s3-auth: Remove obsolete 'update encrypted' option.
authorAndreas Schneider <asn@samba.org>
Thu, 29 Jul 2010 11:16:09 +0000 (13:16 +0200)
committerAndreas Schneider <asn@samba.org>
Mon, 16 Aug 2010 10:48:27 +0000 (12:48 +0200)
examples/scripts/shares/python/smbparm.py
source3/auth/auth_unix.c
source3/auth/pass_check.c
source3/include/proto.h
source3/param/loadparm.c
source3/web/cgi.c

index 73637a7095c53d5d2e48b8b2058d80e35bddb0c1..37939921b65f9b0a0c7a7f999e68feffeb8c5eb6 100644 (file)
@@ -353,7 +353,6 @@ parm_table = {
        "ENHANCEDBROWSING"       : ("enhanced browsing", SambaParmBool, P_GLOBAL, "Yes"),
        "PANICACTION"            : ("panic action", SambaParmString, P_GLOBAL, ""),
        "LDAPMACHINESUFFIX"      : ("ldap machine suffix", SambaParmString, P_GLOBAL, ""),
-       "UPDATEENCRYPTED"        : ("update encrypted", SambaParmBool, P_GLOBAL, "No"),
        "MAXTTL"                 : ("max ttl", SambaParmString, P_GLOBAL, "259200"),
        "WRITABLE"               : ("read only", SambaParmBoolRev, P_LOCAL, "Yes"),
        "SHAREMODES"             : ("share modes", SambaParmBool, P_LOCAL, "Yes"),
index a9a4c53704df39f813f5992dd94431d9b585dbb6..8668a2f5794f47c831ce4325b84907680e4a2cc8 100644 (file)
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-/**
- * update the encrypted smbpasswd file from the plaintext username and password
- *  
- *  this ugly hack needs to die, but not quite yet, I think people still use it...
- **/
-static bool update_smbpassword_file(const char *user, const char *password)
-{
-       struct samu     *sampass;
-       bool            ret;
-
-       if ( !(sampass = samu_new( NULL )) ) {
-               return False;
-       }
-
-       become_root();
-       ret = pdb_getsampwnam(sampass, user);
-       unbecome_root();
-
-       if(ret == False) {
-               DEBUG(0,("pdb_getsampwnam returned NULL\n"));
-               TALLOC_FREE(sampass);
-               return False;
-       }
-
-       /*
-        * Remove the account disabled flag - we are updating the
-        * users password from a login.
-        */
-       if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED, PDB_CHANGED)) {
-               TALLOC_FREE(sampass);
-               return False;
-       }
-
-       if (!pdb_set_plaintext_passwd (sampass, password)) {
-               TALLOC_FREE(sampass);
-               return False;
-       }
-
-       /* Now write it into the file. */
-       become_root();
-
-       ret = NT_STATUS_IS_OK(pdb_update_sam_account (sampass));
-
-       unbecome_root();
-
-       if (ret) {
-               DEBUG(3,("pdb_update_sam_account returned %d\n",ret));
-       }
-
-       TALLOC_FREE(sampass);
-       return ret;
-}
-
-
 /** Check a plaintext username/password
  *
  * Cannot deal with an encrupted password in any manner whatsoever,
@@ -102,9 +48,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
        nt_status = pass_check(pass,
                                pass ? pass->pw_name : user_info->mapped.account_name,
                                user_info->password.plaintext,
-                               lp_update_encrypted() ? 
-                               update_smbpassword_file : NULL,
-                               True);
+                               true);
 
        unbecome_root();
 
index d1b720c9225267346f5949120a94320c42e47771..ee35fba5f469fe609efe126cf4b35cca43360f6a 100644 (file)
@@ -647,8 +647,10 @@ match is found and is used to update the encrypted password file
 return NT_STATUS_OK on correct match, appropriate error otherwise
 ****************************************************************************/
 
-NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, 
-                   bool (*fn) (const char *, const char *), bool run_cracker)
+NTSTATUS pass_check(const struct passwd *pass,
+                   const char *user,
+                   const char *password,
+                   bool run_cracker)
 {
        char *pass2 = NULL;
        int level = lp_passwordlevel();
@@ -820,9 +822,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
        /* try it as it came to us */
        nt_status = password_check(password);
         if NT_STATUS_IS_OK(nt_status) {
-                if (fn) {
-                        fn(user, password);
-               }
                return (nt_status);
        } else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
                 /* No point continuing if its not the password thats to blame (ie PAM disabled). */
@@ -850,8 +849,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
        if (strhasupper(pass2)) {
                strlower_m(pass2);
                if NT_STATUS_IS_OK(nt_status = password_check(pass2)) {
-                       if (fn)
-                               fn(user, pass2);
                        return (nt_status);
                }
        }
@@ -865,8 +862,6 @@ NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *pas
        strlower_m(pass2);
  
         if (NT_STATUS_IS_OK(nt_status = string_combinations(pass2, password_check, level))) {
-                if (fn)
-                       fn(user, pass2);
                return nt_status;
        }
         
index c6061fc9ed9c3d5ca3557e3280886d310e8bed92..850710b2c76ae158273584b9a7f9ae9bf36917c9 100644 (file)
@@ -232,7 +232,7 @@ bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
 
 void dfs_unlogin(void);
 NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, 
-                   bool (*fn) (const char *, const char *), bool run_cracker);
+                   bool run_cracker);
 
 /* The following definitions come from auth/token_util.c  */
 
@@ -3708,7 +3708,6 @@ bool _lp_writeraw(void);
 bool lp_null_passwords(void);
 bool lp_obey_pam_restrictions(void);
 bool lp_encrypted_passwords(void);
-bool lp_update_encrypted(void);
 int lp_client_schannel(void);
 int lp_server_schannel(void);
 bool lp_syslog_only(void);
index b20b56578cd1b37c5acb89cc244403e2aff91c50..f2000221a1cadf72bfb8d1397228352086bf62ac 100644 (file)
@@ -1101,15 +1101,6 @@ static struct parm_struct parm_table[] = {
                .enum_list      = NULL,
                .flags          = FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD,
        },
-       {
-               .label          = "update encrypted",
-               .type           = P_BOOL,
-               .p_class        = P_GLOBAL,
-               .ptr            = &Globals.bUpdateEncrypt,
-               .special        = NULL,
-               .enum_list      = NULL,
-               .flags          = FLAG_ADVANCED,
-       },
        {
                .label          = "client schannel",
                .type           = P_ENUM,
index 0c1c80e724099b3a286dfb944e8d4ffb7eb4f05c..3d7b32c29371bfb349a08db2192fbb6b01128f94 100644 (file)
@@ -373,9 +373,7 @@ static bool cgi_handle_authorization(char *line)
         * Validate the password they have given.
         */
 
-       if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, 
-                                     NULL, False)) {
-
+       if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) {
                if (pass) {
                        /*
                         * Password was ok.