postgresql密碼加強-passwordcheck源碼修改三種以上字符

目錄

• 1.使用方式
• 2.效果
• 3.源碼修改
  • 1.參考pg_cron的源碼在配置文件內增加一個參數
  • 2.修改源碼配置校驗數字

因數據庫入網檢測須修改密碼級別，在源有的passwordcheck插件上進行二次修改

1.使用方式

• 替換目錄 ../postgresql-11.4/contrib/passwordcheck 下的 passwordcheck.c
• 編譯安裝 make && make install
• postgresql配置文件內修改 (postgresql.conf)
• shared_preload_libraries = 'passwordcheck'
• passwordcheck.level = 'true'
  

2.效果

當密碼長度足夠，不符合規則的時候，無法新建用戶

3.源碼修改

https://github.com/Luckyness/passwordcheck

1.參考pg_cron的源碼在配置文件內增加一個參數

/* 引入擴展 */
#include "utils/guc.h"
……
……
/*
* 配置文件內passwordcheck.level='true' 為需要特殊字符
* passwordcheck.level='false' 為只需要英文和數字
*/
static  bool passwordcheck_level =  false;
……
……
void
_PG_init(void)
{
    /* 定義密碼級別參數 */
    DefineCustomBoolVariable(
        "passwordcheck.level",
        gettext_noop("passwordcheck_level true: Password must contain leter, number, special characters;false : Password must contain leter, special characters"),
        NULL,
        &passwordcheck_level,
        false,
        PGC_POSTMASTER,
        GUC_SUPERUSER_ONLY,
        NULL, NULL, NULL);

    /* activate password checks when the module is loaded */
    check_password_hook = check_password;
}

2.修改源碼配置校驗數字

        if(passwordcheck_level)
        {
            /* check if the password contains both letters and number and specialchar */
            pwd_has_number =  false;
            pwd_has_special =  false;
            pwd_has_letter =  false;
            for (i =  0; i < pwdlen; i++)
            {
                if (isalpha((unsigned  char) password[i]))
                    pwd_has_letter =  true;
                else  if (isdigit((unsigned  char) password[i]))
                    pwd_has_number =  true;
                else
                    pwd_has_special =  true;
            }
            if (!pwd_has_number ||  !pwd_has_letter ||  !pwd_has_special)
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                        errmsg("password must contain both letters and number and specialchar")));
        }
        else
        {
            /* check if the password contains both letters and non-letters */
            pwd_has_letter =  false;
            pwd_has_number =  false;
            for (i =  0; i < pwdlen; i++)
            {
                if (isalpha((unsigned  char) password[i]))
                    pwd_has_letter =  true;
                else
                    pwd_has_number =  true;
            }
            if (!pwd_has_letter ||  !pwd_has_number)
                ereport(ERROR,
                        (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
                        errmsg("password must contain both letters and nonletters")));
        }