MEDIUM: auth/threads: make use of crypt_r() on systems supporting it

On systems where crypt_r() is available, prefer it over a locked crypt().
This improves performance especially on very slow crypto algorithms.

diff --git a/Makefile b/Makefile
index 2d1798402ec5794f13f05e58c3265a3b3da287e8..a008df6bd69e16dcca88b5c044721b3e2f7f4f4e 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -293,6 +293,7 @@ ifeq ($(TARGET),linux24)
   USE_NETFILTER   = implicit
   USE_POLL        = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_DL          = implicit
   USE_RT          = implicit
@@ -304,6 +305,7 @@ ifeq ($(TARGET),linux24e)
   USE_EPOLL       = implicit
   USE_MY_EPOLL    = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_DL          = implicit
   USE_RT          = implicit
@@ -314,6 +316,7 @@ ifeq ($(TARGET),linux26)
   USE_POLL        = implicit
   USE_EPOLL       = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_FUTEX       = implicit
   USE_DL          = implicit
@@ -325,6 +328,7 @@ ifeq ($(TARGET),linux2628)
   USE_POLL        = implicit
   USE_EPOLL       = implicit
   USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
   USE_LIBCRYPT    = implicit
   USE_LINUX_SPLICE= implicit
   USE_LINUX_TPROXY= implicit

diff --git a/src/auth.c b/src/auth.c
index 599a3abbc1a028d6919f9bc4ca7b53906040c016..2f9cc4fb43c96d60a075eb81fb04a907db5c5e80 100644 (file)
--- a/src/auth.c
+++ b/src/auth.c
@@ -39,8 +39,14 @@
 struct userlist *userlist = NULL;    /* list of all existing userlists */
 
 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+/* context for crypt_r() */
+static THREAD_LOCAL struct crypt_data crypt_data = { .initialized = 0 };
+#else
+/* lock for crypt() */
 __decl_hathreads(static HA_SPINLOCK_T auth_lock);
 #endif
+#endif
 
 /* find targets for selected gropus. The function returns pointer to
  * the userlist struct ot NULL if name is NULL/empty or unresolvable.
@@ -250,9 +256,13 @@ check_user(struct userlist *ul, const char *user, const char *pass)
 
        if (!(u->flags & AU_O_INSECURE)) {
 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+               ep = crypt_r(pass, u->pass, &crypt_data);
+#else
                HA_SPIN_LOCK(AUTH_LOCK, &auth_lock);
                ep = crypt(pass, u->pass);
                HA_SPIN_UNLOCK(AUTH_LOCK, &auth_lock);
+#endif
 #else
                return 0;
 #endif