sample_passwd_check.c revision 178825
1178479Sjb/* 2178479Sjb * Copyright (c) 1999 Kungliga Tekniska H�gskolan 3178479Sjb * (Royal Institute of Technology, Stockholm, Sweden). 4178479Sjb * All rights reserved. 5178479Sjb * 6178479Sjb * Redistribution and use in source and binary forms, with or without 7178479Sjb * modification, are permitted provided that the following conditions 8178479Sjb * are met: 9178479Sjb * 10178479Sjb * 1. Redistributions of source code must retain the above copyright 11178479Sjb * notice, this list of conditions and the following disclaimer. 12178479Sjb * 13178479Sjb * 2. Redistributions in binary form must reproduce the above copyright 14178479Sjb * notice, this list of conditions and the following disclaimer in the 15178479Sjb * documentation and/or other materials provided with the distribution. 16178479Sjb * 17178479Sjb * 3. Neither the name of KTH nor the names of its contributors may be 18178479Sjb * used to endorse or promote products derived from this software without 19178479Sjb * specific prior written permission. 20178479Sjb * 21178479Sjb * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22178479Sjb * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23178479Sjb * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24178479Sjb * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25178479Sjb * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26178479Sjb * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27178479Sjb * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28178479Sjb * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29178479Sjb * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30249573Spfg * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31249573Spfg * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 32178479Sjb 33178479Sjb/* $Id: sample_passwd_check.c 21901 2007-08-10 06:05:35Z lha $ */ 34178479Sjb 35178479Sjb#include <string.h> 36178479Sjb#include <stdlib.h> 37178479Sjb#include <krb5.h> 38178479Sjb 39178479Sjbconst char* check_length(krb5_context, krb5_principal, krb5_data *); 40178479Sjb 41178479Sjb/* specify the api-version this library conforms to */ 42178479Sjb 43178479Sjbint version = 0; 44178479Sjb 45178479Sjb/* just check the length of the password, this is what the default 46178479Sjb check does, but this lets you specify the minimum length in 47178479Sjb krb5.conf */ 48178479Sjbconst char* 49178479Sjbcheck_length(krb5_context context, 50178479Sjb krb5_principal prinipal, 51178479Sjb krb5_data *password) 52178479Sjb{ 53178479Sjb int min_length = krb5_config_get_int_default(context, NULL, 6, 54178479Sjb "password_quality", 55178479Sjb "min_length", 56178479Sjb NULL); 57178479Sjb if(password->length < min_length) 58178479Sjb return "Password too short"; 59178479Sjb return NULL; 60178479Sjb} 61178479Sjb 62178479Sjb#ifdef DICTPATH 63178479Sjb 64178479Sjb/* use cracklib to check password quality; this requires a patch for 65178479Sjb cracklib that can be found at 66178479Sjb ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */ 67178479Sjb 68178479Sjbconst char* 69178479Sjbcheck_cracklib(krb5_context context, 70178479Sjb krb5_principal principal, 71178479Sjb krb5_data *password) 72178479Sjb{ 73178479Sjb char *s = malloc(password->length + 1); 74178479Sjb char *msg; 75178479Sjb char *strings[2]; 76178479Sjb if(s == NULL) 77178479Sjb return NULL; /* XXX */ 78178479Sjb strings[0] = principal->name.name_string.val[0]; /* XXX */ 79178479Sjb strings[1] = NULL; 80178479Sjb memcpy(s, password->data, password->length); 81178479Sjb s[password->length] = '\0'; 82178479Sjb msg = FascistCheck(s, DICTPATH, strings); 83178479Sjb memset(s, 0, password->length); 84178479Sjb free(s); 85178479Sjb return msg; 86178479Sjb} 87178479Sjb#endif 88178479Sjb