diff options
Diffstat (limited to 'plugin/cracklib_password_check')
-rw-r--r-- | plugin/cracklib_password_check/CMakeLists.txt | 13 | ||||
-rw-r--r-- | plugin/cracklib_password_check/cracklib_password_check.c | 83 |
2 files changed, 96 insertions, 0 deletions
diff --git a/plugin/cracklib_password_check/CMakeLists.txt b/plugin/cracklib_password_check/CMakeLists.txt new file mode 100644 index 00000000..81db865e --- /dev/null +++ b/plugin/cracklib_password_check/CMakeLists.txt @@ -0,0 +1,13 @@ +INCLUDE (CheckIncludeFiles) +INCLUDE (CheckLibraryExists) + +CHECK_LIBRARY_EXISTS(crack FascistCheckUser "" HAVE_LIBCRACK) + +SET(CMAKE_REQUIRED_DEFINITIONS -Dsize_t=int) # debian hack, debian bug. +CHECK_INCLUDE_FILES (crack.h HAVE_CRACK_H) + +IF (HAVE_ALLOCA_H AND HAVE_CRACK_H AND HAVE_LIBCRACK AND HAVE_MEMCPY) + MYSQL_ADD_PLUGIN(cracklib_password_check cracklib_password_check.c + LINK_LIBRARIES crack MODULE_ONLY + COMPONENT cracklib-password-check) +ENDIF() diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c new file mode 100644 index 00000000..20294b07 --- /dev/null +++ b/plugin/cracklib_password_check/cracklib_password_check.c @@ -0,0 +1,83 @@ +/* Copyright (c) 2014, Sergei Golubchik and MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ + +#include <mysql/plugin_password_validation.h> +#include <crack.h> +#include <string.h> +#include <alloca.h> +#include <mysqld_error.h> + +static char *dictionary; + +static int crackme(const MYSQL_CONST_LEX_STRING *username, + const MYSQL_CONST_LEX_STRING *password) +{ + char *user= alloca(username->length + 1); + char *host; + const char *res; + + memcpy(user, username->str, username->length); + user[username->length]= 0; + if ((host= strchr(user, '@'))) + *host++= 0; + + if ((res= FascistCheckUser(password->str, dictionary, user, host))) + { + my_printf_error(ER_NOT_VALID_PASSWORD, "cracklib: %s", + ME_WARNING, res); + return 1; + } + + return 0; +} + +static MYSQL_SYSVAR_STR(dictionary, dictionary, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, + "Path to a cracklib dictionary", NULL, NULL, 0); + +/* optional user-friendly nicety */ +void set_default_dictionary_path() __attribute__((constructor)); +void set_default_dictionary_path() +{ + MYSQL_SYSVAR_NAME(dictionary).def_val = GetDefaultCracklibDict(); +} + +static struct st_mysql_sys_var* sysvars[]= { + MYSQL_SYSVAR(dictionary), + NULL +}; + +static struct st_mariadb_password_validation info= +{ + MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION, + crackme +}; + +maria_declare_plugin(cracklib_password_check) +{ + MariaDB_PASSWORD_VALIDATION_PLUGIN, + &info, + "cracklib_password_check", + "Sergei Golubchik", + "Password validation via CrackLib", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + sysvars, + "1.0", + MariaDB_PLUGIN_MATURITY_STABLE +} +maria_declare_plugin_end; |