cracklib_password_check plugin

mysql-test/suite/plugins/r/cracklib_password_check.result

@@ -0,0 +1,50 @@
+install soname "cracklib_password_check";
+select * from information_schema.plugins where plugin_name='cracklib_password_check';
+PLUGIN_NAME	cracklib_password_check
+PLUGIN_VERSION	1.0
+PLUGIN_STATUS	ACTIVE
+PLUGIN_TYPE	PASSWORD VALIDATION
+PLUGIN_TYPE_VERSION	1.0
+PLUGIN_LIBRARY	cracklib_password_check.so
+PLUGIN_LIBRARY_VERSION	1.10
+PLUGIN_AUTHOR	Sergei Golubchik
+PLUGIN_DESCRIPTION	Password validation via CrackLib
+PLUGIN_LICENSE	GPL
+LOAD_OPTION	ON
+PLUGIN_MATURITY	Alpha
+PLUGIN_AUTH_VERSION	1.0
+grant select on *.* to foobar identified by 'foobar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level	Code	Message
+Warning	1819	cracklib: it is based on your username
+Error	1819	Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'raboof';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level	Code	Message
+Warning	1819	cracklib: it is based on your username
+Error	1819	Your password does not satisfy the current policy requirements
+grant select on *.* to foo@barbar identified by 'barbar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level	Code	Message
+Warning	1819	cracklib: it does not contain enough DIFFERENT characters
+Error	1819	Your password does not satisfy the current policy requirements
+grant select on *.* to foo@foobar identified by 'foobar';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level	Code	Message
+Warning	1819	cracklib: it is based on your username
+Error	1819	Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'qwerty';
+ERROR HY000: Your password does not satisfy the current policy requirements
+show warnings;
+Level	Code	Message
+Warning	1819	cracklib: it is based on a dictionary word
+Error	1819	Your password does not satisfy the current policy requirements
+grant select on *.* to foobar identified by 'q$%^&*rty';
+drop user foobar;
+uninstall plugin cracklib_password_check;
+create user foo1 identified by 'pwd';
+drop user foo1;

mysql-test/suite/plugins/t/cracklib_password_check.test

@@ -0,0 +1,41 @@
+--source include/not_embedded.inc
+
+if (!$CRACKLIB_PASSWORD_CHECK_SO) {
+  skip No CRACKLIB_PASSWORD_CHECK plugin;
+}
+
+install soname "cracklib_password_check";
+
+--vertical_results
+--replace_result .dll .so
+select * from information_schema.plugins where plugin_name='cracklib_password_check';
+--horizontal_results
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'foobar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'raboof';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foo@barbar identified by 'barbar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foo@foobar identified by 'foobar';
+show warnings;
+
+--error ER_NOT_VALID_PASSWORD
+grant select on *.* to foobar identified by 'qwerty';
+show warnings;
+
+grant select on *.* to foobar identified by 'q$%^&*rty';
+drop user foobar;
+
+uninstall plugin cracklib_password_check;
+
+create user foo1 identified by 'pwd';
+drop user foo1;
+

plugin/cracklib_password_check/CMakeLists.txt

@@ -0,0 +1,11 @@
+INCLUDE (CheckIncludeFiles)
+INCLUDE (CheckLibraryExists)
+
+CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H)
+CHECK_LIBRARY_EXISTS(crack FascistCheckUser "" HAVE_LIBCRACK)
+IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY)
+  SET(ok 1)
+ENDIF()
+
+MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c
+  LINK_LIBRARIES crack ONLY_IF ok MODULE_ONLY)

plugin/cracklib_password_check/cracklib_password_check.c

@@ -0,0 +1,83 @@
+/* Copyright (c) 2014, Sergei Golubchik and MariaDB
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <my_config.h>
+#include <mysql/plugin_password_validation.h>
+#include <crack.h>
+#include <string.h>
+#include <alloca.h>
+#include <my_sys.h>
+#include <mysqld_error.h>
+
+static char *dictionary;
+
+static int crackme(MYSQL_LEX_STRING *username, MYSQL_LEX_STRING *password)
+{
+  char *user= alloca(username->length + 1);
+  char *host;
+  const char *res;
+
+  memcpy(user, username->str, username->length);
+  if ((host= strchr(user, '@')))
+    *host++= 0;
+
+  if ((res= FascistCheckUser(password->str, dictionary, user, host)))
+  {
+    my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
+                    MYF(ME_JUST_WARNING), res);
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
+  "Path to a cracklib dictionary", NULL, NULL, 0);
+
+/* optional user-friendly nicety */
+void set_default_dictionary_path() __attribute__((constructor));
+void set_default_dictionary_path()
+{
+  MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict();
+}
+
+static struct st_mysql_sys_var* sysvars[]= {
+  MYSQL_SYSVAR(dictionary),
+  NULL
+};
+
+static struct st_mysql_password_validation info=
+{
+  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
+  crackme
+};
+
+maria_declare_plugin(cracklib_password_check)
+{
+  MariaDB_PASSWORD_VALIDATION_PLUGIN,
+  &info,
+  "cracklib_password_check",
+  "Sergei Golubchik",
+  "Password validation via CrackLib",
+  PLUGIN_LICENSE_GPL,
+  NULL,
+  NULL,
+  0x0100,
+  NULL,
+  sysvars,
+  "1.0",
+  MariaDB_PLUGIN_MATURITY_ALPHA,
+}
+maria_declare_plugin_end;