2 * Kerberos shared module API for MIT Kerberos 1.9 or later.
4 * This is the glue required for a password quality check via a dynamically
5 * loaded module using the MIT Kerberos pwqual plugin interface.
7 * Written by Greg Hudson <ghudson@mit.edu>
8 * Copyright 2010 the Massachusetts Institute of Technology
10 * The Board of Trustees of the Leland Stanford Junior University
12 * See LICENSE for licensing terms.
16 #include <portable/kadmin.h>
17 #include <portable/krb5.h>
18 #include <portable/system.h>
21 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
22 # include <krb5/pwqual_plugin.h>
25 #include <plugin/internal.h>
26 #include <util/macros.h>
28 /* Skip this entire file if building with Heimdal or pre-1.9 MIT. */
29 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
31 /* Prototype for the public interface. */
32 krb5_error_code pwqual_strength_initvt(krb5_context, int, int,
37 * Initialize the library. We can't just call pwcheck_init, since currently
38 * kadmind doesn't tell us the dictionary path. So first look up where the
39 * dictionary is, and then call pwcheck_init.
41 static krb5_error_code
42 init(krb5_context ctx, const char *dictionary, krb5_pwqual_moddata *data)
44 return strength_init(ctx, dictionary, data);
49 * Check the password. We need to transform the principal passed us by kadmind
50 * into a string for our check.
52 static krb5_error_code
53 check(krb5_context ctx, krb5_pwqual_moddata data, const char *password,
54 const char *policy_name UNUSED, krb5_principal princ,
55 const char **languages UNUSED)
60 code = krb5_unparse_name(ctx, princ, &name);
63 code = strength_check(ctx, data, name, password);
64 krb5_free_unparsed_name(ctx, name);
70 * Shut down the library.
73 fini(krb5_context ctx, krb5_pwqual_moddata data)
75 strength_close(ctx, data);
80 * The public symbol that MIT Kerberos looks for. Builds and returns the
84 pwqual_strength_initvt(krb5_context context UNUSED, int maj_ver,
85 int min_ver UNUSED, krb5_plugin_vtable vtable)
87 krb5_pwqual_vtable vt;
90 return KRB5_PLUGIN_VER_NOTSUPP;
91 vt = (krb5_pwqual_vtable) vtable;
92 vt->name = "krb5-strength";
99 #endif /* HAVE_KRB5_PWQUAL_PLUGIN_H */