-static int userdb_thread_sockaddr(struct sockaddr_un *ret_sa, socklen_t *ret_salen) {
- static const uint8_t
- k1[16] = { 0x35, 0xc1, 0x1f, 0x41, 0x59, 0xc6, 0xa0, 0xf9, 0x33, 0x4b, 0x17, 0x3d, 0xb9, 0xf6, 0x14, 0xd9 },
- k2[16] = { 0x6a, 0x11, 0x4c, 0x37, 0xe5, 0xa3, 0x8c, 0xa6, 0x93, 0x55, 0x64, 0x8c, 0x93, 0xee, 0xa1, 0x7b };
-
- struct siphash sh;
- uint64_t x, y;
- pid_t tid;
- void *p;
-
- assert(ret_sa);
- assert(ret_salen);
-
- /* This calculates an AF_UNIX socket address in the abstract namespace whose existence works as an
- * indicator whether to emulate NSS records for complex user records that are also available via the
- * varlink protocol. The name of the socket is picked in a way so that:
- *
- * → it is per-thread (by hashing from the TID)
- *
- * → is not guessable for foreign processes (by hashing from the — hopefully secret — AT_RANDOM
- * value every process gets passed from the kernel
- *
- * By using a socket the NSS emulation can be nicely turned off for limited amounts of time only,
- * simply controlled by the lifetime of the fd itself. By using an AF_UNIX socket in the abstract
- * namespace the lock is automatically cleaned up when the process dies abnormally.
- *
- */
-
- p = ULONG_TO_PTR(getauxval(AT_RANDOM));
- if (!p)
- return -EIO;
-
- tid = gettid();
-
- siphash24_init(&sh, k1);
- siphash24_compress(p, 16, &sh);
- siphash24_compress(&tid, sizeof(tid), &sh);
- x = siphash24_finalize(&sh);
-
- siphash24_init(&sh, k2);
- siphash24_compress(p, 16, &sh);
- siphash24_compress(&tid, sizeof(tid), &sh);
- y = siphash24_finalize(&sh);
-
- *ret_sa = (struct sockaddr_un) {
- .sun_family = AF_UNIX,
- };