Commit ae77343d authored by Ondřej Kuzník's avatar Ondřej Kuzník
Browse files

ITS#9520 Refuse parallelism if not compiled with libargon2

parent 8b353df0
Pipeline #2528 passed with stage
in 46 minutes and 17 seconds
...@@ -39,7 +39,8 @@ kiB. ...@@ -39,7 +39,8 @@ kiB.
.BI p= <parallelism> .BI p= <parallelism>
Set parallelism to Set parallelism to
.I <parallelism> .I <parallelism>
threads. threads. Currently supported only when linked with
.BR libargon2 .
.TP .TP
.BI t= <iterations> .BI t= <iterations>
Set the number of iterations to Set the number of iterations to
......
...@@ -20,6 +20,8 @@ ...@@ -20,6 +20,8 @@
#include "lber_pvt.h" #include "lber_pvt.h"
#include "lutil.h" #include "lutil.h"
#include "slap.h"
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
...@@ -216,6 +218,22 @@ int init_module( int argc, char *argv[] ) ...@@ -216,6 +218,22 @@ int init_module( int argc, char *argv[] )
} }
} }
#ifndef HAVE_LIBARGON2
/* At the moment, we can only use libargon2 to set parallelism for new
* hashes */
if ( parallelism != SLAPD_ARGON2_PARALLELISM ) {
Debug( LDAP_DEBUG_ANY, "pw-argon2: "
"non-default parallelism only supported when linked with "
"libargon2, got p=%lu\n",
parallelism );
if ( (slapMode & SLAP_MODE) != SLAP_TOOL_MODE ||
slapTool == SLAPPASSWD || slapTool == SLAPTEST ) {
return 1;
}
}
#endif
return lutil_passwd_add( (struct berval *)&slapd_argon2_scheme, return lutil_passwd_add( (struct berval *)&slapd_argon2_scheme,
slapd_argon2_verify, slapd_argon2_hash ); slapd_argon2_verify, slapd_argon2_hash );
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment