MySQL 8.3.0
Source Code Documentation
validate_password.h
Go to the documentation of this file.
1/* Copyright (c) 2017, 2023, Oracle and/or its affiliates.
2
3This program is free software; you can redistribute it and/or modify
4it under the terms of the GNU General Public License, version 2.0,
5as published by the Free Software Foundation.
6
7This program is also distributed with certain software (including
8but not limited to OpenSSL) that is licensed under separate terms,
9as designated in a particular file or component or in included license
10documentation. The authors of MySQL hereby grant you an additional
11permission to link the program and your derivative works with the
12separately licensed software that they have included with MySQL.
13
14This program is distributed in the hope that it will be useful,
15but WITHOUT ANY WARRANTY; without even the implied warranty of
16MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17GNU General Public License, version 2.0, for more details.
18
19You should have received a copy of the GNU General Public License
20along with this program; if not, write to the Free Software
21Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
22
23#ifndef VALIDATE_PASSWORD_SERVICE_H
24#define VALIDATE_PASSWORD_SERVICE_H
25
28
29/**
30 @ingroup group_components_services_inventory
31
32 Interfaces to enforce a password policy.
33
34 The policy is enfoced through two methods
35 1) validate() that answers the question of whether this password is good
36 enough or not.
37
38 2) get_strength() that can be used by password changing UIs to display
39 a password strength meter in the range of [0-100] as the user enters
40 a password.
41
42 @code
43 REQUIRES_SERVICE(validate_password);
44 bool validate_password(THD *thd, const char *password,
45 unsigned int password_length) {
46 String password_string;
47 password_string.set(password, password_length, &my_charset_utf8mb3_bin);
48 if (mysql_service_validate_password->validate(thd, password_string)) {
49 // Emit error that password does not adhere to policy criteria
50 return true;
51 }
52 return false;
53 }
54
55 unsigned int get_password_strength(THD *thd, const char *password,
56 unsigned int password_length) {
57 String password_string;
58 password_string.set(password, password_length, &my_charset_utf8mb3_bin);
59 unsigned int strength = 0;
60 if (mysql_service_validate_password->get_strength(thd, password_string,
61 &strength)) {
62 return 0;
63 }
64 return strength;
65 }
66 @endcode
67*/
69/**
70 Checks if a password is valid by the password policy.
71
72 @param thd MYSQL THD object
73 @param password Given Password
74 @return Status of performed operation
75 @return false success (valid password)
76 @return true failure (invalid password)
77*/
79
80/**
81 Calculates the strength of a password in the scale of 0 to 100.
82
83 @param thd MYSQL THD object
84 @param password Given Password
85 @param [out] strength pointer to handle the strength of the given password.
86 in the range of [0-100], where 0 is week password and
87 100 is strong password
88 @return Status of performed operation
89 @return false success
90 @return true failure
91*/
92DECLARE_BOOL_METHOD(get_strength,
93 (void *thd, my_h_string password, unsigned int *strength));
94
96
97/**
98 @ingroup group_components_services_inventory
99
100 Service to enforce that new password contains N different characters
101 compared to existing password.
102
103 @code
104 REQUIRES_SERVICE(validate_password_changed_characters)
105 bool compare_passwords(const char *current_password,
106 unsigned int current_password_length,
107 const char * new_oassword,
108 unsigned int new_password_length) {
109 String current_password_string, new_password_string;
110 current_password_string.assign(current_password, current_password_length,
111 &my_charset_utf8mb3_bin);
112 new_password_string.assign(new_password, new_password_length,
113 &my_charset_utf8mb3_bin);
114 unsigned int min_required = 0, changed = 0;
115 if (mysql_service_validate_password_changed_characters->validate(
116 current_password_string, new_password_string,
117 &min_required, &changed)) {
118 // Raise error that min_required characters should be changed
119 return true;
120 }
121 return false;
122 }
123 @endcode
124*/
125
126BEGIN_SERVICE_DEFINITION(validate_password_changed_characters)
127
128/**
129 Validate if number of changed characters matches the pre-configured
130 criteria
131
132 @param [in] current_password Current password
133 @param [in] new_password New password
134 @param [out] minimum_required Minimum required number of changed characters
135 @param [out] changed Actual number of changed characters
136
137 @returns Result of validation
138 @retval false Success
139 @retval true Error
140*/
141DECLARE_BOOL_METHOD(validate,
142 (my_h_string current_password, my_h_string new_password,
143 uint *minimum_required, uint *changed));
144
145END_SERVICE_DEFINITION(validate_password_changed_characters)
146
147#endif /* VALIDATE_PASSWORD_SERVICE_H */
static char * password
Definition: mysql_secure_installation.cc:57
#define END_SERVICE_DEFINITION(name)
A macro to end the last Service definition started with the BEGIN_SERVICE_DEFINITION macro.
Definition: service.h:90
#define BEGIN_SERVICE_DEFINITION(name)
Declares a new Service.
Definition: service.h:85
#define DECLARE_BOOL_METHOD(name, args)
Declares a method that returns bool as a part of the Service definition.
Definition: service.h:111
Definition: mysql_string_service.cc:59
static int validate_password(mysql_string_handle password)
Definition: validate_password.cc:396