Commit 615ae1f4 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount

ITS#9453 - Make pw argon2 official

parent 171e0d89
Pipeline #1969 passed with stage
in 50 minutes and 29 seconds
......@@ -23,7 +23,7 @@ build-openssl-heimdal-lloadd:
stage: build
script:
- apt update
- DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev heimdal-multidev libssl-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev heimdal-kdc libsasl2-modules-gssapi-heimdal sasl2-bin libevent-dev
- DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev heimdal-multidev libssl-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev heimdal-kdc libsasl2-modules-gssapi-heimdal sasl2-bin libevent-dev libargon2-dev
- autoreconf
- ./configure --enable-backends=mod --enable-overlays=mod --enable-modules --enable-dynamic --disable-ndb --enable-balancer=mod --disable-asyncmeta
- make depend
......@@ -41,7 +41,7 @@ build-gnutls-mit-standalone-lloadd:
stage: build
script:
- apt update
- DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev krb5-user krb5-kdc krb5-admin-server libsasl2-modules-gssapi-mit sasl2-bin libgnutls28-dev libevent-dev
- DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev krb5-user krb5-kdc krb5-admin-server libsasl2-modules-gssapi-mit sasl2-bin libgnutls28-dev libevent-dev libargon2-dev
- autoreconf
- ./configure --enable-backends=mod --enable-overlays=mod --disable-autoca --enable-modules --enable-dynamic --disable-ndb --enable-balancer=yes --disable-asyncmeta
- make depend
......
......@@ -194,6 +194,7 @@ KRB_LIBS = @KRB4_LIBS@ @KRB5_LIBS@
SASL_LIBS = @SASL_LIBS@
TLS_LIBS = @TLS_LIBS@
AUTH_LIBS = @AUTH_LIBS@
ARGON2_LIBS = @ARGON2_LIBS@
SECURITY_LIBS = $(SASL_LIBS) $(KRB_LIBS) $(TLS_LIBS) $(AUTH_LIBS)
MODULES_CPPFLAGS = @SLAPD_MODULES_CPPFLAGS@
......
......@@ -363,6 +363,8 @@ Overlays="accesslog \
unique \
valsort"
Pwmods="argon2"
AC_ARG_ENABLE(xxslapoverlays,[
SLAPD Overlay Options:])
......@@ -413,6 +415,16 @@ OL_ARG_ENABLE(unique, [AS_HELP_STRING([--enable-unique], [Attribute Uniqueness o
OL_ARG_ENABLE(valsort, [AS_HELP_STRING([--enable-valsort], [Value Sorting overlay])],
no, [no yes mod], ol_enable_overlays)
dnl ----------------------------------------------------------------
dnl PASSWORD MODULE OPTIONS
AC_ARG_ENABLE(pwmodoptions,[
SLAPD Password Module Options:])
OL_ARG_ENABLE(argon2, [AS_HELP_STRING([--enable-argon2], [Argon2 password hashing module])],
no, [no yes], ol_enable_pwmodules)
OL_ARG_WITH(argon2,
[AS_HELP_STRING([--with-argon2], [with argon2 support library auto|libsodum|libargon2])],
auto, [auto libsodium libargon2 yes no] )
dnl ----------------------------------------------------------------
dnl BALANCER OPTIONS
AC_ARG_ENABLE(balanceroptions,[
......@@ -442,7 +454,7 @@ if test $ol_enable_slapd = no ; then
fi
done
for i in $Backends $Overlays; do
for i in $Backends $Overlays $Pwmods; do
eval "ol_tmp=\$ol_enable_$i"
if test $ol_tmp != no ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-$i argument])
......@@ -467,6 +479,13 @@ else
fi
done
for i in $Pwmods; do
eval "ol_tmp=\$ol_enable_$i"
if test -n "$ol_tmp" && test "$ol_tmp" = yes ; then
AC_MSG_ERROR([--enable-$i=yes requires --enable-modules])
fi
done
ol_any_backend=no
for i in $Backends; do
eval "ol_tmp=\$ol_enable_$i"
......@@ -582,9 +601,13 @@ BUILD_TRANSLUCENT=no
BUILD_UNIQUE=no
BUILD_VALSORT=no
BUILD_PW_ARGON2=no
SLAPD_STATIC_OVERLAYS=
SLAPD_DYNAMIC_OVERLAYS=
SLAPD_DYNAMIC_PWMODS=
SLAPD_MODULES_LDFLAGS=
SLAPD_MODULES_CPPFLAGS=
......@@ -2973,6 +2996,50 @@ if test "$ol_enable_valsort" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay])
fi
ol_link_argon2=no
if test "$ol_enable_argon2" = "yes" ; then
if test $ol_with_argon2 = libargon2 || test $ol_with_argon2 = auto; then
AC_CHECK_HEADERS(argon2.h)
if test $ac_cv_header_argon2_h = yes ; then
AC_CHECK_LIB(argon2, argon2i_hash_encoded,
[have_argon2=yes], [have_argon2=no],
[-largon2])
fi
if test "$have_argon2" = "yes" ; then
ol_with_argon2=libargon2
ol_link_argon2=yes
AC_DEFINE(HAVE_LIBARGON2, 1,
[define if you have libargon2])
ARGON2_LIBS="-largon2"
fi
fi
if test $ol_with_argon2 = libsodium || test $ol_with_argon2 = auto; then
AC_CHECK_HEADERS(sodium.h)
if test $ac_cv_header_sodium_h = yes ; then
AC_CHECK_LIB(sodium, crypto_pwhash_str_alg,
[have_argon2=yes], [have_argon2=no],
[-lsodium])
fi
if test "$have_argon2" = "yes" ; then
ol_with_argon2=libsodium
ol_link_argon2=yes
AC_DEFINE(HAVE_LIBSODIUM, 1,
[define if you have libsodium])
ARGON2_LIBS="-lsodium"
fi
fi
if test "$ol_link_argon2" = no ; then
AC_MSG_ERROR([--enable_argon2=$ol_enable_argon2 requires --with-argon2])
fi
BUILD_PW_ARGON2=$ol_enable_argon2
if test "$ol_enable_argon2" = "yes" ; then
SLAPD_DYNAMIC_PWMODS="$SLAPD_DYNAMIC_PWDMODS argon2.la"
fi
AC_DEFINE_UNQUOTED(SLAPD_PWMOD_PW_ARGON2,$SLAPD_MOD_DYNAMIC,[define for Argon2 Password hashing module])
fi
if test "$ol_enable_balancer" != no \
-a "$ol_with_threads" != no \
-a "$have_libevent" = yes ; then
......@@ -3059,6 +3126,8 @@ dnl overlays
AC_SUBST(BUILD_UNIQUE)
AC_SUBST(BUILD_VALSORT)
AC_SUBST(BUILD_BALANCER)
dnl pwmods
AC_SUBST(BUILD_PW_ARGON2)
AC_SUBST(LDAP_LIBS)
AC_SUBST(CLIENT_LIBS)
......@@ -3079,6 +3148,7 @@ AC_SUBST(SLAPD_STATIC_BACKENDS)
AC_SUBST(SLAPD_DYNAMIC_BACKENDS)
AC_SUBST(SLAPD_STATIC_OVERLAYS)
AC_SUBST(SLAPD_DYNAMIC_OVERLAYS)
AC_SUBST(SLAPD_DYNAMIC_PWMODS)
AC_SUBST(PERL_CPPFLAGS)
AC_SUBST(SLAPD_PERL_LDFLAGS)
......@@ -3093,6 +3163,7 @@ AC_SUBST(MODULES_LIBS)
AC_SUBST(SLAPI_LIBS)
AC_SUBST(LIBSLAPI)
AC_SUBST(AUTH_LIBS)
AC_SUBST(ARGON2_LIBS)
AC_SUBST(SLAPD_SLP_LIBS)
AC_SUBST(SLAPD_GMP_LIBS)
......@@ -3152,6 +3223,7 @@ AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
[servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk]
[servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk]
[servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk]
[servers/slapd/pwmods/Makefile:build/top.mk:servers/slapd/pwmods/Makefile.in:build/lib.mk]
[servers/lloadd/Makefile:build/top.mk:servers/lloadd/Makefile.in]
[servers/lloadd/Makefile.server:servers/lloadd/Makefile_server.in:build/srv.mk]
[servers/lloadd/Makefile.module:servers/lloadd/Makefile_module.in:build/mod.mk]
......
# $OpenLDAP$
LDAP_SRC = ../../../..
LDAP_BUILD = ../../../..
LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
$(LDAP_BUILD)/libraries/liblber/liblber.la
LIBTOOL = $(LDAP_BUILD)/libtool
INSTALL = /usr/bin/install
CC = gcc
OPT = -g -O2 -Wall
#DEFS = -DSLAPD_ARGON2_DEBUG
INCS = $(LDAP_INC)
LIBS = $(LDAP_LIB)
implementation = sodium
ifeq ($(implementation),argon2)
LIBS += -largon2
DEFS += -DSLAPD_ARGON2_USE_ARGON2
else ifeq ($(implementation),sodium)
LIBS += -lsodium
DEFS += -DSLAPD_ARGON2_USE_SODIUM
else
$(error Unsupported implementation $(implementation))
endif
PROGRAMS = pw-argon2.la
MANPAGES = slapd-pw-argon2.5
LTVER = 0:0:0
prefix=/usr/local
exec_prefix=$(prefix)
ldap_subdir=/openldap
libdir=$(exec_prefix)/lib
libexecdir=$(exec_prefix)/libexec
moduledir = $(libexecdir)$(ldap_subdir)
mandir = $(exec_prefix)/share/man
man5dir = $(mandir)/man5
.SUFFIXES: .c .o .lo
.c.lo:
$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
all: $(PROGRAMS)
pw-argon2.la: pw-argon2.lo
$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
-rpath $(moduledir) -module -o $@ $? $(LIBS)
clean:
rm -rf *.o *.lo *.la .libs
install: install-lib install-man FORCE
install-lib: $(PROGRAMS)
mkdir -p $(DESTDIR)$(moduledir)
for p in $(PROGRAMS) ; do \
$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
done
install-man: $(MANPAGES)
mkdir -p $(DESTDIR)$(man5dir)
$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
FORCE:
......@@ -3,18 +3,18 @@
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slapd-pw-argon2 \- Argon2 password module to slapd
slapm-argon2 \- Argon2 password module to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.RS
.LP
.B moduleload pw-argon2
.B moduleload argon2
.RI [ <parameters> ]
.RE
.SH DESCRIPTION
.LP
The
.B pw-argon2
.B argon2
module to
.BR slapd (8)
provides support for the use of the key derivation function Argon2,
......@@ -27,7 +27,7 @@ for use in slapd.
.SH CONFIGURATION
The
.B pw-argon2
.B argon2
module does not need any configuration,
but it can be configured by giving the following parameters:
.TP
......@@ -72,11 +72,11 @@ The relevant option/value is:
.RS
.LP
.B \-o
.BR module\-load = pw-argon2
.BR module\-load = argon2
.LP
.RE
Depending on
.BR pw-argon2 's
.BR argon2 's
location, you may also need:
.RS
.LP
......
......@@ -15,7 +15,7 @@
SLAPTOOLS=slapadd slapcat slapdn slapindex slapmodify slappasswd slaptest slapauth slapacl slapschema
PROGRAMS=slapd $(SLAPTOOLS)
XPROGRAMS=sslapd libbackends.a .backend liboverlays.a
XPROGRAMS=sslapd libbackends.a .backend liboverlays.a libpwmods.a
XSRCS=version.c
SUBDIRS=back-* shell-backends slapi overlays
......@@ -63,7 +63,7 @@ LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
LDAP_LIBDIR= ../../libraries
SLAP_DIR=
SLAPD_STATIC_DEPENDS=@SLAPD_NO_STATIC@ libbackends.a liboverlays.a
SLAPD_STATIC_DEPENDS=@SLAPD_NO_STATIC@ libbackends.a liboverlays.a libpwmods.a
SLAPD_STATIC_BACKENDS=@SLAPD_STATIC_BACKENDS@
SLAPD_DYNAMIC_BACKENDS=@SLAPD_DYNAMIC_BACKENDS@
......@@ -154,7 +154,7 @@ SLAPD_OBJECTS = $(@PLAT@_SLAPD_OBJECTS)
# Thus, we do the best we can by depending on version.o, which depends
# on its own very long list of dependencies.
#
slapd.def: libbackends.a liboverlays.a version.o
slapd.def: libbackends.a liboverlays.a libpwmods.a version.o
@for i in XX $(LDFLAGS) ; do \
path=`expr "$$i" : "-L\(.*\)"`; \
if test $$? != 0; then continue; fi; \
......@@ -280,6 +280,9 @@ dummy $(SLAPD_DYNAMIC_BACKENDS): slapd
dynamic_overlays: slapd
cd overlays && $(MAKE) $(MFLAGS) dynamic
dynamic_pwmods: slapd
cd pwmods && $(MAKE) $(MFLAGS) dynamic
#
# In Windows, dynamic backends have to be built after slapd. For this
# reason, we only build static backends now and dynamic backends later.
......@@ -324,6 +327,9 @@ libbackends.a: .backend
liboverlays.a: FORCE
cd overlays && $(MAKE) $(MFLAGS) static
libpwmods.a: FORCE
cd pwmods && $(MAKE) $(MFLAGS) static
version.c: Makefile
@-$(RM) $@
$(MKVERSION) -s -n Versionstr slapd > $@
......@@ -382,7 +388,7 @@ install-slapd: FORCE
fi; \
done
all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays
all-cffiles: slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays dynamic_pwmods
@if test $(PLAT) = NT; then \
sysconfdir=`cygpath -w $(sysconfdir) | \
$(SED) -e 's/\\\\/\\\\\\\\\\\\\\\\/g'`; \
......
# Makefile.in for overlays
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2003-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
SRCS = argon2.c
LTONLY_MOD = $(LTONLY_mod)
LDAP_INCDIR= ../../../include
LDAP_LIBDIR= ../../../libraries
MOD_DEFS = -DSLAPD_IMPORT
shared_LDAP_LIBS = $(LDAP_LIBLDAP_LA) $(LDAP_LIBLBER_LA)
NT_LINK_LIBS = -L.. -lslapd $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
UNIX_LINK_LIBS = $(@BUILD_LIBS_DYNAMIC@_LDAP_LIBS)
LIBRARY = ../libpwmods.a
PROGRAMS = @SLAPD_DYNAMIC_PWMODS@
XINCPATH = -I.. -I$(srcdir)/..
XDEFS = $(MODULES_CPPFLAGS)
static: $(LIBRARY)
dynamic: $(PROGRAMS)
argon2.la : argon2.lo
$(LTLINK_MOD) -module -o $@ argon2.lo version.lo $(LINK_LIBS) $(MODULES_LIBS) $(ARGON2_LIBS)
install-local: $(PROGRAMS)
@if test -n "$?" ; then \
$(MKDIR) $(DESTDIR)$(moduledir); \
$(LTINSTALL) $(INSTALLFLAGS) -m 755 $? $(DESTDIR)$(moduledir);\
fi
MKDEPFLAG = -l
.SUFFIXES: .c .o .lo
.c.lo:
$(LTCOMPILE_MOD) $<
$(LIBRARY): $(OBJS) version.lo
$(AR) rs $@ $(OBJS)
# Must fixup depends for non-libtool objects
depend-local: depend-common
@if test -n "$(OBJS)"; then \
OBJ2=`echo $(OBJS) $(OBJDEP) | $(SED) -e 's/\.o//g'`; \
SCR=''; for i in $$OBJ2; do SCR="$$SCR -e s/^$$i.lo:/$$i.o:/"; done; \
mv Makefile Makefile.bak; $(SED) $$SCR Makefile.bak > Makefile && \
$(RM) Makefile.bak; fi
Argon2 OpenLDAP support
----------------------
pw-argon2.c provides support for ARGON2 hashed passwords in OpenLDAP. For
argon2.c provides support for ARGON2 hashed passwords in OpenLDAP. For
instance, one could have the LDAP attribute:
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
......@@ -22,13 +22,13 @@ For initial testing you might also want to edit DEFS to define
SLAPD_ARGON2_DEBUG, which enables logging to stderr (don't leave this on
in production, as it prints passwords in cleartext).
2) Run 'make' to produce pw-argon2.so
2) Run 'make' to produce argon2.so
3) Copy pw-argon2.so somewhere permanent.
3) Copy argon2.so somewhere permanent.
4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
moduleload ...path/to/pw-argon2.so
moduleload ...path/to/argon2.so
5) Restart slapd.
......
/* pw-argon2.c - Password module for argon2 */
/* argon2.c - Password module for argon2 */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
......@@ -15,6 +15,7 @@
*/
#include "portable.h"
#ifdef SLAPD_PWMOD_PW_ARGON2
#include "ac/string.h"
#include "lber_pvt.h"
#include "lutil.h"
......@@ -22,7 +23,7 @@
#include <stdint.h>
#include <stdlib.h>
#ifdef SLAPD_ARGON2_USE_ARGON2
#ifdef HAVE_LIBARGON2
#include <argon2.h>
/*
......@@ -35,7 +36,7 @@
#define SLAPD_ARGON2_SALT_LENGTH 16
#define SLAPD_ARGON2_HASH_LENGTH 32
#else /* !SLAPD_ARGON2_USE_ARGON2 */
#else /* !HAVE_LIBARGON2 */
#include <sodium.h>
/*
......@@ -71,7 +72,7 @@ slapd_argon2_hash(
char *p;
int rc = LUTIL_PASSWD_ERR;
#ifdef SLAPD_ARGON2_USE_ARGON2
#ifdef HAVE_LIBARGON2
struct berval salt;
size_t encoded_length;
......@@ -114,7 +115,7 @@ slapd_argon2_hash(
hash->bv_len = scheme->bv_len + encoded_length;
ber_memfree( salt.bv_val );
#else /* !SLAPD_ARGON2_USE_ARGON2 */
#else /* !HAVE_LIBARGON2 */
/* Not exposed by libsodium
salt_length = SLAPD_ARGON2_SALT_LENGTH;
hash_length = SLAPD_ARGON2_HASH_LENGTH;
......@@ -153,7 +154,7 @@ slapd_argon2_verify(
{
int rc = LUTIL_PASSWD_ERR;
#ifdef SLAPD_ARGON2_USE_ARGON2
#ifdef HAVE_LIBARGON2
if ( strncmp( passwd->bv_val, "$argon2i$", STRLENOF("$argon2i$") ) == 0 ) {
rc = argon2i_verify( passwd->bv_val, cred->bv_val, cred->bv_len );
} else if ( strncmp( passwd->bv_val, "$argon2d$", STRLENOF("$argon2d$") ) == 0 ) {
......@@ -161,7 +162,7 @@ slapd_argon2_verify(
} else if ( strncmp( passwd->bv_val, "$argon2id$", STRLENOF("$argon2id$") ) == 0 ) {
rc = argon2id_verify( passwd->bv_val, cred->bv_val, cred->bv_len );
}
#else /* !SLAPD_ARGON2_USE_ARGON2 */
#else /* !HAVE_LIBARGON2 */
rc = crypto_pwhash_str_verify( passwd->bv_val, cred->bv_val, cred->bv_len );
#endif
......@@ -175,7 +176,7 @@ int init_module( int argc, char *argv[] )
{
int i;
#ifndef SLAPD_ARGON2_USE_ARGON2
#ifdef HAVE_LIBSODIUM
if ( sodium_init() == -1 ) {
return -1;
}
......@@ -218,3 +219,4 @@ int init_module( int argc, char *argv[] )
return lutil_passwd_add( (struct berval *)&slapd_argon2_scheme,
slapd_argon2_verify, slapd_argon2_hash );
}
#endif /* SLAPD_OVER_PW_ARGON2 */
......@@ -27,3 +27,11 @@ objectclass: person
cn: ssha
sn: ssha
userpassword: secret
dn: cn=argon2,dc=example,dc=com
objectclass: person
cn: argon2
sn: argon2
userPassword:: e0FSR09OMn0kYXJnb24yaSR2PTE5JG09NDA5Nix0PTMscD0xJHZTc1orVnZjM
UhoZzc0WFNrdVZLOFEkd1B2UUc0blFMS2xaSkRGU0tna2k0L2NYejNLT2lOYXpwL2VDWkFWOFlt
Zw==
......@@ -41,6 +41,7 @@ AC_sql=sql@BUILD_SQL@
# overlays
AC_accesslog=accesslog@BUILD_ACCESSLOG@
AC_argon2=argon2@BUILD_PW_ARGON2@
AC_autoca=autoca@BUILD_AUTOCA@
AC_constraint=constraint@BUILD_CONSTRAINT@
AC_dds=dds@BUILD_DDS@
......@@ -76,7 +77,7 @@ if test "${AC_asyncmeta}" = "asyncmetamod" && test "${AC_LIBS_DYNAMIC}" = "stati
AC_meta="asyncmetano"
fi
export AC_ldap AC_mdb AC_meta AC_asyncmeta AC_monitor AC_null AC_perl AC_relay AC_sql \
AC_accesslog AC_autoca AC_constraint AC_dds AC_dynlist AC_memberof \
AC_accesslog AC_argon2 AC_autoca AC_constraint AC_dds AC_dynlist AC_memberof \
AC_pcache AC_ppolicy AC_refint AC_remoteauth \
AC_retcode AC_rwm AC_unique AC_syncprov AC_translucent \
AC_valsort \
......
......@@ -29,6 +29,7 @@ BACKSQL=${AC_sql-sqlno}
# overlays
ACCESSLOG=${AC_accesslog-accesslogno}
ARGON2=${AC_argon2-argon2no}
AUTOCA=${AC_autoca-autocano}
CONSTRAINT=${AC_constraint-constraintno}
DDS=${AC_dds-ddsno}
......
#!/bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo "running defines.sh"
. $SRCDIR/scripts/defines.sh
if test $ARGON2 = argon2no; then
echo "argon2 overlay not available, test skipped"
exit 0
fi
USERDN="cn=argon2,$BASEDN"
CONFDIR=$TESTDIR/slapd.d
mkdir -p $TESTDIR $CONFDIR $DBDIR1
$SLAPPASSWD -g -n >$CONFIGPWF
cat > $TESTDIR/config.ldif <<EOF
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: $TESTDIR/slapd.args
olcPidFile: $TESTDIR/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file://$TESTWD/schema/core.ldif
include: file://$TESTWD/schema/cosine.ldif
include: file://$TESTWD/schema/inetorgperson.ldif
EOF
if [ "$BACKENDTYPE" = mod ]; then
cat >> $TESTDIR/config.ldif <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/back-$BACKEND
olcModuleLoad: back_$BACKEND.la
EOF
fi
if [ "$ARGON2" = argon2yes ]; then
cat >> $TESTDIR/config.ldif <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: $TESTWD/../servers/slapd/pwmods
olcModuleLoad: argon2.la
EOF
fi
cat >> $TESTDIR/config.ldif <<EOF
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcPasswordHash: {ARGON2}
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootPW:< file://$CONFIGPWF
dn: olcDatabase={1}$BACKEND,cn=config
objectClass: olcDatabaseConfig
objectClass: olc${BACKEND}Config
olcDatabase: $BACKEND
olcSuffix: $BASEDN
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
olcDbDirectory: $TESTDIR/db.1.a
EOF
if [ "$INDEXDB" = indexdb ]; then
cat >> $TESTDIR/config.ldif <<EOF
olcDbIndex: objectClass eq,pres