New password hashing scheme as plugin

aki.tuomi at dovecot.fi aki.tuomi at dovecot.fi
Mon Aug 1 13:58:17 UTC 2016


> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote:
> 
> 
> 
> > On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com> wrote:
> > 
> > 
> > 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
> > 
> > >
> > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com>
> > > wrote:
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > > I want to add a new password hashing scheme as plugin and provide it for
> > > > the dovecot project, so that it will be included as optional plugin in
> > > > future releases.
> > > >
> > > > Yet the plugin compiles fine and the .so file gets created.
> > > >
> > > > My approach is to call the functions password_scheme_register() and
> > > > password_scheme_unregister() (src/auth/password-scheme.c) inside the
> > > > plugin's _init() and _deinit() functions.
> > > >
> > > > When a client tries to login via imap the log shows an error message:
> > > >
> > > > Error: Couldn't load required plugin
> > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
> > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
> > > > password_scheme_unregister
> > > >
> > > > That error obviously occurs, because the required lib is not linked into
> > > > the plugin.
> > > >
> > > >
> > > > Now my problem is to understand, whether this approach (via .so file) can
> > > > be successful at all and if so, how?
> > > > Do I need to link libs into it? Which would that be and how do I specify
> > > > them in the Makefile.am?
> > > >
> > > > I assume, I don't need to link a lib, but need to use a hook to register
> > > > the new hashing scheme, since the plugin is loaded into an already
> > > existing
> > > > process, which needs to get extended. If this is true, which hook would
> > > > that be and how do I register the new scheme?
> > > >
> > > > Or is there no way to accomplish this via a separated .so plugin? Should
> > > I
> > > > extend the sources in /src/auth instead? (separat file for the hashing
> > > > scheme with preprocessor instructions to include it only on demand)
> > > >
> > > >
> > > >
> > > > Thank you very much,
> > > >
> > > > Andreas
> > >
> > > Can you publish your code in, say, github.com and provide link to it?
> > > New password scheme is doable as plugin but it needs to placed in different
> > > place and it will be autoloaded.
> > >
> > > Aki
> > >
> > 
> > 
> > 
> > 
> > I created two branches. Both compile fine with the option: --with-libsodium
> > 
> > Branch #1)
> > 
> > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin
> > 
> > This is my try to add libsodium support as plugin. When the plugin is
> > loaded, it exits with the mentioned error message "undefined symbol:
> > password_scheme_unregister"
> > 
> > 
> > Branch #2)
> > 
> > https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth
> > 
> > This compiles fine and also works. The new hashing schemes SCRYPT and
> > ARGON2 are available to dovecot.
> > Libsodium support is not created as module, but only added if the
> > --with-libsodium option was passed to configure.
> > 
> > 
> > 
> > Regards,
> > Andreas
> 
> Hi!
> 
> I had a look at your code and noticed you had tried to put it in dovecot's tree. I would recommend making completely separate plugin of it. It's not very hard, I can help you out there. It does not need to be in src/plugins, the source supports fully external plugins that you can then install separately.
> 
> This would make it lot more easier to develop the plugin. I'll see if I can make you a little skeleton to help you out with this, you can then use it as basis for your auth plugin.
> 
> Aki

https://github.com/cmouse/dovecot-password-scheme-plugin

is the plugin template you can use. please see if it helps you out.

Aki


More information about the dovecot mailing list