PROPOSAL: deprecate plaintext password support (in SMB1) for 4.11?
Nico Kadel-Garcia
nkadel at gmail.com
Wed Sep 4 11:50:09 UTC 2019
On Wed, Sep 4, 2019 at 4:24 AM Andrew Bartlett via samba-technical
<samba-technical at lists.samba.org> wrote:
>
> It is quite late for Samba 4.11 but I wondered what folks would think
> of marking 'encrypt passwords' as deprecated so we can consider to
> remove this code in Samba 4.12 (eg master) later this year?
>
> This would dovetail with the SMB1 deprecation effort and I hope also
> help find users who can't live without this (because SMB2 doesn't have
> this at all).
It's a good idea as a behavior. But you're right that it is *really*
late in the release process. By "depreceate", do you mean deprecate in
the documentation? Or to change any software behavior?
> I'm unclear if this even works, given bugs like:
> https://bugzilla.samba.org/show_bug.cgi?id=9705
>
> If this is supported I'll polish up the attached patch and then write a
> WHATSNEW for 4.11.
>
> It doesn't commit us to doing anything in master / 4.12 (and we might
> want to wait till closer to the end of the year for feedback), but I
> took a stab at seeing what it might allow us to remove and this was the
> diffstat (and there is probably more if we tried):
>
> /docs-xml/smbdotconf/security/encryptpasswords.xml | 43 -
> b/docs-xml/smbdotconf/security/encryptpasswords.xml | 4
> b/lib/replace/wscript | 1
> b/source3/auth/auth.c | 9
> b/source3/auth/pampass.c | 132 ---
> b/source3/auth/proto.h | 14
> b/source3/auth/wscript_build | 8
> b/source3/param/loadparm.c | 1
> b/source3/smbd/globals.h | 1
> b/source3/smbd/negprot.c | 62 -
> b/source3/smbd/reply.c | 6
> b/source3/smbd/sesssetup.c | 104 --
> b/source3/utils/testparm.c | 26
> b/source3/wscript | 1
> b/source3/wscript_build | 1
> b/source4/auth/ntlm/wscript_build | 8
> b/source4/smb_server/smb/negprot.c | 63 -
> b/source4/smb_server/smb_server.h | 3
> lib/replace/crypt.c | 770 --------------------
> source3/auth/auth_unix.c | 104 --
> source3/auth/pass_check.c | 294 -------
> source4/auth/ntlm/auth_unix.c | 769 -------------------
> 22 files changed, 70 insertions(+), 2354 deletions(-)
>
> What do folks think?
>
> Andrew Bartlett
Obviously, Iyou are far more active in the source code than us mere
mortals. But as an occasional software developer, more than 2000 lines
of deletion in 22 C files, that hasn't been through *any* of the
releases QA? That's begging for trouble with an unexpected dependency,
and it's not a critical feature. I'd push actual deletion back to
4.12, and be cautious about even inserting a deprecation warning at
this late date.
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
>
More information about the samba-technical
mailing list