This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch 389-ds-base-1.3.7
in repository 389-ds-base.
commit 9b1ad54801eaf77b97fc3ce6131133213a57465c
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Mon Apr 23 10:20:44 2018 -0400
Ticket 49649 - Use reentrant crypt_r()
Bug Description: We were previously using crypt() which is not
thread safe and reuired a lock. Using pwdhash cli
tool caused a crash because the lock was not created
when invoked by the cli.
Fix Description: Use crypt_r() instead which does not require any locking.
https://pagure.io/389-ds-base/issue/49649
Reviewed by: Simon(Thanks!)
(cherry picked from commit 530a2db1776fca545436cbac2987f6b86f6c7048)
---
ldap/servers/plugins/pwdstorage/crypt_pwd.c | 36 +++++++---------------------
ldap/servers/plugins/pwdstorage/pwd_init.c | 8 -------
ldap/servers/plugins/pwdstorage/pwdstorage.h | 2 --
3 files changed, 8 insertions(+), 38 deletions(-)
diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
index 3bd2265..7089247 100644
--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
@@ -31,8 +31,6 @@
#include "pwdstorage.h"
-static PRLock *cryptlock = NULL; /* Some implementations of crypt are not thread safe.
ie. ours & Irix */
-
/* characters used in crypt encoding */
static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
@@ -44,38 +42,20 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
int
-crypt_start(Slapi_PBlock *pb __attribute__((unused)))
-{
- if (!cryptlock) {
- cryptlock = PR_NewLock();
- }
- return 0;
-}
-
-int
-crypt_close(Slapi_PBlock *pb __attribute__((unused)))
-{
- if (cryptlock) {
- PR_DestroyLock(cryptlock);
- cryptlock = NULL;
- }
- return 0;
-}
-
-int
crypt_pw_cmp(const char *userpwd, const char *dbpwd)
{
int rc;
char *cp;
- PR_Lock(cryptlock);
- /* we use salt (first 2 chars) of encoded password in call to crypt() */
- cp = crypt(userpwd, dbpwd);
+ struct crypt_data data;
+ data.initialized = 0;
+
+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
+ cp = crypt_r(userpwd, dbpwd, &data);
if (cp) {
rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
} else {
rc = -1;
}
- PR_Unlock(cryptlock);
return rc;
}
@@ -88,6 +68,8 @@ crypt_pw_enc_by_hash(const char *pwd, int hash_algo)
char *enc = NULL;
long v;
static unsigned int seed = 0;
+ struct crypt_data data;
+ data.initialized = 0;
if (seed == 0) {
seed = (unsigned int)slapi_rand();
@@ -113,12 +95,10 @@ crypt_pw_enc_by_hash(const char *pwd, int hash_algo)
algo_salt = strdup(salt);
}
- PR_Lock(cryptlock);
- cry = crypt(pwd, algo_salt);
+ cry = crypt_r(pwd, algo_salt, &data);
if (cry != NULL) {
enc = slapi_ch_smprintf("%c%s%c%s", PWD_HASH_PREFIX_START,
CRYPT_SCHEME_NAME, PWD_HASH_PREFIX_END, cry);
}
- PR_Unlock(cryptlock);
slapi_ch_free_string(&algo_salt);
return (enc);
diff --git a/ldap/servers/plugins/pwdstorage/pwd_init.c
b/ldap/servers/plugins/pwdstorage/pwd_init.c
index afa10f1..8efe4d6 100644
--- a/ldap/servers/plugins/pwdstorage/pwd_init.c
+++ b/ldap/servers/plugins/pwdstorage/pwd_init.c
@@ -245,8 +245,6 @@ crypt_pwd_storage_scheme_init(Slapi_PBlock *pb)
(void *)SLAPI_PLUGIN_VERSION_01);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void *)&crypt_pdesc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)&crypt_start);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)&crypt_close);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN,
(void *)crypt_pw_enc);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
@@ -269,8 +267,6 @@ crypt_md5_pwd_storage_scheme_init(Slapi_PBlock *pb)
(void *)SLAPI_PLUGIN_VERSION_01);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void *)&crypt_md5_pdesc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)&crypt_start);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)&crypt_close);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN,
(void *)crypt_pw_md5_enc);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
@@ -293,8 +289,6 @@ crypt_sha256_pwd_storage_scheme_init(Slapi_PBlock *pb)
(void *)SLAPI_PLUGIN_VERSION_01);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void *)&crypt_sha256_pdesc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)&crypt_start);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)&crypt_close);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN,
(void *)crypt_pw_sha256_enc);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
@@ -317,8 +311,6 @@ crypt_sha512_pwd_storage_scheme_init(Slapi_PBlock *pb)
(void *)SLAPI_PLUGIN_VERSION_01);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION,
(void *)&crypt_sha512_pdesc);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN, (void *)&crypt_start);
- rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN, (void *)&crypt_close);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_ENC_FN,
(void *)crypt_pw_sha512_enc);
rc |= slapi_pblock_set(pb, SLAPI_PLUGIN_PWD_STORAGE_SCHEME_CMP_FN,
diff --git a/ldap/servers/plugins/pwdstorage/pwdstorage.h
b/ldap/servers/plugins/pwdstorage/pwdstorage.h
index f495349..7b46bb9 100644
--- a/ldap/servers/plugins/pwdstorage/pwdstorage.h
+++ b/ldap/servers/plugins/pwdstorage/pwdstorage.h
@@ -74,8 +74,6 @@ char *sha512_pw_enc(const char *pwd);
char *salted_sha512_pw_enc(const char *pwd);
int clear_pw_cmp(const char *userpwd, const char *dbpwd);
char *clear_pw_enc(const char *pwd);
-int crypt_start(Slapi_PBlock *pb);
-int crypt_close(Slapi_PBlock *pb);
int crypt_pw_cmp(const char *userpwd, const char *dbpwd);
char *crypt_pw_enc(const char *pwd);
char *crypt_pw_md5_enc(const char *pwd);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.