summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--mysql-test/suite/plugins/r/cracklib_password_check.result50
-rw-r--r--mysql-test/suite/plugins/t/cracklib_password_check.test41
-rw-r--r--plugin/cracklib_password_check/CMakeLists.txt11
-rw-r--r--plugin/cracklib_password_check/cracklib_password_check.c83
4 files changed, 185 insertions, 0 deletions
diff --git a/mysql-test/suite/plugins/r/cracklib_password_check.result b/mysql-test/suite/plugins/r/cracklib_password_check.result
new file mode 100644
index 00000000000..f5ca3ed85e9
--- /dev/null
+++ b/mysql-test/suite/plugins/r/cracklib_password_check.result
@@ -0,0 +1,50 @@
+install soname "cracklib_password_check";
+select * from information_schema.plugins where plugin_name='cracklib_password_check';
+PLUGIN_NAME cracklib_password_check
+PLUGIN_VERSION 1.0
+PLUGIN_STATUS ACTIVE
+PLUGIN_TYPE PASSWORD VALIDATION
+PLUGIN_TYPE_VERSION 1.0
+PLUGIN_LIBRARY cracklib_password_check.so
+PLUGIN_LIBRARY_VERSION 1.10
+PLUGIN_AUTHOR Sergei Golubchik
+PLUGIN_DESCRIPTION Password validation via CrackLib
+PLUGIN_LICENSE GPL
+LOAD_OPTION ON
+PLUGIN_MATURITY Alpha
+PLUGIN_AUTH_VERSION 1.0
+grant select on *.* to foobar identified by 'foobar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level Code Message
+Warning 1819 cracklib: it is based on your username
+Error 1819 Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'raboof';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level Code Message
+Warning 1819 cracklib: it is based on your username
+Error 1819 Your password does not satisfy the current policy requirements
+grant select on *.* to foo@barbar identified by 'barbar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level Code Message
+Warning 1819 cracklib: it does not contain enough DIFFERENT characters
+Error 1819 Your password does not satisfy the current policy requirements
+grant select on *.* to foo@foobar identified by 'foobar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level Code Message
+Warning 1819 cracklib: it is based on your username
+Error 1819 Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'qwerty';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level Code Message
+Warning 1819 cracklib: it is based on a dictionary word
+Error 1819 Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'q$%^&*rty';
+drop user foobar;
+uninstall plugin cracklib_password_check;
+create user foo1 identified by 'pwd';
+drop user foo1;
diff --git a/mysql-test/suite/plugins/t/cracklib_password_check.test b/mysql-test/suite/plugins/t/cracklib_password_check.test
new file mode 100644
index 00000000000..177a77956b4
--- /dev/null
+++ b/mysql-test/suite/plugins/t/cracklib_password_check.test
@@ -0,0 +1,41 @@
+--source include/not_embedded.inc
+
+if (!$CRACKLIB_PASSWORD_CHECK_SO) {
+ skip No CRACKLIB_PASSWORD_CHECK plugin;
+}
+
+install soname "cracklib_password_check";
+
+--vertical_results
+--replace_result .dll .so
+select * from information_schema.plugins where plugin_name='cracklib_password_check';
+--horizontal_results
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'foobar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'raboof';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foo@barbar identified by 'barbar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foo@foobar identified by 'foobar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'qwerty';
+show warnings;
+
+grant select on *.* to foobar identified by 'q$%^&*rty';
+drop user foobar;
+
+uninstall plugin cracklib_password_check;
+
+create user foo1 identified by 'pwd';
+drop user foo1;
+
diff --git a/plugin/cracklib_password_check/CMakeLists.txt b/plugin/cracklib_password_check/CMakeLists.txt
new file mode 100644
index 00000000000..21c5b7682c9
--- /dev/null
+++ b/plugin/cracklib_password_check/CMakeLists.txt
@@ -0,0 +1,11 @@
+INCLUDE (CheckIncludeFiles)
+INCLUDE (CheckLibraryExists)
+
+CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H)
+CHECK_LIBRARY_EXISTS(crack FascistCheckUser "" HAVE_LIBCRACK)
+IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY)
+ SET(ok 1)
+ENDIF()
+
+MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c
+ LINK_LIBRARIES crack ONLY_IF ok MODULE_ONLY)
diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c
new file mode 100644
index 00000000000..cb03c054b22
--- /dev/null
+++ b/plugin/cracklib_password_check/cracklib_password_check.c
@@ -0,0 +1,83 @@
+/* Copyright (c) 2014, Sergei Golubchik and MariaDB
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <my_config.h>
+#include <mysql/plugin_password_validation.h>
+#include <crack.h>
+#include <string.h>
+#include <alloca.h>
+#include <my_sys.h>
+#include <mysqld_error.h>
+
+static char *dictionary;
+
+static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password)
+{
+ char *user= alloca(username->length + 1);
+ char *host;
+ const char *res;
+
+ memcpy(user, username->str, username->length);
+ if ((host= strchr(user, '@')))
+ *host++= 0;
+
+ if ((res= FascistCheckUser(password->str, dictionary, user, host)))
+ {
+ my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
+ MYF(ME_JUST_WARNING), res);
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
+ "Path to a cracklib dictionary", NULL, NULL, 0);
+
+/* optional user-friendly nicety */
+void set_default_dictionary_path() __attribute__((constructor));
+void set_default_dictionary_path()
+{
+ MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict();
+}
+
+static struct st_mysql_sys_var* sysvars[]= {
+ MYSQL_SYSVAR(dictionary),
+ NULL
+};
+
+static struct st_mysql_password_validation info=
+{
+ MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
+ crackme
+};
+
+maria_declare_plugin(cracklib_password_check)
+{
+ MariaDB_PASSWORD_VALIDATION_PLUGIN,
+ &info,
+ "cracklib_password_check",
+ "Sergei Golubchik",
+ "Password validation via CrackLib",
+ PLUGIN_LICENSE_GPL,
+ NULL,
+ NULL,
+ 0x0100,
+ NULL,
+ sysvars,
+ "1.0",
+ MariaDB_PLUGIN_MATURITY_ALPHA,
+}
+maria_declare_plugin_end;