#include <mysql/components/my_service.h>
#include <mysql/components/services/log_builtins.h>
#include <mysql/plugin_validate_password.h>
#include <mysql/service_my_plugin_log.h>
#include <mysql/service_mysql_string.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <time.h>
#include <algorithm>
#include <fstream>
#include <set>
#include <string>
#include "my_compiler.h"
#include "my_inttypes.h"
#include "my_psi_config.h"
#include "my_sys.h"
#include "my_systime.h"
#include "mysql/mysql_lex_string.h"
#include "mysql/plugin.h"
#include "mysql/psi/mysql_rwlock.h"
#include "mysql/psi/psi_rwlock.h"
#include "mysql/service_locking.h"
#include "mysql/service_mysql_alloc.h"
#include "mysql/service_security_context.h"
#include "mysqld_error.h"
#include "nulls.h"
#include "sql/sql_error.h"
#include "template_utils.h"
#include "typelib.h"

Macros
#define	MAX_DICTIONARY_FILE_LENGTH 1024 * 1024

#define	PASSWORD_SCORE 25

#define	MIN_DICTIONARY_WORD_LENGTH 4

#define	MAX_PASSWORD_LENGTH 100

Typedefs
typedef std::string	string_type

typedef std::set< string_type >	set_type

Enumerations
enum	password_policy_enum { PASSWORD_POLICY_LOW , PASSWORD_POLICY_MEDIUM , PASSWORD_POLICY_STRONG , PASSWORD_POLICY_LOW , PASSWORD_POLICY_MEDIUM , PASSWORD_POLICY_STRONG }

Functions
THD *	thd_get_current_thd ()
	Get current THD object from thread local data. More...

static void	init_validate_password_psi_keys ()

static void	dictionary_activate (set_type *dict_words)
	Activate the new dictionary. More...

static void	read_dictionary_file ()

static void	free_dictionary_file ()

static int	validate_dictionary_check (mysql_string_handle password)

static bool	my_memcmp_reverse (const char a, size_t a_len, const char b, size_t b_len)
	Compare a sequence of bytes in "a" with the reverse sequence of bytes of "b". More...

static bool	is_valid_user (MYSQL_SECURITY_CONTEXT ctx, const char buffer, int length, const char field_name, const char *logical_name)
	Validate a user name from the security context. More...

static bool	is_valid_password_by_user_name (mysql_string_handle password)
	Check if the password is not the user name. More...

static int	validate_password_policy_strength (mysql_string_handle password, int policy)

static int	validate_password (mysql_string_handle password)

static int	get_password_strength (mysql_string_handle password)

static void	readjust_validate_password_length ()
	Check and readjust effective value of validate_password_length. More...

static int	validate_password_init (MYSQL_PLUGIN plugin_info)

static int	validate_password_deinit (void *arg)

static void	dictionary_update (MYSQL_THD thd, SYS_VAR var, void var_ptr, const void *save)

static void	length_update (MYSQL_THD thd, SYS_VAR var, void var_ptr, const void *save)

static	MYSQL_SYSVAR_INT (length, validate_password_length, PLUGIN_VAR_RQCMDARG, "Password validate length to check for minimum password_length", nullptr, length_update, 8, 0, 0, 0)

static	MYSQL_SYSVAR_INT (number_count, validate_password_number_count, PLUGIN_VAR_RQCMDARG, "password validate digit to ensure minimum numeric character in password", nullptr, length_update, 1, 0, 0, 0)

static	MYSQL_SYSVAR_INT (mixed_case_count, validate_password_mixed_case_count, PLUGIN_VAR_RQCMDARG, "Password validate mixed case to ensure minimum " "upper/lower case in password", nullptr, length_update, 1, 0, 0, 0)

static	MYSQL_SYSVAR_INT (special_char_count, validate_password_special_char_count, PLUGIN_VAR_RQCMDARG, "password validate special to ensure minimum special character in password", nullptr, length_update, 1, 0, 0, 0)

static	MYSQL_SYSVAR_ENUM (policy, validate_password_policy, PLUGIN_VAR_RQCMDARG, "password_validate_policy choosen policy to validate password" "possible values are LOW MEDIUM (default), STRONG", nullptr, nullptr, PASSWORD_POLICY_MEDIUM, &password_policy_typelib_t)

static	MYSQL_SYSVAR_STR (dictionary_file, validate_password_dictionary_file, PLUGIN_VAR_RQCMDARG\|PLUGIN_VAR_MEMALLOC, "password_validate_dictionary file to be loaded and check for password", nullptr, dictionary_update, nullptr)

static	MYSQL_SYSVAR_BOOL (check_user_name, check_user_name, PLUGIN_VAR_NOCMDARG, "Check if the password matches the login or the effective user names " "or the reverse of them", nullptr, nullptr, true)

	mysql_declare_plugin (validate_password)

Variables
static const mysql_service_registry_t *	reg_srv = nullptr

const mysql_service_log_builtins_t *	log_bi = nullptr
	accessor built-ins More...

const mysql_service_log_builtins_string_t *	log_bs = nullptr
	string built-ins More...

mysql_rwlock_t	LOCK_dict_file

PSI_rwlock_key	key_validate_password_LOCK_dict_file

static PSI_rwlock_info	all_validate_password_rwlocks []

static MYSQL_PLUGIN	plugin_info_ptr

static const char *	policy_names [] = {"LOW", "MEDIUM", "STRONG", NullS}

static TYPELIB	password_policy_typelib_t

static set_type *	dictionary_words {nullptr}

static int	validate_password_length

static int	validate_password_number_count

static int	validate_password_mixed_case_count

static int	validate_password_special_char_count

static ulong	validate_password_policy

static char *	validate_password_dictionary_file

static char *	validate_password_dictionary_file_last_parsed = nullptr

static long long	validate_password_dictionary_file_words_count = 0

static bool	check_user_name

static struct st_mysql_validate_password	validate_password_descriptor

static SYS_VAR *	validate_password_system_variables []

static SHOW_VAR	validate_password_status_variables []

	mysql_declare_plugin_end

Macro Definition Documentation

◆ MAX_DICTIONARY_FILE_LENGTH

#define MAX_DICTIONARY_FILE_LENGTH 1024 * 1024

◆ MAX_PASSWORD_LENGTH

#define MAX_PASSWORD_LENGTH 100

◆ MIN_DICTIONARY_WORD_LENGTH

#define MIN_DICTIONARY_WORD_LENGTH 4

◆ PASSWORD_SCORE

#define PASSWORD_SCORE 25

Typedef Documentation

◆ set_type

typedef std::set<string_type> set_type

◆ string_type

typedef std::string string_type

Enumeration Type Documentation

◆ password_policy_enum

enum password_policy_enum

Enumerator
PASSWORD_POLICY_LOW
PASSWORD_POLICY_MEDIUM
PASSWORD_POLICY_STRONG
PASSWORD_POLICY_LOW
PASSWORD_POLICY_MEDIUM
PASSWORD_POLICY_STRONG

Function Documentation

◆ dictionary_activate()

static void dictionary_activate ( set_type * dict_words )

static

Activate the new dictionary.

Assigns a local list to the global variable, taking the correct locks in the process. Also updates the status variables.

Parameters

dict_words new dictionary words set

◆ dictionary_update()

static void dictionary_update	(	MYSQL_THD	thd,
		SYS_VAR *	var,
		void *	var_ptr,
		const void *	save
	)

static

◆ free_dictionary_file()

static void free_dictionary_file ( )

static

◆ get_password_strength()

static int get_password_strength ( mysql_string_handle password )

static

◆ init_validate_password_psi_keys()

static void init_validate_password_psi_keys ( )

static

◆ is_valid_password_by_user_name()

static bool is_valid_password_by_user_name ( mysql_string_handle password )

static

Check if the password is not the user name.

Helper function. Checks if the password supplied is valid to use by comparing it the effected and the login user names to it and to the reverse of it. logs an error to the error log if it can't pick up the names.

Parameters

password the password handle

Return values

true	The password can be used
false	the password is invalid

◆ is_valid_user()

static bool is_valid_user	(	MYSQL_SECURITY_CONTEXT	ctx,
		const char *	buffer,
		int	length,
		const char *	field_name,
		const char *	logical_name
	)

static

Validate a user name from the security context.

A helper function. Validates one user name (as specified by field_name) against the data in buffer/length by comparing the byte sequences in forward and reverse.

Logs an error to the error log if it can't pick up the user names.

Parameters

ctx	the current security context
buffer	the password data
length	the length of buffer
field_name	the id of the security context field to use
logical_name	the name of the field to use in the error message

Return values

true	name can be used
false	name is invalid

◆ length_update()

static void length_update	(	MYSQL_THD	thd,
		SYS_VAR *	var,
		void *	var_ptr,
		const void *	save
	)

static

◆ my_memcmp_reverse()

static bool my_memcmp_reverse	(	const char *	a,
		size_t	a_len,
		const char *	b,
		size_t	b_len
	)

static

Compare a sequence of bytes in "a" with the reverse sequence of bytes of "b".

Parameters

a	the first sequence
a_len	the length of a
b	the second sequence
b_len	the length of b

Return values

true	sequences match
false	sequences don't match

◆ mysql_declare_plugin()

mysql_declare_plugin ( validate_password )

◆ MYSQL_SYSVAR_BOOL()

static MYSQL_SYSVAR_BOOL	(	check_user_name	,
		check_user_name	,
		PLUGIN_VAR_NOCMDARG	,
		"Check if the password matches the login or the effective user names " "or the reverse of them"	,
		nullptr	,
		nullptr	,
		true
	)

static

◆ MYSQL_SYSVAR_ENUM()

static MYSQL_SYSVAR_ENUM	(	policy	,
		validate_password_policy	,
		PLUGIN_VAR_RQCMDARG	,
		"password_validate_policy choosen policy to validate password" "possible values are LOW MEDIUM	default,
		STRONG"	,
		nullptr	,
		nullptr	,
		PASSWORD_POLICY_MEDIUM	,
		&	password_policy_typelib_t
	)

static

◆ MYSQL_SYSVAR_INT() [1/4]

static MYSQL_SYSVAR_INT	(	length	,
		validate_password_length	,
		PLUGIN_VAR_RQCMDARG	,
		"Password validate length to check for minimum password_length"	,
		nullptr	,
		length_update	,
		8	,
		0	,
		0	,
		0
	)

static

◆ MYSQL_SYSVAR_INT() [2/4]

static MYSQL_SYSVAR_INT	(	mixed_case_count	,
		validate_password_mixed_case_count	,
		PLUGIN_VAR_RQCMDARG	,
		"Password validate mixed case to ensure minimum " "upper/lower case in password"	,
		nullptr	,
		length_update	,
		1	,
		0	,
		0	,
		0
	)

static

◆ MYSQL_SYSVAR_INT() [3/4]

static MYSQL_SYSVAR_INT	(	number_count	,
		validate_password_number_count	,
		PLUGIN_VAR_RQCMDARG	,
		"password validate digit to ensure minimum numeric character in password"	,
		nullptr	,
		length_update	,
		1	,
		0	,
		0	,
		0
	)

static

◆ MYSQL_SYSVAR_INT() [4/4]

static MYSQL_SYSVAR_INT	(	special_char_count	,
		validate_password_special_char_count	,
		PLUGIN_VAR_RQCMDARG	,
		"password validate special to ensure minimum special character in password"	,
		nullptr	,
		length_update	,
		1	,
		0	,
		0	,
		0
	)

static

◆ MYSQL_SYSVAR_STR()

static MYSQL_SYSVAR_STR	(	dictionary_file	,
		validate_password_dictionary_file	,
		PLUGIN_VAR_RQCMDARG\|	PLUGIN_VAR_MEMALLOC,
		"password_validate_dictionary file to be loaded and check for password"	,
		nullptr	,
		dictionary_update	,
		nullptr
	)

static

◆ read_dictionary_file()

static void read_dictionary_file ( )

static

◆ readjust_validate_password_length()

static void readjust_validate_password_length ( )

static

Check and readjust effective value of validate_password_length.

Readjust validate_password_length according to the values of validate_password_number_count,validate_password_mixed_case_count and validate_password_special_char_count. This is required at the time plugin installation and as a part of setting new values for any of above mentioned variables.

◆ thd_get_current_thd()

THD * thd_get_current_thd ( )

Get current THD object from thread local data.

Return values

The	THD object for the thread, NULL if not connection thread

◆ validate_dictionary_check()

static int validate_dictionary_check ( mysql_string_handle password )

static

◆ validate_password()

static int validate_password ( mysql_string_handle password )

static

◆ validate_password_deinit()

static int validate_password_deinit ( void * arg )

static

◆ validate_password_init()

static int validate_password_init ( MYSQL_PLUGIN plugin_info )

static

◆ validate_password_policy_strength()

static int validate_password_policy_strength	(	mysql_string_handle	password,
		int	policy
	)

static

Variable Documentation

◆ all_validate_password_rwlocks

PSI_rwlock_info all_validate_password_rwlocks[]

static

Initial value:

= {
    {&key_validate_password_LOCK_dict_file, "LOCK_dict_file", 0, 0,
     PSI_DOCUMENT_ME}}

◆ check_user_name

bool check_user_name

static

◆ dictionary_words

set_type* dictionary_words {nullptr}

static

◆ key_validate_password_LOCK_dict_file

PSI_rwlock_key key_validate_password_LOCK_dict_file

◆ LOCK_dict_file

mysql_rwlock_t LOCK_dict_file

◆ log_bi

const mysql_service_log_builtins_t* log_bi = nullptr

accessor built-ins

◆ log_bs

const mysql_service_log_builtins_string_t* log_bs = nullptr

string built-ins

◆ mysql_declare_plugin_end

mysql_declare_plugin_end

◆ password_policy_typelib_t

TYPELIB password_policy_typelib_t

static

Initial value:

= {array_elements(policy_names) - 1,
                                            "password_policy_typelib_t",
                                            policy_names, nullptr}

◆ plugin_info_ptr

MYSQL_PLUGIN plugin_info_ptr

static

◆ policy_names

const char* policy_names[] = {"LOW", "MEDIUM", "STRONG", NullS}

static

◆ reg_srv

const mysql_service_registry_t* reg_srv = nullptr

static

◆ validate_password_descriptor

struct st_mysql_validate_password validate_password_descriptor

static

Initial value:

= {
    MYSQL_VALIDATE_PASSWORD_INTERFACE_VERSION,
    validate_password,    
    get_password_strength 
}

◆ validate_password_dictionary_file

char* validate_password_dictionary_file

static

◆ validate_password_dictionary_file_last_parsed

char* validate_password_dictionary_file_last_parsed = nullptr

static

◆ validate_password_dictionary_file_words_count

long long validate_password_dictionary_file_words_count = 0

static

◆ validate_password_length

int validate_password_length

static

◆ validate_password_mixed_case_count

int validate_password_mixed_case_count

static

◆ validate_password_number_count

int validate_password_number_count

static

◆ validate_password_policy

ulong validate_password_policy

static

◆ validate_password_special_char_count

int validate_password_special_char_count

static

◆ validate_password_status_variables

SHOW_VAR validate_password_status_variables[]

static

Initial value:

= {
    {"validate_password_dictionary_file_last_parsed",
     (char *)&validate_password_dictionary_file_last_parsed, SHOW_CHAR_PTR,
     SHOW_SCOPE_GLOBAL},
    {"validate_password_dictionary_file_words_count",
     (char *)&validate_password_dictionary_file_words_count, SHOW_LONGLONG,
     SHOW_SCOPE_GLOBAL},
    {NullS, NullS, SHOW_LONG, SHOW_SCOPE_GLOBAL}}

◆ validate_password_system_variables

SYS_VAR* validate_password_system_variables[]

static

Initial value:

= {
    MYSQL_SYSVAR(length),           MYSQL_SYSVAR(number_count),
    MYSQL_SYSVAR(mixed_case_count), MYSQL_SYSVAR(special_char_count),
    MYSQL_SYSVAR(policy),           MYSQL_SYSVAR(dictionary_file),
    MYSQL_SYSVAR(check_user_name),  nullptr}

Macros

Typedefs

Enumerations

Functions

Variables

Macro Definition Documentation

◆ MAX_DICTIONARY_FILE_LENGTH

◆ MAX_PASSWORD_LENGTH

◆ MIN_DICTIONARY_WORD_LENGTH

◆ PASSWORD_SCORE

Typedef Documentation

◆ set_type

◆ string_type

Enumeration Type Documentation

◆ password_policy_enum

Function Documentation

◆ dictionary_activate()

◆ dictionary_update()

◆ free_dictionary_file()

◆ get_password_strength()

◆ init_validate_password_psi_keys()

◆ is_valid_password_by_user_name()

◆ is_valid_user()

◆ length_update()

◆ my_memcmp_reverse()

◆ mysql_declare_plugin()

◆ MYSQL_SYSVAR_BOOL()

◆ MYSQL_SYSVAR_ENUM()

◆ MYSQL_SYSVAR_INT() [1/4]

◆ MYSQL_SYSVAR_INT() [2/4]

◆ MYSQL_SYSVAR_INT() [3/4]

◆ MYSQL_SYSVAR_INT() [4/4]

◆ MYSQL_SYSVAR_STR()

◆ read_dictionary_file()

◆ readjust_validate_password_length()

◆ thd_get_current_thd()

◆ validate_dictionary_check()

◆ validate_password()

◆ validate_password_deinit()

◆ validate_password_init()

◆ validate_password_policy_strength()

Variable Documentation

◆ all_validate_password_rwlocks

◆ check_user_name

◆ dictionary_words

◆ key_validate_password_LOCK_dict_file

◆ LOCK_dict_file

◆ log_bi

◆ log_bs

◆ mysql_declare_plugin_end

◆ password_policy_typelib_t

◆ plugin_info_ptr

◆ policy_names

◆ reg_srv

◆ validate_password_descriptor

◆ validate_password_dictionary_file

◆ validate_password_dictionary_file_last_parsed

◆ validate_password_dictionary_file_words_count

◆ validate_password_length

◆ validate_password_mixed_case_count

◆ validate_password_number_count

◆ validate_password_policy

◆ validate_password_special_char_count

◆ validate_password_status_variables

◆ validate_password_system_variables