database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

password validation function in sql_acl.cc

Browse Source
This commit is contained in:
Sergei Golubchik
2014-11-25 18:53:40 +01:00
parent c98b2b393d
commit 8934794a70
3 changed files with 98 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
mysql-test/suite/plugins/r/simple_password_check.result
View File

@ -70,4 +70,35 @@ NUMERIC_BLOCK_SIZE 1
ENUM_VALUE_LIST NULL ENUM_VALUE_LIST NULL
READ_ONLY NO READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED COMMAND_LINE_ARGUMENT REQUIRED
create user foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to foo1 identified by 'pwd';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
ERROR HY000: Your password does not satisfy the current policy requirements
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';
Variable_name Value
simple_password_check_digits 3
simple_password_check_letters_same_case 3
simple_password_check_minimal_length 12
simple_password_check_other_characters 3
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
create user foo1 identified by '-23:qwe:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:4we:ASD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:4SD!';
ERROR HY000: Your password does not satisfy the current policy requirements
create user foo1 identified by '123:qwe:ASD4';
ERROR HY000: Your password does not satisfy the current policy requirements
uninstall plugin simple_password_check; uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;

39
mysql-test/suite/plugins/t/simple_password_check.test
View File

@ -13,4 +13,43 @@ select * from information_schema.plugins where plugin_name='simple_password_chec
select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1; select * from information_schema.system_variables where variable_name like 'simple_password_check%' order by 1;
--horizontal_results --horizontal_results
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by 'pwd';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to foo1 identified by 'pwd';
--error ER_NOT_VALID_PASSWORD
grant select on *.* to `FooBar1!` identified by 'FooBar1!';
grant select on *.* to `BarFoo1!` identified by 'FooBar1!';
drop user `BarFoo1!`;
create user foo1 identified by 'aA.12345';
drop user foo1;
set global simple_password_check_digits=3;
set global simple_password_check_letters_same_case=3;
set global simple_password_check_other_characters=3;
show variables like 'simple_password_check_%';
create user foo1 identified by '123:qwe:ASD!';
drop user foo1;
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '-23:qwe:ASD!';
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:4we:ASD!';
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:4SD!';
--error ER_NOT_VALID_PASSWORD
create user foo1 identified by '123:qwe:ASD4';
uninstall plugin simple_password_check; uninstall plugin simple_password_check;
create user foo1 identified by 'pwd';
drop user foo1;

28
sql/sql_acl.cc
View File

@ -47,6 +47,7 @@
#include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT #include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT
#include <sql_common.h> #include <sql_common.h>
#include <mysql/plugin_auth.h> #include <mysql/plugin_auth.h>
#include <mysql/plugin_password_validation.h>
#include "sql_connect.h" #include "sql_connect.h"
#include "hostname.h" #include "hostname.h"
#include "sql_db.h" #include "sql_db.h"
@ -872,6 +873,24 @@ static void free_acl_role(ACL_ROLE *role)
delete_dynamic(&(role->parent_grantee)); delete_dynamic(&(role->parent_grantee));
} }
struct validation_data { LEX_STRING *user, *password; };
static my_bool do_validate(THD *, plugin_ref plugin, void *arg)
{
struct validation_data *data= (struct validation_data *)arg;
struct st_mysql_password_validation *handler=
(st_mysql_password_validation *)plugin_decl(plugin)->info;
return handler->validate_password(data->user, data->password);
}
static bool validate_password(LEX_STRING *user, LEX_STRING *password)
{
struct validation_data data= { user, password };
return plugin_foreach(NULL, do_validate,
MariaDB_PASSWORD_VALIDATION_PLUGIN, &data);
}
/** /**
Convert scrambled password to binary form, according to scramble type, Convert scrambled password to binary form, according to scramble type,
Binary form is stored in user.salt. Binary form is stored in user.salt.
@ -977,6 +996,15 @@ static bool fix_lex_user(THD *thd, LEX_USER *user)
return true; return true;
} }
if (user->password.length || !user->auth.length)
{
if (validate_password(&user->user, &user->password))
{
my_error(ER_NOT_VALID_PASSWORD, MYF(0));
return true;
}
}
if (user->password.length) if (user->password.length)
{ {
size_t scramble_length; size_t scramble_length;