From: Gary Lockyer Date: Tue, 30 May 2017 22:35:25 +0000 (+1200) Subject: password_hash: conditional compilation for crypt_r X-Git-Tag: ldb-1.1.31~171 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9e9bff1f278ae7c2927cc3fa648f8ec8eb98b8c4;p=thirdparty%2Fsamba.git password_hash: conditional compilation for crypt_r Add check for crypt_r, and if absent fall back to crypt Signed-off-by: Gary Lockyer Reviewed-by: Volker Lendecke --- diff --git a/lib/replace/wscript b/lib/replace/wscript index f681d02af14..38627c0e309 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -466,6 +466,7 @@ removeea setea conf.DEFINE('HAVE_ROBUST_MUTEXES', 1) conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True) + conf.CHECK_FUNCS_IN('crypt_r', 'crypt', checklibc=True) conf.CHECK_VARIABLE('rl_event_hook', define='HAVE_DECL_RL_EVENT_HOOK', always=True, headers='readline.h readline/readline.h readline/history.h') diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6a1ae3b60e6..8e8dc2c3072 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1487,11 +1487,13 @@ static int setup_primary_userPassword_hash( const char *salt = NULL; /* Randomly generated salt */ const char *cmd = NULL; /* command passed to crypt */ const char *hash = NULL; /* password hash generated by crypt */ - struct crypt_data crypt_data; /* working storage used by crypt */ int algorithm = 0; /* crypt hash algorithm number */ int rounds = 0; /* The number of hash rounds */ DATA_BLOB *hash_blob = NULL; TALLOC_CTX *frame = talloc_stackframe(); +#ifdef HAVE_CRYPT_R + struct crypt_data crypt_data; /* working storage used by crypt */ +#endif /* Genrate a random password salt */ salt = generate_random_str_list(frame, @@ -1531,7 +1533,15 @@ static int setup_primary_userPassword_hash( * Relies on the assertion that cleartext_utf8->data is a zero * terminated UTF-8 string */ +#ifdef HAVE_CRYPT_R hash = crypt_r((char *)io->n.cleartext_utf8->data, cmd, &crypt_data); +#else + /* + * No crypt_r falling back to crypt, which is NOT thread safe + * Thread safety MT-Unsafe race:crypt + */ + hash = crypt((char *)io->n.cleartext_utf8->data, cmd); +#endif if (hash == NULL) { char buf[1024]; ldb_asprintf_errstring(