[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8719) slapd_crypt() become slow when many ldap cliant connections occur.
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8719) slapd_crypt() become slow when many ldap cliant connections occur.
- From: hyc@symas.com
- Date: Wed, 30 Aug 2017 10:26:42 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
yos-nishino@ys.jp.nec.com wrote:
> Full_Name: Yoshinori Nishino
> Version: 2.4.45
> OS: CentOS 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (210.143.35.20)
>
>
> Dear sir,
>
> The function slapd_crypt() in servers/slapd/passwd.c seems to become slow when
> many ldap client connections occur.
> It seems it is because the function uses crypt()(non thread-safe function) and
> pthread_mutex_lock(), which results in the slowdown.
> #Besides, we need to use {CRYPT} hash as users' password hash.
>
> So, I modified servers/slapd/passwd.c like the following.
> As a result, slapd_crypt() becomes much faster under the same condition.
> Would you let me know whether or not the fix is appropriate for slapd?
No it is not an appropriate fix.
You should add an autoconf test to check for the existence of the crypt_r
function, and use an #ifdef here based on the result of that test, since
crypt_r is a non-standard function.
>
> =====
> static int slapd_crypt( const char *key, const char *salt, char **hash )
> {
> char *cr;
> int rc;
> struct crypt_data *data;
>
> data = (struct crypt_data *)calloc(1, sizeof(struct crypt_data));
> /* ldap_pvt_thread_mutex_lock( &passwd_mutex ); */
>
> /* cr = crypt( key, salt ); */
> cr = crypt_r( key, salt, data );
> if ( cr == NULL || cr[0] == '\0' ) {
> /* salt must have been invalid */
> rc = LUTIL_PASSWD_ERR;
> } else {
> if ( hash ) {
> ldap_pvt_thread_mutex_lock( &passwd_mutex );
> *hash = ber_strdup( cr );
> ldap_pvt_thread_mutex_unlock( &passwd_mutex );
> rc = LUTIL_PASSWD_OK;
>
> } else {
> rc = strcmp( salt, cr ) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
> }
> }
>
> free(data);
> /* ldap_pvt_thread_mutex_unlock( &passwd_mutex ); */
> return rc;
> }
>
> ====
>
> # "#define __USE_GNU" is also required to build slapd.
>
>
> Best Regards,
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/