diff --git a/contrib/passwordcheck/expected/passwordcheck.out b/contrib/passwordcheck/expected/passwordcheck.out index 2027681daf..8f1f0baaab 100644 --- a/contrib/passwordcheck/expected/passwordcheck.out +++ b/contrib/passwordcheck/expected/passwordcheck.out @@ -1,9 +1,10 @@ LOAD 'passwordcheck'; +SET passwordcheck.min_password_length = 12; CREATE USER regress_passwordcheck_user1; -- ok ALTER USER regress_passwordcheck_user1 PASSWORD 'a_nice_long_password'; -- error: too short -ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshrt'; +ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshort'; ERROR: password is too short -- error: contains user name ALTER USER regress_passwordcheck_user1 PASSWORD 'xyzregress_passwordcheck_user1'; diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c index 0785618f2a..948f30b748 100644 --- a/contrib/passwordcheck/passwordcheck.c +++ b/contrib/passwordcheck/passwordcheck.c @@ -6,6 +6,8 @@ * Copyright (c) 2009-2024, PostgreSQL Global Development Group * * Author: Laurenz Albe + * Author: Maurizio Boriani + * Author: Emanuele Musella * * IDENTIFICATION * contrib/passwordcheck/passwordcheck.c @@ -23,14 +25,16 @@ #include "commands/user.h" #include "fmgr.h" #include "libpq/crypt.h" +#include "commands/explain.h" +#include "utils/guc.h" PG_MODULE_MAGIC; /* Saved hook value in case of unload */ static check_password_hook_type prev_check_password_hook = NULL; -/* passwords shorter than this will be rejected */ -#define MIN_PWD_LENGTH 8 +/* min_password_length minimum password length */ +static int min_password_length; /* * check_password @@ -93,7 +97,7 @@ check_password(const char *username, #endif /* enforce minimum length */ - if (pwdlen < MIN_PWD_LENGTH) + if (pwdlen < min_password_length) ereport(ERROR, (errcode(ERRCODE_INVALID_PARAMETER_VALUE), errmsg("password is too short"))); @@ -145,4 +149,17 @@ _PG_init(void) /* activate password checks when the module is loaded */ prev_check_password_hook = check_password_hook; check_password_hook = check_password; + + /* Define custom GUC variables. */ + DefineCustomIntVariable("passwordcheck.min_password_length", + "Sets the minimum allowed password length.", + "8 is default.", + &min_password_length, + 8, + 0, INT_MAX, + PGC_SUSET, + GUC_UNIT_MS, + NULL, + NULL, + NULL); } diff --git a/contrib/passwordcheck/sql/passwordcheck.sql b/contrib/passwordcheck/sql/passwordcheck.sql index 1fbd6b0e96..c151685c74 100644 --- a/contrib/passwordcheck/sql/passwordcheck.sql +++ b/contrib/passwordcheck/sql/passwordcheck.sql @@ -1,12 +1,12 @@ LOAD 'passwordcheck'; - +SET passwordcheck.min_password_length = 12; CREATE USER regress_passwordcheck_user1; -- ok ALTER USER regress_passwordcheck_user1 PASSWORD 'a_nice_long_password'; -- error: too short -ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshrt'; +ALTER USER regress_passwordcheck_user1 PASSWORD 'tooshort'; -- error: contains user name ALTER USER regress_passwordcheck_user1 PASSWORD 'xyzregress_passwordcheck_user1'; diff --git a/doc/src/sgml/passwordcheck.sgml b/doc/src/sgml/passwordcheck.sgml index 601f489227..e56323cdc9 100644 --- a/doc/src/sgml/passwordcheck.sgml +++ b/doc/src/sgml/passwordcheck.sgml @@ -22,6 +22,12 @@ postgresql.conf, then restart the server. + + In postgresql.conf you may set the minimum password length + by setting passwordcheck.min_password_length = INT. + The default minimum password length if not setted passwordcheck.min_password_length is 8 chars. + + You can adapt this module to your needs by changing the source code. For example, you can use