From af7211e92dc2bba66f90de9e5bea6ae5fa914c61 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Fri, 11 Aug 2017 21:04:04 -0400 Subject: [PATCH] passwordcheck: Add test suite Also improve one error message. Reviewed-by: David Steele --- contrib/passwordcheck/.gitignore | 4 ++++ contrib/passwordcheck/Makefile | 5 +++++ .../passwordcheck/expected/passwordcheck.out | 18 ++++++++++++++++ contrib/passwordcheck/passwordcheck.c | 2 +- contrib/passwordcheck/passwordcheck.conf | 1 + contrib/passwordcheck/sql/passwordcheck.sql | 21 +++++++++++++++++++ 6 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 contrib/passwordcheck/.gitignore create mode 100644 contrib/passwordcheck/expected/passwordcheck.out create mode 100644 contrib/passwordcheck/passwordcheck.conf create mode 100644 contrib/passwordcheck/sql/passwordcheck.sql diff --git a/contrib/passwordcheck/.gitignore b/contrib/passwordcheck/.gitignore new file mode 100644 index 0000000000..5dcb3ff972 --- /dev/null +++ b/contrib/passwordcheck/.gitignore @@ -0,0 +1,4 @@ +# Generated subdirectories +/log/ +/results/ +/tmp_check/ diff --git a/contrib/passwordcheck/Makefile b/contrib/passwordcheck/Makefile index 4652aeb3d7..7edc968b90 100644 --- a/contrib/passwordcheck/Makefile +++ b/contrib/passwordcheck/Makefile @@ -8,6 +8,11 @@ PGFILEDESC = "passwordcheck - strengthen user password checks" # PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"' # SHLIB_LINK = -lcrack +REGRESS_OPTS = --temp-config $(srcdir)/passwordcheck.conf +REGRESS = passwordcheck +# disabled because these tests require setting shared_preload_libraries +NO_INSTALLCHECK = 1 + ifdef USE_PGXS PG_CONFIG = pg_config PGXS := $(shell $(PG_CONFIG) --pgxs) diff --git a/contrib/passwordcheck/expected/passwordcheck.out b/contrib/passwordcheck/expected/passwordcheck.out new file mode 100644 index 0000000000..b3515df3e8 --- /dev/null +++ b/contrib/passwordcheck/expected/passwordcheck.out @@ -0,0 +1,18 @@ +CREATE USER regress_user1; +-- ok +ALTER USER regress_user1 PASSWORD 'a_nice_long_password'; +-- error: too short +ALTER USER regress_user1 PASSWORD 'tooshrt'; +ERROR: password is too short +-- error: contains user name +ALTER USER regress_user1 PASSWORD 'xyzregress_user1'; +ERROR: password must not contain user name +-- error: contains only letters +ALTER USER regress_user1 PASSWORD 'alessnicelongpassword'; +ERROR: password must contain both letters and nonletters +-- encrypted ok (password is "secret") +ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13'; +-- error: password is user name +ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48'; +ERROR: password must not equal user name +DROP USER regress_user1; diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c index b80fd458ad..64d43462f0 100644 --- a/contrib/passwordcheck/passwordcheck.c +++ b/contrib/passwordcheck/passwordcheck.c @@ -70,7 +70,7 @@ check_password(const char *username, if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK) ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), - errmsg("password must not contain user name"))); + errmsg("password must not equal user name"))); } else { diff --git a/contrib/passwordcheck/passwordcheck.conf b/contrib/passwordcheck/passwordcheck.conf new file mode 100644 index 0000000000..f6604f3d6b --- /dev/null +++ b/contrib/passwordcheck/passwordcheck.conf @@ -0,0 +1 @@ +shared_preload_libraries = 'passwordcheck' diff --git a/contrib/passwordcheck/sql/passwordcheck.sql b/contrib/passwordcheck/sql/passwordcheck.sql new file mode 100644 index 0000000000..59c84f522e --- /dev/null +++ b/contrib/passwordcheck/sql/passwordcheck.sql @@ -0,0 +1,21 @@ +CREATE USER regress_user1; + +-- ok +ALTER USER regress_user1 PASSWORD 'a_nice_long_password'; + +-- error: too short +ALTER USER regress_user1 PASSWORD 'tooshrt'; + +-- error: contains user name +ALTER USER regress_user1 PASSWORD 'xyzregress_user1'; + +-- error: contains only letters +ALTER USER regress_user1 PASSWORD 'alessnicelongpassword'; + +-- encrypted ok (password is "secret") +ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13'; + +-- error: password is user name +ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48'; + +DROP USER regress_user1; -- 2.40.0