diff options
4 files changed, 185 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/r/cracklib_password_check.result b/mysql-test/suite/plugins/r/cracklib_password_check.result new file mode 100644 index 00000000000..f5ca3ed85e9 --- /dev/null +++ b/mysql-test/suite/plugins/r/cracklib_password_check.result @@ -0,0 +1,50 @@ +install soname "cracklib_password_check"; +select * from information_schema.plugins where plugin_name='cracklib_password_check'; +PLUGIN_NAME cracklib_password_check +PLUGIN_VERSION 1.0 +PLUGIN_STATUS ACTIVE +PLUGIN_TYPE PASSWORD VALIDATION +PLUGIN_TYPE_VERSION 1.0 +PLUGIN_LIBRARY cracklib_password_check.so +PLUGIN_LIBRARY_VERSION 1.10 +PLUGIN_AUTHOR Sergei Golubchik +PLUGIN_DESCRIPTION Password validation via CrackLib +PLUGIN_LICENSE GPL +LOAD_OPTION ON +PLUGIN_MATURITY Alpha +PLUGIN_AUTH_VERSION 1.0 +grant select on *.* to foobar identified by 'foobar'; +ERROR HY000: Your password does not satisfy the current policy requirements +show warnings; +Level Code Message +Warning 1819 cracklib: it is based on your username +Error 1819 Your password does not satisfy the current policy requirements +grant select on *.* to foobar identified by 'raboof'; +ERROR HY000: Your password does not satisfy the current policy requirements +show warnings; +Level Code Message +Warning 1819 cracklib: it is based on your username +Error 1819 Your password does not satisfy the current policy requirements +grant select on *.* to foo@barbar identified by 'barbar'; +ERROR HY000: Your password does not satisfy the current policy requirements +show warnings; +Level Code Message +Warning 1819 cracklib: it does not contain enough DIFFERENT characters +Error 1819 Your password does not satisfy the current policy requirements +grant select on *.* to foo@foobar identified by 'foobar'; +ERROR HY000: Your password does not satisfy the current policy requirements +show warnings; +Level Code Message +Warning 1819 cracklib: it is based on your username +Error 1819 Your password does not satisfy the current policy requirements +grant select on *.* to foobar identified by 'qwerty'; +ERROR HY000: Your password does not satisfy the current policy requirements +show warnings; +Level Code Message +Warning 1819 cracklib: it is based on a dictionary word +Error 1819 Your password does not satisfy the current policy requirements +grant select on *.* to foobar identified by 'q$%^&*rty'; +drop user foobar; +uninstall plugin cracklib_password_check; +create user foo1 identified by 'pwd'; +drop user foo1; diff --git a/mysql-test/suite/plugins/t/cracklib_password_check.test b/mysql-test/suite/plugins/t/cracklib_password_check.test new file mode 100644 index 00000000000..177a77956b4 --- /dev/null +++ b/mysql-test/suite/plugins/t/cracklib_password_check.test @@ -0,0 +1,41 @@ +--source include/not_embedded.inc + +if (!$CRACKLIB_PASSWORD_CHECK_SO) { + skip No CRACKLIB_PASSWORD_CHECK plugin; +} + +install soname "cracklib_password_check"; + +--vertical_results +--replace_result .dll .so +select * from information_schema.plugins where plugin_name='cracklib_password_check'; +--horizontal_results + +--error ER_NOT_VALID_PASSWORD +grant select on *.* to foobar identified by 'foobar'; +show warnings; + +--error ER_NOT_VALID_PASSWORD +grant select on *.* to foobar identified by 'raboof'; +show warnings; + +--error ER_NOT_VALID_PASSWORD +grant select on *.* to foo@barbar identified by 'barbar'; +show warnings; + +--error ER_NOT_VALID_PASSWORD +grant select on *.* to foo@foobar identified by 'foobar'; +show warnings; + +--error ER_NOT_VALID_PASSWORD +grant select on *.* to foobar identified by 'qwerty'; +show warnings; + +grant select on *.* to foobar identified by 'q$%^&*rty'; +drop user foobar; + +uninstall plugin cracklib_password_check; + +create user foo1 identified by 'pwd'; +drop user foo1; + diff --git a/plugin/cracklib_password_check/CMakeLists.txt b/plugin/cracklib_password_check/CMakeLists.txt new file mode 100644 index 00000000000..21c5b7682c9 --- /dev/null +++ b/plugin/cracklib_password_check/CMakeLists.txt @@ -0,0 +1,11 @@ +INCLUDE (CheckIncludeFiles) +INCLUDE (CheckLibraryExists) + +CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H) +CHECK_LIBRARY_EXISTS(crack FascistCheckUser "" HAVE_LIBCRACK) +IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY) + SET(ok 1) +ENDIF() + +MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c + LINK_LIBRARIES crack ONLY_IF ok MODULE_ONLY) diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c new file mode 100644 index 00000000000..cb03c054b22 --- /dev/null +++ b/plugin/cracklib_password_check/cracklib_password_check.c @@ -0,0 +1,83 @@ +/* Copyright (c) 2014, Sergei Golubchik and MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#include <my_config.h> +#include <mysql/plugin_password_validation.h> +#include <crack.h> +#include <string.h> +#include <alloca.h> +#include <my_sys.h> +#include <mysqld_error.h> + +static char *dictionary; + +static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password) +{ + char *user= alloca(username->length + 1); + char *host; + const char *res; + + memcpy(user, username->str, username->length); + if ((host= strchr(user, '@'))) + *host++= 0; + + if ((res= FascistCheckUser(password->str, dictionary, user, host))) + { + my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s", + MYF(ME_JUST_WARNING), res); + return TRUE; + } + + return FALSE; +} + +static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, + "Path to a cracklib dictionary", NULL, NULL, 0); + +/* optional user-friendly nicety */ +void set_default_dictionary_path() __attribute__((constructor)); +void set_default_dictionary_path() +{ + MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict(); +} + +static struct st_mysql_sys_var* sysvars[]= { + MYSQL_SYSVAR(dictionary), + NULL +}; + +static struct st_mysql_password_validation info= +{ + MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION, + crackme +}; + +maria_declare_plugin(cracklib_password_check) +{ + MariaDB_PASSWORD_VALIDATION_PLUGIN, + &info, + "cracklib_password_check", + "Sergei Golubchik", + "Password validation via CrackLib", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + sysvars, + "1.0", + MariaDB_PLUGIN_MATURITY_ALPHA, +} +maria_declare_plugin_end; |