xref: /freebsd/crypto/heimdal/lib/kadm5/sample_passwd_check.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
1 /*
2  * Copyright (c) 1999 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32 
33 /* $Id: sample_passwd_check.c,v 1.1 1999/09/10 10:11:03 assar Exp $ */
34 
35 #include <string.h>
36 #include <stdlib.h>
37 #include <krb5.h>
38 
39 /* specify the api-version this library conforms to */
40 
41 int version = 0;
42 
43 /* just check the length of the password, this is what the default
44    check does, but this lets you specify the minimum length in
45    krb5.conf */
46 const char*
47 check_length(krb5_context context,
48              krb5_principal prinipal,
49              krb5_data *password)
50 {
51     int min_length = krb5_config_get_int_default(context, NULL, 6,
52 						 "password_quality",
53 						 "min_length",
54 						 NULL);
55     if(password->length < min_length)
56 	return "Password too short";
57     return NULL;
58 }
59 
60 #ifdef DICTPATH
61 
62 /* use cracklib to check password quality; this requires a patch for
63    cracklib that can be found at
64    ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
65 
66 const char*
67 check_cracklib(krb5_context context,
68 	       krb5_principal principal,
69 	       krb5_data *password)
70 {
71     char *s = malloc(password->length + 1);
72     char *msg;
73     char *strings[2];
74     if(s == NULL)
75 	return NULL; /* XXX */
76     strings[0] = principal->name.name_string.val[0]; /* XXX */
77     strings[1] = NULL;
78     memcpy(s, password->data, password->length);
79     s[password->length] = '\0';
80     msg = FascistCheck(s, DICTPATH, strings);
81     memset(s, 0, password->length);
82     free(s);
83     return msg;
84 }
85 #endif
86