aboutsummaryrefslogtreecommitdiff
path: root/src/lib/kadm5
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/kadm5')
-rw-r--r--src/lib/kadm5/kadm_err.et1
-rw-r--r--src/lib/kadm5/srv/pwqual.c2
-rw-r--r--src/lib/kadm5/srv/pwqual_dict.c2
-rw-r--r--src/lib/kadm5/srv/pwqual_empty.c7
-rw-r--r--src/lib/kadm5/srv/pwqual_hesiod.c10
-rw-r--r--src/lib/kadm5/srv/pwqual_princ.c7
6 files changed, 18 insertions, 11 deletions
diff --git a/src/lib/kadm5/kadm_err.et b/src/lib/kadm5/kadm_err.et
index a6086b1..5530cca 100644
--- a/src/lib/kadm5/kadm_err.et
+++ b/src/lib/kadm5/kadm_err.et
@@ -61,4 +61,5 @@ error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3"
error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client"
error_code KADM5_XDR_FAILURE, "XDR encoding error"
error_code KADM5_CANT_RESOLVE, "Cannot resolve network address for admin server in requested realm"
+error_code KADM5_PASS_Q_GENERIC, "Unspecified password quality failure"
end
diff --git a/src/lib/kadm5/srv/pwqual.c b/src/lib/kadm5/srv/pwqual.c
index cc92612..646bfcb 100644
--- a/src/lib/kadm5/srv/pwqual.c
+++ b/src/lib/kadm5/srv/pwqual.c
@@ -111,5 +111,5 @@ k5_pwqual_check(krb5_context context, pwqual_handle handle,
krb5_principal princ)
{
return handle->vt.check(context, handle->data, password, policy_name,
- princ);
+ princ, NULL);
}
diff --git a/src/lib/kadm5/srv/pwqual_dict.c b/src/lib/kadm5/srv/pwqual_dict.c
index 18892a0..2df9a8b 100644
--- a/src/lib/kadm5/srv/pwqual_dict.c
+++ b/src/lib/kadm5/srv/pwqual_dict.c
@@ -214,7 +214,7 @@ dict_open(krb5_context context, const char *dict_file,
static krb5_error_code
dict_check(krb5_context context, krb5_pwqual_moddata data,
const char *password, const char *policy_name,
- krb5_principal princ)
+ krb5_principal princ, const char **languages)
{
dict_moddata dict = (dict_moddata)data;
diff --git a/src/lib/kadm5/srv/pwqual_empty.c b/src/lib/kadm5/srv/pwqual_empty.c
index ba25502..df3505a 100644
--- a/src/lib/kadm5/srv/pwqual_empty.c
+++ b/src/lib/kadm5/srv/pwqual_empty.c
@@ -35,12 +35,15 @@
static krb5_error_code
empty_check(krb5_context context, krb5_pwqual_moddata data,
const char *password, const char *policy_name,
- krb5_principal princ)
+ krb5_principal princ, const char **languages)
{
/* Unlike other built-in modules, this one operates even for principals
* with no password policy. */
- if (*password == '\0')
+ if (*password == '\0') {
+ krb5_set_error_message(context, KADM5_PASS_Q_TOOSHORT,
+ "Empty passwords are not allowed");
return KADM5_PASS_Q_TOOSHORT;
+ }
return 0;
}
diff --git a/src/lib/kadm5/srv/pwqual_hesiod.c b/src/lib/kadm5/srv/pwqual_hesiod.c
index f8862a3..993992d 100644
--- a/src/lib/kadm5/srv/pwqual_hesiod.c
+++ b/src/lib/kadm5/srv/pwqual_hesiod.c
@@ -94,7 +94,7 @@ str_check_gecos(char *gecos, const char *pwstr)
static krb5_error_code
hesiod_check(krb5_context context, krb5_pwqual_moddata data,
const char *password, const char *policy_name,
- krb5_principal princ)
+ krb5_principal princ, const char **languages)
{
#ifdef HESIOD
extern struct passwd *hes_getpwnam();
@@ -108,12 +108,12 @@ hesiod_check(krb5_context context, krb5_pwqual_moddata data,
n = krb5_princ_size(handle->context, princ);
for (i = 0; i < n; i++) {
- cp = krb5_princ_component(handle->context, princ, i)->data;
- if (strcasecmp(cp, password) == 0)
- return KADM5_PASS_Q_DICT;
ent = hes_getpwnam(cp);
- if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password))
+ if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) {
+ krb5_set_error_message(context, KADM5_PASS_Q_DICT,
+ "Password maynot match user information.");
return KADM5_PASS_Q_DICT;
+ }
}
#endif /* HESIOD */
return 0;
diff --git a/src/lib/kadm5/srv/pwqual_princ.c b/src/lib/kadm5/srv/pwqual_princ.c
index 06393a1..dfe5f20 100644
--- a/src/lib/kadm5/srv/pwqual_princ.c
+++ b/src/lib/kadm5/srv/pwqual_princ.c
@@ -35,7 +35,7 @@
static krb5_error_code
princ_check(krb5_context context, krb5_pwqual_moddata data,
const char *password, const char *policy_name,
- krb5_principal princ)
+ krb5_principal princ, const char **languages)
{
int i, n;
char *cp;
@@ -51,8 +51,11 @@ princ_check(krb5_context context, krb5_pwqual_moddata data,
return KADM5_PASS_Q_DICT;
for (i = 0; i < n; i++) {
cp = krb5_princ_component(handle->context, princ, i)->data;
- if (strcasecmp(cp, password) == 0)
+ if (strcasecmp(cp, password) == 0) {
+ krb5_set_error_message(context, KADM5_PASS_Q_DICT,
+ "Password may not match principal name");
return KADM5_PASS_Q_DICT;
+ }
}
return 0;
generated by cgit v1.1 at 2024-07-09 00:27:46 +0000