dovecot - Aug 2016 - New password hashing scheme as plugin

2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
>
> > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at
gmail.com>
> wrote:
> >
> >
> > Hi,
> >
> >
> > I want to add a new password hashing scheme as plugin and provide it
for
> > the dovecot project, so that it will be included as optional plugin in
> > future releases.
> >
> > Yet the plugin compiles fine and the .so file gets created.
> >
> > My approach is to call the functions password_scheme_register() and
> > password_scheme_unregister() (src/auth/password-scheme.c) inside the
> > plugin's _init() and _deinit() functions.
> >
> > When a client tries to login via imap the log shows an error message:
> >
> > Error: Couldn't load required plugin
> > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
> > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
> > password_scheme_unregister
> >
> > That error obviously occurs, because the required lib is not linked
into
> > the plugin.
> >
> >
> > Now my problem is to understand, whether this approach (via .so file)
can
> > be successful at all and if so, how?
> > Do I need to link libs into it? Which would that be and how do I
specify
> > them in the Makefile.am?
> >
> > I assume, I don't need to link a lib, but need to use a hook to
register
> > the new hashing scheme, since the plugin is loaded into an already
> existing
> > process, which needs to get extended. If this is true, which hook
would
> > that be and how do I register the new scheme?
> >
> > Or is there no way to accomplish this via a separated .so plugin?
Should
> I
> > extend the sources in /src/auth instead? (separat file for the hashing
> > scheme with preprocessor instructions to include it only on demand)
> >
> >
> >
> > Thank you very much,
> >
> > Andreas
>
> Can you publish your code in, say, github.com and provide link to it?
> New password scheme is doable as plugin but it needs to placed in different
> place and it will be autoloaded.
>
> Aki
>



I created two branches. Both compile fine with the option: --with-libsodium

Branch #1)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin

This is my try to add libsodium support as plugin. When the plugin is
loaded, it exits with the mentioned error message "undefined symbol:
password_scheme_unregister"


Branch #2)

https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth

This compiles fine and also works. The new hashing schemes SCRYPT and
ARGON2 are available to dovecot.
Libsodium support is not created as module, but only added if the
--with-libsodium option was passed to configure.



Regards,
Andreas

> On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at
gmail.com> wrote:
> 
> 
> 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
> 
> >
> > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at
gmail.com>
> > wrote:
> > >
> > >
> > > Hi,
> > >
> > >
> > > I want to add a new password hashing scheme as plugin and provide
it for
> > > the dovecot project, so that it will be included as optional
plugin in
> > > future releases.
> > >
> > > Yet the plugin compiles fine and the .so file gets created.
> > >
> > > My approach is to call the functions password_scheme_register()
and
> > > password_scheme_unregister() (src/auth/password-scheme.c) inside
the
> > > plugin's _init() and _deinit() functions.
> > >
> > > When a client tries to login via imap the log shows an error
message:
> > >
> > > Error: Couldn't load required plugin
> > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
> > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
> > > password_scheme_unregister
> > >
> > > That error obviously occurs, because the required lib is not
linked into
> > > the plugin.
> > >
> > >
> > > Now my problem is to understand, whether this approach (via .so
file) can
> > > be successful at all and if so, how?
> > > Do I need to link libs into it? Which would that be and how do I
specify
> > > them in the Makefile.am?
> > >
> > > I assume, I don't need to link a lib, but need to use a hook
to register
> > > the new hashing scheme, since the plugin is loaded into an
already
> > existing
> > > process, which needs to get extended. If this is true, which hook
would
> > > that be and how do I register the new scheme?
> > >
> > > Or is there no way to accomplish this via a separated .so plugin?
Should
> > I
> > > extend the sources in /src/auth instead? (separat file for the
hashing
> > > scheme with preprocessor instructions to include it only on
demand)
> > >
> > >
> > >
> > > Thank you very much,
> > >
> > > Andreas
> >
> > Can you publish your code in, say, github.com and provide link to it?
> > New password scheme is doable as plugin but it needs to placed in
different
> > place and it will be autoloaded.
> >
> > Aki
> >
> 
> 
> 
> 
> I created two branches. Both compile fine with the option: --with-libsodium
> 
> Branch #1)
> 
>
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin
> 
> This is my try to add libsodium support as plugin. When the plugin is
> loaded, it exits with the mentioned error message "undefined symbol:
> password_scheme_unregister"
> 
> 
> Branch #2)
> 
>
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth
> 
> This compiles fine and also works. The new hashing schemes SCRYPT and
> ARGON2 are available to dovecot.
> Libsodium support is not created as module, but only added if the
> --with-libsodium option was passed to configure.
> 
> 
> 
> Regards,
> Andreas
Hi!

I'll take a look. It's completely doable as plugin, just needs some
things done right.

Aki

> On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at
gmail.com> wrote:
> 
> 
> 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
> 
> >
> > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42 at
gmail.com>
> > wrote:
> > >
> > >
> > > Hi,
> > >
> > >
> > > I want to add a new password hashing scheme as plugin and provide
it for
> > > the dovecot project, so that it will be included as optional
plugin in
> > > future releases.
> > >
> > > Yet the plugin compiles fine and the .so file gets created.
> > >
> > > My approach is to call the functions password_scheme_register()
and
> > > password_scheme_unregister() (src/auth/password-scheme.c) inside
the
> > > plugin's _init() and _deinit() functions.
> > >
> > > When a client tries to login via imap the log shows an error
message:
> > >
> > > Error: Couldn't load required plugin
> > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen() failed:
> > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined symbol:
> > > password_scheme_unregister
> > >
> > > That error obviously occurs, because the required lib is not
linked into
> > > the plugin.
> > >
> > >
> > > Now my problem is to understand, whether this approach (via .so
file) can
> > > be successful at all and if so, how?
> > > Do I need to link libs into it? Which would that be and how do I
specify
> > > them in the Makefile.am?
> > >
> > > I assume, I don't need to link a lib, but need to use a hook
to register
> > > the new hashing scheme, since the plugin is loaded into an
already
> > existing
> > > process, which needs to get extended. If this is true, which hook
would
> > > that be and how do I register the new scheme?
> > >
> > > Or is there no way to accomplish this via a separated .so plugin?
Should
> > I
> > > extend the sources in /src/auth instead? (separat file for the
hashing
> > > scheme with preprocessor instructions to include it only on
demand)
> > >
> > >
> > >
> > > Thank you very much,
> > >
> > > Andreas
> >
> > Can you publish your code in, say, github.com and provide link to it?
> > New password scheme is doable as plugin but it needs to placed in
different
> > place and it will be autoloaded.
> >
> > Aki
> >
> 
> 
> 
> 
> I created two branches. Both compile fine with the option: --with-libsodium
> 
> Branch #1)
> 
>
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin
> 
> This is my try to add libsodium support as plugin. When the plugin is
> loaded, it exits with the mentioned error message "undefined symbol:
> password_scheme_unregister"
> 
> 
> Branch #2)
> 
>
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth
> 
> This compiles fine and also works. The new hashing schemes SCRYPT and
> ARGON2 are available to dovecot.
> Libsodium support is not created as module, but only added if the
> --with-libsodium option was passed to configure.
> 
> 
> 
> Regards,
> Andreas
Hi!

I had a look at your code and noticed you had tried to put it in dovecot's
tree. I would recommend making completely separate plugin of it. It's not
very hard, I can help you out there. It does not need to be in src/plugins, the
source supports fully external plugins that you can then install separately.

This would make it lot more easier to develop the plugin. I'll see if I can
make you a little skeleton to help you out with this, you can then use it as
basis for your auth plugin.

Aki

> On August 1, 2016 at 4:38 PM aki.tuomi at dovecot.fi wrote:
> 
> 
> 
> > On August 1, 2016 at 3:45 PM Andreas Meyer <luckyfellow42 at
gmail.com> wrote:
> > 
> > 
> > 2016-07-31 16:39 GMT+02:00 <aki.tuomi at dovecot.fi>:
> > 
> > >
> > > > On July 27, 2016 at 2:08 AM Andreas Meyer <luckyfellow42
at gmail.com>
> > > wrote:
> > > >
> > > >
> > > > Hi,
> > > >
> > > >
> > > > I want to add a new password hashing scheme as plugin and
provide it for
> > > > the dovecot project, so that it will be included as optional
plugin in
> > > > future releases.
> > > >
> > > > Yet the plugin compiles fine and the .so file gets created.
> > > >
> > > > My approach is to call the functions
password_scheme_register() and
> > > > password_scheme_unregister() (src/auth/password-scheme.c)
inside the
> > > > plugin's _init() and _deinit() functions.
> > > >
> > > > When a client tries to login via imap the log shows an error
message:
> > > >
> > > > Error: Couldn't load required plugin
> > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: dlopen()
failed:
> > > > /usr/local/lib/dovecot/lib20_newauth_plugin.so: undefined
symbol:
> > > > password_scheme_unregister
> > > >
> > > > That error obviously occurs, because the required lib is not
linked into
> > > > the plugin.
> > > >
> > > >
> > > > Now my problem is to understand, whether this approach (via
.so file) can
> > > > be successful at all and if so, how?
> > > > Do I need to link libs into it? Which would that be and how
do I specify
> > > > them in the Makefile.am?
> > > >
> > > > I assume, I don't need to link a lib, but need to use a
hook to register
> > > > the new hashing scheme, since the plugin is loaded into an
already
> > > existing
> > > > process, which needs to get extended. If this is true, which
hook would
> > > > that be and how do I register the new scheme?
> > > >
> > > > Or is there no way to accomplish this via a separated .so
plugin? Should
> > > I
> > > > extend the sources in /src/auth instead? (separat file for
the hashing
> > > > scheme with preprocessor instructions to include it only on
demand)
> > > >
> > > >
> > > >
> > > > Thank you very much,
> > > >
> > > > Andreas
> > >
> > > Can you publish your code in, say, github.com and provide link to
it?
> > > New password scheme is doable as plugin but it needs to placed in
different
> > > place and it will be autoloaded.
> > >
> > > Aki
> > >
> > 
> > 
> > 
> > 
> > I created two branches. Both compile fine with the option:
--with-libsodium
> > 
> > Branch #1)
> > 
> >
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_plugin
> > 
> > This is my try to add libsodium support as plugin. When the plugin is
> > loaded, it exits with the mentioned error message "undefined
symbol:
> > password_scheme_unregister"
> > 
> > 
> > Branch #2)
> > 
> >
https://github.com/LuckyFellow/dovecot-core-libsodium/tree/2.2.25_libsodium_auth
> > 
> > This compiles fine and also works. The new hashing schemes SCRYPT and
> > ARGON2 are available to dovecot.
> > Libsodium support is not created as module, but only added if the
> > --with-libsodium option was passed to configure.
> > 
> > 
> > 
> > Regards,
> > Andreas
> 
> Hi!
> 
> I had a look at your code and noticed you had tried to put it in
dovecot's tree. I would recommend making completely separate plugin of it.
It's not very hard, I can help you out there. It does not need to be in
src/plugins, the source supports fully external plugins that you can then
install separately.
> 
> This would make it lot more easier to develop the plugin. I'll see if I
can make you a little skeleton to help you out with this, you can then use it as
basis for your auth plugin.
> 
> Aki
https://github.com/cmouse/dovecot-password-scheme-plugin

is the plugin template you can use. please see if it helps you out.

Aki