From: Willy Tarreau <w@1wt.eu>
Date: Mon, 29 Oct 2018 18:16:27 +0000 (+0100)
Subject: MEDIUM: auth/threads: make use of crypt_r() on systems supporting it
X-Git-Tag: v1.9-dev6~38
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=943e7ec025633c06b98a2b15cb6279ada780cc4b;p=thirdparty%2Fhaproxy.git

MEDIUM: auth/threads: make use of crypt_r() on systems supporting it

On systems where crypt_r() is available, prefer it over a locked crypt().
This improves performance especially on very slow crypto algorithms.
---

diff --git a/Makefile b/Makefile
index 2d1798402e..a008df6bd6 100644
--- a/Makefile
+++ b/Makefile
@@ -293,6 +293,7 @@ ifeq ($(TARGET),linux24)
   USE_NETFILTER   = implicit
   USE_POLL        = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_DL          = implicit
   USE_RT          = implicit
@@ -304,6 +305,7 @@ ifeq ($(TARGET),linux24e)
   USE_EPOLL       = implicit
   USE_MY_EPOLL    = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_DL          = implicit
   USE_RT          = implicit
@@ -314,6 +316,7 @@ ifeq ($(TARGET),linux26)
   USE_POLL        = implicit
   USE_EPOLL       = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_FUTEX       = implicit
   USE_DL          = implicit
@@ -325,6 +328,7 @@ ifeq ($(TARGET),linux2628)
   USE_POLL        = implicit
   USE_EPOLL       = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_LINUX_SPLICE= implicit
   USE_LINUX_TPROXY= implicit
diff --git a/src/auth.c b/src/auth.c
index 599a3abbc1..2f9cc4fb43 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -39,8 +39,14 @@
 struct userlist *userlist = NULL;    /* list of all existing userlists */
 
 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+/* context for crypt_r() */
+static THREAD_LOCAL struct crypt_data crypt_data = { .initialized = 0 };
+#else
+/* lock for crypt() */
 __decl_hathreads(static HA_SPINLOCK_T auth_lock);
 #endif
+#endif
 
 /* find targets for selected gropus. The function returns pointer to
  * the userlist struct ot NULL if name is NULL/empty or unresolvable.
@@ -250,9 +256,13 @@ check_user(struct userlist *ul, const char *user, const char *pass)
 
 	if (!(u->flags & AU_O_INSECURE)) {
 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+		ep = crypt_r(pass, u->pass, &crypt_data);
+#else
 		HA_SPIN_LOCK(AUTH_LOCK, &auth_lock);
 		ep = crypt(pass, u->pass);
 		HA_SPIN_UNLOCK(AUTH_LOCK, &auth_lock);
+#endif
 #else
 		return 0;
 #endif