#include <SSLIOP_Connection_Handler.h>
Inheritance diagram for TAO::SSLIOP::Connection_Handler:
Public Member Functions | |
| Connection_Handler (ACE_Thread_Manager *t=0) | |
| Connection_Handler (TAO_ORB_Core *orb_core, CORBA::Boolean flag) | |
| Constructor. | |
| ~Connection_Handler (void) | |
| Destructor. | |
| int | close (u_long=0) |
| int | add_transport_to_cache (void) |
| Add ourselves to cache. | |
| int | process_listen_point_list (IIOP::ListenPointList &listen_list) |
| Process the listen_list. | |
| int | setup_ssl_state (TAO::SSLIOP::Current_Impl *&previous_current_impl, TAO::SSLIOP::Current_Impl *new_current_impl, bool &setup_done) |
| void | teardown_ssl_state (TAO::SSLIOP::Current_Impl *previous_current_impl, bool &setup_done) |
| Teardown the SSL session state. | |
Connection Handler overloads | |
Connection Handler overloads. | |
| virtual int | open_handler (void *) |
Event Handler overloads | |
| virtual int | resume_handler (void) |
| virtual int | close_connection (void) |
| virtual int | handle_input (ACE_HANDLE) |
| virtual int | handle_output (ACE_HANDLE) |
| virtual int | handle_close (ACE_HANDLE, ACE_Reactor_Mask) |
| virtual int | handle_timeout (const ACE_Time_Value ¤t_time, const void *act=0) |
| virtual int | open (void *) |
Protected Member Functions | |
TAO_Connection Handler overloads | |
| virtual int | release_os_resources (void) |
| virtual void | pos_io_hook (int &return_value) |
Protected Attributes | |
| TAO::SSLIOP::Current_var | current_ |
Private Attributes | |
| TAO_IIOP_Properties * | tcp_properties_ |
| TCP configuration for this connection. | |
The Connection handler which is common for the Acceptor and the Connector
Definition at line 51 of file SSLIOP_Connection_Handler.h.
|
|
Definition at line 29 of file SSLIOP_Connection_Handler.cpp. References ACE_ASSERT, and TAO::SSLIOP::SVC_HANDLER.
00031 : SVC_HANDLER (t, 0 , 0), 00032 TAO_Connection_Handler (0), 00033 current_ () 00034 { 00035 // This constructor should *never* get called, it is just here to 00036 // make the compiler happy: the default implementation of the 00037 // Creation_Strategy requires a constructor with that signature, we 00038 // don't use that implementation, but some (most?) compilers 00039 // instantiate it anyway. 00040 ACE_ASSERT (0); 00041 } |
|
||||||||||||
|
Constructor.
Definition at line 43 of file SSLIOP_Connection_Handler.cpp. References ACE_NEW, TAO::SSLIOP::Util::current(), TAO::SSLIOP::SVC_HANDLER, and TAO_Connection_Handler::transport().
00046 : SVC_HANDLER (orb_core->thr_mgr (), 0, 0), 00047 TAO_Connection_Handler (orb_core), 00048 current_ () 00049 { 00050 this->current_ = 00051 TAO::SSLIOP::Util::current (orb_core); 00052 00053 TAO::SSLIOP::Transport* specific_transport = 0; 00054 ACE_NEW (specific_transport, 00055 TAO::SSLIOP::Transport (this, orb_core, 0)); 00056 00057 // store this pointer (indirectly increment ref count) 00058 this->transport (specific_transport); 00059 } |
|
|
Destructor.
Definition at line 61 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::transport().
00062 {
00063 delete this->transport ();
00064 }
|
|
|
Add ourselves to cache.
Definition at line 315 of file SSLIOP_Connection_Handler.cpp. References TAO::Transport_Cache_Manager::cache_idle_transport(), ACE_INET_Addr::get_port_number(), TAO_ORB_Core::lane_resources(), TAO_Connection_Handler::orb_core(), ACE_Svc_Handler<, >::peer(), and TAO_Thread_Lane_Resources::transport_cache().
00316 {
00317 ACE_INET_Addr addr;
00318
00319 // Get the peername.
00320 //
00321 // Note that the port set in the ACE_INET_Addr is actually the SSL
00322 // port!
00323 if (this->peer ().get_remote_addr (addr) == -1)
00324 return -1;
00325
00326 // Construct an IIOP_Endpoint object
00327 TAO_IIOP_Endpoint tmpoint (
00328 addr,
00329 this->orb_core()->orb_params()->use_dotted_decimal_addresses());
00330
00331 // @@ This is broken. We need to include the SecurityAssociation
00332 // options to be able to truly distinguish cached SSLIOP
00333 // transports.
00334 const ::SSLIOP::SSL ssl =
00335 {
00336 0, // target_supports
00337 0, // target_requires
00338 addr.get_port_number () // port
00339 };
00340
00341 TAO_SSLIOP_Endpoint endpoint (&ssl,
00342 &tmpoint);
00343
00344 // Construct a property object
00345 TAO_Base_Transport_Property prop (&endpoint);
00346
00347 TAO::Transport_Cache_Manager &cache =
00348 this->orb_core ()->lane_resources ().transport_cache ();
00349
00350 // Add the handler to Cache
00351 return cache.cache_idle_transport (&prop,
00352 this->transport ());
00353 }
|
|
|
Close called by the Acceptor or Connector when connection establishment fails. Reimplemented from ACE_Svc_Handler<, >. Definition at line 296 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::close_handler(). Referenced by handle_timeout().
00297 {
00298 return this->close_handler ();
00299 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 251 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::close_connection_eh(). Referenced by handle_output().
00252 {
00253 return this->close_connection_eh (this);
00254 }
|
|
||||||||||||
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 288 of file SSLIOP_Connection_Handler.cpp. References ACE_ASSERT.
00290 {
00291 ACE_ASSERT (0);
00292 return 0;
00293 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 257 of file SSLIOP_Connection_Handler.cpp. References TAO_Connection_Handler::handle_input_eh().
00258 {
00259 return this->handle_input_eh (h, this);
00260 }
|
|
|
Reimplemented from ACE_Event_Handler. Definition at line 263 of file SSLIOP_Connection_Handler.cpp. References close_connection(), and TAO_Connection_Handler::handle_output_eh().
00264 {
00265 const int result =
00266 this->handle_output_eh (handle, this);
00267
00268 if (result == -1)
00269 {
00270 this->close_connection ();
00271 return 0;
00272 }
00273
00274 return result;
00275 }
|
|
||||||||||||
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 278 of file SSLIOP_Connection_Handler.cpp. References close().
00280 {
00281 // We don't use this upcall for I/O. This is only used by the
00282 // Connector to indicate that the connection timedout. Therefore,
00283 // we should call close().
00284 return this->close ();
00285 }
|
|
|
Reimplemented from ACE_Svc_Handler<, >. Definition at line 73 of file SSLIOP_Connection_Handler.cpp. References ACE_CATCHANY, ACE_CHECK_RETURN, ACE_DEBUG, ACE_DECLARE_NEW_CORBA_ENV, ACE_ENDTRY, ACE_ENV_ARG_PARAMETER, ACE_ERROR, ACE_IPPROTO_TCP, ACE_NONBLOCK, ACE_TEXT(), ACE_TRY, ACE_TRY_CHECK, ACE_INET_Addr::addr_to_string(), TAO_Protocols_Hooks::client_protocol_properties_at_orb_level(), ACE_INET_Addr::get_ip_address(), ACE_INET_Addr::get_port_number(), TAO_ORB_Core::get_protocols_hooks(), LM_DEBUG, LM_ERROR, MAXHOSTNAMELEN, TAO_IIOP_Protocol_Properties::no_delay_, TAO_ORB_Parameters::nodelay(), TAO_Wait_Strategy::non_blocking(), TAO_Transport::opened_as(), TAO_Connection_Handler::orb_core(), TAO_ORB_Core::orb_params(), ACE_Svc_Handler<, >::peer(), TAO_Transport::post_open(), TAO_IIOP_Protocol_Properties::recv_buffer_size_, TAO_IIOP_Protocol_Properties::send_buffer_size_, TAO_Protocols_Hooks::server_protocol_properties_at_orb_level(), TAO_Connection_Handler::set_socket_option(), TAO_ORB_Parameters::sock_rcvbuf_size(), TAO_ORB_Parameters::sock_sndbuf_size(), TAO_LF_Event::state_changed(), ACE_OS::strcpy(), TAO_debug_level, TAO_Connection_Handler::transport(), TAO_ORB_Parameters::use_dotted_decimal_addresses(), and TAO_Transport::wait_strategy(). Referenced by open_handler().
00074 {
00075 TAO_IIOP_Protocol_Properties protocol_properties;
00076
00077 // Initialize values from ORB params.
00078 protocol_properties.send_buffer_size_ =
00079 this->orb_core ()->orb_params ()->sock_sndbuf_size ();
00080 protocol_properties.recv_buffer_size_ =
00081 this->orb_core ()->orb_params ()->sock_rcvbuf_size ();
00082 protocol_properties.no_delay_ =
00083 this->orb_core ()->orb_params ()->nodelay ();
00084
00085 TAO_Protocols_Hooks *tph =
00086 this->orb_core ()->get_protocols_hooks ();
00087
00088 int client =
00089 this->transport ()->opened_as () == TAO::TAO_CLIENT_ROLE;;
00090
00091 ACE_DECLARE_NEW_CORBA_ENV;
00092
00093 ACE_TRY
00094 {
00095 if (client)
00096 {
00097 tph->client_protocol_properties_at_orb_level (
00098 protocol_properties
00099 ACE_ENV_ARG_PARAMETER);
00100 ACE_TRY_CHECK;
00101 }
00102 else
00103 {
00104 tph->server_protocol_properties_at_orb_level (
00105 protocol_properties
00106 ACE_ENV_ARG_PARAMETER);
00107 ACE_TRY_CHECK;
00108 }
00109 }
00110 ACE_CATCHANY
00111 {
00112 return -1;
00113 }
00114 ACE_ENDTRY;
00115 ACE_CHECK_RETURN (-1);
00116
00117 if (this->set_socket_option (this->peer (),
00118 protocol_properties.send_buffer_size_,
00119 protocol_properties.recv_buffer_size_) == -1)
00120 return -1;
00121
00122 #if !defined (ACE_LACKS_TCP_NODELAY)
00123 if (this->peer ().set_option (ACE_IPPROTO_TCP,
00124 TCP_NODELAY,
00125 (void *) &protocol_properties.no_delay_,
00126 sizeof (protocol_properties.no_delay_)) == -1)
00127 return -1;
00128 #endif /* ! ACE_LACKS_TCP_NODELAY */
00129
00130 if (this->transport ()->wait_strategy ()->non_blocking ())
00131 {
00132 if (this->peer ().enable (ACE_NONBLOCK) == -1)
00133 return -1;
00134
00135 // Enable partial SSL writes.
00136 //
00137 // By default, OpenSSL attempts to send the entire chunk of
00138 // data. This is fine for relatively small chunks of data.
00139 // However, if SSL_write() returns with an SSL_ERROR_WANT_WRITE
00140 // (basically an EWOULDBLOCK) when using non-blocking I/O, TAO
00141 // may attempt to resend the same data with a potentially
00142 // different buffer address. Such a scenario is prone to happen
00143 // when sending large chunks of data that cause flow control to
00144 // occur. For most protocol implementations this is fine.
00145 // OpenSSL, on the other hand, requires that the same arguments
00146 // be passed to SSL_write() if an SSL_ERROR_WANT_WRITE error
00147 // occured on a previous SSL_write() attempt, which cannot be
00148 // guaranteed by TAO's current message queuing/construction
00149 // code, often resulting in a "bad write retry" OpenSSL error.
00150 // To work around this issue, we enable partial SSL_write()s in
00151 // SSL/TLS connections created by TAO's SSLIOP pluggable
00152 // protocol. Doing so makes SSL_write() behave like write(2).
00153 //
00154 // This isn't an issue when using blocking I/O.
00155 (void) ::SSL_set_mode (this->peer ().ssl (),
00156 SSL_MODE_ENABLE_PARTIAL_WRITE);
00157 (void) ::SSL_set_mode (this->peer ().ssl (),
00158 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
00159 }
00160
00161 // Called by the <Strategy_Acceptor> when the handler is
00162 // completely connected.
00163 ACE_INET_Addr remote_addr;
00164 if (this->peer ().get_remote_addr (remote_addr) == -1)
00165 return -1;
00166
00167 ACE_INET_Addr local_addr;
00168 if (this->peer ().get_local_addr (local_addr) == -1)
00169 return -1;
00170
00171 int use_dotted_decimal_addresses =
00172 this->orb_core ()->orb_params ()->use_dotted_decimal_addresses ();
00173
00174 if (local_addr.get_ip_address () == remote_addr.get_ip_address ()
00175 && local_addr.get_port_number () == remote_addr.get_port_number ())
00176 {
00177 if (TAO_debug_level > 0)
00178 {
00179 char remote_as_string[MAXHOSTNAMELEN + 16];
00180 char local_as_string[MAXHOSTNAMELEN + 16];
00181
00182 (void) remote_addr.addr_to_string (remote_as_string,
00183 sizeof (remote_as_string),
00184 use_dotted_decimal_addresses);
00185 (void) local_addr.addr_to_string (local_as_string,
00186 sizeof (local_as_string),
00187 use_dotted_decimal_addresses);
00188 ACE_ERROR ((LM_ERROR,
00189 "TAO(%P|%t) - TAO::SSLIOP::Connection_Handler::open, "
00190 "Holy Cow! The remote addr and "
00191 "local addr are identical (%s == %s)\n",
00192 remote_as_string, local_as_string));
00193 }
00194
00195 return -1;
00196 }
00197
00198 if (TAO_debug_level > 0)
00199 {
00200 char client[MAXHOSTNAMELEN + 16];
00201
00202 // Verify that we can resolve the peer hostname.
00203 if (remote_addr.addr_to_string (client,
00204 sizeof (client),
00205 use_dotted_decimal_addresses) == -1)
00206 {
00207 ACE_OS::strcpy (client, "*unable to obtain*");
00208 }
00209
00210 ACE_DEBUG ((LM_DEBUG,
00211 ACE_TEXT ("TAO (%P|%t) SSLIOP connection from ")
00212 ACE_TEXT ("client <%s> on [%d]\n"),
00213 client,
00214 this->peer ().get_handle ()));
00215
00216 // Verify that we can resolve our hostname.
00217 if (local_addr.addr_to_string (client,
00218 sizeof (client),
00219 use_dotted_decimal_addresses) == -1)
00220 {
00221 ACE_OS::strcpy (client, "*unable to obtain*");
00222 }
00223
00224 ACE_DEBUG ((LM_DEBUG,
00225 ACE_TEXT ("TAO (%P|%t) SSLIOP connection accepted from ")
00226 ACE_TEXT ("server <%s> on [%d]\n"),
00227 client,
00228 this->get_handle ()));
00229 }
00230
00231 // Set that the transport is now connected, if fails we return -1
00232 // Use C-style cast b/c otherwise we get warnings on lots of
00233 // compilers
00234 if (!this->transport ()->post_open ((size_t) this->get_handle ()))
00235 return -1;
00236
00237 // @@ Not needed
00238 this->state_changed (TAO_LF_Event::LFS_SUCCESS,
00239 this->orb_core ()->leader_follower ());
00240
00241 return 0;
00242 }
|
|
|
Implements TAO_Connection_Handler. Definition at line 67 of file SSLIOP_Connection_Handler.cpp.
00068 {
00069 return this->open (v);
00070 }
|
|
|
Reimplemented from TAO_Connection_Handler. Definition at line 308 of file SSLIOP_Connection_Handler.cpp. References ACE_Svc_Handler<, >::peer().
00309 {
00310 if (return_value == 0 && ::SSL_pending (this->peer ().ssl ()))
00311 return_value = 1;
00312 }
|
|
|
Process the listen_list.
Definition at line 356 of file SSLIOP_Connection_Handler.cpp. References ACE_DEBUG, IIOP::ListenPoint::host, TAO::unbounded_value_sequence< ListenPoint >::length(), LM_DEBUG, TAO_Transport::make_idle(), IIOP::ListenPoint::port, TAO_Transport::recache_transport(), TAO_Transport_Descriptor_Interface::set_bidir_flag(), TAO_debug_level, and TAO_Connection_Handler::transport(). Referenced by TAO::SSLIOP::Transport::tear_listen_point_list().
00358 {
00359 // Get the size of the list
00360 const CORBA::ULong len = listen_list.length ();
00361
00362 for (CORBA::ULong i = 0; i < len; ++i)
00363 {
00364 IIOP::ListenPoint listen_point = listen_list[i];
00365 ACE_INET_Addr addr (listen_point.port,
00366 listen_point.host.in ());
00367
00368
00369 if (TAO_debug_level > 0)
00370 {
00371 ACE_DEBUG ((LM_DEBUG,
00372 "(%P|%t) Listening port [%d] on [%s]\n",
00373 listen_point.port,
00374 listen_point.host.in ()));
00375 }
00376
00377 // Construct an IIOP_Endpoint object using the host as provided
00378 // in the listen point list. We must use the host in that form
00379 // because that's also how the ORB on the other side will
00380 // advertise the host in an IOR.
00381 //
00382 // Note that the port in the ACE_INET_Addr is actually the SSL
00383 // port!
00384 TAO_IIOP_Endpoint tmpoint (listen_point.host.in (),
00385 listen_point.port,
00386 addr);
00387
00388 // @@ This is broken. Instead of just using the default CORBA
00389 // SecurityAssociation options, by not supplying SSLIOP::SSL
00390 // instance in the endpoint constructor, we need to include the
00391 // actual SecurityAssociation options so that the invocation to
00392 // the originator is attempted with the appropriate security
00393 // settings. Unfortunately, there is currently no portable way to
00394 // send the SecurityAssociation options with the
00395 // IIOP::ListenPointList. Presumably the new Firewall
00396 // specification will address this deficiency.
00397 TAO_SSLIOP_Synthetic_Endpoint endpoint (&tmpoint);
00398
00399 // Construct a property object
00400 TAO_Base_Transport_Property prop (&endpoint);
00401
00402 // Mark the connection as bidirectional
00403 prop.set_bidir_flag (1);
00404
00405 // The property for this handler has changed. Recache the
00406 // handler with this property
00407 const int retval = this->transport ()->recache_transport (&prop);
00408 if (retval == -1)
00409 return retval;
00410
00411 // Make the handler idle and ready for use
00412 this->transport ()->make_idle ();
00413 }
00414
00415 return 0;
00416 }
|
|
|
Reimplemented from TAO_Connection_Handler. Definition at line 302 of file SSLIOP_Connection_Handler.cpp. References ACE_Svc_Handler<, >::peer().
00303 {
00304 return this->peer().close ();
00305 }
|
|
|
Reimplemented from ACE_Event_Handler. Definition at line 245 of file SSLIOP_Connection_Handler.cpp.
00246 {
00247 return ACE_Event_Handler::ACE_APPLICATION_RESUMES_HANDLER;
00248 }
|
|
||||||||||||||||
|
Make the SSL session state available to the SSLIOP::Current object. Definition at line 419 of file SSLIOP_Connection_Handler.cpp. References TAO::SSLIOP::Current_Impl::ssl(). Referenced by TAO::SSLIOP::State_Guard::State_Guard().
00423 {
00424 // Make the SSL session state available to the SSLIOP::Current
00425 // TSS object.
00426 new_current_impl->ssl (this->peer ().ssl ());
00427
00428 // The following call is reentrant and thread-safe
00429 this->current_->setup (previous_current_impl,
00430 new_current_impl,
00431 setup_done);
00432
00433 return 0;
00434 }
|
|
||||||||||||
|
Teardown the SSL session state.
Definition at line 437 of file SSLIOP_Connection_Handler.cpp. Referenced by TAO::SSLIOP::State_Guard::~State_Guard().
00440 {
00441 this->current_->teardown (previous_current_impl,
00442 setup_done);
00443 }
|
|
|
Reference to the SSLIOP::Current object (downcast to gain access to the low-level management methods). Definition at line 128 of file SSLIOP_Connection_Handler.h. |
|
|
TCP configuration for this connection.
Definition at line 133 of file SSLIOP_Connection_Handler.h. |
1.3.6