From afa861bf22bbf49a93149bd25a01a0171b30ca93 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Wed, 6 Sep 2017 21:25:16 +0100 Subject: [PATCH] ITS#8719 add crypt_r() support --- configure.in | 6 ++++++ include/portable.hin | 3 +++ servers/slapd/passwd.c | 31 ++++++++++++++++++++++++++++++- 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 5bb2c11910..0c0d990e82 100644 --- a/configure.in +++ b/configure.in @@ -2242,10 +2242,16 @@ if test $ol_enable_crypt != no ; then AC_CHECK_LIB(crypt, crypt, [LUTIL_LIBS="$LUTIL_LIBS -lcrypt" have_crypt=yes], [have_crypt=no])]) + LIBS="$TLS_LIBS $LIBS" + AC_CHECK_LIB(crypt, crypt_r, [have_crypt_r=yes], [have_crypt_r=no]) + LIBS="$save_LIBS" if test $have_crypt = yes ; then AC_DEFINE(HAVE_CRYPT,1, [define if crypt(3) is available]) + if test $have_crypt_r = yes ; then + AC_DEFINE(HAVE_CRYPT_R, 1, [define if crypt_r() is also available]) + fi else AC_MSG_WARN([could not find crypt]) if test $ol_enable_crypt = yes ; then diff --git a/include/portable.hin b/include/portable.hin index 9e0f83edfb..d6a1230a2b 100644 --- a/include/portable.hin +++ b/include/portable.hin @@ -117,6 +117,9 @@ /* define if crypt(3) is available */ #undef HAVE_CRYPT +/* define if crypt_r(3) is available */ +#undef HAVE_CRYPT_R + /* Define to 1 if you have the header file. */ #undef HAVE_CRYPT_H diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c index 4e69ccab15..2e636b310b 100644 --- a/servers/slapd/passwd.c +++ b/servers/slapd/passwd.c @@ -23,8 +23,11 @@ #include #ifdef SLAPD_CRYPT +#ifdef HAVE_CRYPT_R +#define __USE_GNU +#endif /* HAVE_CRYPT_R */ #include -#endif +#endif /* SLAPD_CRYPT */ #include "slap.h" @@ -590,6 +593,30 @@ slap_passwd_hash( static ldap_pvt_thread_mutex_t passwd_mutex; static lutil_cryptfunc slapd_crypt; +#ifdef HAVE_CRYPT_R +static int slapd_crypt( const char *key, const char *salt, char **hash ) +{ + char *cr; + int rc; + struct crypt_data data; + + data.initialized = 0; + cr = crypt_r( key, salt, &data ); + if ( cr == NULL || cr[0] == '\0' ) { + /* salt must have been invalid */ + rc = LUTIL_PASSWD_ERR; + } else { + if ( hash ) { + *hash = ber_strdup( cr ); + rc = LUTIL_PASSWD_OK; + } else { + rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK; + } + } + + return rc; +} +#else static int slapd_crypt( const char *key, const char *salt, char **hash ) { char *cr; @@ -614,6 +641,8 @@ static int slapd_crypt( const char *key, const char *salt, char **hash ) ldap_pvt_thread_mutex_unlock( &passwd_mutex ); return rc; } +#endif /* HAVE_CRYPT_R */ + #endif /* SLAPD_CRYPT */ void slap_passwd_init() -- 2.39.5