[mod_auth] use crypt_r instead of crypt if available

From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2986 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-12 06:39:39 +00:00 · 2015-02-12 06:39:39 +00:00 · c92496720d
parent 673923daf8
commit c92496720d
5 changed files with 36 additions and 12 deletions
--- a/1
+++ b/1
@ -16,6 +16,7 @@ NEWS
  * [connections] fix bug in connection state handling
  * print backtrace in assert logging with libunwind
  * major refactoring of internal buffer/chunk handling
+  * [mod_auth] use crypt_r instead of crypt if available

 - 1.4.35 - 2014-03-12
  * [network/ssl] fix build error if TLSEXT is disabled
--- a/configure.ac
+++ b/configure.ac
@ -528,19 +528,27 @@ if test "$WITH_LUA" != "no"; then
 AC_SUBST(LUA_LIBS)
 fi

+dnl search for crypt_r and (fallback) for crypt
 save_LIBS=$LIBS
-AC_SEARCH_LIBS(crypt,crypt,[
+LIBS=
+AC_SEARCH_LIBS([crypt_r],[crypt],[
+  AC_DEFINE([HAVE_CRYPT_R], [1], [crypt_r])
  AC_CHECK_HEADERS([crypt.h],[
-    AC_DEFINE([HAVE_CRYPT_H], [1])
+    AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
  ])

-  AC_DEFINE([HAVE_LIBCRYPT], [1], [libcrypt])
-  if test "$ac_cv_search_crypt" != no; then
-    test "$ac_cv_search_crypt" = "none required" || CRYPT_LIB="$ac_cv_search_crypt"
-  fi
+  CRYPT_LIB=$LIBS
+],[
+  AC_SEARCH_LIBS([crypt],[crypt],[
+    AC_CHECK_HEADERS([crypt.h],[
+      AC_DEFINE([HAVE_CRYPT_H], [1], [crypt.h])
+    ])
+
+    CRYPT_LIB=$LIBS
+  ])
 ])
 LIBS=$save_LIBS
-AC_SUBST(CRYPT_LIB)
+AC_SUBST([CRYPT_LIB])

 save_LIBS=$LIBS
 AC_SEARCH_LIBS(sendfilev,sendfile,[
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -96,11 +96,17 @@ CHECK_INCLUDE_FILES(syslog.h HAVE_SYSLOG_H)
 CHECK_INCLUDE_FILES(fastcgi.h HAVE_FASTCGI_H)
 CHECK_INCLUDE_FILES(fastcgi/fastcgi.h HAVE_FASTCGI_FASTCGI_H)

+# will be needed for auth
 CHECK_INCLUDE_FILES(crypt.h HAVE_CRYPT_H)
-IF(NOT HAVE_CRYPT)
-  ## check if we need libcrypt for crypt()
+# check if we need libcrypt for crypt_r()
+CHECK_LIBRARY_EXISTS(crypt crypt_r "" HAVE_LIBCRYPT_CRYPT_R)
+IF(HAVE_LIBCRYPT_CRYPT_R)
+  SET(HAVE_CRYPT_R 1 FORCE)
+  SET(HAVE_LIBCRYPT 1 FORCE)
+ELSE(HAVE_LIBCRYPT_CRYPT_R)
  CHECK_LIBRARY_EXISTS(crypt crypt "" HAVE_LIBCRYPT)
-ENDIF(NOT HAVE_CRYPT)
+ENDIF(HAVE_LIBCRYPT_CRYPT_R)
+CHECK_FUNCTION_EXISTS(crypt_r HAVE_CRYPT_R)

 CHECK_INCLUDE_FILES(sys/inotify.h HAVE_SYS_INOTIFY_H)
 IF(HAVE_SYS_INOTIFY_H)
--- a/src/config.h.cmake
+++ b/src/config.h.cmake
@ -115,7 +115,6 @@

 /* Functions */
 #cmakedefine  HAVE_CHROOT
-#cmakedefine  HAVE_CRYPT
 #cmakedefine  HAVE_EPOLL_CTL
 #cmakedefine  HAVE_FORK
 #cmakedefine  HAVE_GETRLIMIT
@ -150,6 +149,8 @@
 /* libcrypt */
 #cmakedefine  HAVE_CRYPT_H
 #cmakedefine  HAVE_LIBCRYPT
+#cmakedefine  HAVE_CRYPT
+#cmakedefine  HAVE_CRYPT_R

 /* fastcgi */
 #cmakedefine HAVE_FASTCGI_H
--- a/src/http_auth.c
+++ b/src/http_auth.c
@ -669,15 +669,23 @@ static int http_auth_basic_password_compare(server *srv, mod_auth_plugin_data *p
 			return (strcmp(sample, password->ptr) == 0) ? 0 : 1;
 #endif
 		} else {
-#ifdef HAVE_CRYPT
+#if defined(HAVE_CRYPT_R) || defined(HAVE_CRYPT)
 			char *crypted;
+#if defined(HAVE_CRYPT_R)
+			struct crypt_data crypt_tmp_data;
+			crypt_tmp_data.initialized = 0;
+#endif

 			/* a simple DES password is 2 + 11 characters. everything else should be longer. */
 			if (buffer_string_length(password) < 13) {
 				return -1;
 			}

+#if defined(HAVE_CRYPT_R)
+			if (0 == (crypted = crypt_r(pw, password->ptr, &crypt_tmp_data))) {
+#else
 			if (0 == (crypted = crypt(pw, password->ptr))) {
+#endif
 				/* crypt failed. */
 				return -1;
 			}