From afa861bf22bbf49a93149bd25a01a0171b30ca93 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Wed, 6 Sep 2017 21:25:16 +0100
Subject: [PATCH] ITS#8719 add crypt_r() support

---
 configure.in           |  6 ++++++
 include/portable.hin   |  3 +++
 servers/slapd/passwd.c | 31 ++++++++++++++++++++++++++++++-
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/configure.in b/configure.in
index 5bb2c11910..0c0d990e82 100644
--- a/configure.in
+++ b/configure.in
@@ -2242,10 +2242,16 @@ if test $ol_enable_crypt != no ; then
 		AC_CHECK_LIB(crypt, crypt, [LUTIL_LIBS="$LUTIL_LIBS -lcrypt"
 			have_crypt=yes], [have_crypt=no])])
 
+	LIBS="$TLS_LIBS $LIBS"
+	AC_CHECK_LIB(crypt, crypt_r, [have_crypt_r=yes], [have_crypt_r=no])
+
 	LIBS="$save_LIBS"
 
 	if test $have_crypt = yes ; then
 		AC_DEFINE(HAVE_CRYPT,1, [define if crypt(3) is available])
+		if test $have_crypt_r = yes ; then
+			AC_DEFINE(HAVE_CRYPT_R, 1, [define if crypt_r() is also available])
+		fi
 	else
 		AC_MSG_WARN([could not find crypt])
 		if test $ol_enable_crypt = yes ; then
diff --git a/include/portable.hin b/include/portable.hin
index 9e0f83edfb..d6a1230a2b 100644
--- a/include/portable.hin
+++ b/include/portable.hin
@@ -117,6 +117,9 @@
 /* define if crypt(3) is available */
 #undef HAVE_CRYPT
 
+/* define if crypt_r(3) is available */
+#undef HAVE_CRYPT_R
+
 /* Define to 1 if you have the <crypt.h> header file. */
 #undef HAVE_CRYPT_H
 
diff --git a/servers/slapd/passwd.c b/servers/slapd/passwd.c
index 4e69ccab15..2e636b310b 100644
--- a/servers/slapd/passwd.c
+++ b/servers/slapd/passwd.c
@@ -23,8 +23,11 @@
 #include <ac/unistd.h>
 
 #ifdef SLAPD_CRYPT
+#ifdef HAVE_CRYPT_R
+#define __USE_GNU
+#endif /* HAVE_CRYPT_R */
 #include <ac/crypt.h>
-#endif
+#endif /* SLAPD_CRYPT */
 
 #include "slap.h"
 
@@ -590,6 +593,30 @@ slap_passwd_hash(
 static ldap_pvt_thread_mutex_t passwd_mutex;
 static lutil_cryptfunc slapd_crypt;
 
+#ifdef HAVE_CRYPT_R
+static int slapd_crypt( const char *key, const char *salt, char **hash )
+{
+	char *cr;
+	int rc;
+	struct crypt_data data;
+
+	data.initialized = 0;
+	cr = crypt_r( key, salt, &data );
+	if ( cr == NULL || cr[0] == '\0' ) {
+		/* salt must have been invalid */
+		rc = LUTIL_PASSWD_ERR;
+	} else {
+		if ( hash ) {
+			*hash = ber_strdup( cr );
+			rc = LUTIL_PASSWD_OK;
+		} else {
+			rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+		}
+	}
+
+    return rc;
+}
+#else
 static int slapd_crypt( const char *key, const char *salt, char **hash )
 {
 	char *cr;
@@ -614,6 +641,8 @@ static int slapd_crypt( const char *key, const char *salt, char **hash )
 	ldap_pvt_thread_mutex_unlock( &passwd_mutex );
 	return rc;
 }
+#endif /* HAVE_CRYPT_R */
+
 #endif /* SLAPD_CRYPT */
 
 void slap_passwd_init()
-- 
2.39.5