* or end, two characters removed from the start, two from the end, or one
* character from both start and end.
*
- * Written by Russ Allbery <rra@stanford.edu>
+ * Written by Russ Allbery <eagle@eyrie.org>
* Copyright 2013
* The Board of Trustees of the Leland Stanford Junior University
*
- * See LICENSE for licensing terms.
+ * SPDX-License-Identifier: MIT
*/
#include <config.h>
#include <portable/system.h>
#ifdef HAVE_CDB_H
-# include <cdb.h>
+# include <cdb.h>
#endif
#include <errno.h>
#include <fcntl.h>
* Stub for strength_init_cdb if not built with CDB support.
*/
#ifndef HAVE_CDB
-static krb5_error_code
-strength_init_cdb(krb5_context ctx, krb5_pwqual_moddata data UNUSED,
- const char *database UNUSED)
+krb5_error_code
+strength_init_cdb(krb5_context ctx, krb5_pwqual_moddata data UNUSED)
{
char *path = NULL;
if (path == NULL)
return 0;
free(path);
- krb5_set_error_message(ctx, KADM5_BAD_SERVER_PARAMS, "CDB dictionary"
- " requested but not built with CDB support");
+ krb5_set_error_message(ctx, KADM5_BAD_SERVER_PARAMS,
+ "CDB dictionary requested but not built with CDB"
+ " support");
return KADM5_BAD_SERVER_PARAMS;
}
#endif
/* Skip the rest of this file if CDB is not available. */
#ifdef HAVE_CDB
-/*
- * Macro used to make password checks more readable. Assumes that the found
- * and fail labels are available for the abort cases of finding a password or
- * failing to look it up.
- */
-# define CHECK_PASSWORD(ctx, data, password) \
- do { \
- code = in_cdb_dictionary(ctx, data, password, &found); \
- if (code != 0) \
- goto fail; \
- if (found) \
- goto found; \
- } while (0)
-
-
/*
* Look up a password in CDB and set the found parameter to true if it is
* found, false otherwise. Returns a Kerberos status code, which will be 0 on
int status;
*found = false;
- status = cdb_find(&data->cdb, password, strlen(password));
+ status = cdb_find(&data->cdb, password, (unsigned int) strlen(password));
if (status < 0)
return strength_error_system(ctx, "cannot query CDB database");
else {
}
+/*
+ * Macro used to make password checks more readable. Assumes that the found
+ * and fail labels are available for the abort cases of finding a password or
+ * failing to look it up.
+ */
+# define CHECK_PASSWORD(ctx, data, password) \
+ do { \
+ code = in_cdb_dictionary(ctx, data, password, &found); \
+ if (code != 0) \
+ goto fail; \
+ if (found) \
+ goto found; \
+ } while (0)
+
+
/*
* Given a password, try the various transformations that we want to apply and
* check for each of them in the dictionary. Returns a Kerberos status code,