2 * Kerberos shared module API for MIT Kerberos 1.9 or later.
4 * This is the glue required for a password quality check via a dynamically
5 * loaded module using the MIT Kerberos pwqual plugin interface.
7 * Written by Greg Hudson <ghudson@mit.edu>
8 * Copyright 2010 the Massachusetts Institute of Technology
10 * The Board of Trustees of the Leland Stanford Junior University
12 * See LICENSE for licensing terms.
16 #include <portable/kadmin.h>
17 #include <portable/krb5.h>
18 #include <portable/system.h>
21 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
22 # include <krb5/pwqual_plugin.h>
25 #include <plugin/api.h>
26 #include <util/macros.h>
28 /* Skip this entire file if building with Heimdal or pre-1.9 MIT. */
29 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
31 /* Prototype for the public interface. */
32 krb5_error_code pwqual_strength_initvt(krb5_context, int, int,
37 * Initialize the library. We can't just call pwcheck_init, since currently
38 * kadmind doesn't tell us the dictionary path. So first look up where the
39 * dictionary is, and then call pwcheck_init.
41 static krb5_error_code
42 init(krb5_context context, const char *dict_file, krb5_pwqual_moddata *data)
46 char *dictionary = NULL;
48 if (dict_file == NULL)
50 krb5_appdefault_string(context, "krb5-strength", NULL,
51 "password_dictionary", dict_file, &dictionary);
52 if (dictionary == NULL || dictionary[0] == '\0') {
53 krb5_set_error_message(context, KADM5_MISSING_CONF_PARAMS,
54 "Cannot initialize strength checking without"
56 krb5_free_string(context, dictionary);
57 return KADM5_MISSING_CONF_PARAMS;
59 code = pwcheck_init(&d, dictionary);
61 krb5_set_error_message(context, code, "Cannot initialize strength"
62 " checking with dictionary %s: %s", dictionary,
64 krb5_free_string(context, dictionary);
67 krb5_free_string(context, dictionary);
74 * Check the password. We need to transform the principal passed us by kadmind
75 * into a string for our check.
77 static krb5_error_code
78 check(krb5_context context, krb5_pwqual_moddata data, const char *password,
79 const char *policy_name UNUSED, krb5_principal princ,
80 const char **languages UNUSED)
83 krb5_error_code status;
86 status = krb5_unparse_name(context, princ, &name);
89 status = pwcheck_check(data, password, name, message, sizeof(message));
91 krb5_set_error_message(context, status, "%s", message);
92 krb5_free_unparsed_name(context, name);
98 * Shut down the library.
101 fini(krb5_context context UNUSED, krb5_pwqual_moddata data)
108 * The public symbol that MIT Kerberos looks for. Builds and returns the
112 pwqual_strength_initvt(krb5_context context UNUSED, int maj_ver,
113 int min_ver UNUSED, krb5_plugin_vtable vtable)
115 krb5_pwqual_vtable vt;
118 return KRB5_PLUGIN_VER_NOTSUPP;
119 vt = (krb5_pwqual_vtable)vtable;
120 vt->name = "krb5-strength";
127 #endif /* HAVE_KRB5_PWQUAL_PLUGIN_H */