MEDIUM: auth/threads: make use of crypt_r() on systems supporting it

On systems where crypt_r() is available, prefer it over a locked crypt(). This improves performance especially on very slow crypto algorithms.
2018-10-29 19:16:27 +01:00 · 2018-10-29 19:16:27 +01:00 · 943e7ec025
commit 943e7ec025
parent 4698adf68f
2 changed files with 14 additions and 0 deletions
--- a/4
+++ b/4
@ -293,6 +293,7 @@ ifeq ($(TARGET),linux24)
  USE_NETFILTER   = implicit
  USE_POLL        = implicit
  USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
  USE_LIBCRYPT    = implicit
  USE_DL          = implicit
  USE_RT          = implicit
@ -304,6 +305,7 @@ ifeq ($(TARGET),linux24e)
  USE_EPOLL       = implicit
  USE_MY_EPOLL    = implicit
  USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
  USE_LIBCRYPT    = implicit
  USE_DL          = implicit
  USE_RT          = implicit
@ -314,6 +316,7 @@ ifeq ($(TARGET),linux26)
  USE_POLL        = implicit
  USE_EPOLL       = implicit
  USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
  USE_LIBCRYPT    = implicit
  USE_FUTEX       = implicit
  USE_DL          = implicit
@ -325,6 +328,7 @@ ifeq ($(TARGET),linux2628)
  USE_POLL        = implicit
  USE_EPOLL       = implicit
  USE_TPROXY      = implicit
+  USE_CRYPT_H     = implicit
  USE_LIBCRYPT    = implicit
  USE_LINUX_SPLICE= implicit
  USE_LINUX_TPROXY= implicit
--- a/src/auth.c
+++ b/src/auth.c
@ -39,8 +39,14 @@
 struct userlist *userlist = NULL;    /* list of all existing userlists */

 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+/* context for crypt_r() */
+static THREAD_LOCAL struct crypt_data crypt_data = { .initialized = 0 };
+#else
+/* lock for crypt() */
 __decl_hathreads(static HA_SPINLOCK_T auth_lock);
 #endif
+#endif

 /* find targets for selected gropus. The function returns pointer to
 * the userlist struct ot NULL if name is NULL/empty or unresolvable.
@ -250,9 +256,13 @@ check_user(struct userlist *ul, const char *user, const char *pass)

 	if (!(u->flags & AU_O_INSECURE)) {
 #ifdef CONFIG_HAP_CRYPT
+#ifdef HA_HAVE_CRYPT_R
+		ep = crypt_r(pass, u->pass, &crypt_data);
+#else
 		HA_SPIN_LOCK(AUTH_LOCK, &auth_lock);
 		ep = crypt(pass, u->pass);
 		HA_SPIN_UNLOCK(AUTH_LOCK, &auth_lock);
+#endif
 #else
 		return 0;
 #endif