10Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 20Sstevel@tonic-gate 30Sstevel@tonic-gate /* 40Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 50Sstevel@tonic-gate * 60Sstevel@tonic-gate * Openvision retains the copyright to derivative works of 70Sstevel@tonic-gate * this source code. Do *NOT* create a derivative of this 80Sstevel@tonic-gate * source code before consulting with your legal department. 90Sstevel@tonic-gate * Do *NOT* integrate *ANY* of this source code into another 100Sstevel@tonic-gate * product before consulting with your legal department. 110Sstevel@tonic-gate * 120Sstevel@tonic-gate * For further information, read the top-level Openvision 130Sstevel@tonic-gate * copyright which is contained in the top-level MIT Kerberos 140Sstevel@tonic-gate * copyright. 150Sstevel@tonic-gate * 160Sstevel@tonic-gate * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 170Sstevel@tonic-gate * 180Sstevel@tonic-gate */ 190Sstevel@tonic-gate 200Sstevel@tonic-gate 210Sstevel@tonic-gate /* 220Sstevel@tonic-gate * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved 230Sstevel@tonic-gate * 242881Smp153739 * $Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $ 250Sstevel@tonic-gate */ 260Sstevel@tonic-gate 270Sstevel@tonic-gate #if !defined(lint) && !defined(__CODECENTER__) 282881Smp153739 static char *rcsid = "$Header: /cvs/krbdev/krb5/src/lib/kadm5/srv/server_misc.c,v 1.4 2001/06/18 18:58:00 epeisach Exp $"; 290Sstevel@tonic-gate #endif 300Sstevel@tonic-gate 310Sstevel@tonic-gate #include "k5-int.h" 320Sstevel@tonic-gate #include <krb5/kdb.h> 330Sstevel@tonic-gate #include <ctype.h> 340Sstevel@tonic-gate #include <pwd.h> 350Sstevel@tonic-gate 360Sstevel@tonic-gate /* for strcasecmp */ 370Sstevel@tonic-gate #include <string.h> 380Sstevel@tonic-gate 390Sstevel@tonic-gate #include "server_internal.h" 400Sstevel@tonic-gate 410Sstevel@tonic-gate kadm5_ret_t 420Sstevel@tonic-gate adb_policy_init(kadm5_server_handle_t handle) 430Sstevel@tonic-gate { 444960Swillf /* now policy is initialized as part of database. No seperate call needed */ 45*5867Smp153739 /* Solaris Kerberos: krb5_db_inited returns 0 when db has been inited */ 46*5867Smp153739 if( krb5_db_inited( handle->context ) == 0 ) 474960Swillf return KADM5_OK; 484960Swillf 494960Swillf return krb5_db_open( handle->context, NULL, 504960Swillf KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN ); 510Sstevel@tonic-gate } 520Sstevel@tonic-gate 530Sstevel@tonic-gate kadm5_ret_t 540Sstevel@tonic-gate adb_policy_close(kadm5_server_handle_t handle) 550Sstevel@tonic-gate { 564960Swillf /* will be taken care by database close */ 570Sstevel@tonic-gate return KADM5_OK; 580Sstevel@tonic-gate } 590Sstevel@tonic-gate 602881Smp153739 #ifdef HESIOD 610Sstevel@tonic-gate /* stolen from v4sever/kadm_funcs.c */ 620Sstevel@tonic-gate static char * 630Sstevel@tonic-gate reverse(str) 640Sstevel@tonic-gate char *str; 650Sstevel@tonic-gate { 660Sstevel@tonic-gate static char newstr[80]; 670Sstevel@tonic-gate char *p, *q; 680Sstevel@tonic-gate int i; 690Sstevel@tonic-gate 700Sstevel@tonic-gate i = strlen(str); 710Sstevel@tonic-gate if (i >= sizeof(newstr)) 720Sstevel@tonic-gate i = sizeof(newstr)-1; 730Sstevel@tonic-gate p = str+i-1; 740Sstevel@tonic-gate q = newstr; 750Sstevel@tonic-gate q[i]='\0'; 760Sstevel@tonic-gate for(; i > 0; i--) 770Sstevel@tonic-gate *q++ = *p--; 780Sstevel@tonic-gate 790Sstevel@tonic-gate return(newstr); 800Sstevel@tonic-gate } 812881Smp153739 #endif /* HESIOD */ 820Sstevel@tonic-gate 832881Smp153739 #if 0 840Sstevel@tonic-gate static int 850Sstevel@tonic-gate lower(str) 860Sstevel@tonic-gate char *str; 870Sstevel@tonic-gate { 880Sstevel@tonic-gate register char *cp; 890Sstevel@tonic-gate int effect=0; 900Sstevel@tonic-gate 910Sstevel@tonic-gate for (cp = str; *cp; cp++) { 920Sstevel@tonic-gate if (isupper(*cp)) { 930Sstevel@tonic-gate *cp = tolower(*cp); 940Sstevel@tonic-gate effect++; 950Sstevel@tonic-gate } 960Sstevel@tonic-gate } 970Sstevel@tonic-gate return(effect); 980Sstevel@tonic-gate } 992881Smp153739 #endif 1000Sstevel@tonic-gate 1012881Smp153739 #ifdef HESIOD 1020Sstevel@tonic-gate static int 1030Sstevel@tonic-gate str_check_gecos(gecos, pwstr) 1040Sstevel@tonic-gate char *gecos; 1050Sstevel@tonic-gate char *pwstr; 1060Sstevel@tonic-gate { 1070Sstevel@tonic-gate char *cp, *ncp, *tcp; 1080Sstevel@tonic-gate 1090Sstevel@tonic-gate for (cp = gecos; *cp; ) { 1100Sstevel@tonic-gate /* Skip past punctuation */ 1110Sstevel@tonic-gate for (; *cp; cp++) 1120Sstevel@tonic-gate if (isalnum(*cp)) 1130Sstevel@tonic-gate break; 1140Sstevel@tonic-gate /* Skip to the end of the word */ 1150Sstevel@tonic-gate for (ncp = cp; *ncp; ncp++) 1160Sstevel@tonic-gate if (!isalnum(*ncp) && *ncp != '\'') 1170Sstevel@tonic-gate break; 1180Sstevel@tonic-gate /* Delimit end of word */ 1190Sstevel@tonic-gate if (*ncp) 1200Sstevel@tonic-gate *ncp++ = '\0'; 1210Sstevel@tonic-gate /* Check word to see if it's the password */ 1220Sstevel@tonic-gate if (*cp) { 1230Sstevel@tonic-gate if (!strcasecmp(pwstr, cp)) 1240Sstevel@tonic-gate return 1; 1250Sstevel@tonic-gate tcp = reverse(cp); 1260Sstevel@tonic-gate if (!strcasecmp(pwstr, tcp)) 1270Sstevel@tonic-gate return 1; 1280Sstevel@tonic-gate cp = ncp; 1290Sstevel@tonic-gate } else 1300Sstevel@tonic-gate break; 1310Sstevel@tonic-gate } 1320Sstevel@tonic-gate return 0; 1330Sstevel@tonic-gate } 1342881Smp153739 #endif /* HESIOD */ 1350Sstevel@tonic-gate 1360Sstevel@tonic-gate /* some of this is stolen from gatekeeper ... */ 1370Sstevel@tonic-gate kadm5_ret_t 1380Sstevel@tonic-gate passwd_check(kadm5_server_handle_t handle, 1390Sstevel@tonic-gate char *password, int use_policy, kadm5_policy_ent_t pol, 1400Sstevel@tonic-gate krb5_principal principal) 1410Sstevel@tonic-gate { 1420Sstevel@tonic-gate int nupper = 0, 1430Sstevel@tonic-gate nlower = 0, 1440Sstevel@tonic-gate ndigit = 0, 1450Sstevel@tonic-gate npunct = 0, 1460Sstevel@tonic-gate nspec = 0; 1470Sstevel@tonic-gate char c, *s, *cp; 1480Sstevel@tonic-gate #ifdef HESIOD 1490Sstevel@tonic-gate extern struct passwd *hes_getpwnam(); 1500Sstevel@tonic-gate struct passwd *ent; 1510Sstevel@tonic-gate #endif 1520Sstevel@tonic-gate 1530Sstevel@tonic-gate if(use_policy) { 1540Sstevel@tonic-gate if(strlen(password) < pol->pw_min_length) 1550Sstevel@tonic-gate return KADM5_PASS_Q_TOOSHORT; 1560Sstevel@tonic-gate s = password; 1570Sstevel@tonic-gate while ((c = *s++)) { 1584960Swillf if (islower((unsigned char) c)) { 1590Sstevel@tonic-gate nlower = 1; 1600Sstevel@tonic-gate continue; 1610Sstevel@tonic-gate } 1624960Swillf else if (isupper((unsigned char) c)) { 1630Sstevel@tonic-gate nupper = 1; 1640Sstevel@tonic-gate continue; 1654960Swillf } else if (isdigit((unsigned char) c)) { 1660Sstevel@tonic-gate ndigit = 1; 1670Sstevel@tonic-gate continue; 1684960Swillf } else if (ispunct((unsigned char) c)) { 1690Sstevel@tonic-gate npunct = 1; 1700Sstevel@tonic-gate continue; 1710Sstevel@tonic-gate } else { 1720Sstevel@tonic-gate nspec = 1; 1730Sstevel@tonic-gate continue; 1740Sstevel@tonic-gate } 1750Sstevel@tonic-gate } 1760Sstevel@tonic-gate if ((nupper + nlower + ndigit + npunct + nspec) < pol->pw_min_classes) 1770Sstevel@tonic-gate return KADM5_PASS_Q_CLASS; 1780Sstevel@tonic-gate if((find_word(password) == KADM5_OK)) 1790Sstevel@tonic-gate return KADM5_PASS_Q_DICT; 1800Sstevel@tonic-gate else { 1812881Smp153739 int i, n = krb5_princ_size(handle->context, principal); 1820Sstevel@tonic-gate cp = krb5_princ_realm(handle->context, principal)->data; 1830Sstevel@tonic-gate if (strcasecmp(cp, password) == 0) 1840Sstevel@tonic-gate return KADM5_PASS_Q_DICT; 1852881Smp153739 for (i = 0; i < n ; i++) { 1862881Smp153739 cp = krb5_princ_component(handle->context, principal, i)->data; 1870Sstevel@tonic-gate if (strcasecmp(cp, password) == 0) 1880Sstevel@tonic-gate return KADM5_PASS_Q_DICT; 1890Sstevel@tonic-gate #ifdef HESIOD 1900Sstevel@tonic-gate ent = hes_getpwnam(cp); 1910Sstevel@tonic-gate if (ent && ent->pw_gecos) 1920Sstevel@tonic-gate if (str_check_gecos(ent->pw_gecos, password)) 1930Sstevel@tonic-gate return KADM5_PASS_Q_DICT; /* XXX new error code? */ 1940Sstevel@tonic-gate #endif 1950Sstevel@tonic-gate } 1960Sstevel@tonic-gate return KADM5_OK; 1970Sstevel@tonic-gate } 1980Sstevel@tonic-gate } else { 1990Sstevel@tonic-gate if (strlen(password) < 1) 2000Sstevel@tonic-gate return KADM5_PASS_Q_TOOSHORT; 2010Sstevel@tonic-gate } 2020Sstevel@tonic-gate return KADM5_OK; 2030Sstevel@tonic-gate } 2043998Ssemery 2053998Ssemery void 2063998Ssemery trunc_name(size_t *len, char **dots) 2073998Ssemery { 2083998Ssemery *dots = *len > MAXPRINCLEN ? "..." : ""; 2093998Ssemery *len = *len > MAXPRINCLEN ? MAXPRINCLEN : *len; 2103998Ssemery } 211