goodpw_check_other(S-osr5)

goodpw_check_other -- check group, modem or filesystem password syntax and guessability

Syntax

cc . . . -lprot

#include <sys/types.h>
#include <prot.h>

int goodpw_check_other(password, oencrypt, reasonp)
char *password;
char *oencrypt;
char **reasonp;

Description

goodpw_check_other checks the password syntax and guessability of a user-supplied group, modem line, or filesystem password, in a similar way to smp_try_pw(S-osr5), but using the type argument selected by the last call to goodpw_set_other_checks(S-osr5). Whatever guessability checks are in effect for the selected type are used to validate password.

oencrypt should be the encrypted password being replaced; if there is none, it should be NULL.

If the password is rejected, a pointer to a character string describing the reason for rejection is stored in *reasonp.

Note that the password is not overwritten by this routine, and that empty passwords will always pass the check - if this is not appropriate, the caller should check for an empty password beforehand.

Return values

The following values are returned by goodpw_check_other:

SMP_GOODPW: The password passed the checks as configured.
SMP_BADPW: The password failed the checks as configured; reasonp points to a character string explaining the reason for rejection.
SMP_FAIL: Memory could not be allocated for the goodpw dialogue.

Diagnostics

All diagnostics are returned as strings pointed to by the argument reasonp. It is up to the calling program to display these for the user. In each case the return value is also noted.

You may not re-use the same password: password matches the existing password entry. SMP_BADPW is returned.
Too short (must be at least n characters): password is shorter then the minimum length calculated by the system based on a combination of the delay between login attempts, the password lifetime and the ascii character set. SMP_BADPW is returned.
Password is too easy to guess: password has been checked using acceptable_password(S-osr5) and is too easy to guess. SMP_BADPW is returned.
Rejected by goodpw checks: password failed the goodpw checks. SMP_BADPW is returned.
Cannot be circular shift of login name: password is simply a shift of the letters of the login name. SMP_BADPW is returned.
Must contain at least two alphabetic and one numeric or special characters: password does not contain at least two alphabetic characters and at least one numeric or special character. SMP_BADPW is returned.
Passwords must differ by at least 3 positions: password is identical to the old password except for one or two characters. SMP_BADPW is returned.

Examples

The following example illustrates the usage of goodpw_check_other:

   ...
   char **reasonp;
   ...
   char password[PASSWDLEN];
   int set;
   ...
   if((set = goodpw_set_other_checks(GOODPW_GROUP)) == SMP_COMPLETE) {
      ...
      fprintf(stdout, "Password: ");
      fscanf(stdin, "%s", password);
      ...
      switch(goodpw_check_other(password, NULL, &reasonp)) {
   
         case SMP_GOODPW : ...
                           break;
         case SMP_BADPW  : ...
                           break;
         case SMP_FAIL   : ...
                           break;
      }
      ...
   }
   ...

Files

/lib/libprot.a: security subsystem library routines
/usr/lib/libp/libprot.a: as above but used for profiling
/usr/include/prot.h: defines the smp_user_info structure

Standards conformance

goodpw_check_other is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.