r8454: Fix Bug #2502

Removing deprecated lp_min_password_length (the same functionality is
provided by the account policy).

Note that we now allow to set passwords less then 5 chars (if the admins
decides to do so by setting the account policy).

Thanks to Daniel Beschorner <db@unit-netz.de>

Guenther
(This used to be commit fd91378925f7e3541df4f31bd461dabc1da523a9)

source3/param/loadparm.c

@@ -221,7 +221,6 @@ typedef struct
 	int machine_password_timeout;
 	int change_notify_timeout;
 	int map_to_guest;
-	int min_passwd_length;
 	int oplock_break_wait_time;
 	int winbind_cache_time;
 	int winbind_max_idle_children;
@@ -823,8 +822,6 @@ static struct parm_struct parm_table[] = {
 	{"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED}, 
 	{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED}, 
 	{"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED}, 
-	{"min password length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_DEPRECATED}, 
-	{"min passwd length", P_INTEGER, P_GLOBAL, &Globals.min_passwd_length, NULL, NULL, FLAG_DEPRECATED}, 
 	{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED}, 
 	{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED}, 
 	{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED}, 
@@ -1491,7 +1488,6 @@ static void init_globals(void)
 	/* Note, that we will use NTLM2 session security (which is different), if it is available */
 
 	Globals.map_to_guest = 0;	/* By Default, "Never" */
-	Globals.min_passwd_length = MINPASSWDLENGTH;	/* By Default, 5. */
 	Globals.oplock_break_wait_time = 0;	/* By Default, 0 msecs. */
 	Globals.enhanced_browsing = True; 
 	Globals.iLockSpinCount = 3; /* Try 3 times. */
@@ -1882,7 +1878,6 @@ FN_GLOBAL_INTEGER(lp_lm_interval, &Globals.lm_interval)
 FN_GLOBAL_INTEGER(lp_machine_password_timeout, &Globals.machine_password_timeout)
 FN_GLOBAL_INTEGER(lp_change_notify_timeout, &Globals.change_notify_timeout)
 FN_GLOBAL_INTEGER(lp_map_to_guest, &Globals.map_to_guest)
-FN_GLOBAL_INTEGER(lp_min_passwd_length, &Globals.min_passwd_length)
 FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, &Globals.oplock_break_wait_time)
 FN_GLOBAL_INTEGER(lp_lock_spin_count, &Globals.iLockSpinCount)
 FN_GLOBAL_INTEGER(lp_lock_sleep_time, &Globals.iLockSpinTime)

source3/smbd/chgpasswd.c

@@ -1017,7 +1017,6 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 		return NT_STATUS_ACCOUNT_RESTRICTION;
 	}
 
-	/* FIXME: AP_MIN_PASSWORD_LEN and lp_min_passwd_length() need to be merged - gd */
 	if (account_policy_get(AP_MIN_PASSWORD_LEN, &min_len) && (str_charnum(new_passwd) < min_len)) {
 		DEBUG(1, ("user %s cannot change password - password too short\n", 
 			  username));
@@ -1026,16 +1025,6 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw
 /* 		return NT_STATUS_PWD_TOO_SHORT; */
 	}
 
-	/* Take the passed information and test it for minimum criteria */
-	/* Minimum password length */
-	if (str_charnum(new_passwd) < lp_min_passwd_length()) {
-		/* too short, must be at least MINPASSWDLENGTH */
-		DEBUG(1, ("Password Change: user %s, New password is shorter than minimum password length = %d\n",
-		       username, lp_min_passwd_length()));
-		return NT_STATUS_PASSWORD_RESTRICTION;
-/* 		return NT_STATUS_PWD_TOO_SHORT; */
-	}
-
 	if (check_passwd_history(hnd,new_passwd)) {
 		return NT_STATUS_PASSWORD_RESTRICTION;
 	}