diff options
Diffstat (limited to 'src/lib/kadm5')
-rw-r--r-- | src/lib/kadm5/kadm_err.et | 1 | ||||
-rw-r--r-- | src/lib/kadm5/srv/pwqual.c | 2 | ||||
-rw-r--r-- | src/lib/kadm5/srv/pwqual_dict.c | 2 | ||||
-rw-r--r-- | src/lib/kadm5/srv/pwqual_empty.c | 7 | ||||
-rw-r--r-- | src/lib/kadm5/srv/pwqual_hesiod.c | 10 | ||||
-rw-r--r-- | src/lib/kadm5/srv/pwqual_princ.c | 7 |
6 files changed, 18 insertions, 11 deletions
diff --git a/src/lib/kadm5/kadm_err.et b/src/lib/kadm5/kadm_err.et index a6086b1..5530cca 100644 --- a/src/lib/kadm5/kadm_err.et +++ b/src/lib/kadm5/kadm_err.et @@ -61,4 +61,5 @@ error_code KADM5_SETKEY3_ETYPE_MISMATCH, "Mismatched enctypes for setkey3" error_code KADM5_MISSING_KRB5_CONF_PARAMS, "Missing parameters in krb5.conf required for kadmin client" error_code KADM5_XDR_FAILURE, "XDR encoding error" error_code KADM5_CANT_RESOLVE, "Cannot resolve network address for admin server in requested realm" +error_code KADM5_PASS_Q_GENERIC, "Unspecified password quality failure" end diff --git a/src/lib/kadm5/srv/pwqual.c b/src/lib/kadm5/srv/pwqual.c index cc92612..646bfcb 100644 --- a/src/lib/kadm5/srv/pwqual.c +++ b/src/lib/kadm5/srv/pwqual.c @@ -111,5 +111,5 @@ k5_pwqual_check(krb5_context context, pwqual_handle handle, krb5_principal princ) { return handle->vt.check(context, handle->data, password, policy_name, - princ); + princ, NULL); } diff --git a/src/lib/kadm5/srv/pwqual_dict.c b/src/lib/kadm5/srv/pwqual_dict.c index 18892a0..2df9a8b 100644 --- a/src/lib/kadm5/srv/pwqual_dict.c +++ b/src/lib/kadm5/srv/pwqual_dict.c @@ -214,7 +214,7 @@ dict_open(krb5_context context, const char *dict_file, static krb5_error_code dict_check(krb5_context context, krb5_pwqual_moddata data, const char *password, const char *policy_name, - krb5_principal princ) + krb5_principal princ, const char **languages) { dict_moddata dict = (dict_moddata)data; diff --git a/src/lib/kadm5/srv/pwqual_empty.c b/src/lib/kadm5/srv/pwqual_empty.c index ba25502..df3505a 100644 --- a/src/lib/kadm5/srv/pwqual_empty.c +++ b/src/lib/kadm5/srv/pwqual_empty.c @@ -35,12 +35,15 @@ static krb5_error_code empty_check(krb5_context context, krb5_pwqual_moddata data, const char *password, const char *policy_name, - krb5_principal princ) + krb5_principal princ, const char **languages) { /* Unlike other built-in modules, this one operates even for principals * with no password policy. */ - if (*password == '\0') + if (*password == '\0') { + krb5_set_error_message(context, KADM5_PASS_Q_TOOSHORT, + "Empty passwords are not allowed"); return KADM5_PASS_Q_TOOSHORT; + } return 0; } diff --git a/src/lib/kadm5/srv/pwqual_hesiod.c b/src/lib/kadm5/srv/pwqual_hesiod.c index f8862a3..993992d 100644 --- a/src/lib/kadm5/srv/pwqual_hesiod.c +++ b/src/lib/kadm5/srv/pwqual_hesiod.c @@ -94,7 +94,7 @@ str_check_gecos(char *gecos, const char *pwstr) static krb5_error_code hesiod_check(krb5_context context, krb5_pwqual_moddata data, const char *password, const char *policy_name, - krb5_principal princ) + krb5_principal princ, const char **languages) { #ifdef HESIOD extern struct passwd *hes_getpwnam(); @@ -108,12 +108,12 @@ hesiod_check(krb5_context context, krb5_pwqual_moddata data, n = krb5_princ_size(handle->context, princ); for (i = 0; i < n; i++) { - cp = krb5_princ_component(handle->context, princ, i)->data; - if (strcasecmp(cp, password) == 0) - return KADM5_PASS_Q_DICT; ent = hes_getpwnam(cp); - if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) + if (ent && ent->pw_gecos && str_check_gecos(ent->pw_gecos, password)) { + krb5_set_error_message(context, KADM5_PASS_Q_DICT, + "Password maynot match user information."); return KADM5_PASS_Q_DICT; + } } #endif /* HESIOD */ return 0; diff --git a/src/lib/kadm5/srv/pwqual_princ.c b/src/lib/kadm5/srv/pwqual_princ.c index 06393a1..dfe5f20 100644 --- a/src/lib/kadm5/srv/pwqual_princ.c +++ b/src/lib/kadm5/srv/pwqual_princ.c @@ -35,7 +35,7 @@ static krb5_error_code princ_check(krb5_context context, krb5_pwqual_moddata data, const char *password, const char *policy_name, - krb5_principal princ) + krb5_principal princ, const char **languages) { int i, n; char *cp; @@ -51,8 +51,11 @@ princ_check(krb5_context context, krb5_pwqual_moddata data, return KADM5_PASS_Q_DICT; for (i = 0; i < n; i++) { cp = krb5_princ_component(handle->context, princ, i)->data; - if (strcasecmp(cp, password) == 0) + if (strcasecmp(cp, password) == 0) { + krb5_set_error_message(context, KADM5_PASS_Q_DICT, + "Password may not match principal name"); return KADM5_PASS_Q_DICT; + } } return 0; |