Full_Name: Yoshinori Nishino
Version: 2.4.45
OS: CentOS 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (210.143.35.20)
Dear sir,
The function slapd_crypt() in servers/slapd/passwd.c seems to become slow when
many ldap client connections occur.
It seems it is because the function uses crypt()(non thread-safe function) and
pthread_mutex_lock(), which results in the slowdown.
#Besides, we need to use {CRYPT} hash as users' password hash.
So, I modified servers/slapd/passwd.c like the following.
As a result, slapd_crypt() becomes much faster under the same condition.
Would you let me know whether or not the fix is appropriate for slapd?
=====
static int slapd_crypt( const char *key, const char *salt, char **hash )
{
char *cr;
int rc;
struct crypt_data *data;
data = (struct crypt_data *)calloc(1, sizeof(struct crypt_data));
/* ldap_pvt_thread_mutex_lock( &passwd_mutex ); */
/* cr = crypt( key, salt ); */
cr = crypt_r( key, salt, data );
if ( cr == NULL || cr[0] == '\0' ) {
/* salt must have been invalid */
rc = LUTIL_PASSWD_ERR;
} else {
if ( hash ) {
ldap_pvt_thread_mutex_lock( &passwd_mutex );
*hash = ber_strdup( cr );
ldap_pvt_thread_mutex_unlock( &passwd_mutex );
rc = LUTIL_PASSWD_OK;
} else {
rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR :
LUTIL_PASSWD_OK;
}
}
free(data);
/* ldap_pvt_thread_mutex_unlock( &passwd_mutex ); */
return rc;
}
====
# "#define __USE_GNU" is also required to build slapd.
Best Regards,
