crypto/dist/heimdal/lib/kadm5/sample_passwd_check.c

   1 /*
   2  * Copyright (c) 1999 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of KTH nor the names of its contributors may be
  18  *    used to endorse or promote products derived from this software without
  19  *    specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
  22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
  25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
  28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
  32
  33 /* $Heimdal: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $
  34    $NetBSD$ */
  35
  36 #include <string.h>
  37 #include <stdlib.h>
  38 #include <krb5.h>
  39
  40 const char* check_length(krb5_context, krb5_principal, krb5_data *);
  41
  42 /* specify the api-version this library conforms to */
  43
  44 int version = 0;
  45
  46 /* just check the length of the password, this is what the default
  47    check does, but this lets you specify the minimum length in
  48    krb5.conf */
  49 const char*
  50 check_length(krb5_context context,
  51              krb5_principal prinipal,
  52              krb5_data *password)
  53 {
  54     int min_length = krb5_config_get_int_default(context, NULL, 6,
  55                                                  "password_quality",
  56                                                  "min_length",
  57                                                  NULL);
  58     if(password->length < min_length)
  59         return "Password too short";
  60     return NULL;
  61 }
  62
  63 #ifdef DICTPATH
  64
  65 /* use cracklib to check password quality; this requires a patch for
  66    cracklib that can be found at
  67    ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
  68
  69 const char*
  70 check_cracklib(krb5_context context,
  71                krb5_principal principal,
  72                krb5_data *password)
  73 {
  74     char *s = malloc(password->length + 1);
  75     char *msg;
  76     char *strings[2];
  77     if(s == NULL)
  78         return NULL; /* XXX */
  79     strings[0] = principal->name.name_string.val[0]; /* XXX */
  80     strings[1] = NULL;
  81     memcpy(s, password->data, password->length);
  82     s[password->length] = '\0';
  83     msg = FascistCheck(s, DICTPATH, strings);
  84     memset(s, 0, password->length);
  85     free(s);
  86     return msg;
  87 }
  88 #endif