_sessreg_implement_hostname_hashing

$Id: 085_sessreg_implement_hostname_hashing.diff 689 2005-10-19 22:11:30Z dnusinow $ The sessreg program assumes that hostnames in utmp entries are unique in the last four characters. When two entries are "test:0" and "fist:0", for example, this assumption fails. Rectify this problem by hashing the entire hostname field from the utmp entry, so that we can tell unlike hostnames apart with much greater reliability. There is still a possiblility of one hash collision in 2^32. This patch by Maximiliano Curia and Damián Viano, using a public-domain hash algorithm by Bob Jenkins. Not submitted to XFree86. Gbp-Pq: Name 01_sessreg_implement_hostname_hashing.diff
2022-05-14 03:20:06 +08:00 · 2022-05-14 03:20:06 +08:00 · c0d0750033
parent 7282e56f64
commit c0d0750033
1 changed files with 152 additions and 12 deletions
--- a/sessreg/sessreg.c
+++ b/sessreg/sessreg.c
@ -89,6 +89,18 @@ static void set_utmpx (struct utmpx *u, const char *line, const char *user,
 		       const char *host, time_t date, int addp);
 #endif

+#ifdef HAVE_STRUCT_UTMP_UT_ID
+/* used for hashing ut_id */
+typedef  unsigned long  int  ub4;   /* unsigned 4-byte quantities */
+typedef  unsigned       char ub1;   /* unsigned 1-byte quantities */
+
+#define hashsize(n) ((ub4)1<<(n))
+#define hashmask(n) (hashsize(n)-1)
+
+ub4 hash(register ub1 *k, register ub4 length, register ub4 initval);
+
+#endif
+
 static int wflag, uflag, lflag;
 static const char *wtmp_file, *utmp_file;
 #ifdef USE_UTMPX
@ -438,21 +450,23 @@ set_utmp (struct utmp *u, char *line, char *user, char *host, time_t date, int a
 		memset (u->ut_name, 0, sizeof (u->ut_name));
 #ifdef HAVE_STRUCT_UTMP_UT_ID
 	if (line) {
-		size_t	i;
 		/*
-		 * this is a bit crufty, but
-		 * follows the apparent conventions in
-		 * the ttys file.  ut_id is only 4 bytes
-		 * long, and the last 4 bytes of the line
-		 * name are written into it, left justified.
+		 * The ut_id is 4 bytes long.  We make a hash of the line
+		 * received, preceding it by ":" to prevent clashing with
+		 * other ut_ids.
 		 */
-		i = strlen (line);
-		if (i >= sizeof (u->ut_id))
-			i -= sizeof (u->ut_id);
-		else
-			i = 0;
-		(void) strncpy (u->ut_id, line + i, sizeof (u->ut_id));
+		ub4 h;
+		u->ut_id[0]=':';
+		h = hash(line, strlen(line),0x9e3779b9);
+		h = (h & hashmask((sizeof(u->ut_id)-sizeof(char))*8));
+		(void) strncpy (u->ut_id + 1,(char *) &h,  sizeof (u->ut_id)-sizeof(char));
 	} else
+		/*
+		 * From utmp(5):
+		 * Clearing ut_id may result in race conditions leading to corrupted
+		 * utmp entries and and potential security holes.
+		 */
+		/* TODO: CHECK this  */
 		memset (u->ut_id, 0, sizeof (u->ut_id));
 #endif
 #ifdef HAVE_STRUCT_UTMP_UT_PID
@ -702,3 +716,129 @@ findslot (char *line_name, char *host_name, int addp, int slot)
 		return freeslot;
 }
 #endif
+
+#ifdef HAVE_STRUCT_UTMP_UT_ID
+/*
+--------------------------------------------------------------------
+mix -- mix 3 32-bit values reversibly.
+For every delta with one or two bits set, and the deltas of all three
+  high bits or all three low bits, whether the original value of a,b,c
+  is almost all zero or is uniformly distributed,
+* If mix() is run forward or backward, at least 32 bits in a,b,c
+  have at least 1/4 probability of changing.
+* If mix() is run forward, every bit of c will change between 1/3 and
+  2/3 of the time.  (Well, 22/100 and 78/100 for some 2-bit deltas.)
+mix() was built out of 36 single-cycle latency instructions in a
+  structure that could supported 2x parallelism, like so:
+      a -= b;
+      a -= c; x = (c>>13);
+      b -= c; a ^= x;
+      b -= a; x = (a<<8);
+      c -= a; b ^= x;
+      c -= b; x = (b>>13);
+      ...
+  Unfortunately, superscalar Pentiums and Sparcs can't take advantage
+  of that parallelism.  They've also turned some of those single-cycle
+  latency instructions into multi-cycle latency instructions.  Still,
+  this is the fastest good hash I could find.  There were about 2^^68
+  to choose from.  I only looked at a billion or so.
+--------------------------------------------------------------------
+*/
+#define mix(a,b,c) \
+{ \
+  a -= b; a -= c; a ^= (c>>13); \
+  b -= c; b -= a; b ^= (a<<8); \
+  c -= a; c -= b; c ^= (b>>13); \
+  a -= b; a -= c; a ^= (c>>12);  \
+  b -= c; b -= a; b ^= (a<<16); \
+  c -= a; c -= b; c ^= (b>>5); \
+  a -= b; a -= c; a ^= (c>>3);  \
+  b -= c; b -= a; b ^= (a<<10); \
+  c -= a; c -= b; c ^= (b>>15); \
+}
+
+/*
+--------------------------------------------------------------------
+hash() -- hash a variable-length key into a 32-bit value
+  k       : the key (the unaligned variable-length array of bytes)
+  len     : the length of the key, counting by bytes
+  initval : can be any 4-byte value
+Returns a 32-bit value.  Every bit of the key affects every bit of
+the return value.  Every 1-bit and 2-bit delta achieves avalanche.
+About 6*len+35 instructions.
+
+The best hash table sizes are powers of 2.  There is no need to do
+mod a prime (mod is sooo slow!).  If you need less than 32 bits,
+use a bitmask.  For example, if you need only 10 bits, do
+  h = (h & hashmask(10));
+In which case, the hash table should have hashsize(10) elements.
+
+If you are hashing n strings (ub1 **)k, do it like this:
+  for (i=0, h=0; i<n; ++i) h = hash( k[i], len[i], h);
+
+By Bob Jenkins, 1996.  bob_jenkins@burtleburtle.net.  You may use this
+code any way you wish, private, educational, or commercial.  It's free.
+
+[On 27 May 2004, Bob Jenkins further clarified the above statement.
+
+  From: Bob Jenkins <bob_jenkins@burtleburtle.net>
+  Date: Thu, 27 May 2004 22:33:06 -0700
+  To: Margarita Manterola <marga@marga.com.ar>
+  Subject: Re: Hash function
+
+  The algorithm is public domain.  I ask that I be referenced as the
+  source of the algorithm, but I can't enforce that, since being public
+  domain means I've reserved no rights at all.
+
+-- Branden Robinson, 2004-06-06]
+
+See http://burtleburtle.net/bob/hash/evahash.html
+Use for hash table lookup, or anything where one collision in 2^^32 is
+acceptable.  Do NOT use for cryptographic purposes.
+--------------------------------------------------------------------
+*/
+
+ub4
+hash(register ub1 *k, register ub4 length, register ub4 initval)
+{
+   register ub4 a,b,c,len;
+
+   /* Set up the internal state */
+   len = length;
+   a = b = 0x9e3779b9;  /* the golden ratio; an arbitrary value */
+   c = initval;         /* the previous hash value */
+
+   /*---------------------------------------- handle most of the key */
+   while (len >= 12)
+   {
+      a += (k[0] +((ub4)k[1]<<8) +((ub4)k[2]<<16) +((ub4)k[3]<<24));
+      b += (k[4] +((ub4)k[5]<<8) +((ub4)k[6]<<16) +((ub4)k[7]<<24));
+      c += (k[8] +((ub4)k[9]<<8) +((ub4)k[10]<<16)+((ub4)k[11]<<24));
+      mix(a,b,c);
+      k += 12; len -= 12;
+   }
+
+   /*------------------------------------- handle the last 11 bytes */
+   c += length;
+   switch(len)              /* all the case statements fall through */
+   {
+   case 11: c+=((ub4)k[10]<<24);
+   case 10: c+=((ub4)k[9]<<16);
+   case 9 : c+=((ub4)k[8]<<8);
+      /* the first byte of c is reserved for the length */
+   case 8 : b+=((ub4)k[7]<<24);
+   case 7 : b+=((ub4)k[6]<<16);
+   case 6 : b+=((ub4)k[5]<<8);
+   case 5 : b+=k[4];
+   case 4 : a+=((ub4)k[3]<<24);
+   case 3 : a+=((ub4)k[2]<<16);
+   case 2 : a+=((ub4)k[1]<<8);
+   case 1 : a+=k[0];
+     /* case 0: nothing left to add */
+   }
+   mix(a,b,c);
+   /*-------------------------------------------- report the result */
+   return c;
+}
+
+#endif