yos-nishino@ys.jp.nec.com wrote:
Full_Name: Yoshinori Nishino Version: 2.4.45 OS: CentOS 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (210.143.35.20)
Dear sir,
The function slapd_crypt() in servers/slapd/passwd.c seems to become slow when many ldap client connections occur. It seems it is because the function uses crypt()(non thread-safe function) and pthread_mutex_lock(), which results in the slowdown. #Besides, we need to use {CRYPT} hash as users' password hash.
So, I modified servers/slapd/passwd.c like the following. As a result, slapd_crypt() becomes much faster under the same condition. Would you let me know whether or not the fix is appropriate for slapd?
No it is not an appropriate fix.
You should add an autoconf test to check for the existence of the crypt_r function, and use an #ifdef here based on the result of that test, since crypt_r is a non-standard function.
===== static int slapd_crypt( const char *key, const char *salt, char **hash ) { char *cr; int rc; struct crypt_data *data;
data = (struct crypt_data *)calloc(1, sizeof(struct crypt_data));/* ldap_pvt_thread_mutex_lock( &passwd_mutex ); */
/* cr = crypt( key, salt ); */ cr = crypt_r( key, salt, data ); if ( cr == NULL || cr[0] == '\0' ) { /* salt must have been invalid */ rc = LUTIL_PASSWD_ERR; } else { if ( hash ) { ldap_pvt_thread_mutex_lock( &passwd_mutex ); *hash = ber_strdup( cr ); ldap_pvt_thread_mutex_unlock( &passwd_mutex ); rc = LUTIL_PASSWD_OK;
} else { rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; }}
free(data);/* ldap_pvt_thread_mutex_unlock( &passwd_mutex ); */ return rc; }
====
# "#define __USE_GNU" is also required to build slapd.
Best Regards,