1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
/* Copyright (c) 2014, Sergei Golubchik and MariaDB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */
#include <my_global.h>
#include <mysql/plugin_password_validation.h>
#include <crack.h>
#include <string.h>
#include <mysqld_error.h>
static char *dictionary;
static int crackme(const MYSQL_CONST_LEX_STRING *username,
const MYSQL_CONST_LEX_STRING *password,
const MYSQL_CONST_LEX_STRING *hostname)
{
char *user= alloca(username->length + 1);
char *full_name= alloca(hostname->length + username->length + 2);
const char *res;
memcpy(user, username->str, username->length);
user[username->length]= 0;
memcpy(full_name, username->str, username->length);
full_name[username->length]= '@';
memcpy(full_name + username->length + 1, hostname->str, hostname->length);
full_name[hostname->length+ username->length + 1]= 0;
if ((res= FascistCheckUser(password->str, dictionary, user, full_name)))
{
my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s",
ME_WARNING, res);
return 1;
}
return 0;
}
static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
"Path to a cracklib dictionary", NULL, NULL, 0);
/* optional user-friendly nicety */
void set_default_dictionary_path() __attribute__((constructor));
void set_default_dictionary_path()
{
MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict();
}
static struct st_mysql_sys_var* sysvars[]= {
MYSQL_SYSVAR(dictionary),
NULL
};
static struct st_mariadb_password_validation info=
{
MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
crackme
};
maria_declare_plugin(cracklib_password_check)
{
MariaDB_PASSWORD_VALIDATION_PLUGIN,
&info,
"cracklib_password_check",
"Sergei Golubchik",
"Password validation via CrackLib",
PLUGIN_LICENSE_GPL,
NULL,
NULL,
0x0100,
NULL,
sysvars,
"1.0",
MariaDB_PLUGIN_MATURITY_STABLE
}
maria_declare_plugin_end;
|
