ITS#9520 Refuse parallelism if not compiled with libargon2

doc/man/man5/slappw-argon2.5

@@ -39,7 +39,8 @@ kiB.
 .BI p= <parallelism>
 Set parallelism to
 .I <parallelism>
-threads.
+threads. Currently supported only when linked with
+.BR libargon2 .
 .TP
 .BI t= <iterations>
 Set the number of iterations to

servers/slapd/pwmods/argon2.c

@@ -20,6 +20,8 @@
 #include "lber_pvt.h"
 #include "lutil.h"
 
+#include "slap.h"
+
 #include <stdint.h>
 #include <stdlib.h>
 
@@ -216,6 +218,22 @@ int init_module( int argc, char *argv[] )
 		}
 	}
 
+#ifndef HAVE_LIBARGON2
+	/* At the moment, we can only use libargon2 to set parallelism for new
+	 * hashes */
+	if ( parallelism != SLAPD_ARGON2_PARALLELISM ) {
+		Debug( LDAP_DEBUG_ANY, "pw-argon2: "
+				"non-default parallelism only supported when linked with "
+				"libargon2, got p=%lu\n",
+				parallelism );
+
+		if ( (slapMode & SLAP_MODE) != SLAP_TOOL_MODE ||
+				slapTool == SLAPPASSWD || slapTool == SLAPTEST ) {
+			return 1;
+		}
+	}
+#endif
+
 	return lutil_passwd_add( (struct berval *)&slapd_argon2_scheme,
 			slapd_argon2_verify, slapd_argon2_hash );
 }