Issue 6269 - RFE - Add nsslapd-pwdPBKDF2Rounds configuration to PBKDF2-* plugins#6447
Merged
droideck merged 3 commits into389ds:mainfrom Jan 8, 2025
Merged
Issue 6269 - RFE - Add nsslapd-pwdPBKDF2Rounds configuration to PBKDF2-* plugins#6447droideck merged 3 commits into389ds:mainfrom
droideck merged 3 commits into389ds:mainfrom
Conversation
droideck
added
the
work in progress
Firstyear
reviewed
Dec 12, 2024
Contributor
Firstyear
left a comment
Firstyear
left a comment
There was a problem hiding this comment.
Looks really good, nice to see you looking at the rust side :)
| const MAX_PBKDF2_ROUNDS: usize = 1_000_000; | ||
|
|
||
| const PBKDF2_ROUNDS_ATTR: &str = "nsslapd-pwdPBKDF2Rounds"; | ||
| static PBKDF2_ROUNDS: Lazy<RwLock<usize>> = Lazy::new(|| RwLock::new(DEFAULT_PBKDF2_ROUNDS)); |
Contributor
There was a problem hiding this comment.
Consider using https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html with Ordering::Relaxed
Member
Author
There was a problem hiding this comment.
I just realized we need to make the PBKDF2_ROUNDS a HashMap, as we might use different values in different schemes.
Do you know what the best option for our case is?
I found dashmap option Lazy<DashMap<MessageDigest, usize>> or we can make a RwLock HashMap like this RwLock<HashMap<MessageDigest, usize>>...
And I think there can be more...
Member
Author
There was a problem hiding this comment.
Okay, I tried a few approaches (even Rust's generics...), and I think the one in the last commit will work the best.
It's the simple AtomicUsize variables - one for each digest.
tbordaz
reviewed
Dec 12, 2024
Contributor
tbordaz
left a comment
tbordaz
left a comment
There was a problem hiding this comment.
C/template part of the patch LGTM. A minor question
tbordaz
reviewed
Dec 12, 2024
Contributor
tbordaz
left a comment
tbordaz
left a comment
There was a problem hiding this comment.
oppss forgot to add my questions ;)
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
3 times, most recently
from
d1025bd to
2f0db06
Compare
…2-* plugins Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This was password hashing round value can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Fixes: 389ds#6269 Reviewed by: ?
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
2f0db06 to
3603e54
Compare
Member
Author
|
Okay, it's ready for the final review! Design doc: 389ds/389ds.github.io#17 Please check! Thank you! |
droideck
removed
the
work in progress
progier389
reviewed
Dec 20, 2024
Member
Author
|
Changes are made, please, review |
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
6496b99 to
802fb91
Compare
tomato42
reviewed
Jan 2, 2025
tomato42
reviewed
Jan 2, 2025
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
d4ec94a to
9156f11
Compare
Firstyear
approved these changes
Jan 7, 2025
Contributor
Firstyear
left a comment
Firstyear
left a comment
There was a problem hiding this comment.
Yep, the changes to the rust code look good to me :)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in
PBKDF2-* password storage plugin entries. This was password hashing round value can be adjusted.
Certain compliance requirements (like from BSI) require specific hashing round values greater than
what we currently provide.
Fixes: #6269
Reviewed by: ?