New password hashing scheme as plugin
Andreas Meyer
luckyfellow42 at gmail.com
Fri Aug 5 09:09:45 UTC 2016
2016-08-05 10:59 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>
> On 02.08.2016 00:46, Andreas Meyer wrote:
> > 2016-08-01 15:58 GMT+02:00 <aki.tuomi at dovecot.fi>:
> >
> >>> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote:
> >>>
> >>>
> >>>
> >>>> On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at gmail.com>
> >> wrote:
> >>>>
> >>>> 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
> >>>>
> >>>>>> On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at gmail.com
> >>>>> wrote:
> >>>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>>
> >>>>>> I want to add a new password hashing scheme as plugin and provide
> >> it for
> >>>>>> the dovecot project, so that it will be included as optional
> >> plugin in
> >>>>>> future releases.
> >>>>>>
> >>>>>> Yet the plugin compiles fine and the .so file gets created.
> >>>>>>
> >>>>>> My approach is to call the functions password_scheme_register() and
> >>>>>> password_scheme_unregister() (src/auth/password-scheme.c) inside
> >> the
> >>>>>> plugin's _init() and _deinit() functions.
> >>>>>>
> >>>>>> When a client tries to login via imap the log shows an error
> >> message:
> >>>>>> Error: Couldn't load required plugin
> >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
> >>>>>> /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
> >>>>>> password_scheme_unregister
> >>>>>>
> >>>>>> That error obviously occurs, because the required lib is not
> >> linked into
> >>>>>> the plugin.
> >>>>>>
> >>>>>>
> >>>>>> Now my problem is to understand, whether this approach (via .so
> >> file) can
> >>>>>> be successful at all and if so, how?
> >>>>>> Do I need to link libs into it? Which would that be and how do I
> >> specify
> >>>>>> them in the Makefile.am?
> >>>>>>
> >>>>>> I assume, I don't need to link a lib, but need to use a hook to
> >> register
> >>>>>> the new hashing scheme, since the plugin is loaded into an already
> >>>>> existing
> >>>>>> process, which needs to get extended. If this is true, which hook
> >> would
> >>>>>> that be and how do I register the new scheme?
> >>>>>>
> >>>>>> Or is there no way to accomplish this via a separated .so plugin?
> >> Should
> >>>>> I
> >>>>>> extend the sources in /src/auth instead? (separat file for the
> >> hashing
> >>>>>> scheme with preprocessor instructions to include it only on demand)
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Thank you very much,
> >>>>>>
> >>>>>> Andreas
> >>>>> Can you publish your code in, say, github.com and provide link to
> >> it?
> >>>>> New password scheme is doable as plugin but it needs to placed in
> >> different
> >>>>> place and it will be autoloaded.
> >>>>>
> >>>>> Aki
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> I created two branches. Both compile fine with the option:
> >> --with-libsodium
> >>>> Branch #1)
> >>>>
> >>>>
> >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_
> libsodium_plugin
> >>>> This is my try to add libsodium support as plugin. When the plugin is
> >>>> loaded, it exits with the mentioned error message "undefined symbol:
> >>>> password_scheme_unregister"
> >>>>
> >>>>
> >>>> Branch #2)
> >>>>
> >>>>
> >> https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_
> libsodium_auth
> >>>> This compiles fine and also works. The new hashing schemes SCRYPT and
> >>>> ARGON2 are available to dovecot.
> >>>> Libsodium support is not created as module, but only added if the
> >>>> --with-libsodium option was passed to configure.
> >>>>
> >>>>
> >>>>
> >>>> Regards,
> >>>> Andreas
> >>> Hi!
> >>>
> >>> I had a look at your code and noticed you had tried to put it in
> >> dovecot's tree. I would recommend making completely separate plugin of
> it.
> >> It's not very hard, I can help you out there. It does not need to be in
> >> src/plugins, the source supports fully external plugins that you can
> then
> >> install separately.
> >>> This would make it lot more easier to develop the plugin. I'll see if I
> >> can make you a little skeleton to help you out with this, you can then
> use
> >> it as basis for your auth plugin.
> >>> Aki
> >> https://github.com/cmouse/dovecot-password-scheme-plugin
> >>
> >> is the plugin template you can use. please see if it helps you out.
> >>
> >> Aki
> >>
> >
> >
> > Thank you very much for the skeleton. It really helped a lot.
> >
> > I created this repository and checked in my changes:
> > https://github.com/LuckyFellow/dovecot-libsodium-plugin
> > It compiles and installs fine. The auth module loads the plugin
> > automatically on demand, the hashing schemes are available and they work.
> >
> > What do I need to do, so that you can include it as plugin?
> >
> >
> > Regards,
> > Andreas
> We don't need to include it ourselves, you can tell people it exists
> there, and they can compile it with their dovecot installation. We can
> add wiki page for the plugin to guide people to your page.
>
> It will be automatically included after make install, you can try it out
> with
>
> doveadm pw -s <scheme name>
>
> Aki
>
Alright. It would be awesome if you add a hint to the plugin to the dovecot
wiki.
Thank you very much for your help.
Andreas
More information about the dovecot
mailing list