MEDIUM: config: warn if some userlist hashes are too slow

It was reported in GH #2956 and more recently in GH #3235 that some
hashes are way too slow. The former triggers watchdog warnings during
checks, the second sees the config parsing take 20 seconds. This is
always due to the use of hash algorithms that are not suitable for use
in low-latency environments like web. They might be fine for a local
auth though. The difficulty, as explained by Philipp Hossner, is that
developers are not aware of this cost and adopt this without suspecting
any side effect.

The proposal here is to measure the crypt() call time and emit a warning
if it takes more than 10ms (which is already extreme). This was tested
by Philipp and confirmed to catch his case.

This is marked medium as it might start to report warnings on config
suffering from this problem without ever detecting it till now.

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4cda0e1ab87ec6af7ef779138b26ad62718ad123..64d5ef543cecc200b7903898dfefd4c746e368de 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1538,12 +1538,22 @@ int cfg_parse_users_user(char **args, int section_type, struct proxy *curproxy,
        while (*args[cur_arg]) {
                if (strcmp(args[cur_arg], "password") == 0) {
 #ifdef USE_LIBCRYPT
+                       struct timeval tv_before, tv_after;
+                       ulong ms_elapsed;
+
+                       gettimeofday(&tv_before, NULL);
                        if (!crypt("", args[cur_arg + 1])) {
                                ha_alert("parsing [%s:%d]: the encrypted password used for user '%s' is not supported by crypt(3).\n",
                                         file, linenum, newuser->user);
                                err_code |= ERR_ALERT | ERR_FATAL;
                                goto out;
                        }
+                       gettimeofday(&tv_after, NULL);
+                       ms_elapsed = tv_ms_elapsed(&tv_before, &tv_after);
+                       if (ms_elapsed >= 10) {
+                               ha_warning("parsing [%s:%d]: the hash algorithm used for this password takes %lu milliseconds to verify, which can have devastating performance and stability impacts. Please hash this password using a lighter algorithm (one that is compatible with web usage).\n", file, linenum, ms_elapsed);
+                               err_code |= ERR_WARN;
+                       }
 #else
                        ha_warning("parsing [%s:%d]: no crypt(3) support compiled, encrypted passwords will not work.\n",
                                   file, linenum);