From 15a2ff1231b7508fa3a2ef9ab6a63e0e3b488157 Mon Sep 17 00:00:00 2001
From: Oleksandr Byelkin <sanja@mariadb.com>
Date: Wed, 20 Oct 2021 11:37:14 +0200
Subject: MDEV-26647 (simple_password_check) Include password validation plugin
 information in the error message if the SQL statement is not satisfied
 password policy

Make the plugin reporting cause of the error.
---
 .../simple_password_check/simple_password_check.c  | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'plugin')

diff --git a/plugin/simple_password_check/simple_password_check.c b/plugin/simple_password_check/simple_password_check.c
index 36459354755..93f759b293b 100644
--- a/plugin/simple_password_check/simple_password_check.c
+++ b/plugin/simple_password_check/simple_password_check.c
@@ -29,7 +29,13 @@ static int validate(MYSQL_CONST_LEX_STRING *username,
   const char *ptr= password->str, *end= ptr + length;
 
   if (strncmp(password->str, username->str, length) == 0)
+  {
+    // warning used to do not change error code
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: The password equal to the user name",
+                    ME_WARNING);
     return 1;
+  }
 
   /* everything non-ascii is the "other" character and is good for the password */
   for(; ptr < end; ptr++)
@@ -43,6 +49,28 @@ static int validate(MYSQL_CONST_LEX_STRING *username,
     else
       others++;
   }
+
+  // warnings used to do not change error code
+  if (length < min_length)
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: Too short password (< %u)",
+                    ME_WARNING, min_length);
+  if (uppers < min_letters)
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: Not enough upper case "
+                    "letters (< %u)",ME_WARNING,  min_letters);
+  if (lowers < min_letters)
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: Not enough lower case "
+                    "letters (< %u)",ME_WARNING,  min_letters);
+  if (digits < min_digits)
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: Not enough digits (< %u)",
+                    ME_WARNING, min_digits);
+  if (others < min_others)
+    my_printf_error(ER_NOT_VALID_PASSWORD,
+                    "simple_password_check: Not enough special "
+                    "characters (< %u)",ME_WARNING,  min_others);
   /* remember TRUE means the password failed the validation */
   return length < min_length  ||
          uppers < min_letters ||
-- 
cgit v1.2.1