2 * Kerberos shared module API for MIT Kerberos 1.9 or later.
4 * This is the glue required for a password quality check via a dynamically
5 * loaded module using the MIT Kerberos pwqual plugin interface.
7 * Written by Greg Hudson <ghudson@mit.edu>
8 * Copyright 2010 the Massachusetts Institute of Technology
10 * The Board of Trustees of the Leland Stanford Junior University
12 * See LICENSE for licensing terms.
16 #include <portable/krb5.h>
17 #include <portable/system.h>
20 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
21 # include <krb5/pwqual_plugin.h>
24 #include <plugin/api.h>
25 #include <util/macros.h>
27 /* Skip this entire file if building with Heimdal or pre-1.9 MIT. */
28 #ifdef HAVE_KRB5_PWQUAL_PLUGIN_H
30 /* Prototype for the public interface. */
31 krb5_error_code pwqual_strength_initvt(krb5_context, int, int,
36 * Initialize the library. We can't just call pwcheck_init, since currently
37 * kadmind doesn't tell us the dictionary path. So first look up where the
38 * dictionary is, and then call pwcheck_init.
40 static krb5_error_code
41 init(krb5_context context, const char *dict_file, krb5_pwqual_moddata *data)
45 if (pwcheck_init(&d, dict_file) != 0) {
46 krb5_set_error_message(context, errno, "Cannot initialize strength"
47 " checking with dictionary %s: %s", dict_file,
57 * Check the password. We need to transform the principal passed us by kadmind
58 * into a string for our check.
60 static krb5_error_code
61 check(krb5_context context, krb5_pwqual_moddata data, const char *password,
62 const char *policy_name UNUSED, krb5_principal princ,
63 const char **languages UNUSED)
66 krb5_error_code status;
69 status = krb5_unparse_name(context, princ, &name);
72 status = pwcheck_check(data, password, name, message, sizeof(message));
74 krb5_set_error_message(context, status, "%s", message);
75 krb5_free_unparsed_name(context, name);
81 * Shut down the library.
84 fini(krb5_context context UNUSED, krb5_pwqual_moddata data)
91 * The public symbol that MIT Kerberos looks for. Builds and returns the
95 pwqual_strength_initvt(krb5_context context UNUSED, int maj_ver,
96 int min_ver UNUSED, krb5_plugin_vtable vtable)
98 krb5_pwqual_vtable vt;
101 return KRB5_PLUGIN_VER_NOTSUPP;
102 vt = (krb5_pwqual_vtable)vtable;
103 vt->name = "krb5-strength";
110 #endif /* HAVE_KRB5_PWQUAL_PLUGIN_H */