cracklib_password_check plugin

2 files changed, 94 insertions, 0 deletions

diff --git a/plugin/cracklib_password_check/CMakeLists.txt b/plugin/cracklib_password_check/CMakeLists.txt
new file mode 100644
index 00000000000..21c5b7682c9
--- /dev/null
+++ b/plugin/cracklib_password_check/CMakeLists.txt
@@ -0,0 +1,11 @@
+INCLUDE (CheckIncludeFiles)
+INCLUDE (CheckLibraryExists)
+
+CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H)
+CHECK_LIBRARY_EXISTS(crack FascistCheckUser "" HAVE_LIBCRACK)
+IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY)
+  SET(ok 1)
+ENDIF()
+
+MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c
+  LINK_LIBRARIES crack ONLY_IF ok MODULE_ONLY)
diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c
new file mode 100644
index 00000000000..cb03c054b22
--- /dev/null
+++ b/plugin/cracklib_password_check/cracklib_password_check.c
@@ -0,0 +1,83 @@
+/* Copyright (c) 2014, Sergei Golubchik and MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <my_config.h>
+#include <mysql/plugin_password_validation.h>
+#include <crack.h>
+#include <string.h>
+#include <alloca.h>
+#include <my_sys.h>
+#include <mysqld_error.h>
+
+static char *dictionary;
+
+static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password)
+{
+  char *user= alloca(username->length + 1);
+  char *host;
+  const char *res;
+
+  memcpy(user, username->str, username->length);
+  if ((host= strchr(user, '@')))
+    *host++= 0;
+
+  if ((res= FascistCheckUser(password->str, dictionary, user, host)))
+  {
+    my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
+                    MYF(ME_JUST_WARNING), res);
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
+  "Path to a cracklib dictionary", NULL, NULL, 0);
+
+/* optional user-friendly nicety */
+void set_default_dictionary_path() __attribute__((constructor));
+void set_default_dictionary_path()
+{
+  MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict();
+}
+
+static struct st_mysql_sys_var* sysvars[]= {
+  MYSQL_SYSVAR(dictionary),
+  NULL
+};
+
+static struct st_mysql_password_validation info=
+{
+  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
+  crackme
+};
+
+maria_declare_plugin(cracklib_password_check)
+{
+  MariaDB_PASSWORD_VALIDATION_PLUGIN,
+  &info,
+  "cracklib_password_check",
+  "Sergei Golubchik",
+  "Password validation via CrackLib",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  sysvars,
+  "1.0",
+  MariaDB_PLUGIN_MATURITY_ALPHA,
+}
+maria_declare_plugin_end;