password_quality.c revision 55682 
1/*
2 * Copyright (c) 1997-1999 Kungliga Tekniska H�gskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 *    notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "kadm5_locl.h"
35
36RCSID("$Id: password_quality.c,v 1.3 1999/12/02 17:05:06 joda Exp $");
37
38#ifdef HAVE_DLFCN_H
39#include <dlfcn.h>
40#endif
41
42static const char *
43simple_passwd_quality (krb5_context context,
44		       krb5_principal principal,
45		       krb5_data *pwd)
46{
47    if (pwd->length < 6)
48	return "Password too short";
49    else
50	return NULL;
51}
52
53typedef const char* (*passwd_quality_check_func)(krb5_context,
54						 krb5_principal,
55						 krb5_data*);
56
57static passwd_quality_check_func passwd_quality_check = simple_passwd_quality;
58
59#ifdef HAVE_DLOPEN
60extern const char *check_library;
61extern const char *check_function;
62
63#define PASSWD_VERSION 0
64
65#endif
66
67/*
68 * setup the password quality hook
69 */
70
71void
72kadm5_setup_passwd_quality_check(krb5_context context,
73				 const char *check_library,
74				 const char *check_function)
75{
76#ifdef HAVE_DLOPEN
77    void *handle;
78    void *sym;
79    int *version;
80    int flags;
81    const char *tmp;
82
83#ifdef RTLD_NOW
84    flags = RTLD_NOW;
85#else
86    flags = 0;
87#endif
88
89    if(check_library == NULL) {
90	tmp = krb5_config_get_string(context, NULL,
91				     "password_quality",
92				     "check_library",
93				     NULL);
94	if(tmp != NULL)
95	    check_library = tmp;
96    }
97    if(check_function == NULL) {
98	tmp = krb5_config_get_string(context, NULL,
99				     "password_quality",
100				     "check_function",
101				     NULL);
102	if(tmp != NULL)
103	    check_function = tmp;
104    }
105    if(check_library != NULL && check_function == NULL)
106	check_function = "passwd_check";
107
108    if(check_library == NULL)
109	return;
110    handle = dlopen(check_library, flags);
111    if(handle == NULL) {
112	krb5_warnx(context, "failed to open `%s'", check_library);
113	return;
114    }
115    version = dlsym(handle, "version");
116    if(version == NULL) {
117	krb5_warnx(context,
118		   "didn't find `version' symbol in `%s'", check_library);
119	dlclose(handle);
120	return;
121    }
122    if(*version != PASSWD_VERSION) {
123	krb5_warnx(context,
124		   "version of loaded library is %d (expected %d)",
125		   *version, PASSWD_VERSION);
126	dlclose(handle);
127	return;
128    }
129    sym = dlsym(handle, check_function);
130    if(sym == NULL) {
131	krb5_warnx(context,
132		   "didn't find `%s' symbol in `%s'",
133		   check_function, check_library);
134	dlclose(handle);
135	return;
136    }
137    passwd_quality_check = (passwd_quality_check_func) sym;
138#endif /* HAVE_DLOPEN */
139}
140
141const char *
142kadm5_check_password_quality (krb5_context context,
143			      krb5_principal principal,
144			      krb5_data *pwd_data)
145{
146    return (*passwd_quality_check) (context, principal, pwd_data);
147}
148