passwordcheck: Add test suite

Also improve one error message.

Reviewed-by: David Steele <david@pgmasters.net>
This commit is contained in:
Peter Eisentraut 2017-08-11 21:04:04 -04:00
parent 8423bf4f25
commit af7211e92d
6 changed files with 50 additions and 1 deletions

4
contrib/passwordcheck/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
# Generated subdirectories
/log/
/results/
/tmp_check/

View File

@ -8,6 +8,11 @@ PGFILEDESC = "passwordcheck - strengthen user password checks"
# PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"' # PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"'
# SHLIB_LINK = -lcrack # SHLIB_LINK = -lcrack
REGRESS_OPTS = --temp-config $(srcdir)/passwordcheck.conf
REGRESS = passwordcheck
# disabled because these tests require setting shared_preload_libraries
NO_INSTALLCHECK = 1
ifdef USE_PGXS ifdef USE_PGXS
PG_CONFIG = pg_config PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs) PGXS := $(shell $(PG_CONFIG) --pgxs)

View File

@ -0,0 +1,18 @@
CREATE USER regress_user1;
-- ok
ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
-- error: too short
ALTER USER regress_user1 PASSWORD 'tooshrt';
ERROR: password is too short
-- error: contains user name
ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
ERROR: password must not contain user name
-- error: contains only letters
ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
ERROR: password must contain both letters and nonletters
-- encrypted ok (password is "secret")
ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
-- error: password is user name
ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
ERROR: password must not equal user name
DROP USER regress_user1;

View File

@ -70,7 +70,7 @@ check_password(const char *username,
if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK) if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK)
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE), (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("password must not contain user name"))); errmsg("password must not equal user name")));
} }
else else
{ {

View File

@ -0,0 +1 @@
shared_preload_libraries = 'passwordcheck'

View File

@ -0,0 +1,21 @@
CREATE USER regress_user1;
-- ok
ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
-- error: too short
ALTER USER regress_user1 PASSWORD 'tooshrt';
-- error: contains user name
ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
-- error: contains only letters
ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
-- encrypted ok (password is "secret")
ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
-- error: password is user name
ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
DROP USER regress_user1;