @@ -<samba:parameter name="password level" - context="G" - type="integer" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>Some client/server combinations have difficulty - with mixed-case passwords. One offending client is Windows for - Workgroups, which for some reason forces passwords to upper - case when using the LANMAN1 protocol, but leaves them alone when - using COREPLUS! Another problem child is the Windows 95/98 - family of operating systems. These clients upper case clear - text passwords even when NT LM 0.12 selected by the protocol - negotiation request/response.</para> - - <para>This deprecated parameter defines the maximum number of characters - that may be upper case in passwords.</para> - - <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> - password level</parameter> is set to 1, the following combinations - would be tried if "FRED" failed:</para> - - <para>"Fred", "fred", "fRed", "frEd","freD"</para> - - <para>If <parameter moreinfo="none">password level</parameter> was set to 2, - the following combinations would also be tried: </para> - - <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> - - <para>And so on.</para> - - <para>The higher value this parameter is set to the more likely - it is that a mixed case password will be matched against a single - case password. However, you should be aware that use of this - parameter reduces security and increases the time taken to - process a new connection.</para> - - <para>A value of zero will cause only two attempts to be - made - the password as is and the password in all-lower case.</para> - - <para>This parameter is used only when using plain-text passwords. It is - not at all used when encrypted passwords as in use (that is the default - since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para> -</description> - -<value type="default">0</value> -<value type="example">4</value> -</samba:parameter> diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 25997d33ee..310f95a3c5 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2144,7 +2144,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288"); lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true"); - lpcfg_do_global_parameter(lp_ctx, "password level", "0"); lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True"); lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE"); lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1"); diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c index 6fc7801b45..fed2e95bf7 100644 --- a/lib/param/param_functions.c +++ b/lib/param/param_functions.c @@ -320,7 +320,6 @@ FN_GLOBAL_INTEGER(open_files_db_hash_size, open_files_db_hash_size) FN_GLOBAL_INTEGER(oplock_break_wait_time, oplock_break_wait_time) FN_GLOBAL_INTEGER(os_level, os_level) FN_GLOBAL_INTEGER(passwd_chat_timeout, iPasswdChatTimeout) -FN_GLOBAL_INTEGER(passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(printcap_cache_time, PrintcapCacheTime) FN_GLOBAL_INTEGER(restrict_anonymous, restrict_anonymous) FN_GLOBAL_INTEGER(_security, security) diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 7ff9d0cbcc..1b1497cc64 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -661,15 +661,6 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { - .label = "password level", - .type = P_INTEGER, - .p_class = P_GLOBAL, - .offset = GLOBAL_VAR(pwordlevel), - .special = NULL, - .enum_list = NULL, - .flags = FLAG_ADVANCED | FLAG_DEPRECATED, - }, - { .label = "username level", .type = P_INTEGER, .p_class = P_GLOBAL, diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index f2d1fc241b..21694b3d55 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -494,68 +494,6 @@ static char *osf1_bigcrypt(char *password, char *salt1) /**************************************************************************** -apply a function to upper/lower case combinations -of a string and return true if one of them returns true. -try all combinations with N uppercase letters. -offset is the first char to try and change (start with 0) -it assumes the string starts lowercased -****************************************************************************/ -static NTSTATUS string_combinations2(char *s, int offset, - NTSTATUS (*fn)(const char *s, - const void *private_data), - int N, const void *private_data) -{ - int len = strlen(s); - int i; - NTSTATUS nt_status; - -#ifdef PASSWORD_LENGTH - len = MIN(len, PASSWORD_LENGTH); -#endif - - if (N <= 0 || offset >= len) - return (fn(s, private_data)); - - for (i = offset; i < (len - (N - 1)); i++) { - char c = s[i]; - if (!islower_m(c)) - continue; - s[i] = toupper_m(c); - nt_status = string_combinations2(s, i + 1, fn, N - 1, - private_data); - if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { - return nt_status; - } - s[i] = c; - } - return (NT_STATUS_WRONG_PASSWORD); -} - -/**************************************************************************** -apply a function to upper/lower case combinations -of a string and return true if one of them returns true. -try all combinations with up to N uppercase letters. -offset is the first char to try and change (start with 0) -it assumes the string starts lowercased -****************************************************************************/ -static NTSTATUS string_combinations(char *s, - NTSTATUS (*fn)(const char *s, - const void *private_data), - int N, const void *private_data) -{ - int n; - NTSTATUS nt_status; - for (n = 1; n <= N; n++) { - nt_status = string_combinations2(s, 0, fn, n, private_data); - if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { - return nt_status; - } - } - return NT_STATUS_WRONG_PASSWORD; -} - - -/**************************************************************************** core of password checking routine ****************************************************************************/ static NTSTATUS password_check(const char *password, const void *private_data) @@ -673,7 +611,6 @@ NTSTATUS pass_check(const struct passwd *pass, bool run_cracker) { char *pass2 = NULL; - int level = lp_passwordlevel(); NTSTATUS nt_status; @@ -876,21 +813,5 @@ NTSTATUS pass_check(const struct passwd *pass, } } - /* give up? */ - if (level < 1) { - return NT_STATUS_WRONG_PASSWORD; - } - - /* last chance - all combinations of up to level chars upper! */ - if (!strlower_m(pass2)) { - return NT_STATUS_INVALID_PARAMETER; - } - - nt_status = string_combinations(pass2, password_check, level, - (const void *)rhost); - if (NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - return NT_STATUS_WRONG_PASSWORD; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b9d316b98e..fa2f9b66e4 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -819,7 +819,6 @@ static void init_globals(bool reinit_globals) Globals.lpqcachetime = 30; /* changed to handle large print servers better -- jerry */ Globals.bDisableSpoolss = false; Globals.iMaxSmbdProcesses = 0;/* no limit specified */ - Globals.pwordlevel = 0; Globals.unamelevel = 0; Globals.deadtime = 0; Globals.getwd_cache = true; |