On Tue, May 27, 2003 at 05:33:37PM +0200, Oliver Graf wrote:
> On Tue, May 27, 2003 at 09:27:53AM -0400, Alan DeKok wrote:
> > Oliver Graf <[EMAIL PROTECTED]> wrote:
> > > My test showed that the Crypt-Password is the problem. The test users
> > > with User-Password and auth-type Local work as before, test user (and
> > > normal users) with Crypt-Password and Crypt-Local are rejected (auth
> > > failed).
> >
> > OK. See src/modules/rlm_pap/rlm_pap.c for examples of wrapping a
> > pthread mutex around calls to crypt(), which isn't thread-safe. I'll
> > take a look at fixing it in the CVS head.
>
> Hmmm... sort of weird that it takes that long for the bug to
> manifest. But you're right, crypt is not thread safe.
>
> I think I'll wait for your update, cause doing the lock for a module
> is easy cause I have the instance, but (without diving to much into
> the source) I don't see where I get to the thread mutex from only a
> REQUEST *...
After some fruitless attemps to use PAP, I did patch auth.c a bit.
It now locks while using crypt. This is only good, if this is the only
use of crypt. If pap (for example) is also used, it should use the
same mutex to lock while doing an crypt (as should do any other
freeradius code using crypt).
The server seems running und is responsive :) the next hours will show
if the problem is fixed with this.
Oliver.
--- freeradius-snapshot-20030529/src/main/threads.c.orig 2003-05-29
13:44:07.000000000 +0200
+++ freeradius-snapshot-20030529/src/main/threads.c 2003-05-29 13:58:49.000000000
+0200
@@ -134,6 +134,10 @@
*/
static pthread_mutex_t fork_mutex;
+/*
+ * This mutex solves a threading porblem with crypt in auth.c
+ */
+pthread_mutex_t authcrypt_mutex;
/*
* A mapping of configuration file names to internal integers
@@ -770,6 +774,7 @@
* Initialize the mutex used to remember calls to fork.
*/
pthread_mutex_init(&fork_mutex, NULL);
+ pthread_mutex_init(&authcrypt_mutex, NULL);
/*
* Initialize the data structure where we remember the
--- freeradius-snapshot-20030529/src/main/auth.c.orig 2003-05-29 13:42:03.000000000
+0200
+++ freeradius-snapshot-20030529/src/main/auth.c 2003-05-29 13:56:52.000000000
+0200
@@ -276,8 +276,15 @@
return -1;
}
+#if HAVE_PTHREAD_H
+ pthread_mutex_lock(&authcrypt_mutex);
+#endif
crypted_password = crypt((char *)auth_item->strvalue,
- (char *)password_pair->strvalue);
+ (char
*)password_pair->strvalue);
+#if HAVE_PTHREAD_H
+ pthread_mutex_unlock(&authcrypt_mutex);
+#endif
+
if (!crypted_password) {
rad_authlog("Login incorrect "
"(system failed to supply an encrypted
password for comparison)", request, 0);
--- freeradius-snapshot-20030529/src/include/radiusd.h.orig 2003-05-29
13:47:12.000000000 +0200
+++ freeradius-snapshot-20030529/src/include/radiusd.h 2003-05-29 13:58:38.000000000
+0200
@@ -230,6 +230,7 @@
extern int proxy_port;
extern int proxyfd;
extern const char *radiusd_version;
+extern pthread_mutex_t authcrypt_mutex;
/*
* Function prototypes.
