PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?
rpenny at samba.org
Wed Sep 4 12:07:55 UTC 2019
On 04/09/2019 12:50, Nico Kadel-Garcia via samba-technical wrote:
> On Wed, Sep 4, 2019 at 4:24 AM Andrew Bartlett via samba-technical
> <samba-technical at lists.samba.org> wrote:
>> It is quite late for Samba 4.11 but I wondered what folks would think
>> of marking 'encrypt passwords' as deprecated so we can consider to
>> remove this code in Samba 4.12 (eg master) later this year?
>> This would dovetail with the SMB1 deprecation effort and I hope also
>> help find users who can't live without this (because SMB2 doesn't have
>> this at all).
> It's a good idea as a behavior. But you're right that it is *really*
> late in the release process. By "depreceate", do you mean deprecate in
> the documentation? Or to change any software behavior?
Deprecate means 'Even though it is still capable of being used, please
don't use it', it doesn't actually change anything.
>> I'm unclear if this even works, given bugs like:
>> If this is supported I'll polish up the attached patch and then write a
>> WHATSNEW for 4.11.
>> It doesn't commit us to doing anything in master / 4.12 (and we might
>> want to wait till closer to the end of the year for feedback), but I
>> took a stab at seeing what it might allow us to remove and this was the
>> diffstat (and there is probably more if we tried):
>> /docs-xml/smbdotconf/security/encryptpasswords.xml | 43 -
>> b/docs-xml/smbdotconf/security/encryptpasswords.xml | 4
>> b/lib/replace/wscript | 1
>> b/source3/auth/auth.c | 9
>> b/source3/auth/pampass.c | 132 ---
>> b/source3/auth/proto.h | 14
>> b/source3/auth/wscript_build | 8
>> b/source3/param/loadparm.c | 1
>> b/source3/smbd/globals.h | 1
>> b/source3/smbd/negprot.c | 62 -
>> b/source3/smbd/reply.c | 6
>> b/source3/smbd/sesssetup.c | 104 --
>> b/source3/utils/testparm.c | 26
>> b/source3/wscript | 1
>> b/source3/wscript_build | 1
>> b/source4/auth/ntlm/wscript_build | 8
>> b/source4/smb_server/smb/negprot.c | 63 -
>> b/source4/smb_server/smb_server.h | 3
>> lib/replace/crypt.c | 770 --------------------
>> source3/auth/auth_unix.c | 104 --
>> source3/auth/pass_check.c | 294 -------
>> source4/auth/ntlm/auth_unix.c | 769 -------------------
>> 22 files changed, 70 insertions(+), 2354 deletions(-)
>> What do folks think?
>> Andrew Bartlett
> Obviously, Iyou are far more active in the source code than us mere
> mortals. But as an occasional software developer, more than 2000 lines
> of deletion in 22 C files, that hasn't been through *any* of the
> releases QA? That's begging for trouble with an unexpected dependency,
> and it's not a critical feature. I'd push actual deletion back to
> 4.12, and be cautious about even inserting a deprecation warning at
> this late date.
Given that the default in smb.conf for 'encrypt passwords' is 'yes' and
has been so since (at least) Samba 3.6.x, deprecating it will not change
anything and removing it, not much more.
In case you haven't guessed by now, I am all for the removal, who thinks
it is a good idea to send unencrypted passwords over the lan ?
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical