MySQL 8.4.3
Source Code Documentation
|
#include <mysql/components/my_service.h>
#include <mysql/components/services/log_builtins.h>
#include <mysql/plugin_validate_password.h>
#include <mysql/service_my_plugin_log.h>
#include <mysql/service_mysql_string.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <time.h>
#include <algorithm>
#include <fstream>
#include <set>
#include <string>
#include "my_compiler.h"
#include "my_inttypes.h"
#include "my_psi_config.h"
#include "my_sys.h"
#include "my_systime.h"
#include "mysql/mysql_lex_string.h"
#include "mysql/plugin.h"
#include "mysql/psi/mysql_rwlock.h"
#include "mysql/psi/psi_rwlock.h"
#include "mysql/service_locking.h"
#include "mysql/service_mysql_alloc.h"
#include "mysql/service_security_context.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "sql/sql_error.h"
#include "template_utils.h"
#include "typelib.h"
Macros | |
#define | MAX_DICTIONARY_FILE_LENGTH 1024 * 1024 |
#define | PASSWORD_SCORE 25 |
#define | MIN_DICTIONARY_WORD_LENGTH 4 |
#define | MAX_PASSWORD_LENGTH 100 |
Typedefs | |
typedef std::string | string_type |
typedef std::set< string_type > | set_type |
Enumerations | |
enum | password_policy_enum { PASSWORD_POLICY_LOW , PASSWORD_POLICY_MEDIUM , PASSWORD_POLICY_STRONG , PASSWORD_POLICY_LOW , PASSWORD_POLICY_MEDIUM , PASSWORD_POLICY_STRONG } |
Functions | |
THD * | thd_get_current_thd () |
Get current THD object from thread local data. More... | |
static void | init_validate_password_psi_keys () |
static void | dictionary_activate (set_type *dict_words) |
Activate the new dictionary. More... | |
static void | read_dictionary_file () |
static void | free_dictionary_file () |
static int | validate_dictionary_check (mysql_string_handle password) |
static bool | my_memcmp_reverse (const char *a, size_t a_len, const char *b, size_t b_len) |
Compare a sequence of bytes in "a" with the reverse sequence of bytes of "b". More... | |
static bool | is_valid_user (MYSQL_SECURITY_CONTEXT ctx, const char *buffer, int length, const char *field_name, const char *logical_name) |
Validate a user name from the security context. More... | |
static bool | is_valid_password_by_user_name (mysql_string_handle password) |
Check if the password is not the user name. More... | |
static int | validate_password_policy_strength (mysql_string_handle password, int policy) |
static int | validate_password (mysql_string_handle password) |
static int | get_password_strength (mysql_string_handle password) |
static void | readjust_validate_password_length () |
Check and readjust effective value of validate_password_length. More... | |
static int | validate_password_init (MYSQL_PLUGIN plugin_info) |
static int | validate_password_deinit (void *arg) |
static void | dictionary_update (MYSQL_THD thd, SYS_VAR *var, void *var_ptr, const void *save) |
static void | length_update (MYSQL_THD thd, SYS_VAR *var, void *var_ptr, const void *save) |
static | MYSQL_SYSVAR_INT (length, validate_password_length, PLUGIN_VAR_RQCMDARG, "Password validate length to check for minimum password_length", nullptr, length_update, 8, 0, 0, 0) |
static | MYSQL_SYSVAR_INT (number_count, validate_password_number_count, PLUGIN_VAR_RQCMDARG, "password validate digit to ensure minimum numeric character in password", nullptr, length_update, 1, 0, 0, 0) |
static | MYSQL_SYSVAR_INT (mixed_case_count, validate_password_mixed_case_count, PLUGIN_VAR_RQCMDARG, "Password validate mixed case to ensure minimum " "upper/lower case in password", nullptr, length_update, 1, 0, 0, 0) |
static | MYSQL_SYSVAR_INT (special_char_count, validate_password_special_char_count, PLUGIN_VAR_RQCMDARG, "password validate special to ensure minimum special character in password", nullptr, length_update, 1, 0, 0, 0) |
static | MYSQL_SYSVAR_ENUM (policy, validate_password_policy, PLUGIN_VAR_RQCMDARG, "password_validate_policy choosen policy to validate password" "possible values are LOW MEDIUM (default), STRONG", nullptr, nullptr, PASSWORD_POLICY_MEDIUM, &password_policy_typelib_t) |
static | MYSQL_SYSVAR_STR (dictionary_file, validate_password_dictionary_file, PLUGIN_VAR_RQCMDARG|PLUGIN_VAR_MEMALLOC, "password_validate_dictionary file to be loaded and check for password", nullptr, dictionary_update, nullptr) |
static | MYSQL_SYSVAR_BOOL (check_user_name, check_user_name, PLUGIN_VAR_NOCMDARG, "Check if the password matches the login or the effective user names " "or the reverse of them", nullptr, nullptr, true) |
mysql_declare_plugin (validate_password) | |
#define MAX_DICTIONARY_FILE_LENGTH 1024 * 1024 |
#define MAX_PASSWORD_LENGTH 100 |
#define MIN_DICTIONARY_WORD_LENGTH 4 |
#define PASSWORD_SCORE 25 |
typedef std::set<string_type> set_type |
typedef std::string string_type |
enum password_policy_enum |
|
static |
Activate the new dictionary.
Assigns a local list to the global variable, taking the correct locks in the process. Also updates the status variables.
dict_words | new dictionary words set |
|
static |
|
static |
|
static |
|
static |
|
static |
Check if the password is not the user name.
Helper function. Checks if the password supplied is valid to use by comparing it the effected and the login user names to it and to the reverse of it. logs an error to the error log if it can't pick up the names.
password | the password handle |
true | The password can be used |
false | the password is invalid |
|
static |
Validate a user name from the security context.
A helper function. Validates one user name (as specified by field_name) against the data in buffer/length by comparing the byte sequences in forward and reverse.
Logs an error to the error log if it can't pick up the user names.
ctx | the current security context |
buffer | the password data |
length | the length of buffer |
field_name | the id of the security context field to use |
logical_name | the name of the field to use in the error message |
true | name can be used |
false | name is invalid |
|
static |
|
static |
Compare a sequence of bytes in "a" with the reverse sequence of bytes of "b".
a | the first sequence |
a_len | the length of a |
b | the second sequence |
b_len | the length of b |
true | sequences match |
false | sequences don't match |
mysql_declare_plugin | ( | validate_password | ) |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
Check and readjust effective value of validate_password_length.
Readjust validate_password_length according to the values of validate_password_number_count,validate_password_mixed_case_count and validate_password_special_char_count. This is required at the time plugin installation and as a part of setting new values for any of above mentioned variables.
THD * thd_get_current_thd | ( | ) |
Get current THD object from thread local data.
The | THD object for the thread, NULL if not connection thread |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
PSI_rwlock_key key_validate_password_LOCK_dict_file |
mysql_rwlock_t LOCK_dict_file |
const mysql_service_log_builtins_t* log_bi = nullptr |
accessor built-ins
accessor built-ins
const mysql_service_log_builtins_string_t* log_bs = nullptr |
string built-ins
mysql_declare_plugin_end |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |