230 lines
7.5 KiB
C
230 lines
7.5 KiB
C
|
/*
|
||
|
* Asterisk -- An open source telephony toolkit.
|
||
|
*
|
||
|
* Copyright (C) 2012, Digium, Inc.
|
||
|
*
|
||
|
* Mark Michelson <mmmichelson@digium.com>
|
||
|
*
|
||
|
* See http://www.asterisk.org for more information about
|
||
|
* the Asterisk project. Please do not directly contact
|
||
|
* any of the maintainers of this project for assistance;
|
||
|
* the project provides a web site, mailing lists and IRC
|
||
|
* channels for your use.
|
||
|
*
|
||
|
* This program is free software, distributed under the terms of
|
||
|
* the GNU General Public License Version 2. See the LICENSE file
|
||
|
* at the top of the source tree.
|
||
|
*/
|
||
|
|
||
|
/*! \file
|
||
|
* \brief Universally unique identifier support
|
||
|
*
|
||
|
* \extref Depends on libuuid, a component of the e2fsprogs package - http://e2fsprogs.sourceforge.net/
|
||
|
*/
|
||
|
|
||
|
#include "asterisk.h"
|
||
|
#include <uuid/uuid.h>
|
||
|
#include <fcntl.h>
|
||
|
|
||
|
#include "asterisk/uuid.h"
|
||
|
#include "asterisk/utils.h"
|
||
|
#include "asterisk/strings.h"
|
||
|
#include "asterisk/logger.h"
|
||
|
#include "asterisk/lock.h"
|
||
|
|
||
|
AST_MUTEX_DEFINE_STATIC(uuid_lock);
|
||
|
|
||
|
static int has_dev_urandom;
|
||
|
|
||
|
struct ast_uuid {
|
||
|
uuid_t uu;
|
||
|
};
|
||
|
|
||
|
/*!
|
||
|
* \internal
|
||
|
* \brief Generate a UUID.
|
||
|
* \since 12.0.0
|
||
|
*
|
||
|
* \param uuid Fill this with a generated UUID.
|
||
|
*/
|
||
|
static void generate_uuid(struct ast_uuid *uuid)
|
||
|
{
|
||
|
/* libuuid provides three methods of generating uuids,
|
||
|
* uuid_generate(), uuid_generate_random(), and uuid_generate_time().
|
||
|
*
|
||
|
* uuid_generate_random() creates a UUID based on random numbers. The method
|
||
|
* attempts to use either /dev/urandom or /dev/random to generate random values.
|
||
|
* If these resources are unavailable, then random numbers will be generated
|
||
|
* using C library calls to generate pseudorandom numbers.
|
||
|
* This method of generating UUIDs corresponds to section 4.4 of RFC 4122.
|
||
|
*
|
||
|
* uuid_generate_time() creates a UUID based on the current time plus
|
||
|
* a system identifier (MAC address of the ethernet interface). This
|
||
|
* method of generating UUIDs corresponds to section 4.2 of RFC 4122.
|
||
|
*
|
||
|
* uuid_generate() will check if /dev/urandom or /dev/random is available to
|
||
|
* use. If so, it will use uuid_generate_random(). Otherwise, it will use
|
||
|
* uuid_generate_time(). The idea is that it avoids using pseudorandom
|
||
|
* numbers if necessary.
|
||
|
*
|
||
|
* For our purposes, we do not use the time-based UUID at all. There are
|
||
|
* several reasons for this:
|
||
|
*
|
||
|
* 1) The time-based algorithm makes use of a daemon process (uuidd) in order
|
||
|
* to ensure that any concurrent requests for UUIDs result in unique results.
|
||
|
* Use of this daemon is a bit dodgy for a few reasons
|
||
|
*
|
||
|
* a) libuuid assumes a hardcoded location for the .pid file of the daemon.
|
||
|
* However, the daemon could already be running on the system in a different
|
||
|
* location than expected. If this is the case, then attempting to connect
|
||
|
* to the daemon will fail, and attempting to launch another instance in
|
||
|
* the expected location will also fail.
|
||
|
*
|
||
|
* b) If the daemon is not running, then the first attempt to create a
|
||
|
* time-based UUID will result in launching the daemon. Because of the hard-
|
||
|
* coded locations that libuuid assumes for the daemon, Asterisk must be
|
||
|
* run with permissions that will allow for the daemon to be launched in
|
||
|
* the expected directories.
|
||
|
*
|
||
|
* c) Once the daemon is running, concurrent requests for UUIDs are thread-safe.
|
||
|
* However, the actual launching of the daemon is not thread-safe since libuuid
|
||
|
* uses no synchronization primitives to ensure that only one thread (or process)
|
||
|
* launches the daemon.
|
||
|
*
|
||
|
* d) When libuuid launches the daemon, it sets an inactivity timer.
|
||
|
* If no UUID generation requests are issued in that time period,
|
||
|
* then the daemon will exit. If a new request should occur after the daemon
|
||
|
* exits, then the daemon will be relaunched. Given point c), we cannot
|
||
|
* necessarily guarantee the thread-safety of time-based UUID generation since
|
||
|
* we cannot necessarily guarantee the daemon is running as we expect.
|
||
|
* We could set up a watchdog thread to generate UUIDs at regular intervals to
|
||
|
* prevent the daemon from exiting, but frankly, that sucks.
|
||
|
*
|
||
|
* 2) Since the MAC address of the Ethernet interface is part of the UUID when
|
||
|
* using the time-based method, there is information leaked.
|
||
|
*
|
||
|
* Given these drawbacks, we stick to only using random UUIDs. The chance of /dev/random
|
||
|
* or /dev/urandom not existing on systems in this age is next to none.
|
||
|
*/
|
||
|
|
||
|
/* XXX Currently, we only protect this call if the user has no /dev/urandom on their system.
|
||
|
* If it turns out that there are issues with UUID generation despite the presence of
|
||
|
* /dev/urandom, then we may need to make the locking/unlocking unconditional.
|
||
|
*/
|
||
|
if (!has_dev_urandom) {
|
||
|
ast_mutex_lock(&uuid_lock);
|
||
|
}
|
||
|
uuid_generate_random(uuid->uu);
|
||
|
if (!has_dev_urandom) {
|
||
|
ast_mutex_unlock(&uuid_lock);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
struct ast_uuid *ast_uuid_generate(void)
|
||
|
{
|
||
|
struct ast_uuid *uuid = ast_malloc(sizeof(*uuid));
|
||
|
|
||
|
if (!uuid) {
|
||
|
return NULL;
|
||
|
}
|
||
|
generate_uuid(uuid);
|
||
|
return uuid;
|
||
|
}
|
||
|
|
||
|
char *ast_uuid_to_str(struct ast_uuid *uuid, char *buf, size_t size)
|
||
|
{
|
||
|
ast_assert(size >= AST_UUID_STR_LEN);
|
||
|
uuid_unparse(uuid->uu, buf);
|
||
|
return ast_str_to_lower(buf);
|
||
|
}
|
||
|
|
||
|
char *ast_uuid_generate_str(char *buf, size_t size)
|
||
|
{
|
||
|
struct ast_uuid uuid;
|
||
|
|
||
|
generate_uuid(&uuid);
|
||
|
return ast_uuid_to_str(&uuid, buf, size);
|
||
|
}
|
||
|
|
||
|
struct ast_uuid *ast_str_to_uuid(char *str)
|
||
|
{
|
||
|
struct ast_uuid *uuid = ast_malloc(sizeof(*uuid));
|
||
|
int res;
|
||
|
|
||
|
if (!uuid) {
|
||
|
return NULL;
|
||
|
}
|
||
|
res = uuid_parse(str, uuid->uu);
|
||
|
if (res) {
|
||
|
ast_log(LOG_WARNING, "Unable to convert string %s into a UUID\n", str);
|
||
|
ast_free(uuid);
|
||
|
return NULL;
|
||
|
}
|
||
|
return uuid;
|
||
|
}
|
||
|
|
||
|
struct ast_uuid *ast_uuid_copy(struct ast_uuid *src)
|
||
|
{
|
||
|
struct ast_uuid *dst = ast_malloc(sizeof(*dst));
|
||
|
|
||
|
if (!dst) {
|
||
|
return NULL;
|
||
|
}
|
||
|
uuid_copy(dst->uu, src->uu);
|
||
|
return dst;
|
||
|
}
|
||
|
|
||
|
int ast_uuid_compare(struct ast_uuid *left, struct ast_uuid *right)
|
||
|
{
|
||
|
return uuid_compare(left->uu, right->uu);
|
||
|
}
|
||
|
|
||
|
void ast_uuid_clear(struct ast_uuid *uuid)
|
||
|
{
|
||
|
uuid_clear(uuid->uu);
|
||
|
}
|
||
|
|
||
|
int ast_uuid_is_nil(struct ast_uuid *uuid)
|
||
|
{
|
||
|
return uuid_is_null(uuid->uu);
|
||
|
}
|
||
|
|
||
|
void ast_uuid_init(void)
|
||
|
{
|
||
|
/* This requires some explanation.
|
||
|
*
|
||
|
* libuuid generates UUIDs based on random number generation. This involves
|
||
|
* opening a handle to /dev/urandom or /dev/random in order to get random
|
||
|
* data for the UUIDs.
|
||
|
*
|
||
|
* This is thread-safe, to a point. The problem is that the first attempt
|
||
|
* to generate a UUID will result in opening the random number handle. Once
|
||
|
* the handle is opened, all further generation is thread safe. This
|
||
|
* first generation can be potentially risky if multiple threads attempt
|
||
|
* to generate a UUID at the same time, though, since there is no thread
|
||
|
* synchronization used within libuuid. To get around this potential
|
||
|
* issue, we go ahead and generate a UUID up front so that the underlying
|
||
|
* work is done before we start requesting UUIDs for real.
|
||
|
*
|
||
|
* Think of this along the same lines as initializing a singleton.
|
||
|
*/
|
||
|
uuid_t uu;
|
||
|
int dev_urandom_fd;
|
||
|
|
||
|
dev_urandom_fd = open("/dev/urandom", O_RDONLY);
|
||
|
if (dev_urandom_fd < 0) {
|
||
|
ast_log(LOG_WARNING, "It appears your system does not have /dev/urandom on it. This\n"
|
||
|
"means that UUID generation will use a pseudorandom number generator. Since\n"
|
||
|
"the thread-safety of your system's random number generator cannot\n"
|
||
|
"be guaranteed, we have to synchronize UUID generation. This may result\n"
|
||
|
"in decreased performance. It is highly recommended that you set up your\n"
|
||
|
"system to have /dev/urandom\n");
|
||
|
} else {
|
||
|
has_dev_urandom = 1;
|
||
|
close(dev_urandom_fd);
|
||
|
}
|
||
|
uuid_generate_random(uu);
|
||
|
|
||
|
ast_debug(1, "UUID system initiated\n");
|
||
|
}
|