Full_Name: Yoshinori Nishino Version: 2.4.45 OS: CentOS 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (210.143.35.20)
Dear sir,
The function slapd_crypt() in servers/slapd/passwd.c seems to become slow when many ldap client connections occur. It seems it is because the function uses crypt()(non thread-safe function) and pthread_mutex_lock(), which results in the slowdown. #Besides, we need to use {CRYPT} hash as users' password hash.
So, I modified servers/slapd/passwd.c like the following. As a result, slapd_crypt() becomes much faster under the same condition. Would you let me know whether or not the fix is appropriate for slapd?
===== static int slapd_crypt( const char *key, const char *salt, char **hash ) { char *cr; int rc; struct crypt_data *data;
data = (struct crypt_data *)calloc(1, sizeof(struct crypt_data)); /* ldap_pvt_thread_mutex_lock( &passwd_mutex ); */
/* cr = crypt( key, salt ); */ cr = crypt_r( key, salt, data ); if ( cr == NULL || cr[0] == '\0' ) { /* salt must have been invalid */ rc = LUTIL_PASSWD_ERR; } else { if ( hash ) { ldap_pvt_thread_mutex_lock( &passwd_mutex ); *hash = ber_strdup( cr ); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); rc = LUTIL_PASSWD_OK;
} else { rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; } }
free(data); /* ldap_pvt_thread_mutex_unlock( &passwd_mutex ); */ return rc; }
====
# "#define __USE_GNU" is also required to build slapd.
Best Regards,