xref: /freebsd/crypto/heimdal/lib/kadm5/sample_passwd_check.c (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1 /*
2  * Copyright (c) 1999 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32 
33 /* $Id$ */
34 
35 #include <string.h>
36 #include <stdlib.h>
37 #include <krb5.h>
38 
39 const char* check_length(krb5_context, krb5_principal, krb5_data *);
40 
41 /* specify the api-version this library conforms to */
42 
43 int version = 0;
44 
45 /* just check the length of the password, this is what the default
46    check does, but this lets you specify the minimum length in
47    krb5.conf */
48 const char*
49 check_length(krb5_context context,
50              krb5_principal prinipal,
51              krb5_data *password)
52 {
53     int min_length = krb5_config_get_int_default(context, NULL, 6,
54 						 "password_quality",
55 						 "min_length",
56 						 NULL);
57     if(password->length < min_length)
58 	return "Password too short";
59     return NULL;
60 }
61 
62 #ifdef DICTPATH
63 
64 /* use cracklib to check password quality; this requires a patch for
65    cracklib that can be found at
66    ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
67 
68 const char*
69 check_cracklib(krb5_context context,
70 	       krb5_principal principal,
71 	       krb5_data *password)
72 {
73     char *s = malloc(password->length + 1);
74     char *msg;
75     char *strings[2];
76     if(s == NULL)
77 	return NULL; /* XXX */
78     strings[0] = principal->name.name_string.val[0]; /* XXX */
79     strings[1] = NULL;
80     memcpy(s, password->data, password->length);
81     s[password->length] = '\0';
82     msg = FascistCheck(s, DICTPATH, strings);
83     memset(s, 0, password->length);
84     free(s);
85     return msg;
86 }
87 #endif
88