Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commitf7e1b38

Browse files
Add passwordcheck.min_password_length.
This new parameter can be used to change the minimum allowedpassword length (in bytes). Note that it has no effect if a usersupplies a pre-encrypted password.Author: Emanuele Musella, Maurizio BorianiReviewed-by: Tomas Vondra, Bertrand Drouvot, Japin LiDiscussion:https://postgr.es/m/CA%2BugDNyYtHOtWCqVD3YkSVYDWD_1fO8Jm_ahsDGA5dXhbDPwrQ%40mail.gmail.com
1 parent6d01541 commitf7e1b38

File tree

5 files changed

+69
-4
lines changed

5 files changed

+69
-4
lines changed

‎contrib/passwordcheck/expected/passwordcheck.out

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ ALTER USER regress_passwordcheck_user1 PASSWORD 'a_nice_long_password';
66
-- error: too short
77
ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshrt';
88
ERROR: password is too short
9+
DETAIL: password must be at least "passwordcheck.min_password_length" (8) bytes long
10+
-- ok
11+
SET passwordcheck.min_password_length = 6;
12+
ALTER USER regress_passwordcheck_user1 PASSWORD 'v_shrt';
913
-- error: contains user name
1014
ALTER USER regress_passwordcheck_user1 PASSWORD 'xyzregress_passwordcheck_user1';
1115
ERROR: password must not contain user name

‎contrib/passwordcheck/expected/passwordcheck_1.out

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ ALTER USER regress_passwordcheck_user1 PASSWORD 'a_nice_long_password';
66
-- error: too short
77
ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshrt';
88
ERROR: password is too short
9+
DETAIL: password must be at least "passwordcheck.min_password_length" (8) bytes long
10+
-- ok
11+
SET passwordcheck.min_password_length = 6;
12+
ALTER USER regress_passwordcheck_user1 PASSWORD 'v_shrt';
913
-- error: contains user name
1014
ALTER USER regress_passwordcheck_user1 PASSWORD 'xyzregress_passwordcheck_user1';
1115
ERROR: password must not contain user name

‎contrib/passwordcheck/passwordcheck.c

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
#include"postgres.h"
1616

1717
#include<ctype.h>
18+
#include<limits.h>
1819

1920
#ifdefUSE_CRACKLIB
2021
#include<crack.h>
@@ -29,8 +30,8 @@ PG_MODULE_MAGIC;
2930
/* Saved hook value */
3031
staticcheck_password_hook_typeprev_check_password_hook=NULL;
3132

32-
/*passwords shorter than this will be rejected */
33-
#defineMIN_PWD_LENGTH 8
33+
/*GUC variables */
34+
staticintmin_password_length=8;
3435

3536
/*
3637
* check_password
@@ -93,10 +94,12 @@ check_password(const char *username,
9394
#endif
9495

9596
/* enforce minimum length */
96-
if (pwdlen<MIN_PWD_LENGTH)
97+
if (pwdlen<min_password_length)
9798
ereport(ERROR,
9899
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
99-
errmsg("password is too short")));
100+
errmsg("password is too short"),
101+
errdetail("password must be at least \"passwordcheck.min_password_length\" (%d) bytes long",
102+
min_password_length)));
100103

101104
/* check if the password contains the username */
102105
if (strstr(password,username))
@@ -142,6 +145,19 @@ check_password(const char *username,
142145
void
143146
_PG_init(void)
144147
{
148+
/* Define custom GUC variables. */
149+
DefineCustomIntVariable("passwordcheck.min_password_length",
150+
"Minimum allowed password length.",
151+
NULL,
152+
&min_password_length,
153+
8,
154+
0,INT_MAX,
155+
PGC_SUSET,
156+
GUC_UNIT_BYTE,
157+
NULL,NULL,NULL);
158+
159+
MarkGUCPrefixReserved("passwordcheck");
160+
145161
/* activate password checks when the module is loaded */
146162
prev_check_password_hook=check_password_hook;
147163
check_password_hook=check_password;

‎contrib/passwordcheck/sql/passwordcheck.sql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@ ALTER USER regress_passwordcheck_user1 PASSWORD 'a_nice_long_password';
99
-- error: too short
1010
ALTERUSER regress_passwordcheck_user1 PASSWORD'tooshrt';
1111

12+
-- ok
13+
SETpasswordcheck.min_password_length=6;
14+
ALTERUSER regress_passwordcheck_user1 PASSWORD'v_shrt';
15+
1216
-- error: contains user name
1317
ALTERUSER regress_passwordcheck_user1 PASSWORD'xyzregress_passwordcheck_user1';
1418

‎doc/src/sgml/passwordcheck.sgml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,4 +59,41 @@
5959
</para>
6060
</caution>
6161

62+
<sect2 id="passwordcheck-configuration-parameters">
63+
<title>Configuration Parameters</title>
64+
65+
<variablelist>
66+
<varlistentry>
67+
<term>
68+
<varname>passwordcheck.min_password_length</varname> (<type>integer</type>)
69+
<indexterm>
70+
<primary><varname>passwordcheck.min_password_length</varname> configuration parameter</primary>
71+
</indexterm>
72+
</term>
73+
<listitem>
74+
<para>
75+
The minimum acceptable password length in bytes. The default is 8. Only
76+
superusers can change this setting.
77+
</para>
78+
<note>
79+
<para>
80+
This parameter has no effect if a user supplies a pre-encrypted
81+
password.
82+
</para>
83+
</note>
84+
</listitem>
85+
</varlistentry>
86+
</variablelist>
87+
88+
<para>
89+
In ordinary usage, this parameter is set in
90+
<filename>postgresql.conf</filename>, but superusers can alter it on-the-fly
91+
within their own sessions. Typical usage might be:
92+
</para>
93+
94+
<programlisting>
95+
# postgresql.conf
96+
passwordcheck.min_password_length = 12
97+
</programlisting>
98+
</sect2>
6299
</sect1>

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp