Attachment #29330 for bug #53830

View | Details | Raw Unified | Return to bug 53830
Collapse All | Expand All





    // ----------------------------------------------------- Instance Variables

    private static final String devRandomSourceDefault;
    static {
        // - Use the default value only if it is a Unix-like system
        // - Check that it exists 
        File f = new File("/dev/urandom");
        if (f.isAbsolute() && f.exists()) {
            devRandomSourceDefault = f.getPath();
        } else {
            devRandomSourceDefault = null;
        }
    }

    protected DataInputStream randomIS=null;
    protected String devRandomSource = devRandomSourceDefault;

    /**
     * The default message digest algorithm to use if we cannot use



    private class PrivilegedSetRandomFile
            implements PrivilegedAction<Void>{

        private final String s;

        public PrivilegedSetRandomFile(String s) {
            this.s = s;
        }

        public Void run(){
            doSetRandomFile(s);
            return null;
                if( ! f.exists() ) return null;
                randomIS= new DataInputStream( new FileInputStream(f));
                randomIS.readLong();
                if( log.isDebugEnabled() )
                    log.debug( "Opening " + devRandomSource );
                return randomIS;
            } catch (IOException ex){
                log.warn("Error reading " + devRandomSource, ex);
                if (randomIS != null) {
                    try {
                        randomIS.close();
                    } catch (Exception e) {
                        log.warn("Failed to close randomIS.");
                    }
                }
                devRandomSource = null;
                randomIS=null;
                return null;
            }
        }
    }


        // as a hack, you can use a static file - and generate the same
        // session ids ( good for strange debugging )
        if (Globals.IS_SECURITY_ENABLED){
            AccessController.doPrivileged(new PrivilegedSetRandomFile(s));
        } else {
            doSetRandomFile(s);
        }
    }

    private void doSetRandomFile(String s) {
        DataInputStream is = null;
        try {
            if (s == null || s.length() == 0) {
                return;
            }
            File f = new File(s);
            if( ! f.exists() ) return;
            if( log.isDebugEnabled() ) {
                log.debug( "Opening " + s );
            }
            is = new DataInputStream( new FileInputStream(f));
            is.readLong();
        } catch( IOException ex ) {
            log.warn("Error reading " + s, ex);
            if (is != null) {
                try {
                    is.close();
                } catch (Exception ex2) {
                    log.warn("Failed to close " + s, ex2);
                }
                is = null;
            }
        } finally {
            DataInputStream oldIS = randomIS;
            if (is != null) {
                devRandomSource = s;
            } else {
                devRandomSource = null;
                randomIS=null;
            }
            randomIS = is;
            if (oldIS != null) {
                try {
                    oldIS.close();
                } catch (Exception ex) {
                    log.warn("Failed to close RandomIS", ex);
                }
            }
        }
    }


Lines 157-162 Link Here

(-)webapps/docs/config/manager.xml (+14 lines)
157	<code>java.security.SecureRandom</code>.</p>	157	<code>java.security.SecureRandom</code>.</p>
158	</attribute>	158	</attribute>
159		159
		160	<attribute name="randomFile" required="false">
		161	<p>Name of a file that provides random data that are used to generate
		162	session ids. If not specified, the default value is
		163	<code>/dev/urandom</code> on Unix-like systems (those where such
		164	file path is absolute) and empty on others.</p>
		165	</attribute>
		166
160	<attribute name="sessionIdLength" required="false">	167	<attribute name="sessionIdLength" required="false">
161	<p>The length of session ids created by this Manager, measured in bytes,	168	<p>The length of session ids created by this Manager, measured in bytes,
162	excluding subsequent conversion to a hexadecimal string and	169	excluding subsequent conversion to a hexadecimal string and
Lines 265-270 Link Here
265	<code>java.security.SecureRandom</code>.</p>	272	<code>java.security.SecureRandom</code>.</p>
266	</attribute>	273	</attribute>
267		274
		275	<attribute name="randomFile" required="false">
		276	<p>Name of a file that provides random data that are used to generate
		277	session ids. If not specified, the default value is
		278	<code>/dev/urandom</code> on Unix-like systems (those where such
		279	file path is absolute) and empty on others.</p>
		280	</attribute>
		281
268	<attribute name="saveOnRestart" required="false">	282	<attribute name="saveOnRestart" required="false">
269	<p>Should all sessions be persisted and reloaded when Tomcat is shut	283	<p>Should all sessions be persisted and reloaded when Tomcat is shut
270	down and restarted (or when this application is reloaded)? By default,	284	down and restarted (or when this application is reloaded)? By default,

Return to bug 53830

Lines 75-82 Link Here

(-)java/org/apache/catalina/session/ManagerBase.java (-45 / +62 lines)
75		75
76	// ----------------------------------------------------- Instance Variables	76	// ----------------------------------------------------- Instance Variables
77		77
		78	private static final String devRandomSourceDefault;
		79	static {
		80	// - Use the default value only if it is a Unix-like system
		81	// - Check that it exists
		82	File f = new File("/dev/urandom");
		83	if (f.isAbsolute() && f.exists()) {
		84	devRandomSourceDefault = f.getPath();
		85	} else {
		86	devRandomSourceDefault = null;
		87	}
		88	}
		89
78	protected DataInputStream randomIS=null;	90	protected DataInputStream randomIS=null;
79	protected String devRandomSource="/dev/urandom";	91	protected String devRandomSource = devRandomSourceDefault;
80		92
81	/**	93	/**
82	* The default message digest algorithm to use if we cannot use	94	* The default message digest algorithm to use if we cannot use
Lines 238-271 Link Here
238		250
239		251
240	private class PrivilegedSetRandomFile	252	private class PrivilegedSetRandomFile
241	implements PrivilegedAction<DataInputStream>{	253	implements PrivilegedAction<Void>{
242		254
		255	private final String s;
		256
243	public PrivilegedSetRandomFile(String s) {	257	public PrivilegedSetRandomFile(String s) {
244	devRandomSource = s;	258	this.s = s;
245	}	259	}
246		260
247	public DataInputStream run(){	261	public Void run(){
248	try {	262	doSetRandomFile(s);
249	File f=new File( devRandomSource );	263	return null;
250	if( ! f.exists() ) return null;
251	randomIS= new DataInputStream( new FileInputStream(f));
252	randomIS.readLong();
253	if( log.isDebugEnabled() )
254	log.debug( "Opening " + devRandomSource );
255	return randomIS;
256	} catch (IOException ex){
257	log.warn("Error reading " + devRandomSource, ex);
258	if (randomIS != null) {
259	try {
260	randomIS.close();
261	} catch (Exception e) {
262	log.warn("Failed to close randomIS.");
263	}
264	}
265	devRandomSource = null;
266	randomIS=null;
267	return null;
268	}
269	}	264	}
270	}	265	}
271		266
Lines 544-571 Link Here
544	// as a hack, you can use a static file - and generate the same	539	// as a hack, you can use a static file - and generate the same
545	// session ids ( good for strange debugging )	540	// session ids ( good for strange debugging )
546	if (Globals.IS_SECURITY_ENABLED){	541	if (Globals.IS_SECURITY_ENABLED){
547	randomIS = AccessController.doPrivileged(new PrivilegedSetRandomFile(s));	542	AccessController.doPrivileged(new PrivilegedSetRandomFile(s));
548	} else {	543	} else {
549	try{	544	doSetRandomFile(s);
550	devRandomSource=s;	545	}
551	File f=new File( devRandomSource );	546	}
552	if( ! f.exists() ) return;	547
553	randomIS= new DataInputStream( new FileInputStream(f));	548	private void doSetRandomFile(String s) {
554	randomIS.readLong();	549	DataInputStream is = null;
555	if( log.isDebugEnabled() )	550	try {
556	log.debug( "Opening " + devRandomSource );	551	if (s == null \|\| s.length() == 0) {
557	} catch( IOException ex ) {	552	return;
558	log.warn("Error reading " + devRandomSource, ex);	553	}
559	if (randomIS != null) {	554	File f = new File(s);
560	try {	555	if( ! f.exists() ) return;
561	randomIS.close();	556	if( log.isDebugEnabled() ) {
562	} catch (Exception e) {	557	log.debug( "Opening " + s );
563	log.warn("Failed to close randomIS.");	558	}
564	}	559	is = new DataInputStream( new FileInputStream(f));
		560	is.readLong();
		561	} catch( IOException ex ) {
		562	log.warn("Error reading " + s, ex);
		563	if (is != null) {
		564	try {
		565	is.close();
		566	} catch (Exception ex2) {
		567	log.warn("Failed to close " + s, ex2);
565	}	568	}
		569	is = null;
		570	}
		571	} finally {
		572	DataInputStream oldIS = randomIS;
		573	if (is != null) {
		574	devRandomSource = s;
		575	} else {
566	devRandomSource = null;	576	devRandomSource = null;
567	randomIS=null;
568	}	577	}
		578	randomIS = is;
		579	if (oldIS != null) {
		580	try {
		581	oldIS.close();
		582	} catch (Exception ex) {
		583	log.warn("Failed to close RandomIS", ex);
		584	}
		585	}
569	}	586	}
570	}	587	}
571		588