password validation plugin type and a simple plugin

9 files changed, 608 insertions, 16 deletions

diff --git a/cmake/abi_check.cmake b/cmake/abi_check.cmake
index cca595c5635..b6e630eeb37 100644
--- a/cmake/abi_check.cmake
+++ b/cmake/abi_check.cmake
@@ -43,6 +43,7 @@ IF(CMAKE_COMPILER_IS_GNUCC AND RUN_ABI_CHECK)
     ${CMAKE_SOURCE_DIR}/include/mysql/psi/psi_abi_v2.h
     ${CMAKE_SOURCE_DIR}/include/mysql/client_plugin.h
     ${CMAKE_SOURCE_DIR}/include/mysql/plugin_auth.h
+    ${CMAKE_SOURCE_DIR}/include/mysql/plugin_password_validation.h
   )
 
   ADD_CUSTOM_TARGET(abi_check ALL
diff --git a/include/mysql/plugin.h b/include/mysql/plugin.h
index 499f3589145..16b0c6edc1f 100644
--- a/include/mysql/plugin.h
+++ b/include/mysql/plugin.h
@@ -80,17 +80,19 @@ typedef struct st_mysql_xid MYSQL_XID;
 /*
   The allowable types of plugins
 */
-#define MYSQL_UDF_PLUGIN             0  /* User-defined function        */
-#define MYSQL_STORAGE_ENGINE_PLUGIN  1  /* Storage Engine               */
+#define MYSQL_UDF_PLUGIN             0  /* not implemented              */
+#define MYSQL_STORAGE_ENGINE_PLUGIN  1
 #define MYSQL_FTPARSER_PLUGIN        2  /* Full-text parser plugin      */
-#define MYSQL_DAEMON_PLUGIN          3  /* The daemon/raw plugin type */
-#define MYSQL_INFORMATION_SCHEMA_PLUGIN  4  /* The I_S plugin type */
-#define MYSQL_AUDIT_PLUGIN           5  /* The Audit plugin type        */
-#define MYSQL_REPLICATION_PLUGIN     6	/* The replication plugin type */
-#define MYSQL_AUTHENTICATION_PLUGIN  7  /* The authentication plugin type */
-#define MYSQL_VALIDATE_PASSWORD_PLUGIN  8   /* validate password plugin type */
+#define MYSQL_DAEMON_PLUGIN          3
+#define MYSQL_INFORMATION_SCHEMA_PLUGIN  4
+#define MYSQL_AUDIT_PLUGIN           5
+#define MYSQL_REPLICATION_PLUGIN     6
+#define MYSQL_AUTHENTICATION_PLUGIN  7
 #define MYSQL_MAX_PLUGIN_TYPE_NUM    9  /* The number of plugin types   */
 
+/* MariaDB plugin types */
+#define MariaDB_PASSWORD_VALIDATION_PLUGIN 8
+
 /* We use the following strings to define licenses for plugins */
 #define PLUGIN_LICENSE_PROPRIETARY 0
 #define PLUGIN_LICENSE_GPL 1
diff --git a/include/mysql/plugin_password_validation.h b/include/mysql/plugin_password_validation.h
new file mode 100644
index 00000000000..0bbb8f481c2
--- /dev/null
+++ b/include/mysql/plugin_password_validation.h
@@ -0,0 +1,45 @@
+#ifndef MYSQL_PLUGIN_PASSWORD_VALIDATION_INCLUDED
+/* Copyright (C) 2014 Sergei Golubchik and MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/**
+  @file
+
+  Authentication Plugin API.
+
+  This file defines the API for server authentication plugins.
+*/
+
+#define MYSQL_PLUGIN_PASSWORD_VALIDATION_INCLUDED
+
+#include <mysql/plugin.h>
+
+#define MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION 0x0100
+
+/**
+  Password validation plugin descriptor
+*/
+struct st_mysql_password_validation
+{
+  int interface_version;                        /**< version plugin uses */
+  /**
+    Function provided by the plugin which should perform password validation
+    and return 0 if the password has passed the validation.
+  */
+  int (*validate_password)(MYSQL_LEX_STRING *username,
+                           MYSQL_LEX_STRING *password);
+};
+#endif
+
diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp
new file mode 100644
index 00000000000..a79c9ff886d
--- /dev/null
+++ b/include/mysql/plugin_password_validation.h.pp
@@ -0,0 +1,345 @@
+#include <mysql/plugin.h>
+typedef char my_bool;
+typedef void * MYSQL_PLUGIN;
+#include <mysql/services.h>
+#include <mysql/service_my_snprintf.h>
+extern struct my_snprintf_service_st {
+  size_t (*my_snprintf_type)(char*, size_t, const char*, ...);
+  size_t (*my_vsnprintf_type)(char *, size_t, const char*, va_list);
+} *my_snprintf_service;
+size_t my_snprintf(char* to, size_t n, const char* fmt, ...);
+size_t my_vsnprintf(char *to, size_t n, const char* fmt, va_list ap);
+#include <mysql/service_thd_alloc.h>
+struct st_mysql_lex_string
+{
+  char *str;
+  size_t length;
+};
+typedef struct st_mysql_lex_string MYSQL_LEX_STRING;
+extern struct thd_alloc_service_st {
+  void *(*thd_alloc_func)(void*, unsigned int);
+  void *(*thd_calloc_func)(void*, unsigned int);
+  char *(*thd_strdup_func)(void*, const char *);
+  char *(*thd_strmake_func)(void*, const char *, unsigned int);
+  void *(*thd_memdup_func)(void*, const void*, unsigned int);
+  MYSQL_LEX_STRING *(*thd_make_lex_string_func)(void*, MYSQL_LEX_STRING *,
+                                        const char *, unsigned int, int);
+} *thd_alloc_service;
+void *thd_alloc(void* thd, unsigned int size);
+void *thd_calloc(void* thd, unsigned int size);
+char *thd_strdup(void* thd, const char *str);
+char *thd_strmake(void* thd, const char *str, unsigned int size);
+void *thd_memdup(void* thd, const void* str, unsigned int size);
+MYSQL_LEX_STRING *thd_make_lex_string(void* thd, MYSQL_LEX_STRING *lex_str,
+                                      const char *str, unsigned int size,
+                                      int allocate_lex_string);
+#include <mysql/service_thd_wait.h>
+typedef enum _thd_wait_type_e {
+  THD_WAIT_SLEEP= 1,
+  THD_WAIT_DISKIO= 2,
+  THD_WAIT_ROW_LOCK= 3,
+  THD_WAIT_GLOBAL_LOCK= 4,
+  THD_WAIT_META_DATA_LOCK= 5,
+  THD_WAIT_TABLE_LOCK= 6,
+  THD_WAIT_USER_LOCK= 7,
+  THD_WAIT_BINLOG= 8,
+  THD_WAIT_GROUP_COMMIT= 9,
+  THD_WAIT_SYNC= 10,
+  THD_WAIT_NET= 11,
+  THD_WAIT_LAST= 12
+} thd_wait_type;
+extern struct thd_wait_service_st {
+  void (*thd_wait_begin_func)(void*, int);
+  void (*thd_wait_end_func)(void*);
+} *thd_wait_service;
+void thd_wait_begin(void* thd, int wait_type);
+void thd_wait_end(void* thd);
+#include <mysql/service_progress_report.h>
+extern struct progress_report_service_st {
+  void (*thd_progress_init_func)(void* thd, unsigned int max_stage);
+  void (*thd_progress_report_func)(void* thd,
+                                   unsigned long long progress,
+                                   unsigned long long max_progress);
+  void (*thd_progress_next_stage_func)(void* thd);
+  void (*thd_progress_end_func)(void* thd);
+  const char *(*set_thd_proc_info_func)(void*, const char *info,
+                                        const char *func,
+                                        const char *file,
+                                        unsigned int line);
+} *progress_report_service;
+void thd_progress_init(void* thd, unsigned int max_stage);
+void thd_progress_report(void* thd,
+                         unsigned long long progress,
+                         unsigned long long max_progress);
+void thd_progress_next_stage(void* thd);
+void thd_progress_end(void* thd);
+const char *set_thd_proc_info(void*, const char * info, const char *func,
+                              const char *file, unsigned int line);
+#include <mysql/service_debug_sync.h>
+extern void (*debug_sync_C_callback_ptr)(void*, const char *, size_t);
+#include <mysql/service_kill_statement.h>
+enum thd_kill_levels {
+  THD_IS_NOT_KILLED=0,
+  THD_ABORT_SOFTLY=50,
+  THD_ABORT_ASAP=100,
+};
+extern struct kill_statement_service_st {
+  enum thd_kill_levels (*thd_kill_level_func)(const void*);
+} *thd_kill_statement_service;
+enum thd_kill_levels thd_kill_level(const void*);
+#include <mysql/service_thd_timezone.h>
+#include "mysql_time.h"
+typedef long my_time_t;
+enum enum_mysql_timestamp_type
+{
+  MYSQL_TIMESTAMP_NONE= -2, MYSQL_TIMESTAMP_ERROR= -1,
+  MYSQL_TIMESTAMP_DATE= 0, MYSQL_TIMESTAMP_DATETIME= 1, MYSQL_TIMESTAMP_TIME= 2
+};
+typedef struct st_mysql_time
+{
+  unsigned int year, month, day, hour, minute, second;
+  unsigned long second_part;
+  my_bool neg;
+  enum enum_mysql_timestamp_type time_type;
+} MYSQL_TIME;
+extern struct thd_timezone_service_st {
+  my_time_t (*thd_TIME_to_gmt_sec)(void* thd, const MYSQL_TIME *ltime, unsigned int *errcode);
+  void (*thd_gmt_sec_to_TIME)(void* thd, MYSQL_TIME *ltime, my_time_t t);
+} *thd_timezone_service;
+my_time_t thd_TIME_to_gmt_sec(void* thd, const MYSQL_TIME *ltime, unsigned int *errcode);
+void thd_gmt_sec_to_TIME(void* thd, MYSQL_TIME *ltime, my_time_t t);
+#include <mysql/service_sha1.h>
+extern struct my_sha1_service_st {
+  void (*my_sha1_type)(unsigned char*, const char*, size_t);
+  void (*my_sha1_multi_type)(unsigned char*, ...);
+  size_t (*my_sha1_context_size_type)();
+  void (*my_sha1_init_type)(void *);
+  void (*my_sha1_input_type)(void *, const unsigned char *, size_t);
+  void (*my_sha1_result_type)(void *, unsigned char *);
+} *my_sha1_service;
+void my_sha1(unsigned char*, const char*, size_t);
+void my_sha1_multi(unsigned char*, ...);
+size_t my_sha1_context_size();
+void my_sha1_init(void *context);
+void my_sha1_input(void *context, const unsigned char *buf, size_t len);
+void my_sha1_result(void *context, unsigned char *digest);
+#include <mysql/service_md5.h>
+extern struct my_md5_service_st {
+  void (*my_md5_type)(unsigned char*, const char*, size_t);
+  void (*my_md5_multi_type)(unsigned char*, ...);
+  size_t (*my_md5_context_size_type)();
+  void (*my_md5_init_type)(void *);
+  void (*my_md5_input_type)(void *, const unsigned char *, size_t);
+  void (*my_md5_result_type)(void *, unsigned char *);
+} *my_md5_service;
+void my_md5(unsigned char*, const char*, size_t);
+void my_md5_multi(unsigned char*, ...);
+size_t my_md5_context_size();
+void my_md5_init(void *context);
+void my_md5_input(void *context, const unsigned char *buf, size_t len);
+void my_md5_result(void *context, unsigned char *digest);
+#include <mysql/service_logger.h>
+typedef struct logger_handle_st LOGGER_HANDLE;
+extern struct logger_service_st {
+  void (*logger_init_mutexes)();
+  LOGGER_HANDLE* (*open)(const char *path,
+                         unsigned long long size_limit,
+                         unsigned int rotations);
+  int (*close)(LOGGER_HANDLE *log);
+  int (*vprintf)(LOGGER_HANDLE *log, const char *fmt, va_list argptr);
+  int (*printf)(LOGGER_HANDLE *log, const char *fmt, ...);
+  int (*write)(LOGGER_HANDLE *log, const char *buffer, size_t size);
+  int (*rotate)(LOGGER_HANDLE *log);
+} *logger_service;
+  void logger_init_mutexes();
+  LOGGER_HANDLE *logger_open(const char *path,
+                             unsigned long long size_limit,
+                             unsigned int rotations);
+  int logger_close(LOGGER_HANDLE *log);
+  int logger_vprintf(LOGGER_HANDLE *log, const char *fmt, va_list argptr);
+  int logger_printf(LOGGER_HANDLE *log, const char *fmt, ...);
+  int logger_write(LOGGER_HANDLE *log, const char *buffer, size_t size);
+  int logger_rotate(LOGGER_HANDLE *log);
+#include <mysql/service_thd_autoinc.h>
+extern struct thd_autoinc_service_st {
+  void (*thd_get_autoinc_func)(const void* thd,
+                               unsigned long* off, unsigned long* inc);
+} *thd_autoinc_service;
+void thd_get_autoinc(const void* thd,
+                     unsigned long* off, unsigned long* inc);
+#include <mysql/service_thd_error_context.h>
+extern struct thd_error_context_service_st {
+  const char *(*thd_get_error_message_func)(const void* thd);
+  unsigned int (*thd_get_error_number_func)(const void* thd);
+  unsigned long (*thd_get_error_row_func)(const void* thd);
+  void (*thd_inc_error_row_func)(void* thd);
+  char *(*thd_get_error_context_description_func)(void* thd,
+                                                  char *buffer,
+                                                  unsigned int length,
+                                                  unsigned int max_query_length);
+} *thd_error_context_service;
+const char *thd_get_error_message(const void* thd);
+unsigned int thd_get_error_number(const void* thd);
+unsigned long thd_get_error_row(const void* thd);
+void thd_inc_error_row(void* thd);
+char *thd_get_error_context_description(void* thd,
+                                        char *buffer, unsigned int length,
+                                        unsigned int max_query_length);
+struct st_mysql_xid {
+  long formatID;
+  long gtrid_length;
+  long bqual_length;
+  char data[128];
+};
+typedef struct st_mysql_xid MYSQL_XID;
+enum enum_mysql_show_type
+{
+  SHOW_UNDEF, SHOW_BOOL, SHOW_UINT, SHOW_ULONG,
+  SHOW_ULONGLONG, SHOW_CHAR, SHOW_CHAR_PTR,
+  SHOW_ARRAY, SHOW_FUNC, SHOW_DOUBLE,
+  SHOW_SINT, SHOW_SLONG, SHOW_SLONGLONG, SHOW_SIMPLE_FUNC,
+  SHOW_always_last
+};
+struct st_mysql_show_var {
+  const char *name;
+  char *value;
+  enum enum_mysql_show_type type;
+};
+typedef int (*mysql_show_var_func)(void*, struct st_mysql_show_var*, char *);
+struct st_mysql_sys_var;
+struct st_mysql_value;
+typedef int (*mysql_var_check_func)(void* thd,
+                                    struct st_mysql_sys_var *var,
+                                    void *save, struct st_mysql_value *value);
+typedef void (*mysql_var_update_func)(void* thd,
+                                      struct st_mysql_sys_var *var,
+                                      void *var_ptr, const void *save);
+struct st_mysql_plugin
+{
+  int type;
+  void *info;
+  const char *name;
+  const char *author;
+  const char *descr;
+  int license;
+  int (*init)(void *);
+  int (*deinit)(void *);
+  unsigned int version;
+  struct st_mysql_show_var *status_vars;
+  struct st_mysql_sys_var **system_vars;
+  void * __reserved1;
+  unsigned long flags;
+};
+struct st_maria_plugin
+{
+  int type;
+  void *info;
+  const char *name;
+  const char *author;
+  const char *descr;
+  int license;
+  int (*init)(void *);
+  int (*deinit)(void *);
+  unsigned int version;
+  struct st_mysql_show_var *status_vars;
+  struct st_mysql_sys_var **system_vars;
+  const char *version_info;
+  unsigned int maturity;
+};
+#include "plugin_ftparser.h"
+#include "plugin.h"
+enum enum_ftparser_mode
+{
+  MYSQL_FTPARSER_SIMPLE_MODE= 0,
+  MYSQL_FTPARSER_WITH_STOPWORDS= 1,
+  MYSQL_FTPARSER_FULL_BOOLEAN_INFO= 2
+};
+enum enum_ft_token_type
+{
+  FT_TOKEN_EOF= 0,
+  FT_TOKEN_WORD= 1,
+  FT_TOKEN_LEFT_PAREN= 2,
+  FT_TOKEN_RIGHT_PAREN= 3,
+  FT_TOKEN_STOPWORD= 4
+};
+typedef struct st_mysql_ftparser_boolean_info
+{
+  enum enum_ft_token_type type;
+  int yesno;
+  int weight_adjust;
+  char wasign;
+  char trunc;
+  char prev;
+  char *quot;
+} MYSQL_FTPARSER_BOOLEAN_INFO;
+typedef struct st_mysql_ftparser_param
+{
+  int (*mysql_parse)(struct st_mysql_ftparser_param *,
+                     const char *doc, int doc_len);
+  int (*mysql_add_word)(struct st_mysql_ftparser_param *,
+                        const char *word, int word_len,
+                        MYSQL_FTPARSER_BOOLEAN_INFO *boolean_info);
+  void *ftparser_state;
+  void *mysql_ftparam;
+  const struct charset_info_st *cs;
+  const char *doc;
+  int length;
+  unsigned int flags;
+  enum enum_ftparser_mode mode;
+} MYSQL_FTPARSER_PARAM;
+struct st_mysql_ftparser
+{
+  int interface_version;
+  int (*parse)(MYSQL_FTPARSER_PARAM *param);
+  int (*init)(MYSQL_FTPARSER_PARAM *param);
+  int (*deinit)(MYSQL_FTPARSER_PARAM *param);
+};
+struct st_mysql_daemon
+{
+  int interface_version;
+};
+struct st_mysql_information_schema
+{
+  int interface_version;
+};
+struct st_mysql_storage_engine
+{
+  int interface_version;
+};
+struct handlerton;
+ struct Mysql_replication {
+   int interface_version;
+ };
+struct st_mysql_value
+{
+  int (*value_type)(struct st_mysql_value *);
+  const char *(*val_str)(struct st_mysql_value *, char *buffer, int *length);
+  int (*val_real)(struct st_mysql_value *, double *realbuf);
+  int (*val_int)(struct st_mysql_value *, long long *intbuf);
+  int (*is_unsigned)(struct st_mysql_value *);
+};
+int thd_in_lock_tables(const void* thd);
+int thd_tablespace_op(const void* thd);
+long long thd_test_options(const void* thd, long long test_options);
+int thd_sql_command(const void* thd);
+void **thd_ha_data(const void* thd, const struct handlerton *hton);
+void thd_storage_lock_wait(void* thd, long long value);
+int thd_tx_isolation(const void* thd);
+int thd_tx_is_read_only(const void* thd);
+int thd_rpl_is_parallel(const void* thd);
+int mysql_tmpfile(const char *prefix);
+unsigned long thd_get_thread_id(const void* thd);
+void thd_get_xid(const void* thd, MYSQL_XID *xid);
+void mysql_query_cache_invalidate4(void* thd,
+                                   const char *key, unsigned int key_length,
+                                   int using_trx);
+void *thd_get_ha_data(const void* thd, const struct handlerton *hton);
+void thd_set_ha_data(void* thd, const struct handlerton *hton,
+                     const void *ha_data);
+void thd_wakeup_subsequent_commits(void* thd, int wakeup_error);
+struct st_mysql_password_validation
+{
+  int interface_version;
+  int (*validate_password)(MYSQL_LEX_STRING *username,
+                           MYSQL_LEX_STRING *password);
+};
diff --git a/mysql-test/suite/plugins/r/simple_password_check.result b/mysql-test/suite/plugins/r/simple_password_check.result
new file mode 100644
index 00000000000..c5e711ae35d
--- /dev/null
+++ b/mysql-test/suite/plugins/r/simple_password_check.result
@@ -0,0 +1,73 @@
+install soname "simple_password_check";
+select * from information_schema.plugins where plugin_name='simple_password_check';
+PLUGIN_NAME	simple_password_check
+PLUGIN_VERSION	1.0
+PLUGIN_STATUS	ACTIVE
+PLUGIN_TYPE	PASSWORD VALIDATION
+PLUGIN_TYPE_VERSION	1.0
+PLUGIN_LIBRARY	simple_password_check.so
+PLUGIN_LIBRARY_VERSION	1.10
+PLUGIN_AUTHOR	Sergei Golubchik
+PLUGIN_DESCRIPTION	Simple password strength checks
+PLUGIN_LICENSE	GPL
+LOAD_OPTION	ON
+PLUGIN_MATURITY	Alpha
+PLUGIN_AUTH_VERSION	1.0
+select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
+VARIABLE_NAME	SIMPLE_PASSWORD_CHECK_DIGITS
+SESSION_VALUE	NULL
+GLOBAL_VALUE	1
+GLOBAL_VALUE_ORIGIN	COMPILE-TIME
+DEFAULT_VALUE	1
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	INT UNSIGNED
+VARIABLE_COMMENT	Minimal required number of digits
+NUMERIC_MIN_VALUE	0
+NUMERIC_MAX_VALUE	1000
+NUMERIC_BLOCK_SIZE	1
+ENUM_VALUE_LIST	NULL
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	SIMPLE_PASSWORD_CHECK_LETTERS_SAME_CASE
+SESSION_VALUE	NULL
+GLOBAL_VALUE	1
+GLOBAL_VALUE_ORIGIN	COMPILE-TIME
+DEFAULT_VALUE	1
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	INT UNSIGNED
+VARIABLE_COMMENT	Minimal required number of letters of the same letter case.This limit is applied separately to upper-case and lower-case letters
+NUMERIC_MIN_VALUE	0
+NUMERIC_MAX_VALUE	1000
+NUMERIC_BLOCK_SIZE	1
+ENUM_VALUE_LIST	NULL
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	SIMPLE_PASSWORD_CHECK_MINIMAL_LENGTH
+SESSION_VALUE	NULL
+GLOBAL_VALUE	8
+GLOBAL_VALUE_ORIGIN	COMPILE-TIME
+DEFAULT_VALUE	8
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	INT UNSIGNED
+VARIABLE_COMMENT	Minimal required password length
+NUMERIC_MIN_VALUE	0
+NUMERIC_MAX_VALUE	1000
+NUMERIC_BLOCK_SIZE	1
+ENUM_VALUE_LIST	NULL
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	REQUIRED
+VARIABLE_NAME	SIMPLE_PASSWORD_CHECK_OTHER_CHARACTERS
+SESSION_VALUE	NULL
+GLOBAL_VALUE	1
+GLOBAL_VALUE_ORIGIN	COMPILE-TIME
+DEFAULT_VALUE	1
+VARIABLE_SCOPE	GLOBAL
+VARIABLE_TYPE	INT UNSIGNED
+VARIABLE_COMMENT	Minimal required number of other (not letters or digits) characters
+NUMERIC_MIN_VALUE	0
+NUMERIC_MAX_VALUE	1000
+NUMERIC_BLOCK_SIZE	1
+ENUM_VALUE_LIST	NULL
+READ_ONLY	NO
+COMMAND_LINE_ARGUMENT	REQUIRED
+uninstall plugin simple_password_check;
diff --git a/mysql-test/suite/plugins/t/simple_password_check.test b/mysql-test/suite/plugins/t/simple_password_check.test
new file mode 100644
index 00000000000..6cac4820fce
--- /dev/null
+++ b/mysql-test/suite/plugins/t/simple_password_check.test
@@ -0,0 +1,16 @@
+--source include/not_embedded.inc
+
+if (!$SIMPLE_PASSWORD_CHECK_SO) {
+  skip No SIMPLE_PASSWORD_CHECK plugin;
+}
+
+install soname "simple_password_check";
+
+--vertical_results
+--replace_result .dll .so
+select * from information_schema.plugins where plugin_name='simple_password_check';
+
+select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
+--horizontal_results
+
+uninstall plugin simple_password_check;
diff --git a/plugin/simple_password_check/CMakeLists.txt b/plugin/simple_password_check/CMakeLists.txt
new file mode 100644
index 00000000000..f41024d2c8e
--- /dev/null
+++ b/plugin/simple_password_check/CMakeLists.txt
@@ -0,0 +1 @@
+MYSQL_ADD_PLUGIN(simple_password_check simple_password_check.c MODULE_ONLY)
diff --git a/plugin/simple_password_check/simple_password_check.c b/plugin/simple_password_check/simple_password_check.c
new file mode 100644
index 00000000000..6d046d9cada
--- /dev/null
+++ b/plugin/simple_password_check/simple_password_check.c
@@ -0,0 +1,104 @@
+/* Copyright (c) 2014, Sergei Golubchik and MariaDB
+   Copyright (c) 2012, 2013, Oracle and/or its affiliates.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <mysql/plugin_password_validation.h>
+#include <ctype.h>
+#include <string.h>
+
+static unsigned min_length, min_digits, min_letters, min_others;
+
+static int validate(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password)
+{
+  unsigned digits=0 , uppers=0 , lowers=0, others=0, length= password->length;
+  const char *ptr= password->str, *end= ptr + length;
+
+  if (strncmp(password->str, username->str, length) == 0)
+    return 1;
+
+  /* everything non-ascii is the "other" character and is good for the password */
+  for(; ptr < end; ptr++)
+  {
+    if (isdigit(*ptr))
+      digits++;
+    else if (isupper(*ptr))
+      uppers++;
+    else if (islower(*ptr))
+      lowers++;
+    else
+      others++;
+  }
+  /* remember TRUE means the password failed the validation */
+  return length < min_length  ||
+         uppers < min_letters ||
+         lowers < min_letters ||
+         digits < min_digits  ||
+         others < min_others;
+}
+
+static void fix_min_length(MYSQL_THD thd, struct st_mysql_sys_var *var,
+              void *var_ptr, const void *save)
+{
+  *((unsigned int *)var_ptr)= *((unsigned int *)save);
+  if (min_length < min_digits + 2 * min_letters + min_others)
+    min_length= min_digits + 2 * min_letters + min_others;
+}
+
+static MYSQL_SYSVAR_UINT(minimal_length, min_length, PLUGIN_VAR_RQCMDARG,
+  "Minimal required password length", NULL, fix_min_length, 8, 0, 1000, 1);
+
+static MYSQL_SYSVAR_UINT(digits, min_digits, PLUGIN_VAR_RQCMDARG,
+  "Minimal required number of digits", NULL, fix_min_length, 1, 0, 1000, 1);
+
+static MYSQL_SYSVAR_UINT(letters_same_case, min_letters, PLUGIN_VAR_RQCMDARG,
+  "Minimal required number of letters of the same letter case."
+  "This limit is applied separately to upper-case and lower-case letters",
+  NULL, fix_min_length, 1, 0, 1000, 1);
+
+static MYSQL_SYSVAR_UINT(other_characters, min_others, PLUGIN_VAR_RQCMDARG,
+  "Minimal required number of other (not letters or digits) characters",
+  NULL, fix_min_length, 1, 0, 1000, 1);
+
+static struct st_mysql_sys_var* sysvars[]= {
+  MYSQL_SYSVAR(minimal_length),
+  MYSQL_SYSVAR(digits),
+  MYSQL_SYSVAR(letters_same_case),
+  MYSQL_SYSVAR(other_characters),
+  NULL
+};
+
+static struct st_mysql_password_validation info=
+{
+  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
+  validate
+};
+
+maria_declare_plugin(simple_password_check)
+{
+  MariaDB_PASSWORD_VALIDATION_PLUGIN,
+  &info,
+  "simple_password_check",
+  "Sergei Golubchik",
+  "Simple password strength checks",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  sysvars,
+  "1.0",
+  MariaDB_PLUGIN_MATURITY_ALPHA,
+}
+maria_declare_plugin_end;
diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
index 4228c1fd9f2..397dbd2d33c 100644
--- a/sql/sql_plugin.cc
+++ b/sql/sql_plugin.cc
@@ -35,6 +35,7 @@
 #include <mysql/plugin_auth.h>
 #include "lock.h"                               // MYSQL_LOCK_IGNORE_TIMEOUT
 #include <mysql/plugin_auth.h>
+#include <mysql/plugin_password_validation.h>
 #include "sql_plugin_compat.h"
 
 #define REPORT_TO_LOG  1
@@ -82,7 +83,8 @@ const LEX_STRING plugin_type_names[MYSQL_MAX_PLUGIN_TYPE_NUM]=
   { C_STRING_WITH_LEN("INFORMATION SCHEMA") },
   { C_STRING_WITH_LEN("AUDIT") },
   { C_STRING_WITH_LEN("REPLICATION") },
-  { C_STRING_WITH_LEN("AUTHENTICATION") }
+  { C_STRING_WITH_LEN("AUTHENTICATION") },
+  { C_STRING_WITH_LEN("PASSWORD VALIDATION") }
 };
 
 extern int initialize_schema_table(st_plugin_int *plugin);
@@ -98,14 +100,14 @@ extern int finalize_audit_plugin(st_plugin_int *plugin);
 */
 plugin_type_init plugin_type_initialize[MYSQL_MAX_PLUGIN_TYPE_NUM]=
 {
-  0,ha_initialize_handlerton,0,0,initialize_schema_table,
-  initialize_audit_plugin, 0, 0
+  0, ha_initialize_handlerton, 0, 0,initialize_schema_table,
+  initialize_audit_plugin, 0, 0, 0
 };
 
 plugin_type_init plugin_type_deinitialize[MYSQL_MAX_PLUGIN_TYPE_NUM]=
 {
-  0,ha_finalize_handlerton,0,0,finalize_schema_table,
-  finalize_audit_plugin, 0, 0
+  0, ha_finalize_handlerton, 0, 0, finalize_schema_table,
+  finalize_audit_plugin, 0, 0, 0
 };
 
 #ifdef HAVE_DLOPEN
@@ -137,7 +139,8 @@ static int min_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
   MYSQL_INFORMATION_SCHEMA_INTERFACE_VERSION,
   MYSQL_AUDIT_INTERFACE_VERSION,
   MYSQL_REPLICATION_INTERFACE_VERSION,
-  MIN_AUTHENTICATION_INTERFACE_VERSION
+  MIN_AUTHENTICATION_INTERFACE_VERSION,
+  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION
 };
 static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
 {
@@ -148,7 +151,8 @@ static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]=
   MYSQL_INFORMATION_SCHEMA_INTERFACE_VERSION,
   MYSQL_AUDIT_INTERFACE_VERSION,
   MYSQL_REPLICATION_INTERFACE_VERSION,
-  MYSQL_AUTHENTICATION_INTERFACE_VERSION
+  MYSQL_AUTHENTICATION_INTERFACE_VERSION,
+  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION
 };
 
 static struct
@@ -1051,7 +1055,8 @@ static bool plugin_add(MEM_ROOT *tmp_root,
       continue; // invalid plugin type
 
     if (plugin->type == MYSQL_UDF_PLUGIN ||
-        (plugin->type == 8 && tmp.plugin_dl->mariaversion == 0))
+        (plugin->type == MariaDB_PASSWORD_VALIDATION_PLUGIN &&
+         tmp.plugin_dl->mariaversion == 0))
       continue; // unsupported plugin type
 
     if (name->str && my_strnncoll(system_charset_info,