diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-10-05 16:00:23 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-10-05 16:00:23 +0000 |
| commit | f807c93ad898c9b652b516ac54ee2b1112c67fbc (patch) | |
| tree | 3c76da42e3a052c6857238d5917bcaae77ee64e2 /src/lib/kadm5 | |
| parent | 96f2a016991c199be477b6abd48824ec1cb6641f (diff) | |
| download | krb5-f807c93ad898c9b652b516ac54ee2b1112c67fbc.tar.gz krb5-f807c93ad898c9b652b516ac54ee2b1112c67fbc.tar.xz krb5-f807c93ad898c9b652b516ac54ee2b1112c67fbc.zip | |
Add a name field to the pwqual plugin vtable and log pwqual module
rejections.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24425 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5')
| -rw-r--r-- | src/lib/kadm5/server_internal.h | 4 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/pwqual.c | 6 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/pwqual_dict.c | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/pwqual_empty.c | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/pwqual_hesiod.c | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/pwqual_princ.c | 1 | ||||
| -rw-r--r-- | src/lib/kadm5/srv/server_misc.c | 15 |
7 files changed, 28 insertions, 1 deletions
diff --git a/src/lib/kadm5/server_internal.h b/src/lib/kadm5/server_internal.h index 42b11c85ee..8778522546 100644 --- a/src/lib/kadm5/server_internal.h +++ b/src/lib/kadm5/server_internal.h @@ -172,6 +172,10 @@ k5_pwqual_load(krb5_context context, const char *dict_file, void k5_pwqual_free_handles(krb5_context context, pwqual_handle *handles); +/* Return the name of a password quality plugin module. */ +const char * +k5_pwqual_name(krb5_context context, pwqual_handle handle); + /* Check a password using a password quality plugin module. */ krb5_error_code k5_pwqual_check(krb5_context context, pwqual_handle handle, diff --git a/src/lib/kadm5/srv/pwqual.c b/src/lib/kadm5/srv/pwqual.c index 86aa2d43b5..d1a9f78347 100644 --- a/src/lib/kadm5/srv/pwqual.c +++ b/src/lib/kadm5/srv/pwqual.c @@ -109,6 +109,12 @@ k5_pwqual_free_handles(krb5_context context, pwqual_handle *handles) free(handles); } +const char * +k5_pwqual_name(krb5_context context, pwqual_handle handle) +{ + return handle->vt.name; +} + krb5_error_code k5_pwqual_check(krb5_context context, pwqual_handle handle, const char *password, const char *policy_name, diff --git a/src/lib/kadm5/srv/pwqual_dict.c b/src/lib/kadm5/srv/pwqual_dict.c index 2df9a8b94c..58ece2fe03 100644 --- a/src/lib/kadm5/srv/pwqual_dict.c +++ b/src/lib/kadm5/srv/pwqual_dict.c @@ -247,6 +247,7 @@ pwqual_dict_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_pwqual_vtable)vtable; + vt->name = "dict"; vt->open = dict_open; vt->check = dict_check; vt->close = dict_close; diff --git a/src/lib/kadm5/srv/pwqual_empty.c b/src/lib/kadm5/srv/pwqual_empty.c index df3505aaf5..79e7534d55 100644 --- a/src/lib/kadm5/srv/pwqual_empty.c +++ b/src/lib/kadm5/srv/pwqual_empty.c @@ -56,6 +56,7 @@ pwqual_empty_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_pwqual_vtable)vtable; + vt->name = "empty"; vt->check = empty_check; return 0; } diff --git a/src/lib/kadm5/srv/pwqual_hesiod.c b/src/lib/kadm5/srv/pwqual_hesiod.c index 993992d193..93ced4f3e1 100644 --- a/src/lib/kadm5/srv/pwqual_hesiod.c +++ b/src/lib/kadm5/srv/pwqual_hesiod.c @@ -128,6 +128,7 @@ pwqual_hesiod_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_pwqual_vtable)vtable; + vt->name = "hesiod"; vt->check = hesiod_check; return 0; } diff --git a/src/lib/kadm5/srv/pwqual_princ.c b/src/lib/kadm5/srv/pwqual_princ.c index dfe5f20339..510980e9e5 100644 --- a/src/lib/kadm5/srv/pwqual_princ.c +++ b/src/lib/kadm5/srv/pwqual_princ.c @@ -70,6 +70,7 @@ pwqual_princ_initvt(krb5_context context, int maj_ver, int min_ver, if (maj_ver != 1) return KRB5_PLUGIN_VER_NOTSUPP; vt = (krb5_pwqual_vtable)vtable; + vt->name = "princ"; vt->check = princ_check; return 0; } diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index 9d32e715e0..5b61719498 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -33,7 +33,9 @@ #include <kdb.h> #include <ctype.h> #include <pwd.h> +#include <syslog.h> #include "server_internal.h" +#include <adm_proto.h> kadm5_ret_t adb_policy_init(kadm5_server_handle_t handle) @@ -137,8 +139,19 @@ passwd_check(kadm5_server_handle_t handle, const char *password, } for (h = handle->qual_handles; *h != NULL; h++) { ret = k5_pwqual_check(handle->context, *h, password, polname, princ); - if (ret != 0) + if (ret != 0) { + const char *e = krb5_get_error_message(handle->context, ret); + const char *modname = k5_pwqual_name(handle->context, *h); + char *princname; + if (krb5_unparse_name(handle->context, princ, &princname) != 0) + princname = NULL; + krb5_klog_syslog(LOG_ERR, "password quality module %s rejected " + "password for %s: %s", modname, + princname ? princname : "(can't unparse)", e); + krb5_free_error_message(handle->context, e); + free(princname); return ret; + } } return 0; } |