2 * Kerberos shared module API for MIT krb5 1.9 or later.
4 * This is the glue required for a password quality check via a dynamically
5 * loaded module using the MIT krb5 pwqual interface.
7 * Written by Greg Hudson <ghudson@mit.edu>
8 * Copyright 2010 the Massachusetts Institute of Technology
10 * The Board of Trustees of the Leland Stanford Junior University
12 * See LICENSE for licensing terms.
16 #include <portable/system.h>
20 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
21 # include <krb5/pwqual_plugin.h>
24 #include <plugin/api.h>
26 /* Skip this entire file if building with Heimdal or pre-1.9 MIT. */
27 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
29 /* Used for unused parameters to silence gcc warnings. */
30 # define UNUSED __attribute__((__unused__))
33 * Initialize the library. We can't just call pwcheck_init, since currently
34 * kadmind doesn't tell us the dictionary path. So first look up where the
35 * dictionary is, and then call pwcheck_init.
37 static krb5_error_code
38 init(krb5_context context, const char *dict_file, krb5_pwqual_moddata *data)
42 if (pwcheck_init(&d, dict_file) != 0) {
43 krb5_set_error_message(context, errno, "Cannot initialize strength"
44 " checking with dictionary %s: %s", dict_file,
53 * Check the password. We need to transform the principal passed us by kadmind
54 * into a string for our check.
56 static krb5_error_code
57 check(krb5_context context, krb5_pwqual_moddata data, const char *password,
58 const char *policy_name UNUSED, krb5_principal princ,
59 const char **languages UNUSED)
62 krb5_error_code status;
65 status = krb5_unparse_name(context, princ, &name);
68 status = pwcheck_check(data, password, name, message, sizeof(message));
70 krb5_set_error_message(context, status, "%s", message);
71 krb5_free_unparsed_name(context, name);
76 * Shut down the library.
79 fini(krb5_context context UNUSED, krb5_pwqual_moddata data)
84 /* The public symbol that MIT Kerberos looks for. */
86 pwqual_strength_initvt(krb5_context context, int maj_ver, int min_ver,
87 krb5_plugin_vtable vtable);
90 pwqual_strength_initvt(krb5_context context UNUSED, int maj_ver,
91 int min_ver UNUSED, krb5_plugin_vtable vtable)
93 krb5_pwqual_vtable vt;
96 return KRB5_PLUGIN_VER_NOTSUPP;
97 vt = (krb5_pwqual_vtable)vtable;
98 vt->name = "krb5-strength";
105 #endif /* HAVE_KRB5_PWQUAL_PLUGIN_H */