Feature: Support calls to the system crypt()/crypt_r() for hased passwords

src/util_crypt.c

@@ -17,11 +17,23 @@
 
 #include <rhash.h>
 
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
+#if !defined(HAVE_CRYPT_R) && defined(HAVE_CRYPT) && defined(HAVE_PTHREAD)
+#include <pthread.h>
+#endif
+
 #include "util_crypt.h"
 #include "util_string.h"
 
 #define HASH_LEN     16
 
+#if !defined(HAVE_CRYPT_R) && defined(HAVE_CRYPT) && defined(HAVE_PTHREAD)
+static pthread_mutex_t crypt_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
 char * util_crypt_hash(const char *pw)
 {
     unsigned char digest[HASH_LEN];
@@ -40,6 +52,11 @@ bool   util_crypt_check(const char *plain, const char *crypted)
         return false;
 
     len = strlen(crypted);
+    if (!len)
+        return false;
+
+    /* below here we know that plain and crypted are non-null and that crypted is at least one byte long */
+
     if (len == (HASH_LEN*2) && crypted[0] != '$') {
         char *digest = util_crypt_hash(plain);
         bool res;
@@ -52,5 +69,29 @@ bool   util_crypt_check(const char *plain, const char *crypted)
         return res;
     }
 
+    if (crypted[0] == '$') {
+        const char *cres;
+#ifdef HAVE_CRYPT_R
+        struct crypt_data data;
+
+        memset(&data, 0, sizeof(data));
+
+        cres = crypt_r(plain, crypted, &data);
+        if (cres && strcmp(crypted, cres) == 0)
+            return true;
+#elif defined(HAVE_CRYPT) && defined(HAVE_PTHREAD)
+        bool res = false;
+
+        if (pthread_mutex_lock(&crypt_mutex) != 0)
+            return false;
+
+        cres = crypt(plain, crypted);
+        if (cres && strcmp(crypted, cres) == 0)
+            res = true;
+        pthread_mutex_unlock(&crypt_mutex);
+        return res;
+#endif
+    }
+
     return false;
 }