svn rev #24108: branches/plugins/src/ config/ config-files/ lib/kadm5/srv/ lib/krb5/ ...
tsitkova@MIT.EDU
tsitkova at MIT.EDU
Fri May 28 10:58:08 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24108
Commit By: tsitkova
Log Message:
Introduced a new static plugin - password quality validator. It is based on the old/existing built-in pwd verification functionality. ( for proof of the concept and demonstration purposes)
Changed Files:
U branches/plugins/src/Makefile.in
U branches/plugins/src/config/pre.in
U branches/plugins/src/config-files/krb5.conf
U branches/plugins/src/configure.in
U branches/plugins/src/lib/kadm5/srv/Makefile.in
U branches/plugins/src/lib/kadm5/srv/libkadm5srv_mit.exports
D branches/plugins/src/lib/kadm5/srv/server_dict.c
U branches/plugins/src/lib/kadm5/srv/server_init.c
U branches/plugins/src/lib/kadm5/srv/server_misc.c
U branches/plugins/src/lib/krb5/Makefile.in
U branches/plugins/src/lib/krb5/krb/Makefile.in
U branches/plugins/src/plugin_core/Makefile.in
U branches/plugins/src/plugin_core/impl/Makefile.in
U branches/plugins/src/plugin_core/impl/plugin_default_factory.c
U branches/plugins/src/plugin_core/impl/plugin_default_factory.h
A branches/plugins/src/plugins/pwd_qlty/
A branches/plugins/src/plugins/pwd_qlty/Makefile.in
A branches/plugins/src/plugins/pwd_qlty/deps
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.c
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.h
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/Makefile.in
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/deps
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.c
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.h
A branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/server_dict.c
Modified: branches/plugins/src/Makefile.in
===================================================================
--- branches/plugins/src/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -7,8 +7,9 @@
# plugins/preauth/wpse
# plugins/preauth/cksum_body
# plugins/authdata/greet
-SUBDIRS=util include plugin_core plugin_core/impl plugins/prng \
+SUBDIRS=util include plugin_core plugin_core/impl \
plugins/pa plugins/pa/encrypted_challenge \
+ plugins/pwd_qlty plugins/pwd_qlty/plugin_pwd_qlty_krb \
lib \
@ldap_plugin_dir@ \
plugins/kdb/db2 \
@@ -19,7 +20,6 @@
BUILDTOP=$(REL)$(C)
LOCALINCLUDES = -I$(srcdir)
-# plugins/prng/plugin_yarrow
SRCS =
HDRS =
Modified: branches/plugins/src/config/pre.in
===================================================================
--- branches/plugins/src/config/pre.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/config/pre.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -326,6 +326,7 @@
CRYPTO_DEPLIB = $(TOPLIBD)/libk5crypto$(DEPLIBEXT)
PLUGIN_CORE_DEPLIB = $(TOPLIBD)/../plugin_core/libplugin_core$(DEPLIBEXT)
PLUGIN_PRNG_DEPLIB = $(TOPLIBD)/../plugins/prng/libplugin_prng.a
+PLUGIN_PWD_QLTY_DEPLIB = $(TOPLIBD)/../plugins/pwd_qlty/libplugin_pwd_qlty.a
LIBS_PROFILE = $(TOPLIBD)/../util/profile/libprofile$(DEPLIBEXT)
COM_ERR_DEPLIB = $(COM_ERR_DEPLIB- at COM_ERR_VERSION@)
COM_ERR_DEPLIB-sys = # empty
@@ -340,7 +341,7 @@
SS_DEPLIB-sys =
APPUTILS_DEPLIB = $(TOPLIBD)/libapputils.a
-KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(PLUGIN_CORE_DEPLIB) $(LIBS_PROFILE) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) $(PLUGIN_PRNG_DEPLIB)
+KRB5_BASE_DEPLIBS = $(KRB5_DEPLIB) $(PLUGIN_CORE_DEPLIB) $(LIBS_PROFILE) $(CRYPTO_DEPLIB) $(COM_ERR_DEPLIB) $(SUPPORT_DEPLIB) $(PLUGIN_PWD_QLTY_DEPLIB)
KDB5_DEPLIBS = $(KDB5_DEPLIB) $(KDB5_PLUGIN_DEPLIBS)
GSS_DEPLIBS = $(GSS_DEPLIB)
GSSRPC_DEPLIBS = $(GSSRPC_DEPLIB) $(GSS_DEPLIBS)
@@ -382,7 +383,7 @@
# HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@
-KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) $(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB) $(PLUGIN_PRNG_DEPLIB)
+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) $(LIBS_PROFILE) $(PLUGIN_CORE_DEPLIB) $(PLUGIN_PWD_QLTY_DEPLIB)
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X!
Modified: branches/plugins/src/config-files/krb5.conf
===================================================================
--- branches/plugins/src/config-files/krb5.conf 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/config-files/krb5.conf 2010-05-28 14:58:08 UTC (rev 24108)
@@ -38,4 +38,10 @@
plugin_name = plugin_encrypted_challenge_pa
plugin_type = service
}
+ plugin_pwd_qlty = {
+ plugin_factory_name = plugin_default_factory
+ plugin_factory_type = static
+ plugin_name = plugin_pwd_qlty_krb
+ plugin_type = service
+ }
Modified: branches/plugins/src/configure.in
===================================================================
--- branches/plugins/src/configure.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/configure.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -1116,7 +1116,8 @@
plugins/authdata/greet_client
plugins/authdata/greet_server
- plugins/prng
+ plugins/pwd_qlty
+ plugins/pwd_qlty/plugin_pwd_qlty_krb
plugin_core/impl
plugins/pa
plugins/pa/encrypted_challenge
Modified: branches/plugins/src/lib/kadm5/srv/Makefile.in
===================================================================
--- branches/plugins/src/lib/kadm5/srv/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/kadm5/srv/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -1,8 +1,10 @@
mydir=lib/kadm5/srv
BUILDTOP=$(REL)..$(S)..$(S)..
LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 \
- -I$(top_srcdir)/lib/gssapi/krb5 -I$(top_srcdir)/lib/gssapi/generic \
- -I$(BUILDTOP)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic
+ -I$(top_srcdir)/lib/gssapi/krb5 -I$(top_srcdir)/lib/gssapi/generic \
+ -I$(BUILDTOP)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic \
+ -I$(BUILDTOP)/plugin_core/ -I$(BUILDTOP)/../../../plugin_core/impl \
+ -I$(BUILDTOP)/plugins/pwd_qlty/
DEFINES = @HESIOD_DEFS@
DEFS=
@@ -22,7 +24,8 @@
$(TOPLIBD)/libk5crypto$(SHLIBEXT) \
$(COM_ERR_DEPLIB) $(SUPPORT_LIBDEP)
SHLIB_EXPLIBS = -lgssrpc -lgssapi_krb5 -lkdb5 $(KDB5_DB_LIB) \
- -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err @GEN_LIB@
+ -lkrb5 -lk5crypto $(SUPPORT_LIB) -lcom_err \
+ $(PLUGIN_CORE_DEPLIB) $(PLUGIN_PWD_QLTY_DEPLIB) @GEN_LIB@
SHLIB_DIRS=-L$(TOPLIBD)
SHLIB_RDIRS=$(KRB5_LIBDIR)
RELDIR=kadm5/srv
@@ -33,7 +36,6 @@
$(srcdir)/server_kdb.c \
$(srcdir)/server_misc.c \
$(srcdir)/server_init.c \
- $(srcdir)/server_dict.c \
$(srcdir)/svr_iters.c \
$(srcdir)/svr_chpass_util.c \
$(srcdir)/adb_xdr.c
@@ -44,7 +46,6 @@
server_kdb.$(OBJEXT) \
server_misc.$(OBJEXT) \
server_init.$(OBJEXT) \
- server_dict.$(OBJEXT) \
svr_iters.$(OBJEXT) \
svr_chpass_util.$(OBJEXT) \
adb_xdr.$(OBJEXT)
@@ -56,7 +57,6 @@
server_kdb.o \
server_misc.o \
server_init.o \
- server_dict.o \
svr_iters.o \
svr_chpass_util.o \
adb_xdr.o
Modified: branches/plugins/src/lib/kadm5/srv/libkadm5srv_mit.exports
===================================================================
--- branches/plugins/src/lib/kadm5/srv/libkadm5srv_mit.exports 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/kadm5/srv/libkadm5srv_mit.exports 2010-05-28 14:58:08 UTC (rev 24108)
@@ -7,10 +7,7 @@
kadm5int_acl_init
adb_policy_close
adb_policy_init
-destroy_dict
-find_word
hist_princ
-init_dict
kadm5_set_use_password_server
kadm5_chpass_principal
kadm5_chpass_principal_3
Modified: branches/plugins/src/lib/kadm5/srv/server_init.c
===================================================================
--- branches/plugins/src/lib/kadm5/srv/server_init.c 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/kadm5/srv/server_init.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -316,7 +316,8 @@
free(handle);
return ret;
}
-
+#if 0
+// Should happen in plugin
ret = init_dict(&handle->params);
if (ret) {
krb5_db_fini(handle->context);
@@ -325,7 +326,9 @@
free(handle);
return ret;
}
+#endif
+
*server_handle = (void *) handle;
return KADM5_OK;
@@ -337,8 +340,10 @@
CHECK_HANDLE(server_handle);
+#if 0
+// Should happen in plugin
destroy_dict();
-
+#endif
adb_policy_close(handle);
krb5_db_fini(handle->context);
krb5_free_principal(handle->context, handle->current_caller);
Modified: branches/plugins/src/lib/kadm5/srv/server_misc.c
===================================================================
--- branches/plugins/src/lib/kadm5/srv/server_misc.c 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/kadm5/srv/server_misc.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -19,6 +19,10 @@
#include "server_internal.h"
+#include <plugin_manager.h>
+#include <plugin_pwd_qlty.h>
+
+
kadm5_ret_t
adb_policy_init(kadm5_server_handle_t handle)
{
@@ -37,147 +41,19 @@
return KADM5_OK;
}
-#ifdef HESIOD
-/* stolen from v4sever/kadm_funcs.c */
-static char *
-reverse(str)
- char *str;
-{
- static char newstr[80];
- char *p, *q;
- int i;
-
- i = strlen(str);
- if (i >= sizeof(newstr))
- i = sizeof(newstr)-1;
- p = str+i-1;
- q = newstr;
- q[i]='\0';
- for(; i > 0; i--)
- *q++ = *p--;
-
- return(newstr);
-}
-#endif /* HESIOD */
-
-#if 0
-static int
-lower(str)
- char *str;
-{
- register char *cp;
- int effect=0;
-
- for (cp = str; *cp; cp++) {
- if (isupper(*cp)) {
- *cp = tolower(*cp);
- effect++;
- }
- }
- return(effect);
-}
-#endif
-
-#ifdef HESIOD
-static int
-str_check_gecos(gecos, pwstr)
- char *gecos;
- char *pwstr;
-{
- char *cp, *ncp, *tcp;
-
- for (cp = gecos; *cp; ) {
- /* Skip past punctuation */
- for (; *cp; cp++)
- if (isalnum(*cp))
- break;
- /* Skip to the end of the word */
- for (ncp = cp; *ncp; ncp++)
- if (!isalnum(*ncp) && *ncp != '\'')
- break;
- /* Delimit end of word */
- if (*ncp)
- *ncp++ = '\0';
- /* Check word to see if it's the password */
- if (*cp) {
- if (!strcasecmp(pwstr, cp))
- return 1;
- tcp = reverse(cp);
- if (!strcasecmp(pwstr, tcp))
- return 1;
- cp = ncp;
- } else
- break;
- }
- return 0;
-}
-#endif /* HESIOD */
-
/* some of this is stolen from gatekeeper ... */
+/* passwd_check - returns KADM5_OK if password passes the validation.*/
kadm5_ret_t
-passwd_check(kadm5_server_handle_t handle,
+passwd_check(kadm5_server_handle_t srv_handle,
char *password, int use_policy, kadm5_policy_ent_t pol,
krb5_principal principal)
{
- int nupper = 0,
- nlower = 0,
- ndigit = 0,
- npunct = 0,
- nspec = 0;
- char c, *s, *cp;
-#ifdef HESIOD
- extern struct passwd *hes_getpwnam();
- struct passwd *ent;
-#endif
- if(use_policy) {
- if(strlen(password) < pol->pw_min_length)
- return KADM5_PASS_Q_TOOSHORT;
- s = password;
- while ((c = *s++)) {
- if (islower((unsigned char) c)) {
- nlower = 1;
- continue;
- }
- else if (isupper((unsigned char) c)) {
- nupper = 1;
- continue;
- } else if (isdigit((unsigned char) c)) {
- ndigit = 1;
- continue;
- } else if (ispunct((unsigned char) c)) {
- npunct = 1;
- continue;
- } else {
- nspec = 1;
- continue;
- }
- }
- if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes)
- return KADM5_PASS_Q_CLASS;
- if((find_word(password) == KADM5_OK))
- return KADM5_PASS_Q_DICT;
- else {
- int i, n = krb5_princ_size(handle->context, principal);
- cp = krb5_princ_realm(handle->context, principal)->data;
- if (strcasecmp(cp, password) == 0)
- return KADM5_PASS_Q_DICT;
- for (i = 0; i < n ; i++) {
- cp = krb5_princ_component(handle->context, principal, i)->data;
- if (strcasecmp(cp, password) == 0)
- return KADM5_PASS_Q_DICT;
-#ifdef HESIOD
- ent = hes_getpwnam(cp);
- if (ent && ent->pw_gecos)
- if (str_check_gecos(ent->pw_gecos, password))
- return KADM5_PASS_Q_DICT; /* XXX new error code? */
-#endif
- }
- return KADM5_OK;
- }
- } else {
- if (strlen(password) < 1)
- return KADM5_PASS_Q_TOOSHORT;
- }
- return KADM5_OK;
+ int ret = 0;
+
+ plhandle plugin_handle = plugin_manager_get_service(srv_handle->context->pl_handle, "plugin_pwd_qlty");
+
+ ret = plugin_pwd_qlty_check(plugin_handle, srv_handle, password, use_policy, pol, principal);
+
+ return ret;
}
Modified: branches/plugins/src/lib/krb5/Makefile.in
===================================================================
--- branches/plugins/src/lib/krb5/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/krb5/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -9,7 +9,8 @@
PLUGINS_LIBS = \
../../plugin_core/impl/libplugin_impl.a $(PLUGIN_CORE_DEPLIB) \
- ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a
+ ../../plugins/pa/encrypted_challenge/libencrypted_challenge.a \
+ ../../plugins/pwd_qlty/plugin_pwd_qlty_krb/libplugin_pwd_qlty_krb.a
##DOSBUILDTOP = ..\..
Modified: branches/plugins/src/lib/krb5/krb/Makefile.in
===================================================================
--- branches/plugins/src/lib/krb5/krb/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/lib/krb5/krb/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -13,9 +13,7 @@
##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst
PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libencrypted_challenge.a
-# PLUGINS_LIBS = $(srcdir)/../../libplugin_impl.a $(srcdir)/../../libplugin_yarrow.a $(srcdir)/../../libencrypted_challenge.a
-
STLIBOBJS= \
addr_comp.o \
addr_order.o \
Modified: branches/plugins/src/plugin_core/Makefile.in
===================================================================
--- branches/plugins/src/plugin_core/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/plugin_core/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -5,7 +5,7 @@
PROG_RPATH=$(KRB5_LIBDIR)
DEFS=
-LOCALINCLUDES = -I$(srcdir)/../include/krb5 -I$(srcdir)/. -I$(srcdir)/../plugins/prng -I$(srcdir)/../util/profile
+LOCALINCLUDES = -I$(srcdir)/../include/krb5 -I$(srcdir)/. -I$(srcdir)/../plugins/pwd_qlty -I$(srcdir)/../util/profile
LIBBASE= plugin_core
LIBMAJOR=0
Modified: branches/plugins/src/plugin_core/impl/Makefile.in
===================================================================
--- branches/plugins/src/plugin_core/impl/Makefile.in 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/plugin_core/impl/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -6,9 +6,9 @@
DEFS=
LOCALINCLUDES = -I$(srcdir)/../../include/krb5 -I$(srcdir)/. \
- -I$(srcdir)/../../plugins/prng \
+ -I$(srcdir)/../../plugins/pwd_qlty -I$(srcdir)/../../plugins/pwd_qlty/plugin_pwd_qlty_krb \
-I$(srcdir)/../../plugins/pa -I$(srcdir)/../../plugins/pa/encrypted_challenge \
- -I$(srcdir)/..
+ -I$(srcdir)/.. -I$(srcdir)/../../lib/kadm5
LIBBASE=plugin_impl
@@ -18,12 +18,9 @@
STOBJLISTS=OBJS.ST
-LIBS_UTILS = ../plugin_core$(SO_EXT)
+LIBS_UTILS = ../plugin_core$(SO_EXT) \
+ ../../plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl$(SO_EXT)
-# ../../plugins/prng/plugin_yarrow/plugin_prng_impl$(SO_EXT) \
-# ../../plugins/prng/plugin_yarrow/ycipher$(SO_EXT) \
-# ../../plugins/prng/plugin_yarrow/yarrow$(SO_EXT)
-
SHLIB_EXPLIBS= $(LIBS_UTILS) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
all-unix:: all-liblinks
Modified: branches/plugins/src/plugin_core/impl/plugin_default_factory.c
===================================================================
--- branches/plugins/src/plugin_core/impl/plugin_default_factory.c 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/plugin_core/impl/plugin_default_factory.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -10,12 +10,14 @@
#include "plugin_factory.h"
//#include "plugin_prng_impl.h"
#include "plugin_pa_impl.h"
+#include "plugin_pwd_qlty_impl.h"
#include "plugin_default_factory.h"
static plugin_factory* _default_factory_instance = NULL;
static plugin_descr plugin_default_factory_table[] = {
// {"plugin_yarrow_prng", plugin_yarrow_prng_create},
+ {"plugin_pwd_qlty_krb", plugin_pwd_qlty_krb_create},
{"plugin_encrypted_challenge_pa", plugin_encrypted_challenge_pa_create},
{"plugin_ldap_audit", NULL},
{NULL,NULL}
Modified: branches/plugins/src/plugin_core/impl/plugin_default_factory.h
===================================================================
--- branches/plugins/src/plugin_core/impl/plugin_default_factory.h 2010-05-28 14:38:37 UTC (rev 24107)
+++ branches/plugins/src/plugin_core/impl/plugin_default_factory.h 2010-05-28 14:58:08 UTC (rev 24108)
@@ -7,7 +7,7 @@
#define PLUGIN_DEFAULT_FACTORY_H_
#include <plugin_factory.h>
-//#include "plugin_prng_impl.h"
+#include "plugin_pwd_qlty_impl.h"
factory_handle plugin_default_factory_get_instance(void);
Added: branches/plugins/src/plugins/pwd_qlty/Makefile.in
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/Makefile.in (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,22 @@
+mydir=plugins/pwd_qlty
+BUILDTOP=$(REL)../..
+RELDIR=../plugins/pwd_qlty
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+DEFS=
+
+LOCALINCLUDES = -I../../include/krb5 -I. -I../../plugin_core -I../../lib/kadm5/
+
+LIBBASE=plugin_pwd_qlty
+
+STLIBOBJS= plugin_pwd_qlty.o
+SRCS= plugin_pwd_qlty.c
+STOBJLISTS=OBJS.ST
+
+all-unix:: all-liblinks
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+install-unix:: install-libs
+
+ at libpriv_frag@
+ at lib_frag@
+ at libobj_frag@
Added: branches/plugins/src/plugins/pwd_qlty/deps
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/deps (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/deps 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,15 @@
+#
+# Generated makefile dependencies follow.
+#
+plugin_pwd_qlty.so plugin_pwd_qlty.po $(OUTPRE)plugin_pwd_qlty.$(OBJEXT): \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugins/pwd_qlty/plugin_pwd_qlty.h \
+ $(top_srcdir)/plugin_core/plugin_manager.h \
+ $(top_srcdir)/plugin_core/plugin_factory.h \
+ $(top_srcdir)/lib/kadm5/admin.h \
+ plugin_pwd_qlty.c
+plugin_pwd_qlty_impl.so plugin_pwd_qlty_impl.po $(OUTPRE)plugin_pwd_qlty_impl.$(OBJEXT): \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/plugins/pwd_qlty/plugin_pwd_qlty_impl.h \
+ $(top_srcdir)/plugin_core/plugin_manager.h \
+ $(top_srcdir)/plugin_core/plugin_factory.h \
+ $(top_srcdir)/lib/kadm5/admin.h \
+ plugin_pwd_qlty_impl.c
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.c
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.c (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,35 @@
+/*
+ * plugin_pwd_qlty.c
+ *
+ */
+#include <plugin_manager.h>
+#include "plugin_pwd_qlty.h"
+
+kadm5_ret_t
+plugin_pwd_qlty_check(plhandle handle, kadm5_server_handle_t srv_handle,
+ char *password, int use_policy, kadm5_policy_ent_t pol,
+ krb5_principal principal)
+{
+ kadm5_ret_t ret = KADM5_OK;
+ plugin_pwd_qlty* api = (plugin_pwd_qlty*) handle.api;
+ ret = api->pwd_qlty_check(srv_handle, password, use_policy, pol, principal);
+
+ return ret;
+}
+
+
+kadm5_ret_t
+plugin_pwd_qlty_init(plhandle handle, kadm5_server_handle_t srv_handle)
+{
+ kadm5_ret_t ret = KADM5_OK;
+ plugin_pwd_qlty* api = (plugin_pwd_qlty*) handle.api;
+ ret = api->pwd_qlty_init(srv_handle);
+
+ return ret;
+}
+
+void
+plugin_pwd_qlty_cleanup(plhandle handle)
+{
+ return;
+}
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.h
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.h (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty.h 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,29 @@
+/*
+ * plugin_pwd_qlty.h
+ *
+ */
+
+#ifndef PLUGIN_PWD_QLTY_H_
+#define PLUGIN_PWD_QLTY_H_
+
+#include <plugin_manager.h>
+#include <k5-int.h>
+#include <admin.h>
+#include <server_internal.h>
+
+/* PWD_QLTY API */
+typedef struct {
+ int version;
+ kadm5_ret_t (*pwd_qlty_init)(kadm5_server_handle_t);
+ void (*pwd_qlty_cleanup)();
+ kadm5_ret_t (*pwd_qlty_check)(kadm5_server_handle_t, char*,
+ int, kadm5_policy_ent_t, krb5_principal);
+} plugin_pwd_qlty;
+
+/* Utility functions */
+kadm5_ret_t plugin_pwd_qlty_init(plhandle, kadm5_server_handle_t);
+void plugin_pwd_qlty_cleanup(plhandle);
+kadm5_ret_t plugin_pwd_qlty_check(plhandle, kadm5_server_handle_t, char*,
+ int, kadm5_policy_ent_t, krb5_principal);
+
+#endif /* PLUGIN_PWD_QLTY_H_ */
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/Makefile.in
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/Makefile.in (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/Makefile.in 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,25 @@
+mydir=plugins/pwd_qlty/plugin_pwd_qlty_krb
+BUILDTOP=$(REL)../../..
+RELDIR=../plugins/pwd_qlty/plugin_pwd_qlty_krb
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+DEFS=
+
+LOCALINCLUDES = -I../../../include/krb5 -I. -I../../../plugin_core -I.. -I$(srcdir)/.. \
+ -I../../../lib/kadm5
+
+LIBBASE=plugin_pwd_qlty_krb
+
+STLIBOBJS= plugin_pwd_qlty_impl.o server_dict.o
+SRCS= $(srcdir)/plugin_pwd_qlty_impl.c $(srcdir)/server_dict.c
+
+STOBJLISTS=OBJS.ST
+
+all-unix:: all-liblinks
+clean-unix:: clean-liblinks clean-libs clean-libobjs
+install-unix:: install-libs
+
+
+ at libpriv_frag@
+ at lib_frag@
+ at libobj_frag@
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/deps
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/deps (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/deps 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,11 @@
+#
+# Generated makefile dependencies follow.
+#
+plugin_pwd_qlty_impl.so plugin_pwd_qlty_impl.po $(OUTPRE)plugin_pwd_qlty_impl.$(OBJEXT): \
+ $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) \
+ $(top_srcdir)/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.h \
+ $(top_srcdir)/lib/kadm5/admin.h \
+ $(top_srcdir)/plugin_core/plugin_manager.h \
+ $(top_srcdir)/plugin_core/plugin_factory.h \
+ plugin_pwd_qlty_impl.c
+
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.c
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.c (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,166 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#include "k5-int.h"
+
+#include <plugin_manager.h>
+#include <plugin_pwd_qlty.h>
+#include "plugin_pwd_qlty_impl.h"
+#include <string.h>
+#include <ctype.h>
+
+
+#ifdef HESIOD
+/* stolen from v4sever/kadm_funcs.c */
+static char *
+reverse(str)
+ char *str;
+{
+ static char newstr[80];
+ char *p, *q;
+ int i;
+
+ i = strlen(str);
+ if (i >= sizeof(newstr))
+ i = sizeof(newstr)-1;
+ p = str+i-1;
+ q = newstr;
+ q[i]='\0';
+ for(; i > 0; i--)
+ *q++ = *p--;
+
+ return(newstr);
+}
+
+static int
+str_check_gecos(gecos, pwstr)
+ char *gecos;
+ char *pwstr;
+{
+ char *cp, *ncp, *tcp;
+
+ for (cp = gecos; *cp; ) {
+ /* Skip past punctuation */
+ for (; *cp; cp++)
+ if (isalnum(*cp))
+ break;
+ /* Skip to the end of the word */
+ for (ncp = cp; *ncp; ncp++)
+ if (!isalnum(*ncp) && *ncp != '\'')
+ break;
+ /* Delimit end of word */
+ if (*ncp)
+ *ncp++ = '\0';
+ /* Check word to see if it's the password */
+ if (*cp) {
+ if (!strcasecmp(pwstr, cp))
+ return 1;
+ tcp = reverse(cp);
+ if (!strcasecmp(pwstr, tcp))
+ return 1;
+ cp = ncp;
+ } else
+ break;
+ }
+ return 0;
+}
+#endif /* HESIOD */
+
+
+static kadm5_ret_t
+_plugin_pwd_qlty_check(kadm5_server_handle_t srv_handle,
+ char *password, int use_policy, kadm5_policy_ent_t pol,
+ krb5_principal principal)
+{
+ int nupper = 0,
+ nlower = 0,
+ ndigit = 0,
+ npunct = 0,
+ nspec = 0;
+ char c, *s, *cp;
+
+#ifdef HESIOD
+ extern struct passwd *hes_getpwnam();
+ struct passwd *ent;
+#endif
+ if(use_policy) {
+ if(strlen(password) < (unsigned int)pol->pw_min_length)
+ return KADM5_PASS_Q_TOOSHORT;
+ s = password;
+ while ((c = *s++)) {
+ if (islower((unsigned char) c)) {
+ nlower = 1;
+ continue;
+ }
+ else if (isupper((unsigned char) c)) {
+ nupper = 1;
+ continue;
+ } else if (isdigit((unsigned char) c)) {
+ ndigit = 1;
+ continue;
+ } else if (ispunct((unsigned char) c)) {
+ npunct = 1;
+ continue;
+ } else {
+ nspec = 1;
+ continue;
+ }
+ }
+ if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes)
+ return KADM5_PASS_Q_CLASS;
+ if((find_word(password) == KADM5_OK))
+ return KADM5_PASS_Q_DICT;
+ else {
+ int i, n = krb5_princ_size(handle->context, principal);
+ cp = krb5_princ_realm(handle->context, principal)->data;
+ if (strcasecmp(cp, password) == 0)
+ return KADM5_PASS_Q_DICT;
+ for (i = 0; i < n ; i++) {
+ cp = krb5_princ_component(handle->context, principal, i)->data;
+ if (strcasecmp(cp, password) == 0)
+ return KADM5_PASS_Q_DICT;
+#ifdef HESIOD
+ ent = hes_getpwnam(cp);
+ if (ent && ent->pw_gecos)
+ if (str_check_gecos(ent->pw_gecos, password))
+ return KADM5_PASS_Q_DICT; /* XXX new error code? */
+#endif
+ }
+ return KADM5_OK;
+ }
+ } else {
+ if (strlen(password) < 1)
+ return KADM5_PASS_Q_TOOSHORT;
+ }
+ return KADM5_OK;
+
+}
+
+static kadm5_ret_t
+_plugin_pwd_qlty_init(kadm5_server_handle_t handle)
+{
+ init_dict(&handle->params);
+ return 0;
+}
+
+static void
+_plugin_pwd_qlty_clean()
+{
+ destroy_dict();
+ return;
+}
+
+plhandle
+plugin_pwd_qlty_krb_create()
+{
+ plhandle handle;
+ plugin_pwd_qlty* api = malloc(sizeof(plugin_pwd_qlty));
+
+ memset(api, 0, sizeof(plugin_pwd_qlty));
+ api->version = 1;
+ api->pwd_qlty_init = _plugin_pwd_qlty_init;
+ api->pwd_qlty_check = _plugin_pwd_qlty_check;
+ api->pwd_qlty_cleanup = _plugin_pwd_qlty_clean;
+ handle.api = api;
+
+ return handle;
+}
Added: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.h
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.h (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/plugin_pwd_qlty_impl.h 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,14 @@
+/*
+ * plugin_pwd_qlty_impl.h
+ *
+ */
+
+#ifndef PLUGIN_PWD_QLTY_IMPL_H_
+#define PLUGIN_PWD_QLTY_IMPL_H_
+
+#include <plugin_manager.h>
+#include <plugin_pwd_qlty.h>
+
+plhandle plugin_pwd_qlty_krb_create(void);
+
+#endif /* PLUGIN_PWD_QLTY_IMPL_H_ */
Copied: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/server_dict.c (from rev 24080, branches/plugins/src/lib/kadm5/srv/server_dict.c)
===================================================================
--- branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/server_dict.c (rev 0)
+++ branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/server_dict.c 2010-05-28 14:58:08 UTC (rev 24108)
@@ -0,0 +1,203 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
+ *
+ * $Header$
+ */
+
+#if !defined(lint) && !defined(__CODECENTER__)
+static char *rcsid = "$Header$";
+#endif
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <errno.h>
+#include <kadm5/admin.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef HAVE_MEMORY_H
+#include <memory.h>
+#endif
+#include "adm_proto.h"
+#include <syslog.h>
+#include "server_internal.h"
+#include "k5-platform.h"
+
+static char **word_list = NULL; /* list of word pointers */
+static char *word_block = NULL; /* actual word data */
+static unsigned int word_count = 0; /* number of words */
+
+
+/*
+ * Function: word_compare
+ *
+ * Purpose: compare two words in the dictionary.
+ *
+ * Arguments:
+ * w1 (input) pointer to first word
+ * w2 (input) pointer to second word
+ * <return value> result of strcmp
+ *
+ * Requires:
+ * w1 and w2 to point to valid memory
+ *
+ */
+
+static int
+word_compare(const void *s1, const void *s2)
+{
+ return (strcasecmp(*(const char **)s1, *(const char **)s2));
+}
+
+/*
+ * Function: init-dict
+ *
+ * Purpose: Initialize in memory word dictionary
+ *
+ * Arguments:
+ * none
+ * <return value> KADM5_OK on success errno on failure;
+ * (but success on ENOENT)
+ *
+ * Requires:
+ * If WORDFILE exists, it must contain a list of words,
+ * one word per-line.
+ *
+ * Effects:
+ * If WORDFILE exists, it is read into memory sorted for future
+ * use. If it does not exist, it syslogs an error message and returns
+ * success.
+ *
+ * Modifies:
+ * word_list to point to a chunck of allocated memory containing
+ * pointers to words
+ * word_block to contain the dictionary.
+ *
+ */
+
+int init_dict(kadm5_config_params *params)
+{
+ int fd,
+ len,
+ i;
+ char *p,
+ *t;
+ struct stat sb;
+
+ if(word_list != NULL && word_block != NULL)
+ return KADM5_OK;
+ if (! (params->mask & KADM5_CONFIG_DICT_FILE)) {
+ return KADM5_OK;
+ }
+ if ((fd = open(params->dict_file, O_RDONLY)) == -1) {
+ if (errno == ENOENT) {
+ return KADM5_OK;
+ } else
+ return errno;
+ }
+ set_cloexec_fd(fd);
+ if (fstat(fd, &sb) == -1) {
+ close(fd);
+ return errno;
+ }
+ if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL)
+ return ENOMEM;
+ if (read(fd, word_block, sb.st_size) != sb.st_size)
+ return errno;
+ (void) close(fd);
+ word_block[sb.st_size] = '\0';
+
+ p = word_block;
+ len = sb.st_size;
+ while(len > 0 && (t = memchr(p, '\n', len)) != NULL) {
+ *t = '\0';
+ len -= t - p + 1;
+ p = t + 1;
+ word_count++;
+ }
+ if ((word_list = (char **) malloc(word_count * sizeof(char *))) == NULL)
+ return ENOMEM;
+ p = word_block;
+ for (i = 0; i < word_count; i++) {
+ word_list[i] = p;
+ p += strlen(p) + 1;
+ }
+ qsort(word_list, word_count, sizeof(char *), word_compare);
+ return KADM5_OK;
+}
+
+/*
+ * Function: find_word
+ *
+ * Purpose: See if the specified word exists in the in-core dictionary
+ *
+ * Arguments:
+ * word (input) word to search for.
+ * <return value> WORD_NOT_FOUND if not in dictionary,
+ * KADM5_OK if if found word
+ * errno if init needs to be called and returns an
+ * error
+ *
+ * Requires:
+ * word to be a null terminated string.
+ * That word_list and word_block besetup
+ *
+ * Effects:
+ * finds word in dictionary.
+ * Modifies:
+ * nothing.
+ *
+ */
+
+int
+find_word(const char *word)
+{
+ char **value;
+
+ if(word_list == NULL || word_block == NULL)
+ return WORD_NOT_FOUND;
+ if ((value = (char **) bsearch(&word, word_list, word_count, sizeof(char *),
+ word_compare)) == NULL)
+ return WORD_NOT_FOUND;
+ else
+ return KADM5_OK;
+}
+
+/*
+ * Function: destroy_dict
+ *
+ * Purpose: destroy in-core copy of dictionary.
+ *
+ * Arguments:
+ * none
+ * <return value> none
+ * Requires:
+ * nothing
+ * Effects:
+ * frees up memory occupied by word_list and word_block
+ * sets count back to 0, and resets the pointers to NULL
+ *
+ * Modifies:
+ * word_list, word_block, and word_count.
+ *
+ */
+
+void
+destroy_dict(void)
+{
+ if(word_list) {
+ free(word_list);
+ word_list = NULL;
+ }
+ if(word_block) {
+ free(word_block);
+ word_block = NULL;
+ }
+ if(word_count)
+ word_count = 0;
+ return;
+}
Added: cvs2svn:cvs-rev
+ 1.7
Added: svn:mime-type
+ text/x-csrc
Added: svn:keywords
+ Author Date Id Revision
Added: svn:mergeinfo
+
Added: svn:eol-style
+ native
Property changes on: branches/plugins/src/plugins/pwd_qlty/plugin_pwd_qlty_krb/server_dict.c
___________________________________________________________________
More information about the cvs-krb5
mailing list