]> Raphaƫl G. Git Repositories - ihttpd/blob - SOURCES/httpd-2.4.4-mod_unique_id.patch
Add debug-sshd
[ihttpd] / SOURCES / httpd-2.4.4-mod_unique_id.patch
1 --- trunk/modules/metadata/mod_unique_id.c 2011/12/02 23:02:04 1209766
2 +++ trunk/modules/metadata/mod_unique_id.c 2013/07/10 16:20:31 1501827
3 @@ -31,14 +31,11 @@
4 #include "http_log.h"
5 #include "http_protocol.h" /* for ap_hook_post_read_request */
6
7 -#if APR_HAVE_UNISTD_H
8 -#include <unistd.h> /* for getpid() */
9 -#endif
10 +#define ROOT_SIZE 10
11
12 typedef struct {
13 unsigned int stamp;
14 - unsigned int in_addr;
15 - unsigned int pid;
16 + char root[ROOT_SIZE];
17 unsigned short counter;
18 unsigned int thread_index;
19 } unique_id_rec;
20 @@ -64,20 +61,15 @@
21 * gethostbyname (gethostname()) is unique across all the machines at the
22 * "site".
23 *
24 - * We also further assume that pids fit in 32-bits. If something uses more
25 - * than 32-bits, the fix is trivial, but it requires the unrolled uuencoding
26 - * loop to be extended. * A similar fix is needed to support multithreaded
27 - * servers, using a pid/tid combo.
28 - *
29 - * Together, the in_addr and pid are assumed to absolutely uniquely identify
30 - * this one child from all other currently running children on all servers
31 - * (including this physical server if it is running multiple httpds) from each
32 + * The root is assumed to absolutely uniquely identify this one child
33 + * from all other currently running children on all servers (including
34 + * this physical server if it is running multiple httpds) from each
35 * other.
36 *
37 - * The stamp and counter are used to distinguish all hits for a particular
38 - * (in_addr,pid) pair. The stamp is updated using r->request_time,
39 - * saving cpu cycles. The counter is never reset, and is used to permit up to
40 - * 64k requests in a single second by a single child.
41 + * The stamp and counter are used to distinguish all hits for a
42 + * particular root. The stamp is updated using r->request_time,
43 + * saving cpu cycles. The counter is never reset, and is used to
44 + * permit up to 64k requests in a single second by a single child.
45 *
46 * The 144-bits of unique_id_rec are encoded using the alphabet
47 * [A-Za-z0-9@-], resulting in 24 bytes of printable characters. That is then
48 @@ -92,7 +84,7 @@
49 * module change.
50 *
51 * It is highly desirable that identifiers exist for "eternity". But future
52 - * needs (such as much faster webservers, moving to 64-bit pids, or moving to a
53 + * needs (such as much faster webservers, or moving to a
54 * multithreaded server) may dictate a need to change the contents of
55 * unique_id_rec. Such a future implementation should ensure that the first
56 * field is still a time_t stamp. By doing that, it is possible for a site to
57 @@ -100,7 +92,15 @@
58 * wait one entire second, and then start all of their new-servers. This
59 * procedure will ensure that the new space of identifiers is completely unique
60 * from the old space. (Since the first four unencoded bytes always differ.)
61 + *
62 + * Note: previous implementations used 32-bits of IP address plus pid
63 + * in place of the PRNG output in the "root" field. This was
64 + * insufficient for IPv6-only hosts, required working DNS to determine
65 + * a unique IP address (fragile), and needed a [0, 1) second sleep
66 + * call at startup to avoid pid reuse. Use of the PRNG avoids all
67 + * these issues.
68 */
69 +
70 /*
71 * Sun Jun 7 05:43:49 CEST 1998 -- Alvaro
72 * More comments:
73 @@ -116,8 +116,6 @@
74 * htonl/ntohl. Well, this shouldn't be a problem till year 2106.
75 */
76
77 -static unsigned global_in_addr;
78 -
79 /*
80 * XXX: We should have a per-thread counter and not use cur_unique_id.counter
81 * XXX: in all threads, because this is bad for performance on multi-processor
82 @@ -129,7 +127,7 @@
83 /*
84 * Number of elements in the structure unique_id_rec.
85 */
86 -#define UNIQUE_ID_REC_MAX 5
87 +#define UNIQUE_ID_REC_MAX 4
88
89 static unsigned short unique_id_rec_offset[UNIQUE_ID_REC_MAX],
90 unique_id_rec_size[UNIQUE_ID_REC_MAX],
91 @@ -138,113 +136,32 @@
92
93 static int unique_id_global_init(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *main_server)
94 {
95 - char str[APRMAXHOSTLEN + 1];
96 - apr_status_t rv;
97 - char *ipaddrstr;
98 - apr_sockaddr_t *sockaddr;
99 -
100 /*
101 * Calculate the sizes and offsets in cur_unique_id.
102 */
103 unique_id_rec_offset[0] = APR_OFFSETOF(unique_id_rec, stamp);
104 unique_id_rec_size[0] = sizeof(cur_unique_id.stamp);
105 - unique_id_rec_offset[1] = APR_OFFSETOF(unique_id_rec, in_addr);
106 - unique_id_rec_size[1] = sizeof(cur_unique_id.in_addr);
107 - unique_id_rec_offset[2] = APR_OFFSETOF(unique_id_rec, pid);
108 - unique_id_rec_size[2] = sizeof(cur_unique_id.pid);
109 - unique_id_rec_offset[3] = APR_OFFSETOF(unique_id_rec, counter);
110 - unique_id_rec_size[3] = sizeof(cur_unique_id.counter);
111 - unique_id_rec_offset[4] = APR_OFFSETOF(unique_id_rec, thread_index);
112 - unique_id_rec_size[4] = sizeof(cur_unique_id.thread_index);
113 + unique_id_rec_offset[1] = APR_OFFSETOF(unique_id_rec, root);
114 + unique_id_rec_size[1] = sizeof(cur_unique_id.root);
115 + unique_id_rec_offset[2] = APR_OFFSETOF(unique_id_rec, counter);
116 + unique_id_rec_size[2] = sizeof(cur_unique_id.counter);
117 + unique_id_rec_offset[3] = APR_OFFSETOF(unique_id_rec, thread_index);
118 + unique_id_rec_size[3] = sizeof(cur_unique_id.thread_index);
119 unique_id_rec_total_size = unique_id_rec_size[0] + unique_id_rec_size[1] +
120 - unique_id_rec_size[2] + unique_id_rec_size[3] +
121 - unique_id_rec_size[4];
122 + unique_id_rec_size[2] + unique_id_rec_size[3];
123
124 /*
125 * Calculate the size of the structure when encoded.
126 */
127 unique_id_rec_size_uu = (unique_id_rec_total_size*8+5)/6;
128
129 - /*
130 - * Now get the global in_addr. Note that it is not sufficient to use one
131 - * of the addresses from the main_server, since those aren't as likely to
132 - * be unique as the physical address of the machine
133 - */
134 - if ((rv = apr_gethostname(str, sizeof(str) - 1, p)) != APR_SUCCESS) {
135 - ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01563)
136 - "unable to find hostname of the server");
137 - return HTTP_INTERNAL_SERVER_ERROR;
138 - }
139 -
140 - if ((rv = apr_sockaddr_info_get(&sockaddr, str, AF_INET, 0, 0, p)) == APR_SUCCESS) {
141 - global_in_addr = sockaddr->sa.sin.sin_addr.s_addr;
142 - }
143 - else {
144 - ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01564)
145 - "unable to find IPv4 address of \"%s\"", str);
146 -#if APR_HAVE_IPV6
147 - if ((rv = apr_sockaddr_info_get(&sockaddr, str, AF_INET6, 0, 0, p)) == APR_SUCCESS) {
148 - memcpy(&global_in_addr,
149 - (char *)sockaddr->ipaddr_ptr + sockaddr->ipaddr_len - sizeof(global_in_addr),
150 - sizeof(global_in_addr));
151 - ap_log_error(APLOG_MARK, APLOG_ALERT, rv, main_server, APLOGNO(01565)
152 - "using low-order bits of IPv6 address "
153 - "as if they were unique");
154 - }
155 - else
156 -#endif
157 - return HTTP_INTERNAL_SERVER_ERROR;
158 - }
159 -
160 - apr_sockaddr_ip_get(&ipaddrstr, sockaddr);
161 - ap_log_error(APLOG_MARK, APLOG_INFO, 0, main_server, APLOGNO(01566) "using ip addr %s",
162 - ipaddrstr);
163 -
164 - /*
165 - * If the server is pummelled with restart requests we could possibly end
166 - * up in a situation where we're starting again during the same second
167 - * that has been used in previous identifiers. Avoid that situation.
168 - *
169 - * In truth, for this to actually happen not only would it have to restart
170 - * in the same second, but it would have to somehow get the same pids as
171 - * one of the other servers that was running in that second. Which would
172 - * mean a 64k wraparound on pids ... not very likely at all.
173 - *
174 - * But protecting against it is relatively cheap. We just sleep into the
175 - * next second.
176 - */
177 - apr_sleep(apr_time_from_sec(1) - apr_time_usec(apr_time_now()));
178 return OK;
179 }
180
181 static void unique_id_child_init(apr_pool_t *p, server_rec *s)
182 {
183 - pid_t pid;
184 -
185 - /*
186 - * Note that we use the pid because it's possible that on the same
187 - * physical machine there are multiple servers (i.e. using Listen). But
188 - * it's guaranteed that none of them will share the same pids between
189 - * children.
190 - *
191 - * XXX: for multithread this needs to use a pid/tid combo and probably
192 - * needs to be expanded to 32 bits
193 - */
194 - pid = getpid();
195 - cur_unique_id.pid = pid;
196 -
197 - /*
198 - * Test our assumption that the pid is 32-bits. It's possible that
199 - * 64-bit machines will declare pid_t to be 64 bits but only use 32
200 - * of them. It would have been really nice to test this during
201 - * global_init ... but oh well.
202 - */
203 - if ((pid_t)cur_unique_id.pid != pid) {
204 - ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s, APLOGNO(01567)
205 - "oh no! pids are greater than 32-bits! I'm broken!");
206 - }
207 -
208 - cur_unique_id.in_addr = global_in_addr;
209 + ap_random_insecure_bytes(&cur_unique_id.root,
210 + sizeof(cur_unique_id.root));
211
212 /*
213 * If we use 0 as the initial counter we have a little less protection
214 @@ -253,13 +170,6 @@
215 */
216 ap_random_insecure_bytes(&cur_unique_id.counter,
217 sizeof(cur_unique_id.counter));
218 -
219 - /*
220 - * We must always use network ordering for these bytes, so that
221 - * identifiers are comparable between machines of different byte
222 - * orderings. Note in_addr is already in network order.
223 - */
224 - cur_unique_id.pid = htonl(cur_unique_id.pid);
225 }
226
227 /* NOTE: This is *NOT* the same encoding used by base64encode ... the last two
228 @@ -291,10 +201,8 @@
229 unsigned short counter;
230 int i,j,k;
231
232 - new_unique_id.in_addr = cur_unique_id.in_addr;
233 - new_unique_id.pid = cur_unique_id.pid;
234 + memcpy(&new_unique_id.root, &cur_unique_id.root, ROOT_SIZE);
235 new_unique_id.counter = cur_unique_id.counter;
236 -
237 new_unique_id.stamp = htonl((unsigned int)apr_time_sec(r->request_time));
238 new_unique_id.thread_index = htonl((unsigned int)r->connection->id);
239