Checking Password Values (Sun Java System Directory Server Enterprise Edition 6.0 Developer's Guide)

Sun Java System Directory Server Enterprise Edition 6.0 Developer's Guide

Checking Password Values

When Directory Server receives a request to add or modify a userPassword value, the server calls the registered passwordcheck plug-in. The server passes one or more values as a set of Slapi_Value structures in the parameter block. You can retrieve these values with slapi_pblock_get().

#include "slapi-plugin.h"

static int
check_pwd(Slapi_PBlock * pb)
{
    Slapi_Value ** pwdvals = NULL;
    slapi_pblock_get(pb, SLAPI_PASSWDCHECK_VALS, &pwdvals;);
}

Your code must then return zero, 0, when password values are acceptable. Your code must return nonzero when password values are unacceptable. In the simple case where bad password values are only those equal to secret12, the code is a quick strcmp.

#include "slapi-plugin.h"

static int
check_pwd(Slapi_PBlock * pb)
{
    Slapi_Value ** pwdvals = NULL;
    /* See the actual code for msgId, connId, opId. */
    slapi_pblock_get(pb, SLAPI_PASSWDCHECK_VALS, &pwdvals;);

    for (i=0 ; pwdvals[i] != NULL; i++) {
        if (strcmp("secret12", pwdvals[i]) != 0) {
            slapi_log_info_ex(
                SLAPI_LOG_INFO_AREA_ALL,
                SLAPI_LOG_INFO_LEVEL_DEFAULT,
                msgId,
                connId,
                opId,
                "Sample password check plug-in",
                "Invalid password: secret12\n"
            );
            return -1;
        }
    }
    return 0;
}

Here, the code allows Directory Server to log the reason for failure when a password value is not acceptable.