Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
orbea -
OpenLDAP
Commits
c7763538
Commit
c7763538
authored
Mar 01, 2021
by
Quanah Gibson-Mount
Browse files
ITS#9453 - Make pw argon2 official
parent
535e2795
Changes
13
Hide whitespace changes
Inline
Side-by-side
.gitlab-ci.yml
View file @
c7763538
...
...
@@ -23,7 +23,7 @@ build-openssl-heimdal-lloadd:
stage
:
build
script
:
-
apt update
-
DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev heimdal-multidev libssl-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev heimdal-kdc libsasl2-modules-gssapi-heimdal sasl2-bin libevent-dev
-
DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev heimdal-multidev libssl-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev heimdal-kdc libsasl2-modules-gssapi-heimdal sasl2-bin libevent-dev
libargon2-dev
-
autoreconf
-
./configure --enable-backends=mod --enable-overlays=mod --enable-modules --enable-dynamic --disable-ndb --enable-balancer=mod
-
make depend
...
...
@@ -41,7 +41,7 @@ build-gnutls-mit-standalone-lloadd:
stage
:
build
script
:
-
apt update
-
DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev krb5-user krb5-kdc krb5-admin-server libsasl2-modules-gssapi-mit sasl2-bin libgnutls28-dev libevent-dev
-
DEBIAN_FRONTEND=noninteractive apt install -y build-essential python3 gdb procps pkg-config automake libsasl2-dev libltdl-dev groff-base unixodbc-dev libwiredtiger-dev libperl-dev krb5-user krb5-kdc krb5-admin-server libsasl2-modules-gssapi-mit sasl2-bin libgnutls28-dev libevent-dev
libargon2-dev
-
autoreconf
-
./configure --enable-backends=mod --enable-overlays=mod --disable-autoca --enable-modules --enable-dynamic --disable-ndb --enable-balancer=yes
-
make depend
...
...
build/top.mk
View file @
c7763538
...
...
@@ -191,6 +191,7 @@ AC_LIBS = @LIBS@
SASL_LIBS
=
@SASL_LIBS@
TLS_LIBS
=
@TLS_LIBS@
AUTH_LIBS
=
@AUTH_LIBS@
ARGON2_LIBS
=
@ARGON2_LIBS@
SECURITY_LIBS
=
$(SASL_LIBS)
$(TLS_LIBS)
$(AUTH_LIBS)
MODULES_CPPFLAGS
=
@SLAPD_MODULES_CPPFLAGS@
...
...
configure.ac
View file @
c7763538
...
...
@@ -363,6 +363,8 @@ Overlays="accesslog \
unique \
valsort"
Pwmods="argon2"
AC_ARG_ENABLE(xxslapoverlays,[
SLAPD Overlay Options:])
...
...
@@ -413,6 +415,16 @@ OL_ARG_ENABLE(unique, [AS_HELP_STRING([--enable-unique], [Attribute Uniqueness o
OL_ARG_ENABLE(valsort, [AS_HELP_STRING([--enable-valsort], [Value Sorting overlay])],
no, [no yes mod], ol_enable_overlays)
dnl ----------------------------------------------------------------
dnl PASSWORD MODULE OPTIONS
AC_ARG_ENABLE(pwmodoptions,[
SLAPD Password Module Options:])
OL_ARG_ENABLE(argon2, [AS_HELP_STRING([--enable-argon2], [Argon2 password hashing module])],
no, [no yes], ol_enable_pwmodules)
OL_ARG_WITH(argon2,
[AS_HELP_STRING([--with-argon2], [with argon2 support library auto|libsodum|libargon2])],
auto, [auto libsodium libargon2 yes no] )
dnl ----------------------------------------------------------------
dnl BALANCER OPTIONS
AC_ARG_ENABLE(balanceroptions,[
...
...
@@ -442,7 +454,7 @@ if test $ol_enable_slapd = no ; then
fi
done
for i in $Backends $Overlays; do
for i in $Backends $Overlays
$Pwmods
; do
eval "ol_tmp=\$ol_enable_$i"
if test $ol_tmp != no ; then
AC_MSG_WARN([slapd disabled, ignoring --enable-$i argument])
...
...
@@ -467,6 +479,13 @@ else
fi
done
for i in $Pwmods; do
eval "ol_tmp=\$ol_enable_$i"
if test -n "$ol_tmp" && test "$ol_tmp" = yes ; then
AC_MSG_ERROR([--enable-$i=yes requires --enable-modules])
fi
done
ol_any_backend=no
for i in $Backends; do
eval "ol_tmp=\$ol_enable_$i"
...
...
@@ -582,9 +601,13 @@ BUILD_TRANSLUCENT=no
BUILD_UNIQUE=no
BUILD_VALSORT=no
BUILD_PW_ARGON2=no
SLAPD_STATIC_OVERLAYS=
SLAPD_DYNAMIC_OVERLAYS=
SLAPD_DYNAMIC_PWMODS=
SLAPD_MODULES_LDFLAGS=
SLAPD_MODULES_CPPFLAGS=
...
...
@@ -2971,6 +2994,50 @@ if test "$ol_enable_valsort" != no ; then
AC_DEFINE_UNQUOTED(SLAPD_OVER_VALSORT,$MFLAG,[define for Value Sorting overlay])
fi
ol_link_argon2=no
if test "$ol_enable_argon2" = "yes" ; then
if test $ol_with_argon2 = libargon2 || test $ol_with_argon2 = auto; then
AC_CHECK_HEADERS(argon2.h)
if test $ac_cv_header_argon2_h = yes ; then
AC_CHECK_LIB(argon2, argon2i_hash_encoded,
[have_argon2=yes], [have_argon2=no],
[-largon2])
fi
if test "$have_argon2" = "yes" ; then
ol_with_argon2=libargon2
ol_link_argon2=yes
AC_DEFINE(HAVE_LIBARGON2, 1,
[define if you have libargon2])
ARGON2_LIBS="-largon2"
fi
fi
if test $ol_with_argon2 = libsodium || test $ol_with_argon2 = auto; then
AC_CHECK_HEADERS(sodium.h)
if test $ac_cv_header_sodium_h = yes ; then
AC_CHECK_LIB(sodium, crypto_pwhash_str_alg,
[have_argon2=yes], [have_argon2=no],
[-lsodium])
fi
if test "$have_argon2" = "yes" ; then
ol_with_argon2=libsodium
ol_link_argon2=yes
AC_DEFINE(HAVE_LIBSODIUM, 1,
[define if you have libsodium])
ARGON2_LIBS="-lsodium"
fi
fi
if test "$ol_link_argon2" = no ; then
AC_MSG_ERROR([--enable_argon2=$ol_enable_argon2 requires --with-argon2])
fi
BUILD_PW_ARGON2=$ol_enable_argon2
if test "$ol_enable_argon2" = "yes" ; then
SLAPD_DYNAMIC_PWMODS="$SLAPD_DYNAMIC_PWDMODS argon2.la"
fi
AC_DEFINE_UNQUOTED(SLAPD_PWMOD_PW_ARGON2,$SLAPD_MOD_DYNAMIC,[define for Argon2 Password hashing module])
fi
if test "$ol_enable_balancer" != no \
-a "$ol_with_threads" != no \
-a "$have_libevent" = yes ; then
...
...
@@ -3057,6 +3124,8 @@ dnl overlays
AC_SUBST(BUILD_UNIQUE)
AC_SUBST(BUILD_VALSORT)
AC_SUBST(BUILD_BALANCER)
dnl pwmods
AC_SUBST(BUILD_PW_ARGON2)
AC_SUBST(LDAP_LIBS)
AC_SUBST(CLIENT_LIBS)
...
...
@@ -3077,6 +3146,7 @@ AC_SUBST(SLAPD_STATIC_BACKENDS)
AC_SUBST(SLAPD_DYNAMIC_BACKENDS)
AC_SUBST(SLAPD_STATIC_OVERLAYS)
AC_SUBST(SLAPD_DYNAMIC_OVERLAYS)
AC_SUBST(SLAPD_DYNAMIC_PWMODS)
AC_SUBST(PERL_CPPFLAGS)
AC_SUBST(SLAPD_PERL_LDFLAGS)
...
...
@@ -3089,6 +3159,7 @@ AC_SUBST(MODULES_LIBS)
AC_SUBST(SLAPI_LIBS)
AC_SUBST(LIBSLAPI)
AC_SUBST(AUTH_LIBS)
AC_SUBST(ARGON2_LIBS)
AC_SUBST(SLAPD_SLP_LIBS)
AC_SUBST(SLAPD_GMP_LIBS)
...
...
@@ -3148,6 +3219,7 @@ AC_CONFIG_FILES([Makefile:build/top.mk:Makefile.in:build/dir.mk]
[servers/slapd/shell-backends/Makefile:build/top.mk:servers/slapd/shell-backends/Makefile.in:build/srv.mk]
[servers/slapd/slapi/Makefile:build/top.mk:servers/slapd/slapi/Makefile.in:build/lib.mk:build/lib-shared.mk]
[servers/slapd/overlays/Makefile:build/top.mk:servers/slapd/overlays/Makefile.in:build/lib.mk]
[servers/slapd/pwmods/Makefile:build/top.mk:servers/slapd/pwmods/Makefile.in:build/lib.mk]
[servers/lloadd/Makefile:build/top.mk:servers/lloadd/Makefile.in]
[servers/lloadd/Makefile.server:servers/lloadd/Makefile_server.in:build/srv.mk]
[servers/lloadd/Makefile.module:servers/lloadd/Makefile_module.in:build/mod.mk]
...
...
contrib/slapd-modules/passwd/argon2/Makefile
deleted
100644 → 0
View file @
535e2795
# $OpenLDAP$
LDAP_SRC
=
../../../..
LDAP_BUILD
=
../../../..
LDAP_INC
=
-I
$(LDAP_BUILD)
/include
-I
$(LDAP_SRC)
/include
-I
$(LDAP_SRC)
/servers/slapd
LDAP_LIB
=
$(LDAP_BUILD)
/libraries/libldap/libldap.la
\
$(LDAP_BUILD)
/libraries/liblber/liblber.la
LIBTOOL
=
$(LDAP_BUILD)
/libtool
INSTALL
=
/usr/bin/install
CC
=
gcc
OPT
=
-g
-O2
-Wall
#DEFS = -DSLAPD_ARGON2_DEBUG
INCS
=
$(LDAP_INC)
LIBS
=
$(LDAP_LIB)
implementation
=
sodium
ifeq
($(implementation),argon2)
LIBS
+=
-largon2
DEFS
+=
-DSLAPD_ARGON2_USE_ARGON2
else
ifeq
($(implementation),sodium)
LIBS
+=
-lsodium
DEFS
+=
-DSLAPD_ARGON2_USE_SODIUM
else
$(error
Unsupported
implementation
$(implementation))
endif
PROGRAMS
=
pw-argon2.la
MANPAGES
=
slapd-pw-argon2.5
LTVER
=
0:0:0
prefix
=
/usr/local
exec_prefix
=
$(prefix)
ldap_subdir
=
/openldap
libdir
=
$(exec_prefix)
/lib
libexecdir
=
$(exec_prefix)
/libexec
moduledir
=
$(libexecdir)$(ldap_subdir)
mandir
=
$(exec_prefix)
/share/man
man5dir
=
$(mandir)
/man5
.SUFFIXES
:
.c .o .lo
.c.lo
:
$(LIBTOOL)
--mode
=
compile
$(CC)
$(OPT)
$(DEFS)
$(INCS)
-c
$<
all
:
$(PROGRAMS)
pw-argon2.la
:
pw-argon2.lo
$(LIBTOOL)
--mode
=
link
$(CC)
$(OPT)
-version-info
$(LTVER)
\
-rpath
$(moduledir)
-module
-o
$@
$?
$(LIBS)
clean
:
rm
-rf
*
.o
*
.lo
*
.la .libs
install
:
install-lib install-man FORCE
install-lib
:
$(PROGRAMS)
mkdir
-p
$(DESTDIR)$(moduledir)
for
p
in
$(PROGRAMS)
;
do
\
$(LIBTOOL)
--mode
=
install cp
$$
p
$(DESTDIR)$(moduledir)
;
\
done
install-man
:
$(MANPAGES)
mkdir
-p
$(DESTDIR)$(man5dir)
$(INSTALL)
-m
644
$(MANPAGES)
$(DESTDIR)$(man5dir)
FORCE
:
contrib/slapd-modules/passwd/argon2
/slap
d-
pw-argon2.5
→
doc/man/man5
/slappw-argon2.5
View file @
c7763538
.TH SLAP
D-
PW-ARGON2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.TH SLAPPW-ARGON2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
.\" Copyright 2020-2021 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.\" $OpenLDAP$
.SH NAME
slap
d-
pw-argon2 \- Argon2 password module to slapd
slappw
\
-argon2 \- Argon2 password module to slapd
.SH SYNOPSIS
ETCDIR/slapd.conf
.RS
.LP
.B moduleload
pw-
argon2
.B moduleload argon2
.RI [ <parameters> ]
.RE
.SH DESCRIPTION
.LP
The
.B
pw-
argon2
.B argon2
module to
.BR slapd (8)
provides support for the use of the key derivation function Argon2,
...
...
@@ -27,7 +27,7 @@ for use in slapd.
.SH CONFIGURATION
The
.B
pw-
argon2
.B argon2
module does not need any configuration,
but it can be configured by giving the following parameters:
.TP
...
...
@@ -72,11 +72,11 @@ The relevant option/value is:
.RS
.LP
.B \-o
.BR module\-load =
pw-
argon2
.BR module\-load = argon2
.LP
.RE
Depending on
.BR
pw-
argon2 's
.BR argon2 's
location, you may also need:
.RS
.LP
...
...
servers/slapd/Makefile.in
View file @
c7763538
...
...
@@ -280,6 +280,9 @@ dummy $(SLAPD_DYNAMIC_BACKENDS): slapd
dynamic_overlays
:
slapd
cd
overlays
&&
$(MAKE)
$(MFLAGS)
dynamic
dynamic_pwmods
:
slapd
cd
pwmods
&&
$(MAKE)
$(MFLAGS)
dynamic
#
# In Windows, dynamic backends have to be built after slapd. For this
# reason, we only build static backends now and dynamic backends later.
...
...
@@ -382,7 +385,7 @@ install-slapd: FORCE
fi
;
\
done
all-cffiles
:
slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays
all-cffiles
:
slapd $(SLAPD_DYNAMIC_BACKENDS) dynamic_overlays
dynamic_pwmods
@
if
test
$(PLAT)
=
NT
;
then
\
sysconfdir
=
`
cygpath
-w
$(sysconfdir)
|
\
$(SED)
-e
's/\\\\/\\\\\\\\\\\\\\\\/g'
`
;
\
...
...
servers/slapd/pwmods/Makefile.in
0 → 100644
View file @
c7763538
# Makefile.in for overlays
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2003-2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
SRCS
=
argon2.c
LTONLY_MOD
=
$(LTONLY_mod)
LDAP_INCDIR
=
../../../include
LDAP_LIBDIR
=
../../../libraries
MOD_DEFS
=
-DSLAPD_IMPORT
shared_LDAP_LIBS
=
$(LDAP_LIBLDAP_LA)
$(LDAP_LIBLBER_LA)
NT_LINK_LIBS
=
-L
..
-lslapd
$
(
@BUILD_LIBS_DYNAMIC@_LDAP_LIBS
)
UNIX_LINK_LIBS
=
$
(
@BUILD_LIBS_DYNAMIC@_LDAP_LIBS
)
LIBRARY
=
dummyvalue
PROGRAMS
=
@SLAPD_DYNAMIC_PWMODS@
XINCPATH
=
-I
..
-I
$(srcdir)
/..
XDEFS
=
$(MODULES_CPPFLAGS)
dynamic
:
$(PROGRAMS)
argon2.la
:
argon2.lo version.lo
$(LTLINK_MOD)
-module
-o
$@
argon2.lo version.lo
$(ARGON2_LIBS)
$(LINK_LIBS)
$(MODULES_LIBS)
install-local
:
$(PROGRAMS)
@
if
test
-n
"
$?
"
;
then
\
$(MKDIR)
$(DESTDIR)$(moduledir)
;
\
$(LTINSTALL)
$(INSTALLFLAGS)
-m
755
$?
$(DESTDIR)$(moduledir)
;
\
fi
MKDEPFLAG
=
-l
.SUFFIXES
:
.c .o .lo
.c.lo
:
$(LTCOMPILE_MOD)
$<
# Must fixup depends for non-libtool objects
depend-local
:
depend-common
@
if
test
-n
"
$(OBJS)
"
;
then
\
OBJ2
=
`
echo
$(OBJS)
$(OBJDEP)
|
$(SED)
-e
's/\.o//g'
`
;
\
SCR
=
''
;
for
i
in
$$
OBJ2
;
do
SCR
=
"
$$
SCR -e s/^
$$
i.lo:/
$$
i.o:/"
;
done
;
\
mv
Makefile Makefile.bak
;
$(SED)
$$
SCR Makefile.bak
>
Makefile
&&
\
$(RM)
Makefile.bak
;
fi
contrib/slapd-modules/passwd/argon2/README
→
servers/slapd/pwmods/README.argon2
View file @
c7763538
Argon2 OpenLDAP support
----------------------
pw-
argon2.c provides support for ARGON2 hashed passwords in OpenLDAP. For
argon2.c provides support for ARGON2 hashed passwords in OpenLDAP. For
instance, one could have the LDAP attribute:
userPassword: {ARGON2}$argon2i$v=19$m=4096,t=3,p=1$c2FsdHNhbHQ$DKlexoEJUoZTmkAAC3SaMWk30El9/RvVhlqGo6afIng
...
...
@@ -22,13 +22,13 @@ For initial testing you might also want to edit DEFS to define
SLAPD_ARGON2_DEBUG, which enables logging to stderr (don't leave this on
in production, as it prints passwords in cleartext).
2) Run 'make' to produce
pw-
argon2.so
2) Run 'make' to produce argon2.so
3) Copy
pw-
argon2.so somewhere permanent.
3) Copy argon2.so somewhere permanent.
4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
moduleload ...path/to/
pw-
argon2.so
moduleload ...path/to/argon2.so
5) Restart slapd.
...
...
contrib/slapd-modules/passwd/argon2/pw-
argon2.c
→
servers/slapd/pwmods/
argon2.c
View file @
c7763538
/*
pw-
argon2.c - Password module for argon2 */
/* argon2.c - Password module for argon2 */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
...
...
@@ -15,6 +15,7 @@
*/
#include
"portable.h"
#ifdef SLAPD_PWMOD_PW_ARGON2
#include
"ac/string.h"
#include
"lber_pvt.h"
#include
"lutil.h"
...
...
@@ -22,7 +23,7 @@
#include
<stdint.h>
#include
<stdlib.h>
#ifdef
SLAPD_ARGON2_USE_
ARGON2
#ifdef
HAVE_LIB
ARGON2
#include
<argon2.h>
/*
...
...
@@ -35,7 +36,7 @@
#define SLAPD_ARGON2_SALT_LENGTH 16
#define SLAPD_ARGON2_HASH_LENGTH 32
#else
/* !
SLAPD_ARGON2_USE_
ARGON2 */
#else
/* !
HAVE_LIB
ARGON2 */
#include
<sodium.h>
/*
...
...
@@ -71,7 +72,7 @@ slapd_argon2_hash(
char
*
p
;
int
rc
=
LUTIL_PASSWD_ERR
;
#ifdef
SLAPD_ARGON2_USE_
ARGON2
#ifdef
HAVE_LIB
ARGON2
struct
berval
salt
;
size_t
encoded_length
;
...
...
@@ -114,7 +115,7 @@ slapd_argon2_hash(
hash
->
bv_len
=
scheme
->
bv_len
+
encoded_length
;
ber_memfree
(
salt
.
bv_val
);
#else
/* !
SLAPD_ARGON2_USE_
ARGON2 */
#else
/* !
HAVE_LIB
ARGON2 */
/* Not exposed by libsodium
salt_length = SLAPD_ARGON2_SALT_LENGTH;
hash_length = SLAPD_ARGON2_HASH_LENGTH;
...
...
@@ -153,7 +154,7 @@ slapd_argon2_verify(
{
int
rc
=
LUTIL_PASSWD_ERR
;
#ifdef
SLAPD_ARGON2_USE_
ARGON2
#ifdef
HAVE_LIB
ARGON2
if
(
strncmp
(
passwd
->
bv_val
,
"$argon2i$"
,
STRLENOF
(
"$argon2i$"
)
)
==
0
)
{
rc
=
argon2i_verify
(
passwd
->
bv_val
,
cred
->
bv_val
,
cred
->
bv_len
);
}
else
if
(
strncmp
(
passwd
->
bv_val
,
"$argon2d$"
,
STRLENOF
(
"$argon2d$"
)
)
==
0
)
{
...
...
@@ -161,7 +162,7 @@ slapd_argon2_verify(
}
else
if
(
strncmp
(
passwd
->
bv_val
,
"$argon2id$"
,
STRLENOF
(
"$argon2id$"
)
)
==
0
)
{
rc
=
argon2id_verify
(
passwd
->
bv_val
,
cred
->
bv_val
,
cred
->
bv_len
);
}
#else
/* !
SLAPD_ARGON2_USE_
ARGON2 */
#else
/* !
HAVE_LIB
ARGON2 */
rc
=
crypto_pwhash_str_verify
(
passwd
->
bv_val
,
cred
->
bv_val
,
cred
->
bv_len
);
#endif
...
...
@@ -175,7 +176,7 @@ int init_module( int argc, char *argv[] )
{
int
i
;
#if
n
def
SLAPD_ARGON2_USE_ARGON2
#ifdef
HAVE_LIBSODIUM
if
(
sodium_init
()
==
-
1
)
{
return
-
1
;
}
...
...
@@ -218,3 +219,4 @@ int init_module( int argc, char *argv[] )
return
lutil_passwd_add
(
(
struct
berval
*
)
&
slapd_argon2_scheme
,
slapd_argon2_verify
,
slapd_argon2_hash
);
}
#endif
/* SLAPD_OVER_PW_ARGON2 */
tests/data/passwd.ldif
View file @
c7763538
...
...
@@ -27,3 +27,11 @@ objectclass: person
cn: ssha
sn: ssha
userpassword: secret
dn: cn=argon2,dc=example,dc=com
objectclass: person
cn: argon2
sn: argon2
userPassword:: e0FSR09OMn0kYXJnb24yaSR2PTE5JG09NDA5Nix0PTMscD0xJHZTc1orVnZjM
UhoZzc0WFNrdVZLOFEkd1B2UUc0blFMS2xaSkRGU0tna2k0L2NYejNLT2lOYXpwL2VDWkFWOFlt
Zw==
tests/run.in
View file @
c7763538
...
...
@@ -41,6 +41,7 @@ AC_sql=sql@BUILD_SQL@
# overlays
AC_accesslog
=
accesslog@BUILD_ACCESSLOG@
AC_argon2
=
argon2@BUILD_PW_ARGON2@
AC_autoca
=
autoca@BUILD_AUTOCA@
AC_constraint
=
constraint@BUILD_CONSTRAINT@
AC_dds
=
dds@BUILD_DDS@
...
...
@@ -76,7 +77,7 @@ if test "${AC_asyncmeta}" = "asyncmetamod" && test "${AC_LIBS_DYNAMIC}" = "stati
AC_meta
=
"asyncmetano"
fi
export
AC_ldap AC_mdb AC_meta AC_asyncmeta AC_monitor AC_null AC_perl AC_relay AC_sql
\
AC_accesslog AC_autoca AC_constraint AC_dds AC_dynlist AC_memberof
\
AC_accesslog
AC_argon2
AC_autoca AC_constraint AC_dds AC_dynlist AC_memberof
\
AC_pcache AC_ppolicy AC_refint AC_remoteauth
\
AC_retcode AC_rwm AC_unique AC_syncprov AC_translucent
\
AC_valsort
\
...
...
tests/scripts/defines.sh
View file @
c7763538
...
...
@@ -29,6 +29,7 @@ BACKSQL=${AC_sql-sqlno}
# overlays
ACCESSLOG
=
${
AC_accesslog
-accesslogno
}
ARGON2
=
${
AC_argon2
-argon2no
}
AUTOCA
=
${
AC_autoca
-autocano
}
CONSTRAINT
=
${
AC_constraint
-constraintno
}
DDS
=
${
AC_dds
-ddsno
}
...
...
tests/scripts/test083-argon2
0 → 100755
View file @
c7763538
#!/bin/sh
# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 2021 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
echo
"running defines.sh"
.
$SRCDIR
/scripts/defines.sh
if
test
$ARGON2
=
argon2no
;
then
echo
"argon2 overlay not available, test skipped"
exit
0
fi
USERDN
=
"cn=argon2,
$BASEDN
"
CONFDIR
=
$TESTDIR
/slapd.d
mkdir
-p
$TESTDIR
$CONFDIR
$DBDIR1
$SLAPPASSWD
-g
-n
>
$CONFIGPWF
cat
>
$TESTDIR
/config.ldif
<<
EOF
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile:
$TESTDIR
/slapd.args
olcPidFile:
$TESTDIR
/slapd.pid
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
include: file://
$TESTWD
/schema/core.ldif
include: file://
$TESTWD
/schema/cosine.ldif
include: file://
$TESTWD
/schema/inetorgperson.ldif
EOF
if
[
"
$BACKENDTYPE
"
=
mod
]
;
then
cat
>>
$TESTDIR
/config.ldif
<<
EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath:
$TESTWD
/../servers/slapd/back-
$BACKEND
olcModuleLoad: back_
$BACKEND
.la
EOF
fi
if
[
"
$ARGON2
"
=
argon2yes
]
;
then
cat
>>
$TESTDIR
/config.ldif
<<
EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath:
$TESTWD
/../servers/slapd/pwmods
olcModuleLoad: argon2.la
EOF
fi
cat
>>
$TESTDIR
/config.ldif
<<
EOF
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcPasswordHash: {ARGON2}
dn: olcDatabase=config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: config
olcRootPW:< file://
$CONFIGPWF
dn: olcDatabase={1}
$BACKEND
,cn=config
objectClass: olcDatabaseConfig
objectClass: olc
${
BACKEND
}
Config
olcDatabase:
$BACKEND
olcSuffix:
$BASEDN
olcRootDN:
$MANAGERDN
olcRootPW:
$PASSWD
olcDbDirectory:
$TESTDIR
/db.1.a
EOF
if
[
"
$INDEXDB
"
=
indexdb
]
;
then
cat
>>
$TESTDIR
/config.ldif
<<
EOF
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
EOF
fi
$SLAPADD
-F
$CONFDIR
-n
0
-l
$TESTDIR
/config.ldif
echo
"Starting slapd on TCP/IP port
$PORT1
..."
$SLAPD
-F
$CONFDIR
-h
$URI1
-d
$LVL
>
$LOG1
2>&1 &
PID
=
$!
if
test
$WAIT
!=
0
;
then
echo
PID
$PID
read
foo
fi
KILLPIDS
=
"
$PID
"
sleep
1
echo
"Using ldapsearch to check that slapd is running..."
for
i
in
0 1 2 3 4 5
;
do
$LDAPSEARCH
-s
base
-b
"
$MONITOR
"
-H
$URI1
\
'objectclass=*'
>
/dev/null 2>&1
RC
=
$?
if
test
$RC
=
0
;
then
break
fi
echo
"Waiting 5 seconds for slapd to start..."
sleep
5
done
if
test
$RC
!=
0
;
then
echo
"ldapsearch failed (
$RC
)!"
test
$KILLSERVERS
!=
no
&&
kill
-HUP
$KILLPIDS
exit
$RC
fi
echo
"Adding basic structure..."
$LDAPADD
-D
"
$MANAGERDN
"
-H
$URI1
-w
$PASSWD
-f
$LDIFPASSWD
>
/dev/null 2>&1