forked from anermakov/arenadata_password_check
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 54711b8
Showing
5 changed files
with
522 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # passwordcheck_extra/Makefile | ||
|
|
||
| MODULE_big = passwordcheck_extra | ||
| OBJS = passwordcheck_extra.o $(WIN32RES) | ||
| PGFILEDESC = "passwordcheck_extra - strengthen user password checks" | ||
|
|
||
| REGRESS = passwordcheck_extra | ||
|
|
||
| # uncomment the following two lines to enable cracklib support | ||
| # PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"' | ||
| # SHLIB_LINK = -lcrack | ||
|
|
||
| PG_CONFIG = pg_config | ||
| PGXS := $(shell $(PG_CONFIG) --pgxs) | ||
| include $(PGXS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| passwordcheck_extra | ||
| =================== | ||
|
|
||
| Development | ||
| ----------- | ||
|
|
||
| passwordcheck_extra is a fork of passwordcheck, contrib module to check | ||
| a password quality using a fork of PostgreSQL core. | ||
|
|
||
| There are two ways to compile and install the code: | ||
| 1) Copy it as contrib/passwordcheck_extra in PostgreSQL code and use the | ||
| following command: | ||
| make install | ||
| 2) Include PostgreSQL libraries in LD_LIBRARY_PATH and use the following | ||
| command: | ||
| make USE_PGXS=1 | ||
| make USE_PGXS=1 install | ||
|
|
||
| Regression tests can be run as follows: | ||
| 1) Module copied in contrib of PostgreSQL: | ||
| make check | ||
| make installcheck # Run on existing server | ||
| 2) Module managed independently, needs a server already running. | ||
| make installcheck USE_PGXS=1 # Run on existing server | ||
|
|
||
| In order to install it, install the library to server, add the following | ||
| parameter value to postgresql.conf and restart server. | ||
| shared_preload_libraries = '$libdir/passwordcheck_extra' | ||
|
|
||
| Features | ||
| -------- | ||
|
|
||
| This module strengthens the minimum password requirement it should have | ||
| at creation with a user-defined policy: | ||
| - passwordcheck_extra.special_chars, to define a list of special characters | ||
| with the password needing at least one. Default is "!@#$%^&*()_+{}|<>?=". | ||
| - passwordcheck_extra.restrict_lower, to enforce the use of at least one | ||
| lower-case character. | ||
| - passwordcheck_extra.restrict_upper, to enforce the use of at least one | ||
| upper-case character. | ||
| - passwordcheck_extra.restrict_numbers, to enforce the use of at least | ||
| one number. | ||
| - passwordcheck_extra.restrict_special, to enforce the use of at least | ||
| one special character listed in \"passwordcheck_extra.special_chars\". | ||
| - passwordcheck_extra.minimum_length, minimum length of password allowed. | ||
| Default is 8, which likely sucks. | ||
| - passwordcheck_extra.maximum_length, maximum length of password allowed. | ||
| Default is 15, which definitely sucks, but it is useful for tests. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| -- Load the extension to enable the tests | ||
| LOAD 'passwordcheck_extra'; | ||
| -- Restrictive policy | ||
| SET passwordcheck_extra.minimum_length TO 8; | ||
| SET passwordcheck_extra.maximum_length TO 15; | ||
| SET passwordcheck_extra.special_chars TO '%$?@'; | ||
| SET passwordcheck_extra.restrict_lower TO true; | ||
| SET passwordcheck_extra.restrict_upper TO true; | ||
| SET passwordcheck_extra.restrict_numbers TO true; | ||
| -- Check password policy in place | ||
| -- Password too short | ||
| CREATE ROLE regress_pwd_foo PASSWORD '01234'; | ||
| ERROR: password is too short | ||
| -- Password too long | ||
| CREATE ROLE regress_pwd_foo PASSWORD '01234567890123456'; | ||
| ERROR: password is too long | ||
| -- Invalid characters | ||
| CREATE ROLE regress_pwd_foo PASSWORD '```````````````'; | ||
| ERROR: password contains invalid characters | ||
| -- Three categories missing | ||
| -- Lower-case, upper-case, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '012345678901234'; | ||
| ERROR: Incorrect password format: lower-case character missing, upper-case character missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Number, upper-case, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'abcdefghijklmno'; | ||
| ERROR: Incorrect password format: upper-case character missing, number missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Number, lower-case, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'ABCDEFGHIJKLMNO'; | ||
| ERROR: Incorrect password format: lower-case character missing, number missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Number, lower-case, upper-case character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '%%%%%%%%%%%%%%%'; | ||
| ERROR: Incorrect password format: lower-case character missing, upper-case character missing, number missing | ||
| -- Two categories missing | ||
| -- Number, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'abcdefghijklmnA'; | ||
| ERROR: Incorrect password format: number missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Upper-case character, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '01234567890123a'; | ||
| ERROR: Incorrect password format: upper-case character missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Lower-case character, special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '01234567890123A'; | ||
| ERROR: Incorrect password format: lower-case character missing, special character missing (needs to be one listed in "%$?@") | ||
| -- Number, upper case missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'abcdefghijklmn%'; | ||
| ERROR: Incorrect password format: upper-case character missing, number missing | ||
| -- Number, lower-case missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'ABCDEFGHIJKLMN%'; | ||
| ERROR: Incorrect password format: lower-case character missing, number missing | ||
| -- Upper-case, lower-case missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '01234567890123%'; | ||
| ERROR: Incorrect password format: lower-case character missing, upper-case character missing | ||
| -- One category missing | ||
| -- Special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '0123456789012aA'; | ||
| ERROR: Incorrect password format: special character missing (needs to be one listed in "%$?@") | ||
| -- Upper-case missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '0123456789012a%'; | ||
| ERROR: Incorrect password format: upper-case character missing | ||
| -- Lower-case missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '0123456789012A%'; | ||
| ERROR: Incorrect password format: lower-case character missing | ||
| -- Number missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'ABCDEFGHIJKLMa%'; | ||
| ERROR: Incorrect password format: number missing | ||
| -- Valid password | ||
| CREATE ROLE regress_pwd_foo PASSWORD '012345678901Aa%'; | ||
| DROP ROLE regress_pwd_foo; | ||
| -- Policy less restrictive | ||
| SET passwordcheck_extra.restrict_lower TO false; | ||
| SET passwordcheck_extra.restrict_upper TO false; | ||
| SET passwordcheck_extra.restrict_numbers TO false; | ||
| SET passwordcheck_extra.minimum_length TO 1; | ||
| SET passwordcheck_extra.maximum_length TO 100; | ||
| -- Special character missing | ||
| CREATE ROLE regress_pwd_foo PASSWORD '012345678901Aa'; | ||
| ERROR: Incorrect password format: special character missing (needs to be one listed in "%$?@") | ||
| -- Valid password | ||
| CREATE ROLE regress_pwd_foo PASSWORD '@%'; | ||
| DROP ROLE regress_pwd_foo; | ||
| -- Even less restrictive policy | ||
| SET passwordcheck_extra.restrict_special TO false; | ||
| -- Valid password | ||
| CREATE ROLE regress_pwd_foo PASSWORD 'A'; | ||
| DROP ROLE regress_pwd_foo; |
Oops, something went wrong.