1  /*
 2   * Copyright (c) 1999 Kungliga Tekniska Högskolan
 3   * (Royal Institute of Technology, Stockholm, Sweden).
 4   * All rights reserved.
 5   *
 6   * Redistribution and use in source and binary forms, with or without
 7   * modification, are permitted provided that the following conditions
 8   * are met:
 9   *
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   *
13   * 2. Redistributions in binary form must reproduce the above copyright
14   *    notice, this list of conditions and the following disclaimer in the
15   *    documentation and/or other materials provided with the distribution.
16   *
17   * 3. Neither the name of KTH nor the names of its contributors may be
18   *    used to endorse or promote products derived from this software without
19   *    specific prior written permission.
20   *
21   * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22   * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24   * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28   * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29   * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30   * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32  
33  /* $Id$ */
34  
35  #include <string.h>
36  #include <stdlib.h>
37  #include <krb5.h>
38  
39  const char* check_length(krb5_context, krb5_principal, krb5_data *);
40  
41  /* specify the api-version this library conforms to */
42  
43  int version = 0;
44  
45  /* just check the length of the password, this is what the default
46     check does, but this lets you specify the minimum length in
47     krb5.conf */
48  const char*
49  check_length(krb5_context context,
50               krb5_principal prinipal,
51               krb5_data *password)
52  {
53      int min_length = krb5_config_get_int_default(context, NULL, 6,
54  						 "password_quality",
55  						 "min_length",
56  						 NULL);
57      if(password->length < min_length)
58  	return "Password too short";
59      return NULL;
60  }
61  
62  #ifdef DICTPATH
63  
64  /* use cracklib to check password quality; this requires a patch for
65     cracklib that can be found at
66     ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch */
67  
68  const char*
69  check_cracklib(krb5_context context,
70  	       krb5_principal principal,
71  	       krb5_data *password)
72  {
73      char *s = malloc(password->length + 1);
74      char *msg;
75      char *strings[2];
76      if(s == NULL)
77  	return NULL; /* XXX */
78      strings[0] = principal->name.name_string.val[0]; /* XXX */
79      strings[1] = NULL;
80      memcpy(s, password->data, password->length);
81      s[password->length] = '\0';
82      msg = FascistCheck(s, DICTPATH, strings);
83      memset(s, 0, password->length);
84      free(s);
85      return msg;
86  }
87  #endif