TAO::SSLIOP::Acceptor Class Reference

The SSLIOP-specific bridge class for the concrete acceptor. More...

#include <SSLIOP_Acceptor.h>

Inheritance diagram for TAO::SSLIOP::Acceptor:

[legend]Collaboration diagram for TAO::SSLIOP::Acceptor:

[legend]List of all members.

Public Types
typedef ACE_Strategy_Acceptor< Connection_Handler, ACE_SSL_SOCK_ACCEPTOR >	BASE_ACCEPTOR
typedef TAO_Creation_Strategy< Connection_Handler >	CREATION_STRATEGY
typedef TAO_Concurrency_Strategy< Connection_Handler >	CONCURRENCY_STRATEGY
typedef Accept_Strategy	ACCEPT_STRATEGY
Public Member Functions
	Acceptor (::Security::QOP qop, const ACE_Time_Value &timeout)
	Constructor.
	~Acceptor (void)
	Destructor.
const::SSLIOP::SSL &	ssl_component (void) const
The TAO_Acceptor Methods
Check the documentation in tao/Pluggable.h for details.
virtual int	open (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *address, const char *options=0)
virtual int	open_default (TAO_ORB_Core *orb_core, ACE_Reactor *reactor, int version_major, int version_minor, const char *options=0)
virtual int	close (void)
virtual int	create_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority)
virtual int	is_collocated (const TAO_Endpoint *endpoint)
Private Member Functions
int	ssliop_open_i (TAO_ORB_Core *orb_core, const ACE_INET_Addr &addr, ACE_Reactor *reactor)
	Implement the common part of the open*() methods.
virtual int	parse_options_i (int &argc, ACE_CString **argv)
	Parse protocol specific options.
int	verify_secure_configuration (TAO_ORB_Core *orb_core, int major, int minor)
int	create_new_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority)
int	create_shared_profile (const TAO::ObjectKey &object_key, TAO_MProfile &mprofile, CORBA::Short priority)
Private Attributes
BASE_ACCEPTOR	ssl_acceptor_
	The concrete acceptor, as a pointer to it's base class.
Acceptor Strategies
Strategies used when accepting an incoming connection.
CREATION_STRATEGY *	creation_strategy_
CONCURRENCY_STRATEGY *	concurrency_strategy_
ACCEPT_STRATEGY *	accept_strategy_
::SSLIOP::SSL	ssl_component_
	The CSIv1 SSL component.
CSIIOP::TLS_SEC_TRANS	csiv2_component_
	The SSLIOP CSIv2 tagged component.
const ACE_Time_Value	timeout_
	The accept() timeout.

---

Detailed Description

The SSLIOP-specific bridge class for the concrete acceptor.

Definition at line 48 of file SSLIOP_Acceptor.h.

---

Member Typedef Documentation

typedef Accept_Strategy TAO::SSLIOP::Acceptor::ACCEPT_STRATEGY

Reimplemented from TAO_IIOP_Acceptor. Definition at line 63 of file SSLIOP_Acceptor.h.

typedef ACE_Strategy_Acceptor<Connection_Handler, ACE_SSL_SOCK_ACCEPTOR> TAO::SSLIOP::Acceptor::BASE_ACCEPTOR

Reimplemented from TAO_IIOP_Acceptor. Definition at line 60 of file SSLIOP_Acceptor.h.

typedef TAO_Concurrency_Strategy<Connection_Handler> TAO::SSLIOP::Acceptor::CONCURRENCY_STRATEGY

Reimplemented from TAO_IIOP_Acceptor. Definition at line 62 of file SSLIOP_Acceptor.h.

typedef TAO_Creation_Strategy<Connection_Handler> TAO::SSLIOP::Acceptor::CREATION_STRATEGY

Reimplemented from TAO_IIOP_Acceptor. Definition at line 61 of file SSLIOP_Acceptor.h.

---

Constructor & Destructor Documentation

TAO_BEGIN_VERSIONED_NAMESPACE_DECL TAO::SSLIOP::Acceptor::Acceptor (  ::Security::QOP  qop, const ACE_Time_Value &  timeout )

Constructor. Definition at line 22 of file SSLIOP_Acceptor.cpp. References ACE_SET_BITS, csiv2_component_, SSLIOP::SSL::port, ssl_component_, SSLIOP::SSL::target_requires, and SSLIOP::SSL::target_supports. : TAO::IIOP_SSL_Acceptor (), ssl_acceptor_ (), creation_strategy_ (0), concurrency_strategy_ (0), accept_strategy_ (0), timeout_ (timeout) { // --- CSIv1 --- // Clear all bits in the SSLIOP::SSL association option fields. this->ssl_component_.target_supports = 0; this->ssl_component_.target_requires = 0; // SSLIOP requires these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_requires, ::Security::Integrity | ::Security::Confidentiality | ::Security::NoDelegation); // SSLIOP supports these Security::AssociationOptions by default. ACE_SET_BITS (this->ssl_component_.target_supports, ::Security::Integrity | ::Security::Confidentiality | ::Security::EstablishTrustInTarget | ::Security::NoDelegation); // Initialize the default SSL port to zero (wild card port). this->ssl_component_.port = 0; // @@ This should go away once we support setting security // association options through policies. if (qop == ::Security::SecQOPNoProtection) ACE_SET_BITS (this->ssl_component_.target_supports, ::Security::NoProtection); // --- CSIv2 --- // Clear all bits in the CSIIOP::TLS_SEC_TRANS association option // fields. this->csiv2_component_.target_supports = 0; this->csiv2_component_.target_requires = 0; // SSLIOP requires these CSIIOP::AssociationOptions by default. ACE_SET_BITS (this->csiv2_component_.target_requires, CSIIOP::Integrity | CSIIOP::Confidentiality | CSIIOP::NoDelegation); // SSLIOP supports these CSIIOP::AssociationOptions by default. ACE_SET_BITS (this->csiv2_component_.target_supports, CSIIOP::Integrity | CSIIOP::Confidentiality | CSIIOP::EstablishTrustInTarget | CSIIOP::NoDelegation); // @@ This should go away once we support setting security // association options through policies. if (qop == CSIIOP::NoProtection) ACE_SET_BITS (this->csiv2_component_.target_supports, CSIIOP::NoProtection); }

TAO::SSLIOP::Acceptor::~Acceptor (  void   )

Destructor. Definition at line 87 of file SSLIOP_Acceptor.cpp. References close(). { // Make sure we are closed before we start destroying the // strategies. this->close (); delete this->creation_strategy_; delete this->concurrency_strategy_; delete this->accept_strategy_; }

---

Member Function Documentation

int TAO::SSLIOP::Acceptor::close (  void   )  [virtual]

Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 356 of file SSLIOP_Acceptor.cpp. References ssl_acceptor_. Referenced by ~Acceptor(). { int r = this->ssl_acceptor_.close (); if (this->IIOP_SSL_Acceptor::close () != 0) r = -1; return r; }

int TAO::SSLIOP::Acceptor::create_new_profile (  const TAO::ObjectKey &  object_key, TAO_MProfile &  mprofile, CORBA::Short  priority )  [private]

Helper method to add a new profile to the mprofile for each endpoint. Reimplemented from TAO_IIOP_Acceptor. Definition at line 120 of file SSLIOP_Acceptor.cpp. References TAO_Profile::_decr_refcnt(), ACE_NEW_RETURN, ACE_OutputCDR::begin(), IOP::TaggedComponent::component_data, ACE_Message_Block::cont(), TAO_SSLIOP_Profile::endpoint(), TAO::unbounded_value_sequence< T >::get_buffer(), TAO_MProfile::give_profile(), TAO_MProfile::grow(), ACE_Message_Block::length(), TAO::unbounded_value_sequence< T >::length(), ACE_OS::memcpy(), TAO_Endpoint::priority(), TAO_MProfile::profile_count(), ACE_Message_Block::rd_ptr(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_Tagged_Components::set_orb_type(), TAO_MProfile::size(), ssl_component_, IOP::TaggedComponent::tag, TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, and ACE_OutputCDR::total_length(). Referenced by create_profile(). { // Adding this->endpoint_count_ to the TAO_MProfile. const int count = mprofile.profile_count (); if ((mprofile.size () - count) < this->endpoint_count_ && mprofile.grow (count + this->endpoint_count_) == -1) return -1; // Create a profile for each acceptor endpoint. for (size_t i = 0; i < this->endpoint_count_; ++i) { TAO_SSLIOP_Profile *pfile = 0; // @@ We need to create an SSLIOP::SSL component for the object // we're creating an MProfile for. This will allow us to // properly embed secure invocation policies in the generated // IOR, i.e. secure invocation policies on a per-object // basis, rather than on a per-endpoint basis. If no secure // invocation policies have been set then we should use the // below default SSLIOP::SSL component. ACE_NEW_RETURN (pfile, TAO_SSLIOP_Profile (this->hosts_[i], this->addrs_[i].get_port_number (), object_key, this->addrs_[i], this->version_, this->orb_core_, &(this->ssl_component_)), -1); pfile->endpoint ()->priority (priority); if (mprofile.give_profile (pfile) == -1) { pfile->_decr_refcnt (); pfile = 0; return -1; } if (this->orb_core_->orb_params ()->std_profile_components () == 0) continue; pfile->tagged_components ().set_orb_type (TAO_ORB_TYPE); TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); if (csm) csm->set_codeset (pfile->tagged_components()); IOP::TaggedComponent component; component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); // @@ We need to create an SSLIOP::SSL component for the object // we're creating an MProfile for. This will allow us to // properly embed secure invocation policies in the generated // IOR, i.e. secure invocation policies on a per-object // basis, rather than on a per-endpoint basis. If no secure // invocation policies have been set then we should use the // below default SSLIOP::SSL component. cdr << this->ssl_component_; // TAO extension, replace the contents of the octet sequence with // the CDR stream const CORBA::ULong length = cdr.total_length (); component.component_data.length (length); CORBA::Octet *buf = component.component_data.get_buffer (); for (const ACE_Message_Block *i = cdr.begin (); i != 0; i = i->cont ()) { ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); buf += i->length (); } pfile->tagged_components ().set_component (component); } return 0; }

int TAO::SSLIOP::Acceptor::create_profile (  const TAO::ObjectKey &  object_key, TAO_MProfile &  mprofile, CORBA::Short  priority )  [virtual]

Reimplemented from TAO_IIOP_Acceptor. Definition at line 99 of file SSLIOP_Acceptor.cpp. References create_new_profile(), create_shared_profile(), and TAO_INVALID_PRIORITY. { // Sanity check. if (this->endpoint_count_ == 0) return -1; // Check if multiple endpoints should be put in one profile or // if they should be spread across multiple profiles. if (priority == TAO_INVALID_PRIORITY) return this->create_new_profile (object_key, mprofile, priority); else return this->create_shared_profile (object_key, mprofile, priority); }

int TAO::SSLIOP::Acceptor::create_shared_profile (  const TAO::ObjectKey &  object_key, TAO_MProfile &  mprofile, CORBA::Short  priority )  [private]

Helper method to create a profile that contains all of our endpoints. Reimplemented from TAO_IIOP_Acceptor. Definition at line 206 of file SSLIOP_Acceptor.cpp. References TAO_Profile::_decr_refcnt(), ACE_NEW_RETURN, TAO_SSLIOP_Profile::add_endpoint(), ACE_OutputCDR::begin(), IOP::TaggedComponent::component_data, ACE_Message_Block::cont(), TAO_SSLIOP_Profile::endpoint(), TAO::unbounded_value_sequence< T >::get_buffer(), TAO_MProfile::get_profile(), TAO_MProfile::give_profile(), TAO_SSLIOP_Endpoint::iiop_endpoint(), ACE_Message_Block::length(), TAO::unbounded_value_sequence< T >::length(), ACE_OS::memcpy(), TAO_Endpoint::priority(), TAO_MProfile::profile_count(), ACE_Message_Block::rd_ptr(), TAO_Codeset_Manager::set_codeset(), TAO_Tagged_Components::set_component(), TAO_Tagged_Components::set_orb_type(), ssl_component_, IOP::TaggedComponent::tag, TAO_Profile::tag(), TAO_Profile::tagged_components(), TAO_ENCAP_BYTE_ORDER, TAO_ORB_TYPE, TAO_PHandle, and ACE_OutputCDR::total_length(). Referenced by create_profile(). { size_t index = 0; TAO_Profile *pfile = 0; TAO_SSLIOP_Profile *ssliop_profile = 0; // First see if <mprofile> already contains a SSLIOP profile. for (TAO_PHandle i = 0; i != mprofile.profile_count (); ++i) { pfile = mprofile.get_profile (i); if (pfile->tag () == IOP::TAG_INTERNET_IOP) { ssliop_profile = dynamic_cast<TAO_SSLIOP_Profile *> (pfile); if (ssliop_profile == 0) return -1; break; } } // If <mprofile> doesn't contain SSLIOP_Profile, we need to create // one. if (ssliop_profile == 0) { // @@ We need to create an SSLIOP::SSL component for the object // we're creating an MProfile for. This will allow us to // properly embed secure invocation policies in the generated // IOR, i.e. secure invocation policies on a per-object // basis, rather than on a per-endpoint basis. If no secure // invocation policies have been set then we should use the // below default SSLIOP::SSL component. ACE_NEW_RETURN (ssliop_profile, TAO_SSLIOP_Profile (this->hosts_[0], this->addrs_[0].get_port_number (), object_key, this->addrs_[0], this->version_, this->orb_core_, &(this->ssl_component_)), -1); TAO_SSLIOP_Endpoint *ssliop_endp = dynamic_cast<TAO_SSLIOP_Endpoint *> (ssliop_profile->endpoint ()); ssliop_endp->priority (priority); ssliop_endp->iiop_endpoint ()->priority (priority); if (mprofile.give_profile (ssliop_profile) == -1) { ssliop_profile->_decr_refcnt (); ssliop_profile = 0; return -1; } if (this->orb_core_->orb_params ()->std_profile_components () != 0) { ssliop_profile->tagged_components ().set_orb_type (TAO_ORB_TYPE); TAO_Codeset_Manager *csm = this->orb_core_->codeset_manager(); if (csm) csm->set_codeset(ssliop_profile->tagged_components()); IOP::TaggedComponent component; component.tag = ::SSLIOP::TAG_SSL_SEC_TRANS; // @@???? Check this code, only intended as guideline... TAO_OutputCDR cdr; cdr << TAO_OutputCDR::from_boolean (TAO_ENCAP_BYTE_ORDER); // @@ We need to create an SSLIOP::SSL component for the // object we're creating an MProfile for. This will // allow us to properly embed secure invocation policies // in the generated IOR, i.e. secure invocation policies // on a per-object basis, rather than on a per-endpoint // basis. If no secure invocation policies have been set // then we should use the below default SSLIOP::SSL // component. cdr << this->ssl_component_; // TAO extension, replace the contents of the octet sequence with // the CDR stream CORBA::ULong length = cdr.total_length (); component.component_data.length (length); CORBA::Octet *buf = component.component_data.get_buffer (); for (const ACE_Message_Block *i = cdr.begin (); i != 0; i = i->cont ()) { ACE_OS::memcpy (buf, i->rd_ptr (), i->length ()); buf += i->length (); } ssliop_profile->tagged_components ().set_component (component); } index = 1; } // Add any remaining endpoints to the SSLIOP_Profile. for (; index < this->endpoint_count_; ++index) { TAO_SSLIOP_Endpoint *ssl_endp = 0; TAO_IIOP_Endpoint *iiop_endp = 0; ACE_NEW_RETURN (iiop_endp, TAO_IIOP_Endpoint (this->hosts_[index], this->addrs_[index].get_port_number (), this->addrs_[index]), -1); iiop_endp->priority (priority); ACE_NEW_RETURN (ssl_endp, TAO_SSLIOP_Endpoint (&(this->ssl_component_), iiop_endp), -1); ssl_endp->priority (priority); ssliop_profile->add_endpoint (ssl_endp); } return 0; }

int TAO::SSLIOP::Acceptor::is_collocated (  const TAO_Endpoint *  endpoint  )  [virtual]

Reimplemented from TAO_IIOP_Acceptor. Definition at line 331 of file SSLIOP_Acceptor.cpp. References TAO_SSLIOP_Endpoint::iiop_endpoint(), and TAO_IIOP_Endpoint::object_addr(). { const TAO_SSLIOP_Endpoint *endp = dynamic_cast<const TAO_SSLIOP_Endpoint *> (endpoint); // Make sure the dynamically cast pointer is valid. if (endp == 0) return 0; for (size_t i = 0; i < this->endpoint_count_; ++i) { // @@ TODO The following code looks funky, why only the address // is compared? What about the IIOP address? Why force a // DNS lookup every time an SSLIOP object is decoded: // // http://deuce.doc.wustl.edu/bugzilla/show_bug.cgi?id=1220 // if (endp->iiop_endpoint ()->object_addr () == this->addrs_[i]) return 1; // Collocated } return 0; // Not collocated }

int TAO::SSLIOP::Acceptor::open (  TAO_ORB_Core *  orb_core, ACE_Reactor *  reactor, int  version_major, int  version_minor, const char *  address, const char *  options = 0 )  [virtual]

Reimplemented from TAO_IIOP_Acceptor. Definition at line 366 of file SSLIOP_Acceptor.cpp. References ACE_CString, TAO_IIOP_Acceptor::parse_address(), ACE_INET_Addr::set_port_number(), ssliop_open_i(), and verify_secure_configuration(). { // Ensure that neither the endpoint configuration nor the ORB // configuration violate security measures. if (this->verify_secure_configuration (orb_core, major, minor) != 0) return -1; ACE_INET_Addr addr; ACE_CString specified_hostname; if (this->parse_address (address, addr, specified_hostname) == -1) return -1; // Open the non-SSL enabled endpoints, then open the SSL enabled // endpoints. if (this->IIOP_SSL_Acceptor::open (orb_core, reactor, major, minor, address, options) != 0) return -1; // The SSL port is set in the parse_options() method. All we have // to do is call open_i() addr.set_port_number (this->ssl_component_.port); return this->ssliop_open_i (orb_core, addr, reactor); }

int TAO::SSLIOP::Acceptor::open_default (  TAO_ORB_Core *  orb_core, ACE_Reactor *  reactor, int  version_major, int  version_minor, const char *  options = 0 )  [virtual]

Reimplemented from TAO_IIOP_Acceptor. Definition at line 405 of file SSLIOP_Acceptor.cpp. References ACE_INET_Addr::set(), ssliop_open_i(), and verify_secure_configuration(). { // Ensure that neither the endpoint configuration nor the ORB // configuration violate security measures. if (this->verify_secure_configuration (orb_core, major, minor) != 0) return -1; // Open the non-SSL enabled endpoints, then open the SSL enabled // endpoints. if (this->IIOP_SSL_Acceptor::open_default (orb_core, reactor, major, minor, options) == -1) return -1; // Now that each network interface's hostname has been cached, open // an endpoint on each network interface using the INADDR_ANY // address. ACE_INET_Addr addr; // this->ssl_component_.port is initialized to zero or it is set in // this->parse_options(). if (addr.set (this->ssl_component_.port, static_cast<ACE_UINT32> (INADDR_ANY), 1) != 0) return -1; return this->ssliop_open_i (orb_core, addr, reactor); }

int TAO::SSLIOP::Acceptor::parse_options_i (  int &  argc, ACE_CString **  argv )  [private, virtual]

Parse protocol specific options. Reimplemented from TAO_IIOP_Acceptor. Definition at line 576 of file SSLIOP_Acceptor.cpp. References ACE_CString, ACE_ERROR_RETURN, ACE_TEXT(), ACE_OS::atoi(), LM_ERROR, SSLIOP::SSL::port, ssl_component_, and ACE_OS::strcmp(). { //first, do the base class parser, then parse the leftovers. int result = this->IIOP_SSL_Acceptor::parse_options_i(argc,argv); if (result == -1) return result; // then parse out our own options. int i = 0; while (i < argc) { // since the base class has already iterated over the list once, // it has vound any ill-formed options. Therefore we don't need // to do that again here. int slot = argv[i]->find ("="); ACE_CString name = argv[i]->substring (0, slot); ACE_CString value = argv[i]->substring (slot + 1); if (name == "priority") { ACE_ERROR_RETURN ((LM_ERROR, ACE_TEXT ("TAO (%P|%t) Invalid SSLIOP endpoint format: ") ACE_TEXT ("endpoint priorities no longer supported. \n"), value.c_str ()), -1); } else if (ACE_OS::strcmp (name.c_str (), "ssl_port") == 0) { int ssl_port = ACE_OS::atoi (value.c_str ()); if (ssl_port >= 0 && ssl_port < 65536) this->ssl_component_.port = ssl_port; else ACE_ERROR_RETURN ((LM_ERROR, ACE_TEXT ("TAO (%P|%t) Invalid ") ACE_TEXT ("IIOP/SSL endpoint ") ACE_TEXT ("port: <%s>\n"), value.c_str ()), -1); } else { // the name is not known, skip to the next option i++; continue; } // at the end, we've consumed this argument. Shift the list and // put this one on the end. This technique has the effect of // putting them in reverse order, but that doesn't matter, since // these arguments are only whole strings. argc--; ACE_CString *temp = argv[i]; for (int j = i; j <= argc-1; j++) argv[j] = argv[j+1]; argv[argc] = temp; } return 0; }

TAO_BEGIN_VERSIONED_NAMESPACE_DECL ACE_INLINE const SSLIOP::SSL & TAO::SSLIOP::Acceptor::ssl_component (  void   )  const

Retrieve the CSIv1 SSLIOP::SSL component associated with the endpoints set up by this acceptor. Definition at line 9 of file SSLIOP_Acceptor.i. References ssl_component_. Referenced by TAO::SSLIOP::Transport::get_listen_point(). { return this->ssl_component_; }

int TAO::SSLIOP::Acceptor::ssliop_open_i (  TAO_ORB_Core *  orb_core, const ACE_INET_Addr &  addr, ACE_Reactor *  reactor )  [private]

Implement the common part of the open*() methods. Definition at line 445 of file SSLIOP_Acceptor.cpp. References ACE_CLOEXEC, ACE_DEBUG, ACE_MAX_DEFAULT_PORT, ACE_NEW_RETURN, ACE_TEXT(), ACE_INET_Addr::get_port_number(), LM_DEBUG, SSLIOP::SSL::port, ACE_INET_Addr::set_port_number(), ssl_acceptor_, ssl_component_, and TAO_debug_level. Referenced by open(), and open_default(). { this->orb_core_ = orb_core; // Explicitly disable GIOPlite support since it introduces security // holes. static const int giop_lite = 0; ACE_NEW_RETURN (this->creation_strategy_, CREATION_STRATEGY (this->orb_core_, giop_lite), -1); ACE_NEW_RETURN (this->concurrency_strategy_, CONCURRENCY_STRATEGY (this->orb_core_), -1); ACE_NEW_RETURN (this->accept_strategy_, ACCEPT_STRATEGY (this->orb_core_, this->timeout_), -1); u_short requested_port = addr.get_port_number (); if (requested_port == 0) { // don't care, i.e., let the OS choose an ephemeral port if (this->ssl_acceptor_.open (addr, reactor, this->creation_strategy_, this->accept_strategy_, this->concurrency_strategy_, 0, 0, 0, 1, this->reuse_addr_) == -1) { if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, ACE_TEXT ("\n\nTAO (%P|%t) ") ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), ACE_TEXT ("cannot open acceptor"))); return -1; } } else { ACE_INET_Addr a(addr); int found_a_port = 0; ACE_UINT32 last_port = requested_port + this->port_span_ - 1; if (last_port > ACE_MAX_DEFAULT_PORT) { last_port = ACE_MAX_DEFAULT_PORT; } for (ACE_UINT32 p = requested_port; p <= last_port; p++) { if (TAO_debug_level > 5) ACE_DEBUG ((LM_DEBUG, ACE_TEXT ("TAO (%P|%t) IIOP_Acceptor::open_i() ") ACE_TEXT ("trying to listen on port %d\n"), p)); // Now try to actually open on that port a.set_port_number ((u_short)p); if (this->ssl_acceptor_.open (a, reactor, this->creation_strategy_, this->accept_strategy_, this->concurrency_strategy_, 0, 0, 0, 1, this->reuse_addr_) != -1) { found_a_port = 1; break; } } // Now, if we couldn't locate a port, we punt if (! found_a_port) { if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, ACE_TEXT ("\n\nTAO (%P|%t) ") ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), ACE_TEXT ("cannot open acceptor"))); return -1; } } ACE_INET_Addr ssl_address; // We do this to make sure the port number the endpoint is listening // on gets set in the addr. if (this->ssl_acceptor_.acceptor ().get_local_addr (ssl_address) != 0) { // @@ Should this be a catastrophic error??? if (TAO_debug_level > 0) ACE_DEBUG ((LM_DEBUG, ACE_TEXT ("\n\nTAO (%P|%t) ") ACE_TEXT ("SSLIOP_Acceptor::open_i - %p\n\n"), ACE_TEXT ("cannot get local addr"))); return -1; } // Reset the SSL endpoint port to the one chosen by the OS (or by // the user if provided. this->ssl_component_.port = ssl_address.get_port_number (); (void) this->ssl_acceptor_.acceptor().enable (ACE_CLOEXEC); // This avoids having child processes acquire the listen socket // thereby denying the server the opportunity to restart on a // well-known endpoint. This does not affect the aberrent behavior // on Win32 platforms. if (TAO_debug_level > 5) { for (size_t i = 0; i < this->endpoint_count_; ++i) { ACE_DEBUG ((LM_DEBUG, ACE_TEXT ("TAO (%P|%t) ") ACE_TEXT ("SSLIOP_Acceptor::open_i - ") ACE_TEXT ("listening on: <%s:%u>\n"), this->hosts_[i], this->ssl_component_.port)); } } return 0; }

int TAO::SSLIOP::Acceptor::verify_secure_configuration (  TAO_ORB_Core *  orb_core, int  major, int  minor )  [private]

Ensure that neither the endpoint configuration nor the ORB configuration violate security measures. Definition at line 637 of file SSLIOP_Acceptor.cpp. References ACE_BIT_DISABLED, ACE_ERROR, ACE_TEXT(), LM_ERROR, TAO_ORB_Core::orb_params(), TAO_ORB_Parameters::std_profile_components(), and TAO_debug_level. Referenced by open(), and open_default(). { // Sanity check. if (major < 1) { // There is no such thing as IIOP 0.x. errno = EINVAL; return -1; } // In order to support a secure connection, the SSLIOP::SSL tagged // component must be embedded in the IOR. This isn't possible if // the user elects to disable standard profile components. // Similarly, IIOP 1.0 does not support tagged components, which // makes it impossible to embed the SSLIOP::SSL tagged component // within the IOR. If the given object explicitly disallows // insecure invocations and standard profile components are // disabled, then return with an error since secure invocations // cannot be supported without standard profile components. // // Note that it isn't enough to support NoProtection. NoProtection // must be required since "support" does not preclude the secure // port from being used. if ((orb_core->orb_params ()->std_profile_components () == 0 || (major == 1 && minor == 0)) && ACE_BIT_DISABLED (this->ssl_component_.target_requires, ::Security::NoProtection)) { if (TAO_debug_level > 0) ACE_ERROR ((LM_ERROR, ACE_TEXT ("(%P|%t) Cannot support secure ") ACE_TEXT ("IIOP over SSL connection if\n") ACE_TEXT ("(%P|%t) standard profile ") ACE_TEXT ("components are disabled\n") ACE_TEXT ("(%P|%t) or IIOP 1.0 endpoint is ") ACE_TEXT ("used.\n"))); errno = EINVAL; return -1; } return 0; }

---

Member Data Documentation

ACCEPT_STRATEGY* TAO::SSLIOP::Acceptor::accept_strategy_ [private]

Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 133 of file SSLIOP_Acceptor.h.

CONCURRENCY_STRATEGY* TAO::SSLIOP::Acceptor::concurrency_strategy_ [private]

Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 132 of file SSLIOP_Acceptor.h.

CREATION_STRATEGY* TAO::SSLIOP::Acceptor::creation_strategy_ [private]

Reimplemented from TAO::IIOP_SSL_Acceptor. Definition at line 131 of file SSLIOP_Acceptor.h.

CSIIOP::TLS_SEC_TRANS TAO::SSLIOP::Acceptor::csiv2_component_ [private]

The SSLIOP CSIv2 tagged component. Definition at line 146 of file SSLIOP_Acceptor.h. Referenced by Acceptor().

BASE_ACCEPTOR TAO::SSLIOP::Acceptor::ssl_acceptor_ [private]

The concrete acceptor, as a pointer to it's base class. Definition at line 124 of file SSLIOP_Acceptor.h. Referenced by close(), and ssliop_open_i().

::SSLIOP::SSL TAO::SSLIOP::Acceptor::ssl_component_ [private]

The CSIv1 SSL component. This is the SSLIOP endpoint-specific tagged component that is embedded in a given IOR. Definition at line 140 of file SSLIOP_Acceptor.h. Referenced by Acceptor(), create_new_profile(), create_shared_profile(), parse_options_i(), ssl_component(), and ssliop_open_i().

const ACE_Time_Value TAO::SSLIOP::Acceptor::timeout_ [private]

The accept() timeout. This timeout includes the overall time to complete the SSL handshake. This includes both the TCP handshake and the SSL handshake. Definition at line 154 of file SSLIOP_Acceptor.h.

---

The documentation for this class was generated from the following files:

• SSLIOP_Acceptor.h
• SSLIOP_Acceptor.cpp
• SSLIOP_Acceptor.i

---