This change implements argon2, which won the Password Hashing
Competition (https://password-hashing.net/) as a contrib-module in order
to provide a modern password hashing alternative in openldap. The
currently available password hashing algorithms are relatively old, and
modern hardware, especially GPUs can compute quite a few (ranging from
tens of thousands to millions) of hashes per second. Argon2 was designed
to withstand such attacks.
This implementation uses the default work factors used in the argon2
command line client, but the resulting hashes are stored in a way that
would allow retroactive changes to these values, or even exposing them
as configuration in the module.
Update config.guess and config.sub from official upstream project at https://savannah.gnu.org/projects/config/
Specifically in this case, commit 5256817ace8493502ec88501a19e4051c2e220b0 for the date Wed Jan 1 19:36:58 2020 +1100
This commits deletes all references and code for back-bdb and back-hdb.
There is some follow up work still necessary to flush out the admin
guide for back-mdb.
Add matching rules for all cases where it was missing. Cleanup
incorrect types for a few attributes as well. Fix network-timeout
handling in back-ldap/meta/asyncmeta.
Add a manual page slapo-smbk5pwd.5 and update smbk5pwd's Makefile to
install the new manual page.
ITS#8205 - contrib/lastbind: install man page
Update lastbind's Makefile to install the manual page too.
ITS#8205 - contrib/passwd/sha2: add man page, install it too
Add a manual page slapd-pw-sha2.5 and update passwd/sha2's Makefile to
install the new manual page.
ITS#8205 - contrib/adremap: install man page
Update adremap's Makefile to install the manual page too.
ITS#8205 - contrib/allop: install man page
Update allop's Makefile to install the manual page too.
ITS#8205 - contrib/cloak: install man page
Update cloak's Makefile to install the manual page too.
ITS#8205 - contrib/lastmod: install man page
Update lastmod's Makefile to install the manual page too.
ITS#8205 - contrib/nops: install man page
Update nops's Makefile to install the manual page too.
ITS#8205 - contrib/nssov: install man page
Update nssov's Makefile to install the manual page too.
ITS#8205 - contrib/passwd: add man page slapd-pw-sha2.5, install it too
Add a manual page slapd-pw-radius.5 and update passwd's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/totp: add man page, install it too
Add a manual page slapo-totp.5 and update passwd/totp's Makefile to
install the new manual page.
ITS#8205 - contrib/passwd/pbkdf2: add man page, install it too
Add a manual page slapd-pw-pbkdf2.5 and update passwd/pbkdf2's Makefile to
install the new manual page.
OpenSSL removed old DES API which used des_* functions.
24956ca00f
In order to link with libcrypto from recent OpenSSL releases, we need
to replace the older API des_* functions by the newer API DES_* functions.
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
OpenLDAP can be configured to be either built with OpenSSL or
GnuTLS. This commit adds support for building pw-pbkbdf2 module
without OpenSSL, by using PBKDF2 crypto primitives provided by
libnettle.
Closeshamano/openldap-pbkdf2#2
Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>
Fixed asprintf return value check, in order to properly catch
error conditions. This has been caught by clang -Wtautological-compare:
pw-pbkdf2.c:132:17: warning: comparison of unsigned expression < 0 is always false
if(msg->bv_len < 0){
~~~~~~~~~~~ ^ ~
Signed-off-by: Luca Bruno <luca.bruno@rocket-internet.de>