1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/kadm5/srv/pwqual_princ.c */
3 /*
4 * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5 * All rights reserved.
6 *
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
11 *
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
25 */
26
27 /* Password quality module to check passwords against principal components */
28
29 #include "k5-int.h"
30 #include <krb5/pwqual_plugin.h>
31 #include "server_internal.h"
32
33 static krb5_error_code
princ_check(krb5_context context,krb5_pwqual_moddata data,const char * password,const char * policy_name,krb5_principal princ,const char ** languages)34 princ_check(krb5_context context, krb5_pwqual_moddata data,
35 const char *password, const char *policy_name,
36 krb5_principal princ, const char **languages)
37 {
38 int i, n;
39 char *cp;
40
41 /* Don't check for principals with no password policy. */
42 if (policy_name == NULL)
43 return 0;
44
45 /* Check against components of the principal. */
46 n = krb5_princ_size(handle->context, princ);
47 cp = krb5_princ_realm(handle->context, princ)->data;
48 if (strcasecmp(cp, password) == 0)
49 return KADM5_PASS_Q_DICT;
50 for (i = 0; i < n; i++) {
51 cp = krb5_princ_component(handle->context, princ, i)->data;
52 if (strcasecmp(cp, password) == 0) {
53 k5_setmsg(context, KADM5_PASS_Q_DICT,
54 _("Password may not match principal name"));
55 return KADM5_PASS_Q_DICT;
56 }
57 }
58
59 return 0;
60 }
61
62 krb5_error_code
pwqual_princ_initvt(krb5_context context,int maj_ver,int min_ver,krb5_plugin_vtable vtable)63 pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver,
64 krb5_plugin_vtable vtable)
65 {
66 krb5_pwqual_vtable vt;
67
68 if (maj_ver != 1)
69 return KRB5_PLUGIN_VER_NOTSUPP;
70 vt = (krb5_pwqual_vtable)vtable;
71 vt->name = "princ";
72 vt->check = princ_check;
73 return 0;
74 }
75