Customized Oracle user password verification program

Oracle's verify_function_11G function only makes the password look difficult to guess through some password rules, but some users' habits make the password complex, but not

Oracle's verify_function_11G function only makes the password look difficult to guess through some password rules, but some users' habits make the password complex, but not

Oracle's verify_function_11G function only makes the password look difficult to guess through some password rules, but some users' habits make the password complex, but it is not difficult to guess, in this case, you can use the program I wrote to put some common and easy-to-guess passwords into a file or dictionary database and use the program to automatically connect to the Oracle database, to verify whether the specified data password is too easy to guess or simple, if the database user configuration is slightly stricter, this program does not work, so it is not very practical value, just refer to use.

The program uses SQLite and OTL. You can see that SQLite programming is related to the use of () OTL to learn about the related use methods.

The program code is as follows:

/**
* Author: xiongchuanliang
* Desc: Check whether the password uses the default database password or whether the password is too simple.
Program parameter description:
-D verify whether the default user and password have not been changed
-S stores various database passwords in the SQLite database in advance, and then tries in sequence.
You can use "-s a %" to filter out matching password strings from the dictionary.
-F Read the password string from the password file and try
*/

# Include
# Include
# Include
# Include

# Include "sqlite3.h"

# Define OTL_ORA10G
// # Define OTL_ORA11G_R2 // Compile OTL 4.0/OCI11.2
# Include "otlv4.h" // include the OTL 4 header file

Using namespace std;
Otl_connect oracledb;

# Define MAXLINE 150

# Define DICT_DB "c :\\ sqlite \\ mydict. db"
# Define DICT_FILE "c:/sqlite/mydict.txt"
# Define TNS_DBNAME "xcldb"

# Define SQL _COUNT "SELECT count (*) FROM userpwd"
# Define SQL _SELECT "SELECT pwd FROM userpwd"

Char arrTestUser [] [30] = {"sys", "system", "test "};
Int arrTestUserLen = 3;

// From SQLite, only the password string is found based on conditions and put into the file
Sqlite3_uint64 getDictDB (char * pWhere );

// Initialize OTL
Void initOTL ();

// Connect to the Oracle database
Int connectORA (char * connstr );

// Read the password string from the dictionary file and try to connect
Bool testConnDB ();

// Try to connect with the default user name and password
Bool testConnDBDF ();

Int main (int argc, char * argv [])
{
Printf ("=================================\ n ");
Printf ("Test Database Password validity! \ N ");
Printf ("=================================\ n ");

If (argc = 1 | argc <2)
Printf ("Enter the running parameters (-f,-d,-s). \ n ");

// Search from the specified dictionary file
If (strcmp (argv [1], "-f") = 0)
{
Printf ("-f: Find \ n from the specified dictionary file ");
TestConnDB ();
} Else {

InitOTL ();
// Check the default user password of the database
If (strcmp (argv [1], "-d") = 0)
{
Printf ("-d: Check the default database user password \ n ");
TestConnDBDF ();
} Else if (strcmp (argv [1], "-s") = 0) // find the password from the SQLite Database
{

Printf ("-s: Find the password \ n from the SQLite Database ");
If (argc = 3)
{
Printf ("filter condition: % s \ n", argv [2]); // % a123 %
Char sW [50] = {0 };
// Char * s = "where pwd like '% aaa % '";
Sprintf_s (sW, "where pwd like '% S'", argv [2]);
GetDictDB (sW );
} Else {
Char * sW = NULL;
GetDictDB (sW );
}
// Read the password from the password file transferred out of the database and try again
TestConnDB ();
} Else {
Printf ("enter one of the three parameters (-f,-d,-s). \ n ");
}
}

Return 0;
}

// From SQLite, only the password string is found based on conditions and put into the file
Sqlite3_uint64 getDictDB (char * pWhere)
{
Char sqlCount [MAXLINE] = {0 };
Char sqlSelect [MAXLINE] = {0 };

Strcpy_s (sqlCount, SQL _COUNT );
Strcpy_s (sqlSelect, SQL _SELECT );

If (pWhere! = NULL)
{
Strcat_s (sqlCount, pWhere );
Strcat_s (sqlSelect, pWhere );
}

Sqlite3 * pDB = NULL;

// The Open Path uses UTF-8 encoding.
// If the path contains Chinese characters, encoding conversion is required.
// C: \ sqlite \ mydict. db
Int nRes = sqlite3_open (DICT_DB, & pDB );
If (nRes! = SQLITE_ OK)
{
Printf ("dictionary database connection failed. % s \ n", sqlite3_errmsg (pDB ));
Return 0;
}

Sqlite3_stmt * stmt;
Const char * pTail;
Sqlite3_uint64 rCount = 0;
Int rc = 0;

// Query all data
Sqlite3_prepare (pDB, sqlCount,-1, & stmt, & pTail );
Int r = sqlite3_step (stmt );
If (r = SQLITE_ROW)
{
RCount = sqlite3_column_int64 (stmt, 0 );
Printf ("% d dictionary password. \ n", rCount );
}
Sqlite3_finalize (stmt );

If (rCount <= 0) goto end;

// Query all data
Sqlite3_prepare (pDB, sqlSelect,-1, & stmt, & pTail );

Do {

FILE * fp;
Fopen_s (& fp, DICT_FILE, "w ");
If (fp = NULL)
{
Printf ("dictionary file generation failed. \ n ");
Goto end;
}