Bug#14850601: VALIDATE_PASSWORD_LENGTH SHOULD NOT ACCEPT

harinvadodaria · harinvadodaria · commit 018e55b14fd8 · 2012-12-05T11:33:05.000+05:30
BELOW 4 AS ANY WAY NOT ABLE TO SET IT

Description: validate_password_length system variable
             is affected by three other system variables
             1. validate_password_number_count
             2. validate_password_mixed_case_count
             3. validate_password_special_char_count
             This patch introduces update function for
             above mentioned system variables to make
             sure that requried updates to
             validate_password_length happens.
diff --git a/mysql-test/r/validate_password_plugin.result b/mysql-test/r/validate_password_plugin.result
@@ -20,6 +20,9 @@ UPDATE mysql.user SET PASSWORD= PASSWORD('afrgtyhlp98') WHERE user='base_user';
 ERROR HY000: Your password does not satisfy the current policy requirements
 UPDATE mysql.user SET PASSWORD= PASSWORD('iuyt567nbvfA') WHERE user='base_user';
 GRANT USAGE ON *.* TO 'base_user'@'localhost' IDENTIFIED BY 'password1234';
+SET @@global.validate_password_mixed_case_count= 0;
+SET @@global.validate_password_number_count= 0;
+SET @@global.validate_password_special_char_count= 0;
 SET @@global.validate_password_length= 0;
 UPDATE mysql.user SET PASSWORD= PASSWORD('') WHERE user='base_user';
 UPDATE mysql.user SET PASSWORD= PASSWORD('p') WHERE user='base_user';
@@ -51,6 +54,9 @@ EXECUTE stmt1 USING @a,@b;
 DEALLOCATE PREPARE stmt1;
 # password policy MEDIUM (check for mixed_case, digits, special_chars)
 # default case : atleast 1 mixed_case, 1 digit, 1 special_char
+SET @@global.validate_password_mixed_case_count= 1;
+SET @@global.validate_password_number_count= 1;
+SET @@global.validate_password_special_char_count= 1;
 SET @@global.validate_password_policy=MEDIUM;
 SET @@global.validate_password_number_count= 0;
 CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedfoiASE$%';
diff --git a/mysql-test/t/validate_password_plugin.test b/mysql-test/t/validate_password_plugin.test
@@ -34,6 +34,9 @@ UPDATE mysql.user SET PASSWORD= PASSWORD('password') WHERE user='base_user';
 UPDATE mysql.user SET PASSWORD= PASSWORD('afrgtyhlp98') WHERE user='base_user';
 UPDATE mysql.user SET PASSWORD= PASSWORD('iuyt567nbvfA') WHERE user='base_user';
 GRANT USAGE ON *.* TO 'base_user'@'localhost' IDENTIFIED BY 'password1234';
+SET @@global.validate_password_mixed_case_count= 0;
+SET @@global.validate_password_number_count= 0;
+SET @@global.validate_password_special_char_count= 0;
 SET @@global.validate_password_length= 0;
 UPDATE mysql.user SET PASSWORD= PASSWORD('') WHERE user='base_user';
 UPDATE mysql.user SET PASSWORD= PASSWORD('p') WHERE user='base_user';
@@ -62,6 +65,9 @@ DEALLOCATE PREPARE stmt1;
 --echo # password policy MEDIUM (check for mixed_case, digits, special_chars)
 --echo # default case : atleast 1 mixed_case, 1 digit, 1 special_char
 
+SET @@global.validate_password_mixed_case_count= 1;
+SET @@global.validate_password_number_count= 1;
+SET @@global.validate_password_special_char_count= 1;
 SET @@global.validate_password_policy=MEDIUM;
 SET @@global.validate_password_number_count= 0;
 CREATE USER 'user'@'localhost' IDENTIFIED BY 'aedfoiASE$%';
diff --git a/plugin/password_validation/validate_password.cc b/plugin/password_validation/validate_password.cc
@@ -275,27 +275,86 @@ static int validate_password_deinit(void *arg __attribute__((unused)))
   return (0);
 }
 
+
+/*
+  update function for:
+  1. validate_password_length
+  2. validate_password_number_count
+  3. validate_password_mixed_case_count
+  4. validate_password_special_char_count
+*/
+static void
+length_update(MYSQL_THD thd __attribute__((unused)),
+              struct st_mysql_sys_var *var __attribute__((unused)),
+              void *var_ptr, const void *save)
+{
+  int new_validate_password_length;
+
+  /* check if there is an actual change */
+  if (*((int *)var_ptr) == *((int *)save))
+    return;
+
+  /*
+    set new value for system variable.
+    Note that we need not know for which of the above mentioned
+    variables, length_update() is called because var_ptr points
+    to the location at which corresponding static variable is
+    declared in this file.
+  */
+  *((int *)var_ptr)= *((int *)save);
+
+  /*
+    Any change in above mentioned system variables can trigger a change in
+    actual password length restriction applied by validate password plugin.
+    actual restriction on password length can be described as:
+
+    MAX(validate_password_length,
+        (validate_password_number_count +
+         2*validate_password_mixed_case_count +
+         validate_password_special_char_count))
+  */
+
+  new_validate_password_length= (validate_password_number_count +
+                                 (2 * validate_password_mixed_case_count) +
+                                 validate_password_special_char_count);
+
+  if (validate_password_length < new_validate_password_length)
+  {
+    /*
+       Raise a warning that effective restriction on password
+       length is changed.
+    */
+    my_plugin_log_message(&plugin_info_ptr, MY_WARNING_LEVEL,
+                          "Effective value of validate_password_length is changed. New value is %d",
+                          new_validate_password_length);
+
+    validate_password_length= new_validate_password_length;
+  }
+}
+
+
+
 /* Plugin system variables */
 
 static MYSQL_SYSVAR_INT(length, validate_password_length,
   PLUGIN_VAR_RQCMDARG,
   "Password validate length to check for minimum password_length",
-  NULL, NULL, 8, 0, 0, 0);
+  NULL, length_update, 8, 0, 0, 0);
 
 static MYSQL_SYSVAR_INT(number_count, validate_password_number_count,
   PLUGIN_VAR_RQCMDARG,
   "password validate digit to ensure minimum numeric character in password",
-  NULL, NULL, 1, 0, 0, 0);
+  NULL, length_update, 1, 0, 0, 0);
 
 static MYSQL_SYSVAR_INT(mixed_case_count, validate_password_mixed_case_count,
   PLUGIN_VAR_RQCMDARG,
   "Password validate mixed case to ensure minimum upper/lower case in password",
-  NULL, NULL, 1, 0, 0, 0);
+  NULL, length_update, 1, 0, 0, 0);
 
 static MYSQL_SYSVAR_INT(special_char_count,
   validate_password_special_char_count, PLUGIN_VAR_RQCMDARG,
   "password validate special to ensure minimum special character in password",
-  NULL, NULL, 1, 0, 0, 0);
+  NULL, length_update, 1, 0, 0, 0);
 
 static MYSQL_SYSVAR_ENUM(policy, validate_password_policy,
   PLUGIN_VAR_RQCMDARG,
