ITS#9520 Refuse parallelism if not compiled with libargon2

2025-12-24 00:29:35 -05:00 · 2021-04-09 10:41:00 +01:00 · 2021-04-09 10:41:00 +01:00 · ae77343d67
commit ae77343d67
parent 8b353df0e2
2 changed files with 20 additions and 1 deletions
--- a/doc/man/man5/slappw-argon2.5
+++ b/doc/man/man5/slappw-argon2.5
@ -39,7 +39,8 @@ kiB.
 .BI p= <parallelism>
 Set parallelism to
 .I <parallelism>
-threads.
+threads. Currently supported only when linked with
+.BR libargon2 .
 .TP
 .BI t= <iterations>
 Set the number of iterations to
--- a/servers/slapd/pwmods/argon2.c
+++ b/servers/slapd/pwmods/argon2.c
@ -20,6 +20,8 @@
 #include "lber_pvt.h"
 #include "lutil.h"

+#include "slap.h"
+
 #include <stdint.h>
 #include <stdlib.h>

@ -216,6 +218,22 @@ int init_module( int argc, char *argv[] )
 		}
 	}

+#ifndef HAVE_LIBARGON2
+	/* At the moment, we can only use libargon2 to set parallelism for new
+	 * hashes */
+	if ( parallelism != SLAPD_ARGON2_PARALLELISM ) {
+		Debug( LDAP_DEBUG_ANY, "pw-argon2: "
+				"non-default parallelism only supported when linked with "
+				"libargon2, got p=%lu\n",
+				parallelism );
+
+		if ( (slapMode & SLAP_MODE) != SLAP_TOOL_MODE ||
+				slapTool == SLAPPASSWD || slapTool == SLAPTEST ) {
+			return 1;
+		}
+	}
+#endif
+
 	return lutil_passwd_add( (struct berval *)&slapd_argon2_scheme,
 			slapd_argon2_verify, slapd_argon2_hash );
 }