plugin/simple_password_check/simple_password_check.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

/* Copyright (c) 2014, Sergei Golubchik and MariaDB
   Copyright (c) 2012, 2013, Oracle and/or its affiliates.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; version 2 of the License.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */

#include <mysqld_error.h>
#include <my_attribute.h>
#include <mysql/plugin_password_validation.h>
#include <ctype.h>
#include <string.h>

static unsigned min_length, min_digits, min_letters, min_others;

static int validate(const MYSQL_CONST_LEX_STRING *username,
                    const MYSQL_CONST_LEX_STRING *password)
{
  unsigned digits=0 , uppers=0 , lowers=0, others=0, length= (unsigned)password->length;
  const char *ptr= password->str, *end= ptr + length;

  if (strncmp(password->str, username->str, length) == 0)
  {
    // warning used to do not change error code
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: The password equal to the user name",
                    ME_WARNING);
    return 1;
  }

  /* everything non-ascii is the "other" character and is good for the password */
  for(; ptr < end; ptr++)
  {
    if (isdigit(*ptr))
      digits++;
    else if (isupper(*ptr))
      uppers++;
    else if (islower(*ptr))
      lowers++;
    else
      others++;
  }

  // warnings used to do not change error code
  if (length < min_length)
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: Too short password (< %u)",
                    ME_WARNING, min_length);
  if (uppers < min_letters)
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: Not enough upper case "
                    "letters (< %u)",ME_WARNING,  min_letters);
  if (lowers < min_letters)
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: Not enough lower case "
                    "letters (< %u)",ME_WARNING,  min_letters);
  if (digits < min_digits)
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: Not enough digits (< %u)",
                    ME_WARNING, min_digits);
  if (others < min_others)
    my_printf_error(ER_NOT_VALID_PASSWORD,
                    "simple_password_check: Not enough special "
                    "characters (< %u)",ME_WARNING,  min_others);
  /* remember TRUE means the password failed the validation */
  return length < min_length  ||
         uppers < min_letters ||
         lowers < min_letters ||
         digits < min_digits  ||
         others < min_others;
}

static void fix_min_length(MYSQL_THD thd __attribute__((unused)),
                           struct st_mysql_sys_var *var
                           __attribute__((unused)),
                           void *var_ptr, const void *save)
{
  unsigned int new_min_length;
  *((unsigned int *)var_ptr)= *((unsigned int *)save);
  new_min_length= min_digits + 2 * min_letters + min_others;
  if (min_length < new_min_length)
  {
    my_printf_error(ER_TRUNCATED_WRONG_VALUE,
                    "Adjusted the value of simple_password_check_minimal_length "
                    "from %u to %u", ME_WARNING, min_length, new_min_length);
    min_length= new_min_length;
  }
}


static MYSQL_SYSVAR_UINT(minimal_length, min_length, PLUGIN_VAR_RQCMDARG,
  "Minimal required password length", NULL, fix_min_length, 8, 0, 1000, 1);

static MYSQL_SYSVAR_UINT(digits, min_digits, PLUGIN_VAR_RQCMDARG,
  "Minimal required number of digits", NULL, fix_min_length, 1, 0, 1000, 1);

static MYSQL_SYSVAR_UINT(letters_same_case, min_letters, PLUGIN_VAR_RQCMDARG,
  "Minimal required number of letters of the same letter case."
  "This limit is applied separately to upper-case and lower-case letters",
  NULL, fix_min_length, 1, 0, 1000, 1);

static MYSQL_SYSVAR_UINT(other_characters, min_others, PLUGIN_VAR_RQCMDARG,
  "Minimal required number of other (not letters or digits) characters",
  NULL, fix_min_length, 1, 0, 1000, 1);

static struct st_mysql_sys_var* sysvars[]= {
  MYSQL_SYSVAR(minimal_length),
  MYSQL_SYSVAR(digits),
  MYSQL_SYSVAR(letters_same_case),
  MYSQL_SYSVAR(other_characters),
  NULL
};

static struct st_mariadb_password_validation info=
{
  MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION,
  validate
};

maria_declare_plugin(simple_password_check)
{
  MariaDB_PASSWORD_VALIDATION_PLUGIN,
  &info,
  "simple_password_check",
  "Sergei Golubchik",
  "Simple password strength checks",
  PLUGIN_LICENSE_GPL,
  NULL,
  NULL,
  0x0100,
  NULL,
  sysvars,
  "1.0",
  MariaDB_PLUGIN_MATURITY_STABLE
}
maria_declare_plugin_end;