From 5921574969d3cbe9d19b3d48e94642e4b184069f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Fri, 15 Apr 2005 11:16:32 +0000 Subject: [PATCH] add verifier libraries with kadm5_add_passwd_quality_verifier git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14803 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kadmin/kadmin.c | 32 +++++++++++++++++++++++++++++--- kadmin/kadmind.c | 15 ++++++++++++++- kpasswd/kpasswdd.c | 16 +++++++++++++++- 3 files changed, 58 insertions(+), 5 deletions(-) diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c index abc1f526e..f9d265a6f 100644 --- a/kadmin/kadmin.c +++ b/kadmin/kadmin.c @@ -48,6 +48,9 @@ static char *admin_server; static int server_port = 0; static char *client_name; static char *keytab; +static char *check_library = NULL; +static char *check_function = NULL; +static getarg_strings policy_libraries = { 0, NULL }; static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, @@ -75,6 +78,14 @@ static struct getargs args[] = { "port to use", "port number" }, { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, +#ifdef HAVE_DLOPEN + { "check-library", 0, arg_string, &check_library, + "library to load password check function from", "library" }, + { "check-function", 0, arg_string, &check_function, + "password check function to load", "function" }, + { "policy-libraries", 0, arg_strings, &policy_libraries, + "password check function to load", "function" }, +#endif { "local", 'l', arg_flag, &local_flag, "local admin mode" }, { "help", 'h', arg_flag, &help_flag }, { "version", 'v', arg_flag, &version_flag } @@ -216,14 +227,29 @@ main(int argc, char **argv) conf.mask |= KADM5_CONFIG_STASH_FILE; } - if(local_flag) + if(local_flag) { + int i; + + kadm5_setup_passwd_quality_check (context, + check_library, check_function); + + for (i = 0; i < policy_libraries.num_strings; i++) { + ret = kadm5_add_passwd_quality_verifier(context, + policy_libraries.strings[i]); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + } + ret = kadm5_add_passwd_quality_verifier(context, NULL); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + ret = kadm5_s_init_with_password_ctx(context, KADM5_ADMIN_SERVICE, NULL, KADM5_ADMIN_SERVICE, &conf, 0, 0, &kadm_handle); - else if (ad_flag) { + } else if (ad_flag) { if (client_name == NULL) krb5_errx(context, 1, "keytab mode require principal name"); ret = kadm5_ad_init_with_password_ctx(context, @@ -266,7 +292,7 @@ main(int argc, char **argv) } else { while(!exit_seen) { ret = sl_command_loop(commands, "kadmin> ", NULL); - if(ret != 0) + if (ret != 0) exit_status = 1; } } diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c index 5ac01e7e7..c2bde6baa 100644 --- a/kadmin/kadmind.c +++ b/kadmin/kadmind.c @@ -37,6 +37,7 @@ RCSID("$Id$"); static char *check_library = NULL; static char *check_function = NULL; +static getarg_strings policy_libraries = { 0, NULL }; static char *config_file; static char *keytab_str = "HDB:"; static int help_flag; @@ -62,6 +63,8 @@ static struct getargs args[] = { "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, + { "policy-libraries", 0, arg_strings, &policy_libraries, + "password check function to load", "function" }, #endif { "debug", 'd', arg_flag, &debug_flag, "enable debugging" @@ -89,7 +92,7 @@ main(int argc, char **argv) krb5_error_code ret; char **files; int optind = 0; - int e; + int e, i; krb5_log_facility *logf; krb5_keytab keytab; @@ -142,6 +145,16 @@ main(int argc, char **argv) kadm5_setup_passwd_quality_check (context, check_library, check_function); + for (i = 0; i < policy_libraries.num_strings; i++) { + ret = kadm5_add_passwd_quality_verifier(context, + policy_libraries.strings[i]); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + } + ret = kadm5_add_passwd_quality_verifier(context, NULL); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + { int fd = 0; struct sockaddr_storage __ss; diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c index be1d5eb32..cb34e1add 100644 --- a/kpasswd/kpasswdd.c +++ b/kpasswd/kpasswdd.c @@ -670,6 +670,7 @@ sigterm(int sig) const char *check_library = NULL; const char *check_function = NULL; +static getarg_strings policy_libraries = { 0, NULL }; char *keytab_str = "HDB:"; char *realm_str; int version_flag; @@ -683,6 +684,8 @@ struct getargs args[] = { "library to load password check function from", "library" }, { "check-function", 0, arg_string, &check_function, "password check function to load", "function" }, + { "policy-libraries", 0, arg_strings, &policy_libraries, + "password check function to load", "function" }, #endif { "addresses", 0, arg_strings, &addresses_str, "addresses to listen on", "list of addresses" }, @@ -703,7 +706,7 @@ main (int argc, char **argv) krb5_keytab keytab; krb5_error_code ret; char **files; - int port; + int port, i; optind = krb5_program_setup(&context, argc, argv, args, num_args, NULL); @@ -758,6 +761,17 @@ main (int argc, char **argv) kadm5_setup_passwd_quality_check (context, check_library, check_function); + for (i = 0; i < policy_libraries.num_strings; i++) { + ret = kadm5_add_passwd_quality_verifier(context, + policy_libraries.strings[i]); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + } + ret = kadm5_add_passwd_quality_verifier(context, NULL); + if (ret) + krb5_err(context, 1, ret, "kadm5_add_passwd_quality_verifier"); + + explicit_addresses.len = 0; if (addresses_str.num_strings) {