+++ /dev/null
-<samba:parameter name="password level"
- context="G"
- type="integer"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>Some client/server combinations have difficulty
- with mixed-case passwords. One offending client is Windows for
- Workgroups, which for some reason forces passwords to upper
- case when using the LANMAN1 protocol, but leaves them alone when
- using COREPLUS! Another problem child is the Windows 95/98
- family of operating systems. These clients upper case clear
- text passwords even when NT LM 0.12 selected by the protocol
- negotiation request/response.</para>
-
- <para>This deprecated parameter defines the maximum number of characters
- that may be upper case in passwords.</para>
-
- <para>For example, say the password given was "FRED". If <parameter moreinfo="none">
- password level</parameter> is set to 1, the following combinations
- would be tried if "FRED" failed:</para>
-
- <para>"Fred", "fred", "fRed", "frEd","freD"</para>
-
- <para>If <parameter moreinfo="none">password level</parameter> was set to 2,
- the following combinations would also be tried: </para>
-
- <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para>
-
- <para>And so on.</para>
-
- <para>The higher value this parameter is set to the more likely
- it is that a mixed case password will be matched against a single
- case password. However, you should be aware that use of this
- parameter reduces security and increases the time taken to
- process a new connection.</para>
-
- <para>A value of zero will cause only two attempts to be
- made - the password as is and the password in all-lower case.</para>
-
- <para>This parameter is used only when using plain-text passwords. It is
- not at all used when encrypted passwords as in use (that is the default
- since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para>
-</description>
-
-<value type="default">0</value>
-<value type="example">4</value>
-</samba:parameter>
lpcfg_do_global_parameter(lp_ctx, "max xmit", "12288");
lpcfg_do_global_parameter(lp_ctx, "host msdfs", "true");
- lpcfg_do_global_parameter(lp_ctx, "password level", "0");
lpcfg_do_global_parameter(lp_ctx, "LargeReadwrite", "True");
lpcfg_do_global_parameter(lp_ctx, "server min protocol", "CORE");
lpcfg_do_global_parameter(lp_ctx, "server max protocol", "NT1");
FN_GLOBAL_INTEGER(oplock_break_wait_time, oplock_break_wait_time)
FN_GLOBAL_INTEGER(os_level, os_level)
FN_GLOBAL_INTEGER(passwd_chat_timeout, iPasswdChatTimeout)
-FN_GLOBAL_INTEGER(passwordlevel, pwordlevel)
FN_GLOBAL_INTEGER(printcap_cache_time, PrintcapCacheTime)
FN_GLOBAL_INTEGER(restrict_anonymous, restrict_anonymous)
FN_GLOBAL_INTEGER(_security, security)
.enum_list = NULL,
.flags = FLAG_ADVANCED,
},
- {
- .label = "password level",
- .type = P_INTEGER,
- .p_class = P_GLOBAL,
- .offset = GLOBAL_VAR(pwordlevel),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_DEPRECATED,
- },
{
.label = "username level",
.type = P_INTEGER,
#endif
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations2(char *s, int offset,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int len = strlen(s);
- int i;
- NTSTATUS nt_status;
-
-#ifdef PASSWORD_LENGTH
- len = MIN(len, PASSWORD_LENGTH);
-#endif
-
- if (N <= 0 || offset >= len)
- return (fn(s, private_data));
-
- for (i = offset; i < (len - (N - 1)); i++) {
- char c = s[i];
- if (!islower_m(c))
- continue;
- s[i] = toupper_m(c);
- nt_status = string_combinations2(s, i + 1, fn, N - 1,
- private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- s[i] = c;
- }
- return (NT_STATUS_WRONG_PASSWORD);
-}
-
-/****************************************************************************
-apply a function to upper/lower case combinations
-of a string and return true if one of them returns true.
-try all combinations with up to N uppercase letters.
-offset is the first char to try and change (start with 0)
-it assumes the string starts lowercased
-****************************************************************************/
-static NTSTATUS string_combinations(char *s,
- NTSTATUS (*fn)(const char *s,
- const void *private_data),
- int N, const void *private_data)
-{
- int n;
- NTSTATUS nt_status;
- for (n = 1; n <= N; n++) {
- nt_status = string_combinations2(s, 0, fn, n, private_data);
- if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
- return nt_status;
- }
- }
- return NT_STATUS_WRONG_PASSWORD;
-}
-
-
/****************************************************************************
core of password checking routine
****************************************************************************/
bool run_cracker)
{
char *pass2 = NULL;
- int level = lp_passwordlevel();
NTSTATUS nt_status;
}
}
- /* give up? */
- if (level < 1) {
- return NT_STATUS_WRONG_PASSWORD;
- }
-
- /* last chance - all combinations of up to level chars upper! */
- if (!strlower_m(pass2)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- nt_status = string_combinations(pass2, password_check, level,
- (const void *)rhost);
- if (NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
return NT_STATUS_WRONG_PASSWORD;
}
Globals.lpqcachetime = 30; /* changed to handle large print servers better -- jerry */
Globals.bDisableSpoolss = false;
Globals.iMaxSmbdProcesses = 0;/* no limit specified */
- Globals.pwordlevel = 0;
Globals.unamelevel = 0;
Globals.deadtime = 0;
Globals.getwd_cache = true;