New password hashing scheme as plugin
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Aug 5 08:59:25 UTC 2016
On 02.08.2016 00:46, Andreas Meyer wrote:
> 2016-08-01 15:58 GMT+02:00 <aki.tuomi at dovecot.fi>:
>
>>> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote:
>>>
>>>
>>>
>>>> On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com>
>> wrote:
>>>>
>>>> 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
>>>>
>>>>>> On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com
>>>>> wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> I want to add a new password hashing scheme as plugin and provide
>> it for
>>>>>> the dovecot project, so that it will be included as optional
>> plugin in
>>>>>> future releases.
>>>>>>
>>>>>> Yet the plugin compiles fine and the .so file gets created.
>>>>>>
>>>>>> My approach is to call the functions password_scheme_register() and
>>>>>> password_scheme_unregister() (src/auth/password-scheme.c) inside
>> the
>>>>>> plugin's _init() and _deinit() functions.
>>>>>>
>>>>>> When a client tries to login via imap the log shows an error
>> message:
>>>>>> Error: Couldn't load required plugin
>>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
>>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
>>>>>> password_scheme_unregister
>>>>>>
>>>>>> That error obviously occurs, because the required lib is not
>> linked into
>>>>>> the plugin.
>>>>>>
>>>>>>
>>>>>> Now my problem is to understand, whether this approach (via .so
>> file) can
>>>>>> be successful at all and if so, how?
>>>>>> Do I need to link libs into it? Which would that be and how do I
>> specify
>>>>>> them in the Makefile.am?
>>>>>>
>>>>>> I assume, I don't need to link a lib, but need to use a hook to
>> register
>>>>>> the new hashing scheme, since the plugin is loaded into an already
>>>>> existing
>>>>>> process, which needs to get extended. If this is true, which hook
>> would
>>>>>> that be and how do I register the new scheme?
>>>>>>
>>>>>> Or is there no way to accomplish this via a separated .so plugin?
>> Should
>>>>> I
>>>>>> extend the sources in /src/auth instead? (separat file for the
>> hashing
>>>>>> scheme with preprocessor instructions to include it only on demand)
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thank you very much,
>>>>>>
>>>>>> Andreas
>>>>> Can you publish your code in, say, github.com and provide link to
>> it?
>>>>> New password scheme is doable as plugin but it needs to placed in
>> different
>>>>> place and it will be autoloaded.
>>>>>
>>>>> Aki
>>>>>
>>>>
>>>>
>>>>
>>>> I created two branches. Both compile fine with the option:
>> --with-libsodium
>>>> Branch #1)
>>>>
>>>>
>> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin
>>>> This is my try to add libsodium support as plugin. When the plugin is
>>>> loaded, it exits with the mentioned error message "undefined symbol:
>>>> password_scheme_unregister"
>>>>
>>>>
>>>> Branch #2)
>>>>
>>>>
>> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth
>>>> This compiles fine and also works. The new hashing schemes SCRYPT and
>>>> ARGON2 are available to dovecot.
>>>> Libsodium support is not created as module, but only added if the
>>>> --with-libsodium option was passed to configure.
>>>>
>>>>
>>>>
>>>> Regards,
>>>> Andreas
>>> Hi!
>>>
>>> I had a look at your code and noticed you had tried to put it in
>> dovecot's tree. I would recommend making completely separate plugin of it.
>> It's not very hard, I can help you out there. It does not need to be in
>> src/plugins, the source supports fully external plugins that you can then
>> install separately.
>>> This would make it lot more easier to develop the plugin. I'll see if I
>> can make you a little skeleton to help you out with this, you can then use
>> it as basis for your auth plugin.
>>> Aki
>> https://github.com/cmouse/dovecot-password-scheme-plugin
>>
>> is the plugin template you can use. please see if it helps you out.
>>
>> Aki
>>
>
>
> Thank you very much for the skeleton. It really helped a lot.
>
> I created this repository and checked in my changes:
> https://github.com/LuckyFellow/dovecot-libsodium-plugin
> It compiles and installs fine. The auth module loads the plugin
> automatically on demand, the hashing schemes are available and they work.
>
> What do I need to do, so that you can include it as plugin?
>
>
> Regards,
> Andreas
We don't need to include it ourselves, you can tell people it exists
there, and they can compile it with their dovecot installation. We can
add wiki page for the plugin to guide people to your page.
It will be automatically included after make install, you can try it out
with
doveadm pw -s <scheme name>
Aki
More information about the dovecot
mailing list