1/* $NetBSD: sample_passwd_check.c,v 1.2 2017/01/28 21:31:49 christos Exp $ */ 2 3/* 4 * Copyright (c) 1999 Kungliga Tekniska H��gskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of KTH nor the names of its contributors may be 20 * used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 24 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 30 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 31 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 32 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 33 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 34 35/* Id */ 36 37#include <string.h> 38#include <stdlib.h> 39#include <krb5/krb5.h> 40 41const char* check_length(krb5_context, krb5_principal, krb5_data *); 42 43/* specify the api-version this library conforms to */ 44 45int version = 0; 46 47/* just check the length of the password, this is what the default 48 check does, but this lets you specify the minimum length in 49 krb5.conf */ 50const char* 51check_length(krb5_context context, 52 krb5_principal prinipal, 53 krb5_data *password) 54{ 55 int min_length = krb5_config_get_int_default(context, NULL, 6, 56 "password_quality", 57 "min_length", 58 NULL); 59 if(password->length < min_length) 60 return "Password too short"; 61 return NULL; 62} 63 64#ifdef DICTPATH 65 66/* use cracklib to check password quality; this requires a patch for 67 cracklib that can be found at 68 ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */ 69 70const char* 71check_cracklib(krb5_context context, 72 krb5_principal principal, 73 krb5_data *password) 74{ 75 char *s = malloc(password->length + 1); 76 char *msg; 77 char *strings[2]; 78 if(s == NULL) 79 return NULL; /* XXX */ 80 strings[0] = principal->name.name_string.val[0]; /* XXX */ 81 strings[1] = NULL; 82 memcpy(s, password->data, password->length); 83 s[password->length] = '\0'; 84 msg = FascistCheck(s, DICTPATH, strings); 85 memset(s, 0, password->length); 86 free(s); 87 return msg; 88} 89#endif 90