xref: /freebsd/crypto/krb5/src/lib/kadm5/srv/pwqual_princ.c (revision d0ff5773cefaf3fa41b1be3e44ca35bd9d5f68ee) 
1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/kadm5/srv/pwqual_princ.c */
3 /*
4  * Copyright (C) 2010 by the Massachusetts Institute of Technology.
5  * All rights reserved.
6  *
7  * Export of this software from the United States of America may
8  *   require a specific license from the United States Government.
9  *   It is the responsibility of any person or organization contemplating
10  *   export to obtain such a license before exporting.
11  *
12  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13  * distribute this software and its documentation for any purpose and
14  * without fee is hereby granted, provided that the above copyright
15  * notice appear in all copies and that both that copyright notice and
16  * this permission notice appear in supporting documentation, and that
17  * the name of M.I.T. not be used in advertising or publicity pertaining
18  * to distribution of the software without specific, written prior
19  * permission.  Furthermore if you modify this software you must label
20  * your software as modified software and not distribute it in such a
21  * fashion that it might be confused with the original M.I.T. software.
22  * M.I.T. makes no representations about the suitability of
23  * this software for any purpose.  It is provided "as is" without express
24  * or implied warranty.
25  */
26 
27 /* Password quality module to check passwords against principal components */
28 
29 #include "k5-int.h"
30 #include <krb5/pwqual_plugin.h>
31 #include "server_internal.h"
32 
33 static krb5_error_code
34 princ_check(krb5_context context, krb5_pwqual_moddata data,
35             const char *password, const char *policy_name,
36             krb5_principal princ, const char **languages)
37 {
38     int i, n;
39     char *cp;
40 
41     /* Don't check for principals with no password policy. */
42     if (policy_name == NULL)
43         return 0;
44 
45     /* Check against components of the principal. */
46     n = krb5_princ_size(handle->context, princ);
47     cp = krb5_princ_realm(handle->context, princ)->data;
48     if (strcasecmp(cp, password) == 0)
49         return KADM5_PASS_Q_DICT;
50     for (i = 0; i < n; i++) {
51         cp = krb5_princ_component(handle->context, princ, i)->data;
52         if (strcasecmp(cp, password) == 0) {
53             k5_setmsg(context, KADM5_PASS_Q_DICT,
54                       _("Password may not match principal name"));
55             return KADM5_PASS_Q_DICT;
56         }
57     }
58 
59     return 0;
60 }
61 
62 krb5_error_code
63 pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver,
64                     krb5_plugin_vtable vtable)
65 {
66     krb5_pwqual_vtable vt;
67 
68     if (maj_ver != 1)
69         return KRB5_PLUGIN_VER_NOTSUPP;
70     vt = (krb5_pwqual_vtable)vtable;
71     vt->name = "princ";
72     vt->check = princ_check;
73     return 0;
74 }
75