3885 Ashish Agarwal 2012-05-10
wl2739: Auditing Password Security
Build failure in windows.
modified:
include/mysql/plugin_audit.h.pp
include/mysql/plugin_auth.h.pp
include/mysql/plugin_ftparser.h.pp
include/mysql/service_password_string.h
mysql-test/r/validate_password_plugin.result
mysql-test/t/validate_password_plugin.test
plugin/password_validation/validate_password.cc
sql/share/CMakeLists.txt
3884 Ashish Agarwal 2012-05-10
wl2739: Auditing Password Security
Impementing review comments.
removed:
plugin/password_validation/dictionary.txt
added:
include/mysql/service_password_string.h
libservices/password_string_service.c
sql/share/dictionary.txt
modified:
include/mysql/plugin.h
include/mysql/plugin_audit.h.pp
include/mysql/plugin_auth.h.pp
include/mysql/plugin_ftparser.h.pp
include/mysql/plugin_validate_password.h
include/mysql/services.h
include/service_versions.h
libservices/CMakeLists.txt
mysql-test/r/validate_password_plugin.result
mysql-test/t/validate_password_plugin.test
plugin/password_validation/CMakeLists.txt
plugin/password_validation/validate_password.cc
sql/item_func.cc
sql/share/CMakeLists.txt
sql/sql_acl.cc
sql/sql_plugin.h
sql/sql_plugin_services.h
support-files/CMakeLists.txt
support-files/my-huge.cnf.sh
support-files/my-large.cnf.sh
support-files/my-medium.cnf.sh
support-files/my-small.cnf.sh
=== modified file 'include/mysql/plugin_audit.h.pp'
--- a/include/mysql/plugin_audit.h.pp 2012-05-10 10:54:37 +0000
+++ b/include/mysql/plugin_audit.h.pp 2012-05-10 14:15:01 +0000
@@ -76,10 +76,10 @@ int my_plugin_log_message(MYSQL_PLUGIN *
#include <mysql/service_password_string.h>
struct password_char_case
{
- size_t has_numbers;
- size_t has_lower;
- size_t has_upper;
- size_t has_special_chars;
+ int has_numbers;
+ int has_lower;
+ int has_upper;
+ int has_special_chars;
};
typedef struct password_char_case PASSWORD_CHAR_CASE;
extern struct password_string_service_st {
=== modified file 'include/mysql/plugin_auth.h.pp'
--- a/include/mysql/plugin_auth.h.pp 2012-05-10 10:54:37 +0000
+++ b/include/mysql/plugin_auth.h.pp 2012-05-10 14:15:01 +0000
@@ -76,10 +76,10 @@ int my_plugin_log_message(MYSQL_PLUGIN *
#include <mysql/service_password_string.h>
struct password_char_case
{
- size_t has_numbers;
- size_t has_lower;
- size_t has_upper;
- size_t has_special_chars;
+ int has_numbers;
+ int has_lower;
+ int has_upper;
+ int has_special_chars;
};
typedef struct password_char_case PASSWORD_CHAR_CASE;
extern struct password_string_service_st {
=== modified file 'include/mysql/plugin_ftparser.h.pp'
--- a/include/mysql/plugin_ftparser.h.pp 2012-05-10 10:54:37 +0000
+++ b/include/mysql/plugin_ftparser.h.pp 2012-05-10 14:15:01 +0000
@@ -76,10 +76,10 @@ int my_plugin_log_message(MYSQL_PLUGIN *
#include <mysql/service_password_string.h>
struct password_char_case
{
- size_t has_numbers;
- size_t has_lower;
- size_t has_upper;
- size_t has_special_chars;
+ int has_numbers;
+ int has_lower;
+ int has_upper;
+ int has_special_chars;
};
typedef struct password_char_case PASSWORD_CHAR_CASE;
extern struct password_string_service_st {
=== modified file 'include/mysql/service_password_string.h'
--- a/include/mysql/service_password_string.h 2012-05-10 10:54:37 +0000
+++ b/include/mysql/service_password_string.h 2012-05-10 14:15:01 +0000
@@ -31,10 +31,10 @@ extern "C" {
struct password_char_case
{
- size_t has_numbers;
- size_t has_lower;
- size_t has_upper;
- size_t has_special_chars;
+ int has_numbers;
+ int has_lower;
+ int has_upper;
+ int has_special_chars;
};
typedef struct password_char_case PASSWORD_CHAR_CASE;
=== modified file 'mysql-test/r/validate_password_plugin.result'
--- a/mysql-test/r/validate_password_plugin.result 2012-05-10 10:54:37 +0000
+++ b/mysql-test/r/validate_password_plugin.result 2012-05-10 14:15:01 +0000
@@ -35,7 +35,7 @@ GRANT USAGE ON *.* TO 'base_user'@'local
SET @@global.validate_password_special_char_count= 1;
# password policy strong
# default_file : dictionary.txt
-SET@@global.validate_password_dictionary_file='/home/ashish/mysql-rp/mysql-trunk-wl2739/sql/share//dictionary.txt';
+SET@@global.validate_password_dictionary_file='MYSQL_ERRMSG_BASEDIR/dictionary.txt';
SET @@global.validate_password_policy_number= 3;
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
ERROR HY000: not a valid password 'password'
=== modified file 'mysql-test/t/validate_password_plugin.test'
--- a/mysql-test/t/validate_password_plugin.test 2012-05-10 10:54:37 +0000
+++ b/mysql-test/t/validate_password_plugin.test 2012-05-10 14:15:01 +0000
@@ -52,8 +52,9 @@ SET @@global.validate_password_special_c
--echo # password policy strong
--echo # default_file : dictionary.txt
# file should contain 1 word per line
-# error if substring of password is a dictionary word
+# error if substring of password is a dictionary word
+--replace_result $MYSQL_ERRMSG_BASEDIR MYSQL_ERRMSG_BASEDIR
eval SET@@global.validate_password_dictionary_file='$MYSQL_ERRMSG_BASEDIR/dictionary.txt';
SET @@global.validate_password_policy_number= 3;
--error ER_NOT_VALID_PASSWORD
=== modified file 'plugin/password_validation/validate_password.cc'
--- a/plugin/password_validation/validate_password.cc 2012-05-10 10:54:37 +0000
+++ b/plugin/password_validation/validate_password.cc 2012-05-10 14:15:01 +0000
@@ -13,6 +13,7 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+#include <stdlib.h>
#include <string>
#include <mysql/plugin_validate_password.h>
#include <set>
@@ -31,11 +32,11 @@ typedef std::set<string_type> set_type;
set_type dictionary_words;
static char *dictionary_file= NULL;
-static uint validate_password_length;
-static uint validate_password_number_count;
-static uint validate_password_mixed_case_count;
-static uint validate_password_special_char_count;
-static uint validate_password_policy_number;
+static int validate_password_length;
+static int validate_password_number_count;
+static int validate_password_mixed_case_count;
+static int validate_password_special_char_count;
+static int validate_password_policy_number;
static char *validate_password_dictionary_file;
/* To read dictionary file into std::set */
@@ -75,8 +76,8 @@ static void free_dictionary_file()
*/
static int validate_dictionary_check(string_handle password, size_t length)
{
- uint substr_pos= 0;
- uint substr_length= length;
+ size_t substr_pos= 0;
+ size_t substr_length= length;
string_type password_str= password_string_casedn(password);
string_type password_substr;
set_type::iterator itr;
@@ -110,7 +111,7 @@ static int validate_dictionary_check(str
}
static int validate_password_policy(string_handle password, size_t length,
- uint policy)
+ int policy)
{
PASSWORD_CHAR_CASE chars_case;
chars_case.has_numbers= 0;
@@ -118,7 +119,7 @@ static int validate_password_policy(stri
chars_case.has_upper= 0;
chars_case.has_special_chars= 0;
- if (length >= validate_password_length)
+ if ((int)length >= validate_password_length)
{
if (policy == PASSWORD_STRENGTH_LOW)
return 1;
@@ -191,27 +192,27 @@ static int validate_password_deinit(void
Plugin system variables.
*/
-static MYSQL_SYSVAR_UINT(length, validate_password_length,
+static MYSQL_SYSVAR_INT(length, validate_password_length,
PLUGIN_VAR_RQCMDARG,
"Password validate length to check for minimum password_length",
NULL, NULL, 8, 0, 0, 0);
-static MYSQL_SYSVAR_UINT(number_count, validate_password_number_count,
+static MYSQL_SYSVAR_INT(number_count, validate_password_number_count,
PLUGIN_VAR_RQCMDARG,
"password validate digit to ensure minimum numeric character in password",
NULL, NULL, 1, 0, 0, 0);
-static MYSQL_SYSVAR_UINT(mixed_case_count, validate_password_mixed_case_count,
+static MYSQL_SYSVAR_INT(mixed_case_count, validate_password_mixed_case_count,
PLUGIN_VAR_RQCMDARG,
"Password validate mixed case to ensure minimum upper/lower case in password",
NULL, NULL, 1, 0, 0, 0);
-static MYSQL_SYSVAR_UINT(special_char_count,
+static MYSQL_SYSVAR_INT(special_char_count,
validate_password_special_char_count, PLUGIN_VAR_RQCMDARG,
"password validate special to ensure minimum special character in password",
NULL, NULL, 1, 0, 0, 0);
-static MYSQL_SYSVAR_UINT(policy_number, validate_password_policy_number,
+static MYSQL_SYSVAR_INT(policy_number, validate_password_policy_number,
PLUGIN_VAR_RQCMDARG,
"password_validate_policy choosen policy to validate password",
NULL, NULL, 2, 1, 3, 0);
=== modified file 'sql/share/CMakeLists.txt'
--- a/sql/share/CMakeLists.txt 2012-05-10 10:54:37 +0000
+++ b/sql/share/CMakeLists.txt 2012-05-10 14:15:01 +0000
@@ -52,5 +52,5 @@ ENDFOREACH()
INSTALL(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/charsets DESTINATION ${INSTALL_MYSQLSHAREDIR} COMPONENT Server
PATTERN "languages.html" EXCLUDE
)
-
+CONFIGURE_FILE(dictionary.txt ${CMAKE_BINARY_DIR}/sql/share/dictionary.txt)
INSTALL(FILES ${files} DESTINATION ${INSTALL_MYSQLSHAREDIR} COMPONENT Server)
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (ashish.y.agarwal:3884 to 3885) | Ashish Agarwal | 22 May |
