MySQL 9.1.0
Source Code Documentation
validate_password.h
Go to the documentation of this file.
1/* Copyright (c) 2017, 2024, Oracle and/or its affiliates.
2
3This program is free software; you can redistribute it and/or modify
4it under the terms of the GNU General Public License, version 2.0,
5as published by the Free Software Foundation.
6
7This program is designed to work with certain software (including
8but not limited to OpenSSL) that is licensed under separate terms,
9as designated in a particular file or component or in included license
10documentation. The authors of MySQL hereby grant you an additional
11permission to link the program and your derivative works with the
12separately licensed software that they have either included with
13the program or referenced in the documentation.
14
15This program is distributed in the hope that it will be useful,
16but WITHOUT ANY WARRANTY; without even the implied warranty of
17MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18GNU General Public License, version 2.0, for more details.
19
20You should have received a copy of the GNU General Public License
21along with this program; if not, write to the Free Software
22Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
23
24#ifndef VALIDATE_PASSWORD_SERVICE_H
25#define VALIDATE_PASSWORD_SERVICE_H
26
29
30/**
31 @ingroup group_components_services_inventory
32
33 Interfaces to enforce a password policy.
34
35 The policy is enfoced through two methods
36 1) validate() that answers the question of whether this password is good
37 enough or not.
38
39 2) get_strength() that can be used by password changing UIs to display
40 a password strength meter in the range of [0-100] as the user enters
41 a password.
42
43 @code
44 REQUIRES_SERVICE(validate_password);
45 bool validate_password(THD *thd, const char *password,
46 unsigned int password_length) {
47 String password_string;
48 password_string.set(password, password_length, &my_charset_utf8mb3_bin);
49 if (mysql_service_validate_password->validate(thd, password_string)) {
50 // Emit error that password does not adhere to policy criteria
51 return true;
52 }
53 return false;
54 }
55
56 unsigned int get_password_strength(THD *thd, const char *password,
57 unsigned int password_length) {
58 String password_string;
59 password_string.set(password, password_length, &my_charset_utf8mb3_bin);
60 unsigned int strength = 0;
61 if (mysql_service_validate_password->get_strength(thd, password_string,
62 &strength)) {
63 return 0;
64 }
65 return strength;
66 }
67 @endcode
68*/
70/**
71 Checks if a password is valid by the password policy.
72
73 @param thd MYSQL THD object
74 @param password Given Password
75 @return Status of performed operation
76 @return false success (valid password)
77 @return true failure (invalid password)
78*/
80
81/**
82 Calculates the strength of a password in the scale of 0 to 100.
83
84 @param thd MYSQL THD object
85 @param password Given Password
86 @param [out] strength pointer to handle the strength of the given password.
87 in the range of [0-100], where 0 is week password and
88 100 is strong password
89 @return Status of performed operation
90 @return false success
91 @return true failure
92*/
93DECLARE_BOOL_METHOD(get_strength,
94 (void *thd, my_h_string password, unsigned int *strength));
95
97
98/**
99 @ingroup group_components_services_inventory
100
101 Service to enforce that new password contains N different characters
102 compared to existing password.
103
104 @code
105 REQUIRES_SERVICE(validate_password_changed_characters)
106 bool compare_passwords(const char *current_password,
107 unsigned int current_password_length,
108 const char * new_oassword,
109 unsigned int new_password_length) {
110 String current_password_string, new_password_string;
111 current_password_string.assign(current_password, current_password_length,
112 &my_charset_utf8mb3_bin);
113 new_password_string.assign(new_password, new_password_length,
114 &my_charset_utf8mb3_bin);
115 unsigned int min_required = 0, changed = 0;
116 if (mysql_service_validate_password_changed_characters->validate(
117 current_password_string, new_password_string,
118 &min_required, &changed)) {
119 // Raise error that min_required characters should be changed
120 return true;
121 }
122 return false;
123 }
124 @endcode
125*/
126
127BEGIN_SERVICE_DEFINITION(validate_password_changed_characters)
128
129/**
130 Validate if number of changed characters matches the pre-configured
131 criteria
132
133 @param [in] current_password Current password
134 @param [in] new_password New password
135 @param [out] minimum_required Minimum required number of changed characters
136 @param [out] changed Actual number of changed characters
137
138 @returns Result of validation
139 @retval false Success
140 @retval true Error
141*/
142DECLARE_BOOL_METHOD(validate,
143 (my_h_string current_password, my_h_string new_password,
144 uint *minimum_required, uint *changed));
145
146END_SERVICE_DEFINITION(validate_password_changed_characters)
147
148#endif /* VALIDATE_PASSWORD_SERVICE_H */
static char * password
Definition: mysql_secure_installation.cc:58
#define END_SERVICE_DEFINITION(name)
A macro to end the last Service definition started with the BEGIN_SERVICE_DEFINITION macro.
Definition: service.h:91
#define BEGIN_SERVICE_DEFINITION(name)
Declares a new Service.
Definition: service.h:86
#define DECLARE_BOOL_METHOD(name, args)
Declares a method that returns bool as a part of the Service definition.
Definition: service.h:112
Definition: mysql_string_service.cc:60
static int validate_password(mysql_string_handle password)
Definition: validate_password.cc:397