(ITS#8719) slapd_crypt() become slow when many ldap cliant connections occur.

[yos-nishino@ys.jp.nec.com]

Full_Name: Yoshinori Nishino
Version: 2.4.45
OS: CentOS 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (210.143.35.20)


Dear sir,

The function slapd_crypt() in servers/slapd/passwd.c seems to become slow when
many ldap client connections occur.
It seems it is because the function uses crypt()(non thread-safe function) and
pthread_mutex_lock(), which results in the slowdown.
#Besides, we need to use {CRYPT} hash as users' password hash.  

So, I modified servers/slapd/passwd.c like the following.
As a result, slapd_crypt() becomes much faster under the same condition.
Would you let me know whether or not the fix is appropriate for slapd?

=====
static int slapd_crypt( const char *key, const char *salt, char **hash )
{
	char *cr;
	int rc;
        struct crypt_data *data;

        data = (struct crypt_data *)calloc(1, sizeof(struct crypt_data));
	/* ldap_pvt_thread_mutex_lock( &passwd_mutex ); */

	/* cr = crypt( key, salt ); */
	cr = crypt_r( key, salt, data );
	if ( cr == NULL || cr[0] == '\0' ) {
		/* salt must have been invalid */
		rc = LUTIL_PASSWD_ERR;
	} else {
		if ( hash ) {
			ldap_pvt_thread_mutex_lock( &passwd_mutex );
			*hash = ber_strdup( cr );
			ldap_pvt_thread_mutex_unlock( &passwd_mutex );
			rc = LUTIL_PASSWD_OK;

		} else {
			rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
		}
	}

        free(data);
	/* ldap_pvt_thread_mutex_unlock( &passwd_mutex ); */
	return rc;
}

====

# "#define __USE_GNU" is also required to build slapd.


Best Regards,