Re: Example for a password storage scheme plug-in (SLAPI_PLUGIN_PWD_STORAGE_SCHEME) - bcrypt?

[Ludwig Krispenz <lkrispen@xxxxxxxxxx>]

Hi William,

I think Harald was asking how to extend an existing deployment with a plugin, not to build a new plugin into the core. Just use it with a standard build.

Unfortunately our plugin guide is a bit old and the example plugins are no longer installed with the server. The best you could get is checking out the code and then look into the folder test-plugins, there are examples and Makefiles - but not up to date.

Regards,
Ludwig

On 01/15/2020 07:20 AM, William Brown wrote:

Hi Harald,

The most recently developed scheme was pbkdf2_pwd.c, so it likely has the "best" example of how to make a module. I've attached the original PBKDF2 diff so you can see the other files that may need to be altered, but the list is:

+++ Makefile.am
+++ dirsrvtests/tests/tickets/ticket397_test.py
+++ ldap/ldif/template-dse.ldif.in
+++ ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
+++ ldap/servers/plugins/pwdstorage/pwd_init.c
+++ ldap/servers/plugins/pwdstorage/pwdstorage.h
+++ ldap/servers/slapd/pw.c
+++ ldap/servers/slapd/pw.h

There have also been a number of changes to the pbkdf2 module since, so it's best to look at the "latest" version of pbkdf2_pwd.c of course.

I'd like to ask what scheme you were planning to add, as if it's relevant we could consider upstreaming it into the server. It's also good as we can provide code review and advice to help as well. 

Hope this helps!

PS: I'm at a conference so I may be slow to respond this week

On 15 Jan 2020, at 03:52, Harald Strack <hstrack@xxxxxxxxxxx> wrote:

Hi,

we need to implement a  password storage scheme plug-in for the 389 directory server. Especially we need to implement bcrypt support.  We checked the source code and documentation and found out that we need to write a SLAPI_PLUGIN_PWD_STORAGE_SCHEME plugin.

Some plugins of this type are in the source of 389-base are in 389-ds-base/ldap/servers/plugins/pwdstorage, a good starting point seems to be one of these

clear_pwd.c
crypt_pwd.c
md5c.c
md5.h
md5_pwd.c
ns-mta-md5_pwd.bu
ns-mta-md5_pwd.c
pbkdf2_pwd.c
pwd_init.c
pwdstorage.h
pwd_util.c
sha_pwd.c
smd5_pwd.c
ssha_pwd.c

But these are core plugins. How do we implement a plugin as extension? An example project with autoconf / makefile(s) etc. would be great. Any help would be greatly appreciated!

br

Harald






_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx

-- 
Red Hat GmbH, http://www.de.redhat.com/, Sitz: Grasbrunn, 
Handelsregister: Amtsgericht München, HRB 153243,
Geschäftsführer: Charles Cachera, Laurie Krebs, Michael O'Neill, Thomas Savage

_______________________________________________
389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-devel@xxxxxxxxxxxxxxxxxxxxxxx