2016-07-31 16:39 GMT+02:00 aki.tuomi@dovecot.fi:

...

On July 27, 2016 at 2:08 AM Andreas Meyer luckyfellow42@gmail.com wrote:

Hi,

I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases.

Yet the plugin compiles fine and the .so file gets created.

My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit() functions.

When a client tries to login via imap the log shows an error message:

Error: Couldn't load required plugin /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: password_scheme_unregister

That error obviously occurs, because the required lib is not linked into the plugin.

Now my problem is to understand, whether this approach (via .so file) can be successful at all and if so, how? Do I need to link libs into it? Which would that be and how do I specify them in the Makefile.am?

I assume, I don't need to link a lib, but need to use a hook to register the new hashing scheme, since the plugin is loaded into an already existing process, which needs to get extended. If this is true, which hook would that be and how do I register the new scheme?

Or is there no way to accomplish this via a separated .so plugin? Should I extend the sources in /src/auth instead? (separat file for the hashing scheme with preprocessor instructions to include it only on demand)

Thank you very much,

Andreas

Can you publish your code in, say, github.com and provide link to it? New password scheme is doable as plugin but it needs to placed in different place and it will be autoloaded.

Aki

I created two branches. Both compile fine with the option: --with-libsodium

Branch #1)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

This is my try to add libsodium support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister"

Branch #2)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure.

Regards, Andreas

On August 1, 2016 at 3:45 PM Andreas Meyer luckyfellow42@gmail.com wrote:

2016-07-31 16:39 GMT+02:00 aki.tuomi@dovecot.fi:

...

...

On July 27, 2016 at 2:08 AM Andreas Meyer luckyfellow42@gmail.com wrote:

Hi,

I want to add a new password hashing scheme as plugin and provide it for the dovecot project, so that it will be included as optional plugin in future releases.

Yet the plugin compiles fine and the .so file gets created.

My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside the plugin's _init() and _deinit() functions.

When a client tries to login via imap the log shows an error message:

Error: Couldn't load required plugin /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: password_scheme_unregister

That error obviously occurs, because the required lib is not linked into the plugin.

Now my problem is to understand, whether this approach (via .so file) can be successful at all and if so, how? Do I need to link libs into it? Which would that be and how do I specify them in the Makefile.am?

I assume, I don't need to link a lib, but need to use a hook to register the new hashing scheme, since the plugin is loaded into an already existing process, which needs to get extended. If this is true, which hook would that be and how do I register the new scheme?

Or is there no way to accomplish this via a separated .so plugin? Should I extend the sources in /src/auth instead? (separat file for the hashing scheme with preprocessor instructions to include it only on demand)

Thank you very much,

Andreas

Can you publish your code in, say, github.com and provide link to it? New password scheme is doable as plugin but it needs to placed in different place and it will be autoloaded.

Aki

I created two branches. Both compile fine with the option: --with-libsodium

Branch #1)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

This is my try to add libsodium support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister"

Branch #2)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure.

Regards, Andreas

Hi!

I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can then install separately.

This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin.

Aki

2016-08-01 15:58 GMT+02:00 aki.tuomi@dovecot.fi:

...

On August 1, 2016 at 4:38 PM aki.tuomi@dovecot.fi wrote:

...

On August 1, 2016 at 3:45 PM Andreas Meyer luckyfellow42@gmail.com wrote:

2016-07-31 16:39 GMT+02:00 aki.tuomi@dovecot.fi:

...

...

On July 27, 2016 at 2:08 AM Andreas Meyer

...

...

wrote:

...

Hi,

I want to add a new password hashing scheme as plugin and provide

...

the dovecot project, so that it will be included as optional

...

future releases.

Yet the plugin compiles fine and the .so file gets created.

My approach is to call the functions password_scheme_register() and password_scheme_unregister() (src/auth/password-scheme.c) inside

...

plugin's _init() and _deinit() functions.

When a client tries to login via imap the log shows an error message:

Error: Couldn't load required plugin /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: password_scheme_unregister

That error obviously occurs, because the required lib is not

it for plugin in the linked into

...

the plugin.

Now my problem is to understand, whether this approach (via .so file) can be successful at all and if so, how? Do I need to link libs into it? Which would that be and how do I specify them in the Makefile.am?

I assume, I don't need to link a lib, but need to use a hook to register the new hashing scheme, since the plugin is loaded into an already existing process, which needs to get extended. If this is true, which hook would that be and how do I register the new scheme?

Or is there no way to accomplish this via a separated .so plugin? Should I extend the sources in /src/auth instead? (separat file for the hashing scheme with preprocessor instructions to include it only on demand)

Thank you very much,

Andreas

Can you publish your code in, say, github.com and provide link to it? New password scheme is doable as plugin but it needs to placed in different place and it will be autoloaded.

Aki

I created two branches. Both compile fine with the option: --with-libsodium

Branch #1)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

...

This is my try to add libsodium support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister"

Branch #2)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_...

...

This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure.

Regards, Andreas

Hi!

I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can then install separately.

This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin.

Aki

https://github.com/cmouse/dovecot-password-scheme-plugin

is the plugin template you can use. please see if it helps you out.

Aki

Thank you very much for the skeleton. It really helped a lot.

I created this repository and checked in my changes: https://github.com/LuckyFellow/dovecot-libsodium-plugin It compiles and installs fine. The auth module loads the plugin automatically on demand, the hashing schemes are available and they work.

What do I need to do, so that you can include it as plugin?

Regards, Andreas

2016-08-05 10:59 GMT+02:00 Aki Tuomi aki.tuomi@dovecot.fi:

...

2016-08-01 15:58 GMT+02:00 aki.tuomi@dovecot.fi:

...

...

On August 1, 2016 at 4:38 PM aki.tuomi@dovecot.fi wrote:

...

On August 1, 2016 at 3:45 PM Andreas Meyer luckyfellow42@gmail.com wrote:

2016-07-31 16:39 GMT+02:00 aki.tuomi@dovecot.fi:

...

> On July 27, 2016 at 2:08 AM Andreas Meyer > Hi, > > > I want to add a new password hashing scheme as plugin and provide it for > the dovecot project, so that it will be included as optional plugin in > future releases. > > Yet the plugin compiles fine and the .so file gets created. > > My approach is to call the functions password_scheme_register() and > password_scheme_unregister() (src/auth/password-scheme.c) inside the > plugin's _init() and _deinit() functions. > > When a client tries to login via imap the log shows an error message: > Error: Couldn't load required plugin > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed: > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol: > password_scheme_unregister > > That error obviously occurs, because the required lib is not linked into > the plugin. > > > Now my problem is to understand, whether this approach (via .so file) can > be successful at all and if so, how? > Do I need to link libs into it? Which would that be and how do I specify > them in the Makefile.am? > > I assume, I don't need to link a lib, but need to use a hook to register > the new hashing scheme, since the plugin is loaded into an already existing > process, which needs to get extended. If this is true, which hook would > that be and how do I register the new scheme? > > Or is there no way to accomplish this via a separated .so plugin? Should I > extend the sources in /src/auth instead? (separat file for the hashing > scheme with preprocessor instructions to include it only on demand) > > > > Thank you very much, > > Andreas Can you publish your code in, say, github.com and provide link to it? New password scheme is doable as plugin but it needs to placed in different place and it will be autoloaded.

Aki

I created two branches. Both compile fine with the option: --with-libsodium Branch #1)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_

...

...

...

...

This is my try to add libsodium support as plugin. When the plugin is loaded, it exits with the mentioned error message "undefined symbol: password_scheme_unregister"

Branch #2)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_

...

...

...

...

This compiles fine and also works. The new hashing schemes SCRYPT and ARGON2 are available to dovecot. Libsodium support is not created as module, but only added if the --with-libsodium option was passed to configure.

Regards, Andreas Hi!

I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can

...

...

install separately.

...

This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin. Aki https://github.com/cmouse/dovecot-password-scheme-plugin

is the plugin template you can use. please see if it helps you out.

Aki

Thank you very much for the skeleton. It really helped a lot.

I created this repository and checked in my changes: https://github.com/LuckyFellow/dovecot-libsodium-plugin It compiles and installs fine. The auth module loads the plugin automatically on demand, the hashing schemes are available and they work.

What do I need to do, so that you can include it as plugin?

Regards, Andreas We don't need to include it ourselves, you can tell people it exists

On 02.08.2016 00:46, Andreas Meyer wrote: libsodium_plugin libsodium_auth then there, and they can compile it with their dovecot installation. We can add wiki page for the plugin to guide people to your page.

It will be automatically included after make install, you can try it out with

doveadm pw -s <scheme name>

Aki

Alright. It would be awesome if you add a hint to the plugin to the dovecot wiki.

Thank you very much for your help.

Andreas